feat(access-entries) add sc-eks to admin entries

README.md

@@ -138,6 +138,7 @@ efs-csi-controller    0         5m
 | [aws_iam_roles.sso_admins](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source |
 | [aws_iam_roles.sso_devs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source |
 | [aws_iam_roles.sso_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source |
+| [aws_iam_roles.sso_sc_eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source |
 | [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [aws_subnet.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |

access-entries.tf

@@ -15,6 +15,11 @@ data "aws_iam_roles" "sso_devs" {
   path_prefix = "/aws-reserved/sso.amazonaws.com/"
 }
 
+data "aws_iam_roles" "sso_sc_eks" {
+  name_regex  = "AWSReservedSSO_sc-eks"
+  path_prefix = "/aws-reserved/sso.amazonaws.com/"
+}
+
 data "aws_iam_roles" "roles" {
   name_regex = "r-inf-terraform(-eks)"
 }
@@ -26,7 +31,7 @@ data "aws_iam_roles" "sso_read" {
 
 locals {
   access_entries = merge(local.admins, local.viewers)
-  admin_arns     = [for arn in concat(tolist(data.aws_iam_roles.roles.arns), tolist(data.aws_iam_roles.sso_admins.arns)) : arn if arn != data.aws_iam_session_context.current.issuer_arn]
+  admin_arns     = [for arn in concat(tolist(data.aws_iam_roles.roles.arns), tolist(data.aws_iam_roles.sso_admins.arns), tolist(data.aws_iam_roles.sso_sc_eks.arns)) : arn if arn != data.aws_iam_session_context.current.issuer_arn]
   admins = {
     for arn in local.admin_arns :
     arn => {