fix: Use role_name to create access entry

modules/services/eks/datasources.tf

@@ -1,3 +1,5 @@
+data "aws_caller_identity" "current" {}
+
 data "aws_eks_clusters" "clusters" {}
 
 data "aws_eks_cluster" "clusters" {

modules/services/eks/locals.tf

@@ -1,4 +1,7 @@
 locals {
+  account_id    = data.aws_caller_identity.current.account_id
+  principal_arn = "arn:aws:iam::${local.account_id}:role/${var.role_name}"
+
   api_enabled_clusters = [
     for cluster in data.aws_eks_cluster.clusters :
     cluster if contains(["API", "API_AND_CONFIG_MAP"], cluster.access_config[0].authentication_mode)

modules/services/eks/main.tf

@@ -1,6 +1,6 @@
 resource "awscc_eks_access_entry" "viewer" {
   for_each        = local.clusters
   cluster_name    = each.value.name
-  principal_arn   = var.principal_arn // TODO: Use data source
+  principal_arn   = local.principal_arn // TODO: Use data source
   access_policies = [local.cluster_access_policy]
 }

modules/services/eks/variables.tf

@@ -10,7 +10,7 @@ variable "clusters" {
   default     = []
 }
 
-variable "principal_arn" {
-  description = "Sysdig's IAM Principal ARN which will access the EKS clusters"
+variable "role_name" {
+  description = "IAM role that Sysdig will assume to access the EKS clusters"
   type        = string
 }