feat: update examples/complete with Auto Mode support

Add auto_mode_enabled variable, Auto Mode node IAM role, and pass
auto_mode_compute_config/storage_config/elastic_load_balancing to
the module. Disable node group when Auto Mode is enabled.

Incorporates example patterns from PR #253 using our variable naming.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Benbentwo

examples/complete/main.tf

@@ -111,11 +111,28 @@ module "eks_cluster" {
   cluster_encryption_config_resources                       = var.cluster_encryption_config_resources
 
   addons                                = local.addons
-  addons_depends_on                     = [module.eks_node_group]
+  addons_depends_on                     = var.auto_mode_enabled ? null : [module.eks_node_group]
   bootstrap_self_managed_addons_enabled = var.bootstrap_self_managed_addons_enabled
   upgrade_policy                        = var.upgrade_policy
   zonal_shift_config                    = var.zonal_shift_config
 
+  # EKS Auto Mode
+  auto_mode_compute_config = {
+    enabled       = var.auto_mode_enabled
+    node_pools    = var.auto_mode_enabled ? ["general-purpose", "system"] : []
+    node_role_arn = var.auto_mode_enabled ? one(aws_iam_role.auto_mode_node[*].arn) : null
+  }
+
+  auto_mode_storage_config = {
+    block_storage = {
+      enabled = var.auto_mode_enabled
+    }
+  }
+
+  auto_mode_elastic_load_balancing = {
+    enabled = var.auto_mode_enabled
+  }
+
   access_entry_map = local.access_entry_map
   access_config = {
     authentication_mode                         = "API"
@@ -136,10 +153,49 @@ module "eks_cluster" {
   cluster_depends_on = [module.subnets]
 }
 
+# Auto Mode node role (only when auto_mode_enabled = true)
+data "aws_iam_policy_document" "auto_mode_node_assume_role" {
+  count = local.enabled && var.auto_mode_enabled ? 1 : 0
+
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "auto_mode_node" {
+  count = local.enabled && var.auto_mode_enabled ? 1 : 0
+
+  name               = "${module.label.id}-auto-mode-node"
+  assume_role_policy = one(data.aws_iam_policy_document.auto_mode_node_assume_role[*].json)
+  tags               = module.label.tags
+}
+
+resource "aws_iam_role_policy_attachment" "auto_mode_node_minimal" {
+  count = local.enabled && var.auto_mode_enabled ? 1 : 0
+
+  role       = one(aws_iam_role.auto_mode_node[*].name)
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "auto_mode_node_ecr" {
+  count = local.enabled && var.auto_mode_enabled ? 1 : 0
+
+  role       = one(aws_iam_role.auto_mode_node[*].name)
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly"
+}
+
 module "eks_node_group" {
   source  = "cloudposse/eks-node-group/aws"
   version = "3.2.0"
 
+  enabled = !var.auto_mode_enabled
+
   # node group <= 3.2 requires a non-empty list of subnet_ids, even when disabled
   subnet_ids        = local.enabled ? module.subnets.public_subnet_ids : ["filler_string_for_enabled_is_false"]
   cluster_name      = module.eks_cluster.eks_cluster_id

examples/complete/variables.tf

@@ -142,6 +142,12 @@ variable "private_ipv6_enabled" {
   description = "Whether to use IPv6 addresses for the pods in the node group"
 }
 
+variable "auto_mode_enabled" {
+  type        = bool
+  default     = false
+  description = "Set to true to enable EKS Auto Mode"
+}
+
 variable "remote_network_config" {
   description = "Configuration block for the cluster remote network configuration"
   type = object({