How to enable managed identity for the virtual machine scale set on a terraform kubernetes deploy

Question

I am deploying AKS through terraform. It's working great, but I would like to also enable identity on the VMSS object in order to allow pod level managed identity access (mostly grab keys from key vaults).

I can manually do this by going to the auto-created VMSS object that Azure creates once launching the AKS cluster.

However, I do not see an option for this in the terraform resource.

Has anyone ran into this and found a way to pull it off?

My deployment code is like this:

resource "azurerm_kubernetes_cluster" "main" {
  name                = "myaks"
  location            = "centralus"
  resource_group_name = "myrg"
  dns_prefix          = "myaks"

  node_resource_group = "aksmanagedrg"

  default_node_pool {
    name            = "default"
    node_count      = 1
    vm_size         = "Standard_B2ms"
    vnet_subnet_id  = "myakssubnetid"
    os_disk_size_gb = 128
  }

  identity {
    type = "SystemAssigned"
  }

  addon_profile {
    aci_connector_linux {
      enabled = false
    }

    azure_policy {
      enabled = false
    }

    http_application_routing {
      enabled = false
    }

    kube_dashboard {
      enabled = true
    }

    oms_agent {
      enabled = false
    }
  }

  network_profile {
    network_plugin = "azure"
    load_balancer_sku = "standard"
  }

}

Thanks!