From 78d02d680317c4daf37b83cd6ecf60b3d9c04208 Mon Sep 17 00:00:00 2001
From: Max Eisner <4730112+max-ae@users.noreply.github.com>
Date: Mon, 18 Aug 2025 13:33:27 +0200
Subject: [PATCH] docs: add IRSA instructions

Signed-off-by: Max Eisner <4730112+max-ae@users.noreply.github.com>
---
 web/docs/migration.md     |  4 ++++
 web/docs/object_stores.md | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/web/docs/migration.md b/web/docs/migration.md
index 43c4b800..865c45ee 100644
--- a/web/docs/migration.md
+++ b/web/docs/migration.md
@@ -103,6 +103,10 @@ As you can see, the contents of `barmanObjectStore` have been copied directly
 under the `configuration` field of the `ObjectStore` resource, using the same
 secret references.
 
+### IAM Role for Service Account (IRSA)
+
+If you use IRSA, you need to configure the `ObjectStore` to utilize the correct role as described in the [`Object Store Reference`](object_stores.md#iam-role-for-service-account-irsa).
+
 ## Step 2: Update the `Cluster` for plugin WAL archiving
 
 Once the `ObjectStore` resource is in place, update the `Cluster` resource as
diff --git a/web/docs/object_stores.md b/web/docs/object_stores.md
index c3179ad7..3904fe10 100644
--- a/web/docs/object_stores.md
+++ b/web/docs/object_stores.md
@@ -101,6 +101,19 @@ spec:
         [...]
 ```
 
+In addition, configure the `ObjectStore` to inherit permissions from the IAM role referenced in the service account:
+
+```yaml
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  [...]
+spec:
+  configuration:
+    s3Credentials:
+      inheritFromIAMRole: true
+```
+
 ### S3 Lifecycle Policy
 
 Barman Cloud uploads backup files to S3 but does not modify or delete them afterward.