diff --git a/apis/v1alpha1/generator.yaml b/apis/v1alpha1/generator.yaml
index 2e6f45ee..bc1c53ca 100644
--- a/apis/v1alpha1/generator.yaml
+++ b/apis/v1alpha1/generator.yaml
@@ -448,6 +448,8 @@ resources:
         template_path: hooks/pod_identity_association/sdk_update_post_build_request.go.tpl
       sdk_read_one_post_set_output:
         template_path: hooks/pod_identity_association/sdk_read_one_post_set_output.go.tpl
+      sdk_read_one_pre_build_request:
+        template_path: hooks/pod_identity_association/sdk_read_one_pre_build_request.go.tpl
       sdk_create_post_set_output:
         template_path: hooks/pod_identity_association/sdk_create_post_set_output.go.tpl
     fields:
diff --git a/generator.yaml b/generator.yaml
index 2e6f45ee..bc1c53ca 100644
--- a/generator.yaml
+++ b/generator.yaml
@@ -448,6 +448,8 @@ resources:
         template_path: hooks/pod_identity_association/sdk_update_post_build_request.go.tpl
       sdk_read_one_post_set_output:
         template_path: hooks/pod_identity_association/sdk_read_one_post_set_output.go.tpl
+      sdk_read_one_pre_build_request:
+        template_path: hooks/pod_identity_association/sdk_read_one_pre_build_request.go.tpl
       sdk_create_post_set_output:
         template_path: hooks/pod_identity_association/sdk_create_post_set_output.go.tpl
     fields:
diff --git a/pkg/resource/pod_identity_association/hooks.go b/pkg/resource/pod_identity_association/hooks.go
index b75f4b23..703c1bf7 100644
--- a/pkg/resource/pod_identity_association/hooks.go
+++ b/pkg/resource/pod_identity_association/hooks.go
@@ -14,7 +14,63 @@
 package pod_identity_association
 
 import (
+	"context"
+
 	"github.com/aws-controllers-k8s/eks-controller/pkg/tags"
+	ackrtlog "github.com/aws-controllers-k8s/runtime/pkg/runtime/log"
+	svcsdk "github.com/aws/aws-sdk-go-v2/service/eks"
 )
 
 var syncTags = tags.SyncTags
+
+func (rm *resourceManager) getAssociationID(ctx context.Context, r *resource) (id *string, err error) {
+	rlog := ackrtlog.FromContext(ctx)
+	exit := rlog.Trace("rm.getSecretID")
+	defer func() {
+		exit(err)
+	}()
+
+	// ClusterName is a required field for ListPodIdentityAssociations operation
+	// we treat an undefined ClusterName as not found.
+	if r.ko.Spec.ClusterName == nil {
+		return nil, nil
+	}
+
+	resp, err := rm.sdkapi.ListPodIdentityAssociations(ctx, &svcsdk.ListPodIdentityAssociationsInput{
+		ClusterName:    r.ko.Spec.ClusterName,
+		Namespace:      r.ko.Spec.Namespace,
+		ServiceAccount: r.ko.Spec.ServiceAccount,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// if more than one are returned, we don't want to manage them
+	// and treat it as not found
+	if len(resp.Associations) != 1 {
+		return nil, nil
+	}
+
+	// expect Namespace, ClusterName, and ServiceAccount defined by the user
+	// to match the returned association
+	pia := resp.Associations[0]
+	if !isPtrEqual(pia.ClusterName, r.ko.Spec.ClusterName) ||
+		!isPtrEqual(pia.Namespace, r.ko.Spec.Namespace) ||
+		!isPtrEqual(pia.ServiceAccount, r.ko.Spec.ServiceAccount) {
+		return nil, nil
+	}
+
+	return resp.Associations[0].AssociationId, nil
+
+}
+
+func isPtrEqual(a, b *string) bool {
+	// we expect both to be non-nil, return false otherwise
+	if a == nil {
+		return false
+	}
+	if b == nil {
+		return false
+	}
+	return *a == *b
+}
diff --git a/pkg/resource/pod_identity_association/sdk.go b/pkg/resource/pod_identity_association/sdk.go
index 90da58fd..44c4fab2 100644
--- a/pkg/resource/pod_identity_association/sdk.go
+++ b/pkg/resource/pod_identity_association/sdk.go
@@ -27,6 +27,7 @@ import (
 	ackcondition "github.com/aws-controllers-k8s/runtime/pkg/condition"
 	ackerr "github.com/aws-controllers-k8s/runtime/pkg/errors"
 	ackrequeue "github.com/aws-controllers-k8s/runtime/pkg/requeue"
+	"github.com/aws-controllers-k8s/runtime/pkg/runtime"
 	ackrtlog "github.com/aws-controllers-k8s/runtime/pkg/runtime/log"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	svcsdk "github.com/aws/aws-sdk-go-v2/service/eks"
@@ -62,6 +63,13 @@ func (rm *resourceManager) sdkFind(
 	defer func() {
 		exit(err)
 	}()
+	// Retrieve podIdentityAssociation ID only during adoption 
+	if r.ko.Status.AssociationID == nil && runtime.NeedAdoption(r) {
+		r.ko.Status.AssociationID, err = rm.getAssociationID(ctx, r)
+		if err != nil {
+			return nil, err
+		}
+	}
 	// If any required fields in the input shape are missing, AWS resource is
 	// not created yet. Return NotFound here to indicate to callers that the
 	// resource isn't yet created.
diff --git a/templates/hooks/pod_identity_association/sdk_read_one_pre_build_request.go.tpl b/templates/hooks/pod_identity_association/sdk_read_one_pre_build_request.go.tpl
new file mode 100644
index 00000000..050dc1ef
--- /dev/null
+++ b/templates/hooks/pod_identity_association/sdk_read_one_pre_build_request.go.tpl
@@ -0,0 +1,7 @@
+	// Retrieve podIdentityAssociation ID only during adoption 
+	if r.ko.Status.AssociationID == nil && runtime.NeedAdoption(r) {
+		r.ko.Status.AssociationID, err = rm.getAssociationID(ctx, r)
+		if err != nil {
+			return nil, err
+		}
+	}
\ No newline at end of file