diff --git a/examples/full-cluster-tf-upgrade/1.25/common-services/cloudwatch-agent.tf b/examples/full-cluster-tf-upgrade/1.25/common-services/cloudwatch-agent.tf
deleted file mode 100644
index 08a1a00..0000000
--- a/examples/full-cluster-tf-upgrade/1.25/common-services/cloudwatch-agent.tf
+++ /dev/null
@@ -1,122 +0,0 @@
-# https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-prerequisites.html
-# https://registry.terraform.io/modules/bailey84j/cloudwatch-agent/kubernetes/latest
-#   cannot let this create the role, as it tries to attache a policy that does not exist
-#   we need this policy: arn:aws-us-gov:iam::aws:policy/CloudWatchAgentServerPolicy
-
-# need to hack the module for now
-# main.tf
-##        container {
-##          name  = "${var.name}-agent"
-## #          image = "amazon/${var.image_name}:${var.image_version}"
-##           image = "${var.image_name}:${var.image_version}"
-#
-# also want to do the same for the role, to allow a different managed role(s) besides
-# the appsync one to be used
-
-module "cloudwatch-agent" {
-  source  = "bailey84j/cloudwatch-agent/kubernetes"
-  version = "1.0.1"
-
-  eks_cluster_name = var.cluster_name
-  create_namespace = false
-  image_name       = split(":", local.image_output["cloudwatch-agent"].dest_full_path)[0]
-  image_version    = local.image_output["cloudwatch-agent"].tag
-  create_iam_role  = false
-  iam_role_arn     = module.role_cloudwatch-agent.iam_role_arn
-
-  tags = merge(
-    local.base_tags,
-    local.common_tags,
-    var.application_tags,
-  )
-}
-
-locals {
-  cloudwatch_agent_namespace = "kube-system"
-  cloudwatch_agent_name      = "cloudwatch"
-}
-
-data "aws_iam_policy" "policy_cloudwatch-agent" {
-  name = "CloudWatchAgentServerPolicy"
-}
-
-module "role_cloudwatch-agent" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-
-  role_description = "EKS IAM Role for ${var.cluster_name} for service account ${local.cloudwatch_agent_namespace}:${local.cloudwatch_agent_name}"
-  role_name        = format("%v%v-irsa__%v", local._prefixes["eks"], var.cluster_name, local.cloudwatch_agent_name)
-
-  role_policy_arns = {
-    policy = data.aws_iam_policy.policy_cloudwatch-agent.arn
-  }
-
-  oidc_providers = {
-    main = {
-      provider_arn               = local.oidc_provider_arn
-      namespace_service_accounts = [format("%v:%v", local.cloudwatch_agent_namespace, local.cloudwatch_agent_name)]
-    }
-  }
-
-  tags = merge(
-    local.base_tags,
-    local.common_tags,
-    var.application_tags,
-    {
-      "eks:namespace" = local.cloudwatch_agent_namespace
-      "eks:user"      = local.cloudwatch_agent_name
-    }
-  )
-}
-
-## module "role_cloudwatch-agent" {
-##   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git?ref=tf-upgrade"
-## 
-##   role_description       = "EKS IAM Role for ${var.cluster_name} for service account ${local.cloudwatch_agent_namespace}:${local.cloudwatch_agent_name}"
-##   role_name = format("%v%v-irsa__%v", local._prefixes["eks"], var.cluster_name, local.cloudwatch_agent_name)
-##   enable_ldap_creation   = false
-##   assume_policy_document = data.aws_iam_policy_document.assume_role_cloudwatch-agent.json
-##   attached_policies      = [aws_iam_policy.policy_cloudwatch-agent.arn]
-## 
-##   tags = merge(
-##     local.base_tags,
-##     local.common_tags,
-##     var.tags,
-##     var.application_tags,
-##     {
-##       "eks:namespace" = var.namespace
-##       "eks:user"      = var.name
-##     }
-##   )
-## }
-## 
-## data "aws_iam_policy_document" "assume_role_cloudwatch-agent" {
-##   statement {
-##     actions = ["sts:AssumeRoleWithWebIdentity"]
-##     effect  = "Allow"
-## 
-##     condition {
-##       test     = "StringEquals"
-##       variable = "${local.oidc_provider_url}:sub"
-##       values   = ["system:serviceaccount:${local.cloudwatch_agent_namespace}:${local.cloudwatch_agent_name}"]
-##     }
-## 
-##     principals {
-##       identifiers = [local.oidc_provider_arn]
-##       type        = "Federated"
-##     }
-##   }
-## }
-## 
-
-##   "cloudwatch-agent" = {
-##     name           = "cloudwatch-agent"
-##     image          = "docker.io/amazon/cloudwatch-agent"
-##     dest_path      = null
-##     source_registry = "docker.io"
-##     source_image    = "amazon/cloudwatch-agent"
-##     source_tag     = null
-## #    tag            = "latest"
-##     tag            = "1.300026.2b172"
-##     enabled        = true
-##   }
-## }
diff --git a/examples/full-cluster-tf-upgrade/1.25/common-services/variables.images.auto.tfvars b/examples/full-cluster-tf-upgrade/1.25/common-services/variables.images.auto.tfvars
index 6e2fc75..d6d61b3 100644
--- a/examples/full-cluster-tf-upgrade/1.25/common-services/variables.images.auto.tfvars
+++ b/examples/full-cluster-tf-upgrade/1.25/common-services/variables.images.auto.tfvars
@@ -140,15 +140,4 @@ image_details = {
     tag             = "0.22.2"
     enabled         = true
   }
-  "cloudwatch-agent" = {
-    name            = "cloudwatch-agent"
-    image           = "public.ecr.aws/cloudwatch-agent/cloudwatch-agent"
-    dest_path       = null
-    source_registry = "public.ecr.aws"
-    source_image    = "cloudwatch-agent/cloudwatch-agent"
-    source_tag      = null
-    #    tag            = "latest"
-    tag     = "1.300026.2b172"
-    enabled = true
-  }
 }