diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9fd9427..7fce5ee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- refs platform/#2819: add documentation about patching the EKS cluster add-ons.
+
 ## [3.0.0] - 2023-12-21
 
 [Compare with previous version](https://github.com/sparkfabrik/terraform-aws-eks-bootstrap/compare/2.1.0...3.0.0)
diff --git a/README.md b/README.md
index 89ecf2a..0c90a8b 100644
--- a/README.md
+++ b/README.md
@@ -4,26 +4,23 @@ Bootstrap module for AWS EKS cluster.
 
 ## Known Issues
 
-Due to issue on [amazon-cloudwatch-observability](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-EKS-addon.html) EKS addon, the fluent-bit and the CloudWatch Agent are not deployed on tainted nodes. 
+Due to issue on [amazon-cloudwatch-observability](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-EKS-addon.html) EKS addon, the fluent-bit and the CloudWatch Agent are not deployed on tainted nodes.
 
 The feature is in "Proposed" state https://github.com/aws/containers-roadmap/issues/2195.
 
 Ultil the feature is released, you must manually add tolerations in the AmazonCloudWatchAgent CRD and fluent-bit daemonset resources.
 
-Edit:
-- kubectl edit daemonset.apps/fluent-bit -n amazon-cloudwatch
-- kubectl edit AmazonCloudWatchAgent -n amazon-cloudwatch
+You can find the patch files in the `eks-add-ons-patches` directory. You can apply the patches using the `kubectl` as follows:
 
-and add tolerations, eg:
-
-```yaml
-      tolerations:
-      - effect: NoSchedule
-        key: stable-pool-performance
-        operator: Equal
-        value: high
+```bash
+# Patch the FluentBit DaemonSet
+kubectl -n amazon-cloudwatch patch daemonset fluent-bit --type merge --patch-file eks-add-ons-patches/fluent-bit.yaml
+# Patch the AmazonCloudWatchAgent resource (which produces the cloudwatch-agent daemonset)
+kubectl -n amazon-cloudwatch patch AmazonCloudWatchAgent cloudwatch-agent --type merge --patch-file eks-add-ons-patches/cloudwatch-agent.yaml
 ```
 
+Remember to change the `tolerations` patches according to your node groups.
+
 <!-- BEGIN_TF_DOCS -->
 ## Providers
 
diff --git a/eks-add-ons-patches/cloudwatch-agent.yaml b/eks-add-ons-patches/cloudwatch-agent.yaml
new file mode 100644
index 0000000..8c96053
--- /dev/null
+++ b/eks-add-ons-patches/cloudwatch-agent.yaml
@@ -0,0 +1,6 @@
+spec:
+  tolerations:
+    - effect: NoSchedule
+      key: my-tainted-key
+      operator: Equal
+      value: my-tainted-value
diff --git a/eks-add-ons-patches/fluent-bit.yaml b/eks-add-ons-patches/fluent-bit.yaml
new file mode 100644
index 0000000..9727657
--- /dev/null
+++ b/eks-add-ons-patches/fluent-bit.yaml
@@ -0,0 +1,8 @@
+spec:
+  template:
+    spec:
+      tolerations:
+        - effect: NoSchedule
+          key: my-tainted-key
+          operator: Equal
+          value: my-tainted-value