diff --git a/cluster/defaults.go b/cluster/defaults.go
index 1837a90b..e8cec1ec 100644
--- a/cluster/defaults.go
+++ b/cluster/defaults.go
@@ -157,6 +157,7 @@ var (
 	}
 	DefaultClusterProportionalAutoscalerLinearParams = v3.LinearAutoscalerParams{CoresPerReplica: 128, NodesPerReplica: 4, Min: 1, PreventSinglePointFailure: true}
 	DefaultMonitoringAddonReplicas                   = int32(1)
+	defaultUseInstanceMetadataHostname               = false
 )
 
 type ExternalFlags struct {
@@ -263,6 +264,10 @@ func (c *Cluster) setClusterDefaults(ctx context.Context, flags ExternalFlags) e
 		c.ForceDeployCerts = true
 	}
 
+	if c.CloudProvider.Name == k8s.AWSCloudProvider && c.CloudProvider.UseInstanceMetadataHostname == nil {
+		c.CloudProvider.UseInstanceMetadataHostname = &defaultUseInstanceMetadataHostname
+	}
+
 	// enable cri-dockerd for k8s >= 1.24
 	err = c.setCRIDockerd()
 	if err != nil {
diff --git a/cluster/plan.go b/cluster/plan.go
index 4c719c81..a91027fd 100644
--- a/cluster/plan.go
+++ b/cluster/plan.go
@@ -458,11 +458,12 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
 	kubelet := &c.Services.Kubelet
 	Command := c.getRKEToolsEntryPoint(host.OS(), "kubelet")
 	CommandArgs := map[string]string{
-		"client-ca-file":            pki.GetCertPath(pki.CACertName),
-		"cloud-provider":            c.CloudProvider.Name,
-		"cluster-dns":               c.ClusterDNSServer,
-		"cluster-domain":            c.ClusterDomain,
-		"fail-swap-on":              strconv.FormatBool(kubelet.FailSwapOn),
+		"client-ca-file": pki.GetCertPath(pki.CACertName),
+		"cloud-provider": c.CloudProvider.Name,
+		"cluster-dns":    c.ClusterDNSServer,
+		"cluster-domain": c.ClusterDomain,
+		"fail-swap-on":   strconv.FormatBool(kubelet.FailSwapOn),
+		// overrides kubernetes.io/hostname label on node, rke uses it to find node (services/node_util.go)
 		"hostname-override":         host.HostnameOverride,
 		"kubeconfig":                pki.GetConfigPath(pki.KubeNodeCertName),
 		"pod-infra-container-image": kubelet.InfraContainerImage,
@@ -490,9 +491,6 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
 		if host.IsWindows() { // compatible with Windows
 			CommandArgs["cloud-config"] = path.Join(host.PrefixPath, cloudConfigFileName)
 		}
-		if c.CloudProvider.Name == k8s.AWSCloudProvider {
-			delete(CommandArgs, "hostname-override")
-		}
 	}
 
 	if c.IsKubeletGenerateServingCertificateEnabled() {
@@ -690,7 +688,8 @@ func (c *Cluster) BuildKubeProxyProcess(host *hosts.Host, serviceOptions v3.Kube
 		} else {
 			CommandArgs["bind-address"] = host.Address
 		}
-		if c.CloudProvider.Name == k8s.AWSCloudProvider {
+		if c.CloudProvider.Name == k8s.AWSCloudProvider && c.CloudProvider.UseInstanceMetadataHostname != nil && *c.CloudProvider.UseInstanceMetadataHostname {
+			// rke-tools will inject hostname-override from ec2 instance metadata to match with the spec.nodeName set by cloud provider https://github.com/rancher/rke-tools/blob/3eab4f07aa97a8aeeaaef55b1b7bbc82e2a3374a/entrypoint.sh#L17
 			delete(CommandArgs, "hostname-override")
 		}
 	}
diff --git a/types/kdm/zz_generated_deepcopy.go b/types/kdm/zz_generated_deepcopy.go
index 555d5d0d..313fbacf 100644
--- a/types/kdm/zz_generated_deepcopy.go
+++ b/types/kdm/zz_generated_deepcopy.go
@@ -2,7 +2,7 @@
 // +build !ignore_autogenerated
 
 /*
-Copyright 2022 Rancher Labs, Inc.
+Copyright 2023 Rancher Labs, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/types/rke_types.go b/types/rke_types.go
index bd696509..d3542d8f 100644
--- a/types/rke_types.go
+++ b/types/rke_types.go
@@ -554,6 +554,8 @@ type PortCheck struct {
 type CloudProvider struct {
 	// Name of the Cloud Provider
 	Name string `yaml:"name" json:"name,omitempty"`
+	// Only configured for AWS currently, add for other providers as needed
+	UseInstanceMetadataHostname *bool ` yaml:"useInstanceMetadataHostname,omitempty" json:"useInstanceMetadataHostname,omitempty"`
 	// AWSCloudProvider
 	AWSCloudProvider *AWSCloudProvider `yaml:"awsCloudProvider,omitempty" json:"awsCloudProvider,omitempty"`
 	// AzureCloudProvider
diff --git a/types/zz_generated_deepcopy.go b/types/zz_generated_deepcopy.go
index d24b22a8..e547205c 100644
--- a/types/zz_generated_deepcopy.go
+++ b/types/zz_generated_deepcopy.go
@@ -2,7 +2,7 @@
 // +build !ignore_autogenerated
 
 /*
-Copyright 2022 Rancher Labs, Inc.
+Copyright 2023 Rancher Labs, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -400,6 +400,11 @@ func (in *CanalNetworkProvider) DeepCopy() *CanalNetworkProvider {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CloudProvider) DeepCopyInto(out *CloudProvider) {
 	*out = *in
+	if in.UseInstanceMetadataHostname != nil {
+		in, out := &in.UseInstanceMetadataHostname, &out.UseInstanceMetadataHostname
+		*out = new(bool)
+		**out = **in
+	}
 	if in.AWSCloudProvider != nil {
 		in, out := &in.AWSCloudProvider, &out.AWSCloudProvider
 		*out = new(AWSCloudProvider)