diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml b/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml
index 92751964d..33df37c9d 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/defaults/main.yml
@@ -4,3 +4,8 @@ aws_ebs_csi_enable_volume_snapshot: false
 aws_ebs_csi_enable_volume_resizing: false
 aws_ebs_csi_controller_replicas: 1
 aws_ebs_csi_plugin_image_tag: latest
+
+# Add annotions to ebs_csi_controller. Useful if using kube2iam for role assumption
+# aws_ebs_csi_annotations:
+#   - key: iam.amazonaws.com/role
+#     value: your-ebs-role-arn
diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2 b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
index e0796765f..ffce40bd8 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
@@ -15,6 +15,12 @@ spec:
       labels:
         app: ebs-csi-controller
         app.kubernetes.io/name: aws-ebs-csi-driver
+{% if aws_ebs_csi_annotations is defined %}
+      annotations:
+{% for annotation in aws_ebs_csi_annotations %}
+        {{ annotation.key }}: {{ annotation.value }}
+{% endfor %}
+{% endif %}
     spec:
       nodeSelector:
         kubernetes.io/os: linux