diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml
index 3bba4c50e..15838ed45 100644
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@@ -128,6 +128,7 @@ data:
   # pod_priority_class_name: "postgres-pod-priority"
   pod_role_label: spilo-role
   # pod_service_account_definition: ""
+  # pod_service_account_annotation_per_cluster: "eks.amazonaws.com/role-arn"
   pod_service_account_name: "postgres-pod"
   # pod_service_account_role_binding_definition: ""
   pod_terminate_grace_period: 5m
diff --git a/pkg/controller/postgresql.go b/pkg/controller/postgresql.go
index ede7a99a3..650848087 100644
--- a/pkg/controller/postgresql.go
+++ b/pkg/controller/postgresql.go
@@ -571,8 +571,9 @@ func (c *Controller) postgresqlCheck(obj interface{}) *acidv1.Postgresql {
 func (c *Controller) submitRBACCredentials(event ClusterEvent) error {
 
 	namespace := event.NewSpec.GetNamespace()
+	clusterName := event.NewSpec.GetName()
 
-	if err := c.createPodServiceAccount(namespace); err != nil {
+	if err := c.createPodServiceAccount(namespace, clusterName); err != nil {
 		return fmt.Errorf("could not create pod service account %q : %v", c.opConfig.PodServiceAccountName, err)
 	}
 
@@ -582,7 +583,7 @@ func (c *Controller) submitRBACCredentials(event ClusterEvent) error {
 	return nil
 }
 
-func (c *Controller) createPodServiceAccount(namespace string) error {
+func (c *Controller) createPodServiceAccount(namespace string, clusterName string) error {
 
 	podServiceAccountName := c.opConfig.PodServiceAccountName
 	_, err := c.KubeClient.ServiceAccounts(namespace).Get(context.TODO(), podServiceAccountName, metav1.GetOptions{})
@@ -593,6 +594,12 @@ func (c *Controller) createPodServiceAccount(namespace string) error {
 		// get a separate copy of service account
 		// to prevent a race condition when setting a namespace for many clusters
 		sa := *c.PodServiceAccount
+
+		// Append clusterName to the PodServiceAccount Annotation
+		for _, s := range c.opConfig.PodServiceAccountAnnotationPerCluster {
+			sa.ObjectMeta.Annotations[s] = fmt.Sprintf("%s-%s", sa.ObjectMeta.Annotations[s], clusterName)
+		}
+
 		if _, err = c.KubeClient.ServiceAccounts(namespace).Create(context.TODO(), &sa, metav1.CreateOptions{}); err != nil {
 			return fmt.Errorf("cannot deploy the pod service account %q defined in the configuration to the %q namespace: %v", podServiceAccountName, namespace, err)
 		}
diff --git a/pkg/util/config/config.go b/pkg/util/config/config.go
index 7553bdbf9..77ec8de74 100644
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@@ -178,6 +178,7 @@ type Config struct {
 	PodServiceAccountName   string            `name:"pod_service_account_name" default:"postgres-pod"`
 	// value of this string must be valid JSON or YAML; see initPodServiceAccount
 	PodServiceAccountDefinition              string            `name:"pod_service_account_definition" default:""`
+	PodServiceAccountAnnotationPerCluster    []string          `name:"pod_service_account_annotation_per_cluster" default:""`
 	PodServiceAccountRoleBindingDefinition   string            `name:"pod_service_account_role_binding_definition" default:""`
 	MasterPodMoveTimeout                     time.Duration     `name:"master_pod_move_timeout" default:"20m"`
 	DbHostedZone                             string            `name:"db_hosted_zone" default:"db.example.com"`