diff --git a/aws/eks-addon/.tflint.hcl b/aws/eks-addon/.tflint.hcl
new file mode 100644
index 0000000..7faf4ff
--- /dev/null
+++ b/aws/eks-addon/.tflint.hcl
@@ -0,0 +1,10 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.17.1"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
diff --git a/aws/eks-addon/README.md b/aws/eks-addon/README.md
new file mode 100644
index 0000000..d6900d6
--- /dev/null
+++ b/aws/eks-addon/README.md
@@ -0,0 +1,51 @@
+# eks addons
+
+Deploy a single EKS addon to an EKS cluster.
+The main difference from the eks-addons module is that this module gives you more control over the addon,
+such as configuring an IRSA role.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.67.0, < 5.0.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.67.0, < 5.0.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.9.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eks_addon.addon](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
+| [time_static.last_update](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_addon_version"></a> [addon\_version](#input\_addon\_version) | The version of the addon to be deployed. | `string` | n/a | yes |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster | `string` | n/a | yes |
+| <a name="input_configuration_values"></a> [configuration\_values](#input\_configuration\_values) | The configuration values for the addon. | `string` | `null` | no |
+| <a name="input_customer"></a> [customer](#input\_customer) | Customer tag for the addon to be deployed | `string` | `""` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the addon to be deployed | `string` | n/a | yes |
+| <a name="input_service_account_role_arn"></a> [service\_account\_role\_arn](#input\_service\_account\_role\_arn) | The ARN of the service account role to use for the addon. | `string` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Default tags to add to resources | `map(any)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_addon_arn"></a> [addon\_arn](#output\_addon\_arn) | The ARN of the EKS addon |
+<!-- END_TF_DOCS -->
diff --git a/aws/eks-addon/eks-addon.tf b/aws/eks-addon/eks-addon.tf
new file mode 100644
index 0000000..7481dc9
--- /dev/null
+++ b/aws/eks-addon/eks-addon.tf
@@ -0,0 +1,9 @@
+resource "aws_eks_addon" "addon" {
+  addon_name               = var.name
+  addon_version            = var.addon_version
+  cluster_name             = var.cluster_name
+  configuration_values     = var.configuration_values
+  resolve_conflicts        = "OVERWRITE"
+  service_account_role_arn = var.service_account_role_arn != null && var.service_account_role_arn != "" ? var.service_account_role_arn : null
+  tags                     = local.interpolated_tags
+}
diff --git a/aws/eks-addon/main.tf b/aws/eks-addon/main.tf
new file mode 100644
index 0000000..b5f8ba8
--- /dev/null
+++ b/aws/eks-addon/main.tf
@@ -0,0 +1,14 @@
+locals {
+  # tflint-ignore: terraform_unused_declarations
+  interpolated_tags = merge({
+    "Name"           = var.name,
+    "Customer"       = var.customer,
+    "ManagedBy"      = "Terraform",
+    "LastModifiedAt" = time_static.last_update.rfc3339,
+    },
+    var.tags
+  )
+}
+
+resource "time_static" "last_update" {
+}
diff --git a/aws/eks-addon/outputs.tf b/aws/eks-addon/outputs.tf
new file mode 100644
index 0000000..9868e1a
--- /dev/null
+++ b/aws/eks-addon/outputs.tf
@@ -0,0 +1,4 @@
+output "addon_arn" {
+  description = "The ARN of the EKS addon"
+  value       = aws_eks_addon.addon.arn
+}
diff --git a/aws/eks-addon/providers.tf b/aws/eks-addon/providers.tf
new file mode 100644
index 0000000..648ddf8
--- /dev/null
+++ b/aws/eks-addon/providers.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws",
+      version = ">= 4.67.0, < 5.0.0"
+    }
+    time = {
+      source  = "hashicorp/time",
+      version = "~> 0.9.1"
+    }
+  }
+  required_version = "~> 1.3"
+}
diff --git a/aws/eks-addon/variables.tf b/aws/eks-addon/variables.tf
new file mode 100644
index 0000000..038f976
--- /dev/null
+++ b/aws/eks-addon/variables.tf
@@ -0,0 +1,39 @@
+variable "name" {
+  description = "The name of the addon to be deployed"
+  type        = string
+}
+
+variable "customer" {
+  description = "Customer tag for the addon to be deployed"
+  type        = string
+  default     = ""
+}
+
+variable "tags" {
+  description = "Default tags to add to resources"
+  type        = map(any)
+  default     = {}
+}
+
+# module specific variables
+variable "cluster_name" {
+  description = "The name of the cluster"
+  type        = string
+}
+
+variable "addon_version" {
+  description = "The version of the addon to be deployed."
+  type        = string
+}
+
+variable "service_account_role_arn" {
+  description = "The ARN of the service account role to use for the addon."
+  type        = string
+  default     = null
+}
+
+variable "configuration_values" {
+  description = "The configuration values for the addon."
+  type        = string
+  default     = null
+}