diff --git a/test/e2e/operator_test.go b/test/e2e/operator_test.go
index 556e47c3..d15e68fd 100644
--- a/test/e2e/operator_test.go
+++ b/test/e2e/operator_test.go
@@ -138,6 +138,12 @@ func TestMain(m *testing.M) {
 	} else {
 		fmt.Println("Controller role is expected to exist when the test is run on a ROSA STS cluster")
 		controllerRoleARN = mustGetEnv(controllerRoleARNVarName)
+		// TODO: remove the copying once ROSA can provision 4.14 clusters
+		// which support stsIAMRoleARN field in CredentialsRequest.
+		if err := copySecret(context.TODO(), kubeClient, controllerSecretName, "aws-load-balancer-controller-credentialsrequest-cluster"); err != nil {
+			fmt.Printf("failed to copy controller secret: %v", err)
+			os.Exit(1)
+		}
 	}
 
 	os.Exit(m.Run())
diff --git a/test/e2e/util.go b/test/e2e/util.go
index 15479aec..faeb0cc4 100644
--- a/test/e2e/util.go
+++ b/test/e2e/util.go
@@ -508,3 +508,24 @@ func mustGetEnv(name string) string {
 	}
 	return val
 }
+
+// copySecret makes a copy of a secret in the operator's namespace.
+func copySecret(ctx context.Context, kubeClient client.Client, nameIn, nameOut string) error {
+	secretIn := &corev1.Secret{}
+	if err := kubeClient.Get(ctx, types.NamespacedName{Name: nameIn, Namespace: operatorNamespace}, secretIn); err != nil {
+		return err
+	}
+
+	secretOut := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      nameOut,
+			Namespace: operatorNamespace,
+		},
+		Data: secretIn.Data,
+	}
+	if err := kubeClient.Create(ctx, secretOut); err != nil {
+		return err
+	}
+
+	return nil
+}