diff --git a/README.md b/README.md
index 27f9516..65273f4 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | ~> 1.14 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.0 |
@@ -50,10 +50,10 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.11.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.33.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.12.1 |
 | <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | 1.14.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.23.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.25.2 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | 3.1.0 |
 
 ## Modules
@@ -75,6 +75,7 @@ No modules.
 | [aws_cloudwatch_event_target.node_termination_handler_scheduled_change](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_event_target.node_termination_handler_spot_termination](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_event_target.node_termination_handler_state_change](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_cloudwatch_log_group.prometheus](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_eip.vpc_iep](https://registry.terraform.io/providers/aws/latest/docs/resources/eip) | resource |
 | [aws_eks_addon.cni](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_eks_addon.coredns](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_addon) | resource |
@@ -82,6 +83,7 @@ No modules.
 | [aws_eks_addon.kubeproxy](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_cluster) | resource |
 | [aws_eks_node_group.cluster](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_node_group) | resource |
+| [aws_grafana_workspace.grafana](https://registry.terraform.io/providers/aws/latest/docs/resources/grafana_workspace) | resource |
 | [aws_iam_instance_profile.nodes](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_instance_profile) | resource |
 | [aws_iam_openid_connect_provider.eks](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
 | [aws_iam_policy.aws_load_balancer_controller_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource |
@@ -90,19 +92,23 @@ No modules.
 | [aws_iam_policy.csi_driver](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.karpenter_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.keda_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.managed_prometheus_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy_attachment.aws_load_balancer_controller_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource |
 | [aws_iam_policy_attachment.aws_node_termination_handler_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource |
 | [aws_iam_policy_attachment.cluster_autoscaler](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource |
 | [aws_iam_policy_attachment.csi_driver](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource |
 | [aws_iam_policy_attachment.karpenter_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource |
 | [aws_iam_policy_attachment.keda](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource |
+| [aws_iam_policy_attachment.managed_prometheus_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource |
 | [aws_iam_role.alb_controller](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.aws_node_termination_handler_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.cluster_autoscaler_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.eks_cluster_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.eks_nodes_roles](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role.grafana](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.karpenter_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.keda_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role.managed_prometheus_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.cloudwatch](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.cni](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.ecr](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
@@ -120,6 +126,7 @@ No modules.
 | [aws_lb_target_group.http](https://registry.terraform.io/providers/aws/latest/docs/resources/lb_target_group) | resource |
 | [aws_lb_target_group.https](https://registry.terraform.io/providers/aws/latest/docs/resources/lb_target_group) | resource |
 | [aws_nat_gateway.nat](https://registry.terraform.io/providers/aws/latest/docs/resources/nat_gateway) | resource |
+| [aws_prometheus_workspace.main](https://registry.terraform.io/providers/aws/latest/docs/resources/prometheus_workspace) | resource |
 | [aws_route.nat_access](https://registry.terraform.io/providers/aws/latest/docs/resources/route) | resource |
 | [aws_route.public_internet_access](https://registry.terraform.io/providers/aws/latest/docs/resources/route) | resource |
 | [aws_route53_record.nlb](https://registry.terraform.io/providers/aws/latest/docs/resources/route53_record) | resource |
@@ -167,6 +174,7 @@ No modules.
 | [helm_release.keda](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource |
 | [helm_release.kiali-server](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource |
 | [helm_release.kube_state_metrics](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource |
+| [helm_release.managed_prometheus](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource |
 | [helm_release.metrics_server](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource |
 | [helm_release.node_termination_handler](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource |
@@ -198,6 +206,8 @@ No modules.
 | [aws_iam_policy_document.karpenter_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.keda_policy](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.keda_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.managed_prometheus_policy](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.managed_prometheus_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_ssm_parameter.eks](https://registry.terraform.io/providers/aws/latest/docs/data-sources/ssm_parameter) | data source |
 | [tls_certificate.eks](https://registry.terraform.io/providers/tls/latest/docs/data-sources/certificate) | data source |
 
@@ -220,6 +230,8 @@ No modules.
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all resources. These tags can help with identifying and organizing resources within the AWS environment. | `map(string)` | <pre>{<br>  "Environment": "prod",<br>  "Foo": "Bar",<br>  "Ping": "Pong"<br>}</pre> | no |
 | <a name="input_descheduler_toggle"></a> [descheduler\_toggle](#input\_descheduler\_toggle) | Controls the installation of the Descheduler, a tool to balance and optimize the distribution of Pods across the cluster for improved efficiency. | `bool` | `false` | no |
 | <a name="input_enable_cross_zone_load_balancing"></a> [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | Controls whether cross-zone load balancing is enabled for the Network Load Balancer, allowing even traffic distribution across all zones. | `bool` | `false` | no |
+| <a name="input_enable_managed_prometheus"></a> [enable\_managed\_prometheus](#input\_enable\_managed\_prometheus) | Determines if the managed Prometheus service should be enabled. Managed Prometheus provides a fully managed monitoring service compatible with Prometheus. | `bool` | `false` | no |
+| <a name="input_enable_prometheus_stack"></a> [enable\_prometheus\_stack](#input\_enable\_prometheus\_stack) | n/a | `bool` | `true` | no |
 | <a name="input_grafana_virtual_service_host"></a> [grafana\_virtual\_service\_host](#input\_grafana\_virtual\_service\_host) | The hostname for the Grafana virtual service, used in Istio routing. This host is used to access Grafana dashboards for monitoring metrics. | `string` | `"grafana.k8s.raj.ninja"` | no |
 | <a name="input_istio_ingress_max_pods"></a> [istio\_ingress\_max\_pods](#input\_istio\_ingress\_max\_pods) | The maximum number of pods to scale up for the Istio ingress gateway. This limits the resources used and manages the scaling behavior. | `number` | `9` | no |
 | <a name="input_istio_ingress_min_pods"></a> [istio\_ingress\_min\_pods](#input\_istio\_ingress\_min\_pods) | The minimum number of pods to maintain for the Istio ingress gateway. This ensures basic availability and load handling. | `number` | `3` | no |
@@ -232,6 +244,11 @@ No modules.
 | <a name="input_karpenter_toggle"></a> [karpenter\_toggle](#input\_karpenter\_toggle) | Determines whether Karpenter is enabled for the EKS cluster. Karpenter is an open-source auto-scaler for Kubernetes clusters. | `bool` | `true` | no |
 | <a name="input_keda_toggle"></a> [keda\_toggle](#input\_keda\_toggle) | Activates the installation of KEDA (Kubernetes Event-Driven Autoscaling), which adds event-driven scaling capabilities to Kubernetes workloads. | `bool` | `true` | no |
 | <a name="input_kiali_virtual_service_host"></a> [kiali\_virtual\_service\_host](#input\_kiali\_virtual\_service\_host) | The hostname for the Kiali virtual service, a part of Istio's service mesh visualization. It provides insights into the mesh topology and performance. | `string` | `"kiali.k8s.raj.ninja"` | no |
+| <a name="input_managed_grafana_authentication_providers"></a> [managed\_grafana\_authentication\_providers](#input\_managed\_grafana\_authentication\_providers) | A list of authentication providers for managed Grafana. For example, 'SAML' can be used for integrating with identity providers, ensuring secure and centralized user management. | `list(string)` | <pre>[<br>  "SAML"<br>]</pre> | no |
+| <a name="input_managed_grafana_datasources"></a> [managed\_grafana\_datasources](#input\_managed\_grafana\_datasources) | Specifies the data sources that managed Grafana can access. Includes options like 'CLOUDWATCH', 'PROMETHEUS', and 'XRAY', providing a wide range of data for comprehensive monitoring solutions. | `list(string)` | <pre>[<br>  "CLOUDWATCH",<br>  "PROMETHEUS",<br>  "XRAY"<br>]</pre> | no |
+| <a name="input_managed_grafana_notification_destinations"></a> [managed\_grafana\_notification\_destinations](#input\_managed\_grafana\_notification\_destinations) | Lists the notification channels supported by managed Grafana. For instance, 'SNS' allows Grafana to send alerts and notifications through AWS Simple Notification Service. | `list(string)` | <pre>[<br>  "SNS"<br>]</pre> | no |
+| <a name="input_managed_grafana_permission_type"></a> [managed\_grafana\_permission\_type](#input\_managed\_grafana\_permission\_type) | Defines the permission model for managed Grafana. 'SERVICE\_MANAGED' allows AWS to manage permissions, simplifying the setup and management of Grafana. | `string` | `"SERVICE_MANAGED"` | no |
+| <a name="input_managed_prometheus_access_type"></a> [managed\_prometheus\_access\_type](#input\_managed\_prometheus\_access\_type) | Specifies the access type for managed Prometheus. 'CURRENT\_ACCOUNT' limits access to the current AWS account, ensuring isolated and secure access to the monitoring data. | `string` | `"CURRENT_ACCOUNT"` | no |
 | <a name="input_nlb_ingress_enable_termination_protection"></a> [nlb\_ingress\_enable\_termination\_protection](#input\_nlb\_ingress\_enable\_termination\_protection) | Determines if termination protection is enabled for the Network Load Balancer, preventing accidental deletion. | `bool` | `false` | no |
 | <a name="input_nlb_ingress_internal"></a> [nlb\_ingress\_internal](#input\_nlb\_ingress\_internal) | Indicates whether the Network Load Balancer (NLB) for the EKS cluster should be internal, restricting access to within the AWS network. | `bool` | `false` | no |
 | <a name="input_nlb_ingress_type"></a> [nlb\_ingress\_type](#input\_nlb\_ingress\_type) | Specifies the type of ingress to be used, such as 'network', determining how the NLB handles incoming traffic to the EKS cluster. | `string` | `"network"` | no |
diff --git a/helm/prometheus/managed/values.yml b/helm/prometheus/managed/values.yml
new file mode 100644
index 0000000..c8fefb1
--- /dev/null
+++ b/helm/prometheus/managed/values.yml
@@ -0,0 +1,30 @@
+prometheus:
+    # podMonitorNamespaceSelector:
+    #   any: true
+    podMonitorSelector: {}
+    podMonitorSelectorNilUsesHelmValues: false
+    # ruleNamespaceSelector:
+    #   any: true
+    ruleSelector: {}
+    ruleSelectorNilUsesHelmValues: false
+    # serviceMonitorNamespaceSelector:
+    #   any: true
+    serviceMonitorSelector: {}
+    serviceMonitorSelectorNilUsesHelmValues: false
+
+kubeStateMetrics:
+  enabled: false
+
+grafana:
+  enabled: false
+
+alertmanager:
+  enabled: false
+
+prometheusOperator:
+  enabled: true
+  namespaces: ''
+  denyNamespaces: ''
+  prometheusInstanceNamespaces: ''
+  alertmanagerInstanceNamespaces: ''
+  thanosRulerInstanceNamespaces: ''
diff --git a/helm/prometheus/values.yml b/helm/prometheus/values.yml
index ba395e7..769e4c8 100644
--- a/helm/prometheus/values.yml
+++ b/helm/prometheus/values.yml
@@ -13,6 +13,9 @@ prometheus:
     serviceMonitorSelector: {}
     serviceMonitorSelectorNilUsesHelmValues: false
 
+kubeStateMetrics:
+  enabled: false
+
 prometheusOperator:
   enabled: true
   namespaces: ''
diff --git a/helm_istio.tf b/helm_istio.tf
index 519008b..f8f9f3f 100644
--- a/helm_istio.tf
+++ b/helm_istio.tf
@@ -11,7 +11,8 @@ resource "helm_release" "istio_base" {
   depends_on = [
     aws_eks_cluster.eks_cluster,
     aws_eks_node_group.cluster,
-    kubernetes_config_map.aws-auth
+    kubernetes_config_map.aws-auth,
+    helm_release.alb_ingress_controller
   ]
 }
 
diff --git a/helm_karpenter.tf b/helm_karpenter.tf
index 803e818..bbebaeb 100644
--- a/helm_karpenter.tf
+++ b/helm_karpenter.tf
@@ -31,6 +31,7 @@ resource "helm_release" "karpenter" {
   depends_on = [
     aws_eks_cluster.eks_cluster,
     kubernetes_config_map.aws-auth,
+    aws_eks_node_group.cluster
   ]
 
 }
diff --git a/helm_managed_prometheus.tf b/helm_managed_prometheus.tf
new file mode 100644
index 0000000..063d056
--- /dev/null
+++ b/helm_managed_prometheus.tf
@@ -0,0 +1,136 @@
+# resource "helm_release" "managed_prometheus" {
+
+#   count = var.enable_managed_prometheus ? 1 : 0
+
+#   name             = "prometheus"
+#   chart            = "prometheus"
+#   repository       = "https://prometheus-community.github.io/helm-charts"
+#   namespace        = "prometheus"
+#   create_namespace = true
+
+#   set {
+#     name  = "serviceAccounts.server.name"
+#     value = "managed-prometheus"
+#   }
+
+#   set {
+#     name  = "serviceAccounts.server.annotations.eks\\.amazonaws\\.com/role-arn"
+#     value = aws_iam_role.managed_prometheus_role.arn
+#   }
+
+#   set {
+#     name  = "server.remoteWrite[0].url"
+#     value = format("%sapi/v1/remote_write", aws_prometheus_workspace.main[0].prometheus_endpoint)
+#   }
+
+#   set {
+#     name  = "server.remoteWrite[0].sigv4.region"
+#     value = var.aws_region
+#   }
+
+#   set {
+#     name  = "server.remoteWrite[0].queue_config.max_samples_per_send"
+#     value = "1000"
+#   }
+
+#   set {
+#     name  = "server.remoteWrite[0].queue_config.max_shards"
+#     value = "200"
+#   }
+
+#   set {
+#     name  = "server.remoteWrite[0].queue_config.capacity"
+#     value = "2500"
+#   }
+
+#   set {
+#     name  = "server.persistentVolume.enabled"
+#     value = "false"
+#   }
+
+
+#   set {
+#     name  = "prometheus-pushgateway.enabled"
+#     value = "false"
+#   }
+
+
+#   set {
+#     name  = "prometheus-pushgateway.enabled"
+#     value = "false"
+#   }
+
+#   set {
+#     name  = "alertmanager.enabled"
+#     value = "false"
+#   }
+
+#   depends_on = [
+#     aws_eks_cluster.eks_cluster,
+#     aws_eks_node_group.cluster,
+#     kubernetes_config_map.aws-auth
+#   ]
+# }
+
+
+
+
+resource "helm_release" "managed_prometheus" {
+
+  count = var.enable_managed_prometheus ? 1 : 0
+
+  name             = "prometheus"
+  chart            = "kube-prometheus-stack"
+  repository       = "https://prometheus-community.github.io/helm-charts"
+  namespace        = "prometheus"
+  create_namespace = true
+
+  version = "45.8.0"
+
+  set {
+    name  = "prometheus.serviceAccount.name"
+    value = "managed-prometheus"
+  }
+
+  set {
+    name  = "prometheus.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+    value = aws_iam_role.managed_prometheus_role.arn
+  }
+
+  set {
+    name  = "prometheus.prometheusSpec.remoteWrite[0].url"
+    value = format("%sapi/v1/remote_write", aws_prometheus_workspace.main[0].prometheus_endpoint)
+  }
+
+  set {
+    name  = "prometheus.prometheusSpec.remoteWrite[0].sigv4.region"
+    value = var.aws_region
+  }
+
+  set {
+    name  = "prometheus.prometheusSpec.remoteWrite[0].queue_config.max_samples_per_send"
+    value = "1000"
+  }
+
+  set {
+    name  = "prometheus.prometheusSpec.remoteWrite[0].queue_config.max_shards"
+    value = "200"
+  }
+
+  set {
+    name  = "prometheus.prometheusSpec.remoteWrite[0].queue_config.capacity"
+    value = "2500"
+  }
+
+
+  values = [
+    "${file("./helm/prometheus/managed/values.yml")}"
+  ]
+
+
+  depends_on = [
+    aws_eks_cluster.eks_cluster,
+    aws_eks_node_group.cluster,
+    kubernetes_config_map.aws-auth
+  ]
+}
diff --git a/helm_prometheus.tf b/helm_prometheus.tf
index 04e674c..d7a43c4 100644
--- a/helm_prometheus.tf
+++ b/helm_prometheus.tf
@@ -1,5 +1,8 @@
 
 resource "helm_release" "prometheus" {
+
+  count = var.enable_prometheus_stack ? 1 : 0
+
   name             = "prometheus"
   chart            = "kube-prometheus-stack"
   repository       = "https://prometheus-community.github.io/helm-charts"
@@ -27,6 +30,9 @@ resource "helm_release" "prometheus" {
 
 
 resource "kubectl_manifest" "grafana_gateway" {
+
+  count = var.enable_prometheus_stack ? 1 : 0
+
   yaml_body = <<YAML
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
@@ -56,6 +62,9 @@ YAML
 }
 
 resource "kubectl_manifest" "grafana_service" {
+
+  count = var.enable_prometheus_stack ? 1 : 0
+
   yaml_body = <<YAML
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
diff --git a/iam_managed_prometheus.tf b/iam_managed_prometheus.tf
new file mode 100644
index 0000000..802d750
--- /dev/null
+++ b/iam_managed_prometheus.tf
@@ -0,0 +1,63 @@
+data "aws_iam_policy_document" "managed_prometheus_role" {
+  statement {
+    actions = ["sts:AssumeRoleWithWebIdentity"]
+    effect  = "Allow"
+
+    condition {
+      test     = "StringEquals"
+      variable = "${replace(aws_iam_openid_connect_provider.eks.url, "https://", "")}:sub"
+      values = [
+        "system:serviceaccount:prometheus:managed-prometheus"
+      ]
+    }
+
+    principals {
+      identifiers = [aws_iam_openid_connect_provider.eks.arn]
+      type        = "Federated"
+    }
+  }
+}
+
+resource "aws_iam_role" "managed_prometheus_role" {
+  assume_role_policy = data.aws_iam_policy_document.managed_prometheus_role.json
+  name               = format("%s-managed-prometheus", var.cluster_name)
+}
+
+
+data "aws_iam_policy_document" "managed_prometheus_policy" {
+  version = "2012-10-17"
+
+  statement {
+
+    effect = "Allow"
+    actions = [
+      "aps:QueryMetrics",
+      "aps:GetSeries",
+      "aps:GetLabels",
+      "aps:GetMetricMetadata",
+      "aps:RemoteWrite"
+    ]
+
+    resources = [
+      "*"
+    ]
+
+  }
+}
+
+resource "aws_iam_policy" "managed_prometheus_policy" {
+  name        = format("%s-managed-prometheus", var.cluster_name)
+  path        = "/"
+  description = var.cluster_name
+
+  policy = data.aws_iam_policy_document.managed_prometheus_policy.json
+}
+
+resource "aws_iam_policy_attachment" "managed_prometheus_policy" {
+  name = format("%s-managed-prometheus", var.cluster_name)
+  roles = [
+    aws_iam_role.managed_prometheus_role.name
+  ]
+
+  policy_arn = aws_iam_policy.managed_prometheus_policy.arn
+}
diff --git a/managed_grafana.tf b/managed_grafana.tf
new file mode 100644
index 0000000..e0659af
--- /dev/null
+++ b/managed_grafana.tf
@@ -0,0 +1,49 @@
+resource "aws_grafana_workspace" "grafana" {
+
+  count = var.enable_managed_prometheus ? 1 : 0
+
+  account_access_type      = var.managed_prometheus_access_type
+  authentication_providers = var.managed_grafana_authentication_providers
+  permission_type          = var.managed_grafana_permission_type
+  role_arn                 = aws_iam_role.grafana[count.index].arn
+
+
+  data_sources              = var.managed_grafana_datasources
+  notification_destinations = var.managed_grafana_notification_destinations
+
+  vpc_configuration {
+    subnet_ids = [
+      aws_subnet.private_subnet_1a.id,
+      aws_subnet.private_subnet_1b.id,
+      aws_subnet.private_subnet_1c.id
+    ]
+    security_group_ids = [
+      aws_security_group.cluster_nodes_sg.id
+    ]
+  }
+}
+
+resource "aws_iam_role" "grafana" {
+
+  count = var.enable_managed_prometheus ? 1 : 0
+
+  name = format("%s-managed-grafana", var.cluster_name)
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "grafana.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+# resource "aws_grafana_role_association" "grafana" {
+#   user_ids     = ["USER_ID_1", "USER_ID_2"]
+#   workspace_id = aws_grafana_workspace.grafana.id
+# }
diff --git a/managed_prometheus.tf b/managed_prometheus.tf
new file mode 100644
index 0000000..75f9dc8
--- /dev/null
+++ b/managed_prometheus.tf
@@ -0,0 +1,14 @@
+resource "aws_cloudwatch_log_group" "prometheus" {
+  count             = var.enable_managed_prometheus ? 1 : 0
+  name              = format("%s-prometheus", var.cluster_name)
+  retention_in_days = 1
+}
+
+resource "aws_prometheus_workspace" "main" {
+  count = var.enable_managed_prometheus ? 1 : 0
+  alias = var.cluster_name
+
+  logging_configuration {
+    log_group_arn = "${aws_cloudwatch_log_group.prometheus[count.index].arn}:*"
+  }
+}
\ No newline at end of file
diff --git a/provider.tf b/provider.tf
index 93536f8..b7a6732 100644
--- a/provider.tf
+++ b/provider.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "aws"
-      version = "~> 4.0"
+      version = ">= 5.0"
     }
     helm = {
       source  = "helm"
diff --git a/variables.tf b/variables.tf
index 4f4d198..e2356a3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -156,6 +156,12 @@ variable "istio_ingress_max_pods" {
 #  PROMETHEUS CONFIGS   #
 #########################
 
+variable "enable_prometheus_stack" {
+  type        = bool
+  description = ""
+  default     = true
+}
+
 variable "grafana_virtual_service_host" {
   type        = string
   description = "The hostname for the Grafana virtual service, used in Istio routing. This host is used to access Grafana dashboards for monitoring metrics."
@@ -174,6 +180,47 @@ variable "jaeger_virtual_service_host" {
   default     = "jaeger.k8s.raj.ninja"
 }
 
+#################################
+#  MANAGED PROMETHEUS CONFIGS   #
+#################################
+
+variable "enable_managed_prometheus" {
+  type        = bool
+  description = "Determines if the managed Prometheus service should be enabled. Managed Prometheus provides a fully managed monitoring service compatible with Prometheus."
+  default     = false
+}
+
+variable "managed_prometheus_access_type" {
+  type        = string
+  description = "Specifies the access type for managed Prometheus. 'CURRENT_ACCOUNT' limits access to the current AWS account, ensuring isolated and secure access to the monitoring data."
+  default     = "CURRENT_ACCOUNT"
+}
+
+variable "managed_grafana_permission_type" {
+  type        = string
+  description = "Defines the permission model for managed Grafana. 'SERVICE_MANAGED' allows AWS to manage permissions, simplifying the setup and management of Grafana."
+  default     = "SERVICE_MANAGED"
+}
+
+variable "managed_grafana_authentication_providers" {
+  type        = list(string)
+  description = "A list of authentication providers for managed Grafana. For example, 'SAML' can be used for integrating with identity providers, ensuring secure and centralized user management."
+  default     = ["SAML"]
+}
+
+variable "managed_grafana_datasources" {
+  type        = list(string)
+  description = "Specifies the data sources that managed Grafana can access. Includes options like 'CLOUDWATCH', 'PROMETHEUS', and 'XRAY', providing a wide range of data for comprehensive monitoring solutions."
+  default     = ["CLOUDWATCH", "PROMETHEUS", "XRAY"]
+}
+
+variable "managed_grafana_notification_destinations" {
+  type        = list(string)
+  description = "Lists the notification channels supported by managed Grafana. For instance, 'SNS' allows Grafana to send alerts and notifications through AWS Simple Notification Service."
+  default     = ["SNS"]
+}
+
+
 ###############################
 ###  ARGO-ROLLOUTS CONFIGS  ###
 ###############################