fix: use aws_partition for policy ARNs in examples, rename capabilities to auto mode managed add-ons

- Add data.aws_partition.current to examples/complete for GovCloud/China
  partition support instead of hardcoded "arn:aws:" prefixes
- Rename "Capabilities" section to "Auto Mode Managed Add-ons" in docs
  to avoid confusion with EKS Capabilities (Argo CD, ACK, KRO)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Benbentwo

README.md

@@ -366,12 +366,12 @@ When Auto Mode is enabled, this module automatically:
 - Attaches 4 additional IAM policies to the cluster role: `AmazonEKSComputePolicy`, `AmazonEKSBlockStoragePolicy`,
   `AmazonEKSLoadBalancingPolicy`, and `AmazonEKSNetworkingPolicy`
 
-### Capabilities
+### Auto Mode Managed Add-ons
 
-All three capabilities must be enabled or disabled together:
+When Auto Mode is enabled, AWS manages the following add-ons automatically:
 
-| Capability | Variable | What AWS Manages |
-|-----------|----------|-----------------|
+| Add-on | Variable | What AWS Manages |
+|--------|----------|-----------------|
 | **Compute** | `auto_mode_compute_config` | Node provisioning via managed Karpenter |
 | **Storage** | `auto_mode_storage_config` | EBS volumes via `ebs.csi.eks.amazonaws.com` |
 | **Networking** | `auto_mode_elastic_load_balancing` | ALB/NLB for Services and Ingress |

README.yaml

@@ -367,12 +367,12 @@ usage: |-
   - Attaches 4 additional IAM policies to the cluster role: `AmazonEKSComputePolicy`, `AmazonEKSBlockStoragePolicy`,
     `AmazonEKSLoadBalancingPolicy`, and `AmazonEKSNetworkingPolicy`
 
-  ### Capabilities
+  ### Auto Mode Managed Add-ons
 
-  All three capabilities must be enabled or disabled together:
+  When Auto Mode is enabled, AWS manages the following add-ons automatically:
 
-  | Capability | Variable | What AWS Manages |
-  |-----------|----------|-----------------|
+  | Add-on | Variable | What AWS Manages |
+  |--------|----------|-----------------|
   | **Compute** | `auto_mode_compute_config` | Node provisioning via managed Karpenter |
   | **Storage** | `auto_mode_storage_config` | EBS volumes via `ebs.csi.eks.amazonaws.com` |
   | **Networking** | `auto_mode_elastic_load_balancing` | ALB/NLB for Services and Ingress |

examples/complete/main.tf

@@ -2,6 +2,8 @@ provider "aws" {
   region = var.region
 }
 
+data "aws_partition" "current" {}
+
 module "label" {
   source  = "cloudposse/label/null"
   version = "0.25.0"
@@ -180,14 +182,14 @@ resource "aws_iam_role_policy_attachment" "auto_mode_node_minimal" {
   count = local.enabled && var.auto_mode_enabled ? 1 : 0
 
   role       = one(aws_iam_role.auto_mode_node[*].name)
-  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy"
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy"
 }
 
 resource "aws_iam_role_policy_attachment" "auto_mode_node_ecr" {
   count = local.enabled && var.auto_mode_enabled ? 1 : 0
 
   role       = one(aws_iam_role.auto_mode_node[*].name)
-  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly"
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly"
 }
 
 module "eks_node_group" {

examples/complete/vpc-cni.tf

@@ -42,7 +42,7 @@ resource "aws_iam_role_policy_attachment" "vpc_cni" {
   count = local.vpc_cni_sa_needed ? 1 : 0
 
   role       = module.vpc_cni_eks_iam_role.service_account_role_name
-  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonEKS_CNI_Policy"
 }
 
 module "vpc_cni_eks_iam_role" {