diff --git a/README.md b/README.md
index 85b0119dd6..a0b7380ef6 100644
--- a/README.md
+++ b/README.md
@@ -640,6 +640,14 @@ Default: empty
 Specify a comma-separated list of IPv4 CIDRs that *must* be routed via main routing table. This is required for secondary ENIs to reach endpoints outside of VPC that are backed by a service.
 For every item in the list, an `ip rule` will be created with a priority greater than the `ip rule` capturing egress traffic from the container. If an item is not a valid IPv4 CIDR, it will be skipped.
 
+#### `AWS_EC2_ENDPOINT` (v1.13.0+)
+
+Type: String
+
+Default: empty
+
+Specify the EC2 endpoint to use. This is useful if you are using a custom endpoint for EC2. For example, if you are using a proxy for EC2, you can set this to the proxy endpoint. Any kind of URL or IP address is valid such as `https://localhost:8080` or `http://ec2.us-west-2.customaws.com`. If this is not set, the default EC2 endpoint will be used.
+
 ### VPC CNI Feature Matrix
 
 IP Mode | Secondary IP Mode | Prefix Delegation | Security Groups Per Pod | WARM & MIN IP/Prefix Targets | External SNAT
diff --git a/pkg/awsutils/awssession/session.go b/pkg/awsutils/awssession/session.go
index 868cc69d23..b25e772432 100644
--- a/pkg/awsutils/awssession/session.go
+++ b/pkg/awsutils/awssession/session.go
@@ -26,6 +26,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/ec2"
 )
 
 // Http client timeout env for sessions
@@ -65,6 +66,20 @@ func New() *session.Session {
 		},
 		STSRegionalEndpoint: endpoints.RegionalSTSEndpoint,
 	}
+
+	endpoint := os.Getenv("AWS_EC2_ENDPOINT")
+	if endpoint != "" {
+		customResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
+			if service == ec2.EndpointsID {
+				return endpoints.ResolvedEndpoint{
+					URL: endpoint,
+				}, nil
+			}
+			return endpoints.DefaultResolver().EndpointFor(service, region, optFns...)
+		}
+		awsCfg.EndpointResolver = endpoints.ResolverFunc(customResolver)
+	}
+
 	sess := session.Must(session.NewSession(&awsCfg))
 	//injecting session handler info
 	injectUserAgent(&sess.Handlers)
diff --git a/pkg/awsutils/awssession/session_test.go b/pkg/awsutils/awssession/session_test.go
index 157887c9d6..1ca9e4e7bf 100644
--- a/pkg/awsutils/awssession/session_test.go
+++ b/pkg/awsutils/awssession/session_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -21,3 +22,16 @@ func TestHttpTimeoutWithValueAbove10(t *testing.T) {
 	expectedHTTPTimeOut := time.Duration(12) * time.Second
 	assert.Equal(t, expectedHTTPTimeOut, getHTTPTimeout())
 }
+
+func TestAwsEc2EndpointResolver(t *testing.T) {
+	customEndpoint := "https://ec2.us-west-2.customaws.com"
+
+	os.Setenv("AWS_EC2_ENDPOINT", customEndpoint)
+	defer os.Unsetenv("AWS_EC2_ENDPOINT")
+
+	sess := New()
+
+	resolvedEndpoint, err := sess.Config.EndpointResolver.EndpointFor(ec2.EndpointsID, "")
+	assert.NoError(t, err)
+	assert.Equal(t, customEndpoint, resolvedEndpoint.URL)
+}