diff --git a/README.adoc b/README.adoc
index 7ad78df..904172d 100644
--- a/README.adoc
+++ b/README.adoc
@@ -35,7 +35,7 @@ Type: `string`
 
 ==== [[input_efs_file_system_id]] <<input_efs_file_system_id,efs_file_system_id>>
 
-Description: n/a
+Description: EFS Filesystem ID to use by the CSI driver to create volumes
 
 Type: `string`
 
@@ -59,6 +59,14 @@ Type: `any`
 
 Default: `{}`
 
+==== [[input_iam_role_arn]] <<input_iam_role_arn,iam_role_arn>>
+
+Description: ARN of an OIDC assumable IAM role that has access to the EFS filesystem (optional). When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning.
+
+Type: `string`
+
+Default: `""`
+
 ==== [[input_name]] <<input_name,name>>
 
 Description: n/a
@@ -81,7 +89,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v1.0.0"`
+Default: `"v1.0.0-alpha.1"`
 
 === Outputs
 
@@ -127,7 +135,7 @@ No outputs.
 |no
 
 |[[input_efs_file_system_id]] <<input_efs_file_system_id,efs_file_system_id>>
-|n/a
+|EFS Filesystem ID to use by the CSI driver to create volumes
 |`string`
 |n/a
 |yes
@@ -138,6 +146,12 @@ No outputs.
 |`{}`
 |no
 
+|[[input_iam_role_arn]] <<input_iam_role_arn,iam_role_arn>>
+|ARN of an OIDC assumable IAM role that has access to the EFS filesystem (optional). When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning.
+|`string`
+|`""`
+|no
+
 |[[input_name]] <<input_name,name>>
 |n/a
 |`string`
@@ -153,7 +167,7 @@ No outputs.
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v1.0.0"`
+|`"v1.0.0-alpha.1"`
 |no
 
 |===
diff --git a/local.tf b/local.tf
index 503df19..b08d57d 100644
--- a/local.tf
+++ b/local.tf
@@ -10,6 +10,11 @@ locals {
           directoryPerms   = "700"
         }
       }]
+      controller = {
+        serviceAccount = {
+          annotations = var.iam_role_arn != "" ? { "eks.amazonaws.com/role-arn" = var.iam_role_arn } : {}
+        }
+      }
     }
   }
 }
diff --git a/variables.tf b/variables.tf
index d138652..8d02c7c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -32,5 +32,12 @@ variable "argocd_namespace" {
 }
 
 variable "efs_file_system_id" {
-  type = string
+  type        = string
+  description = "EFS Filesystem ID to use by the CSI driver to create volumes"
+}
+
+variable "iam_role_arn" {
+  type        = string
+  default     = ""
+  description = "ARN of an OIDC assumable IAM role that has access to the EFS filesystem (optional). When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning."
 }