From a7732b4972ee5f91bc940c1bd409bbf6119546df Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Wed, 6 Nov 2024 16:46:13 -0700
Subject: [PATCH 01/14] Update to eks 1.31

---
 .circleci/config.yml                          | 14 ++++++------
 .github/workflows/terraform-checks.yml        |  2 +-
 .pre-commit-config.yaml                       |  2 +-
 examples/deploy/terraform/cluster/README.md   | 14 ++++++------
 examples/deploy/terraform/infra/README.md     | 16 +++++++-------
 examples/deploy/terraform/nodes/README.md     |  4 ++--
 modules/eks/README.md                         | 16 +++++++-------
 modules/eks/submodules/k8s/README.md          |  6 ++---
 modules/eks/submodules/privatelink/README.md  |  4 ++--
 modules/eks/variables.tf                      |  2 +-
 modules/external-deployments/README.md        |  6 ++---
 modules/flyte/README.md                       |  6 ++---
 modules/infra/README.md                       | 18 +++++++--------
 modules/infra/submodules/bastion/README.md    |  8 +++----
 .../submodules/cost-usage-report/README.md    |  8 +++----
 modules/infra/submodules/network/README.md    |  4 ++--
 modules/infra/submodules/storage/README.md    |  8 +++----
 modules/infra/submodules/vpn/README.md        |  4 ++--
 modules/infra/variables.tf                    |  2 +-
 modules/irsa/README.md                        | 12 +++++-----
 modules/nodes/README.md                       | 12 +++++-----
 modules/single-node/README.md                 | 10 ++++-----
 tests/deploy/infra-ci.tfvars.tftpl            |  2 +-
 tests/deploy/single-node/README.md            |  2 +-
 tests/plan/terraform/README.md                | 22 +++++++++----------
 tests/plan/terraform/variables.tf             |  2 +-
 26 files changed, 103 insertions(+), 103 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 536232b7..e8545e9d 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -9,7 +9,7 @@ parameters:
     default: "1.9.3"
   hcledit_version:
     type: string
-    default: "0.2.9"
+    default: "0.2.15"
   GHA_Actor:
     type: string
     default: ""
@@ -21,9 +21,9 @@ parameters:
     default: ""
 
 orbs:
-  terraform: circleci/terraform@3.2.0
+  terraform: circleci/terraform@3.3.0
   aws-cli: circleci/aws-cli@3.1
-  envsubst: sawadashota/envsubst@1.1.0
+  envsubst: sawadashota/envsubst@1.4.3
 
 commands:
   install_tf:
@@ -40,7 +40,7 @@ commands:
     parameters:
       hcledit_version:
         type: string
-        default: "0.2.9"
+        default: "0.2.15"
     steps:
       - run:
           name: Install HCL edit
@@ -250,7 +250,7 @@ commands:
 jobs:
   tf-plan-test:
     docker:
-      - image: cimg/aws:2023.04.1
+      - image: cimg/aws:2024.03.1
     parameters:
       terraform_version:
         type: string
@@ -262,7 +262,7 @@ jobs:
 
   test-deploy:
     docker:
-      - image: cimg/aws:2023.04.1
+      - image: cimg/aws:2024.03.1
     parameters:
       terraform_version:
         type: string
@@ -287,7 +287,7 @@ jobs:
 
   test-upgrade:
     docker:
-      - image: cimg/aws:2023.04.1
+      - image: cimg/aws:2024.03.1
     parameters:
       terraform_version:
         type: string
diff --git a/.github/workflows/terraform-checks.yml b/.github/workflows/terraform-checks.yml
index 38440a4e..505bcac6 100644
--- a/.github/workflows/terraform-checks.yml
+++ b/.github/workflows/terraform-checks.yml
@@ -84,7 +84,7 @@ jobs:
           retry_wait_seconds: 20
           retry_on: error
           command: >-
-            curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz | tar -C /tmp -xzf - && chmod +x /tmp/terraform-docs && sudo mv /tmp/terraform-docs /usr/local/bin
+            curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.19.0/terraform-docs-v0.19.0-linux-amd64.tar.gz | tar -C /tmp -xzf - && chmod +x /tmp/terraform-docs && sudo mv /tmp/terraform-docs /usr/local/bin
       - name: Terraform docs
         uses: pre-commit/action@v3.0.1
         with:
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index bd934b50..b0e89889 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,5 +1,5 @@
 ## NOTE: Changes(rename/add/delete) to pre-commit ids need to be replicated in .github/workflows/terraform-checks.yml(GHA).
-default_stages: [commit]
+default_stages: [pre-commit]
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.6.0
diff --git a/examples/deploy/terraform/cluster/README.md b/examples/deploy/terraform/cluster/README.md
index d826e14f..3e3b4f3f 100644
--- a/examples/deploy/terraform/cluster/README.md
+++ b/examples/deploy/terraform/cluster/README.md
@@ -38,12 +38,12 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(map(string))<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
-| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br>    enabled                         = optional(bool, false)<br>    namespace                       = optional(string, "domino-compute")<br>    operator_service_account_name   = optional(string, "pham-juno-operator")<br>    operator_role_suffix            = optional(string, "external-deployments-operator")<br>    repository_suffix               = optional(string, "external-deployments")<br>    bucket_suffix                   = optional(string, "external-deployments")<br>    enable_assume_any_external_role = optional(bool, true)<br>    enable_in_account_deployments   = optional(bool, true)<br>  })</pre> | `{}` | no |
-| <a name="input_flyte"></a> [flyte](#input\_flyte) | Config to provision the flyte infrastructure. | <pre>object({<br>    enabled                   = optional(bool, false)<br>    force_destroy_on_deletion = optional(bool, true)<br>    platform_namespace        = optional(string, "domino-platform")<br>    compute_namespace         = optional(string, "domino-compute")<br><br>  })</pre> | `{}` | no |
-| <a name="input_irsa_external_dns"></a> [irsa\_external\_dns](#input\_irsa\_external\_dns) | Mappings for custom IRSA configurations. | <pre>object({<br>    enabled             = optional(bool, false)<br>    hosted_zone_name    = optional(string, null)<br>    namespace           = optional(string, null)<br>    serviceaccount_name = optional(string, null)<br>    rm_role_policy = optional(object({<br>      remove           = optional(bool, false)<br>      detach_from_role = optional(bool, false)<br>      policy_name      = optional(string, "")<br>    }), {})<br>  })</pre> | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Mappings for custom IRSA configurations. | <pre>list(object({<br>    name                = string<br>    namespace           = string<br>    serviceaccount_name = string<br>    policy              = string #json<br>  }))</pre> | `[]` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | Overrides the KMS key information. Meant for migrated configurations.<br>    {<br>      key\_id  = KMS key id.<br>      key\_arn = KMS key arn.<br>      enabled = KMS key is enabled.<br>    } | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | `null` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
+| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br/>    enabled                         = optional(bool, false)<br/>    namespace                       = optional(string, "domino-compute")<br/>    operator_service_account_name   = optional(string, "pham-juno-operator")<br/>    operator_role_suffix            = optional(string, "external-deployments-operator")<br/>    repository_suffix               = optional(string, "external-deployments")<br/>    bucket_suffix                   = optional(string, "external-deployments")<br/>    enable_assume_any_external_role = optional(bool, true)<br/>    enable_in_account_deployments   = optional(bool, true)<br/>  })</pre> | `{}` | no |
+| <a name="input_flyte"></a> [flyte](#input\_flyte) | Config to provision the flyte infrastructure. | <pre>object({<br/>    enabled                   = optional(bool, false)<br/>    force_destroy_on_deletion = optional(bool, true)<br/>    platform_namespace        = optional(string, "domino-platform")<br/>    compute_namespace         = optional(string, "domino-compute")<br/><br/>  })</pre> | `{}` | no |
+| <a name="input_irsa_external_dns"></a> [irsa\_external\_dns](#input\_irsa\_external\_dns) | Mappings for custom IRSA configurations. | <pre>object({<br/>    enabled             = optional(bool, false)<br/>    hosted_zone_name    = optional(string, null)<br/>    namespace           = optional(string, null)<br/>    serviceaccount_name = optional(string, null)<br/>    rm_role_policy = optional(object({<br/>      remove           = optional(bool, false)<br/>      detach_from_role = optional(bool, false)<br/>      policy_name      = optional(string, "")<br/>    }), {})<br/>  })</pre> | `{}` | no |
+| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Mappings for custom IRSA configurations. | <pre>list(object({<br/>    name                = string<br/>    namespace           = string<br/>    serviceaccount_name = string<br/>    policy              = string #json<br/>  }))</pre> | `[]` | no |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | Overrides the KMS key information. Meant for migrated configurations.<br/>    {<br/>      key\_id  = KMS key id.<br/>      key\_arn = KMS key arn.<br/>      enabled = KMS key is enabled.<br/>    } | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | `null` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
@@ -52,7 +52,7 @@
 |------|-------------|
 | <a name="output_eks"></a> [eks](#output\_eks) | EKS details. |
 | <a name="output_external_deployments_operator"></a> [external\_deployments\_operator](#output\_external\_deployments\_operator) | External deployments operator details. |
-| <a name="output_external_dns_irsa_role_arn"></a> [external\_dns\_irsa\_role\_arn](#output\_external\_dns\_irsa\_role\_arn) | "External\_dns info"<br>  {<br>    irsa\_role = irsa role arn.<br>    zone\_id   = hosted zone id for external\_dns Iam policy<br>    zone\_name = hosted zone name for external\_dns Iam policy<br>  } |
+| <a name="output_external_dns_irsa_role_arn"></a> [external\_dns\_irsa\_role\_arn](#output\_external\_dns\_irsa\_role\_arn) | "External\_dns info"<br/>  {<br/>    irsa\_role = irsa role arn.<br/>    zone\_id   = hosted zone id for external\_dns Iam policy<br/>    zone\_name = hosted zone name for external\_dns Iam policy<br/>  } |
 | <a name="output_flyte"></a> [flyte](#output\_flyte) | Flyte details. |
 | <a name="output_infra"></a> [infra](#output\_infra) | Infra details. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
index d3ca3a49..cc86f1fd 100644
--- a/examples/deploy/terraform/infra/README.md
+++ b/examples/deploy/terraform/infra/README.md
@@ -26,18 +26,18 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string)<br>    bootstrap_extra_args       = optional(string)<br>    instance_types             = list(string)<br>    spot                       = optional(bool)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })))<br>    tags = optional(map(string))<br>    gpu  = optional(bool)<br>    volume = object({<br>      size = string<br>      type = string<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool, true)<br>    ami_id                   = optional(string)<br>    instance_type            = optional(string)<br>    authorized_ssh_ip_ranges = optional(list(string))<br>    username                 = optional(string)<br>    install_binaries         = optional(bool)<br>  })</pre> | n/a | yes |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string))<br>          gpu  = optional(bool)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>          }))<br>      })<br>  })</pre> | n/a | yes |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string)<br/>    bootstrap_extra_args       = optional(string)<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number, 50)<br/>    max_unavailable            = optional(number)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })))<br/>    tags = optional(map(string))<br/>    gpu  = optional(bool)<br/>    volume = object({<br/>      size = string<br/>      type = string<br/>    })<br/>  }))</pre> | `{}` | no |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br/>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br/>    instance\_type            = Instance type.<br/>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br/>    username                 = Bastion user.<br/>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br/>    enabled                  = optional(bool, true)<br/>    ami_id                   = optional(string)<br/>    instance_type            = optional(string)<br/>    authorized_ssh_ip_ranges = optional(list(string))<br/>    username                 = optional(string)<br/>    install_binaries         = optional(bool)<br/>  })</pre> | n/a | yes |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 100)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 100<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            }<br/>          ])<br/>          tags = optional(map(string))<br/>          gpu  = optional(bool)<br/>          volume = optional(object({<br/>            size = optional(number)<br/>            type = optional(string)<br/>          }))<br/>      })<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | n/a | yes |
-| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(map(string))<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
+| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br/>    provision_cost_usage_report = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null) | <pre>object({<br>    enabled = optional(bool)<br>    key_id  = optional(string)<br>  })</pre> | n/a | yes |
-| <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br/>    key\_id  = optional(string, null) | <pre>object({<br/>    enabled = optional(bool)<br/>    key_id  = optional(string)<br/>  })</pre> | n/a | yes |
+| <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      filesystem\_type = File system type(netapp\|efs)<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      netapp = {<br>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br>        storage\_capacity = Filesystem Storage capacity<br>        throughput\_capacity = Filesystem throughput capacity<br>        automatic\_backup\_retention\_days = How many days to keep backups<br>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br><br>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br>          enabled                     = Enable automatic storage capacity increase.<br>          threshold                  = Used storage capacity threshold.<br>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br>          notification\_email\_address = The email address for alarm notification.<br>        }<br>        volume = {<br>          create                     = Create a volume associated with the filesystem.<br>          name\_suffix                = The suffix to name the volume<br>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br>          junction\_path              = filesystem junction path<br>          size\_in\_megabytes          = The size of the volume<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    filesystem_type = optional(string, "efs")<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    netapp = optional(object({<br>      migrate_from_efs = optional(object({<br>        enabled = optional(bool, false)<br>        datasync = optional(object({<br>          enabled  = optional(bool, false)<br>          target   = optional(string, "netapp")<br>          schedule = optional(string, "cron(0 * * * ? *)")<br>        }), {})<br>      }), {})<br>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br>      storage_capacity                  = optional(number, 1024)<br>      throughput_capacity               = optional(number, 128)<br>      automatic_backup_retention_days   = optional(number, 90)<br>      daily_automatic_backup_start_time = optional(string, "00:00")<br>      storage_capacity_autosizing = optional(object({<br>        enabled                    = optional(bool, false)<br>        threshold                  = optional(number, 70)<br>        percent_capacity_increase  = optional(number, 30)<br>        notification_email_address = optional(string, "")<br>      }), {})<br>      volume = optional(object({<br>        create                     = optional(bool, true)<br>        name_suffix                = optional(string, "domino_shared_storage")<br>        storage_efficiency_enabled = optional(bool, true)<br>        junction_path              = optional(string, "/domino")<br>        size_in_megabytes          = optional(number, 1099511)<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }<br/>        volume = {<br/>          create                     = Create a volume associated with the filesystem.<br/>          name\_suffix                = The suffix to name the volume<br/>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br/>          junction\_path              = filesystem junction path<br/>          size\_in\_megabytes          = The size of the volume<br/>        }<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = optional(string, "efs")<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    netapp = optional(object({<br/>      migrate_from_efs = optional(object({<br/>        enabled = optional(bool, false)<br/>        datasync = optional(object({<br/>          enabled  = optional(bool, false)<br/>          target   = optional(string, "netapp")<br/>          schedule = optional(string, "cron(0 * * * ? *)")<br/>        }), {})<br/>      }), {})<br/>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br/>      storage_capacity                  = optional(number, 1024)<br/>      throughput_capacity               = optional(number, 128)<br/>      automatic_backup_retention_days   = optional(number, 90)<br/>      daily_automatic_backup_start_time = optional(string, "00:00")<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool, false)<br/>        threshold                  = optional(number, 70)<br/>        percent_capacity_increase  = optional(number, 30)<br/>        notification_email_address = optional(string, "")<br/>      }), {})<br/>      volume = optional(object({<br/>        create                     = optional(bool, true)<br/>        name_suffix                = optional(string, "domino_shared_storage")<br/>        storage_efficiency_enabled = optional(bool, true)<br/>        junction_path              = optional(string, "/domino")<br/>        size_in_megabytes          = optional(number, 1099511)<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {}),<br/>    enable_remote_backup = optional(bool, false)<br/>    costs_enabled        = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | n/a | yes |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
diff --git a/examples/deploy/terraform/nodes/README.md b/examples/deploy/terraform/nodes/README.md
index 705c38e0..277db9a0 100644
--- a/examples/deploy/terraform/nodes/README.md
+++ b/examples/deploy/terraform/nodes/README.md
@@ -31,8 +31,8 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string)<br>    bootstrap_extra_args       = optional(string)<br>    instance_types             = list(string)<br>    spot                       = optional(bool)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })))<br>    tags = optional(map(string), {})<br>    gpu  = optional(bool)<br>    volume = object({<br>      size = string<br>      type = string<br>    })<br>  }))</pre> | `null` | no |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string)<br>          bootstrap_extra_args       = optional(string)<br>          instance_types             = optional(list(string))<br>          spot                       = optional(bool)<br>          min_per_az                 = optional(number)<br>          max_per_az                 = optional(number)<br>          max_unavailable_percentage = optional(number)<br>          max_unavailable            = optional(number)<br>          desired_per_az             = optional(number)<br>          availability_zone_ids      = list(string)<br>          labels                     = optional(map(string))<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })))<br>          tags = optional(map(string))<br>          gpu  = optional(bool)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>            })<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string)<br>          bootstrap_extra_args       = optional(string)<br>          instance_types             = optional(list(string))<br>          spot                       = optional(bool)<br>          min_per_az                 = optional(number)<br>          max_per_az                 = optional(number)<br>          max_unavailable_percentage = optional(number)<br>          max_unavailable            = optional(number)<br>          desired_per_az             = optional(number)<br>          availability_zone_ids      = list(string)<br>          labels                     = optional(map(string))<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })))<br>          tags = optional(map(string))<br>          gpu  = optional(bool)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>          }))<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string)<br>          bootstrap_extra_args       = optional(string)<br>          instance_types             = optional(list(string))<br>          spot                       = optional(bool)<br>          min_per_az                 = optional(number)<br>          max_per_az                 = optional(number)<br>          max_unavailable_percentage = optional(number)<br>          max_unavailable            = optional(number)<br>          desired_per_az             = optional(number)<br>          availability_zone_ids      = list(string)<br>          labels                     = optional(map(string))<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })))<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>          }))<br>      })<br>  })</pre> | `null` | no |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string)<br/>    bootstrap_extra_args       = optional(string)<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number)<br/>    max_unavailable            = optional(number)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })))<br/>    tags = optional(map(string), {})<br/>    gpu  = optional(bool)<br/>    volume = object({<br/>      size = string<br/>      type = string<br/>    })<br/>  }))</pre> | `null` | no |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string)<br/>          bootstrap_extra_args       = optional(string)<br/>          instance_types             = optional(list(string))<br/>          spot                       = optional(bool)<br/>          min_per_az                 = optional(number)<br/>          max_per_az                 = optional(number)<br/>          max_unavailable_percentage = optional(number)<br/>          max_unavailable            = optional(number)<br/>          desired_per_az             = optional(number)<br/>          availability_zone_ids      = list(string)<br/>          labels                     = optional(map(string))<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })))<br/>          tags = optional(map(string))<br/>          gpu  = optional(bool)<br/>          volume = optional(object({<br/>            size = optional(number)<br/>            type = optional(string)<br/>            })<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string)<br/>          bootstrap_extra_args       = optional(string)<br/>          instance_types             = optional(list(string))<br/>          spot                       = optional(bool)<br/>          min_per_az                 = optional(number)<br/>          max_per_az                 = optional(number)<br/>          max_unavailable_percentage = optional(number)<br/>          max_unavailable            = optional(number)<br/>          desired_per_az             = optional(number)<br/>          availability_zone_ids      = list(string)<br/>          labels                     = optional(map(string))<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })))<br/>          tags = optional(map(string))<br/>          gpu  = optional(bool)<br/>          volume = optional(object({<br/>            size = optional(number)<br/>            type = optional(string)<br/>          }))<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string)<br/>          bootstrap_extra_args       = optional(string)<br/>          instance_types             = optional(list(string))<br/>          spot                       = optional(bool)<br/>          min_per_az                 = optional(number)<br/>          max_per_az                 = optional(number)<br/>          max_unavailable_percentage = optional(number)<br/>          max_unavailable            = optional(number)<br/>          desired_per_az             = optional(number)<br/>          availability_zone_ids      = list(string)<br/>          labels                     = optional(map(string))<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })))<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number)<br/>            type = optional(string)<br/>          }))<br/>      })<br/>  })</pre> | `null` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
diff --git a/modules/eks/README.md b/modules/eks/README.md
index e9349c8b..7c75b0d4 100644
--- a/modules/eks/README.md
+++ b/modules/eks/README.md
@@ -69,19 +69,19 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_bastion_info"></a> [bastion\_info](#input\_bastion\_info) | user                = Bastion username.<br>    public\_ip           = Bastion public ip.<br>    security\_group\_id   = Bastion sg id.<br>    ssh\_bastion\_command = Command to ssh onto bastion. | <pre>object({<br>    user                = string<br>    public_ip           = string<br>    security_group_id   = string<br>    ssh_bastion_command = string<br>  })</pre> | n/a | yes |
-| <a name="input_calico"></a> [calico](#input\_calico) | calico = {<br>      version = Configure the version for Calico<br>      image\_registry = Configure the image registry for Calico<br>    } | <pre>object({<br>    image_registry = optional(string, "quay.io")<br>    version        = optional(string, "v3.28.2")<br>  })</pre> | `{}` | no |
+| <a name="input_bastion_info"></a> [bastion\_info](#input\_bastion\_info) | user                = Bastion username.<br/>    public\_ip           = Bastion public ip.<br/>    security\_group\_id   = Bastion sg id.<br/>    ssh\_bastion\_command = Command to ssh onto bastion. | <pre>object({<br/>    user                = string<br/>    public_ip           = string<br/>    security_group_id   = string<br/>    ssh_bastion_command = string<br/>  })</pre> | n/a | yes |
+| <a name="input_calico"></a> [calico](#input\_calico) | calico = {<br/>      version = Configure the version for Calico<br/>      image\_registry = Configure the image registry for Calico<br/>    } | <pre>object({<br/>    image_registry = optional(string, "quay.io")<br/>    version        = optional(string, "v3.28.2")<br/>  })</pre> | `{}` | no |
 | <a name="input_create_eks_role_arn"></a> [create\_eks\_role\_arn](#input\_create\_eks\_role\_arn) | Role arn to assume during the EKS cluster creation. | `string` | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn = string<br>      username = string<br>      groups = list(string)<br>    }<br>    master\_role\_names = IAM role names to be added as masters in eks.<br>    cluster\_addons = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string, "172.20.0.0/16")<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string, "1.27")<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool, false)<br>      annotate_pod_ip   = optional(bool, true)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(map(string), null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), []),<br>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn = string<br/>      username = string<br/>      groups = list(string)<br/>    }<br/>    master\_role\_names = IAM role names to be added as masters in eks.<br/>    cluster\_addons = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    service_ipv4_cidr  = optional(string, "172.20.0.0/16")<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string, "1.31")<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string, "")<br/>      path       = optional(string, null)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool, false)<br/>      cidrs   = optional(list(string), [])<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })), [])<br/>    master_role_names  = optional(list(string), [])<br/>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br/>    ssm_log_group_name = optional(string, "session-manager")<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool, false)<br/>      annotate_pod_ip   = optional(bool, true)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string, null)<br/>      groups_prefix                 = optional(string, null)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string, null)<br/>      required_claims               = optional(map(string), null)<br/>      username_claim                = optional(string, null)<br/>      username_prefix               = optional(string, null)<br/>    })), []),<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>    })<br>    vpc_cidrs = optional(string, "10.0.0.0/16")<br>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      pod = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>    })<br/>    vpc_cidrs = optional(string, "10.0.0.0/16")<br/>  })</pre> | n/a | yes |
 | <a name="input_node_iam_policies"></a> [node\_iam\_policies](#input\_node\_iam\_policies) | Additional IAM Policy Arns for Nodes | `list(string)` | n/a | yes |
-| <a name="input_privatelink"></a> [privatelink](#input\_privatelink) | {<br>      enabled = Enable Private Link connections.<br>      namespace = Namespace for IAM Policy conditions.<br>      monitoring\_bucket = Bucket for NLBs monitoring.<br>      route53\_hosted\_zone\_name = Hosted zone for External DNS zone.<br>      vpc\_endpoint\_services = [{<br>        name      = Name of the VPC Endpoint Service.<br>        ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]<br>        cert\_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.<br>        private\_dns = Private DNS for the VPC Endpoint Service.<br>      }]<br>    } | <pre>object({<br>    enabled                  = optional(bool, false)<br>    namespace                = optional(string, "domino-platform")<br>    monitoring_bucket        = optional(string, null)<br>    route53_hosted_zone_name = optional(string, null)<br>    vpc_endpoint_services = optional(list(object({<br>      name        = optional(string)<br>      ports       = optional(list(number))<br>      cert_arn    = optional(string)<br>      private_dns = optional(string)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_privatelink"></a> [privatelink](#input\_privatelink) | {<br/>      enabled = Enable Private Link connections.<br/>      namespace = Namespace for IAM Policy conditions.<br/>      monitoring\_bucket = Bucket for NLBs monitoring.<br/>      route53\_hosted\_zone\_name = Hosted zone for External DNS zone.<br/>      vpc\_endpoint\_services = [{<br/>        name      = Name of the VPC Endpoint Service.<br/>        ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]<br/>        cert\_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.<br/>        private\_dns = Private DNS for the VPC Endpoint Service.<br/>      }]<br/>    } | <pre>object({<br/>    enabled                  = optional(bool, false)<br/>    namespace                = optional(string, "domino-platform")<br/>    monitoring_bucket        = optional(string, null)<br/>    route53_hosted_zone_name = optional(string, null)<br/>    vpc_endpoint_services = optional(list(object({<br/>      name        = optional(string)<br/>      ports       = optional(list(number))<br/>      cert_arn    = optional(string)<br/>      private_dns = optional(string)<br/>    })), [])<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
-| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br>    path          = string<br>    key_pair_name = string<br>  })</pre> | n/a | yes |
-| <a name="input_storage_info"></a> [storage\_info](#input\_storage\_info) | Defines the configuration for different storage types like EFS, S3, and ECR. | <pre>object({<br>    efs = optional(object({<br>      security_group_id = optional(string, null)<br>    }), null)<br>    netapp = optional(object({<br>      svm = object({<br>        name             = optional(string, null)<br>        management_ip    = optional(string, null)<br>        nfs_ip           = optional(string, null)<br>        creds_secret_arn = optional(string, null)<br>      })<br>      filesystem = object({<br>        id                = optional(string, null)<br>        security_group_id = optional(string, null)<br>      })<br>      volume = object({<br>        name = optional(string, null)<br>      })<br>    }), null)<br>  })</pre> | `{}` | no |
+| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br/>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br/>    path          = string<br/>    key_pair_name = string<br/>  })</pre> | n/a | yes |
+| <a name="input_storage_info"></a> [storage\_info](#input\_storage\_info) | Defines the configuration for different storage types like EFS, S3, and ECR. | <pre>object({<br/>    efs = optional(object({<br/>      security_group_id = optional(string, null)<br/>    }), null)<br/>    netapp = optional(object({<br/>      svm = object({<br/>        name             = optional(string, null)<br/>        management_ip    = optional(string, null)<br/>        nfs_ip           = optional(string, null)<br/>        creds_secret_arn = optional(string, null)<br/>      })<br/>      filesystem = object({<br/>        id                = optional(string, null)<br/>        security_group_id = optional(string, null)<br/>      })<br/>      volume = object({<br/>        name = optional(string, null)<br/>      })<br/>    }), null)<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
diff --git a/modules/eks/submodules/k8s/README.md b/modules/eks/submodules/k8s/README.md
index c31aba67..e076a335 100644
--- a/modules/eks/submodules/k8s/README.md
+++ b/modules/eks/submodules/k8s/README.md
@@ -32,9 +32,9 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_bastion_info"></a> [bastion\_info](#input\_bastion\_info) | user                = Bastion username.<br>    public\_ip           = Bastion public ip.<br>    security\_group\_id   = Bastion sg id.<br>    ssh\_bastion\_command = Command to ssh onto bastion. | <pre>object({<br>    user                = string<br>    public_ip           = string<br>    security_group_id   = string<br>    ssh_bastion_command = string<br>  })</pre> | n/a | yes |
-| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br>      version           = K8s version.<br>      arn               = EKS Cluster arn.<br>      security\_group\_id = EKS Cluster security group id.<br>      endpoint          = EKS Cluster API endpoint.<br>      roles             = Default IAM Roles associated with the EKS cluster. {<br>        name = string<br>        arn = string<br>      }<br>      custom\_roles      = Custom IAM Roles associated with the EKS cluster. {<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }<br>      oidc = {<br>        arn = OIDC provider ARN.<br>        url = OIDC provider url.<br>      }<br>    }<br>    nodes = {<br>      security\_group\_id = EKS Nodes security group id.<br>      roles = IAM Roles associated with the EKS Nodes.{<br>        name = string<br>        arn  = string<br>      }<br>    }<br>    kubeconfig = Kubeconfig details.{<br>      path       = string<br>      extra\_args = string<br>    }<br>    calico = {<br>      version = Configuration the version for Calico<br>      image\_registry = Configure the image registry for Calico<br>    } | <pre>object({<br>    cluster = object({<br>      version           = string<br>      arn               = string<br>      security_group_id = string<br>      endpoint          = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>      custom_roles = list(object({<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }))<br>      oidc = object({<br>        arn = string<br>        url = string<br>      })<br>    })<br>    nodes = object({<br>      nodes_master      = bool<br>      security_group_id = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>    })<br>    kubeconfig = object({<br>      path       = string<br>      extra_args = string<br>    })<br>    calico = object({<br>      version        = string<br>      image_registry = string<br>    })<br>  })</pre> | n/a | yes |
-| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br>    path          = string<br>    key_pair_name = string<br>  })</pre> | n/a | yes |
+| <a name="input_bastion_info"></a> [bastion\_info](#input\_bastion\_info) | user                = Bastion username.<br/>    public\_ip           = Bastion public ip.<br/>    security\_group\_id   = Bastion sg id.<br/>    ssh\_bastion\_command = Command to ssh onto bastion. | <pre>object({<br/>    user                = string<br/>    public_ip           = string<br/>    security_group_id   = string<br/>    ssh_bastion_command = string<br/>  })</pre> | n/a | yes |
+| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br/>      version           = K8s version.<br/>      arn               = EKS Cluster arn.<br/>      security\_group\_id = EKS Cluster security group id.<br/>      endpoint          = EKS Cluster API endpoint.<br/>      roles             = Default IAM Roles associated with the EKS cluster. {<br/>        name = string<br/>        arn = string<br/>      }<br/>      custom\_roles      = Custom IAM Roles associated with the EKS cluster. {<br/>        rolearn  = string<br/>        username = string<br/>        groups   = list(string)<br/>      }<br/>      oidc = {<br/>        arn = OIDC provider ARN.<br/>        url = OIDC provider url.<br/>      }<br/>    }<br/>    nodes = {<br/>      security\_group\_id = EKS Nodes security group id.<br/>      roles = IAM Roles associated with the EKS Nodes.{<br/>        name = string<br/>        arn  = string<br/>      }<br/>    }<br/>    kubeconfig = Kubeconfig details.{<br/>      path       = string<br/>      extra\_args = string<br/>    }<br/>    calico = {<br/>      version = Configuration the version for Calico<br/>      image\_registry = Configure the image registry for Calico<br/>    } | <pre>object({<br/>    cluster = object({<br/>      version           = string<br/>      arn               = string<br/>      security_group_id = string<br/>      endpoint          = string<br/>      roles = list(object({<br/>        name = string<br/>        arn  = string<br/>      }))<br/>      custom_roles = list(object({<br/>        rolearn  = string<br/>        username = string<br/>        groups   = list(string)<br/>      }))<br/>      oidc = object({<br/>        arn = string<br/>        url = string<br/>      })<br/>    })<br/>    nodes = object({<br/>      nodes_master      = bool<br/>      security_group_id = string<br/>      roles = list(object({<br/>        name = string<br/>        arn  = string<br/>      }))<br/>    })<br/>    kubeconfig = object({<br/>      path       = string<br/>      extra_args = string<br/>    })<br/>    calico = object({<br/>      version        = string<br/>      image_registry = string<br/>    })<br/>  })</pre> | n/a | yes |
+| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br/>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br/>    path          = string<br/>    key_pair_name = string<br/>  })</pre> | n/a | yes |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
diff --git a/modules/eks/submodules/privatelink/README.md b/modules/eks/submodules/privatelink/README.md
index 8238b6c8..7010064a 100644
--- a/modules/eks/submodules/privatelink/README.md
+++ b/modules/eks/submodules/privatelink/README.md
@@ -39,9 +39,9 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | {<br>      vpc\_id = VPC Id.<br>      subnets = {<br>        private = Private subnets.<br>        public  = Public subnets.<br>        pod     = Pod subnets.<br>      }), {})<br>    }), {}) | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>    })<br>    vpc_cidrs = string<br>  })</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | {<br/>      vpc\_id = VPC Id.<br/>      subnets = {<br/>        private = Private subnets.<br/>        public  = Public subnets.<br/>        pod     = Pod subnets.<br/>      }), {})<br/>    }), {}) | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      private = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      pod = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>    })<br/>    vpc_cidrs = string<br/>  })</pre> | n/a | yes |
 | <a name="input_oidc_provider_id"></a> [oidc\_provider\_id](#input\_oidc\_provider\_id) | OIDC Provider ID | `string` | n/a | yes |
-| <a name="input_privatelink"></a> [privatelink](#input\_privatelink) | {<br>      enabled = Enable Private Link connections.<br>      namespace = Namespace for IAM Policy conditions.<br>      monitoring\_bucket = Bucket for NLBs monitoring.<br>      route53\_hosted\_zone\_name = Hosted zone for External DNS zone.<br>      vpc\_endpoint\_services = [{<br>        name      = Name of the VPC Endpoint Service.<br>        ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]<br>        cert\_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.<br>        private\_dns = Private DNS for the VPC Endpoint Service.<br>      }]<br>    } | <pre>object({<br>    enabled                  = optional(bool, false)<br>    namespace                = optional(string, "domino-platform")<br>    monitoring_bucket        = optional(string, null)<br>    route53_hosted_zone_name = optional(string, null)<br>    vpc_endpoint_services = optional(list(object({<br>      name        = optional(string)<br>      ports       = optional(list(number))<br>      cert_arn    = optional(string)<br>      private_dns = optional(string)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_privatelink"></a> [privatelink](#input\_privatelink) | {<br/>      enabled = Enable Private Link connections.<br/>      namespace = Namespace for IAM Policy conditions.<br/>      monitoring\_bucket = Bucket for NLBs monitoring.<br/>      route53\_hosted\_zone\_name = Hosted zone for External DNS zone.<br/>      vpc\_endpoint\_services = [{<br/>        name      = Name of the VPC Endpoint Service.<br/>        ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]<br/>        cert\_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.<br/>        private\_dns = Private DNS for the VPC Endpoint Service.<br/>      }]<br/>    } | <pre>object({<br/>    enabled                  = optional(bool, false)<br/>    namespace                = optional(string, "domino-platform")<br/>    monitoring_bucket        = optional(string, null)<br/>    route53_hosted_zone_name = optional(string, null)<br/>    vpc_endpoint_services = optional(list(object({<br/>      name        = optional(string)<br/>      ports       = optional(list(number))<br/>      cert_arn    = optional(string)<br/>      private_dns = optional(string)<br/>    })), [])<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
index 3abdcbc6..0d9d6ba1 100644
--- a/modules/eks/variables.tf
+++ b/modules/eks/variables.tf
@@ -144,7 +144,7 @@ variable "eks" {
   type = object({
     service_ipv4_cidr  = optional(string, "172.20.0.0/16")
     creation_role_name = optional(string, null)
-    k8s_version        = optional(string, "1.27")
+    k8s_version        = optional(string, "1.31")
     nodes_master       = optional(bool, false)
     kubeconfig = optional(object({
       extra_args = optional(string, "")
diff --git a/modules/external-deployments/README.md b/modules/external-deployments/README.md
index 11981985..0212f181 100644
--- a/modules/external-deployments/README.md
+++ b/modules/external-deployments/README.md
@@ -38,9 +38,9 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br>      specs {<br>        name            = Cluster name.<br>        account\_id      = AWS account id where the cluster resides.<br>      }<br>      oidc = {<br>        arn = OIDC provider ARN.<br>        url = OIDC provider url.<br>        cert = {<br>          thumbprint\_list = OIDC cert thumbprints.<br>          url             = OIDC cert URL.<br>      }<br>    } | <pre>object({<br>    cluster = object({<br>      specs = object({<br>        name       = string<br>        account_id = string<br>      })<br>      oidc = object({<br>        arn = string<br>        url = string<br>        cert = object({<br>          thumbprint_list = list(string)<br>          url             = string<br>        })<br>      })<br>    })<br>  })</pre> | n/a | yes |
-| <a name="input_external_deployments"></a> [external\_deployments](#input\_external\_deployments) | Config to create IRSA role for the external deployments operator. | <pre>object({<br>    namespace                       = optional(string, "domino-compute")<br>    operator_service_account_name   = optional(string, "pham-juno-operator")<br>    operator_role_suffix            = optional(string, "external-deployments-operator")<br>    repository_suffix               = optional(string, "external-deployments")<br>    bucket_suffix                   = optional(string, "external-deployments")<br>    enable_assume_any_external_role = optional(bool, true)<br>    enable_in_account_deployments   = optional(bool, true)<br>  })</pre> | `{}` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
+| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br/>      specs {<br/>        name            = Cluster name.<br/>        account\_id      = AWS account id where the cluster resides.<br/>      }<br/>      oidc = {<br/>        arn = OIDC provider ARN.<br/>        url = OIDC provider url.<br/>        cert = {<br/>          thumbprint\_list = OIDC cert thumbprints.<br/>          url             = OIDC cert URL.<br/>      }<br/>    } | <pre>object({<br/>    cluster = object({<br/>      specs = object({<br/>        name       = string<br/>        account_id = string<br/>      })<br/>      oidc = object({<br/>        arn = string<br/>        url = string<br/>        cert = object({<br/>          thumbprint_list = list(string)<br/>          url             = string<br/>        })<br/>      })<br/>    })<br/>  })</pre> | n/a | yes |
+| <a name="input_external_deployments"></a> [external\_deployments](#input\_external\_deployments) | Config to create IRSA role for the external deployments operator. | <pre>object({<br/>    namespace                       = optional(string, "domino-compute")<br/>    operator_service_account_name   = optional(string, "pham-juno-operator")<br/>    operator_role_suffix            = optional(string, "external-deployments-operator")<br/>    repository_suffix               = optional(string, "external-deployments")<br/>    bucket_suffix                   = optional(string, "external-deployments")<br/>    enable_assume_any_external_role = optional(bool, true)<br/>    enable_in_account_deployments   = optional(bool, true)<br/>  })</pre> | `{}` | no |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 
 ## Outputs
diff --git a/modules/flyte/README.md b/modules/flyte/README.md
index f411c348..a89e7b8c 100644
--- a/modules/flyte/README.md
+++ b/modules/flyte/README.md
@@ -48,12 +48,12 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_compute_namespace"></a> [compute\_namespace](#input\_compute\_namespace) | Name of Domino compute namespace for this deploy | `string` | n/a | yes |
-| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br>      specs {<br>        name            = Cluster name.<br>        account\_id      = AWS account id where the cluster resides.<br>      }<br>      oidc = {<br>        arn = OIDC provider ARN.<br>        url = OIDC provider url.<br>        cert = {<br>          thumbprint\_list = OIDC cert thumbprints.<br>          url             = OIDC cert URL.<br>      }<br>    } | <pre>object({<br>    cluster = object({<br>      specs = object({<br>        name       = string<br>        account_id = string<br>      })<br>      oidc = object({<br>        arn = string<br>        url = string<br>        cert = object({<br>          thumbprint_list = list(string)<br>          url             = string<br>        })<br>      })<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br/>      specs {<br/>        name            = Cluster name.<br/>        account\_id      = AWS account id where the cluster resides.<br/>      }<br/>      oidc = {<br/>        arn = OIDC provider ARN.<br/>        url = OIDC provider url.<br/>        cert = {<br/>          thumbprint\_list = OIDC cert thumbprints.<br/>          url             = OIDC cert URL.<br/>      }<br/>    } | <pre>object({<br/>    cluster = object({<br/>      specs = object({<br/>        name       = string<br/>        account_id = string<br/>      })<br/>      oidc = object({<br/>        arn = string<br/>        url = string<br/>        cert = object({<br/>          thumbprint_list = list(string)<br/>          url             = string<br/>        })<br/>      })<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_force_destroy_on_deletion"></a> [force\_destroy\_on\_deletion](#input\_force\_destroy\_on\_deletion) | Whether to force destroy flyte s3 buckets on deletion | `bool` | `true` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
 | <a name="input_platform_namespace"></a> [platform\_namespace](#input\_platform\_namespace) | Name of Domino platform namespace for this deploy | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
-| <a name="input_serviceaccount_names"></a> [serviceaccount\_names](#input\_serviceaccount\_names) | Service account names for Flyte | <pre>object({<br>    datacatalog    = optional(string, "datacatalog")<br>    flyteadmin     = optional(string, "flyteadmin")<br>    flytepropeller = optional(string, "flytepropeller")<br>  })</pre> | `{}` | no |
+| <a name="input_serviceaccount_names"></a> [serviceaccount\_names](#input\_serviceaccount\_names) | Service account names for Flyte | <pre>object({<br/>    datacatalog    = optional(string, "datacatalog")<br/>    flyteadmin     = optional(string, "flyteadmin")<br/>    flytepropeller = optional(string, "flytepropeller")<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/infra/README.md b/modules/infra/README.md
index 908f4716..d17bb906 100644
--- a/modules/infra/README.md
+++ b/modules/infra/README.md
@@ -53,21 +53,21 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string, null)<br>    bootstrap_extra_args       = optional(string, "")<br>    instance_types             = list(string)<br>    spot                       = optional(bool, false)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    tags = optional(map(string), {})<br>    gpu  = optional(bool, null)<br>    volume = object({<br>      size       = string<br>      type       = string<br>      iops       = optional(number)<br>      throughput = optional(number, 500)<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool, true)<br>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br>    instance_type            = optional(string, "t3.micro")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    username                 = optional(string, "ec2-user")<br>    install_binaries         = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size       = optional(number, 1000)<br>            type       = optional(string, "gp3")<br>            iops       = optional(number)<br>            throughput = optional(number, 500)<br>            }), {<br>            size       = 1000<br>            type       = "gp3"<br>            iops       = null<br>            throughput = 500<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      })<br>  })</pre> | n/a | yes |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string, null)<br/>    bootstrap_extra_args       = optional(string, "")<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool, false)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number, 50)<br/>    max_unavailable            = optional(number)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    tags = optional(map(string), {})<br/>    gpu  = optional(bool, null)<br/>    volume = object({<br/>      size       = string<br/>      type       = string<br/>      iops       = optional(number)<br/>      throughput = optional(number, 500)<br/>    })<br/>  }))</pre> | `{}` | no |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br/>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br/>    instance\_type            = Instance type.<br/>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br/>    username                 = Bastion user.<br/>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br/>    enabled                  = optional(bool, true)<br/>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br/>    instance_type            = optional(string, "t3.micro")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    username                 = optional(string, "ec2-user")<br/>    install_binaries         = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size       = optional(number, 1000)<br/>            type       = optional(string, "gp3")<br/>            iops       = optional(number)<br/>            throughput = optional(number, 500)<br/>            }), {<br/>            size       = 1000<br/>            type       = "gp3"<br/>            iops       = null<br/>            throughput = 500<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 100)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 100<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            }<br/>          ])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      })<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | `"domino-eks"` | no |
-| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string, "1.27")<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(map(string), null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br/>    provision_cost_usage_report = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string, "1.31")<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string, "")<br/>      path       = optional(string, null)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool, false)<br/>      cidrs   = optional(list(string), [])<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })), [])<br/>    master_role_names  = optional(list(string), [])<br/>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br/>    ssm_log_group_name = optional(string, "session-manager")<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string, null)<br/>      groups_prefix                 = optional(string, null)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string, null)<br/>      required_claims               = optional(map(string), null)<br/>      username_claim                = optional(string, null)<br/>      username_prefix               = optional(string, null)<br/>    })), [])<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms"></a> [kms](#input\_kms) | enabled             = "Toggle, if set use either the specified KMS key\_id or a Domino-generated one"<br>    key\_id              = optional(string, null)<br>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br>    enabled             = optional(bool, true)<br>    key_id              = optional(string, null)<br>    additional_policies = optional(list(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_kms"></a> [kms](#input\_kms) | enabled             = "Toggle, if set use either the specified KMS key\_id or a Domino-generated one"<br/>    key\_id              = optional(string, null)<br/>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br/>    enabled             = optional(bool, true)<br/>    key_id              = optional(string, null)<br/>    additional_policies = optional(list(string), [])<br/>  })</pre> | `{}` | no |
+| <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      filesystem\_type = File system type(netapp\|efs)<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      netapp = {<br>        migrate\_from\_efs = {<br>          enabled =  When enabled, both EFS and NetApp resources will be provisioned simultaneously during the migration period.<br>          datasync = {<br>            enabled  = Toggle to enable AWS DataSync for automated data transfer from EFS to NetApp FSx.<br>            schedule = Cron-style schedule for the DataSync task, specifying how often the data transfer will occur (default: hourly).<br>          }<br>        }<br>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br>        storage\_capacity = Filesystem Storage capacity<br>        throughput\_capacity = Filesystem throughput capacity<br>        automatic\_backup\_retention\_days = How many days to keep backups<br>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br><br>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br>          enabled                     = Enable automatic storage capacity increase.<br>          threshold                  = Used storage capacity threshold.<br>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br>          notification\_email\_address = The email address for alarm notification.<br>        }<br>        volume = {<br>          create                     = Create a volume associated with the filesystem.<br>          name\_suffix                = The suffix to name the volume<br>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br>          junction\_path              = filesystem junction path<br>          size\_in\_megabytes          = The size of the volume<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    filesystem_type = optional(string, "efs")<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    netapp = optional(object({<br>      migrate_from_efs = optional(object({<br>        enabled = optional(bool, false)<br>        datasync = optional(object({<br>          enabled  = optional(bool, false)<br>          target   = optional(string, "netapp")<br>          schedule = optional(string, "cron(0 * * * ? *)")<br>        }), {})<br>      }), {})<br>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br>      storage_capacity                  = optional(number, 1024)<br>      throughput_capacity               = optional(number, 128)<br>      automatic_backup_retention_days   = optional(number, 90)<br>      daily_automatic_backup_start_time = optional(string, "00:00")<br>      storage_capacity_autosizing = optional(object({<br>        enabled                    = optional(bool, false)<br>        threshold                  = optional(number, 70)<br>        percent_capacity_increase  = optional(number, 30)<br>        notification_email_address = optional(string, "")<br>      }), {})<br>      volume = optional(object({<br>        create                     = optional(bool, true)<br>        name_suffix                = optional(string, "domino_shared_storage")<br>        storage_efficiency_enabled = optional(bool, true)<br>        junction_path              = optional(string, "/domino")<br>        size_in_megabytes          = optional(number, 1048576)<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        migrate\_from\_efs = {<br/>          enabled =  When enabled, both EFS and NetApp resources will be provisioned simultaneously during the migration period.<br/>          datasync = {<br/>            enabled  = Toggle to enable AWS DataSync for automated data transfer from EFS to NetApp FSx.<br/>            schedule = Cron-style schedule for the DataSync task, specifying how often the data transfer will occur (default: hourly).<br/>          }<br/>        }<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }<br/>        volume = {<br/>          create                     = Create a volume associated with the filesystem.<br/>          name\_suffix                = The suffix to name the volume<br/>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br/>          junction\_path              = filesystem junction path<br/>          size\_in\_megabytes          = The size of the volume<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = optional(string, "efs")<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    netapp = optional(object({<br/>      migrate_from_efs = optional(object({<br/>        enabled = optional(bool, false)<br/>        datasync = optional(object({<br/>          enabled  = optional(bool, false)<br/>          target   = optional(string, "netapp")<br/>          schedule = optional(string, "cron(0 * * * ? *)")<br/>        }), {})<br/>      }), {})<br/>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br/>      storage_capacity                  = optional(number, 1024)<br/>      throughput_capacity               = optional(number, 128)<br/>      automatic_backup_retention_days   = optional(number, 90)<br/>      daily_automatic_backup_start_time = optional(string, "00:00")<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool, false)<br/>        threshold                  = optional(number, 70)<br/>        percent_capacity_increase  = optional(number, 30)<br/>        notification_email_address = optional(string, "")<br/>      }), {})<br/>      volume = optional(object({<br/>        create                     = optional(bool, true)<br/>        name_suffix                = optional(string, "domino_shared_storage")<br/>        storage_efficiency_enabled = optional(bool, true)<br/>        junction_path              = optional(string, "/domino")<br/>        size_in_megabytes          = optional(number, 1048576)<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {}),<br/>    enable_remote_backup = optional(bool, false)<br/>    costs_enabled        = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
-| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br>    connections = List of VPN connections, each with:<br>      - name: Name for identification (optional).<br>      - shared\_ip: Customer's shared IP Address (optional).<br>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br>    create = optional(bool, false)<br>    connections = optional(list(object({<br>      name        = optional(string, "")<br>      shared_ip   = optional(string, "")<br>      cidr_blocks = optional(list(string), [])<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br/>    connections = List of VPN connections, each with:<br/>      - name: Name for identification (optional).<br/>      - shared\_ip: Customer's shared IP Address (optional).<br/>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br/>    create = optional(bool, false)<br/>    connections = optional(list(object({<br/>      name        = optional(string, "")<br/>      shared_ip   = optional(string, "")<br/>      cidr_blocks = optional(list(string), [])<br/>    })), [])<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/infra/submodules/bastion/README.md b/modules/infra/submodules/bastion/README.md
index a70e30bd..bd2d3887 100644
--- a/modules/infra/submodules/bastion/README.md
+++ b/modules/infra/submodules/bastion/README.md
@@ -48,13 +48,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'al2023' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = bool<br>    ami_id                   = optional(string) # default will use the latest 'al2023' ami<br>    instance_type            = optional(string)<br>    authorized_ssh_ip_ranges = optional(list(string))<br>    username                 = optional(string)<br>    install_binaries         = optional(bool)<br>  })</pre> | n/a | yes |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br/>    ami                      = Ami id. Defaults to latest 'al2023' ami.<br/>    instance\_type            = Instance type.<br/>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br/>    username                 = Bastion user.<br/>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br/>    enabled                  = bool<br/>    ami_id                   = optional(string) # default will use the latest 'al2023' ami<br/>    instance_type            = optional(string)<br/>    authorized_ssh_ip_ranges = optional(list(string))<br/>    username                 = optional(string)<br/>    install_binaries         = optional(bool)<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_k8s_version"></a> [k8s\_version](#input\_k8s\_version) | K8s version used to download/install the kubectl binary | `string` | n/a | yes |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>      pod = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>      pod = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
-| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br>    path          = string<br>    key_pair_name = string<br>  })</pre> | n/a | yes |
+| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br/>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br/>    path          = string<br/>    key_pair_name = string<br/>  })</pre> | n/a | yes |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
diff --git a/modules/infra/submodules/cost-usage-report/README.md b/modules/infra/submodules/cost-usage-report/README.md
index d0e01298..e45ddbcd 100644
--- a/modules/infra/submodules/cost-usage-report/README.md
+++ b/modules/infra/submodules/cost-usage-report/README.md
@@ -81,10 +81,10 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cost_usage_report"></a> [cost\_usage\_report](#input\_cost\_usage\_report) | athena\_result\_bucket\_suffix = Name of the S3 bucket into which Athena will put the cost data.<br>    report\_bucket\_name\_suffix = Suffix of the S3 bucket into which CUR will put the cost data.<br>    aws\_glue\_database\_suffix = Suffix of the Glue's DB.<br>    report\_name = Name of the Cost and Usage Report which will be created.<br>    report\_frequency = How often the Cost and Usage Report will be generated. HOURLY or DAILY.<br>    report\_versioning = Whether reports should be overwritten or new ones should be created.<br>    report\_format = Format for report. Valid values are: textORcsv, Parquet. If Parquet is used, then Compression must also be Parquet.<br>    report\_compression = Compression format for report. Valid values are: GZIP, ZIP, Parquet. If Parquet is used, then format must also be Parquet.<br>    s3\_bucket\_prefix = Prefix in the S3 bucket to put reports. | <pre>object({<br>    athena_result_bucket_suffix = string<br>    report_bucket_name_suffix   = string<br>    aws_glue_database_suffix    = string<br>    report_name                 = string<br>    report_frequency            = string<br>    report_versioning           = string<br>    report_format               = string<br>    report_compression          = string<br>    s3_bucket_prefix            = string<br>  })</pre> | <pre>{<br>  "athena_result_bucket_suffix": "aws-athena-query-results-costs",<br>  "aws_glue_database_suffix": "athena-cur-cost-db",<br>  "report_bucket_name_suffix": "cur-report",<br>  "report_compression": "Parquet",<br>  "report_format": "Parquet",<br>  "report_frequency": "DAILY",<br>  "report_name": "cur-report",<br>  "report_versioning": "OVERWRITE_REPORT",<br>  "s3_bucket_prefix": "cur"<br>}</pre> | no |
+| <a name="input_cost_usage_report"></a> [cost\_usage\_report](#input\_cost\_usage\_report) | athena\_result\_bucket\_suffix = Name of the S3 bucket into which Athena will put the cost data.<br/>    report\_bucket\_name\_suffix = Suffix of the S3 bucket into which CUR will put the cost data.<br/>    aws\_glue\_database\_suffix = Suffix of the Glue's DB.<br/>    report\_name = Name of the Cost and Usage Report which will be created.<br/>    report\_frequency = How often the Cost and Usage Report will be generated. HOURLY or DAILY.<br/>    report\_versioning = Whether reports should be overwritten or new ones should be created.<br/>    report\_format = Format for report. Valid values are: textORcsv, Parquet. If Parquet is used, then Compression must also be Parquet.<br/>    report\_compression = Compression format for report. Valid values are: GZIP, ZIP, Parquet. If Parquet is used, then format must also be Parquet.<br/>    s3\_bucket\_prefix = Prefix in the S3 bucket to put reports. | <pre>object({<br/>    athena_result_bucket_suffix = string<br/>    report_bucket_name_suffix   = string<br/>    aws_glue_database_suffix    = string<br/>    report_name                 = string<br/>    report_frequency            = string<br/>    report_versioning           = string<br/>    report_format               = string<br/>    report_compression          = string<br/>    s3_bucket_prefix            = string<br/>  })</pre> | <pre>{<br/>  "athena_result_bucket_suffix": "aws-athena-query-results-costs",<br/>  "aws_glue_database_suffix": "athena-cur-cost-db",<br/>  "report_bucket_name_suffix": "cur-report",<br/>  "report_compression": "Parquet",<br/>  "report_format": "Parquet",<br/>  "report_frequency": "DAILY",<br/>  "report_name": "cur-report",<br/>  "report_versioning": "OVERWRITE_REPORT",<br/>  "s3_bucket_prefix": "cur"<br/>}</pre> | no |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | vpc\_id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>      pod = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | vpc\_id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>      pod = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags which will be applied to provisioned resources. | `map(string)` | `{}` | no |
 
@@ -92,5 +92,5 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_info"></a> [info](#output\_info) | athena\_info\_configs = "Athena based cost reporting config information for kubecost cost-analyzer"<br>   athena\_region"  = "athena region"<br>   athena\_query\_result\_s3 = "S3 location for athena query results"<br>   cur\_report\_bucket\_name = "Name of S3 bucket used for storing CUR data. This may be provisioned by this module or not."<br>   glue\_catalog\_database\_name = "Name of the Glue Catalog Database which is populated with CUR data."<br>   glue\_catalog\_table\_name = "Name of the Glue Catalog table which is populated with CUR data."<br>   glue\_catalog\_status\_table\_name = "Name of the Glue Catalog table which is populated with CUR data's status."<br>   report\_name = "Name of the provisioned Cost and Usage Report."<br>   s3\_bucket\_region  = "Region where the S3 bucket used for storing CUR data is provisioned. This may be provisioned by this module or not."<br>   athena\_work\_group = "Athena workgroup to execute queries"<br>   cur\_iam\_policy\_arn = CUR IAM Policy ARN. |
+| <a name="output_info"></a> [info](#output\_info) | athena\_info\_configs = "Athena based cost reporting config information for kubecost cost-analyzer"<br/>   athena\_region"  = "athena region"<br/>   athena\_query\_result\_s3 = "S3 location for athena query results"<br/>   cur\_report\_bucket\_name = "Name of S3 bucket used for storing CUR data. This may be provisioned by this module or not."<br/>   glue\_catalog\_database\_name = "Name of the Glue Catalog Database which is populated with CUR data."<br/>   glue\_catalog\_table\_name = "Name of the Glue Catalog table which is populated with CUR data."<br/>   glue\_catalog\_status\_table\_name = "Name of the Glue Catalog table which is populated with CUR data's status."<br/>   report\_name = "Name of the provisioned Cost and Usage Report."<br/>   s3\_bucket\_region  = "Region where the S3 bucket used for storing CUR data is provisioned. This may be provisioned by this module or not."<br/>   athena\_work\_group = "Athena workgroup to execute queries"<br/>   cur\_iam\_policy\_arn = CUR IAM Policy ARN. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/infra/submodules/network/README.md b/modules/infra/submodules/network/README.md
index ca210b42..d7c3eb01 100644
--- a/modules/infra/submodules/network/README.md
+++ b/modules/infra/submodules/network/README.md
@@ -54,8 +54,8 @@ No modules.
 | <a name="input_add_eks_elb_tags"></a> [add\_eks\_elb\_tags](#input\_add\_eks\_elb\_tags) | Toggle k8s cluster tag on subnet | `bool` | `true` | no |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_flow_log_bucket_arn"></a> [flow\_log\_bucket\_arn](#input\_flow\_log\_bucket\_arn) | Bucket for vpc flow logging | `object({ arn = string })` | `null` | no |
-| <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string)<br>      subnets = optional(object({<br>        private = optional(list(string))<br>        public  = optional(list(string))<br>        pod     = optional(list(string))<br>      }))<br>    }))<br>    network_bits = optional(object({<br>      public  = optional(number)<br>      private = optional(number)<br>      pod     = optional(number)<br>      }<br>    ))<br>    cidrs = optional(object({<br>      vpc = optional(string)<br>      pod = optional(string)<br>    }))<br>    use_pod_cidr = optional(bool)<br>  })</pre> | n/a | yes |
-| <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | EKS managed node groups definition. | <pre>map(object({<br>    ami                   = string<br>    bootstrap_extra_args  = string<br>    instance_types        = list(string)<br>    spot                  = bool<br>    min_per_az            = number<br>    max_per_az            = number<br>    desired_per_az        = number<br>    availability_zone_ids = list(string)<br>    labels                = map(string)<br>    taints = list(object({<br>      key    = string<br>      value  = string<br>      effect = string<br>    }))<br>    tags          = map(string)<br>    instance_tags = map(string)<br>    gpu           = bool<br>    volume = object({<br>      size       = string<br>      type       = string<br>      iops       = optional(number)<br>      throughput = optional(number, 500)<br>    })<br>  }))</pre> | n/a | yes |
+| <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string)<br/>      subnets = optional(object({<br/>        private = optional(list(string))<br/>        public  = optional(list(string))<br/>        pod     = optional(list(string))<br/>      }))<br/>    }))<br/>    network_bits = optional(object({<br/>      public  = optional(number)<br/>      private = optional(number)<br/>      pod     = optional(number)<br/>      }<br/>    ))<br/>    cidrs = optional(object({<br/>      vpc = optional(string)<br/>      pod = optional(string)<br/>    }))<br/>    use_pod_cidr = optional(bool)<br/>  })</pre> | n/a | yes |
+| <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | EKS managed node groups definition. | <pre>map(object({<br/>    ami                   = string<br/>    bootstrap_extra_args  = string<br/>    instance_types        = list(string)<br/>    spot                  = bool<br/>    min_per_az            = number<br/>    max_per_az            = number<br/>    desired_per_az        = number<br/>    availability_zone_ids = list(string)<br/>    labels                = map(string)<br/>    taints = list(object({<br/>      key    = string<br/>      value  = string<br/>      effect = string<br/>    }))<br/>    tags          = map(string)<br/>    instance_tags = map(string)<br/>    gpu           = bool<br/>    volume = object({<br/>      size       = string<br/>      type       = string<br/>      iops       = optional(number)<br/>      throughput = optional(number, 500)<br/>    })<br/>  }))</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 
 ## Outputs
diff --git a/modules/infra/submodules/storage/README.md b/modules/infra/submodules/storage/README.md
index f50ff4a2..6481c1e1 100644
--- a/modules/infra/submodules/storage/README.md
+++ b/modules/infra/submodules/storage/README.md
@@ -92,15 +92,15 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>      private = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      pod = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      filesystem\_type = File system type(netapp\|efs)<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      netapp = {<br>        migrate\_from\_efs = {<br>          enabled =  When enabled, both EFS and NetApp resources will be provisioned simultaneously during the migration period.<br>          datasync = {<br>            enabled  = Toggle to enable AWS DataSync for automated data transfer from EFS to NetApp FSx.<br>            schedule = Cron-style schedule for the DataSync task, specifying how often the data transfer will occur (default: hourly).<br>          }<br>        }<br>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br>        storage\_capacity = Filesystem Storage capacity<br>        throughput\_capacity = Filesystem throughput capacity<br>        automatic\_backup\_retention\_days = How many days to keep backups<br>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br><br>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br>          enabled                     = Enable automatic storage capacity increase.<br>          threshold                  = Used storage capacity threshold.<br>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br>          notification\_email\_address = The email address for alarm notification.<br>        }<br>        volume = {<br>          create                     = Create a volume associated with the filesystem.<br>          name\_suffix                = The suffix to name the volume<br>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br>          junction\_path              = filesystem junction path<br>          size\_in\_megabytes          = The size of the volume<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    filesystem_type = string<br>    efs = optional(object({<br>      access_point_path = optional(string)<br>      backup_vault = optional(object({<br>        create        = optional(bool)<br>        force_destroy = optional(bool)<br>        backup = optional(object({<br>          schedule           = optional(string)<br>          cold_storage_after = optional(number)<br>          delete_after       = optional(number)<br>        }))<br>      }))<br>    }))<br>    netapp = optional(object({<br>      migrate_from_efs = optional(object({<br>        enabled = optional(bool)<br>        datasync = optional(object({<br>          enabled  = optional(bool)<br>          target   = optional(string)<br>          schedule = optional(string)<br>        }))<br>      }))<br>      deployment_type                   = optional(string)<br>      storage_capacity                  = optional(number)<br>      throughput_capacity               = optional(number)<br>      automatic_backup_retention_days   = optional(number)<br>      daily_automatic_backup_start_time = optional(string)<br>      storage_capacity_autosizing = optional(object({<br>        enabled                    = optional(bool)<br>        threshold                  = optional(number)<br>        percent_capacity_increase  = optional(number)<br>        notification_email_address = optional(string)<br>      }))<br>      volume = optional(object({<br>        name_suffix                = optional(string)<br>        storage_efficiency_enabled = optional(bool)<br>        create                     = optional(bool)<br>        junction_path              = optional(string)<br>        size_in_megabytes          = optional(number)<br>      }))<br>    }))<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool)<br>    }))<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool)<br>    }))<br>    enable_remote_backup = optional(bool)<br>    costs_enabled        = optional(bool)<br>  })</pre> | n/a | yes |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        migrate\_from\_efs = {<br/>          enabled =  When enabled, both EFS and NetApp resources will be provisioned simultaneously during the migration period.<br/>          datasync = {<br/>            enabled  = Toggle to enable AWS DataSync for automated data transfer from EFS to NetApp FSx.<br/>            schedule = Cron-style schedule for the DataSync task, specifying how often the data transfer will occur (default: hourly).<br/>          }<br/>        }<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }<br/>        volume = {<br/>          create                     = Create a volume associated with the filesystem.<br/>          name\_suffix                = The suffix to name the volume<br/>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br/>          junction\_path              = filesystem junction path<br/>          size\_in\_megabytes          = The size of the volume<br/>        }<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = string<br/>    efs = optional(object({<br/>      access_point_path = optional(string)<br/>      backup_vault = optional(object({<br/>        create        = optional(bool)<br/>        force_destroy = optional(bool)<br/>        backup = optional(object({<br/>          schedule           = optional(string)<br/>          cold_storage_after = optional(number)<br/>          delete_after       = optional(number)<br/>        }))<br/>      }))<br/>    }))<br/>    netapp = optional(object({<br/>      migrate_from_efs = optional(object({<br/>        enabled = optional(bool)<br/>        datasync = optional(object({<br/>          enabled  = optional(bool)<br/>          target   = optional(string)<br/>          schedule = optional(string)<br/>        }))<br/>      }))<br/>      deployment_type                   = optional(string)<br/>      storage_capacity                  = optional(number)<br/>      throughput_capacity               = optional(number)<br/>      automatic_backup_retention_days   = optional(number)<br/>      daily_automatic_backup_start_time = optional(string)<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool)<br/>        threshold                  = optional(number)<br/>        percent_capacity_increase  = optional(number)<br/>        notification_email_address = optional(string)<br/>      }))<br/>      volume = optional(object({<br/>        name_suffix                = optional(string)<br/>        storage_efficiency_enabled = optional(bool)<br/>        create                     = optional(bool)<br/>        junction_path              = optional(string)<br/>        size_in_megabytes          = optional(number)<br/>      }))<br/>    }))<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool)<br/>    }))<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool)<br/>    }))<br/>    enable_remote_backup = optional(bool)<br/>    costs_enabled        = optional(bool)<br/>  })</pre> | n/a | yes |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_info"></a> [info](#output\_info) | efs = {<br>      access\_point      = EFS access point.<br>      file\_system       = EFS file\_system.<br>      security\_group\_id = EFS security group id.<br>    }<br>    s3 = {<br>      buckets        = "S3 buckets name and arn"<br>      iam\_policy\_arn = S3 IAM Policy ARN.<br>    }<br>    ecr = {<br>      container\_registry = ECR base registry URL. Grab the base AWS account ECR URL and add the deploy\_id. Domino will append /environment and /model.<br>      iam\_policy\_arn     = ECR IAM Policy ARN.<br>      calico\_image\_registry = Image registry for Calico. Will be a pull through cache for Quay.io unless in GovCloud, China, or have FIPS enabled.<br>    } |
+| <a name="output_info"></a> [info](#output\_info) | efs = {<br/>      access\_point      = EFS access point.<br/>      file\_system       = EFS file\_system.<br/>      security\_group\_id = EFS security group id.<br/>    }<br/>    s3 = {<br/>      buckets        = "S3 buckets name and arn"<br/>      iam\_policy\_arn = S3 IAM Policy ARN.<br/>    }<br/>    ecr = {<br/>      container\_registry = ECR base registry URL. Grab the base AWS account ECR URL and add the deploy\_id. Domino will append /environment and /model.<br/>      iam\_policy\_arn     = ECR IAM Policy ARN.<br/>      calico\_image\_registry = Image registry for Calico. Will be a pull through cache for Quay.io unless in GovCloud, China, or have FIPS enabled.<br/>    } |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/infra/submodules/vpn/README.md b/modules/infra/submodules/vpn/README.md
index fdaa4278..4c819c58 100644
--- a/modules/infra/submodules/vpn/README.md
+++ b/modules/infra/submodules/vpn/README.md
@@ -34,8 +34,8 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    route_tables = object({<br>      public  = optional(list(string))<br>      private = optional(list(string))<br>      pod     = optional(list(string))<br>    })<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>    })<br>    vpc_cidrs = string<br>  })</pre> | n/a | yes |
-| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | List of VPN connections, each with:<br>    - name: Name for identification<br>    - shared\_ip: Customer's shared IP Address.<br>    - cidr\_block: List of CIDR blocks for the customer's network. | <pre>list(object({<br>    name        = string<br>    shared_ip   = string<br>    cidr_blocks = list(string)<br>  }))</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    route_tables = object({<br/>      public  = optional(list(string))<br/>      private = optional(list(string))<br/>      pod     = optional(list(string))<br/>    })<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      pod = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>    })<br/>    vpc_cidrs = string<br/>  })</pre> | n/a | yes |
+| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | List of VPN connections, each with:<br/>    - name: Name for identification<br/>    - shared\_ip: Customer's shared IP Address.<br/>    - cidr\_block: List of CIDR blocks for the customer's network. | <pre>list(object({<br/>    name        = string<br/>    shared_ip   = string<br/>    cidr_blocks = list(string)<br/>  }))</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/infra/variables.tf b/modules/infra/variables.tf
index adf2471c..de7a21d5 100644
--- a/modules/infra/variables.tf
+++ b/modules/infra/variables.tf
@@ -76,7 +76,7 @@ variable "eks" {
 
   type = object({
     creation_role_name = optional(string, null)
-    k8s_version        = optional(string, "1.27")
+    k8s_version        = optional(string, "1.31")
     nodes_master       = optional(bool, false)
     kubeconfig = optional(object({
       extra_args = optional(string, "")
diff --git a/modules/irsa/README.md b/modules/irsa/README.md
index fc6d5c03..5e129afa 100644
--- a/modules/irsa/README.md
+++ b/modules/irsa/README.md
@@ -54,12 +54,12 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_irsa_configs"></a> [additional\_irsa\_configs](#input\_additional\_irsa\_configs) | Input for additional irsa configurations | <pre>list(object({<br>    name                = string<br>    namespace           = string<br>    serviceaccount_name = string<br>    policy              = string #json<br>  }))</pre> | `[]` | no |
-| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br>      specs {<br>        name            = Cluster name.<br>        account\_id      = AWS account id where the cluster resides.<br>      }<br>      oidc = {<br>        arn = OIDC provider ARN.<br>        url = OIDC provider url.<br>        cert = {<br>          thumbprint\_list = OIDC cert thumbprints.<br>          url             = OIDC cert URL.<br>      }<br>    } | <pre>object({<br>    nodes = object({<br>      roles = list(object({<br>        arn  = string<br>        name = string<br>      }))<br>    })<br>    cluster = object({<br>      specs = object({<br>        name       = string<br>        account_id = string<br>      })<br>      oidc = object({<br>        arn = string<br>        url = string<br>        cert = object({<br>          thumbprint_list = list(string)<br>          url             = string<br>        })<br>      })<br>    })<br>  })</pre> | n/a | yes |
-| <a name="input_external_dns"></a> [external\_dns](#input\_external\_dns) | Config to enable irsa for external-dns | <pre>object({<br>    enabled             = optional(bool, false)<br>    hosted_zone_name    = optional(string, null)<br>    hosted_zone_private = optional(string, false)<br>    namespace           = optional(string, "domino-platform")<br>    serviceaccount_name = optional(string, "external-dns")<br>    rm_role_policy = optional(object({<br>      remove           = optional(bool, false)<br>      detach_from_role = optional(bool, false)<br>      policy_name      = optional(string, "")<br>    }), {})<br>  })</pre> | `{}` | no |
-| <a name="input_netapp_trident_configurator"></a> [netapp\_trident\_configurator](#input\_netapp\_trident\_configurator) | Config to create IRSA role for the netapp-trident-configurator. | <pre>object({<br>    enabled             = optional(bool, false)<br>    namespace           = optional(string, "trident")<br>    serviceaccount_name = optional(string, "trident-configurator")<br>    region              = optional(string)<br>  })</pre> | `{}` | no |
-| <a name="input_netapp_trident_operator"></a> [netapp\_trident\_operator](#input\_netapp\_trident\_operator) | Config to create IRSA role for the netapp-trident-operator. | <pre>object({<br>    enabled             = optional(bool, false)<br>    namespace           = optional(string, "trident")<br>    serviceaccount_name = optional(string, "trident-controller")<br>    region              = optional(string)<br>  })</pre> | `{}` | no |
-| <a name="input_use_cluster_odc_idp"></a> [use\_cluster\_odc\_idp](#input\_use\_cluster\_odc\_idp) | Toogle to uset the oidc idp connector in the trust policy.<br>    Set to `true` if the cluster and the hosted zone are in different aws accounts.<br>    `rm_role_policy` used to facilitiate the cleanup if a node attached policy was used previously. | `bool` | `true` | no |
+| <a name="input_additional_irsa_configs"></a> [additional\_irsa\_configs](#input\_additional\_irsa\_configs) | Input for additional irsa configurations | <pre>list(object({<br/>    name                = string<br/>    namespace           = string<br/>    serviceaccount_name = string<br/>    policy              = string #json<br/>  }))</pre> | `[]` | no |
+| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br/>      specs {<br/>        name            = Cluster name.<br/>        account\_id      = AWS account id where the cluster resides.<br/>      }<br/>      oidc = {<br/>        arn = OIDC provider ARN.<br/>        url = OIDC provider url.<br/>        cert = {<br/>          thumbprint\_list = OIDC cert thumbprints.<br/>          url             = OIDC cert URL.<br/>      }<br/>    } | <pre>object({<br/>    nodes = object({<br/>      roles = list(object({<br/>        arn  = string<br/>        name = string<br/>      }))<br/>    })<br/>    cluster = object({<br/>      specs = object({<br/>        name       = string<br/>        account_id = string<br/>      })<br/>      oidc = object({<br/>        arn = string<br/>        url = string<br/>        cert = object({<br/>          thumbprint_list = list(string)<br/>          url             = string<br/>        })<br/>      })<br/>    })<br/>  })</pre> | n/a | yes |
+| <a name="input_external_dns"></a> [external\_dns](#input\_external\_dns) | Config to enable irsa for external-dns | <pre>object({<br/>    enabled             = optional(bool, false)<br/>    hosted_zone_name    = optional(string, null)<br/>    hosted_zone_private = optional(string, false)<br/>    namespace           = optional(string, "domino-platform")<br/>    serviceaccount_name = optional(string, "external-dns")<br/>    rm_role_policy = optional(object({<br/>      remove           = optional(bool, false)<br/>      detach_from_role = optional(bool, false)<br/>      policy_name      = optional(string, "")<br/>    }), {})<br/>  })</pre> | `{}` | no |
+| <a name="input_netapp_trident_configurator"></a> [netapp\_trident\_configurator](#input\_netapp\_trident\_configurator) | Config to create IRSA role for the netapp-trident-configurator. | <pre>object({<br/>    enabled             = optional(bool, false)<br/>    namespace           = optional(string, "trident")<br/>    serviceaccount_name = optional(string, "trident-configurator")<br/>    region              = optional(string)<br/>  })</pre> | `{}` | no |
+| <a name="input_netapp_trident_operator"></a> [netapp\_trident\_operator](#input\_netapp\_trident\_operator) | Config to create IRSA role for the netapp-trident-operator. | <pre>object({<br/>    enabled             = optional(bool, false)<br/>    namespace           = optional(string, "trident")<br/>    serviceaccount_name = optional(string, "trident-controller")<br/>    region              = optional(string)<br/>  })</pre> | `{}` | no |
+| <a name="input_use_cluster_odc_idp"></a> [use\_cluster\_odc\_idp](#input\_use\_cluster\_odc\_idp) | Toogle to uset the oidc idp connector in the trust policy.<br/>    Set to `true` if the cluster and the hosted zone are in different aws accounts.<br/>    `rm_role_policy` used to facilitiate the cleanup if a node attached policy was used previously. | `bool` | `true` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
diff --git a/modules/nodes/README.md b/modules/nodes/README.md
index 33b774c0..d4d5ac35 100644
--- a/modules/nodes/README.md
+++ b/modules/nodes/README.md
@@ -43,14 +43,14 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string, null)<br>    bootstrap_extra_args       = optional(string, "")<br>    instance_types             = list(string)<br>    spot                       = optional(bool, false)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>      })), [<br>      {<br>        key    = "ebs.csi.aws.com/agent-not-ready",<br>        value  = "true",<br>        effect = "NO_EXECUTE"<br>      }<br>    ])<br>    tags = optional(map(string), {})<br>    gpu  = optional(bool, null)<br>    volume = object({<br>      size       = string<br>      type       = string<br>      iops       = optional(number)<br>      throughput = optional(number, 500)<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [<br>            {<br>              key    = "ebs.csi.aws.com/agent-not-ready",<br>              value  = "true",<br>              effect = "NO_EXECUTE"<br>            }<br>          ])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size       = optional(number, 1000)<br>            type       = optional(string, "gp3")<br>            iops       = optional(number)<br>            throughput = optional(number, 500)<br>            }), {<br>            size       = 1000<br>            type       = "gp3"<br>            iops       = null<br>            throughput = 500<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), []<br>          )<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size       = optional(number, 100)<br>            type       = optional(string, "gp3")<br>            iops       = optional(number)<br>            throughput = optional(number)<br>            }), {<br>            size       = 100<br>            type       = "gp3"<br>            iops       = null<br>            throughput = null<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            },<br>            {<br>              key    = "ebs.csi.aws.com/agent-not-ready",<br>              value  = "true",<br>              effect = "NO_EXECUTE"<br>            }<br><br>          ])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size       = optional(number, 1000)<br>            type       = optional(string, "gp3")<br>            iops       = optional(number)<br>            throughput = optional(number, 500)<br>            }), {<br>            size       = 1000<br>            type       = "gp3"<br>            iops       = null<br>            throughput = 500<br>            }<br>          )<br>      })<br>  })</pre> | n/a | yes |
-| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br>      addons            = List of addons<br>      specs             = Cluster spes. {<br>        name                      = Cluster name.<br>        endpoint                  = Cluster endpont.<br>        kubernetes\_network\_config = Cluster k8s nw config.<br>      }<br>      version           = K8s version.<br>      arn               = EKS Cluster arn.<br>      security\_group\_id = EKS Cluster security group id.<br>      endpoint          = EKS Cluster API endpoint.<br>      roles             = Default IAM Roles associated with the EKS cluster. {<br>        name = string<br>        arn = string<br>      }<br>      custom\_roles      = Custom IAM Roles associated with the EKS cluster. {<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }<br>      oidc = {<br>        arn = OIDC provider ARN.<br>        url = OIDC provider url.<br>      }<br>    }<br>    nodes = {<br>      security\_group\_id = EKS Nodes security group id.<br>      roles = IAM Roles associated with the EKS Nodes.{<br>        name = string<br>        arn  = string<br>      }<br>    }<br>    kubeconfig = Kubeconfig details.{<br>      path       = string<br>      extra\_args = string<br>    } | <pre>object({<br>    k8s_pre_setup_sh_file = string<br>    cluster = object({<br>      addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br>      vpc_cni = optional(object({<br>        prefix_delegation = optional(bool, false)<br>        annotate_pod_ip   = optional(bool, true)<br>      }))<br>      specs = object({<br>        name                      = string<br>        endpoint                  = string<br>        kubernetes_network_config = list(map(any))<br>        certificate_authority     = list(map(any))<br>      })<br>      version           = string<br>      arn               = string<br>      security_group_id = string<br>      endpoint          = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>      custom_roles = list(object({<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }))<br>      oidc = object({<br>        arn = string<br>        url = string<br>      })<br>    })<br>    nodes = object({<br>      security_group_id = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>    })<br>    kubeconfig = object({<br>      path       = string<br>      extra_args = string<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string, null)<br/>    bootstrap_extra_args       = optional(string, "")<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool, false)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number, 50)<br/>    max_unavailable            = optional(number)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>      })), [<br/>      {<br/>        key    = "ebs.csi.aws.com/agent-not-ready",<br/>        value  = "true",<br/>        effect = "NO_EXECUTE"<br/>      }<br/>    ])<br/>    tags = optional(map(string), {})<br/>    gpu  = optional(bool, null)<br/>    volume = object({<br/>      size       = string<br/>      type       = string<br/>      iops       = optional(number)<br/>      throughput = optional(number, 500)<br/>    })<br/>  }))</pre> | `{}` | no |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [<br/>            {<br/>              key    = "ebs.csi.aws.com/agent-not-ready",<br/>              value  = "true",<br/>              effect = "NO_EXECUTE"<br/>            }<br/>          ])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size       = optional(number, 1000)<br/>            type       = optional(string, "gp3")<br/>            iops       = optional(number)<br/>            throughput = optional(number, 500)<br/>            }), {<br/>            size       = 1000<br/>            type       = "gp3"<br/>            iops       = null<br/>            throughput = 500<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), []<br/>          )<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size       = optional(number, 100)<br/>            type       = optional(string, "gp3")<br/>            iops       = optional(number)<br/>            throughput = optional(number)<br/>            }), {<br/>            size       = 100<br/>            type       = "gp3"<br/>            iops       = null<br/>            throughput = null<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            },<br/>            {<br/>              key    = "ebs.csi.aws.com/agent-not-ready",<br/>              value  = "true",<br/>              effect = "NO_EXECUTE"<br/>            }<br/><br/>          ])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size       = optional(number, 1000)<br/>            type       = optional(string, "gp3")<br/>            iops       = optional(number)<br/>            throughput = optional(number, 500)<br/>            }), {<br/>            size       = 1000<br/>            type       = "gp3"<br/>            iops       = null<br/>            throughput = 500<br/>            }<br/>          )<br/>      })<br/>  })</pre> | n/a | yes |
+| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br/>      addons            = List of addons<br/>      specs             = Cluster spes. {<br/>        name                      = Cluster name.<br/>        endpoint                  = Cluster endpont.<br/>        kubernetes\_network\_config = Cluster k8s nw config.<br/>      }<br/>      version           = K8s version.<br/>      arn               = EKS Cluster arn.<br/>      security\_group\_id = EKS Cluster security group id.<br/>      endpoint          = EKS Cluster API endpoint.<br/>      roles             = Default IAM Roles associated with the EKS cluster. {<br/>        name = string<br/>        arn = string<br/>      }<br/>      custom\_roles      = Custom IAM Roles associated with the EKS cluster. {<br/>        rolearn  = string<br/>        username = string<br/>        groups   = list(string)<br/>      }<br/>      oidc = {<br/>        arn = OIDC provider ARN.<br/>        url = OIDC provider url.<br/>      }<br/>    }<br/>    nodes = {<br/>      security\_group\_id = EKS Nodes security group id.<br/>      roles = IAM Roles associated with the EKS Nodes.{<br/>        name = string<br/>        arn  = string<br/>      }<br/>    }<br/>    kubeconfig = Kubeconfig details.{<br/>      path       = string<br/>      extra\_args = string<br/>    } | <pre>object({<br/>    k8s_pre_setup_sh_file = string<br/>    cluster = object({<br/>      addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br/>      vpc_cni = optional(object({<br/>        prefix_delegation = optional(bool, false)<br/>        annotate_pod_ip   = optional(bool, true)<br/>      }))<br/>      specs = object({<br/>        name                      = string<br/>        endpoint                  = string<br/>        kubernetes_network_config = list(map(any))<br/>        certificate_authority     = list(map(any))<br/>      })<br/>      version           = string<br/>      arn               = string<br/>      security_group_id = string<br/>      endpoint          = string<br/>      roles = list(object({<br/>        name = string<br/>        arn  = string<br/>      }))<br/>      custom_roles = list(object({<br/>        rolearn  = string<br/>        username = string<br/>        groups   = list(string)<br/>      }))<br/>      oidc = object({<br/>        arn = string<br/>        url = string<br/>      })<br/>    })<br/>    nodes = object({<br/>      security_group_id = string<br/>      roles = list(object({<br/>        name = string<br/>        arn  = string<br/>      }))<br/>    })<br/>    kubeconfig = object({<br/>      path       = string<br/>      extra_args = string<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>      pod = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>      pod = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
-| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br>    path          = string<br>    key_pair_name = string<br>  })</pre> | n/a | yes |
+| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br/>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br/>    path          = string<br/>    key_pair_name = string<br/>  })</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
diff --git a/modules/single-node/README.md b/modules/single-node/README.md
index ccb839b6..05162e96 100644
--- a/modules/single-node/README.md
+++ b/modules/single-node/README.md
@@ -44,13 +44,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br>      addons            = List of addons<br>      specs             = Cluster spes. {<br>        name                      = Cluster name.<br>        endpoint                  = Cluster endpont.<br>        kubernetes\_network\_config = Cluster k8s nw config.<br>      }<br>      version           = K8s version.<br>      arn               = EKS Cluster arn.<br>      security\_group\_id = EKS Cluster security group id.<br>      endpoint          = EKS Cluster API endpoint.<br>      roles             = Default IAM Roles associated with the EKS cluster. {<br>        name = string<br>        arn = string<br>      }<br>      custom\_roles      = Custom IAM Roles associated with the EKS cluster. {<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }<br>      oidc = {<br>        arn = OIDC provider ARN.<br>        url = OIDC provider url.<br>      }<br>    }<br>    nodes = {<br>      security\_group\_id = EKS Nodes security group id.<br>      roles = IAM Roles associated with the EKS Nodes.{<br>        name = string<br>        arn  = string<br>      }<br>    }<br>    kubeconfig = Kubeconfig details.{<br>      path       = string<br>      extra\_args = string<br>    } | <pre>object({<br>    k8s_pre_setup_sh_file = string<br>    cluster = object({<br>      addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br>      vpc_cni = optional(object({<br>        prefix_delegation = optional(bool, false)<br>        annotate_pod_ip   = optional(bool, true)<br>      }))<br>      specs = object({<br>        name                      = string<br>        endpoint                  = string<br>        kubernetes_network_config = list(map(any))<br>        certificate_authority     = list(map(any))<br>      })<br>      version           = string<br>      arn               = string<br>      security_group_id = string<br>      endpoint          = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>      custom_roles = list(object({<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }))<br>      oidc = object({<br>        arn = string<br>        url = string<br>      })<br>    })<br>    nodes = object({<br>      security_group_id = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>    })<br>    kubeconfig = object({<br>      path       = string<br>      extra_args = string<br>    })<br>  })</pre> | n/a | yes |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>      pod = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br/>      addons            = List of addons<br/>      specs             = Cluster spes. {<br/>        name                      = Cluster name.<br/>        endpoint                  = Cluster endpont.<br/>        kubernetes\_network\_config = Cluster k8s nw config.<br/>      }<br/>      version           = K8s version.<br/>      arn               = EKS Cluster arn.<br/>      security\_group\_id = EKS Cluster security group id.<br/>      endpoint          = EKS Cluster API endpoint.<br/>      roles             = Default IAM Roles associated with the EKS cluster. {<br/>        name = string<br/>        arn = string<br/>      }<br/>      custom\_roles      = Custom IAM Roles associated with the EKS cluster. {<br/>        rolearn  = string<br/>        username = string<br/>        groups   = list(string)<br/>      }<br/>      oidc = {<br/>        arn = OIDC provider ARN.<br/>        url = OIDC provider url.<br/>      }<br/>    }<br/>    nodes = {<br/>      security\_group\_id = EKS Nodes security group id.<br/>      roles = IAM Roles associated with the EKS Nodes.{<br/>        name = string<br/>        arn  = string<br/>      }<br/>    }<br/>    kubeconfig = Kubeconfig details.{<br/>      path       = string<br/>      extra\_args = string<br/>    } | <pre>object({<br/>    k8s_pre_setup_sh_file = string<br/>    cluster = object({<br/>      addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br/>      vpc_cni = optional(object({<br/>        prefix_delegation = optional(bool, false)<br/>        annotate_pod_ip   = optional(bool, true)<br/>      }))<br/>      specs = object({<br/>        name                      = string<br/>        endpoint                  = string<br/>        kubernetes_network_config = list(map(any))<br/>        certificate_authority     = list(map(any))<br/>      })<br/>      version           = string<br/>      arn               = string<br/>      security_group_id = string<br/>      endpoint          = string<br/>      roles = list(object({<br/>        name = string<br/>        arn  = string<br/>      }))<br/>      custom_roles = list(object({<br/>        rolearn  = string<br/>        username = string<br/>        groups   = list(string)<br/>      }))<br/>      oidc = object({<br/>        arn = string<br/>        url = string<br/>      })<br/>    })<br/>    nodes = object({<br/>      security_group_id = string<br/>      roles = list(object({<br/>        name = string<br/>        arn  = string<br/>      }))<br/>    })<br/>    kubeconfig = object({<br/>      path       = string<br/>      extra_args = string<br/>    })<br/>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>      pod = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_run_post_node_setup"></a> [run\_post\_node\_setup](#input\_run\_post\_node\_setup) | Toggle installing addons and calico | `bool` | `true` | no |
-| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br>    name                 = optional(string, "single-node")<br>    bootstrap_extra_args = optional(string, "")<br>    ami = optional(object({<br>      name_prefix = optional(string, null)<br>      owner       = optional(string, null)<br><br>    }))<br>    instance_type            = optional(string, "m6i.2xlarge")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    labels                   = optional(map(string))<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    volume = optional(object({<br>      size = optional(number, 200)<br>      type = optional(string, "gp3")<br>    }), {})<br>  })</pre> | `{}` | no |
-| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br>    path          = string<br>    key_pair_name = string<br>  })</pre> | n/a | yes |
+| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br/>    name                 = optional(string, "single-node")<br/>    bootstrap_extra_args = optional(string, "")<br/>    ami = optional(object({<br/>      name_prefix = optional(string, null)<br/>      owner       = optional(string, null)<br/><br/>    }))<br/>    instance_type            = optional(string, "m6i.2xlarge")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    labels                   = optional(map(string))<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    volume = optional(object({<br/>      size = optional(number, 200)<br/>      type = optional(string, "gp3")<br/>    }), {})<br/>  })</pre> | `{}` | no |
+| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br/>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br/>    path          = string<br/>    key_pair_name = string<br/>  })</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/tests/deploy/infra-ci.tfvars.tftpl b/tests/deploy/infra-ci.tfvars.tftpl
index 60d87612..97417de1 100644
--- a/tests/deploy/infra-ci.tfvars.tftpl
+++ b/tests/deploy/infra-ci.tfvars.tftpl
@@ -50,7 +50,7 @@ bastion = {
 }
 
 eks = {
-  k8s_version       = "1.27"
+  k8s_version       = "1.31"
   master_role_names = ["okta-poweruser", "okta-fulladmin"]
 }
 
diff --git a/tests/deploy/single-node/README.md b/tests/deploy/single-node/README.md
index 65f636ec..daa788ac 100644
--- a/tests/deploy/single-node/README.md
+++ b/tests/deploy/single-node/README.md
@@ -33,7 +33,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br>    name                 = optional(string, "single-node")<br>    bootstrap_extra_args = optional(string, "")<br>    ami = optional(object({<br>      name_prefix = optional(string, null)<br>      owner       = optional(string, null)<br><br>    }))<br>    instance_type            = optional(string, "m6i.2xlarge")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    labels                   = optional(map(string))<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    volume = optional(object({<br>      size = optional(number, 1000)<br>      type = optional(string, "gp3")<br>    }), {})<br>  })</pre> | `{}` | no |
+| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br/>    name                 = optional(string, "single-node")<br/>    bootstrap_extra_args = optional(string, "")<br/>    ami = optional(object({<br/>      name_prefix = optional(string, null)<br/>      owner       = optional(string, null)<br/><br/>    }))<br/>    instance_type            = optional(string, "m6i.2xlarge")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    labels                   = optional(map(string))<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    volume = optional(object({<br/>      size = optional(number, 1000)<br/>      type = optional(string, "gp3")<br/>    }), {})<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/tests/plan/terraform/README.md b/tests/plan/terraform/README.md
index 07b0bce7..74e19c81 100644
--- a/tests/plan/terraform/README.md
+++ b/tests/plan/terraform/README.md
@@ -38,25 +38,25 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string, null)<br>    bootstrap_extra_args       = optional(string, "")<br>    instance_types             = list(string)<br>    spot                       = optional(bool, false)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number, null)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    tags = optional(map(string), {})<br>    gpu  = optional(bool, null)<br>    volume = object({<br>      size = string<br>      type = string<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'al2023' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool, true)<br>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br>    instance_type            = optional(string, "t3.micro")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    username                 = optional(string, "ec2-user")<br>    install_binaries         = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      })<br>  })</pre> | n/a | yes |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string, null)<br/>    bootstrap_extra_args       = optional(string, "")<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool, false)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number, 50)<br/>    max_unavailable            = optional(number, null)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    tags = optional(map(string), {})<br/>    gpu  = optional(bool, null)<br/>    volume = object({<br/>      size = string<br/>      type = string<br/>    })<br/>  }))</pre> | `{}` | no |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br/>    ami                      = Ami id. Defaults to latest 'al2023' ami.<br/>    instance\_type            = Instance type.<br/>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br/>    username                 = Bastion user.<br/>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br/>    enabled                  = optional(bool, true)<br/>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br/>    instance_type            = optional(string, "t3.micro")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    username                 = optional(string, "ec2-user")<br/>    install_binaries         = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 100)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 100<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            }<br/>          ])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      })<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | `"domino-eks"` | no |
-| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    k8s_version  = optional(string, "1.27")<br>    nodes_master = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(map(string), null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br/>    provision_cost_usage_report = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    k8s_version  = optional(string, "1.31")<br/>    nodes_master = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string, "")<br/>      path       = optional(string, null)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool, false)<br/>      cidrs   = optional(list(string), [])<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })), [])<br/>    master_role_names  = optional(list(string), [])<br/>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br/>    ssm_log_group_name = optional(string, "session-manager")<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string, null)<br/>      groups_prefix                 = optional(string, null)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string, null)<br/>      required_claims               = optional(map(string), null)<br/>      username_claim                = optional(string, null)<br/>      username_prefix               = optional(string, null)<br/>    })), [])<br/>  })</pre> | `{}` | no |
 | <a name="input_enable_private_link"></a> [enable\_private\_link](#input\_enable\_private\_link) | Enable Private Link connections | `bool` | `false` | no |
-| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br>    enabled                         = optional(bool, false)<br>    namespace                       = optional(string, "domino-compute")<br>    operator_service_account_name   = optional(string, "pham-juno-operator")<br>    operator_role_suffix            = optional(string, "external-deployments-operator")<br>    repository_suffix               = optional(string, "external-deployments")<br>    bucket_suffix                   = optional(string, "external-deployments")<br>    enable_assume_any_external_role = optional(bool, true)<br>    enable_in_account_deployments   = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br/>    enabled                         = optional(bool, false)<br/>    namespace                       = optional(string, "domino-compute")<br/>    operator_service_account_name   = optional(string, "pham-juno-operator")<br/>    operator_role_suffix            = optional(string, "external-deployments-operator")<br/>    repository_suffix               = optional(string, "external-deployments")<br/>    bucket_suffix                   = optional(string, "external-deployments")<br/>    enable_assume_any_external_role = optional(bool, true)<br/>    enable_in_account_deployments   = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null)<br>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br>    enabled             = optional(bool, true)<br>    key_id              = optional(string, null)<br>    additional_policies = optional(list(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br/>    key\_id  = optional(string, null)<br/>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br/>    enabled             = optional(bool, true)<br/>    key_id              = optional(string, null)<br/>    additional_policies = optional(list(string), [])<br/>  })</pre> | `{}` | no |
+| <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_route53_hosted_zone_name"></a> [route53\_hosted\_zone\_name](#input\_route53\_hosted\_zone\_name) | Optional hosted zone for External DNS zone. | `string` | `null` | no |
-| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br>    name                 = optional(string, "single-node")<br>    bootstrap_extra_args = optional(string, "")<br>    ami = optional(object({<br>      name_prefix = optional(string, null)<br>      owner       = optional(string, null)<br><br>    }))<br>    instance_type            = optional(string, "m6i.2xlarge")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    labels                   = optional(map(string))<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    volume = optional(object({<br>      size = optional(number, 1000)<br>      type = optional(string, "gp3")<br>    }), {})<br>  })</pre> | `null` | no |
+| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br/>    name                 = optional(string, "single-node")<br/>    bootstrap_extra_args = optional(string, "")<br/>    ami = optional(object({<br/>      name_prefix = optional(string, null)<br/>      owner       = optional(string, null)<br/><br/>    }))<br/>    instance_type            = optional(string, "m6i.2xlarge")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    labels                   = optional(map(string))<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    volume = optional(object({<br/>      size = optional(number, 1000)<br/>      type = optional(string, "gp3")<br/>    }), {})<br/>  })</pre> | `null` | no |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      filesystem\_type = File system type(netapp\|efs)<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      netapp = {<br>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br>        storage\_capacity = Filesystem Storage capacity<br>        throughput\_capacity = Filesystem throughput capacity<br>        automatic\_backup\_retention\_days = How many days to keep backups<br>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br><br>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br>          enabled                     = Enable automatic storage capacity increase.<br>          threshold                  = Used storage capacity threshold.<br>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br>          notification\_email\_address = The email address for alarm notification.<br>        }<br>        volume = {<br>          create                     = Create a volume associated with the filesystem.<br>          name\_suffix                = The suffix to name the volume<br>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br>          junction\_path              = filesystem junction path<br>          size\_in\_megabytes          = The size of the volume<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    filesystem_type = optional(string, "efs")<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    netapp = optional(object({<br>      migrate_from_efs = optional(object({<br>        enabled = optional(bool, false)<br>        datasync = optional(object({<br>          enabled  = optional(bool, false)<br>          target   = optional(string, "netapp")<br>          schedule = optional(string, "cron(0 * * * ? *)")<br>        }), {})<br>      }), {})<br>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br>      storage_capacity                  = optional(number, 1024)<br>      throughput_capacity               = optional(number, 128)<br>      automatic_backup_retention_days   = optional(number, 90)<br>      daily_automatic_backup_start_time = optional(string, "00:00")<br>      storage_capacity_autosizing = optional(object({<br>        enabled                    = optional(bool, false)<br>        threshold                  = optional(number, 70)<br>        percent_capacity_increase  = optional(number, 30)<br>        notification_email_address = optional(string, "")<br>      }), {})<br>      volume = optional(object({<br>        create                     = optional(bool, true)<br>        name_suffix                = optional(string, "domino_shared_storage")<br>        storage_efficiency_enabled = optional(bool, true)<br>        junction_path              = optional(string, "/domino")<br>        size_in_megabytes          = optional(number, 1099511)<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }<br/>        volume = {<br/>          create                     = Create a volume associated with the filesystem.<br/>          name\_suffix                = The suffix to name the volume<br/>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br/>          junction\_path              = filesystem junction path<br/>          size\_in\_megabytes          = The size of the volume<br/>        }<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = optional(string, "efs")<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    netapp = optional(object({<br/>      migrate_from_efs = optional(object({<br/>        enabled = optional(bool, false)<br/>        datasync = optional(object({<br/>          enabled  = optional(bool, false)<br/>          target   = optional(string, "netapp")<br/>          schedule = optional(string, "cron(0 * * * ? *)")<br/>        }), {})<br/>      }), {})<br/>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br/>      storage_capacity                  = optional(number, 1024)<br/>      throughput_capacity               = optional(number, 128)<br/>      automatic_backup_retention_days   = optional(number, 90)<br/>      daily_automatic_backup_start_time = optional(string, "00:00")<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool, false)<br/>        threshold                  = optional(number, 70)<br/>        percent_capacity_increase  = optional(number, 30)<br/>        notification_email_address = optional(string, "")<br/>      }), {})<br/>      volume = optional(object({<br/>        create                     = optional(bool, true)<br/>        name_suffix                = optional(string, "domino_shared_storage")<br/>        storage_efficiency_enabled = optional(bool, true)<br/>        junction_path              = optional(string, "/domino")<br/>        size_in_megabytes          = optional(number, 1099511)<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {}),<br/>    enable_remote_backup = optional(bool, false)<br/>    costs_enabled        = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
-| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br>    connections = List of VPN connections, each with:<br>      - name: Name for identification (optional).<br>      - shared\_ip: Customer's shared IP Address (optional).<br>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br>    create = optional(bool, false)<br>    connections = optional(list(object({<br>      name        = optional(string, "")<br>      shared_ip   = optional(string, "")<br>      cidr_blocks = optional(list(string), [])<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br/>    connections = List of VPN connections, each with:<br/>      - name: Name for identification (optional).<br/>      - shared\_ip: Customer's shared IP Address (optional).<br/>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br/>    create = optional(bool, false)<br/>    connections = optional(list(object({<br/>      name        = optional(string, "")<br/>      shared_ip   = optional(string, "")<br/>      cidr_blocks = optional(list(string), [])<br/>    })), [])<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/tests/plan/terraform/variables.tf b/tests/plan/terraform/variables.tf
index 04b6a494..a6c765aa 100644
--- a/tests/plan/terraform/variables.tf
+++ b/tests/plan/terraform/variables.tf
@@ -84,7 +84,7 @@ variable "eks" {
   EOF
 
   type = object({
-    k8s_version  = optional(string, "1.27")
+    k8s_version  = optional(string, "1.31")
     nodes_master = optional(bool, false)
     kubeconfig = optional(object({
       extra_args = optional(string, "")

From 5fb14e721bccbca11073889ad082656db41f9967 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Fri, 8 Nov 2024 15:56:04 -0700
Subject: [PATCH 02/14] Update modules

---
 .pre-commit-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b0e89889..344cf8b3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,13 +14,13 @@ repos:
       - id: circleci-validate
         args: [--org-slug, github/cerebrotech]
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.29.1
+    rev: 0.29.4
     hooks:
       - id: check-github-workflows
       - id: check-dependabot
       - id: check-github-actions
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.92.1
+    rev: v1.96.2
     hooks:
       - id: terraform_validate
         # See #4 on https://github.com/antonbabenko/pre-commit-terraform#terraform_validate

From 1b72dbaf1f814e077f069278c11c2b3d7cad9453 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Fri, 8 Nov 2024 15:56:45 -0700
Subject: [PATCH 03/14] Bump modules

---
 .circleci/config.yml             | 6 +++---
 modules/single-node/README.md    | 6 +++---
 modules/single-node/variables.tf | 1 -
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e8545e9d..9a6d7075 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,7 +3,7 @@ version: 2.1
 parameters:
   helm_version:
     type: string
-    default: "v3.11.2"
+    default: "v3.12.0"
   terraform_version:
     type: string
     default: "1.9.3"
@@ -21,8 +21,8 @@ parameters:
     default: ""
 
 orbs:
-  terraform: circleci/terraform@3.3.0
-  aws-cli: circleci/aws-cli@3.1
+  terraform: circleci/terraform@3.4.0
+  aws-cli: circleci/aws-cli@3.2.0
   envsubst: sawadashota/envsubst@1.4.3
 
 commands:
diff --git a/modules/single-node/README.md b/modules/single-node/README.md
index 05162e96..3fc13c06 100644
--- a/modules/single-node/README.md
+++ b/modules/single-node/README.md
@@ -1,6 +1,6 @@
 # nodes
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -49,7 +49,7 @@ No modules.
 | <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>      pod = optional(list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      })), [])<br/>    })<br/>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_run_post_node_setup"></a> [run\_post\_node\_setup](#input\_run\_post\_node\_setup) | Toggle installing addons and calico | `bool` | `true` | no |
-| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br/>    name                 = optional(string, "single-node")<br/>    bootstrap_extra_args = optional(string, "")<br/>    ami = optional(object({<br/>      name_prefix = optional(string, null)<br/>      owner       = optional(string, null)<br/><br/>    }))<br/>    instance_type            = optional(string, "m6i.2xlarge")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    labels                   = optional(map(string))<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    volume = optional(object({<br/>      size = optional(number, 200)<br/>      type = optional(string, "gp3")<br/>    }), {})<br/>  })</pre> | `{}` | no |
+| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br/>    name                 = optional(string, "single-node")<br/>    bootstrap_extra_args = optional(string, "")<br/>    ami = optional(object({<br/>      name_prefix = optional(string, null)<br/>      owner       = optional(string, null)<br/>    }))<br/>    instance_type            = optional(string, "m6i.2xlarge")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    labels                   = optional(map(string))<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    volume = optional(object({<br/>      size = optional(number, 200)<br/>      type = optional(string, "gp3")<br/>    }), {})<br/>  })</pre> | `{}` | no |
 | <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br/>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br/>    path          = string<br/>    key_pair_name = string<br/>  })</pre> | n/a | yes |
 
 ## Outputs
@@ -57,4 +57,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Node details. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/single-node/variables.tf b/modules/single-node/variables.tf
index a41f89bf..cf77239a 100644
--- a/modules/single-node/variables.tf
+++ b/modules/single-node/variables.tf
@@ -177,7 +177,6 @@ variable "single_node" {
     ami = optional(object({
       name_prefix = optional(string, null)
       owner       = optional(string, null)
-
     }))
     instance_type            = optional(string, "m6i.2xlarge")
     authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])

From b58cb3b75f385fe553446a89749205b15f8cb6a4 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Fri, 8 Nov 2024 16:53:22 -0700
Subject: [PATCH 04/14] Bump helm

---
 .circleci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 9a6d7075..faac29c0 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,7 +3,7 @@ version: 2.1
 parameters:
   helm_version:
     type: string
-    default: "v3.12.0"
+    default: "v3.15.4"
   terraform_version:
     type: string
     default: "1.9.3"

From dfb32cf3e71b0265914a0fe66975fb844e2cf204 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Mon, 11 Nov 2024 16:32:22 -0700
Subject: [PATCH 05/14] Shift from dev-v2 to al2023

---
 examples/deploy/terraform/cluster/README.md  | 4 ++--
 examples/deploy/terraform/infra/README.md    | 4 ++--
 examples/deploy/terraform/nodes/README.md    | 4 ++--
 modules/eks/README.md                        | 4 ++--
 modules/eks/submodules/k8s/README.md         | 4 ++--
 modules/eks/submodules/privatelink/README.md | 2 +-
 tests/deploy/single-node/single-node.tfvars  | 7 +++----
 7 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/examples/deploy/terraform/cluster/README.md b/examples/deploy/terraform/cluster/README.md
index 3e3b4f3f..cc72b2a7 100644
--- a/examples/deploy/terraform/cluster/README.md
+++ b/examples/deploy/terraform/cluster/README.md
@@ -1,6 +1,6 @@
 # eks
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -55,4 +55,4 @@
 | <a name="output_external_dns_irsa_role_arn"></a> [external\_dns\_irsa\_role\_arn](#output\_external\_dns\_irsa\_role\_arn) | "External\_dns info"<br/>  {<br/>    irsa\_role = irsa role arn.<br/>    zone\_id   = hosted zone id for external\_dns Iam policy<br/>    zone\_name = hosted zone name for external\_dns Iam policy<br/>  } |
 | <a name="output_flyte"></a> [flyte](#output\_flyte) | Flyte details. |
 | <a name="output_infra"></a> [infra](#output\_infra) | Infra details. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
index cc86f1fd..ca2f297f 100644
--- a/examples/deploy/terraform/infra/README.md
+++ b/examples/deploy/terraform/infra/README.md
@@ -1,6 +1,6 @@
 # infra
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -48,4 +48,4 @@ No resources.
 | <a name="output_domino_config_values"></a> [domino\_config\_values](#output\_domino\_config\_values) | Values used to update the `domino.yml` for installation. |
 | <a name="output_infra"></a> [infra](#output\_infra) | Infrastructure outputs. |
 | <a name="output_ssh_bastion_command"></a> [ssh\_bastion\_command](#output\_ssh\_bastion\_command) | Command used in order to ssh to bastion. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/examples/deploy/terraform/nodes/README.md b/examples/deploy/terraform/nodes/README.md
index 277db9a0..08bd55a1 100644
--- a/examples/deploy/terraform/nodes/README.md
+++ b/examples/deploy/terraform/nodes/README.md
@@ -1,6 +1,6 @@
 # nodes
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -40,4 +40,4 @@
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Nodes details. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/eks/README.md b/modules/eks/README.md
index 7c75b0d4..26620ce0 100644
--- a/modules/eks/README.md
+++ b/modules/eks/README.md
@@ -1,6 +1,6 @@
 # eks
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -90,4 +90,4 @@
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | EKS information |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/eks/submodules/k8s/README.md b/modules/eks/submodules/k8s/README.md
index e076a335..56d04a05 100644
--- a/modules/eks/submodules/k8s/README.md
+++ b/modules/eks/submodules/k8s/README.md
@@ -1,6 +1,6 @@
 # k8s
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -44,4 +44,4 @@ No modules.
 | <a name="output_change_hash"></a> [change\_hash](#output\_change\_hash) | Hash of all templated files |
 | <a name="output_filepath"></a> [filepath](#output\_filepath) | Filename of primary script |
 | <a name="output_resources_directory"></a> [resources\_directory](#output\_resources\_directory) | Directory for provisioned scripts and templated files |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/eks/submodules/privatelink/README.md b/modules/eks/submodules/privatelink/README.md
index 7010064a..f266c409 100644
--- a/modules/eks/submodules/privatelink/README.md
+++ b/modules/eks/submodules/privatelink/README.md
@@ -1,4 +1,4 @@
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
diff --git a/tests/deploy/single-node/single-node.tfvars b/tests/deploy/single-node/single-node.tfvars
index 395781ce..c710f221 100644
--- a/tests/deploy/single-node/single-node.tfvars
+++ b/tests/deploy/single-node/single-node.tfvars
@@ -1,10 +1,9 @@
 single_node = {
   instance_type = "m6i.2xlarge"
-  name          = "dev-v2"
+  name          = "al2023"
   ami = {
-    name_prefix = "dev-v2_"
-    owner       = "977170443939"
-
+    name_prefix = "amazon-eks-node-al2023-x86_64-standard-"
+    owner       = "602401143452"
   }
   labels = {
     "dominodatalab.com/node-pool"   = "default",

From 0ae49777da4c665a0eadcf55f98e58eac3849064 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Mon, 11 Nov 2024 17:14:50 -0700
Subject: [PATCH 06/14] docs

---
 modules/eks/submodules/privatelink/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/eks/submodules/privatelink/README.md b/modules/eks/submodules/privatelink/README.md
index f266c409..d5b8e48d 100644
--- a/modules/eks/submodules/privatelink/README.md
+++ b/modules/eks/submodules/privatelink/README.md
@@ -48,4 +48,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Target groups... |
-+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->

From f77c10d20fb92fd92cdea19c6778e4e9d28853c7 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Mon, 11 Nov 2024 17:15:15 -0700
Subject: [PATCH 07/14] docs

---
 modules/external-deployments/README.md               | 4 ++--
 modules/flyte/README.md                              | 4 ++--
 modules/iam-bootstrap/README.md                      | 4 ++--
 modules/infra/README.md                              | 4 ++--
 modules/infra/submodules/bastion/README.md           | 4 ++--
 modules/infra/submodules/cost-usage-report/README.md | 4 ++--
 modules/infra/submodules/network/README.md           | 4 ++--
 modules/infra/submodules/storage/README.md           | 4 ++--
 modules/infra/submodules/vpn/README.md               | 4 ++--
 modules/irsa/README.md                               | 4 ++--
 modules/nodes/README.md                              | 4 ++--
 tests/deploy/single-node/README.md                   | 4 ++--
 tests/plan/create-kms-key/README.md                  | 4 ++--
 tests/plan/terraform/README.md                       | 4 ++--
 14 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/modules/external-deployments/README.md b/modules/external-deployments/README.md
index 0212f181..3f9bbd17 100644
--- a/modules/external-deployments/README.md
+++ b/modules/external-deployments/README.md
@@ -1,6 +1,6 @@
 # external-deployments
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -48,4 +48,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_eks"></a> [eks](#output\_eks) | External deployments eks info |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/flyte/README.md b/modules/flyte/README.md
index a89e7b8c..aa3e959f 100644
--- a/modules/flyte/README.md
+++ b/modules/flyte/README.md
@@ -1,6 +1,6 @@
 # flyte
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -60,4 +60,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_eks"></a> [eks](#output\_eks) | Flyte eks info |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/iam-bootstrap/README.md b/modules/iam-bootstrap/README.md
index ce0d12c6..9b475624 100644
--- a/modules/iam-bootstrap/README.md
+++ b/modules/iam-bootstrap/README.md
@@ -1,6 +1,6 @@
 # iam-bootstrap
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -44,4 +44,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_role_arn"></a> [role\_arn](#output\_role\_arn) | ARN of bootstrap role |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/infra/README.md b/modules/infra/README.md
index d17bb906..e7da0c23 100644
--- a/modules/infra/README.md
+++ b/modules/infra/README.md
@@ -1,6 +1,6 @@
 # infra
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -91,4 +91,4 @@
 | <a name="output_storage"></a> [storage](#output\_storage) | Storage details. |
 | <a name="output_tags"></a> [tags](#output\_tags) | Deployment tags. |
 | <a name="output_vpn_connections"></a> [vpn\_connections](#output\_vpn\_connections) | VPN connection information |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/infra/submodules/bastion/README.md b/modules/infra/submodules/bastion/README.md
index bd2d3887..0fdbae88 100644
--- a/modules/infra/submodules/bastion/README.md
+++ b/modules/infra/submodules/bastion/README.md
@@ -1,6 +1,6 @@
 # bastion
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -62,4 +62,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Bastion information. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/infra/submodules/cost-usage-report/README.md b/modules/infra/submodules/cost-usage-report/README.md
index e45ddbcd..40f0f78c 100644
--- a/modules/infra/submodules/cost-usage-report/README.md
+++ b/modules/infra/submodules/cost-usage-report/README.md
@@ -1,6 +1,6 @@
 # cost-usage-report
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -93,4 +93,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | athena\_info\_configs = "Athena based cost reporting config information for kubecost cost-analyzer"<br/>   athena\_region"  = "athena region"<br/>   athena\_query\_result\_s3 = "S3 location for athena query results"<br/>   cur\_report\_bucket\_name = "Name of S3 bucket used for storing CUR data. This may be provisioned by this module or not."<br/>   glue\_catalog\_database\_name = "Name of the Glue Catalog Database which is populated with CUR data."<br/>   glue\_catalog\_table\_name = "Name of the Glue Catalog table which is populated with CUR data."<br/>   glue\_catalog\_status\_table\_name = "Name of the Glue Catalog table which is populated with CUR data's status."<br/>   report\_name = "Name of the provisioned Cost and Usage Report."<br/>   s3\_bucket\_region  = "Region where the S3 bucket used for storing CUR data is provisioned. This may be provisioned by this module or not."<br/>   athena\_work\_group = "Athena workgroup to execute queries"<br/>   cur\_iam\_policy\_arn = CUR IAM Policy ARN. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/infra/submodules/network/README.md b/modules/infra/submodules/network/README.md
index d7c3eb01..ce2efaef 100644
--- a/modules/infra/submodules/network/README.md
+++ b/modules/infra/submodules/network/README.md
@@ -1,6 +1,6 @@
 # network
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -63,4 +63,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Nework information. vpc\_id, subnets... |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/infra/submodules/storage/README.md b/modules/infra/submodules/storage/README.md
index 6481c1e1..351535e6 100644
--- a/modules/infra/submodules/storage/README.md
+++ b/modules/infra/submodules/storage/README.md
@@ -1,6 +1,6 @@
 # storage
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -103,4 +103,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | efs = {<br/>      access\_point      = EFS access point.<br/>      file\_system       = EFS file\_system.<br/>      security\_group\_id = EFS security group id.<br/>    }<br/>    s3 = {<br/>      buckets        = "S3 buckets name and arn"<br/>      iam\_policy\_arn = S3 IAM Policy ARN.<br/>    }<br/>    ecr = {<br/>      container\_registry = ECR base registry URL. Grab the base AWS account ECR URL and add the deploy\_id. Domino will append /environment and /model.<br/>      iam\_policy\_arn     = ECR IAM Policy ARN.<br/>      calico\_image\_registry = Image registry for Calico. Will be a pull through cache for Quay.io unless in GovCloud, China, or have FIPS enabled.<br/>    } |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/infra/submodules/vpn/README.md b/modules/infra/submodules/vpn/README.md
index 4c819c58..6d063969 100644
--- a/modules/infra/submodules/vpn/README.md
+++ b/modules/infra/submodules/vpn/README.md
@@ -1,6 +1,6 @@
 # vpn
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -42,4 +42,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_vpn_connections"></a> [vpn\_connections](#output\_vpn\_connections) | List of VPN connections information |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/irsa/README.md b/modules/irsa/README.md
index 5e129afa..2a1f0c94 100644
--- a/modules/irsa/README.md
+++ b/modules/irsa/README.md
@@ -6,7 +6,7 @@ This module is an opinionated implementation of predefined and custom `irsa` rol
 
 * `external-dns`
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -70,4 +70,4 @@ No modules.
 | <a name="output_netapp_trident_configurator"></a> [netapp\_trident\_configurator](#output\_netapp\_trident\_configurator) | NetApp Astra Trident NETAPP configurator role info |
 | <a name="output_netapp_trident_operator"></a> [netapp\_trident\_operator](#output\_netapp\_trident\_operator) | NetApp Astra Trident NETAPP Operator role info |
 | <a name="output_roles"></a> [roles](#output\_roles) | Roles mapping info |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/modules/nodes/README.md b/modules/nodes/README.md
index d4d5ac35..d8906049 100644
--- a/modules/nodes/README.md
+++ b/modules/nodes/README.md
@@ -1,6 +1,6 @@
 # nodes
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -59,4 +59,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Node and EKS addons details. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/tests/deploy/single-node/README.md b/tests/deploy/single-node/README.md
index daa788ac..ad7a156f 100644
--- a/tests/deploy/single-node/README.md
+++ b/tests/deploy/single-node/README.md
@@ -1,7 +1,7 @@
 # single_node
 :x: **DO NOT USE TO PROVISION INFRASTRUCTURE.This implementation is meant for internal purposes ONLY.** :anger:
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -40,4 +40,4 @@
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Single Node details. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/tests/plan/create-kms-key/README.md b/tests/plan/create-kms-key/README.md
index 9803720d..e684746a 100644
--- a/tests/plan/create-kms-key/README.md
+++ b/tests/plan/create-kms-key/README.md
@@ -1,6 +1,6 @@
 # create-kms-key
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -41,4 +41,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_kms_key_id"></a> [kms\_key\_id](#output\_kms\_key\_id) | KMS key id |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/tests/plan/terraform/README.md b/tests/plan/terraform/README.md
index 74e19c81..9ee078af 100644
--- a/tests/plan/terraform/README.md
+++ b/tests/plan/terraform/README.md
@@ -2,7 +2,7 @@
 
 :warning: **DO NOT USE TO PROVISION INFRASTRUCTURE.This implementation is meant for testing purposes ONLY.**
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -61,4 +61,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->

From 3e59a523ee8ebea822d82f1ebcd4c2165c866278 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Tue, 12 Nov 2024 15:36:19 -0700
Subject: [PATCH 08/14] Extend timeouts for single-node

---
 .circleci/config.yml                                        | 2 ++
 modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl | 3 ++-
 modules/single-node/main.tf                                 | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index faac29c0..67e0d43d 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -195,6 +195,7 @@ commands:
           name: Deploy single-node
           working_directory: tests/deploy
           command: bash ci-deploy.sh deploy_single_node
+          no_output_timeout: "20m"
 
   tf_destroy_single_node:
     description: "Terraform destroy single-node"
@@ -203,6 +204,7 @@ commands:
           name: Destroy single-node
           working_directory: tests/deploy
           command: bash ci-deploy.sh destroy_single_node
+          no_output_timeout: "20m"
 
   tf_deploy:
     description: "Terraform deploy"
diff --git a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
index 36c035d5..037eb659 100644
--- a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
+++ b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
@@ -183,7 +183,8 @@ kubectl_cmd() {
 }
 
 wait_for_single_node() {
-  TIMEOUT=600
+  # Derive timeout from first argument
+  TIMEOUT=${1:-600}
   ELAPSED_TIME=0
   SLEEP_INTERVAL=30
 
diff --git a/modules/single-node/main.tf b/modules/single-node/main.tf
index 5bc546fc..6a879d2d 100644
--- a/modules/single-node/main.tf
+++ b/modules/single-node/main.tf
@@ -33,7 +33,7 @@ resource "terraform_data" "node_is_ready" {
   # Even though the node is ready coredns hangs or takes 15m, waiting a bit reduces it to 15s.
   # https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1801
   provisioner "local-exec" {
-    command     = "bash ./${basename(var.eks_info.k8s_pre_setup_sh_file)} wait_for_single_node && sleep 60"
+    command     = "bash ./${basename(var.eks_info.k8s_pre_setup_sh_file)} wait_for_single_node 1200 && sleep 60"
     interpreter = ["bash", "-c"]
     working_dir = dirname(var.eks_info.k8s_pre_setup_sh_file)
   }

From b241a6bfd370f410c0fb24f02f6c3b45482f480a Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Tue, 12 Nov 2024 16:46:04 -0700
Subject: [PATCH 09/14] Fix typo

---
 modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
index 037eb659..9239e27e 100644
--- a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
+++ b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
@@ -184,7 +184,7 @@ kubectl_cmd() {
 
 wait_for_single_node() {
   # Derive timeout from first argument
-  TIMEOUT=${1:-600}
+  TIMEOUT="${1:-600}"
   ELAPSED_TIME=0
   SLEEP_INTERVAL=30
 

From 91d9624a0cf2436ffb05ec6c940ce1b1c859c792 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Tue, 12 Nov 2024 16:49:40 -0700
Subject: [PATCH 10/14] Revert function change

---
 modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl | 3 +--
 modules/single-node/main.tf                                 | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
index 9239e27e..039641d5 100644
--- a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
+++ b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
@@ -183,8 +183,7 @@ kubectl_cmd() {
 }
 
 wait_for_single_node() {
-  # Derive timeout from first argument
-  TIMEOUT="${1:-600}"
+  TIMEOUT=1200
   ELAPSED_TIME=0
   SLEEP_INTERVAL=30
 
diff --git a/modules/single-node/main.tf b/modules/single-node/main.tf
index 6a879d2d..5bc546fc 100644
--- a/modules/single-node/main.tf
+++ b/modules/single-node/main.tf
@@ -33,7 +33,7 @@ resource "terraform_data" "node_is_ready" {
   # Even though the node is ready coredns hangs or takes 15m, waiting a bit reduces it to 15s.
   # https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1801
   provisioner "local-exec" {
-    command     = "bash ./${basename(var.eks_info.k8s_pre_setup_sh_file)} wait_for_single_node 1200 && sleep 60"
+    command     = "bash ./${basename(var.eks_info.k8s_pre_setup_sh_file)} wait_for_single_node && sleep 60"
     interpreter = ["bash", "-c"]
     working_dir = dirname(var.eks_info.k8s_pre_setup_sh_file)
   }

From 3bc51abf8292714c2fc0a8244260fda25482cc7b Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Tue, 12 Nov 2024 17:34:09 -0700
Subject: [PATCH 11/14] Revert timeout change

---
 modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
index 039641d5..36c035d5 100644
--- a/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
+++ b/modules/eks/submodules/k8s/templates/k8s-functions.sh.tftpl
@@ -183,7 +183,7 @@ kubectl_cmd() {
 }
 
 wait_for_single_node() {
-  TIMEOUT=1200
+  TIMEOUT=600
   ELAPSED_TIME=0
   SLEEP_INTERVAL=30
 

From 3c7197530737f20a77ba7b23f9a67d0cea3d7077 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Thu, 14 Nov 2024 09:50:52 -0700
Subject: [PATCH 12/14] Update hooks

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 344cf8b3..b55c65d2 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@
 default_stages: [pre-commit]
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer

From 4a58084d5eb0759b714b4bda23778923caa0fea4 Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Thu, 14 Nov 2024 09:51:18 -0700
Subject: [PATCH 13/14] Formatting

---
 modules/flyte/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/flyte/README.md b/modules/flyte/README.md
index 2fb5de06..0cd123ba 100644
--- a/modules/flyte/README.md
+++ b/modules/flyte/README.md
@@ -53,7 +53,7 @@ No modules.
 | <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
 | <a name="input_platform_namespace"></a> [platform\_namespace](#input\_platform\_namespace) | Name of Domino platform namespace for this deploy | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
-| <a name="input_serviceaccount_names"></a> [serviceaccount\_names](#input\_serviceaccount\_names) | Service account names for Flyte | <pre>object({<br>    datacatalog    = optional(string, "datacatalog")<br>    flyteadmin     = optional(string, "flyteadmin")<br>    flytepropeller = optional(string, "flytepropeller")<br>    importer       = optional(string, "domino-data-importer")<br>  })</pre> | `{}` | no |
+| <a name="input_serviceaccount_names"></a> [serviceaccount\_names](#input\_serviceaccount\_names) | Service account names for Flyte | <pre>object({<br/>    datacatalog    = optional(string, "datacatalog")<br/>    flyteadmin     = optional(string, "flyteadmin")<br/>    flytepropeller = optional(string, "flytepropeller")<br/>    importer       = optional(string, "domino-data-importer")<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 

From 48a5b6a3767062168dabd48892cb44a4c48246da Mon Sep 17 00:00:00 2001
From: Dan Clegg <dan.clegg@dominodatalab.com>
Date: Thu, 14 Nov 2024 13:52:04 -0700
Subject: [PATCH 14/14] Test restricting dev-v2

---
 tests/deploy/single-node/single-node.tfvars | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tests/deploy/single-node/single-node.tfvars b/tests/deploy/single-node/single-node.tfvars
index c710f221..e692d5b8 100644
--- a/tests/deploy/single-node/single-node.tfvars
+++ b/tests/deploy/single-node/single-node.tfvars
@@ -1,12 +1,16 @@
 single_node = {
   instance_type = "m6i.2xlarge"
-  name          = "al2023"
+  name          = "dev-v2"
   ami = {
-    name_prefix = "amazon-eks-node-al2023-x86_64-standard-"
-    owner       = "602401143452"
+    name_prefix = "dev-v2_"
+    owner       = "977170443939"
+
+  }
+  eks = {
+    k8s_version = "1.30"
   }
   labels = {
     "dominodatalab.com/node-pool"   = "default",
     "dominodatalab.com/domino-node" = "true"
-  },
+  }
 }