diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index 747dcba..7af54f9 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -105,6 +105,13 @@ module "cloudsql" {
   ]
 }
 
+# Create a workload identity service account for IAM authentication to
+# cloudsql
+module "cloudsql_test_sa" {
+  source  = "../modules/workload_identity_account"
+  project = var.project
+}
+
 #################### Redis ################################
 
 module "redis" {
@@ -127,9 +134,3 @@ output "redis_port" {
   description = "Port for redis database."
   value       = module.redis.redis_port
 }
-
-
-
-
-
-
diff --git a/terraform/modules/workload_identity_account/workload_identity_account.tf b/terraform/modules/workload_identity_account/workload_identity_account.tf
new file mode 100644
index 0000000..c6c10e6
--- /dev/null
+++ b/terraform/modules/workload_identity_account/workload_identity_account.tf
@@ -0,0 +1,8 @@
+# Requires a google_iam_workload_identity_pool to exist, but it is not
+# referenced in this module.
+
+
+variable "project" {
+  description = "Project ID."
+  type        = string
+}