diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index 227a2f6aac..25aa6b2da9 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -10,9 +10,15 @@ data "aws_caller_identity" "current" {
   count = var.create ? 1 : 0
 }
 
+data "aws_service_principal" "ec2" {
+  count = var.create ? 1 : 0
+  service_name = "ec2"
+}
+
 locals {
   account_id = try(data.aws_caller_identity.current[0].account_id, "")
   dns_suffix = try(data.aws_partition.current[0].dns_suffix, "")
+  ec2_service_principal_name = try(data.aws_service_principal.ec2[0].name, "")
   partition  = try(data.aws_partition.current[0].partition, "")
   region     = try(data.aws_region.current[0].region, "")
 }
@@ -271,7 +277,7 @@ data "aws_iam_policy_document" "node_assume_role" {
 
     principals {
       type        = "Service"
-      identifiers = ["ec2.${local.dns_suffix}"]
+      identifiers = [local.ec2_service_principal_name]
     }
   }
 }
diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
index 1b3df556ea..1509e89a63 100644
--- a/modules/karpenter/policy.tf
+++ b/modules/karpenter/policy.tf
@@ -234,7 +234,7 @@ data "aws_iam_policy_document" "controller" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = distinct(["ec2.${local.dns_suffix}", "ec2.amazonaws.com"])
+      values   = distinct([local.ec2_service_principal_name, "ec2.amazonaws.com"])
     }
   }