diff --git a/main.tf b/main.tf
index 0421996..14828ff 100644
--- a/main.tf
+++ b/main.tf
@@ -64,7 +64,7 @@ resource "aws_iam_role" "this" {
   tags = var.aws_tags
 
   force_detach_policies = true
-
+  permissions_boundary = var.aws_iam_permissions_boundary_arn
   assume_role_policy = var.k8s_cluster_type == "vanilla" ? data.aws_iam_policy_document.ec2_assume_role[0].json : data.aws_iam_policy_document.eks_oidc_assume_role[0].json
 }
 
@@ -406,7 +406,11 @@ resource "kubernetes_deployment" "this" {
             "--aws-region=${local.aws_region_name}",
             "--aws-max-retries=10",
           ]
-
+          env_from {
+            config_map_ref {
+              name = var.k8s_env_config_map
+            }
+          }
           port {
             name           = "health"
             container_port = 10254
diff --git a/variables.tf b/variables.tf
index de9fe6e..79723d0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -21,6 +21,11 @@ variable "k8s_replicas" {
   default     = 1
 }
 
+variable "k8s_env_config_map" {
+  description = "Configmap reference for custom environment for autoscaling"
+  type = string
+  default = null
+}
 
 variable "k8s_pod_annotations" {
   description = "Additional annotations to be added to the Pods."
@@ -40,6 +45,12 @@ variable "aws_iam_path_prefix" {
   default     = ""
 }
 
+variable "aws_iam_permissions_boundary_arn" {
+  description = "Allows a permissions boundary on the IAM role to be set"
+  type        = string
+  default     = ""
+}
+
 variable "aws_vpc_id" {
   description = "ID of the Virtual Private Network to utilize. Can be ommited if targeting EKS."
   type        = string