diff --git a/README.md b/README.md
index 2c2396e..1c0742d 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,6 @@ module "eks_bootstrap" {
   ipv6_enabled                  = true
   kms_key_arn                   = "arn:aws:kms:region:222222222222:key/kms_key_arn"
   keda_enabled                  = true
-  istio_enabled                 = false
   kms_policy_arn                = "arn:aws:iam::222222222222:policy/kms_policy_arn" ## eks module will create kms_policy_arn
   eks_cluster_name              = "cluster_name"
   reloader_enabled              = true
@@ -36,6 +35,17 @@ module "eks_bootstrap" {
   amazon_eks_vpc_cni_enabled    = true
   cluster_autoscaler_enabled    = true
   service_monitor_crd_enabled   = true
+  istio_enabled                 = false
+  istio_config = {
+    ingress_gateway_enabled             = true
+    ingress_gateway_namespace           = "istio-ingressgateway"
+    egress_gateway_enabled              = true
+    egress_gateway_namespace            = "istio-egressgateway"
+    observability_enabled               = true
+    envoy_access_logs_enabled           = true
+    prometheus_monitoring_enabled       = true
+    cert_manager_cluster_issuer_enabled = true
+  }
   karpenter_provisioner_enabled = true
   karpenter_provisioner_config = {
     private_subnet_name    = "private_subnet_name"
@@ -208,7 +218,6 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_efs"></a> [efs](#module\_efs) | ./addons/efs | n/a |
-| <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./addons/external_secrets | n/a |
 | <a name="module_istio"></a> [istio](#module\_istio) | ./addons/istio | n/a |
 | <a name="module_k8s_addons"></a> [k8s\_addons](#module\_k8s\_addons) | ./EKS-Blueprint/modules/kubernetes-addons | n/a |
 | <a name="module_karpenter_provisioner"></a> [karpenter\_provisioner](#module\_karpenter\_provisioner) | ./addons/karpenter_provisioner | n/a |
@@ -223,8 +232,11 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | [aws_eks_addon.kubecost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_iam_instance_profile.karpenter_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
 | [helm_release.cert_manager_le_http](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.coredns-hpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.internal_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kubeclarity](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.metrics-server-vpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.vpa-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_ingress_v1.kubecost](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource |
 | [kubernetes_namespace.internal_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kube_clarity](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -236,6 +248,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | [aws_eks_cluster.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [kubernetes_service.internal-nginx-ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
+| [kubernetes_service.istio-ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
 | [kubernetes_service.nginx-ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
 
 ## Inputs
@@ -254,6 +267,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_cluster_autoscaler_enabled"></a> [cluster\_autoscaler\_enabled](#input\_cluster\_autoscaler\_enabled) | Whether to enable the Cluster Autoscaler add-on or not. | `bool` | `false` | no |
 | <a name="input_cluster_issuer"></a> [cluster\_issuer](#input\_cluster\_issuer) | Specify the letsecrypt cluster-issuer for ingress tls. | `string` | `"letsencrypt-prod"` | no |
 | <a name="input_cluster_propotional_autoscaler_enabled"></a> [cluster\_propotional\_autoscaler\_enabled](#input\_cluster\_propotional\_autoscaler\_enabled) | Enable or disable Cluster propotional autoscaler add-on | `bool` | `false` | no |
+| <a name="input_core_dns_hpa_config"></a> [core\_dns\_hpa\_config](#input\_core\_dns\_hpa\_config) | Configuration to provide settings of hpa over core dns | `any` | <pre>{<br>  "corednsdeploymentname": "coredns",<br>  "maxReplicas": 10,<br>  "minReplicas": 2,<br>  "targetCPUUtilizationPercentage": 80,<br>  "targetMemoryUtilizationPercentage": "150Mi"<br>}</pre> | no |
 | <a name="input_efs_storage_class_enabled"></a> [efs\_storage\_class\_enabled](#input\_efs\_storage\_class\_enabled) | Enable or disable the Amazon Elastic File System (EFS) add-on for EKS cluster. | `bool` | `false` | no |
 | <a name="input_eks_cluster_name"></a> [eks\_cluster\_name](#input\_eks\_cluster\_name) | Fetch Cluster ID of the cluster | `string` | `""` | no |
 | <a name="input_enable_aws_load_balancer_controller"></a> [enable\_aws\_load\_balancer\_controller](#input\_enable\_aws\_load\_balancer\_controller) | Enable or disable AWS Load Balancer Controller add-on for managing and controlling load balancers in Kubernetes. | `bool` | `false` | no |
@@ -262,7 +276,8 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_ingress_nginx_enabled"></a> [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | Enable or disable Nginx Ingress Controller add-on for routing external traffic to Kubernetes services. | `bool` | `false` | no |
 | <a name="input_ingress_nginx_version"></a> [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Specify the version of the NGINX Ingress Controller | `string` | `"4.7.0"` | no |
 | <a name="input_internal_ingress_nginx_enabled"></a> [internal\_ingress\_nginx\_enabled](#input\_internal\_ingress\_nginx\_enabled) | Enable or disable the deployment of an internal ingress controller for Kubernetes. | `bool` | `false` | no |
-| <a name="input_ipv6_enabled"></a> [ipv6\_enabled](#input\_ipv6\_enabled) | Whether enable IPv6 or not | `bool` | `false` | no |
+| <a name="input_ipv6_enabled"></a> [ipv6\_enabled](#input\_ipv6\_enabled) | whether IPv6 enabled or not | `bool` | `false` | no |
+| <a name="input_istio_config"></a> [istio\_config](#input\_istio\_config) | Configuration to provide settings for Istio | `any` | <pre>{<br>  "cert_manager_cluster_issuer_enabled": false,<br>  "egress_gateway_enabled": false,<br>  "egress_gateway_namespace": "istio-egressgateway",<br>  "envoy_access_logs_enabled": false,<br>  "ingress_gateway_enabled": true,<br>  "ingress_gateway_namespace": "istio-ingressgateway",<br>  "observability_enabled": true,<br>  "prometheus_monitoring_enabled": false<br>}</pre> | no |
 | <a name="input_istio_enabled"></a> [istio\_enabled](#input\_istio\_enabled) | Enable istio for service mesh. | `bool` | `false` | no |
 | <a name="input_karpenter_enabled"></a> [karpenter\_enabled](#input\_karpenter\_enabled) | Enable or disable Karpenter, a Kubernetes-native, multi-tenant, and auto-scaling solution for containerized workloads on Kubernetes. | `bool` | `false` | no |
 | <a name="input_karpenter_provisioner_config"></a> [karpenter\_provisioner\_config](#input\_karpenter\_provisioner\_config) | Configuration to provide settings for Karpenter, including which private subnet to use, instance capacity types, and excluded instance types. | `any` | <pre>{<br>  "excluded_instance_type": [<br>    "nano",<br>    "micro",<br>    "small"<br>  ],<br>  "instance_capacity_type": [<br>    "spot"<br>  ],<br>  "instance_hypervisor": [<br>    "nitro"<br>  ],<br>  "private_subnet_name": ""<br>}</pre> | no |
@@ -277,6 +292,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_kubecost_hostname"></a> [kubecost\_hostname](#input\_kubecost\_hostname) | Specify the hostname for the kubecsot. | `string` | `""` | no |
 | <a name="input_metrics_server_enabled"></a> [metrics\_server\_enabled](#input\_metrics\_server\_enabled) | Enable or disable the metrics server add-on for EKS cluster. | `bool` | `false` | no |
 | <a name="input_metrics_server_helm_version"></a> [metrics\_server\_helm\_version](#input\_metrics\_server\_helm\_version) | Version of the metrics server helm chart | `string` | `"3.8.2"` | no |
+| <a name="input_metrics_server_vpa_config"></a> [metrics\_server\_vpa\_config](#input\_metrics\_server\_vpa\_config) | Configuration to provide settings of vpa over metrics server | `any` | <pre>{<br>  "maxCPU": "100m",<br>  "maxMemory": "500Mi",<br>  "metricsServerDeploymentName": "metrics-server",<br>  "minCPU": "25m",<br>  "minMemory": "150Mi"<br>}</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | Specify the name prefix of the EKS cluster resources. | `string` | `""` | no |
 | <a name="input_node_termination_handler_version"></a> [node\_termination\_handler\_version](#input\_node\_termination\_handler\_version) | Specify the version of node termination handler | `string` | `"0.21.0"` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | Private subnets of the VPC which can be used by EFS | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
@@ -298,6 +314,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="output_efs_id"></a> [efs\_id](#output\_efs\_id) | ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster. |
 | <a name="output_environment"></a> [environment](#output\_environment) | Environment Name for the EKS cluster |
 | <a name="output_internal_nginx_ingress_controller_dns_hostname"></a> [internal\_nginx\_ingress\_controller\_dns\_hostname](#output\_internal\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster. |
+| <a name="output_istio_ingressgateway_dns_hostname"></a> [istio\_ingressgateway\_dns\_hostname](#output\_istio\_ingressgateway\_dns\_hostname) | DNS hostname of the Istio Ingress Gateway. |
 | <a name="output_kubeclarity"></a> [kubeclarity](#output\_kubeclarity) | Kubeclarity\_Info |
 | <a name="output_kubecost"></a> [kubecost](#output\_kubecost) | Kubecost\_Info |
 | <a name="output_nginx_ingress_controller_dns_hostname"></a> [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller. |
diff --git a/addons/core_dns_hpa/Chart.yaml b/addons/core_dns_hpa/Chart.yaml
index 632a60c..447cde9 100644
--- a/addons/core_dns_hpa/Chart.yaml
+++ b/addons/core_dns_hpa/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 appVersion: "1.0"
 description: A Helm chart add hpa on coredns
 name: corednshpa
-version: 1.0.0
\ No newline at end of file
+version: 1.0.0
diff --git a/addons/core_dns_hpa/templates/hpa.yaml b/addons/core_dns_hpa/templates/hpa.yaml
index b1b0bc0..d81ba36 100644
--- a/addons/core_dns_hpa/templates/hpa.yaml
+++ b/addons/core_dns_hpa/templates/hpa.yaml
@@ -26,10 +26,10 @@ spec:
    name: coredns
  minReplicas: {{ .Values.minReplicas}}
  maxReplicas: {{ .Values.maxReplicas}}
- metrics: 
+ metrics:
   - type: Resource
     resource:
-      name: memory 
+      name: memory
       target:
-        type: Utilization 
-        averageValue: {{ .Values.targetMemoryUtilizationPercentage}}
\ No newline at end of file
+        type: Utilization
+        averageValue: {{ .Values.targetMemoryUtilizationPercentage}}
diff --git a/addons/core_dns_hpa/values.yaml b/addons/core_dns_hpa/values.yaml
index 22667f1..f8f401b 100644
--- a/addons/core_dns_hpa/values.yaml
+++ b/addons/core_dns_hpa/values.yaml
@@ -2,4 +2,4 @@ corednsdeploymentname: ${corednsdeploymentname}
 minReplicas: ${minReplicas}
 maxReplicas: ${maxReplicas}
 targetCPUUtilizationPercentage: ${targetCPUUtilizationPercentage}
-targetMemoryUtilizationPercentage: ${targetMemoryUtilizationPercentage}
\ No newline at end of file
+targetMemoryUtilizationPercentage: ${targetMemoryUtilizationPercentage}
diff --git a/addons/istio/README.md b/addons/istio/README.md
index 08d7fff..a417df9 100644
--- a/addons/istio/README.md
+++ b/addons/istio/README.md
@@ -25,13 +25,27 @@ No modules.
 | Name | Type |
 |------|------|
 | [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.istio_egress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.istio_ingress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.istio_observability](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.istio_egress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.istio_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.istio_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cert_manager_cluster_issuer_enabled"></a> [cert\_manager\_cluster\_issuer\_enabled](#input\_cert\_manager\_cluster\_issuer\_enabled) | Enable or disable the installation of LetsEncrypt Cluster issuer with istio Class | `bool` | `false` | no |
+| <a name="input_cert_manager_letsencrypt_email"></a> [cert\_manager\_letsencrypt\_email](#input\_cert\_manager\_letsencrypt\_email) | Specifies the email address to be used by cert-manager to request Let's Encrypt certificates | `string` | n/a | yes |
+| <a name="input_egress_gateway_enabled"></a> [egress\_gateway\_enabled](#input\_egress\_gateway\_enabled) | Enable or disable the installation of Istio Egress Gateway. | `bool` | `false` | no |
+| <a name="input_egress_gateway_namespace"></a> [egress\_gateway\_namespace](#input\_egress\_gateway\_namespace) | Name of the Kubernetes namespace where the Istio Egress Gateway will be deployed. | `string` | `"istio-egressgateway"` | no |
+| <a name="input_envoy_access_logs_enabled"></a> [envoy\_access\_logs\_enabled](#input\_envoy\_access\_logs\_enabled) | Enable or disable the installation of Envoy access logs across Mesh | `bool` | `false` | no |
+| <a name="input_ingress_gateway_enabled"></a> [ingress\_gateway\_enabled](#input\_ingress\_gateway\_enabled) | Enable or disable the installation of Istio Ingress Gateway. | `bool` | `true` | no |
+| <a name="input_ingress_gateway_namespace"></a> [ingress\_gateway\_namespace](#input\_ingress\_gateway\_namespace) | Name of the Kubernetes namespace where the Istio Ingress Gateway will be deployed | `string` | `"istio-ingressgateway"` | no |
+| <a name="input_observability_enabled"></a> [observability\_enabled](#input\_observability\_enabled) | Enable or disable the installation of observability components | `bool` | `false` | no |
+| <a name="input_prometheus_monitoring_enabled"></a> [prometheus\_monitoring\_enabled](#input\_prometheus\_monitoring\_enabled) | Enable or disable the installation of Prometheus Operator's servicemonitor to monitor Istio Controlplane and Dataplane | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/addons/istio/istio-observability/.helmignore b/addons/istio/istio-observability/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/addons/istio/istio-observability/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/addons/istio/istio-observability/Chart.yaml b/addons/istio/istio-observability/Chart.yaml
new file mode 100644
index 0000000..65742fe
--- /dev/null
+++ b/addons/istio/istio-observability/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: istio-observability
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"
diff --git a/addons/istio/istio-observability/templates/clusterissuer.yaml b/addons/istio/istio-observability/templates/clusterissuer.yaml
new file mode 100644
index 0000000..1a2e5bf
--- /dev/null
+++ b/addons/istio/istio-observability/templates/clusterissuer.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.accessLogging.enabled -}}
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-istio
+  namespace: istio-system
+spec:
+  acme:
+    email: {{ .Values.clusterIssuer.email }}
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-istio
+    solvers:
+    - http01:
+        ingress:
+          class: istio
+{{- end }}
diff --git a/addons/istio/istio-observability/templates/enable-access-logs.yaml b/addons/istio/istio-observability/templates/enable-access-logs.yaml
new file mode 100644
index 0000000..06b7a6a
--- /dev/null
+++ b/addons/istio/istio-observability/templates/enable-access-logs.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.accessLogging.enabled -}}
+apiVersion: telemetry.istio.io/v1alpha1
+kind: Telemetry
+metadata:
+  name: mesh-default
+  namespace: istio-system
+spec:
+  accessLogging:
+    - providers:
+      - name: envoy
+{{- end }}
diff --git a/addons/istio/istio-observability/templates/service-monitor-control-plane.yaml b/addons/istio/istio-observability/templates/service-monitor-control-plane.yaml
new file mode 100644
index 0000000..7069b7e
--- /dev/null
+++ b/addons/istio/istio-observability/templates/service-monitor-control-plane.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.monitoring.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: prometheus-oper-istio-controlplane
+  labels:
+    release: prometheus-operator
+    monitoring: istio-controlplane
+spec:
+  jobLabel: istio
+  selector:
+    matchExpressions:
+      - {key: istio, operator: In, values: [mixer,pilot,galley,citadel,sidecar-injector]}
+  namespaceSelector:
+    matchNames:
+    - istio-system
+  endpoints:
+  - port: http-monitoring
+    interval: 15s
+{{- end }}
diff --git a/addons/istio/istio-observability/templates/service-monitor-dataplane.yaml b/addons/istio/istio-observability/templates/service-monitor-dataplane.yaml
new file mode 100644
index 0000000..7c9a582
--- /dev/null
+++ b/addons/istio/istio-observability/templates/service-monitor-dataplane.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.monitoring.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: prometheus-oper-istio-dataplane
+  labels:
+    monitoring: istio-dataplane
+    release: prometheus-operator
+spec:
+  selector:
+    matchExpressions:
+      - {key: istio-prometheus-ignore, operator: DoesNotExist}
+  namespaceSelector:
+    any: true
+  jobLabel: envoy-stats
+  endpoints:
+  - path: /stats/prometheus
+    targetPort: http-envoy-prom
+    interval: 15s
+    relabelings:
+    - sourceLabels: [__meta_kubernetes_pod_container_port_name]
+      action: keep
+      regex: '.*-envoy-prom'
+    - action: labelmap
+      regex: "__meta_kubernetes_pod_label_(.+)"
+    - sourceLabels: [__meta_kubernetes_namespace]
+      action: replace
+      targetLabel: namespace
+    - sourceLabels: [__meta_kubernetes_pod_name]
+      action: replace
+      targetLabel: pod_name
+{{- end }}
diff --git a/addons/istio/istio-observability/values.yaml b/addons/istio/istio-observability/values.yaml
new file mode 100644
index 0000000..15b5b6f
--- /dev/null
+++ b/addons/istio/istio-observability/values.yaml
@@ -0,0 +1,9 @@
+accessLogging:
+  enabled: "${envoy_access_logs_enabled}"
+
+monitoring:
+  enabled: "${prometheus_monitoring_enabled}"
+
+clusterIssuer:
+  enabled: "${cert_manager_cluster_issuer_enabled}"
+  email: "${cert_manager_letsencrypt_email}"
diff --git a/addons/istio/main.tf b/addons/istio/main.tf
index d0f9fe0..bc37d24 100644
--- a/addons/istio/main.tf
+++ b/addons/istio/main.tf
@@ -1,5 +1,4 @@
 resource "kubernetes_namespace" "istio_system" {
-
   metadata {
     name = "istio-system"
   }
@@ -7,14 +6,12 @@ resource "kubernetes_namespace" "istio_system" {
 
 resource "helm_release" "istio_base" {
   depends_on = [kubernetes_namespace.istio_system]
-
   name       = "istio-base"
   repository = "https://istio-release.storage.googleapis.com/charts"
   chart      = "base"
   namespace  = "istio-system"
   timeout    = 600
-  version    = "1.15.2"
-
+  version    = "1.18.0"
 }
 
 resource "helm_release" "istiod" {
@@ -25,42 +22,29 @@ resource "helm_release" "istiod" {
   chart      = "istiod"
   namespace  = "istio-system"
   timeout    = 600
-  version    = "1.15.2"
-
-  set {
-    name  = "global.tracer.zipkin.address"
-    value = "zipkin.svc.cluster:9411"
-  }
-
-  /* set {
-    name  = "global.tracer.zipkin.address.co.elastic.logs/enabled"
-    value = "true"
-  } */
+  version    = "1.18.0"
 }
 
-# resource "kubernetes_namespace" "istio_ingress" {
+resource "kubernetes_namespace" "istio_ingress" {
 
-#   depends_on = [helm_release.istiod]
-
-#   metadata {
-#     name = "istio-ingress"
+  depends_on = [helm_release.istiod]
+  count      = var.ingress_gateway_enabled ? 1 : 0
 
-#     labels = {
-#       istio-injection = "enabled"
-#     }
-#   }
+  metadata {
+    name = var.ingress_gateway_namespace
+  }
 
-# }
+}
 
 resource "helm_release" "istio_ingress" {
-  depends_on = [helm_release.istiod]
-
+  depends_on = [helm_release.istiod, kubernetes_namespace.istio_ingress]
+  count      = var.ingress_gateway_enabled ? 1 : 0
   name       = "istio-ingressgateway"
   repository = "https://istio-release.storage.googleapis.com/charts"
   chart      = "gateway"
-  namespace  = "istio-system"
+  namespace  = var.ingress_gateway_namespace
   timeout    = 600
-  version    = "1.15.2"
+  version    = "1.18.0"
 
   set {
     name  = "labels.app"
@@ -78,3 +62,65 @@ resource "helm_release" "istio_ingress" {
   }
 
 }
+
+
+resource "kubernetes_namespace" "istio_egress" {
+
+  depends_on = [helm_release.istiod]
+  count      = var.egress_gateway_enabled ? 1 : 0
+
+  metadata {
+    name = var.egress_gateway_namespace
+  }
+
+}
+resource "helm_release" "istio_egress" {
+  depends_on = [helm_release.istiod, kubernetes_namespace.istio_egress]
+  count      = var.egress_gateway_enabled ? 1 : 0
+
+  name       = "istio-egressgateway"
+  repository = "https://istio-release.storage.googleapis.com/charts"
+  chart      = "gateway"
+  namespace  = var.egress_gateway_namespace
+  timeout    = 600
+  version    = "1.18.0"
+
+  set {
+    name  = "labels.app"
+    value = "istio-egressgateway"
+  }
+
+  set {
+    name  = "labels.istio"
+    value = "egressgateway"
+  }
+
+  set {
+    name  = "service.type"
+    value = "ClusterIP"
+  }
+}
+
+resource "helm_release" "istio_observability" {
+  depends_on = [helm_release.istiod]
+  count      = var.observability_enabled ? 1 : 0
+  name       = "istio-observability"
+  chart      = "${path.module}/istio-observability/"
+  namespace  = "istio-system"
+  set {
+    name  = "accessLogging.enabled"
+    value = var.envoy_access_logs_enabled
+  }
+  set {
+    name  = "monitoring.enabled"
+    value = var.prometheus_monitoring_enabled
+  }
+  set {
+    name  = "clusterIssuer.enabled"
+    value = var.cert_manager_cluster_issuer_enabled
+  }
+  set {
+    name  = "clusterIssuer.email"
+    value = var.cert_manager_letsencrypt_email
+  }
+}
diff --git a/addons/istio/variables.tf b/addons/istio/variables.tf
index e69de29..79c5b8f 100644
--- a/addons/istio/variables.tf
+++ b/addons/istio/variables.tf
@@ -0,0 +1,51 @@
+variable "ingress_gateway_enabled" {
+  description = "Enable or disable the installation of Istio Ingress Gateway."
+  default     = true
+  type        = bool
+}
+
+variable "ingress_gateway_namespace" {
+  description = "Name of the Kubernetes namespace where the Istio Ingress Gateway will be deployed"
+  default     = "istio-ingressgateway"
+  type        = string
+}
+
+variable "egress_gateway_enabled" {
+  description = "Enable or disable the installation of Istio Egress Gateway."
+  default     = false
+  type        = bool
+}
+
+variable "egress_gateway_namespace" {
+  description = "Name of the Kubernetes namespace where the Istio Egress Gateway will be deployed."
+  default     = "istio-egressgateway"
+  type        = string
+}
+
+variable "observability_enabled" {
+  description = "Enable or disable the installation of observability components"
+  default     = false
+  type        = bool
+}
+
+variable "envoy_access_logs_enabled" {
+  description = "Enable or disable the installation of Envoy access logs across Mesh"
+  default     = false
+  type        = bool
+}
+
+variable "prometheus_monitoring_enabled" {
+  description = "Enable or disable the installation of Prometheus Operator's servicemonitor to monitor Istio Controlplane and Dataplane"
+  default     = false
+  type        = bool
+}
+
+variable "cert_manager_cluster_issuer_enabled" {
+  description = "Enable or disable the installation of LetsEncrypt Cluster issuer with istio Class"
+  default     = false
+  type        = bool
+}
+variable "cert_manager_letsencrypt_email" {
+  description = "Specifies the email address to be used by cert-manager to request Let's Encrypt certificates"
+  type        = string
+}
diff --git a/addons/metrics_server/metrics_server.yaml b/addons/metrics_server/metrics_server.yaml
index dc0a883..bd98efb 100644
--- a/addons/metrics_server/metrics_server.yaml
+++ b/addons/metrics_server/metrics_server.yaml
@@ -32,4 +32,4 @@ resources:
 podAnnotations:
   co.elastic.logs/enabled: "true"
 
-replicas: 2
\ No newline at end of file
+replicas: 2
diff --git a/addons/metrics_server_vpa/Chart.yaml b/addons/metrics_server_vpa/Chart.yaml
index cc738de..372f928 100644
--- a/addons/metrics_server_vpa/Chart.yaml
+++ b/addons/metrics_server_vpa/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 appVersion: "1.0"
 description: A Helm chart add vpa on metrics-server
 name: metricsservervpa
-version: 1.0.0
\ No newline at end of file
+version: 1.0.0
diff --git a/addons/metrics_server_vpa/templates/vpa.yaml b/addons/metrics_server_vpa/templates/vpa.yaml
index ee691dc..41f7ae2 100644
--- a/addons/metrics_server_vpa/templates/vpa.yaml
+++ b/addons/metrics_server_vpa/templates/vpa.yaml
@@ -7,16 +7,16 @@ spec:
   targetRef:
     apiVersion: "apps/v1"
     kind: Deployment
-    name: {{ .Values.metricsServerDeploymentName}}   
+    name: {{ .Values.metricsServerDeploymentName}}
   updatePolicy:
-    updateMode: "Auto"       
+    updateMode: "Auto"
   resourcePolicy:
     containerPolicies:
       - containerName: '*'
         minAllowed:
-          cpu: {{ .Values.minCPU}}  
-          memory: {{ .Values.minMemory}}   
+          cpu: {{ .Values.minCPU}}
+          memory: {{ .Values.minMemory}}
         maxAllowed:
-          cpu: {{ .Values.maxCPU}}     
-          memory: {{ .Values.maxMemory}} 
+          cpu: {{ .Values.maxCPU}}
+          memory: {{ .Values.maxMemory}}
         controlledResources: ["cpu", "memory"]
diff --git a/addons/metrics_server_vpa/values.yaml b/addons/metrics_server_vpa/values.yaml
index 0e2371a..3526ed7 100644
--- a/addons/metrics_server_vpa/values.yaml
+++ b/addons/metrics_server_vpa/values.yaml
@@ -2,4 +2,4 @@ metricsServerDeploymentName: ${metricsServerDeploymentName}
 minCPU: ${minCPU}
 minMemory: ${minMemory}
 maxCPU: ${maxCPU}
-maxMemory: ${maxMemory}
\ No newline at end of file
+maxMemory: ${maxMemory}
diff --git a/addons/velero/main.tf b/addons/velero/main.tf
index cf63c10..14ed76f 100644
--- a/addons/velero/main.tf
+++ b/addons/velero/main.tf
@@ -75,7 +75,7 @@ resource "aws_iam_policy" "velero_iam_policy" {
             "s3:GetObjectVersion",
             "s3:ListObjects",
             "s3:ListBucketVersions",
-            "sts:AssumeRole"	,			
+            "sts:AssumeRole"	,
             "autoscaling:CreateAutoScalingGroup",
             "autoscaling:DeleteAutoScalingGroup",
             "autoscaling:UpdateAutoScalingGroup",
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 1963b01..19829c5 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -5,7 +5,7 @@
 
 ### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
 <br>
-This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+This example is useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
 <br>
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -47,6 +47,8 @@ No inputs.
 | <a name="output_efs_id"></a> [efs\_id](#output\_efs\_id) | ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster. |
 | <a name="output_environment"></a> [environment](#output\_environment) | Environment Name for the EKS cluster |
 | <a name="output_internal_nginx_ingress_controller_dns_hostname"></a> [internal\_nginx\_ingress\_controller\_dns\_hostname](#output\_internal\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster. |
-| <a name="output_kubeclarity_hostname"></a> [kubeclarity\_hostname](#output\_kubeclarity\_hostname) | Hostname for the kubeclarity. |
+| <a name="output_istio_ingressgateway_dns_hostname"></a> [istio\_ingressgateway\_dns\_hostname](#output\_istio\_ingressgateway\_dns\_hostname) | DNS hostname of the Istio Ingress Gateway |
+| <a name="output_kubeclarity"></a> [kubeclarity](#output\_kubeclarity) | Hostname for the kubeclarity. |
+| <a name="output_kubecost"></a> [kubecost](#output\_kubecost) | Hostname for the kubecost. |
 | <a name="output_nginx_ingress_controller_dns_hostname"></a> [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 1309e13..0ae1576 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -18,7 +18,6 @@ module "eks_bootstrap" {
   ipv6_enabled                        = local.ipv6_enabled
   kms_key_arn                         = ""
   keda_enabled                        = true
-  istio_enabled                       = false
   kms_policy_arn                      = "" ## eks module will create kms_policy_arn
   eks_cluster_name                    = ""
   reloader_enabled                    = true
@@ -40,6 +39,17 @@ module "eks_bootstrap" {
   service_monitor_crd_enabled         = true
   karpenter_provisioner_enabled       = false
   enable_aws_load_balancer_controller = true
+  istio_enabled                       = false
+  istio_config = {
+    ingress_gateway_enabled             = true
+    ingress_gateway_namespace           = "istio-ingressgateway"
+    egress_gateway_enabled              = true
+    egress_gateway_namespace            = "istio-egressgateway"
+    observability_enabled               = true
+    envoy_access_logs_enabled           = true
+    prometheus_monitoring_enabled       = true
+    cert_manager_cluster_issuer_enabled = true
+  }
   karpenter_provisioner_config = {
     private_subnet_name    = "private-subnet-name"
     instance_capacity_type = ["on-demand"]
@@ -54,7 +64,7 @@ module "eks_bootstrap" {
   cluster_propotional_autoscaler_enabled        = true
   single_az_ebs_gp3_storage_class_enabled       = true
   cert_manager_install_letsencrypt_http_issuers = true
-  velero_enabled                                = true
+  velero_enabled                                = false
   velero_config = {
     namespaces                      = "" ## If you want full cluster backup, leave it blank else provide namespace.
     slack_notification_token        = "xoxb-EuvmxrYxRatsM8R"
diff --git a/examples/complete/output.tf b/examples/complete/output.tf
index 01105b1..05c45b8 100644
--- a/examples/complete/output.tf
+++ b/examples/complete/output.tf
@@ -23,7 +23,17 @@ output "internal_nginx_ingress_controller_dns_hostname" {
   value       = module.eks_bootstrap.internal_nginx_ingress_controller_dns_hostname
 }
 
-output "kubeclarity_hostname" {
-  value       = module.eks_bootstrap.kubeclarity_hostname
+output "kubeclarity" {
+  value       = module.eks_bootstrap.kubeclarity
   description = "Hostname for the kubeclarity."
 }
+
+output "kubecost" {
+  value       = module.eks_bootstrap.kubecost
+  description = "Hostname for the kubecost."
+}
+
+output "istio_ingressgateway_dns_hostname" {
+  value       = module.eks_bootstrap.istio_ingressgateway_dns_hostname
+  description = "DNS hostname of the Istio Ingress Gateway"
+}
diff --git a/main.tf b/main.tf
index 65e2e54..78f5f36 100644
--- a/main.tf
+++ b/main.tf
@@ -186,10 +186,26 @@ module "velero" {
 }
 
 module "istio" {
-  source = "./addons/istio"
-  count  = var.istio_enabled ? 1 : 0
-
+  depends_on                          = [helm_release.cert_manager_le_http]
+  source                              = "./addons/istio"
+  count                               = var.istio_enabled ? 1 : 0
+  ingress_gateway_enabled             = var.istio_config.ingress_gateway_enabled
+  ingress_gateway_namespace           = var.istio_config.ingress_gateway_namespace
+  egress_gateway_enabled              = var.istio_config.egress_gateway_enabled
+  egress_gateway_namespace            = var.istio_config.egress_gateway_namespace
+  observability_enabled               = var.istio_config.observability_enabled
+  envoy_access_logs_enabled           = var.istio_config.envoy_access_logs_enabled
+  prometheus_monitoring_enabled       = var.istio_config.prometheus_monitoring_enabled
+  cert_manager_cluster_issuer_enabled = var.istio_config.cert_manager_cluster_issuer_enabled
+  cert_manager_letsencrypt_email      = var.cert_manager_letsencrypt_email
+}
 
+data "kubernetes_service" "istio-ingress" {
+  depends_on = [module.istio]
+  metadata {
+    name      = "istio-ingressgateway"
+    namespace = var.istio_config.ingress_gateway_namespace
+  }
 }
 
 module "karpenter_provisioner" {
diff --git a/outputs.tf b/outputs.tf
index 39709cd..f28ce43 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -40,3 +40,8 @@ output "kubecost" {
     url      = var.kubecost_hostname
   }
 }
+
+output "istio_ingressgateway_dns_hostname" {
+  description = "DNS hostname of the Istio Ingress Gateway."
+  value       = var.istio_enabled ? data.kubernetes_service.istio-ingress.status[0].load_balancer[0].ingress[0].hostname : null
+}
diff --git a/variables.tf b/variables.tf
index 3ec3320..852f044 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,4 +1,3 @@
-## COMMON VARIABLES
 variable "amazon_eks_aws_ebs_csi_driver_enabled" {
   description = "Whether to enable the EKS Managed AWS EBS CSI Driver add-on or not."
   default     = false
@@ -203,6 +202,22 @@ variable "istio_enabled" {
   type        = bool
 }
 
+variable "istio_config" {
+  description = "Configuration to provide settings for Istio"
+  default = {
+    ingress_gateway_enabled             = true
+    ingress_gateway_namespace           = "istio-ingressgateway"
+    egress_gateway_enabled              = false
+    egress_gateway_namespace            = "istio-egressgateway"
+    observability_enabled               = true
+    envoy_access_logs_enabled           = false
+    prometheus_monitoring_enabled       = false
+    cert_manager_cluster_issuer_enabled = false
+  }
+  type = any
+}
+
+
 variable "velero_enabled" {
   description = "Enable or disable the installation of Velero, which is a backup and restore solution for Kubernetes clusters."
   default     = false
@@ -267,7 +282,7 @@ variable "kubeclarity_namespace" {
   default     = "kubeclarity"
   type        = string
 }
-#-----------Kubecost ADDON-------------
+
 variable "kubecost_enabled" {
   description = "Enable or disable the deployment of an Kubecost for Kubernetes."
   type        = bool
@@ -286,35 +301,33 @@ variable "cluster_issuer" {
   type        = string
 }
 
-#core-dns-hpa
 variable "core_dns_hpa_config" {
   description = "Configuration to provide settings of hpa over core dns"
   default = {
-    minReplicas                        = 2
-    maxReplicas                        = 10
-    corednsdeploymentname              = "coredns"
-    targetCPUUtilizationPercentage     = 80
-    targetMemoryUtilizationPercentage  = "150Mi"
+    minReplicas                       = 2
+    maxReplicas                       = 10
+    corednsdeploymentname             = "coredns"
+    targetCPUUtilizationPercentage    = 80
+    targetMemoryUtilizationPercentage = "150Mi"
   }
   type = any
 }
 
-#metrics-server-vpa
 variable "metrics_server_vpa_config" {
   description = "Configuration to provide settings of vpa over metrics server"
   default = {
-    
+
     minCPU                      = "25m"
     maxCPU                      = "100m"
     minMemory                   = "150Mi"
     maxMemory                   = "500Mi"
     metricsServerDeploymentName = "metrics-server"
   }
-  type = anyAD
+  type = any
 }
 
 variable "ipv6_enabled" {
   description = "whether IPv6 enabled or not"
-  type = bool
-  default = false
-}
\ No newline at end of file
+  type        = bool
+  default     = false
+}