diff --git a/README.md b/README.md
index 88f8741..5c53966 100644
--- a/README.md
+++ b/README.md
@@ -243,7 +243,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
|------|--------|---------|
| [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | ./modules/eks-managed-node-group | n/a |
| [fargate\_profile](#module\_fargate\_profile) | ./modules/fargate-profile | n/a |
-| [kms](#module\_kms) | terraform-aws-modules/kms/aws | 1.1.0 |
+| [kms](#module\_kms) | terraform-aws-modules/kms/aws | 2.1.0 |
| [self\_managed\_node\_group](#module\_self\_managed\_node\_group) | ./modules/self-managed-node-group | n/a |
## Resources
diff --git a/main.tf b/main.tf
index 674110e..e96ce90 100644
--- a/main.tf
+++ b/main.tf
@@ -122,7 +122,7 @@ resource "aws_cloudwatch_log_group" "this" {
module "kms" {
source = "terraform-aws-modules/kms/aws"
- version = "1.1.0" # Note - be mindful of Terraform/provider version compatibility between modules
+ version = "2.1.0" # Note - be mindful of Terraform/provider version compatibility between modules
create = local.create && var.create_kms_key && local.enable_cluster_encryption_config # not valid on Outposts
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index 5cf4d39..f74d577 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -324,7 +324,7 @@ locals {
iam_role_name = coalesce(var.iam_role_name, "Karpenter-${var.cluster_name}")
iam_role_policy_prefix = "arn:${local.partition}:iam::aws:policy"
- cni_policy = var.cluster_ip_family == "ipv6" ? "${local.iam_role_policy_prefix}/AmazonEKS_CNI_IPv6_Policy" : "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+ cni_policy = var.cluster_ip_family == "ipv6" ? "arn:${local.partition}:iam::${local.account_id}:policy/AmazonEKS_CNI_IPv6_Policy" : "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
}
data "aws_iam_policy_document" "assume_role" {