Support for Container Network Observability #3610
Description
Is your request related to a new offering from AWS?
Yes ✅. AWS announced Container Network Observability for Amazon EKS on Nov 19, 2025. The AWS provider added aws_networkflowmonitor_monitor and aws_networkflowmonitor_scope in v6.21.0, but there is no way to configure observability agents at the EKS cluster level.
Is your request related to a problem? Please describe.
While v6.21.0 introduced aws_networkflowmonitor_monitor and aws_networkflowmonitor_scope, there is no explicit resource or argument to enable Container Network Observability at the EKS cluster level.
Describe the solution you'd like.
Expose new arguments in aws_eks_cluster or a dedicated resource to configure Container Network Observability agents, including:
- Namespace where the agent is installed.
- Choice of EKS Pod Identity vs. IRSA for authentication.
- Custom configs: tolerations, resource requests/limits, node selectors, affinity rules.
Describe alternatives you've considered.
At present the only way to set this up is imperatively or via cloud formation where we can have a wrapper with Terraform.
Additional context
Container Network Observability provides granular visibility into pod‑to‑pod and cross‑AZ traffic. Explicit provider support ensures Terraform users can manage this feature consistently with other EKS cluster settings. The terraform-aws-provider may not provide the entire api yet I can work with them to get this added.