diff --git a/tests/cli/test_cmds_validate.py b/tests/cli/test_cmds_validate.py
index 6b79936dcc..bac7b52c7b 100644
--- a/tests/cli/test_cmds_validate.py
+++ b/tests/cli/test_cmds_validate.py
@@ -606,6 +606,37 @@ def test_instance_validate_schema_iam_role(
         assert expected_output in output
 
 
+@pytest.mark.parametrize(
+    "iam_role, service_account_name, instance_type, expected",
+    [
+        ("arn:aws:iam::12345678:role/some_role", None, "kubernetes", True),
+        ("arn:aws:iam::12345678:role/some_role", None, "eks", True),
+        ("arn:aws:iam::12345678:role/some_role", "some_svc_account", "eks", False),
+        (None, "some_svc_account", "eks", True),
+    ],
+)
+def test_instance_validate_schema_sa_and_iam_role(
+    iam_role,
+    service_account_name,
+    instance_type,
+    expected,
+    capsys,
+):
+    instance_content = f"""
+test_instance:
+  {"iam_role: "+iam_role if iam_role else ""}
+  {"service_account_name: "+service_account_name if service_account_name else ""}
+"""
+    with patch(
+        "paasta_tools.cli.cmds.validate.get_file_contents", autospec=True
+    ) as mock_get_file_contents:
+        mock_get_file_contents.return_value = instance_content
+        assert validate_schema("unused_service_path.yaml", instance_type) == expected
+        expected_output = SCHEMA_VALID if expected else SCHEMA_INVALID
+        output, _ = capsys.readouterr()
+        assert expected_output in output
+
+
 @patch("paasta_tools.cli.cmds.validate.get_file_contents", autospec=True)
 def test_tron_validate_schema_understands_underscores(mock_get_file_contents, capsys):
     tron_content = """