diff --git a/cluster-admin.tf b/cluster-admin.tf
new file mode 100644
index 0000000..7e1a889
--- /dev/null
+++ b/cluster-admin.tf
@@ -0,0 +1,9 @@
+ 
+# patch-aws-auth.tf
+module "cluster-admin" {
+  source               = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=2.2.0" 
+  profile              = var.aws_sso_profile
+  cluster_name         = var.cluster_name
+  aws_auth_roles       = var.aws_auth_roles
+  keep_temporary_files = var.keep_temporary_files
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index aabef96..71eb5cb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -73,6 +73,37 @@ variable "operators_ns" {
   default     = "operators"
 }
 
+variable "aws_auth_roles" {
+  description = "List of role maps to add to the aws-auth configmap"
+  type        = list(any)
+  default     = [
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t3_b200ae7af469cdc8"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    },
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    }
+  ]
+}
+
+variable "aws_sso_profile" {
+  description = "sso profile"
+  type        = string
+  default     = "224384469011-lab-dev-gov.inf-admin-t3"
+}
+
+variable "keep_temporary_files" {
+  description = "whether to keep temp files while creating aws_auth_roles"
+  type        = bool
+  default     = false
+}
+
 ###################################################################
 # Common variables
 ###################################################################