diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index 05fcfad6e9..50e7066164 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -1199,6 +1199,11 @@ role_sync_controller_enabled: "false"
 eks: "false"
 eks_control_plane_logging: "false"
 eks_ip_family: "ipv4"
+
+# prefix delegation can only be configured for ipv4. For ipv6 it can only be
+# true.
+aws_vpc_cni_prefix_delegation: "true"
+aws_vpc_cni_custom_networking: "false"
 eks_zalando_iam_aws_proxy_cpu: "100m"
 eks_zalando_iam_aws_proxy_memory: "512Mi"
 eks_zalando_iam_aws_proxy_hpa_max_replicas: "10"
diff --git a/cluster/manifests/01-aws-node/daemonset.yaml b/cluster/manifests/01-aws-node/daemonset.yaml
index a80534163c..7d8e841b43 100644
--- a/cluster/manifests/01-aws-node/daemonset.yaml
+++ b/cluster/manifests/01-aws-node/daemonset.yaml
@@ -53,7 +53,11 @@ spec:
         - name: AWS_VPC_ENI_MTU
           value: "9001"
         - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
-          value: "false"
+          value: "{{ .Cluster.ConfigItems.aws_vpc_cni_custom_networking }}"
+        # {{ if eq .Cluster.ConfigItems.aws_vpc_cni_custom_networking "true" }}
+        - name: ENI_CONFIG_LABEL_DEF
+          value: topology.kubernetes.io/zone
+        # {{ end }}
         - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
           value: "false"
         - name: AWS_VPC_K8S_CNI_LOGLEVEL
diff --git a/cluster/manifests/01-aws-node/pod_subnets.yaml b/cluster/manifests/01-aws-node/pod_subnets.yaml
new file mode 100644
index 0000000000..4b7dd11554
--- /dev/null
+++ b/cluster/manifests/01-aws-node/pod_subnets.yaml
@@ -0,0 +1,19 @@
+# {{ if eq .Cluster.ConfigItems.aws_vpc_cni_custom_networking "true" }}
+# {{ with $data := . }}
+# {{ with $azCount := len $data.Values.availability_zones }}
+# {{ range $az := $data.Values.availability_zones }}
+# {{ with $azID := azID $az }}
+---
+apiVersion : crd.k8s.amazonaws.com/v1alpha1
+kind : ENIConfig
+metadata:
+  name: "{{$az}}"
+spec:
+  securityGroups:
+    - {{ $data.Values.ClusterStackOutputs.EKSWorkerSecurityGroup }}
+  subnet: "{{ index $data.Values.pod_subnets $az }}"
+# {{end}}
+# {{end}}
+# {{end}}
+# {{end}}
+# {{end}}