diff --git a/chart/templates/gitlab/secret-objectstore.yaml b/chart/templates/gitlab/secret-objectstore.yaml
index 42a5b904d6005a8d020ffeddddace6088c3adf81..cd648d8d4a9284d5ca7ad31304e941ae3160bde0 100644
--- a/chart/templates/gitlab/secret-objectstore.yaml
+++ b/chart/templates/gitlab/secret-objectstore.yaml
@@ -1,5 +1,6 @@
 {{- if or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled }}
 {{- if .Values.addons.gitlab.objectStorage.endpoint }}
+{{- if and (ne .Values.addons.gitlab.objectStorage.iamProfile "") (ne .Values.addons.gitlab.objectStorage.accessKey "") }}{{- fail "Must choose to use an IAM profile OR an AWS accessKey/accessSecret at .Values.addons.gitlab.objectStorage" }}{{- end }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -10,8 +11,12 @@ stringData:
     rails: |-
       provider: AWS
       region: {{ .Values.addons.gitlab.objectStorage.region }}
+      {{- if ne .Values.addons.gitlab.objectStorage.iamProfile "" }}
+      use_iam_profile: true
+      {{- else if eq .Values.addons.gitlab.objectStorage.iamProfile "" }}
       aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
       aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      {{- end }}
       {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
       aws_signature_version: 4
       host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
@@ -29,8 +34,10 @@ stringData:
         {{- else }}
         bucket: gitlab-registry
         {{- end }}
+        {{- if eq .Values.addons.gitlab.objectStorage.iamProfile "" }}
         accesskey: {{ .Values.addons.gitlab.objectStorage.accessKey }}
         secretkey: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+        {{- end }}
         region: {{ .Values.addons.gitlab.objectStorage.region }}
         {{- if eq .Values.addons.gitlab.objectStorage.type "s3" }}
         v4auth: true
@@ -43,8 +50,10 @@ stringData:
         {{- end }}
     backups: |-
       [default]
+      {{- if eq .Values.addons.gitlab.objectStorage.iamProfile "" }} 
       access_key = {{ .Values.addons.gitlab.objectStorage.accessKey }}
       secret_key = {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      {{- end }}
       bucket_location = {{ .Values.addons.gitlab.objectStorage.region }}
       host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectStorage.endpoint "" }}
       multipart_chunk_size_mb = 128
diff --git a/chart/templates/gitlab/values.yaml b/chart/templates/gitlab/values.yaml
index 4dfb888d586918910d4748aae9755badbdeef2c3..a16eef6287242ed1848c6e11e61e8da2254f2ae0 100644
--- a/chart/templates/gitlab/values.yaml
+++ b/chart/templates/gitlab/values.yaml
@@ -1,7 +1,7 @@
 {{- if .Values.addons.gitlab.enabled }}
 {{- include "values-secret" (dict "root" $ "package" .Values.addons.gitlab "name" "gitlab" "defaults" (include "bigbang.defaults.gitlab" .)) }}
 {{- end }}
-
+{{- if and (ne .Values.addons.gitlab.objectStorage.iamProfile "") (ne .Values.addons.gitlab.objectStorage.accessKey "") }}{{- fail "Must choose to use an IAM profile OR an AWS accessKey/accessSecret at .Values.addons.gitlab.objectStorage" }}{{- end }}
 {{- define "bigbang.defaults.gitlab" -}}
 # hostname is deprecated and replaced with domain. But if hostname exists then use it.
 {{- $domainName := default .Values.domain .Values.hostname }}
@@ -40,6 +40,10 @@ registry:
   storage:
     secret: gitlab-object-storage
     key: registry
+  {{- if ne .Values.addons.gitlab.objectStorage.iamProfile "" }}
+  annotations: 
+    iam.amazonaws.com/role: {{ .Values.addons.gitlab.objectStorage.iamProfile }}
+  {{- end }}
 {{- end }}
 
 {{- if .Values.istio.enabled }}
@@ -56,9 +60,22 @@ gitlab:
         config:
           secret: gitlab-object-storage
           key: backups
+    {{- if ne .Values.addons.gitlab.objectStorage.iamProfile "" }}
+    annotations: 
+      iam.amazonaws.com/role: {{ .Values.addons.gitlab.objectStorage.iamProfile }}
+    {{- end }}
   {{- end }}
   gitlab-exporter:
     enabled: {{ .Values.monitoring.enabled }}
+  {{- if ne .Values.addons.gitlab.objectStorage.iamProfile "" }}
+  webservice:
+    annotations: 
+      iam.amazonaws.com/role: {{ .Values.addons.gitlab.objectStorage.iamProfile }}
+  sidekiq:
+    annotations: 
+      iam.amazonaws.com/role: {{ .Values.addons.gitlab.objectStorage.iamProfile }}
+  {{- end }}
+
   {{- if .Values.istio.enabled }}
   migrations:
     annotations:
@@ -227,4 +244,8 @@ global:
     {{- end }}
   {{- end }}
 
+{{- if ne .Values.addons.gitlab.objectStorage.iamProfile "" }}
+use_iam_profile: true
+{{- end }}
+
 {{- end -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index 607ecfdccd936b32853ca6c367e83bbf1f121a83..088bad4b802924de8e39212d2a47dbf566f937fe 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -602,7 +602,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
       path: "./chart"
-      tag: "5.3.1-bb.3"
+      tag: "5.3.1-bb.4"
 
     # -- Flux reconciliation overrides specifically for the Gitlab Package
     flux: {}
@@ -655,6 +655,7 @@ addons:
       region: ""
 
       # -- Access key for connecting to object storage endpoint.
+      # -- If using accessKey and accessSecret, the iamProfile must be left as an empty string: ""
       accessKey: ""
 
       # -- Secret key for connecting to object storage endpoint.
@@ -665,6 +666,11 @@ addons:
       # Example: "prod" will produce "prod-gitlab-bucket"
       bucketPrefix: ""
 
+      # -- NOTE: Current bug with AWS IAM Profiles and Object Storage where only artifacts are stored. Fixed in Gitlab 14.5
+      # -- Name of AWS IAM profile to use.
+      # -- If using an AWS IAM profile, the accessKey and accessSecret values must be left as empty strings eg: ""
+      iamProfile: ""
+
     # -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
     values: {}