From 1f0032af007197bab7f429c79ae49d975643ab3b Mon Sep 17 00:00:00 2001
From: Frank Carta <fcarta@byteknowledge.com>
Date: Thu, 27 Apr 2023 08:03:20 -0700
Subject: [PATCH] refactor: Refactor csi secrets store provider for v5 addon
 (#144)

Co-authored-by: Frank Carta <fcarta@amazon.com>
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 .pre-commit-config.yaml                       |   2 +-
 README.md                                     |   9 +-
 locals.tf                                     |  15 --
 main.tf                                       | 245 ++++++++++--------
 .../csi-secrets-store-provider-aws/README.md  |  50 ----
 .../csi-secrets-store-provider-aws/main.tf    |  36 ---
 .../csi-secrets-store-provider-aws/outputs.tf |  24 --
 .../variables.tf                              |  28 --
 .../versions.tf                               |  10 -
 modules/helm-addon/README.md                  |  57 ----
 modules/helm-addon/main.tf                    |  81 ------
 modules/helm-addon/outputs.tf                 |  24 --
 modules/helm-addon/variables.tf               |  39 ---
 modules/helm-addon/versions.tf                |  10 -
 modules/irsa/README.md                        |  75 ------
 modules/irsa/main.tf                          |  87 -------
 modules/irsa/outputs.tf                       |  19 --
 modules/irsa/variables.tf                     |  73 ------
 modules/irsa/versions.tf                      |  14 -
 tests/complete/main.tf                        |  39 ++-
 variables.tf                                  |  52 ++--
 21 files changed, 176 insertions(+), 813 deletions(-)
 delete mode 100644 locals.tf
 delete mode 100644 modules/csi-secrets-store-provider-aws/README.md
 delete mode 100644 modules/csi-secrets-store-provider-aws/main.tf
 delete mode 100644 modules/csi-secrets-store-provider-aws/outputs.tf
 delete mode 100644 modules/csi-secrets-store-provider-aws/variables.tf
 delete mode 100644 modules/csi-secrets-store-provider-aws/versions.tf
 delete mode 100644 modules/helm-addon/README.md
 delete mode 100644 modules/helm-addon/main.tf
 delete mode 100644 modules/helm-addon/outputs.tf
 delete mode 100644 modules/helm-addon/variables.tf
 delete mode 100644 modules/helm-addon/versions.tf
 delete mode 100644 modules/irsa/README.md
 delete mode 100644 modules/irsa/main.tf
 delete mode 100644 modules/irsa/outputs.tf
 delete mode 100644 modules/irsa/variables.tf
 delete mode 100644 modules/irsa/versions.tf

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4fb0cb8d..e7873ee3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -10,7 +10,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.2
+    rev: v1.77.3
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
diff --git a/README.md b/README.md
index f431d0b8..9800ab77 100644
--- a/README.md
+++ b/README.md
@@ -38,7 +38,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="module_cloudwatch_metrics"></a> [cloudwatch\_metrics](#module\_cloudwatch\_metrics) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_cluster_autoscaler"></a> [cluster\_autoscaler](#module\_cluster\_autoscaler) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_cluster_proportional_autoscaler"></a> [cluster\_proportional\_autoscaler](#module\_cluster\_proportional\_autoscaler) | ./modules/eks-blueprints-addon | n/a |
-| <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./modules/csi-secrets-store-provider-aws | n/a |
+| <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_efs_csi_driver"></a> [efs\_csi\_driver](#module\_efs\_csi\_driver) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_external_dns"></a> [external\_dns](#module\_external\_dns) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./modules/eks-blueprints-addon | n/a |
@@ -109,7 +109,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes |
 | <a name="input_cluster_proportional_autoscaler"></a> [cluster\_proportional\_autoscaler](#input\_cluster\_proportional\_autoscaler) | Cluster Proportional Autoscaler add-on configurations | `any` | `{}` | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.24`) | `string` | n/a | yes |
-| <a name="input_csi_secrets_store_provider_aws_helm_config"></a> [csi\_secrets\_store\_provider\_aws\_helm\_config](#input\_csi\_secrets\_store\_provider\_aws\_helm\_config) | CSI Secrets Store Provider AWS Helm Configurations | `any` | `null` | no |
+| <a name="input_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#input\_csi\_secrets\_store\_provider\_aws) | CSI Secrets Store Provider add-on configurations | `any` | `{}` | no |
 | <a name="input_efs_csi_driver"></a> [efs\_csi\_driver](#input\_efs\_csi\_driver) | EFS CSI Driver addon configuration values | `any` | `{}` | no |
 | <a name="input_eks_addons"></a> [eks\_addons](#input\_eks\_addons) | Map of EKS addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | `any` | `{}` | no |
 | <a name="input_eks_addons_timeouts"></a> [eks\_addons\_timeouts](#input\_eks\_addons\_timeouts) | Create, update, and delete timeout configurations for the EKS addons | `map(string)` | `{}` | no |
@@ -124,6 +124,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_enable_cloudwatch_metrics"></a> [enable\_cloudwatch\_metrics](#input\_enable\_cloudwatch\_metrics) | Enable AWS Cloudwatch Metrics add-on for Container Insights | `bool` | `false` | no |
 | <a name="input_enable_cluster_autoscaler"></a> [enable\_cluster\_autoscaler](#input\_enable\_cluster\_autoscaler) | Enable Cluster autoscaler add-on | `bool` | `false` | no |
 | <a name="input_enable_cluster_proportional_autoscaler"></a> [enable\_cluster\_proportional\_autoscaler](#input\_enable\_cluster\_proportional\_autoscaler) | Enable Cluster Proportional Autoscaler | `bool` | `false` | no |
+| <a name="input_enable_csi_secrets_store_provider_aws"></a> [enable\_csi\_secrets\_store\_provider\_aws](#input\_enable\_csi\_secrets\_store\_provider\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |
 | <a name="input_enable_efs_csi_driver"></a> [enable\_efs\_csi\_driver](#input\_enable\_efs\_csi\_driver) | Enable AWS EFS CSI Driver add-on | `bool` | `false` | no |
 | <a name="input_enable_external_dns"></a> [enable\_external\_dns](#input\_enable\_external\_dns) | Enable external-dns operator add-on | `bool` | `false` | no |
 | <a name="input_enable_external_secrets"></a> [enable\_external\_secrets](#input\_enable\_external\_secrets) | Enable External Secrets operator add-on | `bool` | `false` | no |
@@ -135,7 +136,6 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_enable_kube_prometheus_stack"></a> [enable\_kube\_prometheus\_stack](#input\_enable\_kube\_prometheus\_stack) | Enable Kube Prometheus Stack | `bool` | `false` | no |
 | <a name="input_enable_metrics_server"></a> [enable\_metrics\_server](#input\_enable\_metrics\_server) | Enable metrics server add-on | `bool` | `false` | no |
 | <a name="input_enable_secrets_store_csi_driver"></a> [enable\_secrets\_store\_csi\_driver](#input\_enable\_secrets\_store\_csi\_driver) | Enable CSI Secrets Store Provider | `bool` | `false` | no |
-| <a name="input_enable_secrets_store_csi_driver_provider_aws"></a> [enable\_secrets\_store\_csi\_driver\_provider\_aws](#input\_enable\_secrets\_store\_csi\_driver\_provider\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |
 | <a name="input_enable_velero"></a> [enable\_velero](#input\_enable\_velero) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
 | <a name="input_enable_vpa"></a> [enable\_vpa](#input\_enable\_vpa) | Enable Vertical Pod Autoscaler add-on | `bool` | `false` | no |
 | <a name="input_external_dns"></a> [external\_dns](#input\_external\_dns) | external-dns addon configuration values | `any` | `{}` | no |
@@ -149,15 +149,12 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_fsx_csi_driver"></a> [fsx\_csi\_driver](#input\_fsx\_csi\_driver) | FSX CSI Driver addon configuration values | `any` | `{}` | no |
 | <a name="input_gatekeeper"></a> [gatekeeper](#input\_gatekeeper) | Gatekeeper add-on configuration | `bool` | `false` | no |
 | <a name="input_ingress_nginx"></a> [ingress\_nginx](#input\_ingress\_nginx) | Ingress Nginx add-on configurations | `any` | `{}` | no |
-| <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `""` | no |
-| <a name="input_irsa_iam_role_path"></a> [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
 | <a name="input_karpenter"></a> [karpenter](#input\_karpenter) | Karpenter addon configuration values | `any` | `{}` | no |
 | <a name="input_karpenter_enable_spot_termination"></a> [karpenter\_enable\_spot\_termination](#input\_karpenter\_enable\_spot\_termination) | Determines whether to enable native node termination handling | `bool` | `true` | no |
 | <a name="input_karpenter_instance_profile"></a> [karpenter\_instance\_profile](#input\_karpenter\_instance\_profile) | Karpenter instance profile configuration values | `any` | `{}` | no |
 | <a name="input_karpenter_sqs"></a> [karpenter\_sqs](#input\_karpenter\_sqs) | Karpenter SQS queue for native node termination handling configuration values | `any` | `{}` | no |
 | <a name="input_kube_prometheus_stack"></a> [kube\_prometheus\_stack](#input\_kube\_prometheus\_stack) | Kube Prometheus Stack add-on configurations | `any` | `{}` | no |
 | <a name="input_metrics_server"></a> [metrics\_server](#input\_metrics\_server) | Metrics Server add-on configurations | `any` | `{}` | no |
-| <a name="input_oidc_provider"></a> [oidc\_provider](#input\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | `string` | n/a | yes |
 | <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the cluster OIDC Provider | `string` | n/a | yes |
 | <a name="input_secrets_store_csi_driver"></a> [secrets\_store\_csi\_driver](#input\_secrets\_store\_csi\_driver) | CSI Secrets Store Provider add-on configurations | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
diff --git a/locals.tf b/locals.tf
deleted file mode 100644
index 82c4b1dc..00000000
--- a/locals.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-locals {
-  addon_context = {
-    aws_caller_identity_account_id = local.account_id
-    aws_caller_identity_arn        = data.aws_caller_identity.current.arn
-    aws_partition_id               = local.partition
-    aws_region_name                = local.region
-    aws_eks_cluster_endpoint       = var.cluster_endpoint
-    eks_cluster_id                 = var.cluster_name
-    eks_oidc_issuer_url            = var.oidc_provider
-    eks_oidc_provider_arn          = var.oidc_provider_arn
-    tags                           = var.tags
-    irsa_iam_role_path             = var.irsa_iam_role_path
-    irsa_iam_permissions_boundary  = var.irsa_iam_permissions_boundary
-  }
-}
diff --git a/main.tf b/main.tf
index e0102f73..eea5852f 100644
--- a/main.tf
+++ b/main.tf
@@ -354,9 +354,6 @@ module "argo_rollouts" {
 ################################################################################
 # ArgoCD
 ################################################################################
-locals {
-  argocd_name = "argo-cd"
-}
 
 module "argocd" {
   # source = "aws-ia/eks-blueprints-addon/aws"
@@ -366,11 +363,11 @@ module "argocd" {
 
   # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/Chart.yaml
   # (there is no offical helm chart for argocd)
-  name             = try(var.argocd.name, local.argocd_name)
+  name             = try(var.argocd.name, "argo-cd")
   description      = try(var.argocd.description, "A Helm chart to install the ArgoCD")
   namespace        = try(var.argocd.namespace, "argocd")
   create_namespace = try(var.argocd.create_namespace, true)
-  chart            = local.argocd_name
+  chart            = "argo-cd"
   chart_version    = try(var.argocd.chart_version, "5.29.1")
   repository       = try(var.argocd.repository, "https://argoproj.github.io/argo-helm")
   values           = try(var.argocd.values, [])
@@ -467,8 +464,7 @@ module "argo_workflows" {
 
 locals {
   cert_manager_service_account = try(var.cert_manager.service_account_name, "cert-manager")
-
-  create_cert_manager_irsa = var.enable_cert_manager && length(var.cert_manager_route53_hosted_zone_arns) > 0
+  create_cert_manager_irsa     = var.enable_cert_manager && length(var.cert_manager_route53_hosted_zone_arns) > 0
 }
 
 data "aws_iam_policy_document" "cert_manager" {
@@ -1104,8 +1100,7 @@ module "external_dns" {
 ################################################################################
 
 locals {
-  aws_load_balancer_controller_name            = "aws-load-balancer-controller"
-  aws_load_balancer_controller_service_account = try(var.aws_load_balancer_controller.service_account_name, "${local.aws_load_balancer_controller_name}-sa")
+  aws_load_balancer_controller_service_account = try(var.aws_load_balancer_controller.service_account_name, "aws-load-balancer-controller-sa")
 }
 
 data "aws_iam_policy_document" "aws_load_balancer_controller" {
@@ -1394,12 +1389,12 @@ module "aws_load_balancer_controller" {
   create = var.enable_aws_load_balancer_controller
 
   # https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
-  name        = try(var.aws_load_balancer_controller.name, local.aws_load_balancer_controller_name)
+  name        = try(var.aws_load_balancer_controller.name, "aws-load-balancer-controller")
   description = try(var.aws_load_balancer_controller.description, "A Helm chart to deploy aws-load-balancer-controller for ingress resources")
   namespace   = try(var.aws_load_balancer_controller.namespace, "kube-system")
   # namespace creation is false here as kube-system already exists by default
   create_namespace = try(var.aws_load_balancer_controller.create_namespace, false)
-  chart            = local.aws_load_balancer_controller_name
+  chart            = "aws-load-balancer-controller"
   chart_version    = try(var.aws_load_balancer_controller.chart_version, "1.4.8")
   repository       = try(var.aws_load_balancer_controller.repository, "https://aws.github.io/eks-charts")
   values           = try(var.aws_load_balancer_controller.values, [])
@@ -1641,7 +1636,6 @@ locals {
 data "aws_iam_policy_document" "fsx_csi_driver" {
   statement {
     sid       = "AllowCreateServiceLinkedRoles"
-    effect    = "Allow"
     resources = ["arn:${local.partition}:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.${local.dns_suffix}/*"]
 
     actions = [
@@ -1653,7 +1647,6 @@ data "aws_iam_policy_document" "fsx_csi_driver" {
 
   statement {
     sid       = "AllowCreateServiceLinkedRole"
-    effect    = "Allow"
     resources = ["arn:${local.partition}:iam::${local.account_id}:role/*"]
     actions   = ["iam:CreateServiceLinkedRole"]
 
@@ -1666,19 +1659,14 @@ data "aws_iam_policy_document" "fsx_csi_driver" {
 
   statement {
     sid       = "AllowListBuckets"
-    effect    = "Allow"
     resources = ["arn:${local.partition}:s3:::*"]
-
     actions = [
       "s3:ListBucket"
     ]
   }
 
   statement {
-    sid       = ""
-    effect    = "Allow"
     resources = ["arn:${local.partition}:fsx:${local.region}:${local.account_id}:file-system/*"]
-
     actions = [
       "fsx:CreateFileSystem",
       "fsx:DeleteFileSystem",
@@ -1687,10 +1675,7 @@ data "aws_iam_policy_document" "fsx_csi_driver" {
   }
 
   statement {
-    sid       = ""
-    effect    = "Allow"
     resources = ["arn:${local.partition}:fsx:${local.region}:${local.account_id}:*"]
-
     actions = [
       "fsx:DescribeFileSystems",
       "fsx:TagResource"
@@ -2055,10 +2040,6 @@ module "karpenter" {
 # Secrets Store CSI Driver
 ################################################################################
 
-locals {
-  secrets_store_csi_driver_name = "secrets-store-csi-driver"
-}
-
 module "secrets_store_csi_driver" {
   # source = "aws-ia/eks-blueprints-addon/aws"
   source = "./modules/eks-blueprints-addon"
@@ -2066,11 +2047,11 @@ module "secrets_store_csi_driver" {
   create = var.enable_secrets_store_csi_driver
 
   # https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/Chart.yaml
-  name             = try(var.secrets_store_csi_driver.name, local.secrets_store_csi_driver_name)
+  name             = try(var.secrets_store_csi_driver.name, "secrets-store-csi-driver")
   description      = try(var.secrets_store_csi_driver.description, "A Helm chart to install the Secrets Store CSI Driver")
   namespace        = try(var.secrets_store_csi_driver.namespace, "kube-system")
   create_namespace = try(var.secrets_store_csi_driver.create_namespace, false)
-  chart            = local.secrets_store_csi_driver_name
+  chart            = "secrets-store-csi-driver"
   chart_version    = try(var.secrets_store_csi_driver.chart_version, "1.3.2")
   repository       = try(var.secrets_store_csi_driver.repository, "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts")
   values           = try(var.secrets_store_csi_driver.values, [])
@@ -2108,13 +2089,76 @@ module "secrets_store_csi_driver" {
   tags = var.tags
 }
 
+################################################################################
+# CSI Secrets Store Provider AWS
+################################################################################
+
+locals {
+  csi_secrets_store_provider_aws_service_account = try(var.csi_secrets_store_provider_aws.service_account_name, "secrets-store-csi-driver-provider-aws-sa")
+}
+
+module "csi_secrets_store_provider_aws" {
+
+  # source = "aws-ia/eks-blueprints-addon/aws"
+  source = "./modules/eks-blueprints-addon"
+
+  create = var.enable_csi_secrets_store_provider_aws
+
+  # https://github.com/aws/eks-charts/blob/master/stable/csi-secrets-store-provider-aws/Chart.yaml
+  name             = try(var.csi_secrets_store_provider_aws.name, "secrets-store-csi-driver-provider-aws")
+  description      = try(var.csi_secrets_store_provider_aws.description, "A Helm chart to install the Secrets Store CSI Driver and the AWS Key Management Service Provider inside a Kubernetes cluster.")
+  namespace        = try(var.csi_secrets_store_provider_aws.namespace, "kube-system")
+  create_namespace = try(var.csi_secrets_store_provider_aws.create_namespace, false)
+  chart            = "secrets-store-csi-driver-provider-aws"
+  chart_version    = try(var.csi_secrets_store_provider_aws.chart_version, "0.3.2")
+  repository       = try(var.csi_secrets_store_provider_aws.repository, "https://aws.github.io/secrets-store-csi-driver-provider-aws")
+  values           = try(var.csi_secrets_store_provider_aws.values, [])
+
+  timeout                    = try(var.csi_secrets_store_provider_aws.timeout, null)
+  repository_key_file        = try(var.csi_secrets_store_provider_aws.repository_key_file, null)
+  repository_cert_file       = try(var.csi_secrets_store_provider_aws.repository_cert_file, null)
+  repository_ca_file         = try(var.csi_secrets_store_provider_aws.repository_ca_file, null)
+  repository_username        = try(var.csi_secrets_store_provider_aws.repository_username, null)
+  repository_password        = try(var.csi_secrets_store_provider_aws.repository_password, null)
+  devel                      = try(var.csi_secrets_store_provider_aws.devel, null)
+  verify                     = try(var.csi_secrets_store_provider_aws.verify, null)
+  keyring                    = try(var.csi_secrets_store_provider_aws.keyring, null)
+  disable_webhooks           = try(var.csi_secrets_store_provider_aws.disable_webhooks, null)
+  reuse_values               = try(var.csi_secrets_store_provider_aws.reuse_values, null)
+  reset_values               = try(var.csi_secrets_store_provider_aws.reset_values, null)
+  force_update               = try(var.csi_secrets_store_provider_aws.force_update, null)
+  recreate_pods              = try(var.csi_secrets_store_provider_aws.recreate_pods, null)
+  cleanup_on_fail            = try(var.csi_secrets_store_provider_aws.cleanup_on_fail, null)
+  max_history                = try(var.csi_secrets_store_provider_aws.max_history, null)
+  atomic                     = try(var.csi_secrets_store_provider_aws.atomic, null)
+  skip_crds                  = try(var.csi_secrets_store_provider_aws.skip_crds, null)
+  render_subchart_notes      = try(var.csi_secrets_store_provider_aws.render_subchart_notes, null)
+  disable_openapi_validation = try(var.csi_secrets_store_provider_aws.disable_openapi_validation, null)
+  wait                       = try(var.csi_secrets_store_provider_aws.wait, null)
+  wait_for_jobs              = try(var.csi_secrets_store_provider_aws.wait_for_jobs, null)
+  dependency_update          = try(var.csi_secrets_store_provider_aws.dependency_update, null)
+  replace                    = try(var.csi_secrets_store_provider_aws.replace, null)
+  lint                       = try(var.csi_secrets_store_provider_aws.lint, null)
+
+  postrender = try(var.csi_secrets_store_provider_aws.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.csi_secrets_store_provider_aws_service_account
+    }],
+    try(var.csi_secrets_store_provider_aws.set, [])
+  )
+  set_sensitive = try(var.csi_secrets_store_provider_aws.set_sensitive, [])
+
+  tags = var.tags
+}
+
 ################################################################################
 # AWS for Fluent-bit
 ################################################################################
 
 locals {
-  aws_for_fluentbit_name            = "aws-for-fluent-bit"
-  aws_for_fluentbit_service_account = try(var.aws_for_fluentbit.service_account_name, "${local.aws_for_fluentbit_name}-sa")
+  aws_for_fluentbit_service_account = try(var.aws_for_fluentbit.service_account_name, "aws-for-fluent-bit-sa")
 }
 
 module "aws_for_fluentbit" {
@@ -2125,7 +2169,7 @@ module "aws_for_fluentbit" {
 
   # https://github.com/aws/eks-charts/blob/master/stable/aws-for-fluent-bit/Chart.yaml
 
-  name             = try(var.aws_for_fluentbit.name, local.aws_for_fluentbit_name)
+  name             = try(var.aws_for_fluentbit.name, "aws-for-fluent-bit")
   description      = try(var.aws_for_fluentbit.description, "A Helm chart to install the Fluent-bit Driver")
   namespace        = try(var.aws_for_fluentbit.namespace, "kube-system")
   create_namespace = try(var.aws_for_fluentbit.create_namespace, false)
@@ -2217,13 +2261,13 @@ resource "aws_cloudwatch_log_group" "aws_for_fluentbit" {
 
 data "aws_iam_policy_document" "aws_for_fluentbit" {
   count = try(var.aws_for_fluentbit_cw_log_group.create, true) && var.enable_aws_for_fluentbit ? 1 : 0
+
   statement {
     sid    = "PutLogEvents"
     effect = "Allow"
     resources = [
-      try("arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${var.aws_for_fluentbit_cw_log_group.name}:log-stream:*",
-        "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:*:log-stream:*"
-    )]
+      "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}:log-stream:*",
+    ]
 
     actions = [
       "logs:PutLogEvents"
@@ -2234,9 +2278,8 @@ data "aws_iam_policy_document" "aws_for_fluentbit" {
     sid    = "CreateCWLogs"
     effect = "Allow"
     resources = [
-      try("arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${var.aws_for_fluentbit_cw_log_group.name}",
-        "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:*"
-    )]
+      "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}",
+    ]
 
     actions = [
       "logs:CreateLogGroup",
@@ -2253,8 +2296,7 @@ data "aws_iam_policy_document" "aws_for_fluentbit" {
 ################################################################################
 
 locals {
-  aws_privateca_issuer_name            = "aws-privateca-issuer"
-  aws_privateca_issuer_service_account = try(var.aws_privateca_issuer.service_account_name, "${local.aws_privateca_issuer_name}-sa")
+  aws_privateca_issuer_service_account = try(var.aws_privateca_issuer.service_account_name, "aws-privateca-issuer-sa")
 }
 
 data "aws_iam_policy_document" "aws_privateca_issuer" {
@@ -2280,7 +2322,7 @@ module "aws_privateca_issuer" {
   create = var.enable_aws_privateca_issuer
 
   # https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/Chart.yaml
-  name             = try(var.aws_privateca_issuer.name, local.secrets_store_csi_driver_name)
+  name             = try(var.aws_privateca_issuer.name, "aws-privateca-issuer")
   description      = try(var.aws_privateca_issuer.description, "A Helm chart to install the AWS Private CA Issuer")
   namespace        = try(var.aws_privateca_issuer.namespace, "kube-system")
   create_namespace = try(var.aws_privateca_issuer.create_namespace, false)
@@ -2361,10 +2403,6 @@ module "aws_privateca_issuer" {
 # Metrics Server
 ################################################################################
 
-locals {
-  metrics_server_name = "metrics-server"
-}
-
 module "metrics_server" {
   # source = "aws-ia/eks-blueprints-addon/aws"
   source = "./modules/eks-blueprints-addon"
@@ -2372,7 +2410,7 @@ module "metrics_server" {
   create = var.enable_metrics_server
 
   # https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/Chart.yaml
-  name             = try(var.metrics_server.name, local.metrics_server_name)
+  name             = try(var.metrics_server.name, "metrics-server")
   description      = try(var.metrics_server.description, "A Helm chart to install the Metrics Server")
   namespace        = try(var.metrics_server.namespace, "kube-system")
   create_namespace = try(var.metrics_server.create_namespace, false)
@@ -2418,10 +2456,6 @@ module "metrics_server" {
 # Ingress Nginx
 ################################################################################
 
-locals {
-  ingress_nginx_name = "ingress-nginx"
-}
-
 module "ingress_nginx" {
   # source = "aws-ia/eks-blueprints-addon/aws"
   source = "./modules/eks-blueprints-addon"
@@ -2429,11 +2463,11 @@ module "ingress_nginx" {
   create = var.enable_ingress_nginx
 
   # https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml
-  name             = try(var.ingress_nginx.name, local.ingress_nginx_name)
+  name             = try(var.ingress_nginx.name, "ingress-nginx")
   description      = try(var.ingress_nginx.description, "A Helm chart to install the Ingress Nginx")
   namespace        = try(var.ingress_nginx.namespace, "ingress-nginx")
   create_namespace = try(var.ingress_nginx.create_namespace, true)
-  chart            = local.ingress_nginx_name
+  chart            = "ingress-nginx"
   chart_version    = try(var.ingress_nginx.chart_version, "4.6.0")
   repository       = try(var.ingress_nginx.repository, "https://kubernetes.github.io/ingress-nginx")
   values           = try(var.ingress_nginx.values, [])
@@ -2475,10 +2509,6 @@ module "ingress_nginx" {
 # Cluster Proportional Autoscaler
 ################################################################################
 
-locals {
-  cluster_proportional_autoscaler_name = "cluster-proportional-autoscaler"
-}
-
 module "cluster_proportional_autoscaler" {
   # source = "aws-ia/eks-blueprints-addon/aws"
   source = "./modules/eks-blueprints-addon"
@@ -2486,11 +2516,11 @@ module "cluster_proportional_autoscaler" {
   create = var.enable_cluster_proportional_autoscaler
 
   # https://github.com/kubernetes-sigs/cluster-proportional-autoscaler/blob/master/charts/cluster-proportional-autoscaler/Chart.yaml
-  name             = try(var.cluster_proportional_autoscaler.name, local.cluster_proportional_autoscaler_name)
+  name             = try(var.cluster_proportional_autoscaler.name, "cluster-proportional-autoscaler")
   description      = try(var.cluster_proportional_autoscaler.description, "A Helm chart to install the Cluster Proportional Autoscaler")
   namespace        = try(var.cluster_proportional_autoscaler.namespace, "kube-system")
   create_namespace = try(var.cluster_proportional_autoscaler.create_namespace, false)
-  chart            = local.cluster_proportional_autoscaler_name
+  chart            = "cluster-proportional-autoscaler"
   chart_version    = try(var.cluster_proportional_autoscaler.chart_version, "1.1.0")
   repository       = try(var.cluster_proportional_autoscaler.repository, "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler")
   values           = try(var.cluster_proportional_autoscaler.values, [])
@@ -2532,10 +2562,6 @@ module "cluster_proportional_autoscaler" {
 # Kube Prometheus stack
 ################################################################################
 
-locals {
-  kube_prometheus_stack_name = "kube-prometheus-stack"
-}
-
 # During destroy CRDs created by this chart are not removed by default and
 # should be manually cleaned up:
 # kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
@@ -2553,11 +2579,11 @@ module "kube_prometheus_stack" {
   create = var.enable_kube_prometheus_stack
 
   # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/Chart.yaml
-  name             = try(var.kube_prometheus_stack.name, local.kube_prometheus_stack_name)
+  name             = try(var.kube_prometheus_stack.name, "kube-prometheus-stack")
   description      = try(var.kube_prometheus_stack.description, "A Helm chart to install the Kube Prometheus Stack")
   namespace        = try(var.kube_prometheus_stack.namespace, "kube-prometheus-stack")
   create_namespace = try(var.kube_prometheus_stack.create_namespace, true)
-  chart            = local.kube_prometheus_stack_name
+  chart            = "kube-prometheus-stack"
   chart_version    = try(var.kube_prometheus_stack.chart_version, "45.10.1")
   repository       = try(var.kube_prometheus_stack.repository, "https://prometheus-community.github.io/helm-charts")
   values           = try(var.kube_prometheus_stack.values, [])
@@ -2599,10 +2625,6 @@ module "kube_prometheus_stack" {
 # Gatekeeper
 ################################################################################
 
-locals {
-  gatekeeper_name = "gatekeeper"
-}
-
 module "gatekeeper" {
   # source = "aws-ia/eks-blueprints-addon/aws"
   source = "./modules/eks-blueprints-addon"
@@ -2610,11 +2632,11 @@ module "gatekeeper" {
   create = var.enable_gatekeeper
 
   # https://github.com/open-policy-agent/gatekeeper/blob/master/charts/gatekeeper/Chart.yaml
-  name             = try(var.gatekeeper.name, local.cluster_proportional_autoscaler_name)
+  name             = try(var.gatekeeper.name, "gatekeeper")
   description      = try(var.gatekeeper.description, "A Helm chart to install Gatekeeper")
   namespace        = try(var.gatekeeper.namespace, "gatekeeper-system")
   create_namespace = try(var.gatekeeper.create_namespace, true)
-  chart            = local.gatekeeper_name
+  chart            = "gatekeeper"
   chart_version    = try(var.gatekeeper.chart_version, "3.12.0")
   repository       = try(var.gatekeeper.repository, "https://open-policy-agent.github.io/gatekeeper/charts")
   values           = try(var.gatekeeper.values, [])
@@ -2655,9 +2677,6 @@ module "gatekeeper" {
 ################################################################################
 # Vertical Pod Autoscaler
 ################################################################################
-locals {
-  vpa_name = "vpa"
-}
 
 module "vpa" {
   # source = "aws-ia/eks-blueprints-addon/aws"
@@ -2667,11 +2686,11 @@ module "vpa" {
 
   # https://github.com/FairwindsOps/charts/blob/master/stable/vpa/Chart.yaml
   # (there is no offical helm chart for VPA)
-  name             = try(var.vpa.name, local.vpa_name)
+  name             = try(var.vpa.name, "vpa")
   description      = try(var.vpa.description, "A Helm chart to install the Vertical Pod Autoscaler")
   namespace        = try(var.vpa.namespace, "vpa")
   create_namespace = try(var.vpa.create_namespace, true)
-  chart            = local.vpa_name
+  chart            = "vpa"
   chart_version    = try(var.vpa.chart_version, "1.7.2")
   repository       = try(var.vpa.repository, "https://charts.fairwinds.com/stable")
   values           = try(var.vpa.values, [])
@@ -2712,9 +2731,9 @@ module "vpa" {
 ################################################################################
 # Velero
 ################################################################################
+
 locals {
-  velero_name                    = "velero"
-  velero_service_account         = try(var.velero.service_account_name, "${local.velero_name}-sa")
+  velero_service_account         = try(var.velero.service_account_name, "velero-sa")
   velero_backup_s3_bucket        = split(":", var.velero.s3_bucket_arn)
   velero_backup_s3_bucket_name   = split("/", local.velero_backup_s3_bucket[5])
   velero_backup_s3_bucket_prefix = split("/", var.velero.s3_bucket_arn)
@@ -2770,7 +2789,7 @@ module "velero" {
   create = var.enable_velero
 
   # https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/Chart.yaml
-  name             = try(var.velero.name, local.velero_name)
+  name             = try(var.velero.name, "velero")
   description      = try(var.velero.description, "A Helm chart to install the Velero")
   namespace        = try(var.velero.namespace, "velero")
   create_namespace = try(var.velero.create_namespace, true)
@@ -2881,6 +2900,7 @@ module "velero" {
 ################################################################################
 # Fargate Fluentbit
 ################################################################################
+
 resource "aws_cloudwatch_log_group" "fargate_fluentbit" {
   count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
 
@@ -2896,6 +2916,7 @@ resource "aws_cloudwatch_log_group" "fargate_fluentbit" {
 # https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
 resource "kubernetes_namespace_v1" "aws_observability" {
   count = var.enable_fargate_fluentbit ? 1 : 0
+
   metadata {
     name = "aws-observability"
 
@@ -2908,52 +2929,50 @@ resource "kubernetes_namespace_v1" "aws_observability" {
 # fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging
 resource "kubernetes_config_map_v1" "aws_logging" {
   count = var.enable_fargate_fluentbit ? 1 : 0
+
   metadata {
     name      = "aws-logging"
     namespace = kubernetes_namespace_v1.aws_observability[0].id
   }
 
   data = {
-    "parsers.conf" = try(var.fargate_fluentbit.parsers_conf, <<-EOT
-    [PARSER]
-      Name regex
-      Format regex
-      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
-      Time_Key time
-      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
-      Time_Keep On
-      Decode_Field_As json message
-    EOT
+    "parsers.conf" = try(
+      var.fargate_fluentbit.parsers_conf,
+      <<-EOT
+        [PARSER]
+          Name regex
+          Format regex
+          Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
+          Time_Key time
+          Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+          Time_Keep On
+          Decode_Field_As json message
+      EOT
     )
-    "filters.conf" = try(var.fargate_fluentbit.filters_conf, <<-EOT
-      [FILTER]
-      Name parser
-      Match *
-      Key_Name log
-      Parser regex
-      Preserve_Key True
-      Reserve_Data True
-    EOT
+    "filters.conf" = try(
+      var.fargate_fluentbit.filters_conf,
+      <<-EOT
+        [FILTER]
+          Name parser
+          Match *
+          Key_Name log
+          Parser regex
+          Preserve_Key True
+          Reserve_Data True
+      EOT
     )
-    "output.conf" = try(var.fargate_fluentbit.output_conf, <<-EOT
-    [OUTPUT]
-      Name cloudwatch_logs
-      Match *
-      region ${local.region}
-      log_group_name ${try(var.fargate_fluentbit.cwlog_group, aws_cloudwatch_log_group.fargate_fluentbit[0].name)}
-      log_stream_prefix ${try(var.fargate_fluentbit.cwlog_stream_prefix, "fargate-logs-")}
-      auto_create_group true
-    EOT
+    "output.conf" = try(
+      var.fargate_fluentbit.output_conf,
+      <<-EOT
+        [OUTPUT]
+          Name cloudwatch_logs
+          Match *
+          region ${local.region}
+          log_group_name ${try(var.fargate_fluentbit.cwlog_group, aws_cloudwatch_log_group.fargate_fluentbit[0].name)}
+          log_stream_prefix ${try(var.fargate_fluentbit.cwlog_stream_prefix, "fargate-logs-")}
+          auto_create_group true
+      EOT
     )
     "flb_log_cw" = try(var.fargate_fluentbit.flb_log_cw, false)
   }
 }
-
-#-----------------Kubernetes Add-ons----------------------
-
-module "csi_secrets_store_provider_aws" {
-  count         = var.enable_secrets_store_csi_driver_provider_aws ? 1 : 0
-  source        = "./modules/csi-secrets-store-provider-aws"
-  helm_config   = var.csi_secrets_store_provider_aws_helm_config
-  addon_context = local.addon_context
-}
diff --git a/modules/csi-secrets-store-provider-aws/README.md b/modules/csi-secrets-store-provider-aws/README.md
deleted file mode 100644
index 34f0950c..00000000
--- a/modules/csi-secrets-store-provider-aws/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# CSI Secrets Store Provider Helm Chart
-
-# Introduction
-
-AWS Secrets Manager and Config Provider for Secret Store CSI Driver allows you to get secret contents stored in AWS Key Management Service instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
-
-# Helm Chart
-
-### Instructions to use the Helm Chart
-
-See the [csi-secrets-store-provider-aws](https://github.com/aws/eks-charts/tree/master/stable/csi-secrets-store-provider-aws).
-
-<!--- BEGIN_TF_DOCS --->
-## Requirements
-
-[Secrets Store CSI Driver](https://secrets-store-csi-driver.sigs.k8s.io/getting-started/installation.html) to be provisioned.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace.csi_secrets_store_provider_aws](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Cluster Autoscaler Helm Config | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-
-<!--- END_TF_DOCS --->
diff --git a/modules/csi-secrets-store-provider-aws/main.tf b/modules/csi-secrets-store-provider-aws/main.tf
deleted file mode 100644
index 3cc21a55..00000000
--- a/modules/csi-secrets-store-provider-aws/main.tf
+++ /dev/null
@@ -1,36 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "secrets-store-csi-driver-provider-aws")
-  namespace = try(var.helm_config.namespace, "kube-system")
-}
-
-resource "kubernetes_namespace_v1" "csi_secrets_store_provider_aws" {
-  count = local.namespace == "kube-system" ? 0 : 1
-
-  metadata {
-    name = local.namespace
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/aws/eks-charts/blob/master/stable/csi-secrets-store-provider-aws/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://aws.github.io/secrets-store-csi-driver-provider-aws"
-      version     = "0.3.1"
-      namespace   = local.namespace
-      description = "A Helm chart to install the Secrets Store CSI Driver and the AWS Key Management Service Provider inside a Kubernetes cluster."
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-
-  depends_on = [
-    kubernetes_namespace_v1.csi_secrets_store_provider_aws,
-  ]
-}
diff --git a/modules/csi-secrets-store-provider-aws/outputs.tf b/modules/csi-secrets-store-provider-aws/outputs.tf
deleted file mode 100644
index 4d3d2c65..00000000
--- a/modules/csi-secrets-store-provider-aws/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/csi-secrets-store-provider-aws/variables.tf b/modules/csi-secrets-store-provider-aws/variables.tf
deleted file mode 100644
index 619698f9..00000000
--- a/modules/csi-secrets-store-provider-aws/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "CSI Secrets Store Provider AWS Helm Configurations"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/csi-secrets-store-provider-aws/versions.tf b/modules/csi-secrets-store-provider-aws/versions.tf
deleted file mode 100644
index 55fba733..00000000
--- a/modules/csi-secrets-store-provider-aws/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/helm-addon/README.md b/modules/helm-addon/README.md
deleted file mode 100644
index d5021ae5..00000000
--- a/modules/helm-addon/README.md
+++ /dev/null
@@ -1,57 +0,0 @@
-# Helm AddOn
-
-## Introduction
-
-Helm Addon module can be used to provision a generic Helm Chart as an Add-On for an EKS cluster provisioned using the EKS Blueprints. This module does the following:
-
-1. Create an IAM role for Service Accounts with the provided configuration for the [`irsa`](./../../irsa) module.
-2. If `manage_via_gitops` is set to `false`, provision the helm chart for the add-on based on the configuration provided for the `helm_config` as defined in the [helm provider](https://registry.terraform.io/providers/hashicorp/helm/latest/docs) documentation.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.4.1 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_irsa"></a> [irsa](#module\_irsa) | ../irsa | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [helm_release.addon](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | `any` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs | `any` | n/a | yes |
-| <a name="input_irsa_config"></a> [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | `any` | `{}` | no |
-| <a name="input_irsa_iam_role_name"></a> [irsa\_iam\_role\_name](#input\_irsa\_iam\_role\_name) | IAM role name for IRSA | `string` | `""` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-| <a name="input_set_sensitive_values"></a> [set\_sensitive\_values](#input\_set\_sensitive\_values) | Forced set\_sensitive values | `any` | `[]` | no |
-| <a name="input_set_values"></a> [set\_values](#input\_set\_values) | Forced set values | `any` | `[]` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_helm_release"></a> [helm\_release](#output\_helm\_release) | Map of attributes of the Helm release created without sensitive outputs |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/helm-addon/main.tf b/modules/helm-addon/main.tf
deleted file mode 100644
index 72be4a3a..00000000
--- a/modules/helm-addon/main.tf
+++ /dev/null
@@ -1,81 +0,0 @@
-resource "helm_release" "addon" {
-  count                      = var.manage_via_gitops ? 0 : 1
-  name                       = var.helm_config["name"]
-  repository                 = try(var.helm_config["repository"], null)
-  chart                      = var.helm_config["chart"]
-  version                    = try(var.helm_config["version"], null)
-  timeout                    = try(var.helm_config["timeout"], 180)
-  values                     = try(var.helm_config["values"], null)
-  create_namespace           = length(var.irsa_config) > 0 ? false : try(var.helm_config["create_namespace"], false)
-  namespace                  = var.helm_config["namespace"]
-  lint                       = try(var.helm_config["lint"], false)
-  description                = try(var.helm_config["description"], "")
-  repository_key_file        = try(var.helm_config["repository_key_file"], "")
-  repository_cert_file       = try(var.helm_config["repository_cert_file"], "")
-  repository_username        = try(var.helm_config["repository_username"], "")
-  repository_password        = try(var.helm_config["repository_password"], "")
-  verify                     = try(var.helm_config["verify"], false)
-  keyring                    = try(var.helm_config["keyring"], "")
-  disable_webhooks           = try(var.helm_config["disable_webhooks"], false)
-  reuse_values               = try(var.helm_config["reuse_values"], false)
-  reset_values               = try(var.helm_config["reset_values"], false)
-  force_update               = try(var.helm_config["force_update"], false)
-  recreate_pods              = try(var.helm_config["recreate_pods"], false)
-  cleanup_on_fail            = try(var.helm_config["cleanup_on_fail"], false)
-  max_history                = try(var.helm_config["max_history"], 0)
-  atomic                     = try(var.helm_config["atomic"], false)
-  skip_crds                  = try(var.helm_config["skip_crds"], false)
-  render_subchart_notes      = try(var.helm_config["render_subchart_notes"], true)
-  disable_openapi_validation = try(var.helm_config["disable_openapi_validation"], false)
-  wait                       = try(var.helm_config["wait"], true)
-  wait_for_jobs              = try(var.helm_config["wait_for_jobs"], false)
-  dependency_update          = try(var.helm_config["dependency_update"], false)
-  replace                    = try(var.helm_config["replace"], false)
-
-  postrender {
-    binary_path = try(var.helm_config["postrender"], "")
-  }
-
-  dynamic "set" {
-    iterator = each_item
-    for_each = try(var.helm_config["set"], null) != null ? distinct(concat(var.set_values, var.helm_config["set"])) : var.set_values
-
-    content {
-      name  = each_item.value.name
-      value = each_item.value.value
-      type  = try(each_item.value.type, null)
-    }
-  }
-
-  dynamic "set_sensitive" {
-    iterator = each_item
-    for_each = try(var.helm_config["set_sensitive"], null) != null ? concat(var.helm_config["set_sensitive"], var.set_sensitive_values) : var.set_sensitive_values
-
-    content {
-      name  = each_item.value.name
-      value = each_item.value.value
-      type  = try(each_item.value.type, null)
-    }
-  }
-  depends_on = [module.irsa]
-}
-
-module "irsa" {
-  source = "../irsa"
-
-  count = length(var.irsa_config) > 0 ? 1 : 0
-
-  create_kubernetes_namespace         = try(var.irsa_config.create_kubernetes_namespace, true)
-  create_kubernetes_service_account   = try(var.irsa_config.create_kubernetes_service_account, true)
-  create_service_account_secret_token = try(var.irsa_config.create_service_account_secret_token, false)
-  kubernetes_namespace                = lookup(var.irsa_config, "kubernetes_namespace", "")
-  kubernetes_service_account          = lookup(var.irsa_config, "kubernetes_service_account", "")
-  kubernetes_svc_image_pull_secrets   = try(var.irsa_config.kubernetes_svc_image_pull_secrets, null)
-  irsa_iam_policies                   = lookup(var.irsa_config, "irsa_iam_policies", null)
-  irsa_iam_role_name                  = var.irsa_iam_role_name
-  irsa_iam_role_path                  = lookup(var.addon_context, "irsa_iam_role_path", null)
-  irsa_iam_permissions_boundary       = lookup(var.addon_context, "irsa_iam_permissions_boundary", null)
-  eks_cluster_id                      = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn               = var.addon_context.eks_oidc_provider_arn
-  tags                                = var.addon_context.tags
-}
diff --git a/modules/helm-addon/outputs.tf b/modules/helm-addon/outputs.tf
deleted file mode 100644
index 97124e4a..00000000
--- a/modules/helm-addon/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "helm_release" {
-  description = "Map of attributes of the Helm release created without sensitive outputs"
-  value       = try({ for k, v in helm_release.addon : k => v if k != "repository_password" }, {})
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = try(helm_release.addon[0].metadata, null)
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = try(module.irsa[0].irsa_iam_role_arn, null)
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = try(module.irsa[0].irsa_iam_role_name, null)
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = try(coalesce(try(module.irsa[0].service_account, null), lookup(var.irsa_config, "kubernetes_service_account", null)), null)
-}
diff --git a/modules/helm-addon/variables.tf b/modules/helm-addon/variables.tf
deleted file mode 100644
index d8d706e8..00000000
--- a/modules/helm-addon/variables.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-variable "helm_config" {
-  description = "Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs"
-  type        = any
-}
-
-variable "set_values" {
-  description = "Forced set values"
-  type        = any
-  default     = []
-}
-
-variable "set_sensitive_values" {
-  description = "Forced set_sensitive values"
-  type        = any
-  default     = []
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "irsa_iam_role_name" {
-  description = "IAM role name for IRSA"
-  type        = string
-  default     = ""
-}
-
-variable "irsa_config" {
-  description = "Input configuration for IRSA module"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type        = any
-}
diff --git a/modules/helm-addon/versions.tf b/modules/helm-addon/versions.tf
deleted file mode 100644
index 278a4fbb..00000000
--- a/modules/helm-addon/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
-  }
-}
diff --git a/modules/irsa/README.md b/modules/irsa/README.md
deleted file mode 100644
index f3a3d49e..00000000
--- a/modules/irsa/README.md
+++ /dev/null
@@ -1,75 +0,0 @@
-# IRSA (IAM roles for Kubernetes Service Accounts)
-
-This Terraform module creates the following resources
-
-1.  Kubernetes Namespace for Kubernetes Addon
-2.  Service Account for Kubernetes Addon
-3.  IAM Role for Service Account with OIDC assume role policy
-4.  Creates default policy required for Addon
-5.  Attaches the additional IAM policies provided by consumer module
-
-## Learn more
-
-## Blogs
-
-- [Introducing fine-grained IAM roles for service accounts](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/)
-- [Cross account IAM roles for Kubernetes service accounts](https://aws.amazon.com/blogs/containers/cross-account-iam-roles-for-kubernetes-service-accounts/)
-- [Enabling cross-account access to Amazon EKS cluster resources](https://aws.amazon.com/blogs/containers/enabling-cross-account-access-to-amazon-eks-cluster-resources/)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_role.irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [kubernetes_namespace_v1.irsa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_secret_v1.irsa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
-| [kubernetes_service_account_v1.irsa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_create_kubernetes_namespace"></a> [create\_kubernetes\_namespace](#input\_create\_kubernetes\_namespace) | Should the module create the namespace | `bool` | `true` | no |
-| <a name="input_create_kubernetes_service_account"></a> [create\_kubernetes\_service\_account](#input\_create\_kubernetes\_service\_account) | Should the module create the Service Account | `bool` | `true` | no |
-| <a name="input_create_service_account_secret_token"></a> [create\_service\_account\_secret\_token](#input\_create\_service\_account\_secret\_token) | Should the module create a secret for the service account (from k8s version 1.24 service account doesn't automatically create secret of the token) | `bool` | `false` | no |
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster ID | `string` | n/a | yes |
-| <a name="input_eks_oidc_provider_arn"></a> [eks\_oidc\_provider\_arn](#input\_eks\_oidc\_provider\_arn) | EKS OIDC Provider ARN e.g., arn:aws:iam::<ACCOUNT-ID>:oidc-provider/<var.eks\_oidc\_provider> | `string` | n/a | yes |
-| <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `""` | no |
-| <a name="input_irsa_iam_policies"></a> [irsa\_iam\_policies](#input\_irsa\_iam\_policies) | IAM Policies for IRSA IAM role | `list(string)` | `[]` | no |
-| <a name="input_irsa_iam_role_name"></a> [irsa\_iam\_role\_name](#input\_irsa\_iam\_role\_name) | IAM role name for IRSA | `string` | `""` | no |
-| <a name="input_irsa_iam_role_path"></a> [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
-| <a name="input_kubernetes_namespace"></a> [kubernetes\_namespace](#input\_kubernetes\_namespace) | Kubernetes Namespace name | `string` | n/a | yes |
-| <a name="input_kubernetes_service_account"></a> [kubernetes\_service\_account](#input\_kubernetes\_service\_account) | Kubernetes Service Account Name | `string` | n/a | yes |
-| <a name="input_kubernetes_svc_image_pull_secrets"></a> [kubernetes\_svc\_image\_pull\_secrets](#input\_kubernetes\_svc\_image\_pull\_secrets) | list(string) of kubernetes imagePullSecrets | `list(string)` | `[]` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_iam_role_arn"></a> [irsa\_iam\_role\_arn](#output\_irsa\_iam\_role\_arn) | IAM role ARN for your service account |
-| <a name="output_irsa_iam_role_name"></a> [irsa\_iam\_role\_name](#output\_irsa\_iam\_role\_name) | IAM role name for your service account |
-| <a name="output_namespace"></a> [namespace](#output\_namespace) | IRSA Namespace |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | IRSA Service Account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/irsa/main.tf b/modules/irsa/main.tf
deleted file mode 100644
index 0beafc41..00000000
--- a/modules/irsa/main.tf
+++ /dev/null
@@ -1,87 +0,0 @@
-locals {
-  eks_oidc_issuer_url = replace(var.eks_oidc_provider_arn, "/^(.*provider/)/", "")
-}
-
-resource "kubernetes_namespace_v1" "irsa" {
-  count = var.create_kubernetes_namespace && var.kubernetes_namespace != "kube-system" ? 1 : 0
-  metadata {
-    name = var.kubernetes_namespace
-  }
-
-  lifecycle {
-    ignore_changes = [
-      metadata[0].labels,
-      metadata[0].annotations,
-    ]
-  }
-}
-
-resource "kubernetes_secret_v1" "irsa" {
-  count = var.create_kubernetes_service_account && var.create_service_account_secret_token ? 1 : 0
-  metadata {
-    name      = format("%s-token-secret", try(kubernetes_service_account_v1.irsa[0].metadata[0].name, var.kubernetes_service_account))
-    namespace = try(kubernetes_namespace_v1.irsa[0].metadata[0].name, var.kubernetes_namespace)
-    annotations = {
-      "kubernetes.io/service-account.name"      = try(kubernetes_service_account_v1.irsa[0].metadata[0].name, var.kubernetes_service_account)
-      "kubernetes.io/service-account.namespace" = try(kubernetes_namespace_v1.irsa[0].metadata[0].name, var.kubernetes_namespace)
-    }
-  }
-
-  type = "kubernetes.io/service-account-token"
-}
-
-resource "kubernetes_service_account_v1" "irsa" {
-  count = var.create_kubernetes_service_account ? 1 : 0
-  metadata {
-    name        = var.kubernetes_service_account
-    namespace   = try(kubernetes_namespace_v1.irsa[0].metadata[0].name, var.kubernetes_namespace)
-    annotations = var.irsa_iam_policies != null ? { "eks.amazonaws.com/role-arn" : aws_iam_role.irsa[0].arn } : null
-  }
-
-  dynamic "image_pull_secret" {
-    for_each = var.kubernetes_svc_image_pull_secrets != null ? var.kubernetes_svc_image_pull_secrets : []
-    content {
-      name = image_pull_secret.value
-    }
-  }
-
-  automount_service_account_token = true
-}
-
-# NOTE: Don't change the condition from StringLike to StringEquals. We are using wild characters for service account hence StringLike is required.
-resource "aws_iam_role" "irsa" {
-  count = var.irsa_iam_policies != null ? 1 : 0
-
-  name        = try(coalesce(var.irsa_iam_role_name, format("%s-%s-%s", var.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa")), null)
-  description = "AWS IAM Role for the Kubernetes service account ${var.kubernetes_service_account}."
-  assume_role_policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "Federated" : var.eks_oidc_provider_arn
-        },
-        "Action" : "sts:AssumeRoleWithWebIdentity",
-        "Condition" : {
-          "StringLike" : {
-            "${local.eks_oidc_issuer_url}:sub" : "system:serviceaccount:${var.kubernetes_namespace}:${var.kubernetes_service_account}",
-            "${local.eks_oidc_issuer_url}:aud" : "sts.amazonaws.com"
-          }
-        }
-      }
-    ]
-  })
-  path                  = var.irsa_iam_role_path
-  force_detach_policies = true
-  permissions_boundary  = var.irsa_iam_permissions_boundary
-
-  tags = var.tags
-}
-
-resource "aws_iam_role_policy_attachment" "irsa" {
-  count = var.irsa_iam_policies != null ? length(var.irsa_iam_policies) : 0
-
-  policy_arn = var.irsa_iam_policies[count.index]
-  role       = aws_iam_role.irsa[0].name
-}
diff --git a/modules/irsa/outputs.tf b/modules/irsa/outputs.tf
deleted file mode 100644
index 9311a6c0..00000000
--- a/modules/irsa/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "irsa_iam_role_arn" {
-  description = "IAM role ARN for your service account"
-  value       = try(aws_iam_role.irsa[0].arn, null)
-}
-
-output "irsa_iam_role_name" {
-  description = "IAM role name for your service account"
-  value       = try(aws_iam_role.irsa[0].name, null)
-}
-
-output "namespace" {
-  description = "IRSA Namespace"
-  value       = try(kubernetes_namespace_v1.irsa[0].id, var.kubernetes_namespace)
-}
-
-output "service_account" {
-  description = "IRSA Service Account"
-  value       = try(kubernetes_service_account_v1.irsa[0].id, var.kubernetes_service_account)
-}
diff --git a/modules/irsa/variables.tf b/modules/irsa/variables.tf
deleted file mode 100644
index 60bf1fe8..00000000
--- a/modules/irsa/variables.tf
+++ /dev/null
@@ -1,73 +0,0 @@
-variable "kubernetes_namespace" {
-  description = "Kubernetes Namespace name"
-  type        = string
-}
-
-variable "create_kubernetes_namespace" {
-  description = "Should the module create the namespace"
-  type        = bool
-  default     = true
-}
-
-variable "create_kubernetes_service_account" {
-  description = "Should the module create the Service Account"
-  type        = bool
-  default     = true
-}
-
-variable "create_service_account_secret_token" {
-  description = "Should the module create a secret for the service account (from k8s version 1.24 service account doesn't automatically create secret of the token)"
-  type        = bool
-  default     = false
-}
-
-variable "kubernetes_service_account" {
-  description = "Kubernetes Service Account Name"
-  type        = string
-}
-
-variable "kubernetes_svc_image_pull_secrets" {
-  description = "list(string) of kubernetes imagePullSecrets"
-  type        = list(string)
-  default     = []
-}
-
-variable "irsa_iam_policies" {
-  type        = list(string)
-  description = "IAM Policies for IRSA IAM role"
-  default     = []
-}
-
-variable "irsa_iam_role_name" {
-  type        = string
-  description = "IAM role name for IRSA"
-  default     = ""
-}
-
-variable "irsa_iam_role_path" {
-  description = "IAM role path for IRSA roles"
-  type        = string
-  default     = "/"
-}
-
-variable "irsa_iam_permissions_boundary" {
-  description = "IAM permissions boundary for IRSA roles"
-  type        = string
-  default     = ""
-}
-
-variable "eks_oidc_provider_arn" {
-  description = "EKS OIDC Provider ARN e.g., arn:aws:iam::<ACCOUNT-ID>:oidc-provider/<var.eks_oidc_provider>"
-  type        = string
-}
-
-variable "eks_cluster_id" {
-  description = "EKS Cluster ID"
-  type        = string
-}
-
-variable "tags" {
-  description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
-  type        = map(string)
-  default     = {}
-}
diff --git a/modules/irsa/versions.tf b/modules/irsa/versions.tf
deleted file mode 100644
index d2ddf87c..00000000
--- a/modules/irsa/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/tests/complete/main.tf b/tests/complete/main.tf
index 2bf7ccc8..e2246faf 100644
--- a/tests/complete/main.tf
+++ b/tests/complete/main.tf
@@ -104,7 +104,6 @@ module "eks_blueprints_addons" {
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
   cluster_version   = module.eks.cluster_version
-  oidc_provider     = module.eks.oidc_provider
   oidc_provider_arn = module.eks.oidc_provider_arn
 
   eks_addons = {
@@ -132,25 +131,25 @@ module "eks_blueprints_addons" {
     }
   }
 
-  enable_efs_csi_driver                        = true
-  enable_fsx_csi_driver                        = true
-  enable_argocd                                = true
-  enable_cloudwatch_metrics                    = true
-  enable_aws_privateca_issuer                  = true
-  enable_cert_manager                          = true
-  enable_cluster_autoscaler                    = true
-  enable_secrets_store_csi_driver              = true
-  enable_secrets_store_csi_driver_provider_aws = true
-  enable_kube_prometheus_stack                 = true
-  enable_external_dns                          = true
-  enable_external_secrets                      = true
-  enable_gatekeeper                            = true
-  enable_ingress_nginx                         = true
-  enable_aws_load_balancer_controller          = true
-  enable_metrics_server                        = true
-  enable_vpa                                   = true
-  enable_aws_for_fluentbit                     = true
-  enable_fargate_fluentbit                     = true
+  enable_efs_csi_driver                 = true
+  enable_fsx_csi_driver                 = true
+  enable_argocd                         = true
+  enable_cloudwatch_metrics             = true
+  enable_aws_privateca_issuer           = true
+  enable_cert_manager                   = true
+  enable_cluster_autoscaler             = true
+  enable_secrets_store_csi_driver       = true
+  enable_csi_secrets_store_provider_aws = true
+  enable_kube_prometheus_stack          = true
+  enable_external_dns                   = true
+  enable_external_secrets               = true
+  enable_gatekeeper                     = true
+  enable_ingress_nginx                  = true
+  enable_aws_load_balancer_controller   = true
+  enable_metrics_server                 = true
+  enable_vpa                            = true
+  enable_aws_for_fluentbit              = true
+  enable_fargate_fluentbit              = true
 
   enable_aws_node_termination_handler   = true
   aws_node_termination_handler_asg_arns = [for asg in module.eks.self_managed_node_groups : asg.autoscaling_group_arn]
diff --git a/variables.tf b/variables.tf
index d13791aa..88df6a43 100644
--- a/variables.tf
+++ b/variables.tf
@@ -19,11 +19,6 @@ variable "cluster_version" {
   type        = string
 }
 
-variable "oidc_provider" {
-  description = "The OpenID Connect identity provider (issuer URL without leading `https://`)"
-  type        = string
-}
-
 variable "oidc_provider_arn" {
   description = "The ARN of the cluster OIDC Provider"
   type        = string
@@ -281,9 +276,26 @@ variable "secrets_store_csi_driver" {
   default     = {}
 }
 
+################################################################################
+# CSI Secrets Store Provider AWS
+################################################################################
+
+variable "enable_csi_secrets_store_provider_aws" {
+  description = "Enable AWS CSI Secrets Store Provider"
+  type        = bool
+  default     = false
+}
+
+variable "csi_secrets_store_provider_aws" {
+  description = "CSI Secrets Store Provider add-on configurations"
+  type        = any
+  default     = {}
+}
+
 ################################################################################
 # AWS for Fluentbit
 ################################################################################
+
 variable "enable_aws_for_fluentbit" {
   description = "Enable AWS for FluentBit add-on"
   type        = bool
@@ -433,6 +445,7 @@ variable "fsx_csi_driver" {
 ################################################################################
 # AWS Load Balancer Controller
 ################################################################################
+
 variable "enable_aws_load_balancer_controller" {
   description = "Enable AWS Load Balancer Controller add-on"
   type        = bool
@@ -448,6 +461,7 @@ variable "aws_load_balancer_controller" {
 ################################################################################
 # Vertical Pod Autoscaler
 ################################################################################
+
 variable "enable_vpa" {
   description = "Enable Vertical Pod Autoscaler add-on"
   type        = bool
@@ -463,6 +477,7 @@ variable "vpa" {
 ################################################################################
 # Velero
 ################################################################################
+
 variable "enable_velero" {
   description = "Enable Kubernetes Dashboard add-on"
   type        = bool
@@ -478,6 +493,7 @@ variable "velero" {
 ################################################################################
 # Fargate Fluentbit
 ################################################################################
+
 variable "enable_fargate_fluentbit" {
   description = "Enable Fargate FluentBit add-on"
   type        = bool
@@ -495,29 +511,3 @@ variable "fargate_fluentbit" {
   type        = any
   default     = {}
 }
-
-#-------------------------------------------------------------------------------
-variable "irsa_iam_role_path" {
-  description = "IAM role path for IRSA roles"
-  type        = string
-  default     = "/"
-}
-
-variable "irsa_iam_permissions_boundary" {
-  description = "IAM permissions boundary for IRSA roles"
-  type        = string
-  default     = ""
-}
-
-#-----------AWS CSI Secrets Store Provider-------------
-variable "enable_secrets_store_csi_driver_provider_aws" {
-  type        = bool
-  default     = false
-  description = "Enable AWS CSI Secrets Store Provider"
-}
-
-variable "csi_secrets_store_provider_aws_helm_config" {
-  type        = any
-  default     = null
-  description = "CSI Secrets Store Provider AWS Helm Configurations"
-}