@@ -14,9 +14,6 @@ It provides the following resources:
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.1.0 |
| [aws](#requirement\_aws) | >= 5.0.0 |
-| [helm](#requirement\_helm) | >= 2.4.1 |
-| [kubectl](#requirement\_kubectl) | >= 2.0.3 |
-| [kubernetes](#requirement\_kubernetes) | >= 2.10 |
## Providers
@@ -28,15 +25,17 @@ It provides the following resources:
| Name | Source | Version |
|------|--------|---------|
-| [helm\_addon](#module\_helm\_addon) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.32.1 |
+| [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | v5.33.0 |
## Resources
| Name | Type |
|------|------|
+| [aws_eks_addon.amazon_cloudwatch_observability](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
+| [aws_iam_service_linked_role.application_signals_cw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_service_linked_role) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_eks_addon_version.eks_addon_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
| [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
-| [aws_iam_policy.irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
@@ -44,15 +43,14 @@ It provides the following resources:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [adot\_otel\_helm\_chart\_verison](#input\_adot\_otel\_helm\_chart\_verison) | ADOT collector helm chart version | `string` | `"0.17.0"` | no |
-| [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
-| [helm\_config](#input\_helm\_config) | Helm provider config for adot-exporter-for-eks-on-ec2 | `any` | `{}` | no |
-| [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `null` | no |
-| [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
-| [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-| [service\_exporters](#input\_service\_exporters) | exporter for adot-ci setup | `string` | `"awsemf"` | no |
-| [service\_receivers](#input\_service\_receivers) | receiver for adot-ci setup | `string` | `"awscontainerinsightreceiver"` | no |
+| [addon\_config](#input\_addon\_config) | Amazon EKS Managed CloudWatch Observability Add-on config | `any` | `{}` | no |
+| [create\_cloudwatch\_application\_signals\_role](#input\_create\_cloudwatch\_application\_signals\_role) | Create a Cloudwatch Application Signals service-linked role | `bool` | `true` | no |
+| [create\_cloudwatch\_observability\_irsa\_role](#input\_create\_cloudwatch\_observability\_irsa\_role) | Create a Cloudwatch Observability IRSA | `bool` | `true` | no |
+| [eks\_cluster\_id](#input\_eks\_cluster\_id) | Name of the EKS cluster | `string` | `"eks-cw"` | no |
+| [eks\_oidc\_provider\_arn](#input\_eks\_oidc\_provider\_arn) | The OIDC Provider ARN of AWS EKS cluster | `string` | `""` | no |
+| [enable\_amazon\_eks\_cw\_observability](#input\_enable\_amazon\_eks\_cw\_observability) | Enable Amazon EKS CloudWatch Observability add-on | `bool` | `true` | no |
+| [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version | `string` | `"1.28"` | no |
+| [most\_recent](#input\_most\_recent) | Determines if the most recent or default version of the addon should be returned. | `bool` | `false` | no |
| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
## Outputs
diff --git a/modules/eks-container-insights/data.tf b/modules/eks-container-insights/data.tf
new file mode 100644
index 00000000..89c9d09a
--- /dev/null
+++ b/modules/eks-container-insights/data.tf
@@ -0,0 +1,7 @@
+data "aws_partition" "current" {}
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+data "aws_eks_cluster" "eks_cluster" {
+ name = var.eks_cluster_id
+}
diff --git a/modules/eks-container-insights/locals.tf b/modules/eks-container-insights/locals.tf
index 3246dbec..98e169c9 100644
--- a/modules/eks-container-insights/locals.tf
+++ b/modules/eks-container-insights/locals.tf
@@ -1,77 +1,14 @@
-data "aws_partition" "current" {}
-
-data "aws_caller_identity" "current" {}
-
-data "aws_region" "current" {}
-
-data "aws_eks_cluster" "eks_cluster" {
- name = var.eks_cluster_id
-}
-
-data "aws_iam_policy" "irsa" {
- arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
-}
-
locals {
- name = "adot-exporter-for-eks-on-ec2"
- service_account = try(var.helm_config.service_account, "${local.name}-sa")
-
- set_values = [
- {
- name = "serviceAccount.name"
- value = local.service_account
- },
- {
- name = "serviceAccount.create"
- value = false
- }
- ]
- # https://github.com/aws-observability/aws-otel-helm-charts/tree/main/charts/adot-exporter-for-eks-on-ec2
- default_helm_config = {
- name = local.name
- chart = "adot-exporter-for-eks-on-ec2"
- repository = "https://aws-observability.github.io/aws-otel-helm-charts"
- version = var.adot_otel_helm_chart_verison
- namespace = "amazon-metrics"
- values = local.default_helm_values
- description = "ADOT Helm Chart Deployment Configuration for Container Insights"
- }
-
- helm_config = merge(
- local.default_helm_config,
- var.helm_config
- )
-
- default_helm_values = [templatefile("${path.module}/values.yaml", {
- aws_region = local.addon_context.aws_region_name
- cluster_name = local.addon_context.eks_cluster_id
- service_receivers = format("[\"%s\"]", var.service_receivers)
- service_exporters = format("[\"%s\"]", var.service_exporters)
- service_account = local.service_account
- })]
-
- irsa_config = {
- kubernetes_namespace = local.helm_config["namespace"]
- kubernetes_service_account = local.service_account
- create_kubernetes_namespace = try(local.helm_config["create_namespace"], true)
- create_kubernetes_service_account = true
- create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
- irsa_iam_policies = concat([data.aws_iam_policy.irsa.arn], var.irsa_policies)
- }
-
+ kubernetes_version = var.kubernetes_version
eks_oidc_issuer_url = replace(data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer, "https://", "")
addon_context = {
aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
aws_caller_identity_arn = data.aws_caller_identity.current.arn
- aws_eks_cluster_endpoint = data.aws_eks_cluster.eks_cluster.endpoint
aws_partition_id = data.aws_partition.current.partition
aws_region_name = data.aws_region.current.name
- eks_cluster_id = var.eks_cluster_id
- eks_oidc_issuer_url = replace(data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer, "https://", "")
eks_oidc_provider_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.eks_oidc_issuer_url}"
+ eks_cluster_id = data.aws_eks_cluster.eks_cluster.id
tags = var.tags
- irsa_iam_role_path = var.irsa_iam_role_path
- irsa_iam_permissions_boundary = var.irsa_iam_permissions_boundary
}
}
diff --git a/modules/eks-container-insights/main.tf b/modules/eks-container-insights/main.tf
index d4c11538..e48c1cee 100644
--- a/modules/eks-container-insights/main.tf
+++ b/modules/eks-container-insights/main.tf
@@ -1,30 +1,47 @@
-provider "kubernetes" {
- host = data.aws_eks_cluster.eks_cluster.endpoint
- cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks_cluster.certificate_authority[0].data)
- exec {
- api_version = "client.authentication.k8s.io/v1beta1"
- args = ["eks", "get-token", "--cluster-name", local.addon_context.eks_cluster_id]
- command = "aws"
- }
+locals {
+ name = "amazon-cloudwatch-observability"
}
-provider "helm" {
- kubernetes {
- host = data.aws_eks_cluster.eks_cluster.endpoint
- cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks_cluster.certificate_authority[0].data)
- exec {
- api_version = "client.authentication.k8s.io/v1beta1"
- args = ["eks", "get-token", "--cluster-name", local.addon_context.eks_cluster_id]
- command = "aws"
+module "cloudwatch_observability_irsa_role" {
+ count = var.create_cloudwatch_observability_irsa_role ? 1 : 0
+
+ source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+ version = "v5.33.0"
+ role_name = "cloudwatch-observability"
+ attach_cloudwatch_observability_policy = true
+
+ oidc_providers = {
+ ex = {
+ provider_arn = var.eks_oidc_provider_arn
+ namespace_service_accounts = ["amazon-cloudwatch:cloudwatch-agent"]
}
}
}
-module "helm_addon" {
- source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v4.32.1"
- manage_via_gitops = var.manage_via_gitops
- set_values = local.set_values
- helm_config = local.helm_config
- irsa_config = local.irsa_config
- addon_context = local.addon_context
+data "aws_eks_addon_version" "eks_addon_version" {
+ addon_name = local.name
+ kubernetes_version = try(var.addon_config.kubernetes_version, var.kubernetes_version)
+ most_recent = try(var.addon_config.most_recent, true)
+}
+
+resource "aws_eks_addon" "amazon_cloudwatch_observability" {
+ count = var.enable_amazon_eks_cw_observability ? 1 : 0
+
+ cluster_name = var.eks_cluster_id
+ addon_name = local.name
+ addon_version = try(var.addon_config.addon_version, data.aws_eks_addon_version.eks_addon_version.version)
+ resolve_conflicts_on_create = try(var.addon_config.resolve_conflicts_on_create, "OVERWRITE")
+ service_account_role_arn = try(module.cloudwatch_observability_irsa_role[0].iam_role_arn, null)
+ preserve = try(var.addon_config.preserve, true)
+ configuration_values = try(var.addon_config.configuration_values, null)
+
+ tags = merge(
+ # var.addon_context.tags,
+ try(var.addon_config.tags, {})
+ )
+}
+
+resource "aws_iam_service_linked_role" "application_signals_cw" {
+ count = var.create_cloudwatch_application_signals_role ? 1 : 0
+ aws_service_name = "application-signals.cloudwatch.amazonaws.com"
}
diff --git a/modules/eks-container-insights/values.yaml b/modules/eks-container-insights/values.yaml
deleted file mode 100644
index d6a22ae9..00000000
--- a/modules/eks-container-insights/values.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-awsRegion: ${aws_region}
-clusterName: ${cluster_name}
-
-
-adotCollector:
- daemonSet:
- serviceAccount:
- create: false
- name: ${service_account}
- createNamespace: false
- extensions:
- sigv4auth:
- region: ${aws_region}
- service:
- metrics:
- receivers: ${service_receivers}
- exporters: ${service_exporters}
- sidecar:
- regionS3: ${aws_region}
diff --git a/modules/eks-container-insights/variables.tf b/modules/eks-container-insights/variables.tf
index 039a7bd5..94c85b0c 100644
--- a/modules/eks-container-insights/variables.tf
+++ b/modules/eks-container-insights/variables.tf
@@ -1,42 +1,49 @@
-variable "helm_config" {
- description = "Helm provider config for adot-exporter-for-eks-on-ec2"
- type = any
- default = {}
+variable "eks_cluster_id" {
+ description = "Name of the EKS cluster"
+ default = "eks-cw"
+ type = string
}
-variable "manage_via_gitops" {
+variable "enable_amazon_eks_cw_observability" {
+ description = "Enable Amazon EKS CloudWatch Observability add-on"
type = bool
- description = "Determines if the add-on should be managed via GitOps."
- default = false
+ default = true
}
-variable "service_receivers" {
- type = string
- description = "receiver for adot-ci setup"
- default = "awscontainerinsightreceiver"
+variable "addon_config" {
+ description = "Amazon EKS Managed CloudWatch Observability Add-on config"
+ type = any
+ default = {}
}
-variable "service_exporters" {
+variable "kubernetes_version" {
+ description = "Kubernetes version"
type = string
- description = "exporter for adot-ci setup"
- default = "awsemf"
+ default = "1.28"
}
-variable "irsa_policies" {
- description = "Additional IAM policies for a IAM role for service accounts"
- type = list(string)
- default = []
+variable "most_recent" {
+ description = "Determines if the most recent or default version of the addon should be returned."
+ type = bool
+ default = false
}
-variable "eks_cluster_id" {
- description = "EKS Cluster Id"
+variable "eks_oidc_provider_arn" {
+ description = "The OIDC Provider ARN of AWS EKS cluster"
type = string
+ default = ""
}
-variable "adot_otel_helm_chart_verison" {
- description = "ADOT collector helm chart version"
- type = string
- default = "0.17.0"
+variable "create_cloudwatch_observability_irsa_role" {
+ type = bool
+ default = true
+ description = "Create a Cloudwatch Observability IRSA"
+}
+
+variable "create_cloudwatch_application_signals_role" {
+ type = bool
+ default = true
+ description = "Create a Cloudwatch Application Signals service-linked role"
}
variable "tags" {
@@ -44,15 +51,3 @@ variable "tags" {
type = map(string)
default = {}
}
-
-variable "irsa_iam_role_path" {
- description = "IAM role path for IRSA roles"
- type = string
- default = "/"
-}
-
-variable "irsa_iam_permissions_boundary" {
- description = "IAM permissions boundary for IRSA roles"
- type = string
- default = null
-}
diff --git a/modules/eks-container-insights/versions.tf b/modules/eks-container-insights/versions.tf
index ea7a421f..e426124f 100644
--- a/modules/eks-container-insights/versions.tf
+++ b/modules/eks-container-insights/versions.tf
@@ -6,17 +6,5 @@ terraform {
source = "hashicorp/aws"
version = ">= 5.0.0"
}
- kubernetes = {
- source = "hashicorp/kubernetes"
- version = ">= 2.10"
- }
- kubectl = {
- source = "alekc/kubectl"
- version = ">= 2.0.3"
- }
- helm = {
- source = "hashicorp/helm"
- version = ">= 2.4.1"
- }
}
}
diff --git a/modules/eks-monitoring/README.md b/modules/eks-monitoring/README.md
index 9669105b..f8a67f13 100644
--- a/modules/eks-monitoring/README.md
+++ b/modules/eks-monitoring/README.md
@@ -51,6 +51,7 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this
|------|------|
| [aws_prometheus_rule_group_namespace.alerting_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/prometheus_rule_group_namespace) | resource |
| [aws_prometheus_rule_group_namespace.recording_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/prometheus_rule_group_namespace) | resource |
+| [aws_prometheus_workspace.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/prometheus_workspace) | resource |
| [helm_release.fluxcd](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.grafana_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.kube_state_metrics](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -60,6 +61,7 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this
| [kubectl_manifest.flux_gitrepository](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.flux_kustomization](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.kubeproxy_monitoring_dashboard](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.nvidia_monitoring_dashboards](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
@@ -76,6 +78,7 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this
| [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
| [enable\_adotcollector\_metrics](#input\_enable\_adotcollector\_metrics) | Enables collection of ADOT collector metrics | `bool` | `true` | no |
| [enable\_alerting\_rules](#input\_enable\_alerting\_rules) | Enables or disables Managed Prometheus alerting rules | `bool` | `true` | no |
+| [enable\_alertmanager](#input\_enable\_alertmanager) | Creates Amazon Managed Service for Prometheus AlertManager for all workloads | `bool` | `false` | no |
| [enable\_amazon\_eks\_adot](#input\_enable\_amazon\_eks\_adot) | Enables the ADOT Operator on the EKS Cluster | `bool` | `true` | no |
| [enable\_apiserver\_monitoring](#input\_enable\_apiserver\_monitoring) | Enable EKS kube-apiserver monitoring, alerting and dashboards | `bool` | `true` | no |
| [enable\_cert\_manager](#input\_enable\_cert\_manager) | Allow reusing an existing installation of cert-manager | `bool` | `true` | no |
@@ -88,8 +91,10 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this
| [enable\_java](#input\_enable\_java) | Enable Java workloads monitoring, alerting and default dashboards | `bool` | `false` | no |
| [enable\_kube\_state\_metrics](#input\_enable\_kube\_state\_metrics) | Enables or disables Kube State metrics exporter. Disabling this might affect some data in the dashboards | `bool` | `true` | no |
| [enable\_logs](#input\_enable\_logs) | Using AWS For FluentBit to collect cluster and application logs to Amazon CloudWatch | `bool` | `true` | no |
+| [enable\_managed\_prometheus](#input\_enable\_managed\_prometheus) | Creates a new Amazon Managed Service for Prometheus Workspace | `bool` | `true` | no |
| [enable\_nginx](#input\_enable\_nginx) | Enable NGINX workloads monitoring, alerting and default dashboards | `bool` | `false` | no |
| [enable\_node\_exporter](#input\_enable\_node\_exporter) | Enables or disables Node exporter. Disabling this might affect some data in the dashboards | `bool` | `true` | no |
+| [enable\_nvidia\_monitoring](#input\_enable\_nvidia\_monitoring) | Enables monitoring of nvidia metrics | `bool` | `true` | no |
| [enable\_recording\_rules](#input\_enable\_recording\_rules) | Enables or disables Managed Prometheus recording rules | `bool` | `true` | no |
| [enable\_tracing](#input\_enable\_tracing) | Enables tracing with OTLP traces receiver to X-Ray | `bool` | `true` | no |
| [flux\_config](#input\_flux\_config) | FluxCD configuration | object({
create_namespace = bool
k8s_namespace = string
helm_chart_name = string
helm_chart_version = string
helm_release_name = string
helm_repo_url = string
helm_settings = map(string)
helm_values = map(any)
})
| {
"create_namespace": true,
"helm_chart_name": "flux2",
"helm_chart_version": "2.12.2",
"helm_release_name": "observability-fluxcd-addon",
"helm_repo_url": "https://fluxcd-community.github.io/helm-charts",
"helm_settings": {},
"helm_values": {},
"k8s_namespace": "flux-system"
}
| no |
@@ -126,6 +131,7 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this
| [managed\_prometheus\_workspace\_region](#input\_managed\_prometheus\_workspace\_region) | Amazon Managed Prometheus Workspace's Region | `string` | `null` | no |
| [ne\_config](#input\_ne\_config) | Node exporter configuration | object({
create_namespace = bool
k8s_namespace = string
helm_chart_name = string
helm_chart_version = string
helm_release_name = string
helm_repo_url = string
helm_settings = map(string)
helm_values = map(any)
scrape_interval = string
scrape_timeout = string
})
| {
"create_namespace": true,
"helm_chart_name": "prometheus-node-exporter",
"helm_chart_version": "4.24.0",
"helm_release_name": "prometheus-node-exporter",
"helm_repo_url": "https://prometheus-community.github.io/helm-charts",
"helm_settings": {},
"helm_values": {},
"k8s_namespace": "prometheus-node-exporter",
"scrape_interval": "60s",
"scrape_timeout": "60s"
}
| no |
| [nginx\_config](#input\_nginx\_config) | Configuration object for NGINX monitoring | object({
enable_alerting_rules = bool
enable_recording_rules = bool
enable_dashboards = bool
scrape_sample_limit = number
flux_gitrepository_name = string
flux_gitrepository_url = string
flux_gitrepository_branch = string
flux_kustomization_name = string
flux_kustomization_path = string
grafana_dashboard_url = string
prometheus_metrics_endpoint = string
})
| `null` | no |
+| [nvidia\_monitoring\_config](#input\_nvidia\_monitoring\_config) | Config object for nvidia monitoring | object({
flux_gitrepository_name = string
flux_gitrepository_url = string
flux_gitrepository_branch = string
flux_kustomization_name = string
flux_kustomization_path = string
})
| `null` | no |
| [prometheus\_config](#input\_prometheus\_config) | Controls default values such as scrape interval, timeouts and ports globally | object({
global_scrape_interval = string
global_scrape_timeout = string
})
| {
"global_scrape_interval": "120s",
"global_scrape_timeout": "15s"
}
| no |
| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
| [target\_secret\_name](#input\_target\_secret\_name) | Target secret in Kubernetes to store the Grafana API Key Secret | `string` | `"grafana-admin-credentials"` | no |
@@ -142,4 +148,7 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this
| [kms\_key\_arn\_eks\_monitoring](#output\_kms\_key\_arn\_eks\_monitoring) | Name of the SSM Parameter |
| [ssmparameter\_arn\_eks\_monitoring](#output\_ssmparameter\_arn\_eks\_monitoring) | Name of the SSM Parameter |
| [ssmparameter\_name\_eks\_monitoring](#output\_ssmparameter\_name\_eks\_monitoring) | Name of the SSM Parameter |
+| [managed\_prometheus\_workspace\_endpoint](#output\_managed\_prometheus\_workspace\_endpoint) | Amazon Managed Prometheus workspace endpoint |
+| [managed\_prometheus\_workspace\_id](#output\_managed\_prometheus\_workspace\_id) | Amazon Managed Prometheus workspace ID |
+| [managed\_prometheus\_workspace\_region](#output\_managed\_prometheus\_workspace\_region) | Amazon Managed Prometheus workspace region |
diff --git a/modules/eks-monitoring/alerts.tf b/modules/eks-monitoring/alerts.tf
index 1cae59b6..03740bdb 100644
--- a/modules/eks-monitoring/alerts.tf
+++ b/modules/eks-monitoring/alerts.tf
@@ -6,7 +6,7 @@ resource "aws_prometheus_rule_group_namespace" "alerting_rules" {
count = var.enable_alerting_rules ? 1 : 0
name = "accelerator-infra-alerting"
- workspace_id = var.managed_prometheus_workspace_id
+ workspace_id = local.managed_prometheus_workspace_id
data = <