diff --git a/docs/quickstart/access-control/aws-iam-eks.mdx b/docs/quickstart/access-control/aws-iam-eks.mdx
index 02a0addfc..d7a8ff52b 100644
--- a/docs/quickstart/access-control/aws-iam-eks.mdx
+++ b/docs/quickstart/access-control/aws-iam-eks.mdx
@@ -207,6 +207,11 @@ api error AccessDenied: Access Denied
 
 ### Label the server pod to create an AWS IAM role
 Label the server `Pod` so that the Otterize credentials operator creates an AWS IAM role for it and binds its Kubernetes ServiceAccount to the newly created role.
+```yaml
+metadata:
+  labels:
+    credentials-operator.otterize.com/create-aws-role: "true"
+```
 
 To do this, we won't be annotating the `Pod` directly, but instead patching the `template` attribute of the `Deployment` we created earlier so that it updates the `Pod`.