diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index ff7a030c72..dcf6028579 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -234,6 +234,13 @@ class UserPermission(ModelAccessPermission):
         raise PermissionDenied()
 
 
+class IsSystemAdmin(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if not (request.user and request.user.is_authenticated):
+            return False
+        return request.user.is_superuser
+
+
 class IsSystemAdminOrAuditor(permissions.BasePermission):
     """
     Allows write access only to system admin users.
diff --git a/awx/api/views/instance_install_bundle.py b/awx/api/views/instance_install_bundle.py
index 6e4d802ed0..e6a0fb98c8 100644
--- a/awx/api/views/instance_install_bundle.py
+++ b/awx/api/views/instance_install_bundle.py
@@ -12,7 +12,7 @@ import re
 import asn1
 from awx.api import serializers
 from awx.api.generics import GenericAPIView, Response
-from awx.api.permissions import IsSystemAdminOrAuditor
+from awx.api.permissions import IsSystemAdmin
 from awx.main import models
 from cryptography import x509
 from cryptography.hazmat.primitives import hashes, serialization
@@ -48,7 +48,7 @@ class InstanceInstallBundle(GenericAPIView):
     name = _('Install Bundle')
     model = models.Instance
     serializer_class = serializers.InstanceSerializer
-    permission_classes = (IsSystemAdminOrAuditor,)
+    permission_classes = (IsSystemAdmin,)
 
     def get(self, request, *args, **kwargs):
         instance_obj = self.get_object()
diff --git a/awx/main/tests/functional/api/test_instance.py b/awx/main/tests/functional/api/test_instance.py
index a2918e968e..3afd3184c8 100644
--- a/awx/main/tests/functional/api/test_instance.py
+++ b/awx/main/tests/functional/api/test_instance.py
@@ -1,3 +1,5 @@
+from unittest import mock
+
 import pytest
 
 from awx.api.versioning import reverse
@@ -5,6 +7,9 @@ from awx.main.models.activity_stream import ActivityStream
 from awx.main.models.ha import Instance
 
 from django.test.utils import override_settings
+from django.http import HttpResponse
+
+from rest_framework import status
 
 
 INSTANCE_KWARGS = dict(hostname='example-host', cpu=6, node_type='execution', memory=36000000000, cpu_capacity=6, mem_capacity=42)
@@ -87,3 +92,11 @@ def test_custom_hostname_regex(post, admin_user):
                 "peers": [],
             }
             post(url=url, user=admin_user, data=data, expect=value[1])
+
+
+def test_instance_install_bundle(get, admin_user, system_auditor):
+    instance = Instance.objects.create(**INSTANCE_KWARGS)
+    url = reverse('api:instance_install_bundle', kwargs={'pk': instance.pk})
+    with mock.patch('awx.api.views.instance_install_bundle.InstanceInstallBundle.get', return_value=HttpResponse({'test': 'data'}, status=status.HTTP_200_OK)):
+        get(url=url, user=admin_user, expect=200)
+        get(url=url, user=system_auditor, expect=403)