diff --git a/data.tf b/data.tf
index 29da467..6a031ff 100644
--- a/data.tf
+++ b/data.tf
@@ -44,13 +44,13 @@ data "template_file" "kubeconfig" {
   template = "${file("${path.module}/templates/kubeconfig.tpl")}"
 
   vars {
-    cluster_name                      = "${aws_eks_cluster.this.name}"
     kubeconfig_name                   = "${local.kubeconfig_name}"
     endpoint                          = "${aws_eks_cluster.this.endpoint}"
     region                            = "${data.aws_region.current.name}"
     cluster_auth_base64               = "${aws_eks_cluster.this.certificate_authority.0.data}"
     aws_authenticator_command         = "${var.kubeconfig_aws_authenticator_command}"
-    aws_authenticator_additional_args = "${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_additional_args)}" : "" }"
+    aws_authenticator_command_args    = "${length(var.kubeconfig_aws_authenticator_command_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_command_args)}" : "        - ${join("\n        - ", formatlist("\"%s\"", list("token", "-i", aws_eks_cluster.this.name)))}"}"
+    aws_authenticator_additional_args = "${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_additional_args)}" : ""}"
     aws_authenticator_env_variables   = "${length(var.kubeconfig_aws_authenticator_env_variables) > 0 ? "      env:\n${join("\n", data.template_file.aws_authenticator_env_variables.*.rendered)}" : ""}"
   }
 }
diff --git a/templates/kubeconfig.tpl b/templates/kubeconfig.tpl
index 18e8a8f..1696391 100644
--- a/templates/kubeconfig.tpl
+++ b/templates/kubeconfig.tpl
@@ -23,8 +23,6 @@ users:
       apiVersion: client.authentication.k8s.io/v1alpha1
       command: ${aws_authenticator_command}
       args:
-        - "token"
-        - "-i"
-        - "${cluster_name}"
+${aws_authenticator_command_args}
 ${aws_authenticator_additional_args}
 ${aws_authenticator_env_variables}
diff --git a/variables.tf b/variables.tf
index 15823cc..48a3cb7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -102,6 +102,12 @@ variable "kubeconfig_aws_authenticator_command" {
   default     = "aws-iam-authenticator"
 }
 
+variable "kubeconfig_aws_authenticator_command_args" {
+  description = "Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]."
+  type        = "list"
+  default     = []
+}
+
 variable "kubeconfig_aws_authenticator_additional_args" {
   description = "Any additional arguments to pass to the authenticator such as the role to assume. e.g. [\"-r\", \"MyEksRole\"]."
   type        = "list"