add oidc (#4493)

terraform/aws/analytical-platform-data-production/airflow/data.tf

@@ -22,3 +22,7 @@ data "aws_eks_cluster" "analytical_platform_development" {
 data "tls_certificate" "analytical_platform_development_eks_oidc_issuer" {
   url = data.aws_eks_cluster.analytical_platform_development.identity[0].oidc[0].issuer
 }
+
+data "tls_certificate" "airflow_dev_eks_cluster" {
+  url = aws_eks_cluster.airflow_dev_eks_cluster.identity[0].oidc[0].issuer
+}

terraform/aws/analytical-platform-data-production/airflow/iam-openid-connect-providers.tf

@@ -3,3 +3,9 @@ resource "aws_iam_openid_connect_provider" "analytical_platform_development" {
   client_id_list  = ["sts.amazonaws.com"]
   thumbprint_list = [data.tls_certificate.analytical_platform_development_eks_oidc_issuer.certificates[0].sha1_fingerprint]
 }
+
+resource "aws_iam_openid_connect_provider" "airflow_dev" {
+  url             = aws_eks_cluster.airflow_dev_eks_cluster.identity[0].oidc[0].issuer
+  client_id_list  = ["sts.amazonaws.com"]
+  thumbprint_list = [data.tls_certificate.airflow_dev_eks_cluster.certificates[0].sha1_fingerprint]
+}

terraform/aws/analytical-platform-data-production/airflow/iam-roles.tf

@@ -103,7 +103,7 @@ module "airflow_dev_monitoring_iam_role" {
 
   oidc_providers = {
     one = {
-      provider_arn               = resource.aws_iam_openid_connect_provider.analytical_platform_development.arn
+      provider_arn               = resource.aws_iam_openid_connect_provider.airflow_dev.arn
       namespace_service_accounts = ["airflow:airflow"]
     }
   }