diff --git a/terraform/layer1-aws/.terraform.lock.hcl b/terraform/layer1-aws/.terraform.lock.hcl
new file mode 100644
index 00000000..197d7fbe
--- /dev/null
+++ b/terraform/layer1-aws/.terraform.lock.hcl
@@ -0,0 +1,105 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.1.0"
+  constraints = ">= 2.49.0, >= 3.0.0, >= 3.34.0, >= 3.35.0, >= 3.72.0, >= 4.0.0, >= 4.7.0, >= 4.35.0, >= 4.40.0, >= 4.47.0, 5.1.0"
+  hashes = [
+    "h1:iDyYmwv8q94Dvr4DRG1KBxTWPZRFkRmKGa3cjCEsPZU=",
+    "zh:0c48f157b804c1f392adb5c14b81e756c652755e358096300ea8dd1283021129",
+    "zh:1a50495a6c0e5665e51df57dac6e781ec71439b11ebf05f971b6f3a3eb4eb7b2",
+    "zh:2959ff472c05e56d59e012118dd8d55022f005534c0ae961ce81136de9f66a4d",
+    "zh:2dfda9133581b99ed6e709e89a453fd2974ce88c703d3e073ec31bf99d7508ce",
+    "zh:2f3d92cc7a6624da42cee2202f8fb23e6d38f156ab7851884d637282cb0dc709",
+    "zh:3bc2a34d09cbaf439a1815846904f070c782cd8dfd60b5e0116827cda25f7549",
+    "zh:4ef43f1a247aa8de8690ac3bbc2b00ebaf6b2872fc8d0f5130e4a8130c874b87",
+    "zh:5477cb272dcaeb0030091bcf23a9f0f33b5410e44e317e9d3d49446f545dbaa4",
+    "zh:734c8fb4c0b79c82dd757566761dda5b91ee1ef9a2b848a748ade11e0e1cc69f",
+    "zh:80346c051b677f4f018da7fe06318b87c5bd0f1ec67ce78ab33baed3bb8b031a",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a865b2f88dfee13df14116c5cf53d033d2c15855f4b59b9c65337309a928df2c",
+    "zh:c0345f266eedaece5612c1000722b302f895d1bc5af1d5a4265f0e7000ca48bb",
+    "zh:d59703c8e6a9d8b4fbd3b4583b945dfff9cb2844c762c0b3990e1cef18282279",
+    "zh:d8d04a6a6cd2dfcb23b57e551db7b15e647f6166310fb7d883d8ec67bdc9bdc8",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/cloudinit" {
+  version     = "2.3.3"
+  constraints = ">= 2.0.0"
+  hashes = [
+    "h1:GmJ8PxLjjPr+lh02Bw3u7RYqA3UtpE2hQ1T43Vt7PTQ=",
+    "zh:0bd6ee14ca5cf0f0c83d3bb965346b1225ccd06a6247e80774aaaf54c729daa7",
+    "zh:3055ad0dcc98de1d4e45b72c5889ae91b62f4ae4e54dbc56c4821be0fdfbed91",
+    "zh:32764cfcff0d7379ca8b7dde376ac5551854d454c5881945f1952b785a312fa2",
+    "zh:55c2a4dc3ebdeaa1dec3a36db96dab253c7fa10b9fe1209862e1ee77a01e0aa1",
+    "zh:5c71f260ba5674d656d12f67cde3bb494498e6b6b6e66945ef85688f185dcf63",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:9617280a853ec7caedb8beb7864e4b29faf9c850a453283980c28fccef2c493d",
+    "zh:ac8bda21950f8dddade3e9bc15f7bcfdee743738483be5724169943cafa611f5",
+    "zh:ba9ab567bbe63dee9197a763b3104ea9217ba27449ed54d3afa6657f412e3496",
+    "zh:effd1a7e34bae3879c02f03ed3afa979433a518e11de1f8afd35a8710231ac14",
+    "zh:f021538c86d0ac250d75e59efde6d869bbfff711eb744c8bddce79d2475bf46d",
+    "zh:f1e3984597948a2103391a26600e177b19f16a5a4c66acee27a4343fb141571f",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version     = "2.19.0"
+  constraints = ">= 2.10.0, 2.19.0"
+  hashes = [
+    "h1:ID/u9YOv00w+Z8iG+592oyuV7HcqRmPiZpEC9hnyTMY=",
+    "zh:028d346460de2d1d19b4c863dfc36be51c7bcd97d372b54a3a946bcb19f3f613",
+    "zh:391d0b38c455437d0a2ab1beb6ce6e1230aa4160bbae11c58b2810b258b44280",
+    "zh:40ea742f91b67f66e71d7091cfd40cc604528c4947651924bd6d8bd8d9793708",
+    "zh:48a99d341c8ba3cadaafa7cb99c0f11999f5e23f5cfb0f8469b4e352d9116e74",
+    "zh:4a5ade940eff267cbf7dcd52c1a7ac3999e7cc24996a409bd8b37bdb48a97f02",
+    "zh:5063742016a8249a4be057b9cc0ef24a684ec76d0ae5463d4b07e9b2d21e047e",
+    "zh:5d36b3a5662f840a6788f5e2a19d02139e87318feb3c5d82c7d076be1366fec4",
+    "zh:75edd9960cb30e54ef7de1b7df2761a274f17d4d41f54e72f86b43f41af3eb6d",
+    "zh:b85cadef3e6f25f1a10a617472bf5e8449decd61626733a1bc723de5edc08f64",
+    "zh:dc565b17b4ea6dde6bd1b92bc37e5e850fcbf9400540eec00ad3d9552a76ac2e",
+    "zh:deb665cc2123f2701aa3d653987b2ca35fb035a08a76a2382efb215c209f19a5",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+  version     = "0.10.0"
+  constraints = ">= 0.9.0"
+  hashes = [
+    "h1:NAl8eupFAZXCAbE5uiHZTz+Yqler55B3fMG+jNPrjjM=",
+    "zh:0ab31efe760cc86c9eef9e8eb070ae9e15c52c617243bbd9041632d44ea70781",
+    "zh:0ee4e906e28f23c598632eeac297ab098d6d6a90629d15516814ab90ad42aec8",
+    "zh:3bbb3e9da728b82428c6f18533b5b7c014e8ff1b8d9b2587107c966b985e5bcc",
+    "zh:6771c72db4e4486f2c2603c81dfddd9e28b6554d1ded2996b4cb37f887b467de",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:833c636d86c2c8f23296a7da5d492bdfd7260e22899fc8af8cc3937eb41a7391",
+    "zh:c545f1497ae0978ffc979645e594b57ff06c30b4144486f4f362d686366e2e42",
+    "zh:def83c6a85db611b8f1d996d32869f59397c23b8b78e39a978c8a2296b0588b2",
+    "zh:df9579b72cc8e5fac6efee20c7d0a8b72d3d859b50828b1c473d620ab939e2c7",
+    "zh:e281a8ecbb33c185e2d0976dc526c93b7359e3ffdc8130df7422863f4952c00e",
+    "zh:ecb1af3ae67ac7933b5630606672c94ec1f54b119bf77d3091f16d55ab634461",
+    "zh:f8109f13e07a741e1e8a52134f84583f97a819e33600be44623a21f6424d6593",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+  version     = "4.0.5"
+  constraints = ">= 3.0.0"
+  hashes = [
+    "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=",
+    "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e",
+    "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32",
+    "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b",
+    "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a",
+    "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a",
+    "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e",
+    "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc",
+    "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9",
+    "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4",
+    "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8",
+    "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf
index 440cac2d..b3e9e650 100644
--- a/terraform/layer1-aws/aws-eks.tf
+++ b/terraform/layer1-aws/aws-eks.tf
@@ -1,8 +1,4 @@
 locals {
-  eks_worker_tags = {
-    "k8s.io/cluster-autoscaler/enabled"       = "true"
-    "k8s.io/cluster-autoscaler/${local.name}" = "owned"
-  }
 
   eks_map_roles = [
     {
@@ -13,13 +9,14 @@ locals {
   ]
 }
 
-data "aws_ami" "eks_default_bottlerocket" {
+data "aws_ami" "eks_default_arm64" {
   most_recent = true
   owners      = ["amazon"]
 
   filter {
     name   = "name"
-    values = ["bottlerocket-aws-k8s-${var.eks_cluster_version}-x86_64-*"]
+    values = ["amazon-eks-arm64-node-${var.eks_cluster_version}-v*"]
+
   }
 }
 
@@ -65,7 +62,10 @@ module "eks" {
   cluster_endpoint_private_access      = var.eks_cluster_endpoint_private_access
   cluster_endpoint_public_access_cidrs = var.eks_cluster_endpoint_only_pritunl ? ["${module.pritunl[0].pritunl_endpoint}/32"] : ["0.0.0.0/0"]
 
+  node_security_group_tags = { "karpenter.sh/discovery" = local.name }
+
   self_managed_node_group_defaults = {
+    ami_id = data.aws_ami.eks_default_arm64.id
     block_device_mappings = {
       xvda = {
         device_name = "/dev/xvda"
@@ -78,7 +78,7 @@ module "eks" {
 
       }
     }
-    iam_role_additional_policies = var.eks_workers_additional_policies
+    # iam_role_additional_policies = var.eks_workers_additional_policies
     metadata_options = {
       http_endpoint               = "enabled"
       http_tokens                 = "required"
@@ -88,81 +88,18 @@ module "eks" {
     iam_role_attach_cni_policy = false
   }
   self_managed_node_groups = {
-    spot = {
-      name          = "${local.name}-spot"
-      iam_role_name = "${local.name}-spot"
-      desired_size  = var.node_group_spot.desired_capacity
-      max_size      = var.node_group_spot.max_capacity
-      min_size      = var.node_group_spot.min_capacity
-      subnet_ids    = module.vpc.private_subnets
-
-      bootstrap_extra_args       = "--kubelet-extra-args '--node-labels=eks.amazonaws.com/capacityType=SPOT  --node-labels=nodegroup=spot'"
-      capacity_rebalance         = var.node_group_spot.capacity_rebalance
-      use_mixed_instances_policy = var.node_group_spot.use_mixed_instances_policy
-      mixed_instances_policy     = var.node_group_spot.mixed_instances_policy
-
-      tags = local.eks_worker_tags
-    },
-    ondemand = {
-      name          = "${local.name}-ondemand"
-      iam_role_name = "${local.name}-ondemand"
-      desired_size  = var.node_group_ondemand.desired_capacity
-      max_size      = var.node_group_ondemand.max_capacity
-      min_size      = var.node_group_ondemand.min_capacity
-      instance_type = var.node_group_ondemand.instance_type
-      subnet_ids    = module.vpc.private_subnets
-
-      bootstrap_extra_args       = "--kubelet-extra-args '--node-labels=eks.amazonaws.com/capacityType=ON_DEMAND --node-labels=nodegroup=ondemand'"
-      capacity_rebalance         = var.node_group_ondemand.capacity_rebalance
-      use_mixed_instances_policy = var.node_group_ondemand.use_mixed_instances_policy
-      mixed_instances_policy     = var.node_group_ondemand.mixed_instances_policy
-
-      tags = local.eks_worker_tags
-    },
-    ci = {
-      name          = "${local.name}-ci"
-      iam_role_name = "${local.name}-ci"
-      desired_size  = var.node_group_ci.desired_capacity
-      max_size      = var.node_group_ci.max_capacity
-      min_size      = var.node_group_ci.min_capacity
-      subnet_ids    = module.vpc.private_subnets
-
-      bootstrap_extra_args       = "--kubelet-extra-args '--node-labels=eks.amazonaws.com/capacityType=SPOT  --node-labels=nodegroup=ci --register-with-taints=nodegroup=ci:NoSchedule'"
-      capacity_rebalance         = var.node_group_ci.capacity_rebalance
-      use_mixed_instances_policy = var.node_group_ci.use_mixed_instances_policy
-      mixed_instances_policy     = var.node_group_ci.mixed_instances_policy
-
-      tags = merge(local.eks_worker_tags, { "k8s.io/cluster-autoscaler/node-template/label/nodegroup" = "ci" })
-    },
-    bottlerocket = {
-      name          = "${local.name}-bottlerocket"
-      iam_role_name = "${local.name}-bottlerocket"
-      desired_size  = var.node_group_br.desired_capacity
-      max_size      = var.node_group_br.max_capacity
-      min_size      = var.node_group_br.min_capacity
+    default = {
+      name          = "${local.name}-default"
+      iam_role_name = "${local.name}-default"
+      desired_size  = var.node_group_default.desired_capacity
+      max_size      = var.node_group_default.max_capacity
+      min_size      = var.node_group_default.min_capacity
       subnet_ids    = module.vpc.private_subnets
 
-      platform                   = "bottlerocket"
-      ami_id                     = data.aws_ami.eks_default_bottlerocket.id
-      bootstrap_extra_args       = <<-EOT
-          [settings.host-containers.admin]
-          enabled = false
-
-          [settings.host-containers.control]
-          enabled = true
-
-          [settings.kubernetes.node-labels]
-          "eks.amazonaws.com/capacityType" = "SPOT"
-          "nodegroup" = "bottlerocket"
-
-          [settings.kubernetes.node-taints]
-          "nodegroup" = "bottlerocket:NoSchedule"
-          EOT
-      capacity_rebalance         = var.node_group_br.capacity_rebalance
-      use_mixed_instances_policy = var.node_group_br.use_mixed_instances_policy
-      mixed_instances_policy     = var.node_group_br.mixed_instances_policy
-
-      tags = merge(local.eks_worker_tags, { "k8s.io/cluster-autoscaler/node-template/label/nodegroup" = "bottlerocket" })
+      bootstrap_extra_args       = "--kubelet-extra-args '--node-labels=nodegroup=default --register-with-taints=CriticalAddonsOnly=true:NoSchedule'"
+      capacity_rebalance         = var.node_group_default.capacity_rebalance
+      use_mixed_instances_policy = var.node_group_default.use_mixed_instances_policy
+      mixed_instances_policy     = var.node_group_default.mixed_instances_policy
     }
   }
   fargate_profiles = {
diff --git a/terraform/layer1-aws/demo.tfvars.example b/terraform/layer1-aws/demo.tfvars.example
index ff881fb3..65b67fc3 100644
--- a/terraform/layer1-aws/demo.tfvars.example
+++ b/terraform/layer1-aws/demo.tfvars.example
@@ -19,14 +19,3 @@ single_nat_gateway = true
 # EKS
 ##########
 eks_cluster_encryption_config_enable = true
-
-node_group_ondemand = {
-  instance_types       = ["m5a.medium"]
-  capacity_type        = "ON_DEMAND"
-  max_capacity         = 5
-  min_capacity         = 1
-  desired_capacity     = 1
-  force_update_version = false
-}
-
-eks_write_kubeconfig = false
diff --git a/terraform/layer1-aws/outputs.tf b/terraform/layer1-aws/outputs.tf
index 0b29f5b4..10a1ebc6 100644
--- a/terraform/layer1-aws/outputs.tf
+++ b/terraform/layer1-aws/outputs.tf
@@ -108,3 +108,15 @@ output "ssl_certificate_arn" {
   description = "ARN of SSL certificate"
   value       = local.ssl_certificate_arn
 }
+
+output "node_group_default_iam_instance_profile_id" {
+  value = module.eks.self_managed_node_groups["default"].iam_instance_profile_id
+}
+
+output "node_group_default_iam_role_arn" {
+  value = module.eks.self_managed_node_groups["default"].iam_role_arn
+}
+
+output "node_group_default_iam_role_name" {
+  value = module.eks.self_managed_node_groups["default"].iam_role_name
+}
diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf
index 3d98e246..2b32f86f 100644
--- a/terraform/layer1-aws/variables.tf
+++ b/terraform/layer1-aws/variables.tf
@@ -22,7 +22,7 @@ variable "aws_account_password_policy" {
 }
 
 variable "is_this_payment_account" {
-  default     = true
+  default     = false
   description = "Set it to false if a target account isn't a payer account. This variable is used to apply a configuration for cost allocation tags"
 }
 
@@ -117,15 +117,15 @@ variable "eks_cluster_version" {
   description = "Version of the EKS K8S cluster"
 }
 
-variable "eks_workers_additional_policies" {
-  type = map(string)
-  default = {
-    additional = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-  }
-  description = "Additional IAM policy attached to EKS worker nodes"
-}
+# variable "eks_workers_additional_policies" {
+#   type = map(string)
+#   default = {
+#     additional = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+#   }
+#   description = "Additional IAM policy attached to EKS worker nodes"
+# }
 
-variable "node_group_spot" {
+variable "node_group_default" {
   type = object({
     instance_type              = string
     max_capacity               = number
@@ -137,10 +137,10 @@ variable "node_group_spot" {
   })
 
   default = {
-    instance_type              = "t3.medium" # will be overridden
-    max_capacity               = 5
-    min_capacity               = 0
-    desired_capacity           = 1
+    instance_type              = "t4g.medium" # will be overridden
+    max_capacity               = 3
+    min_capacity               = 2
+    desired_capacity           = 2
     capacity_rebalance         = true
     use_mixed_instances_policy = true
     mixed_instances_policy = {
@@ -150,101 +150,12 @@ variable "node_group_spot" {
       }
 
       override = [
-        { instance_type = "t3.medium" },
-        { instance_type = "t3a.medium" }
-      ]
-    }
-  }
-  description = "Spot node group configuration"
-}
-
-variable "node_group_ci" {
-  type = object({
-    instance_type              = string
-    max_capacity               = number
-    min_capacity               = number
-    desired_capacity           = number
-    capacity_rebalance         = bool
-    use_mixed_instances_policy = bool
-    mixed_instances_policy     = any
-  })
-
-  default = {
-    instance_type              = "t3.medium" # will be overridden
-    max_capacity               = 5
-    min_capacity               = 0
-    desired_capacity           = 0
-    capacity_rebalance         = false
-    use_mixed_instances_policy = true
-    mixed_instances_policy = {
-      instances_distribution = {
-        on_demand_base_capacity                  = 0
-        on_demand_percentage_above_base_capacity = 0
-      }
-
-      override = [
-        { instance_type = "t3.medium" },
-        { instance_type = "t3a.medium" }
+        { instance_type = "t4g.small" },
+        { instance_type = "t4g.medium" }
       ]
     }
   }
-  description = "CI node group configuration"
-}
-
-variable "node_group_ondemand" {
-  type = object({
-    instance_type              = string
-    max_capacity               = number
-    min_capacity               = number
-    desired_capacity           = number
-    capacity_rebalance         = bool
-    use_mixed_instances_policy = bool
-    mixed_instances_policy     = any
-  })
-
-  default = {
-    instance_type              = "t3a.medium"
-    max_capacity               = 5
-    min_capacity               = 1
-    desired_capacity           = 1
-    capacity_rebalance         = false
-    use_mixed_instances_policy = false
-    mixed_instances_policy     = null
-  }
-  description = "Default ondemand node group configuration"
-}
-
-variable "node_group_br" {
-  type = object({
-    instance_type              = string
-    max_capacity               = number
-    min_capacity               = number
-    desired_capacity           = number
-    capacity_rebalance         = bool
-    use_mixed_instances_policy = bool
-    mixed_instances_policy     = any
-  })
-
-  default = {
-    instance_type              = "t3.medium" # will be overridden
-    max_capacity               = 5
-    min_capacity               = 0
-    desired_capacity           = 0
-    capacity_rebalance         = true
-    use_mixed_instances_policy = true
-    mixed_instances_policy = {
-      instances_distribution = {
-        on_demand_base_capacity                  = 0
-        on_demand_percentage_above_base_capacity = 0
-      }
-
-      override = [
-        { instance_type = "t3.medium" },
-        { instance_type = "t3a.medium" }
-      ]
-    }
-  }
-  description = "Bottlerocket node group configuration"
+  description = "Default node group configuration"
 }
 
 variable "eks_map_roles" {
@@ -258,11 +169,6 @@ variable "eks_map_roles" {
   default = []
 }
 
-variable "eks_write_kubeconfig" {
-  default     = false
-  description = "Flag for eks module to write kubeconfig"
-}
-
 variable "eks_cluster_enabled_log_types" {
   type        = list(string)
   default     = ["audit"]
diff --git a/terraform/layer2-k8s/eks-aws-loadbalancer-controller.tf b/terraform/layer2-k8s/eks-aws-loadbalancer-controller.tf
index 89396f82..ae21396d 100644
--- a/terraform/layer2-k8s/eks-aws-loadbalancer-controller.tf
+++ b/terraform/layer2-k8s/eks-aws-loadbalancer-controller.tf
@@ -19,16 +19,6 @@ serviceAccount:
   create: true
   annotations:
      "eks.amazonaws.com/role-arn": ${local.aws_load_balancer_controller.enabled ? module.aws_iam_aws_loadbalancer_controller[0].role_arn : ""}
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: eks.amazonaws.com/capacityType
-          operator: In
-          values:
-            - ON_DEMAND
 VALUES
 }
 
diff --git a/terraform/layer2-k8s/eks-aws-node-termination-handler.tf b/terraform/layer2-k8s/eks-aws-node-termination-handler.tf
deleted file mode 100644
index d7f62101..00000000
--- a/terraform/layer2-k8s/eks-aws-node-termination-handler.tf
+++ /dev/null
@@ -1,93 +0,0 @@
-locals {
-  aws_node_termination_handler = {
-    name          = local.helm_releases[index(local.helm_releases.*.id, "aws-node-termination-handler")].id
-    enabled       = local.helm_releases[index(local.helm_releases.*.id, "aws-node-termination-handler")].enabled
-    chart         = local.helm_releases[index(local.helm_releases.*.id, "aws-node-termination-handler")].chart
-    repository    = local.helm_releases[index(local.helm_releases.*.id, "aws-node-termination-handler")].repository
-    chart_version = local.helm_releases[index(local.helm_releases.*.id, "aws-node-termination-handler")].chart_version
-    namespace     = local.helm_releases[index(local.helm_releases.*.id, "aws-node-termination-handler")].namespace
-  }
-  aws_node_termination_handler_values = <<VALUES
-rbac:
-  create: true
-  pspEnabled: false # Due to psp removed in k8s 1.25 and latest aws-node-termination handler chart doesn't maintain new PSP version
-
-enableSpotInterruptionDraining: true
-enableRebalanceMonitoring: true
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: eks.amazonaws.com/capacityType
-          operator: In
-          values:
-          - SPOT
-        - key: eks.amazonaws.com/nodegroup
-          operator: DoesNotExist
-VALUES
-}
-
-module "aws_node_termination_handler_namespace" {
-  count = local.aws_node_termination_handler.enabled ? 1 : 0
-
-  source = "../modules/eks-kubernetes-namespace"
-  name   = local.aws_node_termination_handler.namespace
-  network_policies = [
-    {
-      name         = "default-deny"
-      policy_types = ["Ingress", "Egress"]
-      pod_selector = {}
-    },
-    {
-      name         = "allow-this-namespace"
-      policy_types = ["Ingress"]
-      pod_selector = {}
-      ingress = {
-        from = [
-          {
-            namespace_selector = {
-              match_labels = {
-                name = local.aws_node_termination_handler.namespace
-              }
-            }
-          }
-        ]
-      }
-    },
-    {
-      name         = "allow-egress"
-      policy_types = ["Egress"]
-      pod_selector = {}
-      egress = {
-        to = [
-          {
-            ip_block = {
-              cidr = "0.0.0.0/0"
-              except = [
-                "169.254.169.254/32"
-              ]
-            }
-          }
-        ]
-      }
-    }
-  ]
-}
-
-resource "helm_release" "aws_node_termination_handler" {
-  count = local.aws_node_termination_handler.enabled ? 1 : 0
-
-  name        = local.aws_node_termination_handler.name
-  chart       = local.aws_node_termination_handler.chart
-  repository  = local.aws_node_termination_handler.repository
-  version     = local.aws_node_termination_handler.chart_version
-  namespace   = module.aws_node_termination_handler_namespace[count.index].name
-  max_history = var.helm_release_history_size
-
-  values = [
-    local.aws_node_termination_handler_values
-  ]
-
-}
diff --git a/terraform/layer2-k8s/eks-cert-manager.tf b/terraform/layer2-k8s/eks-cert-manager.tf
index 9841eceb..da5018aa 100644
--- a/terraform/layer2-k8s/eks-cert-manager.tf
+++ b/terraform/layer2-k8s/eks-cert-manager.tf
@@ -30,15 +30,7 @@ serviceAccount:
     "eks.amazonaws.com/role-arn": ${local.cert_manager.enabled ? module.aws_iam_cert_manager[0].role_arn : ""}
 securityContext:
   fsGroup: 1001
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: eks.amazonaws.com/capacityType
-          operator: In
-          values:
-            - ON_DEMAND
+
 cainjector:
   enabled: true
   replicaCount: 1
diff --git a/terraform/layer2-k8s/eks-elk.tf b/terraform/layer2-k8s/eks-elk.tf
index e643286e..eafc5187 100644
--- a/terraform/layer2-k8s/eks-elk.tf
+++ b/terraform/layer2-k8s/eks-elk.tf
@@ -83,10 +83,10 @@ elasticsearch:
     requiredDuringSchedulingIgnoredDuringExecution:
       nodeSelectorTerms:
       - matchExpressions:
-        - key: eks.amazonaws.com/capacityType
+        - key: karpenter.sh/capacity-type
           operator: In
           values:
-            - ON_DEMAND
+            - on-demand
 VALUES
   elk_kibana_values           = <<VALUES
 kibana:
@@ -155,10 +155,10 @@ kibana:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: eks.amazonaws.com/capacityType
+          - key: karpenter.sh/capacity-type
             operator: In
             values:
-              - SPOT
+              - spot
 
   extraInitContainers:
     - name: es-check
@@ -450,10 +450,10 @@ apm-server:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: eks.amazonaws.com/capacityType
+          - key: karpenter.sh/capacity-type
             operator: In
             values:
-              - ON_DEMAND
+              - on-demand
 VALUES
   elk_metricbeat_values       = <<VALUES
 metricbeat:
diff --git a/terraform/layer2-k8s/eks-ingress-nginx-controller.tf b/terraform/layer2-k8s/eks-ingress-nginx-controller.tf
index 74659b50..34d1c429 100644
--- a/terraform/layer2-k8s/eks-ingress-nginx-controller.tf
+++ b/terraform/layer2-k8s/eks-ingress-nginx-controller.tf
@@ -21,10 +21,10 @@ controller:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: eks.amazonaws.com/capacityType
+          - key: karpenter.sh/capacity-type
             operator: In
             values:
-              - ON_DEMAND
+              - on-demand
 VALUES
   ingress_nginx_and_aws_load_balancer_controller = <<VALUES
 controller:
diff --git a/terraform/layer2-k8s/eks-istio.tf b/terraform/layer2-k8s/eks-istio.tf
index fe507e0a..f3ade72a 100644
--- a/terraform/layer2-k8s/eks-istio.tf
+++ b/terraform/layer2-k8s/eks-istio.tf
@@ -25,7 +25,7 @@ pilot:
       cpu: "500m"
       memory: "2Gi"
   nodeSelector:
-    eks.amazonaws.com/capacityType: ON_DEMAND
+    karpenter.sh/capacity-type: on-demand
 global:
   imagePullPolicy: IfNotPresent
   proxy:
diff --git a/terraform/layer2-k8s/eks-kube-prometheus-stack.tf b/terraform/layer2-k8s/eks-kube-prometheus-stack.tf
index 170de421..19859c0f 100644
--- a/terraform/layer2-k8s/eks-kube-prometheus-stack.tf
+++ b/terraform/layer2-k8s/eks-kube-prometheus-stack.tf
@@ -76,10 +76,10 @@ prometheus:
         requiredDuringSchedulingIgnoredDuringExecution:
           nodeSelectorTerms:
           - matchExpressions:
-            - key: eks.amazonaws.com/capacityType
+            - key: karpenter.sh/capacity-type
               operator: In
               values:
-                - ON_DEMAND
+                - on-demand
 
 prometheusOperator:
   affinity:
@@ -87,10 +87,10 @@ prometheusOperator:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: eks.amazonaws.com/capacityType
+          - key: karpenter.sh/capacity-type
             operator: In
             values:
-              - ON_DEMAND
+              - on-demand
 VALUES
   kube_prometheus_stack_grafana_values                       = <<VALUES
 # Grafana settings
@@ -187,10 +187,10 @@ grafana:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: eks.amazonaws.com/capacityType
+          - key: karpenter.sh/capacity-type
             operator: In
             values:
-              - SPOT
+              - spot
 VALUES
   kube_prometheus_stack_grafana_istio_values                 = <<VALUES
 grafana:
@@ -297,10 +297,10 @@ alertmanager:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
           - matchExpressions:
-              - key: eks.amazonaws.com/capacityType
+              - key: karpenter.sh/capacity-type
                 operator: In
                 values:
-                  - ON_DEMAND
+                  - on-demand
 VALUES
   kube_prometheus_stack_alertmanager_slack_values            = <<VALUES
 # Alertmanager parameters
diff --git a/terraform/layer2-k8s/eks-loki-stack.tf b/terraform/layer2-k8s/eks-loki-stack.tf
index 3cf42973..48c9324d 100644
--- a/terraform/layer2-k8s/eks-loki-stack.tf
+++ b/terraform/layer2-k8s/eks-loki-stack.tf
@@ -39,10 +39,10 @@ loki:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: eks.amazonaws.com/capacityType
+          - key: karpenter.sh/capacity-type
             operator: In
             values:
-              - ON_DEMAND
+              - on-demand
 
 promtail:
   enabled: true
diff --git a/terraform/layer2-k8s/eks-victoria-metrics-k8s-stack.tf b/terraform/layer2-k8s/eks-victoria-metrics-k8s-stack.tf
index a55d60f1..fd666386 100644
--- a/terraform/layer2-k8s/eks-victoria-metrics-k8s-stack.tf
+++ b/terraform/layer2-k8s/eks-victoria-metrics-k8s-stack.tf
@@ -63,10 +63,10 @@ vmsingle:
         requiredDuringSchedulingIgnoredDuringExecution:
           nodeSelectorTerms:
           - matchExpressions:
-            - key: eks.amazonaws.com/capacityType
+            - key: karpenter.sh/capacity-type
               operator: In
               values:
-                - ON_DEMAND
+                - on-demand
 vmagent:
   spec:
     extraArgs:
@@ -84,10 +84,10 @@ vmagent:
         requiredDuringSchedulingIgnoredDuringExecution:
           nodeSelectorTerms:
           - matchExpressions:
-            - key: eks.amazonaws.com/capacityType
+            - key: karpenter.sh/capacity-type
               operator: In
               values:
-                - ON_DEMAND
+                - on-demand
 kubeScheduler:
   enabled: false
 kubeControllerManager:
@@ -181,10 +181,10 @@ grafana:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: eks.amazonaws.com/capacityType
+          - key: karpenter.sh/capacity-type
             operator: In
             values:
-              - SPOT
+              - spot
 VALUES
   victoria_metrics_k8s_stack_grafana_istio_values                 = <<VALUES
 grafana:
@@ -291,10 +291,10 @@ alertmanager:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
           - matchExpressions:
-              - key: eks.amazonaws.com/capacityType
+              - key: karpenter.sh/capacity-type
                 operator: In
                 values:
-                  - ON_DEMAND
+                  - on-demand
 VALUES
   victoria_metrics_k8s_stack_alertmanager_slack_values            = <<VALUES
 # Alertmanager parameters
diff --git a/terraform/layer2-k8s/helm-releases.yaml b/terraform/layer2-k8s/helm-releases.yaml
index 94cd8ed7..d494af75 100644
--- a/terraform/layer2-k8s/helm-releases.yaml
+++ b/terraform/layer2-k8s/helm-releases.yaml
@@ -1,16 +1,10 @@
 releases:
   - id: aws-load-balancer-controller
-    enabled: true
+    enabled: false
     chart: aws-load-balancer-controller
     repository: https://aws.github.io/eks-charts
     chart_version: 1.5.1
     namespace: aws-load-balancer-controller
-  - id: aws-node-termination-handler
-    enabled: true
-    chart: aws-node-termination-handler
-    repository: https://aws.github.io/eks-charts
-    chart_version: 0.21.0
-    namespace: aws-node-termination-handler
   - id: cert-manager
     enabled: false
     chart: cert-manager
@@ -29,12 +23,6 @@ releases:
     repository:
     chart_version:
     namespace: certmanager
-  - id: cluster-autoscaler
-    enabled: true
-    chart: cluster-autoscaler
-    repository: https://kubernetes.github.io/autoscaler
-    chart_version: 9.28.0
-    namespace: cluster-autoscaler
   - id: elk
     enabled: false
     chart: elk
diff --git a/terraform/modules/karpenter/main.tf b/terraform/modules/karpenter/main.tf
new file mode 100644
index 00000000..8bf868be
--- /dev/null
+++ b/terraform/modules/karpenter/main.tf
@@ -0,0 +1,79 @@
+locals {
+  karpenter = {
+    name          = "karpenter"                      #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].id
+    enabled       = true                             #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].enabled
+    chart         = "karpenter"                      #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].chart
+    repository    = "oci://public.ecr.aws/karpenter" #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].repository
+    chart_version = "v0.33.0"                        #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].chart_version
+    namespace     = "karpenter"                      #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].namespace
+  }
+
+  karpenter_values = <<VALUES
+settings:
+  clusterName: ${var.eks_cluster_id}
+  clusterEndpoint: ${var.eks_cluster_endpoint}
+  interruptionQueue: ${module.karpenter.queue_name}
+
+serviceAccount:
+  annotations:
+    eks.amazonaws.com/role-arn: ${module.karpenter.irsa_arn}
+
+controller:
+  resources:
+    requests:
+      cpu: 200m
+      memory: 512Mi
+    limits:
+      memory: 512Mi
+
+VALUES
+}
+
+module "karpenter" {
+  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
+  version = "19.21.0"
+
+  cluster_name = var.eks_cluster_id
+
+  policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
+
+  irsa_oidc_provider_arn          = var.eks_oidc_provider_arn
+  irsa_namespace_service_accounts = ["karpenter:karpenter"]
+
+  create_iam_role                            = false
+  enable_karpenter_instance_profile_creation = true
+  iam_role_arn                               = var.node_group_default_iam_role_arn
+}
+
+module "namespace" {
+  source = "../eks-kubernetes-namespace"
+  name   = var.k8s_namespace
+}
+
+resource "kubectl_manifest" "this" {
+  for_each = var.kubectl_manifests
+
+  yaml_body = each.value
+
+  depends_on = [helm_release.this]
+}
+
+resource "helm_release" "this" {
+  name                = local.karpenter.name
+  chart               = local.karpenter.chart
+  repository          = local.karpenter.repository
+  version             = local.karpenter.chart_version
+  namespace           = module.namespace.name
+  max_history         = 3
+  repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+  repository_password = data.aws_ecrpublic_authorization_token.token.password
+
+  values = [
+    local.karpenter_values,
+    var.extra_helm_values
+  ]
+}
+
+data "aws_ecrpublic_authorization_token" "token" {}
diff --git a/terraform/modules/karpenter/variables.tf b/terraform/modules/karpenter/variables.tf
new file mode 100644
index 00000000..1ef22e8d
--- /dev/null
+++ b/terraform/modules/karpenter/variables.tf
@@ -0,0 +1,33 @@
+variable "eks_cluster_id" {
+  default = ""
+}
+
+variable "eks_cluster_endpoint" {
+  default = ""
+}
+
+variable "eks_oidc_provider_arn" {
+  default = ""
+}
+
+variable "node_group_default_iam_role_arn" {
+  default = ""
+}
+
+variable "k8s_namespace" {
+  description = "k8s namespace name"
+  type        = string
+  default     = "karpenter"
+}
+
+variable "kubectl_manifests" {
+  description = "Extra kubernetes manifests to apply"
+  type        = map(string)
+  default     = {}
+}
+
+variable "extra_helm_values" {
+  description = "Extra helm values to merge with the default values"
+  type        = any
+  default     = ""
+}
diff --git a/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl b/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl
index e69c59c3..c7519dcf 100644
--- a/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl
+++ b/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl
@@ -5,7 +5,7 @@ provider "registry.terraform.io/gavinbunney/kubectl" {
   version     = "1.14.0"
   constraints = "1.14.0"
   hashes = [
-    "h1:mX2AOFIMIxJmW5kM8DT51gloIOKCr9iT6W8yodnUyfs=",
+    "h1:ItrWfCZMzM2JmvDncihBMalNLutsAk7kyyxVRaipftY=",
     "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858",
     "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030",
     "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5",
@@ -19,80 +19,124 @@ provider "registry.terraform.io/gavinbunney/kubectl" {
 }
 
 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "4.10.0"
-  constraints = ">= 2.23.0, >= 2.42.0, >= 2.49.0, >= 2.53.0, >= 3.28.0, >= 3.63.0, >= 3.72.0, 4.10.0"
+  version     = "5.1.0"
+  constraints = ">= 2.49.0, >= 3.0.0, >= 3.34.0, >= 3.35.0, >= 3.72.0, >= 4.0.0, >= 4.7.0, >= 4.35.0, >= 4.40.0, >= 4.47.0, 5.1.0"
   hashes = [
-    "h1:F9BjbxBhuo1A/rP318IUrkW3TAh29i6UC18qwhzCs6c=",
-    "zh:0a2a7eabfeb7dbb17b7f82aff3fa2ba51e836c15e5be4f5468ea44bd1299b48d",
-    "zh:23409c7205d13d2d68b5528e1c49e0a0455d99bbfec61eb0201142beffaa81f7",
-    "zh:3adad2245d97816f3919778b52c58fb2de130938a3e9081358bfbb72ec478d9a",
-    "zh:5bf100aba6332f24b1ffeae7536d5d489bb907bf774a06b95f2183089eaf1a1a",
-    "zh:63c3a24c0c229a1d3390e6ea2454ba4d8ace9b94e086bee1dbdcf665ae969e15",
-    "zh:6b76f5ffd920f0a750da3a4ff1d00eab18d9cd3731b009aae3df4135613bad4d",
-    "zh:8cd6b1e6b51e8e9bbe2944bb169f113d20d1d72d07ccd1b7b83f40b3c958233e",
+    "h1:iDyYmwv8q94Dvr4DRG1KBxTWPZRFkRmKGa3cjCEsPZU=",
+    "zh:0c48f157b804c1f392adb5c14b81e756c652755e358096300ea8dd1283021129",
+    "zh:1a50495a6c0e5665e51df57dac6e781ec71439b11ebf05f971b6f3a3eb4eb7b2",
+    "zh:2959ff472c05e56d59e012118dd8d55022f005534c0ae961ce81136de9f66a4d",
+    "zh:2dfda9133581b99ed6e709e89a453fd2974ce88c703d3e073ec31bf99d7508ce",
+    "zh:2f3d92cc7a6624da42cee2202f8fb23e6d38f156ab7851884d637282cb0dc709",
+    "zh:3bc2a34d09cbaf439a1815846904f070c782cd8dfd60b5e0116827cda25f7549",
+    "zh:4ef43f1a247aa8de8690ac3bbc2b00ebaf6b2872fc8d0f5130e4a8130c874b87",
+    "zh:5477cb272dcaeb0030091bcf23a9f0f33b5410e44e317e9d3d49446f545dbaa4",
+    "zh:734c8fb4c0b79c82dd757566761dda5b91ee1ef9a2b848a748ade11e0e1cc69f",
+    "zh:80346c051b677f4f018da7fe06318b87c5bd0f1ec67ce78ab33baed3bb8b031a",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:c5c31f58fb5bd6aebc6c662a4693640ec763cb3399cce0b592101cf24ece1625",
-    "zh:cc485410be43d6ad95d81b9e54cc4d2117aadf9bf5941165a9df26565d9cce42",
-    "zh:cebb89c74b6a3dc6780824b1d1e2a8d16a51e75679e14ad0b830d9f7da1a3a67",
-    "zh:e7dc427189cb491e1f96e295101964415cbf8630395ee51e396d2a811f365237",
+    "zh:a865b2f88dfee13df14116c5cf53d033d2c15855f4b59b9c65337309a928df2c",
+    "zh:c0345f266eedaece5612c1000722b302f895d1bc5af1d5a4265f0e7000ca48bb",
+    "zh:d59703c8e6a9d8b4fbd3b4583b945dfff9cb2844c762c0b3990e1cef18282279",
+    "zh:d8d04a6a6cd2dfcb23b57e551db7b15e647f6166310fb7d883d8ec67bdc9bdc8",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/cloudinit" {
-  version = "2.2.0"
+  version     = "2.3.3"
+  constraints = ">= 2.0.0"
   hashes = [
-    "h1:siiI0wK6/jUDdA5P8ifTO0yc9YmXHml4hz5K9I9N+MA=",
-    "h1:tQLNREqesrdCQ/bIJnl0+yUK+XfdWzAG0wo4lp10LvM=",
-    "zh:76825122171f9ea2287fd27e23e80a7eb482f6491a4f41a096d77b666896ee96",
-    "zh:795a36dee548e30ca9c9d474af9ad6d29290e0a9816154ad38d55381cd0ab12d",
-    "zh:9200f02cb917fb99e44b40a68936fd60d338e4d30a718b7e2e48024a795a61b9",
-    "zh:a33cf255dc670c20678063aa84218e2c1b7a67d557f480d8ec0f68bc428ed472",
-    "zh:ba3c1b2cd0879286c1f531862c027ec04783ece81de67c9a3b97076f1ce7f58f",
-    "zh:bd575456394428a1a02191d2e46af0c00e41fd4f28cfe117d57b6aeb5154a0fb",
-    "zh:c68dd1db83d8437c36c92dc3fc11d71ced9def3483dd28c45f8640cfcd59de9a",
-    "zh:cbfe34a90852ed03cc074601527bb580a648127255c08589bc3ef4bf4f2e7e0c",
-    "zh:d6ffd7398c6d1f359b96f5b757e77b99b339fbb91df1b96ac974fe71bc87695c",
-    "zh:d9c15285f847d7a52df59e044184fb3ba1b7679fd0386291ed183782683d9517",
-    "zh:f7dd02f6d36844da23c9a27bb084503812c29c1aec4aba97237fec16860fdc8c",
+    "h1:GmJ8PxLjjPr+lh02Bw3u7RYqA3UtpE2hQ1T43Vt7PTQ=",
+    "zh:0bd6ee14ca5cf0f0c83d3bb965346b1225ccd06a6247e80774aaaf54c729daa7",
+    "zh:3055ad0dcc98de1d4e45b72c5889ae91b62f4ae4e54dbc56c4821be0fdfbed91",
+    "zh:32764cfcff0d7379ca8b7dde376ac5551854d454c5881945f1952b785a312fa2",
+    "zh:55c2a4dc3ebdeaa1dec3a36db96dab253c7fa10b9fe1209862e1ee77a01e0aa1",
+    "zh:5c71f260ba5674d656d12f67cde3bb494498e6b6b6e66945ef85688f185dcf63",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:9617280a853ec7caedb8beb7864e4b29faf9c850a453283980c28fccef2c493d",
+    "zh:ac8bda21950f8dddade3e9bc15f7bcfdee743738483be5724169943cafa611f5",
+    "zh:ba9ab567bbe63dee9197a763b3104ea9217ba27449ed54d3afa6657f412e3496",
+    "zh:effd1a7e34bae3879c02f03ed3afa979433a518e11de1f8afd35a8710231ac14",
+    "zh:f021538c86d0ac250d75e59efde6d869bbfff711eb744c8bddce79d2475bf46d",
+    "zh:f1e3984597948a2103391a26600e177b19f16a5a4c66acee27a4343fb141571f",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version     = "2.12.1"
+  constraints = "2.12.1"
+  hashes = [
+    "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
+    "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
+    "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
+    "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
+    "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
+    "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
+    "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
+    "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
+    "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
+    "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
+    "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
+    "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/kubernetes" {
-  version     = "2.10.0"
-  constraints = "2.10.0"
+  version     = "2.19.0"
+  constraints = ">= 2.10.0, 2.19.0"
   hashes = [
-    "h1:v+xmcw54lMETOlhKPO61AlbxGB0OU8BphMfOO62e0Uo=",
-    "zh:0b011e77f02bc05194062c0a39f321a4f1bea0bae61787b0c1f5808f6efb2a26",
-    "zh:288ad46e240c5d1218909a9100ca8bd2197c8615558bbe7b393ba35877d5e4f0",
-    "zh:3e5554791ed103b6190efebe332fd3722796e6a59cf081f87ef1debb4e0b6ae3",
-    "zh:98e42cb48624be7eb2e16b5d8fc5044d7207943b6d13905bc3d3c006aa231cc7",
-    "zh:b1c800fd3971051d9deb4824f933e506ae288458e425be8ea449c9d40c7b0663",
-    "zh:bca1802585ecbc36bfcc700b6fa7c6ff96b2b8c4aca23c58df939a5002a05b4d",
-    "zh:c2f6bf46cd95d00f2bb1634afff92eeb269d27d83eea80b8cfceca1afdcd3033",
-    "zh:d2ccfbf3a9bf2ede8be6242c023173efd85a882cd3956a941f140c5718047412",
-    "zh:da19cd4a124f4ffc092e19f5b7a10ac4cce98db40cf855ea0d4a682f3df83a1f",
-    "zh:e3a2020453a86f80ad2b3f792e91a35fe272b907485a59c02d19269a1bdfe2fd",
-    "zh:f0659ca86e0dc0dd76b7f4497db8e58144ee9f0943b6d14dc57193d25ee22ced",
+    "h1:ID/u9YOv00w+Z8iG+592oyuV7HcqRmPiZpEC9hnyTMY=",
+    "zh:028d346460de2d1d19b4c863dfc36be51c7bcd97d372b54a3a946bcb19f3f613",
+    "zh:391d0b38c455437d0a2ab1beb6ce6e1230aa4160bbae11c58b2810b258b44280",
+    "zh:40ea742f91b67f66e71d7091cfd40cc604528c4947651924bd6d8bd8d9793708",
+    "zh:48a99d341c8ba3cadaafa7cb99c0f11999f5e23f5cfb0f8469b4e352d9116e74",
+    "zh:4a5ade940eff267cbf7dcd52c1a7ac3999e7cc24996a409bd8b37bdb48a97f02",
+    "zh:5063742016a8249a4be057b9cc0ef24a684ec76d0ae5463d4b07e9b2d21e047e",
+    "zh:5d36b3a5662f840a6788f5e2a19d02139e87318feb3c5d82c7d076be1366fec4",
+    "zh:75edd9960cb30e54ef7de1b7df2761a274f17d4d41f54e72f86b43f41af3eb6d",
+    "zh:b85cadef3e6f25f1a10a617472bf5e8449decd61626733a1bc723de5edc08f64",
+    "zh:dc565b17b4ea6dde6bd1b92bc37e5e850fcbf9400540eec00ad3d9552a76ac2e",
+    "zh:deb665cc2123f2701aa3d653987b2ca35fb035a08a76a2382efb215c209f19a5",
     "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
 
-provider "registry.terraform.io/hashicorp/tls" {
-  version     = "3.3.0"
-  constraints = ">= 2.2.0"
+provider "registry.terraform.io/hashicorp/time" {
+  version     = "0.10.0"
+  constraints = ">= 0.9.0"
   hashes = [
-    "h1:A4xOtHhD4jCmn4nO1xCTk2Nl5IP5JpjicjF+Fuu2ZFQ=",
-    "zh:16140e8cc880f95b642b6bf6564f4e98760e9991864aacc8e21273423571e561",
-    "zh:16338b8457759c97fdd73153965d6063b037f2954fd512e569fcdc42b7fef743",
-    "zh:348bd44b7cd0c6d663bba36cecb474c17635a8f22b02187d034b8e57a8729c5a",
-    "zh:3832ac73c2335c0fac26138bacbd18160efaa3f06c562869acc129e814e27f86",
-    "zh:756d1e60690d0164eee9c93b498b4c8beabbfc1d8b7346cb6d2fa719055089d6",
+    "h1:NAl8eupFAZXCAbE5uiHZTz+Yqler55B3fMG+jNPrjjM=",
+    "zh:0ab31efe760cc86c9eef9e8eb070ae9e15c52c617243bbd9041632d44ea70781",
+    "zh:0ee4e906e28f23c598632eeac297ab098d6d6a90629d15516814ab90ad42aec8",
+    "zh:3bbb3e9da728b82428c6f18533b5b7c014e8ff1b8d9b2587107c966b985e5bcc",
+    "zh:6771c72db4e4486f2c2603c81dfddd9e28b6554d1ded2996b4cb37f887b467de",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:93b911bcddba8dadc5339edb004c8019c230ea67477c73c4f741c236dd9511b1",
-    "zh:c0c4e5742e8ac004c507540423db52af3f44b8ec04443aa8e14669340819344f",
-    "zh:c78296a1dff8ccd5d50203aac353422fc18d425072ba947c88cf5b46de7d32d2",
-    "zh:d7143f444e0f7e6cd67fcaf080398b4f1487cf05de3e0e79af6c14e22812e38b",
-    "zh:e600ac76b118816ad72132eee4c22ab5fc044f67c3babc54537e1fc1ad53d295",
-    "zh:fca07af5f591e12d2dc178a550da69a4847bdb34f8180a5b8e04fde6b528cf99",
+    "zh:833c636d86c2c8f23296a7da5d492bdfd7260e22899fc8af8cc3937eb41a7391",
+    "zh:c545f1497ae0978ffc979645e594b57ff06c30b4144486f4f362d686366e2e42",
+    "zh:def83c6a85db611b8f1d996d32869f59397c23b8b78e39a978c8a2296b0588b2",
+    "zh:df9579b72cc8e5fac6efee20c7d0a8b72d3d859b50828b1c473d620ab939e2c7",
+    "zh:e281a8ecbb33c185e2d0976dc526c93b7359e3ffdc8130df7422863f4952c00e",
+    "zh:ecb1af3ae67ac7933b5630606672c94ec1f54b119bf77d3091f16d55ab634461",
+    "zh:f8109f13e07a741e1e8a52134f84583f97a819e33600be44623a21f6424d6593",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+  version     = "4.0.5"
+  constraints = ">= 3.0.0"
+  hashes = [
+    "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=",
+    "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e",
+    "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32",
+    "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b",
+    "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a",
+    "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a",
+    "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e",
+    "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc",
+    "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9",
+    "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4",
+    "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8",
+    "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
diff --git a/terragrunt/demo/us-east-1/eks-providers.tf b/terragrunt/demo/us-east-1/eks-providers.tf
new file mode 100644
index 00000000..c7a9e708
--- /dev/null
+++ b/terragrunt/demo/us-east-1/eks-providers.tf
@@ -0,0 +1,35 @@
+provider "kubectl" {
+  host                   = data.aws_eks_cluster.main.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.main.token
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.main.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.main.token
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.main.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
+    token                  = data.aws_eks_cluster_auth.main.token
+  }
+  experiments {
+    manifest = false
+  }
+}
+
+
+data "aws_eks_cluster" "main" {
+  name = var.eks_cluster_id
+}
+
+data "aws_eks_cluster_auth" "main" {
+  name = var.eks_cluster_id
+}
+
+provider "aws" {
+  region = "us-east-1"
+}
diff --git a/terragrunt/demo/us-east-1/env.yaml b/terragrunt/demo/us-east-1/env.yaml
index 31c9bb24..df821bd6 100644
--- a/terragrunt/demo/us-east-1/env.yaml
+++ b/terragrunt/demo/us-east-1/env.yaml
@@ -1,9 +1,9 @@
 ---
 name       : "maddevs"
 domain_name: "maddevs.org"
-environment: "demo"
+environment: "netpol"
 
-az_count   : 3
+az_count   : 2
 allowed_ips:
   - "0.0.0.0/0"
 
diff --git a/terragrunt/demo/us-east-1/k8s-addons/.terraform.lock.hcl b/terragrunt/demo/us-east-1/k8s-addons/.terraform.lock.hcl
index a0d1eeb7..3f1a7284 100644
--- a/terragrunt/demo/us-east-1/k8s-addons/.terraform.lock.hcl
+++ b/terragrunt/demo/us-east-1/k8s-addons/.terraform.lock.hcl
@@ -5,7 +5,7 @@ provider "registry.terraform.io/gavinbunney/kubectl" {
   version     = "1.14.0"
   constraints = "1.14.0"
   hashes = [
-    "h1:mX2AOFIMIxJmW5kM8DT51gloIOKCr9iT6W8yodnUyfs=",
+    "h1:ItrWfCZMzM2JmvDncihBMalNLutsAk7kyyxVRaipftY=",
     "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858",
     "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030",
     "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5",
@@ -19,137 +19,141 @@ provider "registry.terraform.io/gavinbunney/kubectl" {
 }
 
 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "4.10.0"
-  constraints = "4.10.0"
+  version     = "5.1.0"
+  constraints = "5.1.0"
   hashes = [
-    "h1:F9BjbxBhuo1A/rP318IUrkW3TAh29i6UC18qwhzCs6c=",
-    "zh:0a2a7eabfeb7dbb17b7f82aff3fa2ba51e836c15e5be4f5468ea44bd1299b48d",
-    "zh:23409c7205d13d2d68b5528e1c49e0a0455d99bbfec61eb0201142beffaa81f7",
-    "zh:3adad2245d97816f3919778b52c58fb2de130938a3e9081358bfbb72ec478d9a",
-    "zh:5bf100aba6332f24b1ffeae7536d5d489bb907bf774a06b95f2183089eaf1a1a",
-    "zh:63c3a24c0c229a1d3390e6ea2454ba4d8ace9b94e086bee1dbdcf665ae969e15",
-    "zh:6b76f5ffd920f0a750da3a4ff1d00eab18d9cd3731b009aae3df4135613bad4d",
-    "zh:8cd6b1e6b51e8e9bbe2944bb169f113d20d1d72d07ccd1b7b83f40b3c958233e",
+    "h1:iDyYmwv8q94Dvr4DRG1KBxTWPZRFkRmKGa3cjCEsPZU=",
+    "zh:0c48f157b804c1f392adb5c14b81e756c652755e358096300ea8dd1283021129",
+    "zh:1a50495a6c0e5665e51df57dac6e781ec71439b11ebf05f971b6f3a3eb4eb7b2",
+    "zh:2959ff472c05e56d59e012118dd8d55022f005534c0ae961ce81136de9f66a4d",
+    "zh:2dfda9133581b99ed6e709e89a453fd2974ce88c703d3e073ec31bf99d7508ce",
+    "zh:2f3d92cc7a6624da42cee2202f8fb23e6d38f156ab7851884d637282cb0dc709",
+    "zh:3bc2a34d09cbaf439a1815846904f070c782cd8dfd60b5e0116827cda25f7549",
+    "zh:4ef43f1a247aa8de8690ac3bbc2b00ebaf6b2872fc8d0f5130e4a8130c874b87",
+    "zh:5477cb272dcaeb0030091bcf23a9f0f33b5410e44e317e9d3d49446f545dbaa4",
+    "zh:734c8fb4c0b79c82dd757566761dda5b91ee1ef9a2b848a748ade11e0e1cc69f",
+    "zh:80346c051b677f4f018da7fe06318b87c5bd0f1ec67ce78ab33baed3bb8b031a",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:c5c31f58fb5bd6aebc6c662a4693640ec763cb3399cce0b592101cf24ece1625",
-    "zh:cc485410be43d6ad95d81b9e54cc4d2117aadf9bf5941165a9df26565d9cce42",
-    "zh:cebb89c74b6a3dc6780824b1d1e2a8d16a51e75679e14ad0b830d9f7da1a3a67",
-    "zh:e7dc427189cb491e1f96e295101964415cbf8630395ee51e396d2a811f365237",
+    "zh:a865b2f88dfee13df14116c5cf53d033d2c15855f4b59b9c65337309a928df2c",
+    "zh:c0345f266eedaece5612c1000722b302f895d1bc5af1d5a4265f0e7000ca48bb",
+    "zh:d59703c8e6a9d8b4fbd3b4583b945dfff9cb2844c762c0b3990e1cef18282279",
+    "zh:d8d04a6a6cd2dfcb23b57e551db7b15e647f6166310fb7d883d8ec67bdc9bdc8",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/external" {
-  version = "2.2.2"
+  version = "2.3.2"
   hashes = [
-    "h1:VUkgcWvCliS0HO4kt7oEQhFD2gcx/59XpwMqxfCU1kE=",
-    "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
-    "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
-    "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
-    "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
+    "h1:cy50n4q+Ir4GYppAfuYhQbBJVxMZbJUlIvM6FVK2axs=",
+    "zh:020bf652739ecd841d696e6c1b85ce7dd803e9177136df8fb03aa08b87365389",
+    "zh:0c7ea5a1cbf2e01a8627b8a84df69c93683f39fe947b288e958e72b9d12a827f",
+    "zh:25a68604c7d6aa736d6e99225051279eaac3a7cf4cab33b00ff7eae7096166f6",
+    "zh:34f46d82ca34604f6522de3b36eda19b7ad3be1e38947afc6ac31656eab58c8a",
+    "zh:6959f8f2f3de93e61e0abb90dbec41e28a66daec1607c46f43976bd6da50bcfd",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
-    "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
-    "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
-    "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
-    "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
-    "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
-    "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
+    "zh:a81e5d65a343da9caa6f1d17ae0aced9faecb36b4f8554bd445dbd4f8be21ab6",
+    "zh:b1d3f1557214d652c9120862ce27e9a7b61cb5aec5537a28240a5a37bf0b1413",
+    "zh:b71588d006471ae2d4a7eca2c51d69fd7c5dec9b088315599b794e2ad0cc5e90",
+    "zh:cfdaae4028b644dff3530c77b49d31f7e6f4c4e2a9e5c8ac6a88e383c80c9e9c",
+    "zh:dbde15154c2eb38a5f54d0e7646bc67510004179696f3cc2bc1d877cecacf83b",
+    "zh:fb681b363f83fb5f64dfa6afbf32d100d0facd2a766cf3493b8ddb0398e1b0f7",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/helm" {
-  version     = "2.5.1"
-  constraints = "2.5.1"
+  version     = "2.12.1"
+  constraints = "2.12.1"
   hashes = [
-    "h1:a9KwjqINdNy6IsEbkHUB1vwvYfy5OJ2VxFL9/NDFLoY=",
-    "zh:140b9748f0ad193a20d69e59d672f3c4eda8a56cede56a92f931bd3af020e2e9",
-    "zh:17ae319466ed6538ad49e011998bb86565fe0e97bc8b9ad7c8dda46a20f90669",
-    "zh:3a8bd723c21ba70e19f0395ed7096fc8e08bfc23366f1c3f06a9107eb37c572c",
-    "zh:3aae3b82adbe6dca52f1a1c8cf51575446e6b0f01f1b1f3b30de578c9af4a933",
-    "zh:3f65221f40148df57d2888e4f31ef3bf430b8c5af41de0db39a2b964e1826d7c",
-    "zh:650c74c4f46f5eb01df11d8392bdb7ebee3bba59ac0721000a6ad731ff0e61e2",
-    "zh:930fb8ab4cd6634472dfd6aa3123f109ef5b32cbe6ef7b4695fae6751353e83f",
-    "zh:ae57cd4b0be4b9ca252bc5d347bc925e35b0ed74d3dcdebf06c11362c1ac3436",
-    "zh:d15b1732a8602b6726eac22628b2f72f72d98b75b9c6aabceec9fd696fda696a",
-    "zh:d730ede1656bd193e2aea5302acec47c4905fe30b96f550196be4a0ed5f41936",
-    "zh:f010d4f9d8cd15936be4df12bf256cb2175ca1dedb728bd3a866c03d2ee7591f",
+    "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
+    "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
+    "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
+    "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
+    "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
+    "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
+    "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
+    "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
+    "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
+    "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
+    "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
+    "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
     "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/http" {
-  version     = "2.1.0"
-  constraints = "2.1.0"
+  version     = "3.2.1"
+  constraints = "3.2.1"
   hashes = [
-    "h1:GYoVrTtiSAE3AlP1fad3fFmHoPaXAPhm/DJyMcVCwZA=",
-    "zh:03d82dc0887d755b8406697b1d27506bc9f86f93b3e9b4d26e0679d96b802826",
-    "zh:0704d02926393ddc0cfad0b87c3d51eafeeae5f9e27cc71e193c141079244a22",
-    "zh:095ea350ea94973e043dad2394f10bca4a4bf41be775ba59d19961d39141d150",
-    "zh:0b71ac44e87d6964ace82979fc3cbb09eb876ed8f954449481bcaa969ba29cb7",
-    "zh:0e255a170db598bd1142c396cefc59712ad6d4e1b0e08a840356a371e7b73bc4",
-    "zh:67c8091cfad226218c472c04881edf236db8f2dc149dc5ada878a1cd3c1de171",
-    "zh:75df05e25d14b5101d4bc6624ac4a01bb17af0263c9e8a740e739f8938b86ee3",
-    "zh:b4e36b2c4f33fdc44bf55fa1c9bb6864b5b77822f444bd56f0be7e9476674d0e",
-    "zh:b9b36b01d2ec4771838743517bc5f24ea27976634987c6d5529ac4223e44365d",
-    "zh:ca264a916e42e221fddb98d640148b12e42116046454b39ede99a77fc52f59f4",
-    "zh:fe373b2fb2cc94777a91ecd7ac5372e699748c455f44f6ea27e494de9e5e6f92",
+    "h1:Q2YQZzEhHQVlkQCQVpMzFVs0Gg+eXzISbOwaOYqpflc=",
+    "zh:088b3b3128034485e11dff8da16e857d316fbefeaaf5bef24cceda34c6980641",
+    "zh:09ed1f2462ea4590b112e048c4af556f0b6eafc7cf2c75bb2ac21cd87ca59377",
+    "zh:39c6b0b4d3f0f65e783c467d3f634e2394820b8aef907fcc24493f21dcf73ca3",
+    "zh:47aab45327daecd33158a36c1a36004180a518bf1620cdd5cfc5e1fe77d5a86f",
+    "zh:4d70a990aa48116ab6f194eef393082c21cf58bece933b63575c63c1d2b66818",
+    "zh:65470c43fda950c7e9ac89417303c470146de984201fff6ef84299ea29e02d30",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:842b4dd63e438f5cd5fdfba1c09b8fdf268e8766e6690988ee24e8b25bfd9e8d",
+    "zh:a167a057f7e2d80c78d4b4057538588131fceb983d5c93b07675ad9eb1aa5790",
+    "zh:d0ba69b62b6db788cfe3cf8f7dc6e9a0eabe2927dc119d7fe3fe6573ee559e66",
+    "zh:e28d24c1d5ff24b1d1cc6f0074a1f41a6974f473f4ff7a37e55c7b6dca68308a",
+    "zh:fde8a50554960e5366fd0e1ca330a7c1d24ae6bbb2888137a5c83d83ce14fd18",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/kubernetes" {
-  version     = "2.10.0"
-  constraints = "2.10.0"
+  version     = "2.19.0"
+  constraints = "2.19.0"
   hashes = [
-    "h1:v+xmcw54lMETOlhKPO61AlbxGB0OU8BphMfOO62e0Uo=",
-    "zh:0b011e77f02bc05194062c0a39f321a4f1bea0bae61787b0c1f5808f6efb2a26",
-    "zh:288ad46e240c5d1218909a9100ca8bd2197c8615558bbe7b393ba35877d5e4f0",
-    "zh:3e5554791ed103b6190efebe332fd3722796e6a59cf081f87ef1debb4e0b6ae3",
-    "zh:98e42cb48624be7eb2e16b5d8fc5044d7207943b6d13905bc3d3c006aa231cc7",
-    "zh:b1c800fd3971051d9deb4824f933e506ae288458e425be8ea449c9d40c7b0663",
-    "zh:bca1802585ecbc36bfcc700b6fa7c6ff96b2b8c4aca23c58df939a5002a05b4d",
-    "zh:c2f6bf46cd95d00f2bb1634afff92eeb269d27d83eea80b8cfceca1afdcd3033",
-    "zh:d2ccfbf3a9bf2ede8be6242c023173efd85a882cd3956a941f140c5718047412",
-    "zh:da19cd4a124f4ffc092e19f5b7a10ac4cce98db40cf855ea0d4a682f3df83a1f",
-    "zh:e3a2020453a86f80ad2b3f792e91a35fe272b907485a59c02d19269a1bdfe2fd",
-    "zh:f0659ca86e0dc0dd76b7f4497db8e58144ee9f0943b6d14dc57193d25ee22ced",
+    "h1:ID/u9YOv00w+Z8iG+592oyuV7HcqRmPiZpEC9hnyTMY=",
+    "zh:028d346460de2d1d19b4c863dfc36be51c7bcd97d372b54a3a946bcb19f3f613",
+    "zh:391d0b38c455437d0a2ab1beb6ce6e1230aa4160bbae11c58b2810b258b44280",
+    "zh:40ea742f91b67f66e71d7091cfd40cc604528c4947651924bd6d8bd8d9793708",
+    "zh:48a99d341c8ba3cadaafa7cb99c0f11999f5e23f5cfb0f8469b4e352d9116e74",
+    "zh:4a5ade940eff267cbf7dcd52c1a7ac3999e7cc24996a409bd8b37bdb48a97f02",
+    "zh:5063742016a8249a4be057b9cc0ef24a684ec76d0ae5463d4b07e9b2d21e047e",
+    "zh:5d36b3a5662f840a6788f5e2a19d02139e87318feb3c5d82c7d076be1366fec4",
+    "zh:75edd9960cb30e54ef7de1b7df2761a274f17d4d41f54e72f86b43f41af3eb6d",
+    "zh:b85cadef3e6f25f1a10a617472bf5e8449decd61626733a1bc723de5edc08f64",
+    "zh:dc565b17b4ea6dde6bd1b92bc37e5e850fcbf9400540eec00ad3d9552a76ac2e",
+    "zh:deb665cc2123f2701aa3d653987b2ca35fb035a08a76a2382efb215c209f19a5",
     "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/random" {
-  version = "3.1.3"
+  version = "3.6.0"
   hashes = [
-    "h1:7+wnAXQM7IpNEAQ6WZXdO0ZfQW/ncQFXYJ5T2KaR+Z8=",
-    "zh:26e07aa32e403303fc212a4367b4d67188ac965c37a9812e07acee1470687a73",
-    "zh:27386f48e9c9d849fbb5a8828d461fde35e71f6b6c9fc235bc4ae8403eb9c92d",
-    "zh:5f4edda4c94240297bbd9b83618fd362348cadf6bf24ea65ea0e1844d7ccedc0",
-    "zh:646313a907126cd5e69f6a9fafe816e9154fccdc04541e06fed02bb3a8fa2d2e",
-    "zh:7349692932a5d462f8dee1500ab60401594dddb94e9aa6bf6c4c0bd53e91bbb8",
+    "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=",
+    "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d",
+    "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211",
+    "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829",
+    "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d",
+    "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:9034daba8d9b32b35930d168f363af04cecb153d5849a7e4a5966c97c5dc956e",
-    "zh:bb81dfca59ef5f949ef39f19ea4f4de25479907abc28cdaa36d12ecd7c0a9699",
-    "zh:bcf7806b99b4c248439ae02c8e21f77aff9fadbc019ce619b929eef09d1221bb",
-    "zh:d708e14d169e61f326535dd08eecd3811cd4942555a6f8efabc37dbff9c6fc61",
-    "zh:dc294e19a46e1cefb9e557a7b789c8dd8f319beca99b8c265181bc633dc434cc",
-    "zh:f9d758ee53c55dc016dd736427b6b0c3c8eb4d0dbbc785b6a3579b0ffedd9e42",
+    "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17",
+    "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21",
+    "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839",
+    "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0",
+    "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c",
+    "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/tls" {
-  version = "3.3.0"
+  version = "4.0.5"
   hashes = [
-    "h1:A4xOtHhD4jCmn4nO1xCTk2Nl5IP5JpjicjF+Fuu2ZFQ=",
-    "zh:16140e8cc880f95b642b6bf6564f4e98760e9991864aacc8e21273423571e561",
-    "zh:16338b8457759c97fdd73153965d6063b037f2954fd512e569fcdc42b7fef743",
-    "zh:348bd44b7cd0c6d663bba36cecb474c17635a8f22b02187d034b8e57a8729c5a",
-    "zh:3832ac73c2335c0fac26138bacbd18160efaa3f06c562869acc129e814e27f86",
-    "zh:756d1e60690d0164eee9c93b498b4c8beabbfc1d8b7346cb6d2fa719055089d6",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:93b911bcddba8dadc5339edb004c8019c230ea67477c73c4f741c236dd9511b1",
-    "zh:c0c4e5742e8ac004c507540423db52af3f44b8ec04443aa8e14669340819344f",
-    "zh:c78296a1dff8ccd5d50203aac353422fc18d425072ba947c88cf5b46de7d32d2",
-    "zh:d7143f444e0f7e6cd67fcaf080398b4f1487cf05de3e0e79af6c14e22812e38b",
-    "zh:e600ac76b118816ad72132eee4c22ab5fc044f67c3babc54537e1fc1ad53d295",
-    "zh:fca07af5f591e12d2dc178a550da69a4847bdb34f8180a5b8e04fde6b528cf99",
+    "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=",
+    "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e",
+    "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32",
+    "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b",
+    "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a",
+    "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a",
+    "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e",
+    "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc",
+    "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9",
+    "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4",
+    "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8",
+    "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
diff --git a/terragrunt/demo/us-east-1/karpenter/.terraform.lock.hcl b/terragrunt/demo/us-east-1/karpenter/.terraform.lock.hcl
new file mode 100644
index 00000000..1c2f7da8
--- /dev/null
+++ b/terragrunt/demo/us-east-1/karpenter/.terraform.lock.hcl
@@ -0,0 +1,82 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/gavinbunney/kubectl" {
+  version     = "1.14.0"
+  constraints = "1.14.0"
+  hashes = [
+    "h1:ItrWfCZMzM2JmvDncihBMalNLutsAk7kyyxVRaipftY=",
+    "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858",
+    "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030",
+    "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5",
+    "zh:39f1a0aa1d589a7e815b62b5aa11041040903b061672c4cfc7de38622866cbc4",
+    "zh:428d3a321043b78e23c91a8d641f2d08d6b97f74c195c654f04d2c455e017de5",
+    "zh:4baf5b1de2dfe9968cc0f57fd4be5a741deb5b34ee0989519267697af5f3eee5",
+    "zh:6131a927f9dffa014ab5ca5364ac965fe9b19830d2bbf916a5b2865b956fdfcf",
+    "zh:c62e0c9fd052cbf68c5c2612af4f6408c61c7e37b615dc347918d2442dd05e93",
+    "zh:f0beffd7ce78f49ead612e4b1aefb7cb6a461d040428f514f4f9cc4e5698ac65",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.1.0"
+  constraints = ">= 4.47.0, 5.1.0"
+  hashes = [
+    "h1:iDyYmwv8q94Dvr4DRG1KBxTWPZRFkRmKGa3cjCEsPZU=",
+    "zh:0c48f157b804c1f392adb5c14b81e756c652755e358096300ea8dd1283021129",
+    "zh:1a50495a6c0e5665e51df57dac6e781ec71439b11ebf05f971b6f3a3eb4eb7b2",
+    "zh:2959ff472c05e56d59e012118dd8d55022f005534c0ae961ce81136de9f66a4d",
+    "zh:2dfda9133581b99ed6e709e89a453fd2974ce88c703d3e073ec31bf99d7508ce",
+    "zh:2f3d92cc7a6624da42cee2202f8fb23e6d38f156ab7851884d637282cb0dc709",
+    "zh:3bc2a34d09cbaf439a1815846904f070c782cd8dfd60b5e0116827cda25f7549",
+    "zh:4ef43f1a247aa8de8690ac3bbc2b00ebaf6b2872fc8d0f5130e4a8130c874b87",
+    "zh:5477cb272dcaeb0030091bcf23a9f0f33b5410e44e317e9d3d49446f545dbaa4",
+    "zh:734c8fb4c0b79c82dd757566761dda5b91ee1ef9a2b848a748ade11e0e1cc69f",
+    "zh:80346c051b677f4f018da7fe06318b87c5bd0f1ec67ce78ab33baed3bb8b031a",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a865b2f88dfee13df14116c5cf53d033d2c15855f4b59b9c65337309a928df2c",
+    "zh:c0345f266eedaece5612c1000722b302f895d1bc5af1d5a4265f0e7000ca48bb",
+    "zh:d59703c8e6a9d8b4fbd3b4583b945dfff9cb2844c762c0b3990e1cef18282279",
+    "zh:d8d04a6a6cd2dfcb23b57e551db7b15e647f6166310fb7d883d8ec67bdc9bdc8",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version     = "2.12.1"
+  constraints = "2.12.1"
+  hashes = [
+    "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
+    "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
+    "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
+    "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
+    "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
+    "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
+    "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
+    "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
+    "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
+    "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
+    "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
+    "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version     = "2.19.0"
+  constraints = "2.19.0"
+  hashes = [
+    "h1:ID/u9YOv00w+Z8iG+592oyuV7HcqRmPiZpEC9hnyTMY=",
+    "zh:028d346460de2d1d19b4c863dfc36be51c7bcd97d372b54a3a946bcb19f3f613",
+    "zh:391d0b38c455437d0a2ab1beb6ce6e1230aa4160bbae11c58b2810b258b44280",
+    "zh:40ea742f91b67f66e71d7091cfd40cc604528c4947651924bd6d8bd8d9793708",
+    "zh:48a99d341c8ba3cadaafa7cb99c0f11999f5e23f5cfb0f8469b4e352d9116e74",
+    "zh:4a5ade940eff267cbf7dcd52c1a7ac3999e7cc24996a409bd8b37bdb48a97f02",
+    "zh:5063742016a8249a4be057b9cc0ef24a684ec76d0ae5463d4b07e9b2d21e047e",
+    "zh:5d36b3a5662f840a6788f5e2a19d02139e87318feb3c5d82c7d076be1366fec4",
+    "zh:75edd9960cb30e54ef7de1b7df2761a274f17d4d41f54e72f86b43f41af3eb6d",
+    "zh:b85cadef3e6f25f1a10a617472bf5e8449decd61626733a1bc723de5edc08f64",
+    "zh:dc565b17b4ea6dde6bd1b92bc37e5e850fcbf9400540eec00ad3d9552a76ac2e",
+    "zh:deb665cc2123f2701aa3d653987b2ca35fb035a08a76a2382efb215c209f19a5",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/terragrunt/demo/us-east-1/karpenter/terragrunt.hcl b/terragrunt/demo/us-east-1/karpenter/terragrunt.hcl
new file mode 100644
index 00000000..953a2462
--- /dev/null
+++ b/terragrunt/demo/us-east-1/karpenter/terragrunt.hcl
@@ -0,0 +1,167 @@
+include "root" {
+  path           = find_in_parent_folders()
+  expose         = true
+  merge_strategy = "deep"
+}
+
+include "env" {
+  path           = find_in_parent_folders("env.hcl")
+  expose         = true
+  merge_strategy = "deep"
+}
+
+terraform {
+  source = "${get_terragrunt_dir()}/../../../../terraform//modules/karpenter"
+}
+
+dependencies {
+  paths = ["../aws-base"]
+}
+
+dependency "aws-base" {
+  config_path = "../aws-base"
+
+  mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
+
+  mock_outputs = {
+    eks_cluster_id                   = "maddevs-demo-use1"
+    eks_oidc_provider_arn            = "arn:aws:iam::731118884724:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/D55EEBDFE5510B81EEE2381B88888888"
+    eks_cluster_endpoint             = "https://D55EEBDFE5510B81EEE2381B88888888.gr7.us-east-1.eks.amazonaws.com"
+    node_group_default_iam_role_arn  = "arn:aws:iam::731118884724:role/maddevs-demo-use1-default-202312210752134060000000a"
+    node_group_default_iam_role_name = "test"
+  }
+}
+
+inputs = {
+  eks_cluster_id                  = dependency.aws-base.outputs.eks_cluster_id
+  eks_oidc_provider_arn           = dependency.aws-base.outputs.eks_oidc_provider_arn
+  eks_cluster_endpoint            = dependency.aws-base.outputs.eks_cluster_endpoint
+  node_group_default_iam_role_arn = dependency.aws-base.outputs.node_group_default_iam_role_arn
+  kubectl_manifests = {
+    default_ec2class = <<EOF
+apiVersion: karpenter.k8s.aws/v1beta1
+kind: EC2NodeClass
+metadata:
+  name: default
+  namespace: karpenter
+spec:
+  amiFamily: AL2 # Amazon Linux 2
+  role: ${dependency.aws-base.outputs.node_group_default_iam_role_name} # replace with your cluster name NODE ROLE ID from the aws-base
+  subnetSelectorTerms:
+    - tags:
+        destination: "private" # replace with your cluster name
+        Name: "${dependency.aws-base.outputs.eks_cluster_id}-private"
+  securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: ${dependency.aws-base.outputs.eks_cluster_id} # replace with your cluster name
+  tags:
+    karpenter.sh/discovery: ${dependency.aws-base.outputs.eks_cluster_id}
+EOF
+
+    default_nodepool = <<EOF
+apiVersion: karpenter.sh/v1beta1
+kind: NodePool
+metadata:
+  name: default
+  namespace: karpenter
+spec:
+  # Template section that describes how to template out NodeClaim resources that Karpenter will provision
+  # Karpenter will consider this template to be the minimum requirements needed to provision a Node using this NodePool
+  # It will overlay this NodePool with Pods that need to schedule to further constrain the NodeClaims
+  # Karpenter will provision to launch new Nodes for the cluster
+  template:
+    metadata:
+      # Labels are arbitrary key-values that are applied to all nodes
+      labels:
+        type: default
+
+      # # Annotations are arbitrary key-values that are applied to all nodes
+      # annotations:
+      #   example.com/owner: "my-team"
+    spec:
+      # References the Cloud Provider's NodeClass resource, see your cloud provider specific documentation
+      nodeClassRef:
+        name: default
+
+      # Provisioned nodes will have these taints
+      # Taints may prevent pods from scheduling if they are not tolerated by the pod.
+      # taints:
+      #   - key: example.com/special-taint
+      #     effect: NoSchedule
+
+      # Provisioned nodes will have these taints, but pods do not need to tolerate these taints to be provisioned by this
+      # NodePool. These taints are expected to be temporary and some other entity (e.g. a DaemonSet) is responsible for
+      # removing the taint after it has finished initializing the node.
+      # startupTaints:
+      #   - key: example.com/another-taint
+      #     effect: NoSchedule
+
+      # Requirements that constrain the parameters of provisioned nodes.
+      # These requirements are combined with pod.spec.topologySpreadConstraints, pod.spec.affinity.nodeAffinity, pod.spec.affinity.podAffinity, and pod.spec.nodeSelector rules.
+      # Operators { In, NotIn, Exists, DoesNotExist, Gt, and Lt } are supported.
+      # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators
+      requirements:
+        - key: "karpenter.k8s.aws/instance-category"
+          operator: In
+          values: ["t", "m", "c"]
+        - key: "karpenter.k8s.aws/instance-cpu"
+          operator: In
+          values: ["2", "4", "8"]
+        - key: "karpenter.k8s.aws/instance-hypervisor"
+          operator: In
+          values: ["nitro"]
+        - key: "karpenter.k8s.aws/instance-generation"
+          operator: Gt
+          values: ["3"]
+        - key: "kubernetes.io/arch"
+          operator: In
+          values: ["amd64"]
+        - key: "karpenter.sh/capacity-type"
+          operator: In
+          values: ["spot", "on-demand"]
+
+      # Karpenter provides the ability to specify a few additional Kubelet args.
+      # These are all optional and provide support for additional customization and use cases.
+      kubelet:
+        systemReserved:
+          cpu: 100m
+          memory: 100Mi
+          ephemeral-storage: 1Gi
+        kubeReserved:
+          cpu: 200m
+          memory: 100Mi
+          ephemeral-storage: 3Gi
+        evictionMaxPodGracePeriod: 60
+        imageGCHighThresholdPercent: 85
+        imageGCLowThresholdPercent: 80
+        cpuCFSQuota: true
+
+  # Disruption section which describes the ways in which Karpenter can disrupt and replace Nodes
+  # Configuration in this section constrains how aggressive Karpenter can be with performing operations
+  # like rolling Nodes due to them hitting their maximum lifetime (expiry) or scaling down nodes to reduce cluster cost
+  disruption:
+    # Describes which types of Nodes Karpenter should consider for consolidation
+    # If using 'WhenUnderutilized', Karpenter will consider all nodes for consolidation and attempt to remove or replace Nodes when it discovers that the Node is underutilized and could be changed to reduce cost
+    # If using `WhenEmpty`, Karpenter will only consider nodes for consolidation that contain no workload pods
+    consolidationPolicy: WhenUnderutilized
+
+    # The amount of time a Node can live on the cluster before being removed
+    # Avoiding long-running Nodes helps to reduce security vulnerabilities as well as to reduce the chance of issues that can plague Nodes with long uptimes such as file fragmentation or memory leaks from system processes
+    # You can choose to disable expiration entirely by setting the string value 'Never' here
+    expireAfter: 720h
+
+  # Resource limits constrain the total size of the cluster.
+  # Limits prevent Karpenter from creating new instances once the limit is exceeded.
+  limits:
+    cpu: "1000"
+    memory: 1000Gi
+
+EOF
+  }
+}
+
+generate "provider-local" {
+  path      = "provider-local.tf"
+  if_exists = "overwrite"
+  contents  = file("../eks-providers.tf")
+}
diff --git a/terragrunt/terragrunt.hcl b/terragrunt/terragrunt.hcl
index 4c3ed764..19c5c3d5 100644
--- a/terragrunt/terragrunt.hcl
+++ b/terragrunt/terragrunt.hcl
@@ -24,3 +24,30 @@ remote_state {
     skip_credentials_validation = true
   }
 }
+
+generate "provider" {
+  path      = "provider_override.tf"
+  if_exists = "overwrite"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.1.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.19.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.12.1"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = "1.14.0"
+    }
+  }
+}
+EOF
+}
\ No newline at end of file