Configuring an AWS Managed Collector scraper with an EKS cluster in API authentication mode

I have several active EKS clusters that are configured in API authentication mode in their access configuration. I'm trying to work out how to add an AWS Managed Collector for Amazon Managed Prometheus as per this guide but all the instructions relate to updating the cluster aws-auth ConfigMap to grant access to the collector, which isn't relevant in API authentication mode.

I have tried adding an EKS access entry instead, but the access entry refuses to create, giving the error (console or CLI):

The caller is not allowed to modify access entries with a principalArn value of a Service Linked Role

but unfortunately the service-linked role is the only role available when the managed collector is created. Is there a way to grant the necessary access to the collector? The cluster authentication mode is a one-way decision and can't be reverted to API and ConfigMap anymore. Updating the ConfigMap isn't going to have any effect as long as the authentication mode is locked to API.