chore(main): release 1.54.0

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## [1.54.0](https://github.com/nullplatform/tofu-modules/compare/v1.53.1...v1.54.0) (2026-04-22)
+
+
+### Features
+
+* add ebs and storage class for eks ([#298](https://github.com/nullplatform/tofu-modules/issues/298)) ([8c00ba3](https://github.com/nullplatform/tofu-modules/commit/8c00ba3b67a6ca1960a70c04c9108c5df2edd3f3))
+
+
+### Bug Fixes
+
+* **ci:** skip branch validation and commitlint for release-please branches ([#300](https://github.com/nullplatform/tofu-modules/issues/300)) ([ce771a5](https://github.com/nullplatform/tofu-modules/commit/ce771a53de110a837d8c9fb47a671e172145a0cf))
+* **ci:** skip deleted modules in readme generation ([#301](https://github.com/nullplatform/tofu-modules/issues/301)) ([5f74c38](https://github.com/nullplatform/tofu-modules/commit/5f74c382add33acc33b5e8d143d837f1ebd1e902))
+
 ## [1.53.1](https://github.com/nullplatform/tofu-modules/compare/v1.53.0...v1.53.1) (2026-04-21)
 
 

infrastructure/aws/acm/README.md

@@ -18,7 +18,7 @@ The module creates an aws_acm_certificate resource with DNS validation, which is
 
 ```hcl
 module "acm" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v1.54.0"
 
   domain_name = "your-domain-name"
   zone_id     = "your-zone-id"

infrastructure/aws/aws_load_balancer_controller/README.md

@@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the AWS Load Balancer Cont
 
 ```hcl
 module "aws_load_balancer_controller" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v1.54.0"
 
   cluster_name = "your-cluster-name"
   vpc_id       = "your-vpc-id"

infrastructure/aws/backend/README.md

@@ -20,7 +20,7 @@ This module creates an S3 bucket with versioning and server-side encryption enab
 
 ```hcl
 module "backend" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v1.54.0"
 }
 ```
 
@@ -44,8 +44,8 @@ resource "example_resource" "this" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 6.40.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.8.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 6.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Resources
 

infrastructure/aws/dns/README.md

@@ -18,7 +18,7 @@ This module creates two aws_route53_zone resources, one for a public zone and on
 
 ```hcl
 module "dns" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v1.54.0"
 
   domain_name = "your-domain-name"
   vpc_id      = "your-vpc-id"
@@ -45,7 +45,7 @@ resource "example_resource" "this" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 6.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 6.36.0 |
 
 ## Resources
 

infrastructure/aws/eks/README.md

@@ -2,27 +2,27 @@
 
 ## Description
 
-Creates an Amazon EKS cluster with support for both Auto Mode and Managed Node Groups, including IRSA, Pod Identity Agent, and configurable control plane logging
+Creates an AWS EKS cluster with configurable Auto Mode or Managed Node Groups, IRSA support, and integrated EBS CSI driver
 
 ## Architecture
 
-The module creates an EKS cluster using the terraform-aws-modules/eks/aws module, which provisions aws_eks_cluster, aws_iam_role resources for both the control plane and nodes, and aws_security_group resources for cluster networking. It installs core EKS addons (coredns, kube-proxy, vpc-cni, eks-pod-identity-agent) and configures an OIDC provider for IRSA. When Auto Mode is disabled, it creates aws_eks_node_group resources for managed node groups; when enabled, it configures EKS compute_config with specified node pools. Security group rules are conditionally added for NLB health checks on port 15021 and HTTPS traffic on port 443. CloudWatch log groups are optionally created for control plane logging with configurable retention periods.
+The module instantiates a terraform-aws-modules/eks/aws module to create an aws_eks_cluster resource with associated aws_iam_role and aws_security_group resources. It configures IRSA by enabling the OIDC provider, creates an aws_iam_role for the EBS CSI driver with pod identity agent support, and provisions either Auto Mode compute resources or aws_eks_node_group managed node groups based on the use_auto_mode flag. Security group rules are conditionally added to allow NLB health checks on port 15021 and HTTPS traffic on port 443 from the VPC CIDR and additional networks. Outputs expose the cluster endpoint, OIDC provider ARN, node IAM role details, and security group IDs for integration with other resources.
 
 ## Features
 
-- Creates EKS cluster with configurable Kubernetes version and authentication modes (CONFIG_MAP, API, API_AND_CONFIG_MAP)
-- Provisions IRSA with OIDC provider and Pod Identity Agent addon for workload IAM authentication
-- Configures Auto Mode with general-purpose and system node pools or traditional Managed Node Groups with customizable instance types and scaling
-- Deploys core EKS addons including CoreDNS, kube-proxy, and VPC CNI with before_compute lifecycle configuration
-- Creates security group rules for NLB health checks on Istio status port 15021 and HTTPS traffic
-- Configures control plane logging to CloudWatch with selectable log types (api, audit, authenticator, controllerManager, scheduler) and retention policies
-- Supports cluster access entries for IAM principal authorization with policy associations and namespace scoping
+- Creates EKS cluster with configurable Kubernetes version and authentication modes (CONFIG_MAP, API, or API_AND_CONFIG_MAP)
+- Provisions either Auto Mode compute with configurable node pools (general-purpose, system) or traditional Managed Node Groups with customizable instance types and scaling parameters
+- Configures IRSA with OIDC provider and creates IAM role for EBS CSI driver with pod identity agent support
+- Deploys EKS add-ons including aws-ebs-csi-driver, coredns, eks-pod-identity-agent, kube-proxy, and vpc-cni
+- Creates security group rules for NLB health checks on Istio status port (15021) and HTTPS ingress (443) from VPC and additional network CIDRs
+- Manages CloudWatch log groups for control plane logging with configurable retention and log types (api, audit, authenticator, controllerManager, scheduler)
+- Supports cluster access entries for IAM principal to Kubernetes RBAC mapping with policy associations
 
 ## Basic Usage
 
 ```hcl
 module "eks" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v1.54.0"
 
   aws_subnets_private_ids = "your-aws-subnets-private-ids"
   aws_vpc_vpc_id          = "your-aws-vpc-vpc-id"
@@ -45,12 +45,14 @@ resource "example_resource" "this" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 6.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16, < 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 6.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 6.41.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.38.0 |
 
 ## Modules
 
@@ -62,6 +64,10 @@ resource "example_resource" "this" {
 
 | Name | Type |
 |------|------|
+| [aws_iam_role.ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [kubernetes_annotations.gp2_not_default](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations) | resource |
+| [kubernetes_storage_class_v1.gp3](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class_v1) | resource |
 
 ## Inputs
 
@@ -107,16 +113,16 @@ resource "example_resource" "this" {
 <!-- BEGIN_AI_METADATA
 {
   "name": "eks",
-  "description": "Creates an Amazon EKS cluster with support for both Auto Mode and Managed Node Groups, including IRSA, Pod Identity Agent, and configurable control plane logging",
-  "architecture": "The module creates an EKS cluster using the terraform-aws-modules/eks/aws module, which provisions aws_eks_cluster, aws_iam_role resources for both the control plane and nodes, and aws_security_group resources for cluster networking. It installs core EKS addons (coredns, kube-proxy, vpc-cni, eks-pod-identity-agent) and configures an OIDC provider for IRSA. When Auto Mode is disabled, it creates aws_eks_node_group resources for managed node groups; when enabled, it configures EKS compute_config with specified node pools. Security group rules are conditionally added for NLB health checks on port 15021 and HTTPS traffic on port 443. CloudWatch log groups are optionally created for control plane logging with configurable retention periods.",
+  "description": "Creates an AWS EKS cluster with configurable Auto Mode or Managed Node Groups, IRSA support, and integrated EBS CSI driver",
+  "architecture": "The module instantiates a terraform-aws-modules/eks/aws module to create an aws_eks_cluster resource with associated aws_iam_role and aws_security_group resources. It configures IRSA by enabling the OIDC provider, creates an aws_iam_role for the EBS CSI driver with pod identity agent support, and provisions either Auto Mode compute resources or aws_eks_node_group managed node groups based on the use_auto_mode flag. Security group rules are conditionally added to allow NLB health checks on port 15021 and HTTPS traffic on port 443 from the VPC CIDR and additional networks. Outputs expose the cluster endpoint, OIDC provider ARN, node IAM role details, and security group IDs for integration with other resources.",
   "features": [
-    "Creates EKS cluster with configurable Kubernetes version and authentication modes (CONFIG_MAP, API, API_AND_CONFIG_MAP)",
-    "Provisions IRSA with OIDC provider and Pod Identity Agent addon for workload IAM authentication",
-    "Configures Auto Mode with general-purpose and system node pools or traditional Managed Node Groups with customizable instance types and scaling",
-    "Deploys core EKS addons including CoreDNS, kube-proxy, and VPC CNI with before_compute lifecycle configuration",
-    "Creates security group rules for NLB health checks on Istio status port 15021 and HTTPS traffic",
-    "Configures control plane logging to CloudWatch with selectable log types (api, audit, authenticator, controllerManager, scheduler) and retention policies",
-    "Supports cluster access entries for IAM principal authorization with policy associations and namespace scoping"
+    "Creates EKS cluster with configurable Kubernetes version and authentication modes (CONFIG_MAP, API, or API_AND_CONFIG_MAP)",
+    "Provisions either Auto Mode compute with configurable node pools (general-purpose, system) or traditional Managed Node Groups with customizable instance types and scaling parameters",
+    "Configures IRSA with OIDC provider and creates IAM role for EBS CSI driver with pod identity agent support",
+    "Deploys EKS add-ons including aws-ebs-csi-driver, coredns, eks-pod-identity-agent, kube-proxy, and vpc-cni",
+    "Creates security group rules for NLB health checks on Istio status port (15021) and HTTPS ingress (443) from VPC and additional network CIDRs",
+    "Manages CloudWatch log groups for control plane logging with configurable retention and log types (api, audit, authenticator, controllerManager, scheduler)",
+    "Supports cluster access entries for IAM principal to Kubernetes RBAC mapping with policy associations"
   ],
   "inputs": [
     {
@@ -240,6 +246,6 @@ resource "example_resource" "this" {
     "eks_cluster_security_group_id",
     "eks_cluster_primary_security_group_id"
   ],
-  "hash": "fa16f9da6d771577dd97087a4e186819"
+  "hash": "6378d3bdacb32294176705bfc2a50efa"
 }
 END_AI_METADATA -->

infrastructure/aws/iam/agent/README.md

@@ -19,7 +19,7 @@ This module creates an IAM role for a Kubernetes service account using the terra
 
 ```hcl
 module "agent" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v1.54.0"
 
   agent_namespace                     = "your-agent-namespace"
   aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"

infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md

@@ -19,7 +19,7 @@ This module creates an IAM role for the AWS Load Balancer Controller using the t
 
 ```hcl
 module "aws_load_balancer_controller_iam" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v1.54.0"
 
   aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
   cluster_name                        = "your-cluster-name"

infrastructure/aws/iam/cert_manager/README.md

@@ -18,7 +18,7 @@ This module creates an IAM role for a Kubernetes service account using the terra
 
 ```hcl
 module "cert_manager" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v1.54.0"
 
   aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
   cluster_name                        = "your-cluster-name"

infrastructure/aws/iam/external_dns/README.md

@@ -18,7 +18,7 @@ This module creates an IAM role with OIDC provider trust for a Kubernetes servic
 
 ```hcl
 module "external_dns" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v1.54.0"
 
   aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
   cluster_name                        = "your-cluster-name"

infrastructure/aws/iam/s3/README.md

@@ -19,7 +19,7 @@ The module creates an aws_s3_bucket_policy resource attached to an existing S3 b
 
 ```hcl
 module "s3" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v1.54.0"
 
   bucket_arn = "your-bucket-arn"
   bucket_id  = "your-bucket-id"

infrastructure/aws/ingress/README.md

@@ -18,7 +18,7 @@ This module creates two Kubernetes ingress resources, `kubernetes_ingress_v1`, o
 
 ```hcl
 module "ingress" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v1.54.0"
 
   certificate_arn = "your-certificate-arn"
 }

infrastructure/aws/security/README.md

@@ -22,7 +22,7 @@ The module queries aws_eks_cluster and aws_vpc data sources to derive VPC ID and
 
 ```hcl
 module "security" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v1.54.0"
 
   cluster_name = "your-cluster-name"
 }

infrastructure/aws/vpc/README.md

@@ -22,7 +22,7 @@ This module creates a terraform-aws-modules/vpc/aws module resource with DNS hos
 
 ```hcl
 module "vpc" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v1.54.0"
 
   account      = "your-account"
   organization = "your-organization"

infrastructure/azure/acr/README.md

@@ -18,7 +18,7 @@ The module uses the azurerm_container_registry resource to create the container
 
 ```hcl
 module "acr" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v1.54.0"
 
   containerregistry_name = "your-containerregistry-name"
   location               = "your-location"
@@ -48,7 +48,7 @@ resource "example_resource" "this" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 4.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.68.0 |
 
 ## Modules
 
@@ -70,7 +70,6 @@ resource "example_resource" "this" {
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where the container registry will be created | `string` | n/a | yes |
 | <a name="input_retention_policy_in_days"></a> [retention\_policy\_in\_days](#input\_retention\_policy\_in\_days) | The number of days to retain untagged manifests (requires Premium SKU) | `number` | `null` | no |
 | <a name="input_sku"></a> [sku](#input\_sku) | The SKU of the container registry (Basic, Standard, Premium) | `string` | `"Basic"` | no |
-| <a name="input_subscription_id"></a> [subscription\_id](#input\_subscription\_id) | The ID of the Azure subscription | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the container registry | `map(string)` | `{}` | no |
 | <a name="input_zone_redundancy_enabled"></a> [zone\_redundancy\_enabled](#input\_zone\_redundancy\_enabled) | Whether to enable zone redundancy for the container registry (requires Premium SKU) | `bool` | `false` | no |
 

infrastructure/azure/aks/README.md

@@ -20,7 +20,7 @@ The module creates an AKS cluster using the Azure/aks/azurerm Terraform module,
 
 ```hcl
 module "aks" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v1.54.0"
 
   cluster_name        = "your-cluster-name"
   location            = "your-location"
@@ -51,7 +51,7 @@ resource "example_resource" "this" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 4.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.41.0 |
 
 ## Modules
 

infrastructure/azure/dns/README.md

@@ -18,7 +18,7 @@ This module creates an azurerm_dns_zone resource and configures it with the prov
 
 ```hcl
 module "dns" {
-  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v1.53.0"
+  source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v1.54.0"
 
   domain_name         = "your-domain-name"
   resource_group_name = "your-resource-group-name"
@@ -47,7 +47,7 @@ resource "example_resource" "this" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 4.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.68.0 |
 
 ## Resources
 
@@ -61,7 +61,6 @@ resource "example_resource" "this" {
 |------|-------------|------|---------|:--------:|
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name to use for the DNS zone (e.g., example.com) | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where the DNS zone will be created | `string` | n/a | yes |
-| <a name="input_subscription_id"></a> [subscription\_id](#input\_subscription\_id) | The ID of the Azure subscription | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the DNS zone | `map(string)` | `{}` | no |
 
 ## Outputs