diff --git a/pkg/cloud/services/eks/oidc.go b/pkg/cloud/services/eks/oidc.go
index ae35fcd962..ab23395b1f 100644
--- a/pkg/cloud/services/eks/oidc.go
+++ b/pkg/cloud/services/eks/oidc.go
@@ -52,6 +52,9 @@ func (s *Service) reconcileOIDCProvider(cluster *eks.Cluster) error {
 			return errors.Wrap(err, "failed to create OIDC provider")
 		}
 		s.scope.ControlPlane.Status.OIDCProvider.ARN = oidcProvider
+		anno := s.scope.ControlPlane.GetAnnotations()
+		anno["aws.spectrocloud.com/oidcProviderArn"] = oidcProvider
+		s.scope.ControlPlane.SetAnnotations(anno)
 		if err := s.scope.PatchObject(); err != nil {
 			return errors.Wrap(err, "failed to update control plane with OIDC provider ARN")
 		}
@@ -134,11 +137,18 @@ func (s *Service) reconcileTrustPolicy() error {
 }
 
 func (s *Service) deleteOIDCProvider() error {
-	if !s.scope.ControlPlane.Spec.AssociateOIDCProvider || s.scope.ControlPlane.Status.OIDCProvider.ARN == "" {
+	anno := s.scope.ControlPlane.GetAnnotations()
+	arn := anno["aws.spectrocloud.com/oidcProviderArn"]
+
+	if arn == "" {
+		arn = s.scope.ControlPlane.Status.OIDCProvider.ARN
+	}
+
+	if !s.scope.ControlPlane.Spec.AssociateOIDCProvider || arn == "" {
 		return nil
 	}
 
-	providerARN := s.scope.ControlPlane.Status.OIDCProvider.ARN
+	providerARN := arn
 	if err := s.DeleteOIDCProvider(&providerARN); err != nil {
 		return errors.Wrap(err, "failed to delete OIDC provider")
 	}