Hello, I'm trying to deploy an application on an EKS which is on AWS Account A. This application need to access Bucket S3 and SQS Queue on AWS Account B. For security reasons, I need to use IRSA to allow my application/container/pod to access S3/SQS. I configured the storage plan with the following parameters but the application don't use this configuration : storage_plan: name: dev type: amazon-s3 s3: irsa_authentication: true create_bucket: false create_user: false create_inline_policy: true existing_bucket: <<my existing bucket name>> existing_policy: arn:aws:iam::<<aws account b>>:policy/<<my existing policy>> bucket_autogen_prefix: true bucket_prefix: "" share_bucket: false region: <<my aws region>> access_key: "" secret_key: "" admin_iam_role: arn:aws:iam::<<aws account b>>:role/<<my mendix kube role>> kubernetes_service_account: mendix-<<my environment>>-service-account oidc_url: oidc.eks.eu-west-1.amazonaws.com/id/<<my oidc>> On EKS, I can see the StoragePlan: $ kubectl get storageplans.privatecloud.mendix.com dev -o json | grep "serviceAccountName" "serviceAccountName": "mendix-storage-provisioner" "serviceAccountName": "mendix-storage-provisioner" And its ServiceAccount attached : $ kubectl get serviceaccounts mendix-storage-provisioner -o yaml apiVersion: v1 kind: ServiceAccount metadata: annotations: eks.amazonaws.com/role-arn: arn:aws:iam::<<aws account b>>:role/<<my mendix kube role>> name: mendix-storage-provisioner ... But on my application pods, the ServiceAccount attached is not the one defined in my storage plan parameter file (mendix-<<my environment>>-service-account) : kubectl get deployments.apps <<environment>>-master -o yaml | grep "serviceAccount:" serviceAccount: default Did I miss something ?