aws-ia
diff --git a/‎.github/workflows/pre-commit.yaml
+1-1 b/‎.github/workflows/pre-commit.yaml
+1-1
diff --git a/‎examples/ai-ml/ray/main.tf
+1-1 b/‎examples/ai-ml/ray/main.tf
+1-1
diff --git a/‎examples/analytics/spark-k8s-operator/main.tf
+1-1 b/‎examples/analytics/spark-k8s-operator/main.tf
+1-1
diff --git a/‎examples/observability/amp-amg-opensearch/data.tf
+1-1 b/‎examples/observability/amp-amg-opensearch/data.tf
+1-1
diff --git a/‎locals.tf
+2-2 b/‎locals.tf
+2-2
diff --git a/‎modules/aws-eks-self-managed-node-groups/outputs.tf
+1-1 b/‎modules/aws-eks-self-managed-node-groups/outputs.tf
+1-1
diff --git a/‎modules/aws-eks-self-managed-node-groups/self-managed-launch-templates.tf
+1-1 b/‎modules/aws-eks-self-managed-node-groups/self-managed-launch-templates.tf
+1-1
diff --git a/‎modules/aws-eks-teams/main.tf
+1-1 b/‎modules/aws-eks-teams/main.tf
+1-1
diff --git a/‎modules/irsa/main.tf
+1-1 b/‎modules/irsa/main.tf
+1-1
diff --git a/‎modules/kubernetes-addons/agones/locals.tf
+2-2 b/‎modules/kubernetes-addons/agones/locals.tf
+2-2
diff --git a/‎modules/kubernetes-addons/airflow/main.tf
+2-1 b/‎modules/kubernetes-addons/airflow/main.tf
+2-1
diff --git a/‎modules/kubernetes-addons/argo-rollouts/locals.tf
+2-3 b/‎modules/kubernetes-addons/argo-rollouts/locals.tf
+2-3
diff --git a/‎modules/kubernetes-addons/argocd/locals.tf
+3-3 b/‎modules/kubernetes-addons/argocd/locals.tf
+3-3
diff --git a/‎modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf
+1 b/‎modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf
+1
diff --git a/‎modules/kubernetes-addons/aws-ebs-csi-driver/main.tf
+2-1 b/‎modules/kubernetes-addons/aws-ebs-csi-driver/main.tf
+2-1
diff --git a/‎modules/kubernetes-addons/aws-efs-csi-driver/locals.tf
+2-2 b/‎modules/kubernetes-addons/aws-efs-csi-driver/locals.tf
+2-2
diff --git a/‎modules/kubernetes-addons/aws-for-fluentbit/locals.tf
+2-1 b/‎modules/kubernetes-addons/aws-for-fluentbit/locals.tf
+2-1
diff --git a/‎modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf
+2-2 b/‎modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf
+2-2
diff --git a/‎modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
+2-2 b/‎modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
+2-2
diff --git a/‎modules/kubernetes-addons/aws-node-termination-handler/locals.tf
+8-9 b/‎modules/kubernetes-addons/aws-node-termination-handler/locals.tf
+8-9
diff --git a/‎modules/kubernetes-addons/aws-privateca-issuer/data.tf
+1-1 b/‎modules/kubernetes-addons/aws-privateca-issuer/data.tf
+1-1
diff --git a/‎modules/kubernetes-addons/aws-privateca-issuer/locals.tf
+2-5 b/‎modules/kubernetes-addons/aws-privateca-issuer/locals.tf
+2-5
diff --git a/‎modules/kubernetes-addons/calico/README.md
-2 b/‎modules/kubernetes-addons/calico/README.md
-2
diff --git a/‎modules/kubernetes-addons/calico/locals.tf
-23 b/‎modules/kubernetes-addons/calico/locals.tf
-23
diff --git a/‎modules/kubernetes-addons/calico/main.tf
+21-2 b/‎modules/kubernetes-addons/calico/main.tf
+21-2
diff --git a/‎modules/kubernetes-addons/calico/outputs.tf
+1-1 b/‎modules/kubernetes-addons/calico/outputs.tf
+1-1
diff --git a/‎modules/kubernetes-addons/calico/values.yaml
-2 b/‎modules/kubernetes-addons/calico/values.yaml
-2
diff --git a/‎modules/kubernetes-addons/calico/versions.tf
-11 b/‎modules/kubernetes-addons/calico/versions.tf
-11
diff --git a/‎modules/kubernetes-addons/cert-manager-csi-driver/README.md
-1 b/‎modules/kubernetes-addons/cert-manager-csi-driver/README.md
-1
@@ -13,7 +13,7 @@ env:
   TERRAFORM_DOCS_VERSION: v0.16.0
   TFSEC_VERSION: v1.22.0
   TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
-  TFLINT_VERSION: v0.38.1
+  TFLINT_VERSION: v0.42.1
 
 concurrency:
   group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
 
@@ -210,7 +210,7 @@ module "s3_bucket" {
 data "aws_iam_policy_document" "irsa_policy" {
   statement {
     actions   = ["s3:ListBucket"]
-    resources = ["${module.s3_bucket.s3_bucket_arn}"]
+    resources = [module.s3_bucket.s3_bucket_arn]
   }
   statement {
     actions   = ["s3:*Object"]
 
@@ -364,7 +364,7 @@ module "eks_blueprints_kubernetes_addons" {
     aws_for_fluent_bit_cw_log_group = "/${module.eks_blueprints.eks_cluster_id}/worker-fluentbit-logs" # Optional
     create_namespace                = true
     values = [templatefile("${path.module}/helm-values/aws-for-fluentbit-values.yaml", {
-      region                    = "${data.aws_region.current.id}"
+      region                    = data.aws_region.current.id
       aws_for_fluent_bit_cw_log = "/${module.eks_blueprints.eks_cluster_id}/worker-fluentbit-logs"
     })]
     set = [
 
@@ -40,7 +40,7 @@ data "aws_iam_policy_document" "opensearch_access_policy" {
     sid    = "AdminDomainLevelAccessToOpenSearch"
     effect = "Allow"
     resources = [
-      "${aws_elasticsearch_domain.opensearch.arn}",
+      aws_elasticsearch_domain.opensearch.arn,
       "${aws_elasticsearch_domain.opensearch.arn}/*",
     ]
     actions = ["es:*"]
 
@@ -124,7 +124,7 @@ locals {
   platform_teams_config_map = length(var.platform_teams) > 0 ? [
     for platform_team_name, platform_team_data in var.platform_teams : {
       rolearn : "arn:${local.partition}:iam::${local.account_id}:role/${module.aws_eks.cluster_id}-${platform_team_name}-access"
-      username : "${platform_team_name}"
+      username : platform_team_name
       groups : [
         "system:masters"
       ]
@@ -135,7 +135,7 @@ locals {
   application_teams_config_map = length(var.application_teams) > 0 ? [
     for team_name, team_data in var.application_teams : {
       rolearn : "arn:${local.partition}:iam::${local.account_id}:role/${module.aws_eks.cluster_id}-${team_name}-access"
-      username : "${team_name}"
+      username : team_name
       groups : [
         "${team_name}-group"
       ]
 
@@ -1,6 +1,6 @@
 output "self_managed_nodegroup_name" {
   description = "EKS Self Managed node group id"
-  value       = local.self_managed_node_group["node_group_name"].*
+  value       = local.self_managed_node_group["node_group_name"][*]
 }
 
 output "self_managed_nodegroup_iam_role_arns" {
 
@@ -3,7 +3,7 @@ module "launch_template_self_managed_ng" {
 
   eks_cluster_id = var.context.eks_cluster_id
   launch_template_config = {
-    "${local.lt_self_managed_group_map_key}" = {
+    (local.lt_self_managed_group_map_key) = {
       ami                    = local.custom_ami_id
       launch_template_os     = local.self_managed_node_group["launch_template_os"]
       launch_template_prefix = local.self_managed_node_group["node_group_name"]
 
@@ -129,7 +129,7 @@ resource "aws_iam_role" "team_sa_irsa" {
       {
         "Effect" : "Allow",
         "Principal" : {
-          "Federated" : "${local.eks_oidc_provider_arn}"
+          "Federated" : local.eks_oidc_provider_arn
         },
         "Action" : "sts:AssumeRoleWithWebIdentity",
         "Condition" : {
 
@@ -43,7 +43,7 @@ resource "aws_iam_role" "irsa" {
       {
         "Effect" : "Allow",
         "Principal" : {
-          "Federated" : "${var.eks_oidc_provider_arn}"
+          "Federated" : var.eks_oidc_provider_arn
         },
         "Action" : "sts:AssumeRoleWithWebIdentity",
         "Condition" : {
 
@@ -2,13 +2,13 @@ locals {
   name      = "agones"
   namespace = "agones-system"
 
+  # https://github.com/googleforgames/agones/blob/main/install/helm/agones/Chart.yaml
   default_helm_config = {
     name               = local.name
     chart              = local.name
     repository         = "https://agones.dev/chart/stable"
-    version            = "1.23.0"
+    version            = "1.27.0"
     namespace          = local.namespace
-    timeout            = "1200"
     description        = "Agones Gaming Server Helm Chart deployment configuration"
     values             = local.default_helm_values
     gameserver_minport = 7000
 
@@ -1,11 +1,12 @@
 locals {
   name = "airflow"
 
+  # https://github.com/apache/airflow/blob/main/chart/Chart.yaml
   default_helm_config = {
     name             = local.name
     chart            = local.name
     repository       = "https://airflow.apache.org"
-    version          = "1.6.0"
+    version          = "1.7.0"
     namespace        = local.name
     create_namespace = true
     values           = [templatefile("${path.module}/values.yaml", {})]
 
@@ -1,15 +1,14 @@
 locals {
   name = "argo-rollouts"
 
+  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://argoproj.github.io/argo-helm"
-    version     = "2.16.0"
+    version     = "2.21.1"
     namespace   = local.name
     description = "Argo Rollouts AddOn Helm Chart"
-    values      = []
-    timeout     = "1200"
   }
 
   helm_config = merge(
 
@@ -1,16 +1,16 @@
 locals {
-  default_helm_values = [templatefile("${path.module}/values.yaml", {})]
+  default_helm_values = [file("${path.module}/values.yaml")]
 
   name      = "argo-cd"
   namespace = "argocd"
 
+  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/Chart.yaml
   default_helm_config = {
     name             = local.name
     chart            = local.name
     repository       = "https://argoproj.github.io/argo-helm"
-    version          = "4.9.14"
+    version          = "5.8.3"
     namespace        = local.namespace
-    timeout          = 1200
     create_namespace = true
     values           = local.default_helm_values
     description      = "The ArgoCD Helm Chart deployment configuration"
 
@@ -3,6 +3,7 @@ locals {
   namespace            = "amazon-cloudwatch"
   service_account_name = "cloudwatch-agent"
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-cloudwatch-metrics/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
 
@@ -31,11 +31,12 @@ module "helm_addon" {
   source = "../helm-addon"
   count  = var.enable_self_managed_aws_ebs_csi_driver && !var.enable_amazon_eks_aws_ebs_csi_driver ? 1 : 0
 
+  # https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/charts/aws-ebs-csi-driver/Chart.yaml
   helm_config = merge({
     name        = local.name
     description = "The Amazon Elastic Block Store Container Storage Interface (CSI) Driver provides a CSI interface used by Container Orchestrators to manage the lifecycle of Amazon EBS volumes."
     chart       = local.name
-    version     = "2.12.0"
+    version     = "2.12.1"
     repository  = "https://kubernetes-sigs.github.io/aws-ebs-csi-driver"
     namespace   = local.namespace
     values = [
 
@@ -3,13 +3,13 @@ locals {
   service_account_name = "efs-csi-sa"
   namespace            = "kube-system"
 
+  # https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/charts/aws-efs-csi-driver/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
-    version     = "2.2.6"
+    version     = "2.2.9"
     namespace   = local.namespace
-    values      = []
     description = "The AWS EFS CSI driver Helm chart deployment configuration"
   }
 
 
@@ -14,11 +14,12 @@ locals {
     }
   ]
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-for-fluent-bit/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://aws.github.io/eks-charts"
-    version     = "0.1.18"
+    version     = "0.1.21"
     namespace   = local.name
     values      = local.default_helm_values
     description = "aws-for-fluentbit Helm Chart deployment configuration"
 
@@ -3,13 +3,13 @@ locals {
   service_account_name = "fsx-csi-sa"
   namespace            = "kube-system"
 
+  # https://github.com/kubernetes-sigs/aws-fsx-csi-driver/blob/master/charts/aws-fsx-csi-driver/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/"
-    version     = "1.4.2"
+    version     = "1.4.4"
     namespace   = local.namespace
-    values      = []
     description = "The Amazon FSx for Lustre CSI driver Helm chart deployment configuration"
   }
 
 
@@ -2,13 +2,13 @@ locals {
   name                 = "aws-load-balancer-controller"
   service_account_name = "${local.name}-sa"
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://aws.github.io/eks-charts"
-    version     = "1.4.3"
+    version     = "1.4.5"
     namespace   = "kube-system"
-    timeout     = "1200"
     values      = local.default_helm_values
     description = "aws-load-balancer-controller Helm Chart for ingress resources"
   }
 
@@ -3,16 +3,15 @@ locals {
   name                 = "aws-node-termination-handler"
   service_account_name = "${local.name}-sa"
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-node-termination-handler/Chart.yaml
   default_helm_config = {
-    name             = local.name
-    chart            = local.name
-    repository       = "https://aws.github.io/eks-charts"
-    version          = "0.18.5"
-    namespace        = local.namespace
-    timeout          = "1200"
-    create_namespace = false
-    description      = "AWS Node Termination Handler Helm Chart"
-    values           = local.default_helm_values
+    name        = local.name
+    chart       = local.name
+    repository  = "https://aws.github.io/eks-charts"
+    version     = "0.19.3"
+    namespace   = local.namespace
+    description = "AWS Node Termination Handler Helm Chart"
+    values      = local.default_helm_values
   }
 
   helm_config = merge(
 
@@ -1,7 +1,7 @@
 data "aws_iam_policy_document" "aws_privateca_issuer" {
   statement {
     effect    = "Allow"
-    resources = ["${var.aws_privateca_acmca_arn}"]
+    resources = [var.aws_privateca_acmca_arn]
     actions = [
       "acm-pca:DescribeCertificateAuthority",
       "acm-pca:GetCertificate",
 
@@ -2,19 +2,16 @@ locals {
   name                 = "aws-privateca-issuer"
   service_account_name = "${local.name}-sa"
 
+  # https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://cert-manager.github.io/aws-privateca-issuer"
     version     = "1.2.2"
     namespace   = local.name
-    description = "AWS PCA Issuer helm Chart deployment configuration."
-    values      = local.default_helm_values
-    timeout     = "1200"
+    description = "AWS PCA Issuer helm Chart deployment configuration"
   }
 
-  default_helm_values = []
-
   helm_config = merge(
     local.default_helm_config,
     var.helm_config
 
@@ -9,8 +9,6 @@ For more details checkout [calico](https://projectcalico.docs.tigera.io/getting-
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 
 
@@ -1,6 +1,25 @@
 module "helm_addon" {
-  source            = "../helm-addon"
-  helm_config       = local.helm_config
+  source = "../helm-addon"
+
+  # https://github.com/projectcalico/calico/blob/master/charts/tigera-operator/Chart.yaml
+  helm_config = merge(
+    {
+      name       = "calico"
+      chart      = "tigera-operator"
+      repository = "https://docs.projectcalico.org/charts"
+      version    = "v3.24.3"
+      namespace  = "tigera-operator"
+      values = [
+        <<-EOT
+          installation:
+            kubernetesProvider: "EKS"
+        EOT
+      ]
+      create_namespace = true
+      description      = "calico helm Chart deployment configuration"
+    },
+    var.helm_config
+  )
   manage_via_gitops = var.manage_via_gitops
   addon_context     = var.addon_context
 }
@@ -1,4 +1,4 @@
 output "argocd_gitops_config" {
   description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
+  value       = var.manage_via_gitops ? { enable = true } : null
 }
@@ -1,14 +1,3 @@
 terraform {
   required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
 }
@@ -4,7 +4,6 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 
 ## Providers
Original file line number	Diff line number	Diff line change
`@@ -210,7 +210,7 @@ module "s3_bucket" {`
`210`	`210`	`data "aws_iam_policy_document" "irsa_policy" {`
`211`	`211`	`statement {`
`212`	`212`	`actions = ["s3:ListBucket"]`
`213`		`- resources = ["${module.s3_bucket.s3_bucket_arn}"]`
	`213`	`+ resources = [module.s3_bucket.s3_bucket_arn]`
`214`	`214`	`}`
`215`	`215`	`statement {`
`216`	`216`	`actions = ["s3:*Object"]`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ data "aws_iam_policy_document" "opensearch_access_policy" {`
`40`	`40`	`sid = "AdminDomainLevelAccessToOpenSearch"`
`41`	`41`	`effect = "Allow"`
`42`	`42`	`resources = [`
`43`		`- "${aws_elasticsearch_domain.opensearch.arn}",`
	`43`	`+ aws_elasticsearch_domain.opensearch.arn,`
`44`	`44`	`"${aws_elasticsearch_domain.opensearch.arn}/*",`
`45`	`45`	`]`
`46`	`46`	`actions = ["es:*"]`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`output "self_managed_nodegroup_name" {`
`2`	`2`	`description = "EKS Self Managed node group id"`
`3`		`- value = local.self_managed_node_group["node_group_name"].*`
	`3`	`+ value = local.self_managed_node_group["node_group_name"][*]`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "self_managed_nodegroup_iam_role_arns" {`
Original file line number	Diff line number	Diff line change
`@@ -129,7 +129,7 @@ resource "aws_iam_role" "team_sa_irsa" {`
`129`	`129`	`{`
`130`	`130`	`"Effect" : "Allow",`
`131`	`131`	`"Principal" : {`
`132`		`- "Federated" : "${local.eks_oidc_provider_arn}"`
	`132`	`+ "Federated" : local.eks_oidc_provider_arn`
`133`	`133`	`},`
`134`	`134`	`"Action" : "sts:AssumeRoleWithWebIdentity",`
`135`	`135`	`"Condition" : {`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ resource "aws_iam_role" "irsa" {`
`43`	`43`	`{`
`44`	`44`	`"Effect" : "Allow",`
`45`	`45`	`"Principal" : {`
`46`		`- "Federated" : "${var.eks_oidc_provider_arn}"`
	`46`	`+ "Federated" : var.eks_oidc_provider_arn`
`47`	`47`	`},`
`48`	`48`	`"Action" : "sts:AssumeRoleWithWebIdentity",`
`49`	`49`	`"Condition" : {`
Original file line number	Diff line number	Diff line change
`@@ -14,11 +14,12 @@ locals {`
`14`	`14`	`}`
`15`	`15`	`]`
`16`	`16`
	`17`	`+ # https://github.com/aws/eks-charts/blob/master/stable/aws-for-fluent-bit/Chart.yaml`
`17`	`18`	`default_helm_config = {`
`18`	`19`	`name = local.name`
`19`	`20`	`chart = local.name`
`20`	`21`	`repository = "https://aws.github.io/eks-charts"`
`21`		`- version = "0.1.18"`
	`22`	`+ version = "0.1.21"`
`22`	`23`	`namespace = local.name`
`23`	`24`	`values = local.default_helm_values`
`24`	`25`	`description = "aws-for-fluentbit Helm Chart deployment configuration"`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`	`1`	`output "argocd_gitops_config" {`
`2`	`2`	`description = "Configuration used for managing the add-on with ArgoCD"`
`3`		`- value = var.manage_via_gitops ? local.argocd_gitops_config : null`
	`3`	`+ value = var.manage_via_gitops ? { enable = true } : null`
`4`	`4`	`}`