diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/config.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/config.tf
index 14f802f75..621b4a898 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/config.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/config.tf
@@ -16,11 +16,11 @@ provider "kubernetes" {
 # Backend Config (partial)
 #
 terraform {
-  required_version = "~> 1.1.9"
+  required_version = "~> 1.2"
 
   required_providers {
-    aws        = "~> 4.11.0"
-    kubernetes = "~> 2.11.0"
+    aws        = "~> 4.11"
+    kubernetes = "~> 2.11"
   }
 
   backend "s3" {
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/eks-workers-managed.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/eks-workers-managed.tf
index 19d772c56..01e69cc37 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/eks-workers-managed.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/eks-workers-managed.tf
@@ -164,14 +164,14 @@ module "cluster" {
     #   max_size       = 6
     #   desired_size   = 1
     #   capacity_type  = "ON_DEMAND"
-    #   instance_types = ["t2.medium", "t3.medium"]
+    #   instance_types = ["t3.medium"]
     # }
     spot = {
       desired_capacity = 1
       max_capacity     = 6
       min_capacity     = 1
       capacity_type    = "SPOT"
-      instance_types   = ["t2.medium", "t3.medium"]
+      instance_types   = ["t3.medium"]
     }
   }
 
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/identities/config.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/identities/config.tf
index 853ae9326..d407683c6 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/identities/config.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/identities/config.tf
@@ -16,10 +16,10 @@ provider "aws" {
 # Backend Config (partial)
 #
 terraform {
-  required_version = "~> 1.1.9"
+  required_version = "~> 1.2"
 
   required_providers {
-    aws = "~> 4.11.0"
+    aws = "~> 4.11"
   }
 
   backend "s3" {
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/chart-values/kube-prometheus-stack.yaml b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/chart-values/kube-prometheus-stack.yaml
new file mode 100644
index 000000000..e69de29bb
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-metrics.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-metrics.tf
index 5e9a21f50..96f570dd1 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-metrics.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-metrics.tf
@@ -36,3 +36,16 @@ resource "helm_release" "metrics_server" {
   version    = "5.8.4"
   values     = [file("chart-values/metrics-server.yaml")]
 }
+
+#------------------------------------------------------------------------------
+# Prometheus Stack
+#------------------------------------------------------------------------------
+resource "helm_release" "kube_prometheus_stack" {
+  count      = var.enable_prometheus_stack ? 1 : 0
+  name       = "kube-prometheus-stack"
+  namespace  = kubernetes_namespace.prometheus[0].id
+  repository = "https://prometheus-community.github.io/helm-charts"
+  chart      = "kube-prometheus-stack"
+  version    = "43.2.1"
+  values     = [file("chart-values/kube-prometheus-stack.yaml")]
+}
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/namespaces.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/namespaces.tf
index 8aa421c11..20b398494 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/namespaces.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/namespaces.tf
@@ -118,3 +118,12 @@ resource "kubernetes_namespace" "velero" {
     name   = "velero"
   }
 }
+
+resource "kubernetes_namespace" "prometheus" {
+  count = var.enable_prometheus_stack ? 1 : 0
+
+  metadata {
+    labels = local.labels
+    name   = "prometheus"
+  }
+}
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/terraform.tfvars b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/terraform.tfvars
index 5828c0175..5d3987441 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/terraform.tfvars
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/terraform.tfvars
@@ -47,6 +47,7 @@ logging = {
   ]
 }
 # metrics
+enable_prometheus_stack        = true
 enable_prometheus_dependencies = false
 enable_grafana_dependencies    = false
 # datadog
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
index 45be0e161..18ba1ea15 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
@@ -86,6 +86,11 @@ variable "enable_ingressmonitorcontroller" {
   default = false
 }
 
+variable "enable_prometheus_stack" {
+  type    = bool
+  default = false
+}
+
 variable "enable_prometheus_dependencies" {
   type    = bool
   default = false
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/network/config.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/network/config.tf
index 537ad67da..9efcf62ce 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/network/config.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/network/config.tf
@@ -16,10 +16,10 @@ provider "aws" {
 # Backend Config (partial)
 #
 terraform {
-  required_version = "~> 1.1.9"
+  required_version = "~> 1.2"
 
   required_providers {
-    aws = "~> 4.11.0"
+    aws = "~> 4.11"
   }
 
   backend "s3" {
diff --git a/management/global/sso/policies.tf b/management/global/sso/policies.tf
index 81d9d303f..fcc1b3781 100644
--- a/management/global/sso/policies.tf
+++ b/management/global/sso/policies.tf
@@ -54,6 +54,7 @@ data "aws_iam_policy_document" "devops" {
       "route53resolver:*",
       "s3:*",
       "ses:*",
+      "secretsmanager:*",
       "shield:*",
       "sns:*",
       "sqs:*",