diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index e31bb3073d..ad8dfcd979 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -123,6 +123,7 @@ No modules.
 | [aws_iam_policy_document.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_service_principal.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/service_principal) | data source |
 
 ## Inputs
 
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index 53e961244c..4d3cc08ed1 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -3,18 +3,26 @@ data "aws_region" "current" {
 
   region = var.region
 }
+
 data "aws_partition" "current" {
   count = var.create ? 1 : 0
 }
+
 data "aws_caller_identity" "current" {
   count = var.create ? 1 : 0
 }
 
+data "aws_service_principal" "ec2" {
+  count = var.create ? 1 : 0
+
+  service_name = "ec2"
+}
+
 locals {
-  account_id = try(data.aws_caller_identity.current[0].account_id, "")
-  dns_suffix = try(data.aws_partition.current[0].dns_suffix, "")
-  partition  = try(data.aws_partition.current[0].partition, "")
-  region     = try(data.aws_region.current[0].region, "")
+  account_id  = try(data.aws_caller_identity.current[0].account_id, "")
+  ec2_sp_name = try(data.aws_service_principal.ec2[0].name, "")
+  partition   = try(data.aws_partition.current[0].partition, "")
+  region      = try(data.aws_region.current[0].region, "")
 }
 
 ################################################################################
@@ -313,7 +321,7 @@ data "aws_iam_policy_document" "node_assume_role" {
 
     principals {
       type        = "Service"
-      identifiers = ["ec2.${local.dns_suffix}"]
+      identifiers = [local.ec2_sp_name]
     }
   }
 }
diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
index 1b3df556ea..34937f36eb 100644
--- a/modules/karpenter/policy.tf
+++ b/modules/karpenter/policy.tf
@@ -234,7 +234,7 @@ data "aws_iam_policy_document" "controller" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = distinct(["ec2.${local.dns_suffix}", "ec2.amazonaws.com"])
+      values   = distinct([local.ec2_sp_name, "ec2.amazonaws.com"])
     }
   }
 
diff --git a/outputs.tf b/outputs.tf
index 4663b83639..ce5756cef5 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,7 +1,3 @@
-locals {
-
-}
-
 ################################################################################
 # Cluster
 ################################################################################