diff --git a/main.tf b/main.tf
index 001509f..ed8457e 100644
--- a/main.tf
+++ b/main.tf
@@ -85,6 +85,21 @@ module "ebs_csi_irsa_role" {
   tags = local.tags
 }
 
+module "efs_csi_irsa_role" {
+  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+
+  role_name             = "${var.cluster_name}-efs-csi-driver"
+  attach_efs_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.cluster.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:efs-csi-controller-sa"]
+    }
+  }
+  tags = local.tags
+}
+
 module "cluster" {
   source  = "terraform-aws-modules/eks/aws"
   version = "19.16.0"
@@ -118,6 +133,10 @@ module "cluster" {
       most_recent              = false
       service_account_role_arn = module.ebs_csi_irsa_role.iam_role_arn
     }
+    aws-efs-csi-driver = {
+      most_recent              = false
+      service_account_role_arn = module.efs_csi_irsa_role.iam_role_arn
+    }
   }
 
   eks_managed_node_group_defaults = {
@@ -151,6 +170,7 @@ module "cluster" {
           throughput            = 125
           encrypted             = true
           delete_on_termination = true
+          kms_key_id            = data.aws_kms_key.ebs_key.arn
         }
       }
     }