diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 8f20cce45..d3b41f873 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 15.1.0
     repository: https://codecentric.github.io/helm-charts
   - name: kong
-    version: 2.5.0
+    version: 2.6.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
     version: 19.2.3
@@ -72,7 +72,7 @@ dependencies:
     version: 2.5.0
     repository: https://grafana.github.io/helm-charts
   - name: loki
-    version: 2.8.0
+    version: 2.8.1
     repository: https://grafana.github.io/helm-charts
   - name: promtail
     version: 3.9.1
@@ -108,7 +108,7 @@ dependencies:
     version: 8.0.0
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
-    version: v3.20.2
+    version: v3.21.0
     repository: https://docs.projectcalico.org/charts
   - name: traefik
     version: 10.6.1
diff --git a/modules/aws/README.md b/modules/aws/README.md
index c46530791..f647b504d 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -284,6 +284,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
diff --git a/modules/aws/velero.tf b/modules/aws/velero.tf
index 8431f57e3..a5be56c6f 100644
--- a/modules/aws/velero.tf
+++ b/modules/aws/velero.tf
@@ -266,3 +266,34 @@ resource "kubernetes_network_policy" "velero_allow_namespace" {
     policy_types = ["Ingress"]
   }
 }
+
+resource "kubernetes_network_policy" "velero_allow_monitoring" {
+  count = local.velero["enabled"] && local.velero["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-allow-monitoring"
+    namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      ports {
+        port     = "8085"
+        protocol = "TCP"
+      }
+
+      from {
+        namespace_selector {
+          match_labels = {
+            "${local.labels_prefix}/component" = "monitoring"
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}