diff --git a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf
index 16a74259c..dfca61137 100644
--- a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf
+++ b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/components/components.tf
@@ -96,6 +96,17 @@ module "modsec_ingress_controllers" {
   dependence_certmanager = module.cert_manager.helm_cert_manager_status
 }
 
+module "kuberos" {
+  source = "github.com/ministryofjustice/cloud-platform-terraform-kuberos?ref=0.3.1"
+
+  cluster_domain_name           = data.terraform_remote_state.cluster.outputs.cluster_domain_name
+  oidc_kubernetes_client_id     = data.terraform_remote_state.cluster.outputs.oidc_kubernetes_client_id
+  oidc_kubernetes_client_secret = data.terraform_remote_state.cluster.outputs.oidc_kubernetes_client_secret
+  oidc_issuer_url               = data.terraform_remote_state.cluster.outputs.oidc_issuer_url
+  cluster_address               = data.terraform_remote_state.cluster.outputs.cluster_endpoint
+  create_aws_redirect           = false
+}
+
 module "logging" {
   source = "github.com/ministryofjustice/cloud-platform-terraform-logging?ref=1.1.0"
 
diff --git a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/main.tf b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/main.tf
index d0450cfca..4ea4f04aa 100644
--- a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/main.tf
+++ b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/main.tf
@@ -141,7 +141,7 @@ module "auth0" {
 resource "null_resource" "associate_identity_provider" {
   depends_on = [module.eks.cluster_id]
   provisioner "local-exec" {
-    command = "aws eks --region 'eu-west-2' associate-identity-provider-config --cluster-name '${terraform.workspace}' --oidc identityProviderConfigName='Auth0',issuerUrl='${var.auth0_issuerUrl}',clientId='${module.auth0.oidc_kubernetes_client_id}',usernameClaim=email,groupsClaim='${var.auth0_groupsClaim}',requiredClaims={}; exit 0"
+    command = "aws eks --region 'eu-west-2' associate-identity-provider-config --cluster-name '${terraform.workspace}' --oidc identityProviderConfigName='Auth0',issuerUrl='${var.auth0_issuerUrl}',clientId='${module.auth0.oidc_kubernetes_client_id}',usernameClaim=email,groupsClaim='${var.auth0_groupsClaim}',requiredClaims={} || aws eks --region 'eu-west-2' describe-identity-provider-config --cluster-name '${terraform.workspace}' --identity-provider-config type='oidc',name='Auth0' --output json --query 'identityProviderConfig.oidc.status'"
   }
 
 }
diff --git a/terraform/aws-accounts/cloud-platform-aws/vpc/kops/components/components.tf b/terraform/aws-accounts/cloud-platform-aws/vpc/kops/components/components.tf
index 6f12bb86c..076e06c13 100644
--- a/terraform/aws-accounts/cloud-platform-aws/vpc/kops/components/components.tf
+++ b/terraform/aws-accounts/cloud-platform-aws/vpc/kops/components/components.tf
@@ -32,7 +32,7 @@ module "kiam" {
 }
 
 module "kuberos" {
-  source = "github.com/ministryofjustice/cloud-platform-terraform-kuberos?ref=0.3.0"
+  source = "github.com/ministryofjustice/cloud-platform-terraform-kuberos?ref=0.3.1"
 
   cluster_domain_name           = data.terraform_remote_state.cluster.outputs.cluster_domain_name
   oidc_kubernetes_client_id     = data.terraform_remote_state.cluster.outputs.oidc_kubernetes_client_id