diff --git a/aws/e6data_with_existing_vpc/eks.tf b/aws/e6data_with_existing_vpc/eks.tf
index d66b91f8..0dd1c8c0 100644
--- a/aws/e6data_with_existing_vpc/eks.tf
+++ b/aws/e6data_with_existing_vpc/eks.tf
@@ -55,3 +55,45 @@ provider "helm" {
   }
 }
 
+resource "kubectl_manifest" "eni_config" {
+  
+  for_each = length(var.additional_cidr_block) > 0 ? {
+    for index, subnet_id in module.network.additional_private_subnet_ids : index => {
+      az_name   = data.aws_availability_zones.available.names[index]
+      subnet_id = subnet_id
+    }
+  } : {}
+
+  yaml_body = <<EOF
+apiVersion: crd.k8s.amazonaws.com/v1alpha1
+kind: ENIConfig
+metadata:
+  name: "${each.value.az_name}"
+spec:
+  subnet: "${each.value.subnet_id}"
+EOF
+}
+
+
+resource "kubectl_manifest" "aws_node_patch" {
+  count = length(var.additional_cidr_block) > 0 ? 1 : 0
+  yaml_body = <<EOT
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: aws-node
+  namespace: kube-system
+spec:
+  template:
+    spec:
+      containers:
+        - name: aws-node
+          env:
+            - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
+              value: "true"
+            - name: ENI_CONFIG_LABEL_DEF
+              value: "failure-domain.beta.kubernetes.io/zone"
+EOT
+
+  wait = false
+}
\ No newline at end of file
diff --git a/aws/e6data_with_existing_vpc/karpenter.tf b/aws/e6data_with_existing_vpc/karpenter.tf
index ecee879e..2aa1f30a 100644
--- a/aws/e6data_with_existing_vpc/karpenter.tf
+++ b/aws/e6data_with_existing_vpc/karpenter.tf
@@ -1,12 +1,19 @@
 # This resource adds a tag to each subnet in the network module
 # to enable Karpenter to discover the EKS cluster.
 resource "aws_ec2_tag" "karpenter_subnet_cluster_tag" {
-  count       = length(module.network.private_subnet_ids)
+  count       = var.additional_cidr_block == "" ? length(module.network.private_subnet_ids) : 0
   resource_id = module.network.private_subnet_ids[count.index]
   key         = "karpenter.sh/discovery"
   value       = module.eks.cluster_name
 }
 
+resource "aws_ec2_tag" "karpenter_subnet_cluster_tag_additional" {
+  count       = var.additional_cidr_block == "" ? 0 : length(module.network.additional_private_subnet_ids)
+  resource_id = module.network.additional_private_subnet_ids[count.index]
+  key         = "karpenter.sh/discovery"
+  value       = module.eks.cluster_name
+}
+
 data "aws_iam_policy_document" "karpenter_node_trust_policy" {
   statement {
     actions = ["sts:AssumeRole"]
diff --git a/aws/e6data_with_existing_vpc/modules/network/additional_private_subnet.tf b/aws/e6data_with_existing_vpc/modules/network/additional_private_subnet.tf
new file mode 100644
index 00000000..fe897263
--- /dev/null
+++ b/aws/e6data_with_existing_vpc/modules/network/additional_private_subnet.tf
@@ -0,0 +1,37 @@
+# Conditional VPC CIDR block association
+resource "aws_vpc_ipv4_cidr_block_association" "additional_cidr" {
+  count = length(var.additional_cidr_block) > 0 ? 1 : 0
+
+  vpc_id     = data.aws_vpc.vpc.id
+  cidr_block = var.additional_cidr_block
+}
+
+# Conditional subnets creation (only if additional CIDR block exists)
+resource "aws_subnet" "additional_private" {
+  for_each = length(var.additional_cidr_block) > 0 ? local.additional_private_subnets : {}
+
+  vpc_id            = data.aws_vpc.vpc.id
+  availability_zone = each.value.az
+  cidr_block        = each.value.cidr
+
+  map_public_ip_on_launch = false
+
+  tags = {
+    Name = format("%s-%s-additional-private-subnet-%s", var.env, var.workspace_name, each.value.az)
+    type = "private"
+  }
+
+  lifecycle {
+    ignore_changes = [tags]
+  }
+
+  depends_on = [data.aws_vpc.vpc]
+}
+
+# Conditional route table association (only if additional CIDR block exists)
+resource "aws_route_table_association" "additional_private_subnet_assoc" {
+  for_each = length(var.additional_cidr_block) > 0 ? local.additional_private_subnets : {}
+
+  subnet_id      = aws_subnet.additional_private[each.key].id
+  route_table_id = aws_route_table.private_route_table.id
+}
diff --git a/aws/e6data_with_existing_vpc/modules/network/additional_public_subnet.tf b/aws/e6data_with_existing_vpc/modules/network/additional_public_subnet.tf
new file mode 100644
index 00000000..10290b10
--- /dev/null
+++ b/aws/e6data_with_existing_vpc/modules/network/additional_public_subnet.tf
@@ -0,0 +1,29 @@
+# Conditional public subnets creation (only if additional CIDR block exists)
+resource "aws_subnet" "additional_public" {
+  for_each = length(var.additional_cidr_block) > 0 ? local.additional_public_subnets : {}
+
+  vpc_id            = data.aws_vpc.vpc.id
+  availability_zone = each.value.az
+  cidr_block        = each.value.cidr
+
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = format("%s-%s-additional-public-subnet-%s", var.env, var.workspace_name, each.value.az)
+    type = "public"
+  }
+
+  lifecycle {
+    ignore_changes = [tags]
+  }
+
+  depends_on = [data.aws_vpc.vpc]
+}
+
+# Conditional route table association for public subnets (only if additional CIDR block exists)
+resource "aws_route_table_association" "additional_pub_subnet_assoc" {
+  for_each = length(var.additional_cidr_block) > 0 ? local.additional_public_subnets : {}
+
+  subnet_id      = aws_subnet.additional_public[each.key].id
+  route_table_id = aws_route_table.public_route_table.id
+}
diff --git a/aws/e6data_with_existing_vpc/modules/network/main.tf b/aws/e6data_with_existing_vpc/modules/network/main.tf
index aeccd200..c35b5f09 100644
--- a/aws/e6data_with_existing_vpc/modules/network/main.tf
+++ b/aws/e6data_with_existing_vpc/modules/network/main.tf
@@ -56,6 +56,31 @@ locals {
       )
     }
   }
+
+
+  additional_public_subnets = length(var.additional_cidr_block) > 0 ? {
+    for index, subnet in data.aws_availability_zones.available.names : index =>
+    {
+      az = data.aws_availability_zones.available.names[index]
+      cidr = cidrsubnet(
+        var.additional_cidr_block,
+        12,
+        150 + index
+      )
+    }
+  } : {}
+
+  additional_private_subnets = length(var.additional_cidr_block) > 0 ? {
+    for index, subnet in data.aws_availability_zones.available.names : index =>
+    {
+      az = data.aws_availability_zones.available.names[index]
+      cidr = cidrsubnet(
+        var.additional_cidr_block,
+        12,
+        200 + index
+      )
+    }
+  } : {}
 }
 
 resource "aws_vpc_endpoint" "s3_endpoint" {
diff --git a/aws/e6data_with_existing_vpc/modules/network/outputs.tf b/aws/e6data_with_existing_vpc/modules/network/outputs.tf
index 63dd62d8..1c53cc47 100644
--- a/aws/e6data_with_existing_vpc/modules/network/outputs.tf
+++ b/aws/e6data_with_existing_vpc/modules/network/outputs.tf
@@ -8,6 +8,16 @@ output "private_subnet_ids" {
   value       = [for subnet in aws_subnet.private : subnet.id]
 }
 
+output "additional_public_subnet_ids" {
+  description = "IDs of the created public subnets"
+  value       = [for subnet in aws_subnet.additional_public : subnet.id]
+}
+
+output "additional_private_subnet_ids" {
+  description = "IDs of the created private subnets"
+  value       = [for subnet in aws_subnet.additional_private : subnet.id]
+}
+
 output "public_route_table_id" {
   description = "IDs of the created public route tables"
   value       = aws_route_table.public_route_table.id
diff --git a/aws/e6data_with_existing_vpc/modules/network/variables.tf b/aws/e6data_with_existing_vpc/modules/network/variables.tf
index 32b08311..d397241d 100644
--- a/aws/e6data_with_existing_vpc/modules/network/variables.tf
+++ b/aws/e6data_with_existing_vpc/modules/network/variables.tf
@@ -25,4 +25,10 @@ variable "region" {
   type        = string
   description = "AWS region of the EKS cluster."
   default     = "us-east-1"
+}
+
+variable "additional_cidr_block" {
+  type        = string
+  description = "Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`)"
+  default     = "100.64.0.0/16"
 }
\ No newline at end of file
diff --git a/aws/e6data_with_existing_vpc/network.tf b/aws/e6data_with_existing_vpc/network.tf
index 690a60f7..dfce7033 100644
--- a/aws/e6data_with_existing_vpc/network.tf
+++ b/aws/e6data_with_existing_vpc/network.tf
@@ -8,4 +8,7 @@ module "network" {
 
   vpc_id      = var.vpc_id
   excluded_az = var.excluded_az
+
+  additional_cidr_block = var.additional_cidr_block
+
 }
diff --git a/aws/e6data_with_existing_vpc/provider.tf b/aws/e6data_with_existing_vpc/provider.tf
index f3e5dbc4..f927a0f7 100644
--- a/aws/e6data_with_existing_vpc/provider.tf
+++ b/aws/e6data_with_existing_vpc/provider.tf
@@ -9,11 +9,11 @@ provider "aws" {
 }
 
 terraform {
-  backend "s3" {
-    bucket = "mybucket"
-    key    = "path/to/my/key"
-    region = "us-east-1"
-  }
+  # backend "s3" {
+  #   bucket = "mybucket"
+  #   key    = "path/to/my/key"
+  #   region = "us-east-1"
+  # }
 
   required_providers {
     aws = {
diff --git a/aws/e6data_with_existing_vpc/terraform.tfvars b/aws/e6data_with_existing_vpc/terraform.tfvars
index b9b015b3..3e7a7c1e 100644
--- a/aws/e6data_with_existing_vpc/terraform.tfvars
+++ b/aws/e6data_with_existing_vpc/terraform.tfvars
@@ -18,6 +18,10 @@ nodepool_instance_family = ["t3", "t4g", "t2", "c7g", "c7gd", "c6g", "c6gd", "r6
 vpc_id      = "vpc-abcdefg12345"
 excluded_az = ["us-east-1e"]
 
+# Additional CIDR block for the VPC. 
+# Leave it empty ("") if no extra CIDR block is needed.
+additional_cidr_block = ""
+
 # EKS Cluster Variables
 cluster_name      = "ekscluster"                                                 ### The name of the Kubernetes cluster to be created for the e6data workspace.
 cluster_log_types = ["scheduler", "controllerManager", "authenticator", "audit"] ### List of the desired control plane logging to enable.
diff --git a/aws/e6data_with_existing_vpc/variables.tf b/aws/e6data_with_existing_vpc/variables.tf
index d32ad247..a781cb31 100644
--- a/aws/e6data_with_existing_vpc/variables.tf
+++ b/aws/e6data_with_existing_vpc/variables.tf
@@ -251,4 +251,10 @@ variable "additional_egress_rules" {
     cidr_blocks = list(string)
   }))
   default = []
+}
+
+variable "additional_cidr_block" {
+  type        = string
+  description = "Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`)"
+  default     = ""
 }
\ No newline at end of file