diff --git a/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/blackhole_vpc_yaml.md b/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/blackhole_vpc_yaml.md
index fa7d4bc6d73e1..52d4420072a07 100644
--- a/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/blackhole_vpc_yaml.md
+++ b/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/blackhole_vpc_yaml.md
@@ -173,10 +173,10 @@ Resources:
     Properties:
       SubnetId: !Ref PrivateSubnet3
       RouteTableId: !Ref PrivateRouteTable3
-  EC2EndpointSecurityGroup:
+  HTTPSSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
-      GroupDescription: EC2 Endpoint Security Group
+      GroupDescription: HTTPS Security Group
       SecurityGroupIngress:
       - IpProtocol: tcp
         FromPort: 443
@@ -197,7 +197,7 @@ Resources:
           - '*'
       PrivateDnsEnabled: "true"
       SecurityGroupIds:
-      - !Ref EC2EndpointSecurityGroup
+      - !Ref HTTPSSecurityGroup
       ServiceName: !Join
       - ''
       - - com.amazonaws.
@@ -209,6 +209,32 @@ Resources:
       - !If [DoAz3, !Ref PublicSubnet3, !Ref "AWS::NoValue"]
       VpcEndpointType: Interface
       VpcId: !Ref VPC
+  ELBEndpoint:
+    Type: AWS::EC2::VPCEndpoint
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+        - Effect: Allow
+          Principal: '*'
+          Action:
+          - '*'
+          Resource:
+          - '*'
+      PrivateDnsEnabled: "true"
+      SecurityGroupIds:
+      - !Ref HTTPSSecurityGroup
+      ServiceName: !Join
+      - ''
+      - - com.amazonaws.
+        - !Ref 'AWS::Region'
+        - .elasticloadbalancing
+      SubnetIds:
+      - !Ref PublicSubnet
+      - !If [DoAz2, !Ref PublicSubnet2, !Ref "AWS::NoValue"]
+      - !If [DoAz3, !Ref PublicSubnet3, !Ref "AWS::NoValue"]
+      VpcEndpointType: Interface
+      VpcId: !Ref VPC
   S3Endpoint:
     Type: AWS::EC2::VPCEndpoint
     Properties:
diff --git a/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml b/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml
index d7ff519f962ba..a7ae801583f7f 100644
--- a/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml
+++ b/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml
@@ -12,7 +12,6 @@ workflow:
         Image append should create images by appending them\|
         Image info should display information about images\|
         Internal connectivity for TCP and UDP on ports 9000-9999 is allowed\|
-        Managed cluster should have machine resources\|
         Managed cluster should should expose cluster services outside the cluster\|
         Networking should provide Internet connection for containers\|
         The HAProxy router should respond with 503 to unrecognized hosts\|