docs: add IRSA instructions

max-ae · max-ae · commit 78d02d680317 · 2025-08-18T13:36:01.000+02:00
Signed-off-by: Max Eisner &lt;4730112+max-ae@users.noreply.github.com&gt;
diff --git a/web/docs/migration.md b/web/docs/migration.md
@@ -103,6 +103,10 @@ As you can see, the contents of `barmanObjectStore` have been copied directly
 under the `configuration` field of the `ObjectStore` resource, using the same
 secret references.
 
+### IAM Role for Service Account (IRSA)
+
+If you use IRSA, you need to configure the `ObjectStore` to utilize the correct role as described in the [`Object Store Reference`](object_stores.md#iam-role-for-service-account-irsa).
+
 ## Step 2: Update the `Cluster` for plugin WAL archiving
 
 Once the `ObjectStore` resource is in place, update the `Cluster` resource as
diff --git a/web/docs/object_stores.md b/web/docs/object_stores.md
@@ -101,6 +101,19 @@ spec:
         [...]
 ```
 
+In addition, configure the `ObjectStore` to inherit permissions from the IAM role referenced in the service account:
+
+```yaml
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  [...]
+spec:
+  configuration:
+    s3Credentials:
+      inheritFromIAMRole: true
+```
+
 ### S3 Lifecycle Policy
 
 Barman Cloud uploads backup files to S3 but does not modify or delete them afterward.
