[Enhancement] aws_eks_addon: Support configuring namespace

.changelog/44087.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_eks_addon: Support configuring `namespace`
+```

internal/service/eks/addon.go

@@ -127,6 +127,10 @@ func resourceAddon() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: verify.ValidARN,
 			},
+			names.AttrNamespace: {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			names.AttrTags:    tftags.TagsSchema(),
 			names.AttrTagsAll: tftags.TagsSchemaComputed(),
 		},
@@ -167,6 +171,12 @@ func resourceAddonCreate(ctx context.Context, d *schema.ResourceData, meta any)
 		input.ServiceAccountRoleArn = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk(names.AttrNamespace); ok {
+		input.NamespaceConfig = &types.AddonNamespaceConfigRequest{
+			Namespace: aws.String(v.(string)),
+		}
+	}
+
 	_, err := tfresource.RetryWhen(ctx, propagationTimeout,
 		func(ctx context.Context) (any, error) {
 			return conn.CreateAddon(ctx, input)
@@ -243,6 +253,7 @@ func resourceAddonRead(ctx context.Context, d *schema.ResourceData, meta any) di
 		return sdkdiag.AppendErrorf(diags, "setting pod_identity_association: %s", err)
 	}
 	d.Set("service_account_role_arn", addon.ServiceAccountRoleArn)
+	d.Set(names.AttrNamespace, d.Get(names.AttrNamespace)) // Create-only.
 
 	setTagsOut(ctx, addon.Tags)
 

internal/service/eks/addon_test.go

@@ -403,6 +403,37 @@ func TestAccEKSAddon_tags(t *testing.T) {
 	})
 }
 
+func TestAccEKSAddon_namespace(t *testing.T) {
+	ctx := acctest.Context(t)
+	var addon types.Addon
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_eks_addon.test"
+	addonName := "vpc-cni"
+	namespace := "my-namespace"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t); testAccPreCheckAddon(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.EKSServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckAddonDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAddonConfig_namespace(rName, addonName, namespace),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAddonExists(ctx, resourceName, &addon),
+					resource.TestCheckResourceAttr(resourceName, names.AttrNamespace, namespace),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{names.AttrNamespace},
+			},
+		},
+	})
+}
+
 func testAccCheckAddonExists(ctx context.Context, n string, v *types.Addon) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -705,3 +736,13 @@ resource "aws_eks_addon" "test" {
 }
 `, rName, addonName, configurationValues))
 }
+
+func testAccAddonConfig_namespace(rName, addonName, namespace string) string {
+	return acctest.ConfigCompose(testAccAddonConfig_base(rName), fmt.Sprintf(`
+resource "aws_eks_addon" "test" {
+  cluster_name = aws_eks_cluster.test.name
+  addon_name   = %[2]q
+  namespace    = %[3]q
+}
+`, rName, addonName, namespace))
+}

website/docs/r/eks_addon.html.markdown

@@ -133,6 +133,7 @@ The following arguments are optional:
 * `region` - (Optional) Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the [provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#aws-configuration-reference).
 * `addon_version` - (Optional) The version of the EKS add-on. The version must
   match one of the versions returned by [describe-addon-versions](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-versions.html).
+* `namespace` - (Optional) The name of the Kubernetes namespace to install the addon in. Once you install an add-on in a specific namespace, you must remove and re-create the add-on to change its namespace. For more details see the [Custom namespace for add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html#custom-namespace).
 * `configuration_values` - (Optional) custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from [describe-addon-configuration](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-configuration.html).
 * `resolve_conflicts_on_create` - (Optional) How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are `NONE` and `OVERWRITE`. For more details see the [CreateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html) API Documentation.
 * `resolve_conflicts_on_update` - (Optional) How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are `NONE`, `OVERWRITE`, and `PRESERVE`. For more details see the [UpdateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) API Documentation.