Add note on how to use --include/exclude flags when creating iamser…

…viceaccounts (#7047) * Add note on how to use flags when creating iamserviceaccounts * remove unnecessary reference to config file * Remove redundant phrase
eksctl-io · Sep 7, 2023 · dffff9c · dffff9c
1 parent e34f235
commit dffff9c
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/userdocs/src/usage/iamserviceaccounts.md b/userdocs/src/usage/iamserviceaccounts.md
@@ -97,6 +97,13 @@ The `eksctl create iamserviceaccount` command supports `--include` and `--exclud
 [this section](/usage/managing-nodegroups#include-and-exclude-rules) for more details about how these work).
 And the `eksctl delete iamserviceaccount` command supports `--only-missing` as well, so you can perform deletions the same way as nodegroups.
 
+???+ note
+    IAM service accounts are scoped within a namespace, i.e. two service accounts with the same name may exist in different namespaces. Thus, to uniquely define a service account as part of `--include`, `--exclude` flags, you will need to pass the name string in the `namespace/name` format. E.g.
+
+    ```
+    eksctl create iamserviceaccount --config-file=<path> --include backend-apps/s3-reader
+    ```
+
 The option to enable `wellKnownPolicies` is included for using IRSA with well-known
 use cases like `cluster-autoscaler` and `cert-manager`, as a shorthand for lists
 of policies.