diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md
index 65fde298830..d0de3c057a7 100644
--- a/modules/node_groups/README.md
+++ b/modules/node_groups/README.md
@@ -45,6 +45,9 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In
 | subnets | Subnets to contain workers | list(string) | `var.workers_group_defaults[subnets]` |
 | version | Kubernetes version | string | Provider default behavior |
 | taints | Kubernetes node taints | list(map) | empty |
+| metadata_http_endpoint | The state of the instance metadata service. Requires `create_launch_template` to be `true` | bool | `var.workers_group_defaults[metadata_http_endpoint]` |
+| metadata_http_tokens | If session tokens are required. Requires `create_launch_template` to be `true` | bool | `var.workers_group_defaults[metadata_http_tokens]` |
+| metadata_http_put_response_hop_limit | The desired HTTP PUT response hop limit for instance metadata requests. Requires `create_launch_template` to be `true` | bool | `var.workers_group_defaults[metadata_http_put_response_hop_limit]` |
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
diff --git a/modules/node_groups/launch_template.tf b/modules/node_groups/launch_template.tf
index bdd05b3a2c1..e782327d82c 100644
--- a/modules/node_groups/launch_template.tf
+++ b/modules/node_groups/launch_template.tf
@@ -71,6 +71,12 @@ resource "aws_launch_template" "workers" {
 
   key_name = lookup(each.value, "key_name", null)
 
+  metadata_options {
+    http_endpoint               = lookup(each.value, "metadata_http_endpoint", null)
+    http_tokens                 = lookup(each.value, "metadata_http_tokens", null)
+    http_put_response_hop_limit = lookup(each.value, "metadata_http_put_response_hop_limit", null)
+  }
+
   # Supplying custom tags to EKS instances is another use-case for LaunchTemplates
   tag_specifications {
     resource_type = "instance"