diff --git a/aws/eks-customer/README.md b/aws/eks-customer/README.md
index 7d4a4de8..16bbc4eb 100644
--- a/aws/eks-customer/README.md
+++ b/aws/eks-customer/README.md
@@ -4,6 +4,7 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.41.0 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 2.5.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.2 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.6.2 |
@@ -14,6 +15,7 @@
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.41.0 |
+| <a name="provider_github"></a> [github](#provider\_github) | ~> 6.0 |
 | <a name="provider_local"></a> [local](#provider\_local) | >= 2.5.1 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.2 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.6.2 |
@@ -69,6 +71,7 @@
 | [aws_subnets.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
 | [aws_subnets.private-a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
 | [aws_subnets.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [github_app_token.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/app_token) | data source |
 
 ## Inputs
 
@@ -99,6 +102,10 @@
 | <a name="input_eks_cluster_admin_policy_arn"></a> [eks\_cluster\_admin\_policy\_arn](#input\_eks\_cluster\_admin\_policy\_arn) | The ARN of the AmazonEKSClusterAdminPolicy | `string` | `"arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"` | no |
 | <a name="input_enable_auto_mode_custom_tags"></a> [enable\_auto\_mode\_custom\_tags](#input\_enable\_auto\_mode\_custom\_tags) | Indicates whether or not to enable auto mode custom tags | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment | `string` | n/a | yes |
+| <a name="input_github_app_id"></a> [github\_app\_id](#input\_github\_app\_id) | The app id for the Github App | `string` | n/a | yes |
+| <a name="input_github_app_installation_id"></a> [github\_app\_installation\_id](#input\_github\_app\_installation\_id) | The installation id for the Github App | `string` | n/a | yes |
+| <a name="input_github_app_pem_key_path"></a> [github\_app\_pem\_key\_path](#input\_github\_app\_pem\_key\_path) | The path of the Github App PEM | `string` | n/a | yes |
+| <a name="input_gitops_repo_email"></a> [gitops\_repo\_email](#input\_gitops\_repo\_email) | The git repo email for executing git commands | `string` | n/a | yes |
 | <a name="input_gitops_repo_path"></a> [gitops\_repo\_path](#input\_gitops\_repo\_path) | The git repo url | `string` | n/a | yes |
 | <a name="input_gitops_repo_url"></a> [gitops\_repo\_url](#input\_gitops\_repo\_url) | The git repo url | `string` | n/a | yes |
 | <a name="input_gitops_repo_username"></a> [gitops\_repo\_username](#input\_gitops\_repo\_username) | The git repo username for executing git commands | `string` | n/a | yes |
@@ -115,7 +122,7 @@
 | <a name="input_staff_role_arn"></a> [staff\_role\_arn](#input\_staff\_role\_arn) | The staff role arn | `string` | n/a | yes |
 | <a name="input_update_config"></a> [update\_config](#input\_update\_config) | Configuration block of settings for max unavailable resources during node group updates | `map(string)` | <pre>{<br/>  "max_unavailable": 1<br/>}</pre> | no |
 | <a name="input_use_name_prefix"></a> [use\_name\_prefix](#input\_use\_name\_prefix) | Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix | `bool` | `false` | no |
-| <a name="input_utilities"></a> [utilities](#input\_utilities) | The list of utilities | <pre>list(object({<br/>    name               = string<br/>    enable_irsa        = bool<br/>    internal_dns       = any<br/>    service_account    = string<br/>    cluster_label_type = string<br/>  }))</pre> | n/a | yes |
+| <a name="input_utilities"></a> [utilities](#input\_utilities) | The list of utilities | <pre>list(object({<br/>    name                      = string<br/>    enable_irsa               = bool<br/>    internal_dns              = any<br/>    namespace_service_account = string<br/>    cluster_label_type        = string<br/>  }))</pre> | n/a | yes |
 | <a name="input_volume_delete_on_termination"></a> [volume\_delete\_on\_termination](#input\_volume\_delete\_on\_termination) | Indicates whether the EBS volume is deleted on termination | `bool` | `true` | no |
 | <a name="input_volume_encrypted"></a> [volume\_encrypted](#input\_volume\_encrypted) | Indicates whether the EBS volume is encrypted | `bool` | `true` | no |
 | <a name="input_volume_iops"></a> [volume\_iops](#input\_volume\_iops) | The amount of provisioned IOPS | `number` | `3000` | no |
diff --git a/aws/eks-customer/irsa.tf b/aws/eks-customer/irsa.tf
index 37b7af19..8dc2ff93 100644
--- a/aws/eks-customer/irsa.tf
+++ b/aws/eks-customer/irsa.tf
@@ -21,7 +21,7 @@ module "irsa" {
   oidc_providers = {
     one = {
       provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["${each.value.name}:${each.value.service_account}"]
+      namespace_service_accounts = [each.value.namespace_service_account]
     }
   }
 }
diff --git a/aws/eks-customer/variables.tf b/aws/eks-customer/variables.tf
index cadc4d86..576479fa 100644
--- a/aws/eks-customer/variables.tf
+++ b/aws/eks-customer/variables.tf
@@ -98,11 +98,11 @@ variable "node_groups" {
 variable "utilities" {
   description = "The list of utilities"
   type = list(object({
-    name               = string
-    enable_irsa        = bool
-    internal_dns       = any
-    service_account    = string
-    cluster_label_type = string
+    name                      = string
+    enable_irsa               = bool
+    internal_dns              = any
+    namespace_service_account = string
+    cluster_label_type        = string
   }))
 }