Correct, they are on the roadmap, I've been waffling on the implementation because this could open security issues. I'm happy to say we'll at least be able to use k8s RBAC to gate who can get, list, create, update and delete the Roles but your security posture from the node perspective still will need to gate what the pods could assume. https://github.com/awslabs/aws-service-operator/issues/58https://github.com/awslabs/aws-service-operator/issues/59 are the issues if you'd like to add any extra notes or check out the potential implementation.