diff --git a/admin/registries/ecr.md b/admin/registries/ecr.md
index 8d6976548..26256e2eb 100644
--- a/admin/registries/ecr.md
+++ b/admin/registries/ecr.md
@@ -18,7 +18,7 @@ To access a private ECR registry, Coder needs to authenticate with AWS. Coder
 supports two methods of authentication with AWS ECR:
 
 - Static credentials
-- IAM roles for service accounts
+- **Alpha:** IAM roles for service accounts
 
 ### Option A: Provision static credentials for Coder
 
@@ -44,6 +44,8 @@ To provision static credentials for Coder:
 
 ### Option B: Link an AWS IAM role to the Coder Kubernetes service account (IRSA)
 
+**Note:** This is currently an **alpha** feature.
+
 Coder can use an
 [IAM role linked to Coder's Kubernetes service account](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/),
 though this is only supported when Coder is running in AWS EKS. This is because
@@ -57,6 +59,9 @@ is required to provision and inject the required token into the `coderd` pod.
 
 To link an IAM role to Coder's Kubernetes service account:
 
+1. Enable the feature under Manage > Admin > Infrastructure > ECR IAM Role
+   Authentication.
+
 1. Create an IAM OIDC Provider for your EKS cluster (if it does not already
    exist).