diff --git a/terraform/modules/workload_identity_account/workload_identity_account.tf b/terraform/modules/workload_identity_account/workload_identity_account.tf
index 2ea3d24..c06aff6 100644
--- a/terraform/modules/workload_identity_account/workload_identity_account.tf
+++ b/terraform/modules/workload_identity_account/workload_identity_account.tf
@@ -23,6 +23,11 @@ output "service_account" {
   value       = google_service_account.service_account
 }
 
+output "cloudsql_username" {
+  description = "If this service account is to be used with IAM database authentication, this would be the username for the user. Note that the google_sql_user is not created by this module."
+  value       = trimsuffix(google_service_account.service_account.email, ".gserviceaccount.com")
+}
+
 resource "google_service_account" "service_account" {
   account_id   = "wi-${var.k8s_namespace}-${var.k8s_service_account}"
   display_name = "Workload identity account for GKE [${var.k8s_namespace}/${var.k8s_service_account}]"