From 7adaaa4c796fa520b1d1cc2d5d5138cff6f033af Mon Sep 17 00:00:00 2001
From: Micah Nagel <micah.nagel@defenseunicorns.com>
Date: Wed, 16 Apr 2025 09:30:21 -0600
Subject: [PATCH] chore: enable netpols for eks

---
 tasks/iac.yaml | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/tasks/iac.yaml b/tasks/iac.yaml
index d6ef7871ce..85c744fac4 100644
--- a/tasks/iac.yaml
+++ b/tasks/iac.yaml
@@ -46,6 +46,18 @@ tasks:
             serviceRolePermissionsBoundary: ${PERMISSIONS_BOUNDARY_ARN}
 
           addons:
+            - name: vpc-cni
+              attachPolicyARNs:
+                # Commercial IAM Policy
+                # - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
+                # Govcloud IAM policy
+                - arn:aws-us-gov:iam::aws:policy/AmazonEKS_CNI_Policy
+              permissionsBoundary: ${PERMISSIONS_BOUNDARY_ARN}
+              tags:
+                PermissionsBoundary: ${PERMISSIONS_BOUNDARY_NAME}
+              configurationValues: |-
+                enableNetworkPolicy: "true"
+
             - name: aws-ebs-csi-driver
               attachPolicyARNs:
                 # Commercial IAM Policy
@@ -59,16 +71,6 @@ tasks:
               tags:
                 PermissionsBoundary: ${PERMISSIONS_BOUNDARY_NAME}
 
-            - name: vpc-cni
-              attachPolicyARNs:
-                # Commercial IAM Policy
-                # - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
-                # Govcloud IAM policy
-                - arn:aws-us-gov:iam::aws:policy/AmazonEKS_CNI_Policy
-              permissionsBoundary: ${PERMISSIONS_BOUNDARY_ARN}
-              tags:
-                PermissionsBoundary: ${PERMISSIONS_BOUNDARY_NAME}
-
           managedNodeGroups:
             - name: ng-1
               instanceType: m5.2xlarge