diff --git a/_envcommon/common-variables.hcl b/_envcommon/common-variables.hcl
new file mode 100644
index 0000000..38cb4c9
--- /dev/null
+++ b/_envcommon/common-variables.hcl
@@ -0,0 +1,23 @@
+# lab/_envcommon/common-variables.hcl
+
+# ---------------------------------------------------------------------------------------------------------------------
+# GLOBAL PARAMETERS
+# These are the variables we pass to use across modules regardless of environment, i.e. these are the parameters 
+# that are common across all environments/accounts.
+# ---------------------------------------------------------------------------------------------------------------------
+locals {
+  organization        = "census:ocio:csvd"
+  project_name        = "csvd_platformbaseline"
+  project_number      = "fs0000000078"
+  project_role        = "csvd_platformbaseline_app"
+  state_bucket_prefix = "inf-tfstate"
+  state_table_name    = "tf_remote_state"
+  route53_endpoints = {
+    route53_main = {
+      "account_id"    = "269244441389"
+      "alias"         = "lab-gov-network-nonprod"
+      "us-gov-east-1" = "vpc-070595c5b133243dd"
+      "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1"
+    }
+  }
+}
diff --git a/_envcommon/default-versions.hcl b/_envcommon/default-versions.hcl
new file mode 100644
index 0000000..478dc67
--- /dev/null
+++ b/_envcommon/default-versions.hcl
@@ -0,0 +1,145 @@
+# lab/_envcommon/default-versions.hcl
+
+locals {
+  #####################
+  # Module Versions
+  #####################
+  cluster_version            = "1.31"
+  custom_service_eks_account = "${local.release_version}"
+  eks_module_version         = "20.33.1"
+  istio_ingress_version      = "${local.release_version}"
+  release_version            = "main" # "main" # change to main when testing updated modules
+
+  #####################
+  # TF Providers
+  #####################
+  aws_version        = "5.84.0"
+  helm_version       = "2.11.0"
+  kubernetes_version = "2.33.0"
+  null_version       = "3.2.1"
+  random_version     = "3.5.1"
+  template_version   = "2.2.0"
+  tf_version         = "1.5.5"
+
+  #####################
+  # Namespaces Config
+  #####################
+  operator_namespace  = "aoperator"
+  telemetry_namespace = "atelemetry"
+  namespaces = {
+    cert-manager   = "kube-system"
+    karpenter      = "karpenter"
+    metrics-server = "kube-system"
+    postgresql     = "kube-system"
+    keycloak       = "keycloak"
+    gogatekeeper   = "kube-system"
+    istio          = "istio-system"
+    kiali          = "istio-system"
+    grafana        = local.telemetry_namespace
+    k8s-dashboard  = local.telemetry_namespace
+    loki           = local.telemetry_namespace
+    otel           = local.telemetry_namespace
+    prometheus     = local.telemetry_namespace
+    tempo          = local.telemetry_namespace
+  }
+
+  #####################
+  # EKS Config
+  #####################
+
+  ################
+  # Cert-Manager
+  ################
+  cluster_issuer_name              = "cert-manager"
+  cert_manager_cainjector_tag      = "v${local.cert_manager_version}"
+  cert_manager_controller_tag      = "v${local.cert_manager_version}"
+  cert_manager_helm_chart          = "${local.cert_manager_version}"
+  cert_manager_startupapicheck_tag = "v${local.cert_manager_version}"
+  cert_manager_version             = "1.17.1"
+  cert_manager_webhook_tag         = "v${local.cert_manager_version}"
+
+  ################
+  # GoGatekeeper
+  ################
+  gogatekeeper_tag           = "3.2.1"
+  gogatekeeper_chart_version = "0.1.53"
+
+  ################
+  # Grafana
+  ################
+  grafana_hostname               = "grafana"
+  grafana_operator_chart_version = "4.9.8"
+  grafana_operator_tag           = "5.16.0"
+  grafana_tag                    = "11.5.2"
+  os_shell_image_tag             = "12"
+
+  ################
+  # Istio
+  ################
+  istio_namespace = "istio-system"
+  istio_version   = "1.25.0"
+
+  ################
+  # k8s-dashboard
+  ################
+  dashboard_hostname            = "dashboard"
+  k8s_dashboard_metrics_scraper = "1.0.8"
+  k8s_dashboard_version         = "6.0.6"
+
+  ################
+  # Karpenter
+  ################
+  karpenter_helm_chart = "1.3.1"
+  karpenter_tag        = "1.3.1"
+
+  ################
+  # Keycloak
+  ################
+  keycloak_chart_version = "24.4.11"
+  keycloak_tag           = "26.1.3"
+  keycloak_hostname      = "keycloak"
+  keycloak_database      = "keycloak"
+  keycloak_username      = "keycloak"
+  keycloak_password      = "this is my very secure and totally random password horse battery staple now"
+  postgresql_tag         = "17.4.0-debian-12-r2"
+
+  ################
+  # Kiali
+  ################
+  kiali_operator_version    = "2.2.0"
+  kiali_application_version = "v${local.kiali_operator_version}"
+
+  ################
+  # Loki
+  ################
+  loki_chart_version              = "6.27.0"
+  loki_tag                        = "3.4.2"
+  enterprise_logs_provisioner_tag = "v1.7.0"
+  gateway_tag                     = "1.27-alpine"
+  memcached_tag                   = "1.6.37"
+  exporter_tag                    = "v0.15.0"
+  sidecar_tag                     = "1.27.4"
+
+  ################
+  # Metrics Server
+  ################
+  metrics_server_helm_chart = "3.12.2"
+  metrics_server_tag        = "0.7.2"
+
+  ################
+  # Prometheus
+  ################
+  prometheus_chart_version       = "27.5.1"
+  prometheus_server_tag          = "v3.2.1"
+  prometheus_config_reloader_tag = "v0.75.2"
+  alertmanager_tag               = "v0.28.0"
+  kube_state_metrics_tag         = "v2.15.0"
+  node_exporter_tag              = "v1.9.0"
+  pushgateway_tag                = "v1.11.0"
+
+  ################
+  # Tempo
+  ################
+  tempo_chart_version = "1.18.2"
+  tempo_tag           = "2.7.1"
+}
diff --git a/development/account.hcl b/development/account.hcl
new file mode 100644
index 0000000..80a8b3a
--- /dev/null
+++ b/development/account.hcl
@@ -0,0 +1,13 @@
+# lab/development/account.hcl
+
+# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration. Terragrunt often segments account and environment, but given our strategy is to 
+# leverage accounts as environment boundaries, there is an anticipated 1:1 account to environment model that 
+# combines these here. 
+locals {
+  account_name     = "lab-dev-ew"
+  aws_account_id   = "224384469011"
+  aws_profile      = "224384469011-lab-dev-gov"
+  environment      = "development"
+  environment_abbr = "dev"
+}
diff --git a/development/us-gov-east-1/region.hcl b/development/us-gov-east-1/region.hcl
new file mode 100644
index 0000000..f87a8e6
--- /dev/null
+++ b/development/us-gov-east-1/region.hcl
@@ -0,0 +1,7 @@
+# lab/development/us-gov-east-1/region.hcl
+
+# Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to
+# configure the remote state bucket and pass forward to the child modules as inputs.
+locals {
+  aws_region = "us-gov-east-1"
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
new file mode 100644
index 0000000..e52f9d2
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
@@ -0,0 +1,28 @@
+locals {
+  # Cluster specific configuration
+  cluster_endpoint_public_access           = true
+  cluster_name                             = "platform-eng-eks-mcm"
+  cluster_mailing_list                     = "matthew.c.morgan@census.gov"
+  eks_instance_disk_size                   = 100
+  eks_ng_desired_size                      = 2
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 2
+  enable_cluster_creator_admin_permissions = true
+  tags = {
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+
+  # Common configuration
+  common_retry_args = {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+
+  common_dependencies = ["../eks", "../eks-config"]
+
+  common_mock_eks = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl
new file mode 100644
index 0000000..5e03cd4
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl
@@ -0,0 +1,58 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-karpenter",
+    "../eks-metrics-server",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_version   = include.root.inputs.cluster_version
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name         = dependency.eks.outputs.cluster_name
+  cluster_mailing_list = include.root.inputs.cluster_mailing_list
+  oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
+
+  # Cert Manager Configuration
+  cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart
+  cluster_issuer_name     = include.root.inputs.cluster_issuer_name
+  namespace               = include.root.inputs.namespaces["cert-manager"]
+
+  # Version Tags
+  cert_manager_cainjector_tag      = include.root.inputs.cert_manager_cainjector_tag
+  cert_manager_controller_tag      = include.root.inputs.cert_manager_controller_tag
+  cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
+  cert_manager_webhook_tag         = include.root.inputs.cert_manager_webhook_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl
new file mode 100644
index 0000000..4a6a659
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl
@@ -0,0 +1,55 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-karpenter",
+    "../eks-metrics-server",
+  ]
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name                                    = "mock-cluster"
+    cluster_endpoint                                = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_certificate_authority_data              = [{ data = "mock-cert-data" }]
+    eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    security_group_all_worker_mgmt_id               = "sg-mock"
+    subnets                                         = ["subnet-mock1", "subnet-mock2"]
+    vpc_id                                          = "vpc-mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  subnets                                         = dependency.eks.outputs.subnets
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  operators_ns                                    = include.root.inputs.operator_namespace
+  telemetry_ns                                    = include.root.inputs.telemetry_namespace
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl
new file mode 100644
index 0000000..6ab9858
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl
@@ -0,0 +1,60 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = include.root.inputs.cluster_name
+    subnets      = ["subnet-mock1", "subnet-mock2", "subnet-mock3"]
+  }
+}
+
+dependency "eks-istio" {
+  config_path                             = "../eks-istio"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    istio_ingress_lb = {
+      dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com"
+      zone_id  = "MOCKZONEID"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-istio",
+    "../eks-metrics-server",
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name = include.root.inputs.cluster_name
+
+  # Network Configuration
+  istio_ingress_lb  = dependency.eks-istio.outputs.istio_ingress_lb
+  route53_endpoints = include.root.inputs.route53_endpoints
+  vpc_domain_name   = include.root.inputs.vpc_domain_name
+  vpc_name          = include.root.inputs.vpc_name
+
+  # Additional Configuration
+  tags = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl.off b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl.off
new file mode 100644
index 0000000..119537e
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl.off
@@ -0,0 +1,80 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gogatekeeper.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain = "mock.example.com"
+  }
+}
+
+dependency "eks_grafana" {
+  config_path                             = "../eks-grafana"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    public_endpoint = "mock.grafaba.example.com"
+  }
+}
+
+dependency "eks_keycloak" {
+  config_path                             = "../eks-keycloak"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    public_endpoint = "mock.keycloak.example.com"
+    discovery_url   = "mock.keycloak.example.com/auth"
+    client_id       = "mock-client-id"
+    client_secret   = "mock-client-secret"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-dns",
+    "../eks-grafana",
+    "../eks-keycloak",
+    "../eks-prometheus",
+  ]
+}
+
+inputs = {
+  # Base Cluster Config
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  namespace      = include.root.inputs.namespaces["gogatekeeper"]
+  profile        = include.root.inputs.aws_profile
+  region         = include.root.inputs.aws_region
+
+  # Gatekeeper Config
+  gogatekeeper_tag           = include.root.inputs.gogatekeeper_tag
+  gogatekeeper_chart_version = include.root.inputs.gogatekeeper_chart_version
+  keycloak_discovery_url     = dependency.eks_keycloak.outputs.discovery_url
+
+  # Service Behind Gatekeeper Config
+  service_name        = "test-gc"
+  upstream_url        = dependency.eks_grafana.outputs.public_endpoint
+  redirection_url     = dependency.eks_grafana.outputs.public_endpoint
+  client_id           = dependency.eks_keycloak.outputs.client_id
+  client_secret       = dependency.eks_keycloak.outputs.client_secret
+  keycloak_public_url = dependency.eks_keycloak.outputs.public_endpoint
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl
new file mode 100644
index 0000000..7830797
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl
@@ -0,0 +1,99 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain = "mock.domain.example.com"
+  }
+}
+
+dependency "eks_loki" {
+  config_path                             = "../eks-loki"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mocked"
+    gateway_internal_endpoint = {
+      url = "mock.loki.enpoint.example.com"
+    }
+  }
+}
+
+dependency "eks_prometheus" {
+  config_path                             = "../eks-prometheus"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mocked"
+    prometheus_server_internal_endpoint = {
+      url = "mock.prometheus.enpoint.example.com"
+    }
+  }
+}
+
+dependency "eks_tempo" {
+  config_path                             = "../eks-tempo"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mocked"
+    tempo_internal_endpoint = {
+      url = "mock.tempo.enpoint.example.com"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-dns",
+    "../eks-loki",
+    "../eks-prometheus",
+    "../eks-tempo"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  cluster_domain    = dependency.eks_dns.outputs.cluster_domain
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Storage Configuration
+  rwo_storage_class = dependency.eks_loki.outputs.rwo_storage_class
+
+  # Grafana Configuration
+  grafana_operator_chart_version = include.root.inputs.grafana_operator_chart_version
+  grafana_operator_tag           = include.root.inputs.grafana_operator_tag
+  grafana_tag                    = include.root.inputs.grafana_tag
+  namespace                      = include.root.inputs.namespaces["grafana"]
+  os_shell_image_tag             = include.root.inputs.os_shell_image_tag
+  service_name                   = "grafana"
+  loki_endpoint                  = dependency.eks_loki.outputs.gateway_internal_endpoint.url
+  prometheus_endpoint            = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url
+  tempo_endpoint                 = dependency.eks_tempo.outputs.tempo_internal_endpoint.url
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl
new file mode 100644
index 0000000..0cd1e1f
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl
@@ -0,0 +1,44 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-cert-manager",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Istio Configuration
+  namespace     = include.root.inputs.namespaces["istio"]
+  istio_version = include.root.inputs.istio_version
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl
new file mode 100644
index 0000000..1d02df6
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl
@@ -0,0 +1,54 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-dns",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+
+  # Dashboard Configuration
+  service_name          = include.root.inputs.dashboard_hostname
+  k8s_dashboard_version = include.root.inputs.k8s_dashboard_version
+  namespace             = include.root.inputs.namespaces["k8s-dashboard"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl
new file mode 100644
index 0000000..25c22d7
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl
@@ -0,0 +1,53 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-metrics-server",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    node_group_name   = "mock-node-group"
+    vpc_id            = "vpc-mock"
+    subnets           = ["subnet-mock1", "subnet-mock2"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_endpoint  = dependency.eks.outputs.cluster_endpoint
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+  vpc_id            = dependency.eks.outputs.vpc_id
+
+  # Karpenter Configuration
+  karpenter_tag             = include.root.inputs.karpenter_tag
+  karpenter_helm_chart      = include.root.inputs.karpenter_helm_chart
+  karpenter_node_group_name = dependency.eks.outputs.node_group_name
+  namespace                 = include.root.inputs.namespaces["karpenter"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl
new file mode 100644
index 0000000..74132d7
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl
@@ -0,0 +1,76 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-keycloak.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain = "mock.example.com"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-prometheus",
+  ]
+}
+
+inputs = {
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+  namespace      = include.root.inputs.namespaces["keycloak"]
+  profile        = include.root.inputs.aws_profile
+  region         = include.root.inputs.aws_region
+
+  # keycloak config
+  default_storage_class  = dependency.eks_config.outputs.rwo_storage_class
+  keycloak_chart_version = include.root.inputs.keycloak_chart_version
+  keycloak_hostname      = include.root.inputs.keycloak_hostname
+  keycloak_tag           = include.root.inputs.keycloak_tag
+  realm_email            = include.root.inputs.cluster_mailing_list
+  realm_name             = "master"
+  realm_password         = include.root.inputs.keycloak_password
+  realm_username         = include.root.inputs.keycloak_username
+  service_name           = "keycloak"
+  telemetry_namespace    = include.root.inputs.telemetry_namespace
+
+  # # Database configuration
+  keycloak_database = include.root.inputs.keycloak_database
+  keycloak_user     = include.root.inputs.keycloak_username
+  keycloak_password = include.root.inputs.keycloak_password
+
+  # Project information
+  project_name = include.root.inputs.project_name
+  tags         = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl
new file mode 100644
index 0000000..f1c9bdc
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl
@@ -0,0 +1,126 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_cert_manager" {
+  config_path                             = "../eks-cert-manager"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_issuer_name = "mock-issuer"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+  }
+}
+
+dependency "eks_grafana" {
+  config_path                             = "../eks-grafana"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    internal_endpoint = {
+      hostname    = "grafana.mock.svc.cluster.local"
+      port_number = "80"
+      url         = "https://grafana.mock.svc.cluster.local:80/"
+    }
+    namespace = "grafana"
+    public_endpoint = {
+      hostname    = "grafana.mock.lab.csp2.census.gov"
+      port_number = "80"
+      url         = "https://grafana.mock.lab.csp2.census.gov:80/"
+    }
+    secret_name = "grafana"
+    tempo_datasource_id = "mock-tempo-datasource-id" 
+  }
+}
+
+dependency "eks_prometheus" {
+  config_path                             = "../eks-prometheus"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus.mock.svc.cluster.local"
+      port_number = "80"
+      url         = "https://prometheus.mock.svc.cluster.local:80/"
+    }
+  }
+}
+
+dependency "eks_tempo" {
+  config_path                             = "../eks-tempo"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    tempo_internal_endpoint = {
+      hostname    = "tempo.mock.svc.cluster.local"
+      port_number = "80"
+      url         = "https://tempo.mock.svc.cluster.local:80/"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-grafana",
+    "../eks-istio",
+    "../eks-prometheus",
+    "../eks-tempo",
+  ]
+}
+
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+  certificate_issuer  = dependency.eks_cert_manager.outputs.cluster_issuer_name
+
+  # Kiali Configuration
+  service_name         = "kiali"
+  namespace               = include.root.inputs.namespaces["kiali"]
+  istio_namespace         = include.root.inputs.namespaces["istio"]
+  grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url
+  grafana_namespace    = dependency.eks_grafana.outputs.namespace
+  grafana_secret_name  = dependency.eks_grafana.outputs.secret_name
+  grafana_public_url   = dependency.eks_grafana.outputs.public_endpoint
+
+  kiali_application_version = include.root.inputs.kiali_application_version
+  kiali_operator_version = include.root.inputs.kiali_operator_version
+
+  prometheus_internal_url = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url
+  grafana_namespace       = dependency.eks_grafana.outputs.namespace
+  grafana_secret_name     = dependency.eks_grafana.outputs.secret_name
+  grafana_internal_url    = dependency.eks_grafana.outputs.internal_endpoint.url
+  grafana_public_url      = dependency.eks_grafana.outputs.public_endpoint
+  tempo_datasource_id     = dependency.eks_grafana.outputs.tempo_datasource_id
+  tempo_internal_url      = dependency.eks_tempo.outputs.tempo_internal_endpoint.url
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl
new file mode 100644
index 0000000..e126331
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl
@@ -0,0 +1,55 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-metrics-server",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mock"
+  }
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Loki Configuration
+  loki_chart_version = include.root.inputs.loki_chart_version
+  loki_tag           = include.root.inputs.loki_tag
+  namespace          = include.root.inputs.namespaces["loki"]
+  rwo_storage_class  = dependency.eks_config.outputs.rwo_storage_class
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl
new file mode 100644
index 0000000..fd02a7a
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl
@@ -0,0 +1,42 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = "mock-cluster"
+  }
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name = dependency.eks.outputs.cluster_name
+
+  # Metrics Server Configuration
+  metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart
+  metrics_server_tag        = include.root.inputs.metrics_server_tag
+  namespace                 = include.root.inputs.namespaces["metrics-server"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl
new file mode 100644
index 0000000..2c93211
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl
@@ -0,0 +1,61 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=${include.root.inputs.release_version}"
+  # source = "../../../../../../../tfmod-open-telemetry"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-loki",
+    "../eks-prometheus",
+    "../eks-tempo"
+  ]
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+dependency "eks-loki" {
+  config_path = "../eks-loki"
+  mock_outputs = {
+    gateway_internal_endpoint = {
+      hostname   = "loki-gateway.mock.svc.cluster.local"
+      portNumber = 3210
+      url        = "http://loki-gateway.mock.svc.cluster.local:3210/"
+    }
+  }
+}
+
+dependency "eks-tempo" {
+  config_path = "../eks-tempo"
+  mock_outputs = {
+    tempo_otlp_endpoint = {
+      hostname   = "tempo.mock.svc.cluster.local"
+      portNumber = 1234
+      url        = "http://tempo.mock.svc.cluster.local:1234/"
+    }
+  }
+}
+
+inputs = {
+  profile        = include.root.inputs.aws_profile
+  cluster_name   = dependency.eks.outputs.cluster_name
+  region         = include.root.inputs.aws_region
+  namespace      = include.root.inputs.namespaces["otel"]
+  loki_endpoint  = dependency.eks-loki.outputs.gateway_internal_endpoint.url
+  tempo_endpoint = dependency.eks-tempo.outputs.tempo_otlp_endpoint.url
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/README.md b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/README.md
new file mode 100644
index 0000000..bbbffb2
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/README.md
@@ -0,0 +1,198 @@
+## eks-prometheus
+This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool.
+This module consisits of 4 components. It creates prometheus namespace and  copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories.
+    1. prometheus-alert-manager
+    2. prometheus-node-exporter
+    3. prometheus-pushgateway
+    4. prometheus-server
+
+### Dependencies
+This module is dependent on EKS module (eks). The cluster should exist already for this module to work.
+
+### Inputs
+    cluster_name
+    profile
+    prometheus_chart_version
+    prometheus_server_tag
+    prometheus_config_reloader_tag
+    alertmanager_tag
+    kube_state_metrics_tag
+    node_exporter_tag
+    pushgateway_tag
+    rwo_storage_class
+
+### Outputs
+    alertmanager_internal_endpoint
+    alertmanager_headless_internal_endpoint
+    pushgateway_internal_endpoint
+    prometheus_server_internal_endpoint
+
+### Issues observed/fixed
+1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted"
+2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1"
+3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0"
+4. The alertmanager_tag value had to be updated from
+5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below:
+
+    ```
+    set {
+    name = "kube-state-metrics.image.registry"
+    value = module.images.images[local.ksm_key].dest_registry
+  }
+  set {
+    name = "kube-state-metrics.image.repository"
+    value = module.images.images[local.ksm_key].dest_repository
+      }
+    ```
+
+6. In some other cases the image ecr repository had to be split by the colon separatory (:)
+
+    ```
+    set {
+    name = "alertmanager.configmapReload.image.repository"
+    value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0]
+        }
+    ```
+
+### Chart Notes
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl port-forward $POD_NAME 9091
+        echo "Visit http://127.0.0.1:9091 to use your application"
+    ```
+
+    The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
+    prometheus-server.prometheus.svc.cluster.local
+
+
+    Get the Prometheus server URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9090
+    ```
+
+    The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster:
+    `prometheus-alertmanager.prometheus.svc.cluster.local`
+
+
+    Get the Alertmanager URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9093
+    ```
+
+    #################################################################################
+    ######   WARNING: Pod Security Policy has been disabled by default since    #####
+    ######            it deprecated after k8s 1.25+. use                        #####
+    ######            (index .Values "prometheus-node-exporter" "rbac"          #####
+    ######            "pspEnabled") with (index .Values                         #####
+    ######            "prometheus-node-exporter" "rbac" "pspAnnotations")       #####
+    ######            in case you still need it.                                #####
+    #################################################################################
+
+
+    The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
+    `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local`
+
+
+    Get the PushGateway URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9091
+    ```
+
+    For more information on running Prometheus, visit:
+    https://prometheus.io/
+
+    kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
+    The exposed metrics can be found here:
+    https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
+
+    The metrics are exported on the HTTP endpoint /metrics on the listening port.
+    In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics`
+
+    They are served either as plaintext or protobuf depending on the Accept header.
+    They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9093 to use your application"
+        kubectl --namespace prometheus port-forward $POD_NAME 9093:80
+    ```
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9100 to use your application"
+        kubectl port-forward --namespace prometheus $POD_NAME 9100
+    ```
+
+<!--BEGIN-TF-DOCS-->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alertmanager_tag"></a> [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes |
+| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no |
+| <a name="input_kube_state_metrics_tag"></a> [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no |
+| <a name="input_node_exporter_tag"></a> [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no |
+| <a name="input_profile"></a> [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no |
+| <a name="input_prometheus_chart_version"></a> [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no |
+| <a name="input_prometheus_config_reloader_tag"></a> [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no |
+| <a name="input_prometheus_server_tag"></a> [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no |
+| <a name="input_pushgateway_tag"></a> [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no |
+| <a name="input_rwo_storage_class"></a> [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_alertmanager_headless_internal_endpoint"></a> [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a |
+| <a name="output_alertmanager_internal_endpoint"></a> [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a |
+| <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
+| <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
+| <a name="output_prometheus_namespace"></a> [prometheus\_namespace](#output\_prometheus\_namespace) | n/a |
+| <a name="output_prometheus_server_internal_endpoint"></a> [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a |
+| <a name="output_pushgateway_internal_endpoint"></a> [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a |
+<!--END-TF-DOCS-->
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl
new file mode 100644
index 0000000..80e24e8
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl
@@ -0,0 +1,60 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-metrics-server",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-encyrpted"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Prometheus Configuration
+  prometheus_chart_version       = include.root.inputs.prometheus_chart_version
+  prometheus_server_tag          = include.root.inputs.prometheus_server_tag
+  prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag
+  alertmanager_tag               = include.root.inputs.alertmanager_tag
+  kube_state_metrics_tag         = include.root.inputs.kube_state_metrics_tag
+  namespace                      = include.root.inputs.namespaces["prometheus"]
+  node_exporter_tag              = include.root.inputs.node_exporter_tag
+  pushgateway_tag                = include.root.inputs.pushgateway_tag
+  rwo_storage_class              = dependency.eks_config.outputs.rwo_storage_class
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl
new file mode 100644
index 0000000..e94ad7f
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl
@@ -0,0 +1,63 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks-prometheus" {
+  config_path                             = "../eks-prometheus"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    prometheus_namespace = "prometheus"
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus-server.mock.svc.cluster.local"
+      port_number = 9090
+      url         = "http://prometheus-server.mock.svc.cluster.local:9090/"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-prometheus"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Prometheus Configuration
+  prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace
+  prometheus_port      = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number
+
+  # Tempo Configuration
+  tempo_chart_version = include.root.inputs.tempo_chart_version
+  tempo_tag           = include.root.inputs.tempo_tag
+  namespace           = include.root.inputs.namespaces["tempo"]
+
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl
new file mode 100644
index 0000000..9eca1de
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl
@@ -0,0 +1,28 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name    = include.root.inputs.cluster_name
+  cluster_version = include.root.inputs.cluster_version
+
+  # Additional Configuration
+  tags = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl
new file mode 100644
index 0000000..656de00
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl
@@ -0,0 +1,28 @@
+locals {
+  # Cluster specific configuration
+  cluster_endpoint_public_access           = true
+  cluster_name                             = "platform-eng-eks-srn"
+  cluster_mailing_list                     = "srinivasa.nangunuri@census.gov"
+  eks_instance_disk_size                   = 100
+  eks_ng_desired_size                      = 2
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 2
+  enable_cluster_creator_admin_permissions = true
+  tags = {
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+
+  # Common configuration
+  common_retry_args = {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+
+  common_dependencies = ["../eks", "../eks-config"]
+
+  common_mock_eks = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl
new file mode 100644
index 0000000..d1e69d0
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl
@@ -0,0 +1,57 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-karpenter"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_version   = include.root.inputs.cluster_version
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name         = dependency.eks.outputs.cluster_name
+  cluster_mailing_list = include.root.inputs.cluster_mailing_list
+  oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
+
+  # Cert Manager Configuration
+  cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart
+  cluster_issuer_name     = include.root.inputs.cluster_issuer_name
+  namespace               = include.root.inputs.namespaces["cert-manager"]
+
+  # Version Tags
+  cert_manager_cainjector_tag      = include.root.inputs.cert_manager_cainjector_tag
+  cert_manager_controller_tag      = include.root.inputs.cert_manager_controller_tag
+  cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
+  cert_manager_webhook_tag         = include.root.inputs.cert_manager_webhook_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl
new file mode 100644
index 0000000..c1328ee
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl
@@ -0,0 +1,54 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-karpenter"
+  ]
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name                                    = "mock-cluster"
+    cluster_endpoint                                = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_certificate_authority_data              = [{ data = "mock-cert-data" }]
+    eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    security_group_all_worker_mgmt_id               = "sg-mock"
+    subnets                                         = ["subnet-mock1", "subnet-mock2"]
+    vpc_id                                          = "vpc-mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  subnets                                         = dependency.eks.outputs.subnets
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  operators_ns                                    = include.root.inputs.operator_namespace
+  telemetry_ns                                    = include.root.inputs.telemetry_namespace
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl
new file mode 100644
index 0000000..2bf9b72
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl
@@ -0,0 +1,60 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = include.root.inputs.cluster_name
+    subnets      = ["subnet-mock1", "subnet-mock2", "subnet-mock3"]
+  }
+}
+
+dependency "eks-istio" {
+  config_path                             = "../eks-istio"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    istio_ingress_lb = {
+      dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com"
+      zone_id  = "MOCKZONEID"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks-config",
+    "../eks-istio",
+    "../eks-karpenter"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name = include.root.inputs.cluster_name
+
+  # Network Configuration
+  istio_ingress_lb  = dependency.eks-istio.outputs.istio_ingress_lb
+  route53_endpoints = include.root.inputs.route53_endpoints
+  vpc_domain_name   = include.root.inputs.vpc_domain_name
+  vpc_name          = include.root.inputs.vpc_name
+
+  # Additional Configuration
+  tags = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl
new file mode 100644
index 0000000..2bc7484
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl
@@ -0,0 +1,63 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_loki" {
+  config_path                             = "../eks-loki"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mocked"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-karpenter",
+    "../eks-loki"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  cluster_domain    = include.root.inputs.vpc_domain_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Storage Configuration
+  rwo_storage_class = dependency.eks_loki.outputs.rwo_storage_class
+
+  # Grafana Configuration
+  grafana_chart_version         = include.root.inputs.grafana_chart_version
+  grafana_tag                   = include.root.inputs.grafana_tag
+  download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag
+  init_chown_data_image_tag     = include.root.inputs.init_chown_data_image_tag
+  namespace                     = include.root.inputs.namespaces["grafana"]
+  service_name                  = "grafana"
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl
new file mode 100644
index 0000000..1c31216
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl
@@ -0,0 +1,44 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Istio Configuration
+  namespace     = include.root.inputs.namespaces["istio"]
+  istio_version = include.root.inputs.istio_version
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl
new file mode 100644
index 0000000..c32546c
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl
@@ -0,0 +1,55 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=mcmCluster"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+
+  # Dashboard Configuration
+  service_name          = include.root.inputs.dashboard_hostname
+  k8s_dashboard_version = include.root.inputs.k8s_dashboard_version
+  namespace             = include.root.inputs.namespaces["k8s-dashboard"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl
new file mode 100644
index 0000000..7c2ff2d
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl
@@ -0,0 +1,50 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = ["../eks"]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    node_group_name   = "mock-node-group"
+    vpc_id            = "vpc-mock"
+    subnets           = ["subnet-mock1", "subnet-mock2"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_endpoint  = dependency.eks.outputs.cluster_endpoint
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Karpenter Configuration
+  karpenter_tag             = include.root.inputs.karpenter_tag
+  karpenter_helm_chart      = include.root.inputs.karpenter_helm_chart
+  karpenter_node_group_name = dependency.eks.outputs.node_group_name
+  namespace                 = include.root.inputs.namespaces["karpenter"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl
new file mode 100644
index 0000000..248432d
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl
@@ -0,0 +1,87 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-keycloak.git?ref=standards"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_postgresql" {
+  config_path                             = "../eks-postgresql"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    internal_endpoint = {
+      url = "mock-internal-endpoint-url"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-karpenter",
+    "../eks-postgresql",
+    "../eks-prometheus",
+  ]
+}
+
+inputs = {
+  admin_email    = include.root.inputs.cluster_mailing_list
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+  namespace      = include.root.inputs.namespaces["keycloak"]
+  profile        = include.root.inputs.aws_profile
+  region         = include.root.inputs.aws_region
+
+  # keycloak config
+  default_storage_class  = dependency.eks_config.outputs.rwo_storage_class
+  keycloak_chart_version = include.root.inputs.keycloak_chart_version
+  keycloak_hostname      = include.root.inputs.keycloak_hostname
+  keycloak_tag           = include.root.inputs.keycloak_tag
+  service_name           = "keycloak"
+  telemetry_namespace    = include.root.inputs.telemetry_namespace
+
+  # Database configuration
+  db_host     = dependency.eks_postgresql.outputs.internal_endpoint.url
+  db_name     = include.root.inputs.postgresql_database
+  db_password = include.root.inputs.postgresql_password
+  db_user     = include.root.inputs.postgresql_username
+
+  # Project information
+  project_name = include.root.inputs.project_name
+  tags         = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl
new file mode 100644
index 0000000..c36c773
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl
@@ -0,0 +1,113 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-grafana",
+    "../eks-istio",
+    "../eks-prometheus"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    operators_namespace = "mock-namespace"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_grafana" {
+  config_path                             = "../eks-grafana"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    internal_endpoint = {
+      hostname    = "grafana.mock.svc.cluster.local"
+      port_number = "80"
+      url         = "https://grafana.mock.svc.cluster.local:80/"
+    }
+    namespace = "grafana"
+    public_endpoint = {
+      hostname    = "grafana.mock.lab.csp2.census.gov"
+      port_number = "80"
+      url         = "https://grafana.mock.lab.csp2.census.gov:80/"
+    }
+    secret_name = "grafana"
+  }
+}
+
+dependency "eks_istio" {
+  config_path                             = "../eks-istio"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    namespace = "mock-namespace-istio"
+  }
+}
+
+dependency "eks_prometheus" {
+  config_path                             = "../eks-prometheus"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus.mock.svc.cluster.local"
+      port_number = "80"
+      url         = "https://prometheus.mock.svc.cluster.local:80/"
+    }
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+
+  # Kiali Configuration
+  service_name         = "kiali"
+  namespace            = include.root.inputs.namespaces["kiali"]
+  grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url
+  grafana_namespace    = dependency.eks_grafana.outputs.namespace
+  grafana_secret_name  = dependency.eks_grafana.outputs.secret_name
+  grafana_public_url   = dependency.eks_grafana.outputs.public_endpoint
+
+  kiali_operator_version = include.root.inputs.kiali_operator_version
+
+  prometheus_internal_url = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url
+  # jager_internal_url      = dependency.eks_prometheus.outputs.jager_internal_url
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled
new file mode 100644
index 0000000..a06c6e6
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled
@@ -0,0 +1,108 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-grafana",
+    "../eks-istio",
+    "../eks-prometheus"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks-config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    operators_namespace = "mock-namespace"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_grafana" {
+  config_path                             = "../eks-grafana"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    internal_endpoint = {
+      hostname    = "grafana.mock.svc.cluster.local"
+      port_number = "80"
+      url         = "https://grafana.mock.svc.cluster.local:80/"
+    }
+    namespace         = "grafana"
+    public_endpoint   = {
+      hostname    = "grafana.mock.lab.csp2.census.gov"
+      port_number = "80"
+      url         = "https://grafana.mock.lab.csp2.census.gov:80/"
+    }
+    secret_name       = "grafana"
+  }
+}
+
+dependency "eks_istio" {
+  config_path                             = "../eks-istio"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    namespace = "mock-namespace-istio"
+  }
+}
+
+dependency "eks_prometheus" {
+  config_path                             = "../eks-prometheus"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    prometheus_internal_url = "mock-internal-url"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+
+  # Kiali Configuration
+  grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url
+  grafana_namespace    = dependency.eks_grafana.outputs.namespace
+  grafana_secret_name  = dependency.eks_grafana.outputs.secret_name
+  grafana_public_url   = dependency.eks_grafana.outputs.public_endpoint.url
+
+  kiali_operator_version = include.root.inputs.kiali_operator_version
+  operators_namespace    = dependency.eks-config.outputs.operators_namespace
+
+  prometheus_internal_url = dependency.eks_prometheus.outputs.internal_endpoint
+  jager_internal_url      = dependency.eks_prometheus.outputs.jager_internal_url
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl
new file mode 100644
index 0000000..55d3830
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl
@@ -0,0 +1,56 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-metrics-server",
+    "../eks-dns"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mock"
+  }
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Loki Configuration
+  loki_chart_version = include.root.inputs.loki_chart_version
+  loki_tag           = include.root.inputs.loki_tag
+  namespace          = include.root.inputs.namespaces["loki"]
+  rwo_storage_class  = dependency.eks_config.outputs.rwo_storage_class
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl
new file mode 100644
index 0000000..5e520aa
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl
@@ -0,0 +1,43 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = "mock-cluster"
+  }
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name = dependency.eks.outputs.cluster_name
+
+  # Metrics Server Configuration
+  metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart
+  metrics_server_tag        = include.root.inputs.metrics_server_tag
+  namespace                 = include.root.inputs.namespaces["metrics-server"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl
new file mode 100644
index 0000000..4429d04
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl
@@ -0,0 +1,76 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-postgresql.git?ref=main"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-prometheus",
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain    = dependency.eks_dns.outputs.cluster_domain
+  cluster_name      = dependency.eks.outputs.cluster_name
+  rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class
+
+  # PostgreSQL Configuration
+  namespace             = include.root.inputs.namespaces["postgresql"]
+  os_shell_tag          = include.root.inputs.os_shell_tag
+  pgpool_tag            = include.root.inputs.pgpool_tag
+  postgres_exporter_tag = include.root.inputs.postgres_exporter_tag
+  postgresql_repmgr_tag = include.root.inputs.postgresql_repmgr_tag
+  postgresql_tag        = include.root.inputs.postgresql_tag
+  service_name          = "postgresql"
+  telemetry_namespace   = include.root.inputs.telemetry_namespace
+
+  # Database Consumer Configuration
+  postgresql_database = include.root.inputs.postgresql_database
+  postgresql_username = include.root.inputs.postgresql_username
+  postgresql_password = include.root.inputs.postgresql_password
+
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md
new file mode 100644
index 0000000..bbbffb2
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md
@@ -0,0 +1,198 @@
+## eks-prometheus
+This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool.
+This module consisits of 4 components. It creates prometheus namespace and  copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories.
+    1. prometheus-alert-manager
+    2. prometheus-node-exporter
+    3. prometheus-pushgateway
+    4. prometheus-server
+
+### Dependencies
+This module is dependent on EKS module (eks). The cluster should exist already for this module to work.
+
+### Inputs
+    cluster_name
+    profile
+    prometheus_chart_version
+    prometheus_server_tag
+    prometheus_config_reloader_tag
+    alertmanager_tag
+    kube_state_metrics_tag
+    node_exporter_tag
+    pushgateway_tag
+    rwo_storage_class
+
+### Outputs
+    alertmanager_internal_endpoint
+    alertmanager_headless_internal_endpoint
+    pushgateway_internal_endpoint
+    prometheus_server_internal_endpoint
+
+### Issues observed/fixed
+1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted"
+2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1"
+3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0"
+4. The alertmanager_tag value had to be updated from
+5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below:
+
+    ```
+    set {
+    name = "kube-state-metrics.image.registry"
+    value = module.images.images[local.ksm_key].dest_registry
+  }
+  set {
+    name = "kube-state-metrics.image.repository"
+    value = module.images.images[local.ksm_key].dest_repository
+      }
+    ```
+
+6. In some other cases the image ecr repository had to be split by the colon separatory (:)
+
+    ```
+    set {
+    name = "alertmanager.configmapReload.image.repository"
+    value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0]
+        }
+    ```
+
+### Chart Notes
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl port-forward $POD_NAME 9091
+        echo "Visit http://127.0.0.1:9091 to use your application"
+    ```
+
+    The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
+    prometheus-server.prometheus.svc.cluster.local
+
+
+    Get the Prometheus server URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9090
+    ```
+
+    The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster:
+    `prometheus-alertmanager.prometheus.svc.cluster.local`
+
+
+    Get the Alertmanager URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9093
+    ```
+
+    #################################################################################
+    ######   WARNING: Pod Security Policy has been disabled by default since    #####
+    ######            it deprecated after k8s 1.25+. use                        #####
+    ######            (index .Values "prometheus-node-exporter" "rbac"          #####
+    ######            "pspEnabled") with (index .Values                         #####
+    ######            "prometheus-node-exporter" "rbac" "pspAnnotations")       #####
+    ######            in case you still need it.                                #####
+    #################################################################################
+
+
+    The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
+    `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local`
+
+
+    Get the PushGateway URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9091
+    ```
+
+    For more information on running Prometheus, visit:
+    https://prometheus.io/
+
+    kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
+    The exposed metrics can be found here:
+    https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
+
+    The metrics are exported on the HTTP endpoint /metrics on the listening port.
+    In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics`
+
+    They are served either as plaintext or protobuf depending on the Accept header.
+    They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9093 to use your application"
+        kubectl --namespace prometheus port-forward $POD_NAME 9093:80
+    ```
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9100 to use your application"
+        kubectl port-forward --namespace prometheus $POD_NAME 9100
+    ```
+
+<!--BEGIN-TF-DOCS-->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alertmanager_tag"></a> [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes |
+| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no |
+| <a name="input_kube_state_metrics_tag"></a> [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no |
+| <a name="input_node_exporter_tag"></a> [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no |
+| <a name="input_profile"></a> [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no |
+| <a name="input_prometheus_chart_version"></a> [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no |
+| <a name="input_prometheus_config_reloader_tag"></a> [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no |
+| <a name="input_prometheus_server_tag"></a> [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no |
+| <a name="input_pushgateway_tag"></a> [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no |
+| <a name="input_rwo_storage_class"></a> [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_alertmanager_headless_internal_endpoint"></a> [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a |
+| <a name="output_alertmanager_internal_endpoint"></a> [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a |
+| <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
+| <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
+| <a name="output_prometheus_namespace"></a> [prometheus\_namespace](#output\_prometheus\_namespace) | n/a |
+| <a name="output_prometheus_server_internal_endpoint"></a> [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a |
+| <a name="output_pushgateway_internal_endpoint"></a> [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a |
+<!--END-TF-DOCS-->
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl
new file mode 100644
index 0000000..76650e5
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl
@@ -0,0 +1,61 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=mcmCluster"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-metrics-server",
+    "../eks-dns"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks-config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-encyrpted"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Prometheus Configuration
+  prometheus_chart_version       = include.root.inputs.prometheus_chart_version
+  prometheus_server_tag          = include.root.inputs.prometheus_server_tag
+  prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag
+  alertmanager_tag               = include.root.inputs.alertmanager_tag
+  kube_state_metrics_tag         = include.root.inputs.kube_state_metrics_tag
+  namespace                      = include.root.inputs.namespaces["prometheus"]
+  node_exporter_tag              = include.root.inputs.node_exporter_tag
+  pushgateway_tag                = include.root.inputs.pushgateway_tag
+  rwo_storage_class              = dependency.eks-config.outputs.rwo_storage_class
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl
new file mode 100644
index 0000000..e1b17d6
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl
@@ -0,0 +1,66 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=keycloak"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks-prometheus" {
+  config_path                             = "../eks-prometheus"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    prometheus_svc       = "prometheus-server"
+    prometheus_namespace = "prometheus"
+    prometheus_port      = 80
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus-server.prometheus.svc.cluster.local"
+      port_number = 9090
+      url         = "http://prometheus-server.prometheus.svc.cluster.local:9090/"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-dns",
+    "../eks-prometheus"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Prometheus Configuration
+  prometheus_svc       = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.hostname
+  prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace
+  prometheus_port      = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number
+
+  # Tempo Configuration
+  tempo_chart_version = include.root.inputs.tempo_chart_version
+  tempo_tag           = include.root.inputs.tempo_tag
+  namespace           = include.root.inputs.namespaces["tempo"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl
new file mode 100644
index 0000000..9eca1de
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl
@@ -0,0 +1,28 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name    = include.root.inputs.cluster_name
+  cluster_version = include.root.inputs.cluster_version
+
+  # Additional Configuration
+  tags = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl
new file mode 100644
index 0000000..8d2831c
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl
@@ -0,0 +1,20 @@
+# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
+
+# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  cluster_endpoint_public_access           = true
+  cluster_name                             = "platform-eng-eks-mcm"
+  creator                                  = "matthew.c.morgan@census.gov"
+  eks_instance_disk_size                   = 100
+  eks_ng_desired_size                      = 2
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 0
+  enable_cluster_creator_admin_permissions = true
+  terraform                                = true
+  terragrunt                               = true
+  tags = {
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl
new file mode 100644
index 0000000..35e355a
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl
@@ -0,0 +1,40 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name      = "a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+  }
+}
+
+dependency "eks_config" {
+  config_path  = "../eks-config"
+  skip_outputs = true
+}
+
+inputs = {
+  cluster_name                     = dependency.eks.outputs.cluster_name
+  cluster_mailing_list             = dependency.eks.inputs.creator
+  oidc_provider_arn                = dependency.eks.outputs.oidc_provider_arn
+  profile                          = include.root.inputs.aws_profile
+  region                           = include.root.inputs.aws_region
+  cert_manager_helm_chart          = include.root.inputs.cert_manager_helm_chart
+  cert_manager_cainjector_tag      = include.root.inputs.cert_manager_cainjector_tag
+  cert_manager_controller_tag      = include.root.inputs.cert_manager_controller_tag
+  cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
+  cert_manager_webhook_tag         = include.root.inputs.cert_manager_webhook_tag
+  cluster_issuer_name              = include.root.inputs.cluster_issuer_name
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl
new file mode 100644
index 0000000..d4a60db
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl
@@ -0,0 +1,42 @@
+# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl
+
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_certificate_authority_data              = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }]
+    cluster_endpoint                                = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com"
+    cluster_name                                    = "a-cluster-name"
+    eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
+    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"]
+    token                                           = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }]
+    vpc_id                                          = "a-vpc-id"
+  }
+}
+
+inputs = {
+  profile                                         = include.root.inputs.aws_profile
+  region                                          = include.root.inputs.aws_region
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  subnets                                         = dependency.eks.outputs.subnets
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  kubectl_image_tag                               = include.root.inputs.kubectl_image_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl
new file mode 100644
index 0000000..6e28781
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl
@@ -0,0 +1,42 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"]
+  }
+}
+
+dependency "istio" {
+  config_path = "../eks-istio"
+  mock_outputs = {
+    istio_ingress_lb = {
+      dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com"
+      zone_id  = "ZABC123456DEF"
+    }
+  }
+}
+
+inputs = {
+  cluster_name      = dependency.eks.inputs.cluster_name
+  istio_ingress_lb  = dependency.istio.outputs.istio_ingress_lb
+  profile           = include.root.inputs.aws_profile
+  region            = include.root.inputs.aws_region
+  subnets           = dependency.eks.outputs.subnets
+  tags              = dependency.eks.inputs.tags
+  vpc_domain_name   = dependency.eks.inputs.vpc_domain_name
+  vpc_name          = dependency.eks.inputs.vpc_name
+  route53_endpoints = include.root.inputs.route53_endpoints
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl
new file mode 100644
index 0000000..65ab33f
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl
@@ -0,0 +1,40 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+dependency "eks-loki" {
+  config_path = "../eks-loki"
+  mock_outputs = {
+    rwo_storage_class = "gp3-encrypted"
+  }
+}
+
+inputs = {
+  profile                       = include.root.inputs.aws_profile
+  region                        = include.root.inputs.aws_region
+  cluster_name                  = dependency.eks.outputs.cluster_name
+  cluster_domain                = dependency.eks.inputs.vpc_domain_name
+  public_hostname               = include.root.inputs.grafana_hostname
+  rwo_storage_class             = dependency.eks-loki.outputs.rwo_storage_class
+  grafana_chart_version         = include.root.inputs.grafana_chart_version
+  grafana_tag                   = include.root.inputs.grafana_tag
+  download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag
+  init_chown_data_image_tag     = include.root.inputs.init_chown_data_image_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl
new file mode 100644
index 0000000..c7c22c8
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl
@@ -0,0 +1,32 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+dependency "eks-karpenter" {
+  config_path  = "../eks-karpenter"
+  skip_outputs = true
+}
+
+inputs = {
+  profile             = include.root.inputs.aws_profile
+  region              = include.root.inputs.aws_region
+  cluster_name        = dependency.eks.outputs.cluster_name
+  istio_chart_version = include.root.inputs.istio_version
+  istio_version       = include.root.inputs.istio_version
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl
new file mode 100644
index 0000000..cd1961b
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl
@@ -0,0 +1,36 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name    = "a-cluster-name"
+    vpc_domain_name = "example.com"
+  }
+}
+
+dependency "eks-loki" {
+  config_path  = "../eks-loki"
+  skip_outputs = true
+}
+
+inputs = {
+  profile               = include.root.inputs.aws_profile
+  region                = include.root.inputs.aws_region
+  cluster_name          = dependency.eks.outputs.cluster_name
+  cluster_domain        = dependency.eks.inputs.vpc_domain_name
+  public_hostname       = include.root.inputs.dashboard_hostname
+  k8s_dashboard_version = include.root.inputs.k8s_dashboard_version
+  # datasources        = dependency.eks-loki.outputs.gateway_internal_endpoint
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl
new file mode 100644
index 0000000..6b1a862
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl
@@ -0,0 +1,43 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_endpoint  = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com"
+    cluster_name      = "a-cluster-name"
+    node_group_name   = "node_group_a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    vpc_id            = "a-vpc-name"
+  }
+}
+
+dependency "eks-config" {
+  config_path  = "../eks-config"
+  skip_outputs = true
+}
+
+inputs = {
+  profile                   = include.root.inputs.aws_profile
+  region                    = include.root.inputs.aws_region
+  cluster_endpoint          = dependency.eks.outputs.cluster_endpoint
+  cluster_name              = dependency.eks.outputs.cluster_name
+  karpenter_node_group_name = dependency.eks.outputs.node_group_name
+  oidc_provider_arn         = dependency.eks.outputs.oidc_provider_arn
+  vpc_id                    = dependency.eks.outputs.vpc_id
+  karpenter_helm_chart      = include.root.inputs.karpenter_helm_chart
+  karpenter_tag             = include.root.inputs.karpenter_tag
+  kubectl_tag               = include.root.inputs.kubectl_image_tag
+
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable b/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable
new file mode 100644
index 0000000..1e04fe0
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable
@@ -0,0 +1,81 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}"
+  # source = "../../../../../../../tfmod-kiali"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+dependency "eks-cert-manager" {
+  config_path = "../eks-cert-manager"
+  mock_outputs = {
+    cluster_issuer_name = "acmpca-clusterissuer"
+  }
+}
+dependency "eks-prometheus" {
+  config_path = "../eks-prometheus"
+  mock_outputs = {
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus-server.prometheus.svc.cluster.local"
+      port_number = 9090
+      url         = "http://prometheus-server.prometheus.svc.cluster.local:9090/"
+    }
+  }
+}
+dependency "eks-grafana" {
+  config_path = "../eks-grafana"
+  mock_outputs = {
+    internal_endpoint = {
+      hostname    = "grafana.grafana.svc.cluster.local"
+      port_number = "80"
+      url         = "https://grafana.grafana.svc.cluster.local:80/"
+    }
+    namespace         = "grafana"
+    public_endpoint   = {
+      hostname    = "grafana.dev.lab.csp2.census.gov"
+      port_number = "80"
+      url         = "https://grafana.dev.lab.csp2.census.gov:80/"
+    }
+    secret_name       = "grafana"
+  }
+}
+
+inputs = {
+  kiali_operator_version = include.root.inputs.kiali_operator_version
+  kiali_application_version = include.root.inputs.kiali_application_version
+
+  profile                 = include.root.inputs.aws_profile
+  cluster_domain          = dependency.eks.inputs.vpc_domain_name
+  operators_namespace     = "operators"
+  cluster_name            = dependency.eks.outputs.cluster_name
+  certificate_issuer      = dependency.eks-cert-manager.outputs.cluster_issuer_name
+  prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url
+  grafana_internal_url    = dependency.eks-grafana.outputs.internal_endpoint.url
+  grafana_namespace       = dependency.eks-grafana.outputs.namespace
+  grafana_public_url      = dependency.eks-grafana.outputs.public_endpoint.url
+  grafana_secret_name     = "grafana"
+  # grafana_secret_name     = dependency.eks-grafana.outputs.secret_name
+  jaeger_internal_url     = ""
+
+
+  # client_id                  = var.sso_client_id
+  # client_secret              = var.sso_client_secret
+  # keycloak_public_url        = var.keycloak_public_url
+  # gogatekeeper_chart_version = var.gogatekeeper_chart_version
+  # gogatekeeper_registry      = var.gogatekeeper_registry
+  # gogatekeeper_repository    = var.gogatekeeper_repository
+  # gogatekeeper_tag           = var.gogatekeeper_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl
new file mode 100644
index 0000000..2c6b6be
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl
@@ -0,0 +1,44 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name      = "a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+  }
+}
+dependency "eks-istio" {
+  config_path  = "../eks-istio"
+  skip_outputs = true
+}
+dependency "eks-prometheus" {
+  config_path  = "../eks-prometheus"
+  skip_outputs = true
+}
+
+inputs = {
+  profile                         = include.root.inputs.aws_profile
+  region                          = include.root.inputs.aws_region
+  cluster_name                    = dependency.eks.outputs.cluster_name
+  oidc_provider_arn               = dependency.eks.outputs.oidc_provider_arn
+  loki_chart_version              = include.root.inputs.loki_chart_version
+  loki_tag                        = include.root.inputs.loki_tag
+  canary_tag                      = include.root.inputs.canary_tag
+  enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag
+  gateway_tag                     = include.root.inputs.gateway_tag
+  memcached_tag                   = include.root.inputs.memcached_tag
+  exporter_tag                    = include.root.inputs.exporter_tag
+  sidecar_tag                     = include.root.inputs.sidecar_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl
new file mode 100644
index 0000000..387653b
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl
@@ -0,0 +1,33 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+dependency "eks_config" {
+  config_path  = "../eks-config"
+  skip_outputs = true
+}
+
+inputs = {
+  profile                   = include.root.inputs.aws_profile
+  cluster_name              = dependency.eks.outputs.cluster_name
+  region                    = include.root.inputs.aws_region
+  metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart
+  metrics_server_tag        = include.root.inputs.metrics_server_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md b/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md
new file mode 100644
index 0000000..bbbffb2
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md
@@ -0,0 +1,198 @@
+## eks-prometheus
+This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool.
+This module consisits of 4 components. It creates prometheus namespace and  copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories.
+    1. prometheus-alert-manager
+    2. prometheus-node-exporter
+    3. prometheus-pushgateway
+    4. prometheus-server
+
+### Dependencies
+This module is dependent on EKS module (eks). The cluster should exist already for this module to work.
+
+### Inputs
+    cluster_name
+    profile
+    prometheus_chart_version
+    prometheus_server_tag
+    prometheus_config_reloader_tag
+    alertmanager_tag
+    kube_state_metrics_tag
+    node_exporter_tag
+    pushgateway_tag
+    rwo_storage_class
+
+### Outputs
+    alertmanager_internal_endpoint
+    alertmanager_headless_internal_endpoint
+    pushgateway_internal_endpoint
+    prometheus_server_internal_endpoint
+
+### Issues observed/fixed
+1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted"
+2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1"
+3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0"
+4. The alertmanager_tag value had to be updated from
+5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below:
+
+    ```
+    set {
+    name = "kube-state-metrics.image.registry"
+    value = module.images.images[local.ksm_key].dest_registry
+  }
+  set {
+    name = "kube-state-metrics.image.repository"
+    value = module.images.images[local.ksm_key].dest_repository
+      }
+    ```
+
+6. In some other cases the image ecr repository had to be split by the colon separatory (:)
+
+    ```
+    set {
+    name = "alertmanager.configmapReload.image.repository"
+    value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0]
+        }
+    ```
+
+### Chart Notes
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl port-forward $POD_NAME 9091
+        echo "Visit http://127.0.0.1:9091 to use your application"
+    ```
+
+    The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
+    prometheus-server.prometheus.svc.cluster.local
+
+
+    Get the Prometheus server URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9090
+    ```
+
+    The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster:
+    `prometheus-alertmanager.prometheus.svc.cluster.local`
+
+
+    Get the Alertmanager URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9093
+    ```
+
+    #################################################################################
+    ######   WARNING: Pod Security Policy has been disabled by default since    #####
+    ######            it deprecated after k8s 1.25+. use                        #####
+    ######            (index .Values "prometheus-node-exporter" "rbac"          #####
+    ######            "pspEnabled") with (index .Values                         #####
+    ######            "prometheus-node-exporter" "rbac" "pspAnnotations")       #####
+    ######            in case you still need it.                                #####
+    #################################################################################
+
+
+    The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
+    `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local`
+
+
+    Get the PushGateway URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9091
+    ```
+
+    For more information on running Prometheus, visit:
+    https://prometheus.io/
+
+    kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
+    The exposed metrics can be found here:
+    https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
+
+    The metrics are exported on the HTTP endpoint /metrics on the listening port.
+    In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics`
+
+    They are served either as plaintext or protobuf depending on the Accept header.
+    They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9093 to use your application"
+        kubectl --namespace prometheus port-forward $POD_NAME 9093:80
+    ```
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9100 to use your application"
+        kubectl port-forward --namespace prometheus $POD_NAME 9100
+    ```
+
+<!--BEGIN-TF-DOCS-->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alertmanager_tag"></a> [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes |
+| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no |
+| <a name="input_kube_state_metrics_tag"></a> [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no |
+| <a name="input_node_exporter_tag"></a> [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no |
+| <a name="input_profile"></a> [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no |
+| <a name="input_prometheus_chart_version"></a> [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no |
+| <a name="input_prometheus_config_reloader_tag"></a> [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no |
+| <a name="input_prometheus_server_tag"></a> [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no |
+| <a name="input_pushgateway_tag"></a> [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no |
+| <a name="input_rwo_storage_class"></a> [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_alertmanager_headless_internal_endpoint"></a> [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a |
+| <a name="output_alertmanager_internal_endpoint"></a> [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a |
+| <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
+| <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
+| <a name="output_prometheus_namespace"></a> [prometheus\_namespace](#output\_prometheus\_namespace) | n/a |
+| <a name="output_prometheus_server_internal_endpoint"></a> [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a |
+| <a name="output_pushgateway_internal_endpoint"></a> [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a |
+<!--END-TF-DOCS-->
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl
new file mode 100644
index 0000000..e6c54b1
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl
@@ -0,0 +1,38 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+dependency "eks-dns" {
+  config_path  = "../eks-dns"
+  skip_outputs = true
+}
+
+inputs = {
+  profile                        = include.root.inputs.aws_profile
+  region                         = include.root.inputs.aws_region
+  cluster_name                   = dependency.eks.outputs.cluster_name
+  prometheus_chart_version       = include.root.inputs.prometheus_chart_version
+  prometheus_server_tag          = include.root.inputs.prometheus_server_tag
+  prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag
+  alertmanager_tag               = include.root.inputs.alertmanager_tag
+  kube_state_metrics_tag         = include.root.inputs.kube_state_metrics_tag
+  node_exporter_tag              = include.root.inputs.node_exporter_tag
+  pushgateway_tag                = include.root.inputs.pushgateway_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl
new file mode 100644
index 0000000..e9ebd48
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl
@@ -0,0 +1,46 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name      = "a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+  }
+}
+
+dependency "eks-prometheus" {
+  config_path = "../eks-prometheus"
+  mock_outputs = {
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus-server.prometheus.svc.cluster.local"
+      port_number = 9090
+      url         = "http://prometheus-server.prometheus.svc.cluster.local:9090/"
+    }
+    prometheus_namespace = "prometheus"
+  }
+}
+
+inputs = {
+  account_id           = include.root.locals.account_id
+  profile              = include.root.locals.aws_profile
+  region               = include.root.locals.aws_region
+  cluster_name         = dependency.eks.outputs.cluster_name
+  oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
+  prometheus_port      = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number
+  prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace
+  tempo_chart_version  = include.root.inputs.tempo_chart_version
+  tempo_tag            = include.root.inputs.tempo_tag
+
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl
new file mode 100644
index 0000000..cc7c893
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl
@@ -0,0 +1,56 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+locals {
+  # Set cluster/platform specific variables, or extract from the hierarchy. 
+  account_id                               = include.root.inputs.aws_account_id
+  cluster_endpoint_public_access           = include.root.inputs.cluster_endpoint_public_access
+  cluster_name                             = include.root.inputs.cluster_name
+  cluster_version                          = include.root.inputs.cluster_version
+  creator                                  = include.root.inputs.creator
+  eks_instance_disk_size                   = include.root.inputs.eks_instance_disk_size
+  eks_ng_desired_size                      = include.root.inputs.eks_ng_desired_size
+  eks_ng_max_size                          = include.root.inputs.eks_ng_max_size
+  eks_ng_min_size                          = include.root.inputs.eks_ng_min_size
+  eks_vpc_name                             = include.root.inputs.vpc_name
+  enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions
+  environment_abbr                         = include.root.inputs.environment_abbr
+  organization                             = include.root.inputs.organization
+  profile                                  = include.root.inputs.aws_profile
+  project_name                             = include.root.inputs.project_name
+  project_number                           = include.root.inputs.project_number
+  project_role                             = include.root.inputs.project_role
+  region                                   = include.root.inputs.aws_region
+  tags                                     = include.root.inputs.tags
+  terraform                                = include.root.inputs.terraform
+  terragrunt                               = include.root.inputs.terragrunt
+  vpc_domain_name                          = include.root.inputs.vpc_domain_name
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+inputs = {
+  aws_account_id                           = local.account_id
+  cluster_endpoint_public_access           = local.cluster_endpoint_public_access
+  cluster_name                             = local.cluster_name
+  cluster_version                          = local.cluster_version
+  creator                                  = local.creator
+  eks_instance_disk_size                   = local.eks_instance_disk_size
+  eks_ng_desired_size                      = local.eks_ng_desired_size
+  eks_ng_max_size                          = local.eks_ng_max_size
+  eks_ng_min_size                          = local.eks_ng_min_size
+  eks_vpc_name                             = local.eks_vpc_name
+  enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions
+  os_username                              = local.creator
+  shared_vpc_label                         = local.environment_abbr
+  tags                                     = local.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl b/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl
new file mode 100644
index 0000000..8d2831c
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl
@@ -0,0 +1,20 @@
+# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
+
+# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  cluster_endpoint_public_access           = true
+  cluster_name                             = "platform-eng-eks-mcm"
+  creator                                  = "matthew.c.morgan@census.gov"
+  eks_instance_disk_size                   = 100
+  eks_ng_desired_size                      = 2
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 0
+  enable_cluster_creator_admin_permissions = true
+  terraform                                = true
+  terragrunt                               = true
+  tags = {
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl b/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl
new file mode 100644
index 0000000..740c1ad
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl
@@ -0,0 +1,21 @@
+# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
+
+# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  cluster_endpoint_public_access           = true
+  cluster_name                             = "platform-test-z"
+  created_reason                           = "Terragrunt Development for CICD Delivered EKS Platform"
+  creator                                  = "luther.coleman.mcginty@census.gov"
+  eks_instance_disk_size                   = 100
+  eks_ng_desired_size                      = 3
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 1
+  enable_cluster_creator_admin_permissions = true
+  terraform                                = true
+  terragrunt                               = true
+  tags = {
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable b/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable
new file mode 100644
index 0000000..97aa66f
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable
@@ -0,0 +1,27 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-alloy.git?ref=main"
+  source = "../../../../../../../tfmod-alloy"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+inputs = {
+  profile      = include.root.inputs.aws_profile
+  cluster_name = dependency.eks.outputs.cluster_name
+  region       = include.root.inputs.aws_region
+  cluster_domain    = dependency.eks.inputs.vpc_domain_name
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl
new file mode 100644
index 0000000..2522e07
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl
@@ -0,0 +1,57 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-cert-mgr"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-karpenter"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_version   = include.root.inputs.cluster_version
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name         = dependency.eks.outputs.cluster_name
+  cluster_mailing_list = include.root.inputs.cluster_mailing_list
+  oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
+
+  # Cert Manager Configuration
+  cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart
+  cluster_issuer_name     = include.root.inputs.cluster_issuer_name
+
+  # Version Tags
+  cert_manager_cainjector_tag      = include.root.inputs.cert_manager_cainjector_tag
+  cert_manager_controller_tag      = include.root.inputs.cert_manager_controller_tag
+  cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
+  cert_manager_webhook_tag         = include.root.inputs.cert_manager_webhook_tag
+  namespace                        = include.root.inputs.namespaces["cert-manager"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl
new file mode 100644
index 0000000..eefbf27
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl
@@ -0,0 +1,54 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    # "../eks-karpenter"
+  ]
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-eks-configuration"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name                                    = "mock-cluster"
+    cluster_endpoint                                = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_certificate_authority_data              = [{ data = "mock-cert-data" }]
+    eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    security_group_all_worker_mgmt_id               = "sg-mock"
+    subnets                                         = ["subnet-mock1", "subnet-mock2"]
+    vpc_id                                          = "vpc-mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  subnets                                         = dependency.eks.outputs.subnets
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  operators_ns                                    = include.root.inputs.operator_namespace
+  telemetry_ns                                    = include.root.inputs.telemetry_namespace
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl
new file mode 100644
index 0000000..83eb25f
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl
@@ -0,0 +1,61 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-eks-dns"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = include.root.inputs.cluster_name
+    subnets      = ["subnet-mock1", "subnet-mock2", "subnet-mock3"]
+  }
+}
+
+dependency "eks-istio" {
+  config_path                             = "../eks-istio"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    istio_ingress_lb = {
+      dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com"
+      zone_id  = "MOCKZONEID"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks-config",
+    "../eks-istio",
+    "../eks-karpenter"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name = include.root.inputs.cluster_name
+
+  # Network Configuration
+  istio_ingress_lb  = dependency.eks-istio.outputs.istio_ingress_lb
+  route53_endpoints = include.root.inputs.route53_endpoints
+  vpc_domain_name   = include.root.inputs.vpc_domain_name
+  vpc_name          = include.root.inputs.vpc_name
+
+  # Additional Configuration
+  tags = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl
new file mode 100644
index 0000000..dda8453
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl
@@ -0,0 +1,81 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-grafana"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-loki",
+    "../eks-prometheus",
+    "../eks-tempo"
+  ]
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+dependency "eks-loki" {
+  config_path = "../eks-loki"
+  mock_outputs = {
+    rwo_storage_class = "gp3-encrypted"
+    gateway_internal_endpoint = {
+      hostname = "loki-gateway.telemetry.svc.cluster.local"
+      portNumber = "80"
+      url = "http://loki-gateway.telemetry.svc.cluster.local:80/"
+    }
+  }
+}
+
+dependency "eks-prometheus" {
+  config_path = "../eks-prometheus"
+  mock_outputs = {
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus-server.prometheus.svc.cluster.local"
+      port_number = 9090
+      url         = "http://prometheus-server.prometheus.svc.cluster.local:9090/"
+    }
+  }
+}
+
+dependency "eks-tempo" {
+  config_path = "../eks-tempo"
+  mock_outputs = {
+    tempo_internal_endpoint = {
+      hostname = "tempo.telemetry.svc.cluster.local"
+      port_number = 4317
+      url = "http://tempo.telemetry.svc.cluster.local:4317/"
+    }
+  }
+}
+
+inputs = {
+  cluster_domain                = dependency.eks.inputs.vpc_domain_name
+  cluster_name                  = dependency.eks.outputs.cluster_name
+  download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag
+  grafana_chart_version         = include.root.inputs.grafana_chart_version
+  grafana_tag                   = include.root.inputs.grafana_tag
+  init_chown_data_image_tag     = include.root.inputs.init_chown_data_image_tag
+  profile                       = include.root.inputs.aws_profile
+  public_hostname               = include.root.inputs.grafana_hostname
+  region                        = include.root.inputs.aws_region
+  rwo_storage_class             = dependency.eks-loki.outputs.rwo_storage_class
+  loki_endpoint                 = dependency.eks-loki.outputs.gateway_internal_endpoint.url
+  prometheus_endpoint           = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url
+  tempo_endpoint                = dependency.eks-tempo.outputs.tempo_internal_endpoint.url
+  namespace                     = include.root.inputs.namespaces["grafana"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl
new file mode 100644
index 0000000..dff8a76
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl
@@ -0,0 +1,45 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-istio"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Istio Configuration
+  namespace     = include.root.inputs.namespaces["istio"]
+  istio_version = include.root.inputs.istio_version
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl
new file mode 100644
index 0000000..7bccdc3
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl
@@ -0,0 +1,46 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-k8s-dashboard"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain = include.root.inputs.vpc_domain_name
+  cluster_name   = dependency.eks.outputs.cluster_name
+
+  # Dashboard Configuration
+  k8s_dashboard_version = include.root.inputs.k8s_dashboard_version
+  namespace = include.root.inputs.namespaces["k8s-dashboard"]
+}
\ No newline at end of file
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl
new file mode 100644
index 0000000..a713f4d
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl
@@ -0,0 +1,49 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-karpenter"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+dependencies {
+  paths = ["../eks"]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    node_group_name   = "mock-node-group"
+    vpc_id            = "vpc-mock"
+    subnets           = ["subnet-mock1", "subnet-mock2"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_endpoint  = dependency.eks.outputs.cluster_endpoint
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Karpenter Configuration
+  karpenter_tag             = include.root.inputs.karpenter_tag
+  karpenter_helm_chart      = include.root.inputs.karpenter_helm_chart
+  karpenter_node_group_name = dependency.eks.outputs.node_group_name
+  namespace                 = include.root.inputs.namespaces["karpenter"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl
new file mode 100644
index 0000000..d0494ec
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl
@@ -0,0 +1,91 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster"
+  source = "../../../../../../../tfmod-kiali"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+dependency "eks-cert-manager" {
+  config_path = "../eks-cert-manager"
+  mock_outputs = {
+    cluster_issuer_name = "acmpca-clusterissuer"
+  }
+}
+dependency "eks-prometheus" {
+  config_path = "../eks-prometheus"
+  mock_outputs = {
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus-server.prometheus.svc.cluster.local"
+      port_number = 9090
+      url         = "http://prometheus-server.prometheus.svc.cluster.local:9090/"
+    }
+  }
+}
+dependency "eks-tempo" {
+  config_path = "../eks-tempo"
+  mock_outputs = {
+    tempo_internal_endpoint = {
+      hostname    = "tempo.tempo.svc.cluster.local"
+      port_number = 3100
+      url         = "http://tempo.tempo.svc.cluster.local:3100/"
+    }
+  }
+}
+dependency "eks-grafana" {
+  config_path = "../eks-grafana"
+  mock_outputs = {
+    internal_endpoint = {
+      hostname    = "grafana.grafana.svc.cluster.local"
+      port_number = "80"
+      url         = "https://grafana.grafana.svc.cluster.local:80/"
+    }
+    namespace = "grafana"
+    public_endpoint = "https://grafana.dev.lab.csp2.census.gov:80/"
+    secret_name = "grafana"
+    tempo_datasource_id = "tempo"
+  }
+}
+
+inputs = {
+  profile             = include.root.inputs.aws_profile
+  cluster_domain      = dependency.eks.inputs.vpc_domain_name
+  cluster_name        = dependency.eks.outputs.cluster_name
+  certificate_issuer  = dependency.eks-cert-manager.outputs.cluster_issuer_name
+
+  kiali_application_version = include.root.inputs.kiali_application_version
+
+  namespace               = include.root.inputs.namespaces["kiali"]
+  istio_namespace         = include.root.inputs.namespaces["istio"]
+
+  prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url
+  grafana_namespace       = dependency.eks-grafana.outputs.namespace
+  grafana_secret_name     = dependency.eks-grafana.outputs.secret_name
+  grafana_internal_url    = dependency.eks-grafana.outputs.internal_endpoint.url
+  grafana_public_url      = dependency.eks-grafana.outputs.public_endpoint
+  tempo_datasource_id     = dependency.eks-grafana.outputs.tempo_datasource_id
+  tempo_internal_url      = dependency.eks-tempo.outputs.tempo_internal_endpoint.url
+  
+
+
+  # client_id                  = var.sso_client_id
+  # client_secret              = var.sso_client_secret
+  # keycloak_public_url        = var.keycloak_public_url
+  # gogatekeeper_chart_version = var.gogatekeeper_chart_version
+  # gogatekeeper_registry      = var.gogatekeeper_registry
+  # gogatekeeper_repository    = var.gogatekeeper_repository
+  # gogatekeeper_tag           = var.gogatekeeper_tag
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl
new file mode 100644
index 0000000..4c4de2f
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl
@@ -0,0 +1,48 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-loki-x"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name      = "a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+  }
+}
+
+dependency "eks-istio" {
+  config_path  = "../eks-istio"
+  skip_outputs = true
+}
+
+# dependency "eks-prometheus" {
+#   config_path  = "../eks-prometheus"
+#   skip_outputs = true
+# }
+
+inputs = {
+  profile                         = include.root.inputs.aws_profile
+  region                          = include.root.inputs.aws_region
+  cluster_name                    = dependency.eks.outputs.cluster_name
+  oidc_provider_arn               = dependency.eks.outputs.oidc_provider_arn
+  loki_chart_version              = include.root.inputs.loki_chart_version
+  loki_tag                        = include.root.inputs.loki_tag
+  canary_tag                      = include.root.inputs.canary_tag
+  enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag
+  gateway_tag                     = include.root.inputs.gateway_tag
+  memcached_tag                   = include.root.inputs.memcached_tag
+  exporter_tag                    = include.root.inputs.exporter_tag
+  sidecar_tag                     = include.root.inputs.sidecar_tag
+  namespace                       = include.root.inputs.namespaces["loki"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl
new file mode 100644
index 0000000..06817cc
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl
@@ -0,0 +1,44 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config"
+  ]
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-metrics-server"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = "mock-cluster"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name = dependency.eks.outputs.cluster_name
+
+  # Metrics Server Configuration
+  metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart
+  metrics_server_tag        = include.root.inputs.metrics_server_tag
+  namespace                 = include.root.inputs.namespaces["metrics-server"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl
new file mode 100644
index 0000000..2b4ce33
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl
@@ -0,0 +1,61 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=main"
+  source = "../../../../../../../tfmod-open-telemetry"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-loki",
+    "../eks-prometheus",
+    "../eks-tempo"
+  ]
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+dependency "eks-loki" {
+  config_path = "../eks-loki"
+  mock_outputs = {
+    gateway_internal_endpoint = {
+      hostname   = "loki-gateway.telemetry.svc.cluster.local"
+      portNumber = "80"
+      url        = "http://loki-gateway.telemetry.svc.cluster.local:80/"
+    }
+  }
+}
+
+dependency "eks-tempo" {
+  config_path = "../eks-tempo"
+  mock_outputs = {
+    tempo_otlp_endpoint = {
+      hostname   = "tempo.telemetry.svc.cluster.local"
+      portNumber = 4317
+      url        = "http://tempo.telemetry.svc.cluster.local:4317/"
+    }
+  }
+}
+
+inputs = {
+  profile        = include.root.inputs.aws_profile
+  cluster_name   = dependency.eks.outputs.cluster_name
+  region         = include.root.inputs.aws_region
+  namespace      = include.root.inputs.namespaces["otel"]
+  loki_endpoint  = dependency.eks-loki.outputs.gateway_internal_endpoint.url
+  tempo_endpoint = dependency.eks-tempo.outputs.tempo_otlp_endpoint.url
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md b/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md
new file mode 100644
index 0000000..bbbffb2
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md
@@ -0,0 +1,198 @@
+## eks-prometheus
+This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool.
+This module consisits of 4 components. It creates prometheus namespace and  copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories.
+    1. prometheus-alert-manager
+    2. prometheus-node-exporter
+    3. prometheus-pushgateway
+    4. prometheus-server
+
+### Dependencies
+This module is dependent on EKS module (eks). The cluster should exist already for this module to work.
+
+### Inputs
+    cluster_name
+    profile
+    prometheus_chart_version
+    prometheus_server_tag
+    prometheus_config_reloader_tag
+    alertmanager_tag
+    kube_state_metrics_tag
+    node_exporter_tag
+    pushgateway_tag
+    rwo_storage_class
+
+### Outputs
+    alertmanager_internal_endpoint
+    alertmanager_headless_internal_endpoint
+    pushgateway_internal_endpoint
+    prometheus_server_internal_endpoint
+
+### Issues observed/fixed
+1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted"
+2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1"
+3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0"
+4. The alertmanager_tag value had to be updated from
+5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below:
+
+    ```
+    set {
+    name = "kube-state-metrics.image.registry"
+    value = module.images.images[local.ksm_key].dest_registry
+  }
+  set {
+    name = "kube-state-metrics.image.repository"
+    value = module.images.images[local.ksm_key].dest_repository
+      }
+    ```
+
+6. In some other cases the image ecr repository had to be split by the colon separatory (:)
+
+    ```
+    set {
+    name = "alertmanager.configmapReload.image.repository"
+    value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0]
+        }
+    ```
+
+### Chart Notes
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl port-forward $POD_NAME 9091
+        echo "Visit http://127.0.0.1:9091 to use your application"
+    ```
+
+    The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
+    prometheus-server.prometheus.svc.cluster.local
+
+
+    Get the Prometheus server URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9090
+    ```
+
+    The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster:
+    `prometheus-alertmanager.prometheus.svc.cluster.local`
+
+
+    Get the Alertmanager URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9093
+    ```
+
+    #################################################################################
+    ######   WARNING: Pod Security Policy has been disabled by default since    #####
+    ######            it deprecated after k8s 1.25+. use                        #####
+    ######            (index .Values "prometheus-node-exporter" "rbac"          #####
+    ######            "pspEnabled") with (index .Values                         #####
+    ######            "prometheus-node-exporter" "rbac" "pspAnnotations")       #####
+    ######            in case you still need it.                                #####
+    #################################################################################
+
+
+    The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
+    `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local`
+
+
+    Get the PushGateway URL by running these commands in the same shell:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
+        kubectl --namespace prometheus port-forward $POD_NAME 9091
+    ```
+
+    For more information on running Prometheus, visit:
+    https://prometheus.io/
+
+    kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
+    The exposed metrics can be found here:
+    https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
+
+    The metrics are exported on the HTTP endpoint /metrics on the listening port.
+    In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics`
+
+    They are served either as plaintext or protobuf depending on the Accept header.
+    They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9093 to use your application"
+        kubectl --namespace prometheus port-forward $POD_NAME 9093:80
+    ```
+
+    1. Get the application URL by running these commands:
+
+    ```bash
+        export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
+        echo "Visit http://127.0.0.1:9100 to use your application"
+        kubectl port-forward --namespace prometheus $POD_NAME 9100
+    ```
+
+<!--BEGIN-TF-DOCS-->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alertmanager_tag"></a> [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes |
+| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no |
+| <a name="input_kube_state_metrics_tag"></a> [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no |
+| <a name="input_node_exporter_tag"></a> [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no |
+| <a name="input_profile"></a> [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no |
+| <a name="input_prometheus_chart_version"></a> [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no |
+| <a name="input_prometheus_config_reloader_tag"></a> [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no |
+| <a name="input_prometheus_server_tag"></a> [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no |
+| <a name="input_pushgateway_tag"></a> [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no |
+| <a name="input_rwo_storage_class"></a> [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_alertmanager_headless_internal_endpoint"></a> [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a |
+| <a name="output_alertmanager_internal_endpoint"></a> [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a |
+| <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
+| <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
+| <a name="output_prometheus_namespace"></a> [prometheus\_namespace](#output\_prometheus\_namespace) | n/a |
+| <a name="output_prometheus_server_internal_endpoint"></a> [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a |
+| <a name="output_pushgateway_internal_endpoint"></a> [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a |
+<!--END-TF-DOCS-->
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl
new file mode 100644
index 0000000..030dd33
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl
@@ -0,0 +1,40 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-prometheus"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+dependency "eks-dns" {
+  config_path  = "../eks-dns"
+  skip_outputs = true
+}
+
+inputs = {
+  profile                        = include.root.inputs.aws_profile
+  region                         = include.root.inputs.aws_region
+  cluster_name                   = dependency.eks.outputs.cluster_name
+  prometheus_chart_version       = include.root.inputs.prometheus_chart_version
+  prometheus_server_tag          = include.root.inputs.prometheus_server_tag
+  prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag
+  alertmanager_tag               = include.root.inputs.alertmanager_tag
+  kube_state_metrics_tag         = include.root.inputs.kube_state_metrics_tag
+  node_exporter_tag              = include.root.inputs.node_exporter_tag
+  pushgateway_tag                = include.root.inputs.pushgateway_tag
+  namespace                      = include.root.inputs.namespaces["prometheus"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl
new file mode 100644
index 0000000..d14c8a1
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl
@@ -0,0 +1,47 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-tempo"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name      = "a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+  }
+}
+
+dependency "eks-prometheus" {
+  config_path = "../eks-prometheus"
+  mock_outputs = {
+    prometheus_server_internal_endpoint = {
+      hostname    = "prometheus-server.prometheus.svc.cluster.local"
+      port_number = 9090
+      url         = "http://prometheus-server.prometheus.svc.cluster.local:9090/"
+    }
+    prometheus_namespace = "prometheus"
+  }
+}
+
+inputs = {
+  account_id           = include.root.locals.account_id
+  profile              = include.root.locals.aws_profile
+  region               = include.root.locals.aws_region
+  cluster_name         = dependency.eks.outputs.cluster_name
+  oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
+  prometheus_port      = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number
+  prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace
+  tempo_chart_version  = include.root.inputs.tempo_chart_version
+  tempo_tag            = include.root.inputs.tempo_tag
+  namespace            = include.root.inputs.namespaces["tempo"]
+}
diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl
new file mode 100644
index 0000000..c77be43
--- /dev/null
+++ b/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl
@@ -0,0 +1,28 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}"
+  source = "../../../../../../../tfmod-eks"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name    = include.root.inputs.cluster_name
+  cluster_version = include.root.inputs.cluster_version
+
+  # Additional Configuration
+  tags = include.root.inputs.tags
+}
diff --git a/development/us-gov-east-1/vpc/vpc.hcl b/development/us-gov-east-1/vpc/vpc.hcl
new file mode 100644
index 0000000..8da18d0
--- /dev/null
+++ b/development/us-gov-east-1/vpc/vpc.hcl
@@ -0,0 +1,8 @@
+# lab/development/us-gov-east-1/vpc/vpc.hcl
+
+# Set VPC specific variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  vpc_name        = "vpc3-lab-dev"
+  vpc_domain_name = "dev.lab.csp2.census.gov"
+}
diff --git a/root.hcl b/root.hcl
new file mode 100644
index 0000000..10706ff
--- /dev/null
+++ b/root.hcl
@@ -0,0 +1,158 @@
+# lab/root.hcl
+
+# ---------------------------------------------------------------------------------------------------------------------
+# TERRAGRUNT CONFIGURATION
+# Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules,
+# remote state, and locking: https://github.com/gruntwork-io/terragrunt
+# ---------------------------------------------------------------------------------------------------------------------
+locals {
+  # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer)
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+
+  # Automatically load cluster-level variables
+  cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl"))
+
+  # Automatically load _envcommon, cross account and environment common variables
+  common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl"))
+
+  # Automatically load region-level variables
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+
+  # Automatically load versions
+  versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl"))
+
+  # Automatically load vpc-level variables
+  vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl"))
+
+  # Extract the variables we need for easy access
+  account_id          = local.account_vars.locals.aws_account_id
+  aws_profile         = local.account_vars.locals.aws_profile
+  aws_region          = local.region_vars.locals.aws_region
+  cluster_name        = local.cluster_vars.locals.cluster_name
+  environment_abbr    = local.account_vars.locals.environment_abbr
+  organization        = local.common_vars.locals.organization
+  project_name        = local.common_vars.locals.project_name
+  project_number      = local.common_vars.locals.project_number
+  project_role        = local.common_vars.locals.project_role
+  state_bucket_prefix = local.common_vars.locals.state_bucket_prefix
+  state_table_name    = local.common_vars.locals.state_table_name
+  # Check if current module is the EKS module
+  module_name   = basename(get_original_terragrunt_dir())
+  is_eks_module = local.module_name == "eks"
+}
+
+# Only generate providers for non-EKS modules
+generate "cluster_data" {
+  path      = "cluster-data.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = local.is_eks_module ? "" : <<-EOF
+    data "aws_eks_clusters" "available" {}
+
+    locals {
+      cluster_exists = contains(data.aws_eks_clusters.available.names, "${local.cluster_name}")
+    }
+
+    data "aws_eks_cluster" "this" {
+      count = local.cluster_exists ? 1 : 0
+      name  = "${local.cluster_name}"
+    }
+
+    data "aws_eks_cluster_auth" "this" {
+      count = local.cluster_exists ? 1 : 0
+      name  = "${local.cluster_name}"
+    }
+  EOF
+}
+
+# Generate provider blocks only for non-EKS modules
+generate "kube_provider" {
+  path      = "kube-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = local.is_eks_module ? "" : <<-EOF
+    provider "kubernetes" {
+      host                   = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy"
+      cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null
+      token                  = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy"
+    }
+  EOF
+}
+
+generate "helm_provider" {
+  path      = "helm-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = local.is_eks_module ? "" : <<-EOF
+    provider "helm" {
+      kubernetes {
+        host                   = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy"
+        cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null
+        token                  = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy"
+      }
+    }
+  EOF
+}
+
+
+# Configure Terragrunt to automatically store tfstate files in an S3 bucket
+remote_state {
+  backend = "s3"
+  generate = {
+    path      = "remote_state.backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket                             = "${local.state_bucket_prefix}-${local.account_id}"
+    dynamodb_table                     = "${local.state_table_name}"
+    key                                = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate"
+    profile                            = "${local.aws_profile}"
+    region                             = "${local.aws_region}"
+    disable_bucket_update              = true
+    skip_bucket_enforced_tls           = true # use only if you need to access the S3 bucket without TLS being enforced
+    skip_bucket_public_access_blocking = true
+    skip_bucket_root_access            = true  # use only if the AWS account root user should not have access to the remote state bucket for some reason
+    skip_bucket_ssencryption           = true  # use only if non-encrypted OpenTofu/Terraform State is required and/or the object store does not support server-side encryption
+    skip_bucket_versioning             = false # use only if the object store does not support versioning
+    enable_lock_table_ssencryption     = false # use only if non-encrypted DynamoDB Lock Table for the OpenTofu/Terraform State is required and/or the NoSQL database service does not support server-side encryption
+  }
+}
+
+# Generate an AWS provider block
+generate "aws-provider" {
+  path      = "aws-provider.tf"
+  if_exists = "overwrite"
+  contents  = <<-EOF
+  provider "aws" {
+    region = "${local.aws_region}"
+    profile = "${local.aws_profile}"
+    default_tags {
+      tags = {
+        cluster_name = "${local.cluster_name}"
+        "boc:module_name" = "${local.module_name}"
+        environment = "${local.environment_abbr}"
+        finops_project_name = "${local.project_name}"
+        finops_project_number = "${local.project_number}"
+        finops_project_role = "${local.project_role}"
+        organization = "${local.organization}"
+      }
+    }
+    # Only these AWS Account IDs may be operated on by this template
+    allowed_account_ids = ["${local.account_id}"]
+  }
+EOF
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# GLOBAL PARAMETERS
+# These variables apply to all configurations in this subfolder. These are automatically merged into the child
+# `terragrunt.hcl` config via the include block.
+# ---------------------------------------------------------------------------------------------------------------------
+
+# Configure root level variables that all resources can inherit. This is especially helpful with multi-account configs
+# where terraform_remote_state data sources are placed directly into the modules.
+inputs = merge(
+  local.account_vars.locals,
+  local.cluster_vars.locals,
+  local.common_vars.locals,
+  local.region_vars.locals,
+  local.versions.locals,
+  local.vpc_vars.locals
+)