diff --git a/terraform-modules/aws/helm/kubernetes-external-secrets/helm_values.tpl.yaml b/terraform-modules/aws/helm/kubernetes-external-secrets/helm_values.tpl.yaml
index 6bf208c29..1080271c1 100644
--- a/terraform-modules/aws/helm/kubernetes-external-secrets/helm_values.tpl.yaml
+++ b/terraform-modules/aws/helm/kubernetes-external-secrets/helm_values.tpl.yaml
@@ -7,3 +7,7 @@ serviceAccount:
   name: kubernetes-external-secrets
   annotations:
     eks.amazonaws.com/role-arn: "arn:aws:iam::${awsAccountID}:role/${iamRoleName}"
+
+securityContext:
+  # Required for use of IRSA, see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
+  fsGroup: 65534