diff --git a/apis/cloud/v1alpha1/credential_types.go b/apis/cloud/v1alpha1/credential_types.go
index 2e7b9bb9..5096c2c2 100644
--- a/apis/cloud/v1alpha1/credential_types.go
+++ b/apis/cloud/v1alpha1/credential_types.go
@@ -136,6 +136,7 @@ type AzureStorageCredential struct {
 type AWSCredential struct {
 	AccessKeyID     string `json:"accessKeyID"`
 	SecretAccessKey string `json:"secretAccessKey"`
+	SessionToken    string `json:"sessionToken"`
 }
 
 type PacketCredential struct {
diff --git a/apis/cluster/types.go b/apis/cluster/types.go
index 68487cd9..e2282f37 100644
--- a/apis/cluster/types.go
+++ b/apis/cluster/types.go
@@ -26,14 +26,23 @@ type BasicInfo struct {
 	HubClusterID string `json:"hubClusterID,omitempty"`
 }
 
+// +kubebuilder:validation:Enum=IRSA;PodIdentity
+type EksAuthMode string
+
+const (
+	EksAuthModeIRSA        EksAuthMode = "IRSA"
+	EksAuthModePodIdentity EksAuthMode = "PodIdentity"
+)
+
 type ProviderOptions struct {
-	Name          string `json:"name"`
-	Credential    string `json:"credential,omitempty"`
-	ClusterID     string `json:"clusterID,omitempty"`
-	Project       string `json:"project,omitempty"`
-	Region        string `json:"region,omitempty"`
-	ResourceGroup string `json:"resourceGroup,omitempty"`
-	KubeConfig    string `json:"kubeConfig,omitempty"`
+	Name          string      `json:"name"`
+	Credential    string      `json:"credential,omitempty"`
+	EksAuthMode   EksAuthMode `json:"eksAuthMode,omitempty"`
+	ClusterID     string      `json:"clusterID,omitempty"`
+	Project       string      `json:"project,omitempty"`
+	Region        string      `json:"region,omitempty"`
+	ResourceGroup string      `json:"resourceGroup,omitempty"`
+	KubeConfig    string      `json:"kubeConfig,omitempty"`
 }
 
 type ComponentOptions struct {
diff --git a/crds/cloud.appscode.com_credentials.yaml b/crds/cloud.appscode.com_credentials.yaml
index 57633fac..2ff23971 100644
--- a/crds/cloud.appscode.com_credentials.yaml
+++ b/crds/cloud.appscode.com_credentials.yaml
@@ -49,9 +49,12 @@ spec:
                     type: string
                   secretAccessKey:
                     type: string
+                  sessionToken:
+                    type: string
                 required:
                 - accessKeyID
                 - secretAccessKey
+                - sessionToken
                 type: object
               azure:
                 properties: