Endpoint Services Allowed Principals

Looks like this code will only pull in current ID for allowed principals for the endpoint service. How can you add additional ARNs to a whitelist for an endpoint service?

In the console I would go to the endpoint service and add an ARN to the whitelist. How does this translate to terraform code?

allowed_principals is a list, so just add any ARN to the list, [“arn:…:root”,“arn:…”]