diff --git a/modules/eks-monitoring/add-ons/adot-operator/main.tf b/modules/eks-monitoring/add-ons/adot-operator/main.tf
index 3a68306b..daabee78 100644
--- a/modules/eks-monitoring/add-ons/adot-operator/main.tf
+++ b/modules/eks-monitoring/add-ons/adot-operator/main.tf
@@ -176,6 +176,11 @@ resource "kubernetes_cluster_role_v1" "adot" {
     non_resource_urls = ["/metrics"]
     verbs             = ["get"]
   }
+  rule {
+    api_groups = ["metrics.eks.amazonaws.com"]
+    verbs      = ["get"]
+    resources  = ["kcm/metrics", "ksh/metrics"]
+  }
   rule {
     api_groups = [""]
     resources  = ["configmaps"]
diff --git a/modules/eks-monitoring/otel-config/templates/clusterrole.yaml b/modules/eks-monitoring/otel-config/templates/clusterrole.yaml
index 4bb1fb76..cad72a9f 100644
--- a/modules/eks-monitoring/otel-config/templates/clusterrole.yaml
+++ b/modules/eks-monitoring/otel-config/templates/clusterrole.yaml
@@ -23,6 +23,13 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - metrics.eks.amazonaws.com
+    resources:
+      - kcm/metrics
+      - ksh/metrics
+    verbs:
+      - get
   - nonResourceURLs:
       - /metrics
     verbs:
diff --git a/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml b/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml
index ab022456..43820e5e 100644
--- a/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml
+++ b/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml
@@ -104,6 +104,42 @@ spec:
                 regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50)
                 replacement: $${1}
                 action: drop
+            - job_name: 'ksh-metrics'
+              scheme: https
+              tls_config:
+                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+                insecure_skip_verify: true
+              bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+              kubernetes_sd_configs:
+              - role: endpoints
+              metrics_path: /apis/metrics.eks.amazonaws.com/v1/ksh/container/metrics
+              relabel_configs:
+              - source_labels:
+                  [
+                    __meta_kubernetes_namespace,
+                    __meta_kubernetes_service_name,
+                    __meta_kubernetes_endpoint_port_name,
+                  ]
+                action: keep
+                regex: default;kubernetes;https
+            - job_name: 'kcm-metrics'
+              scheme: https
+              tls_config:
+                ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+                insecure_skip_verify: true
+              bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+              kubernetes_sd_configs:
+              - role: endpoints
+              metrics_path: /apis/metrics.eks.amazonaws.com/v1/kcm/container/metrics
+              relabel_configs:
+              - source_labels:
+                  [
+                    __meta_kubernetes_namespace,
+                    __meta_kubernetes_service_name,
+                    __meta_kubernetes_endpoint_port_name,
+                  ]
+                action: keep
+                regex: default;kubernetes;https
             {{ end }}
 
             - job_name: serviceMonitor/default/kube-prometheus-stack-prometheus-node-exporter/0