diff --git a/pkg/clients/ec2/vpc.go b/pkg/clients/ec2/vpc.go
index 15c19af64f..a88ff9e952 100644
--- a/pkg/clients/ec2/vpc.go
+++ b/pkg/clients/ec2/vpc.go
@@ -100,12 +100,18 @@ func GenerateVpcObservation(vpc ec2.Vpc) v1beta1.VPCObservation {
 }
 
 // LateInitializeVPC fills the empty fields in *v1beta1.VPCParameters with
-// the values seen in ec2.Vpc.
-func LateInitializeVPC(in *v1beta1.VPCParameters, v *ec2.Vpc) { // nolint:gocyclo
+// the values seen in ec2.Vpc and ec2.DescribeVpcAttributeOutput.
+func LateInitializeVPC(in *v1beta1.VPCParameters, v *ec2.Vpc, attributes *ec2.DescribeVpcAttributeOutput) { // nolint:gocyclo
 	if v == nil {
 		return
 	}
 
 	in.CIDRBlock = awsclients.LateInitializeString(in.CIDRBlock, v.CidrBlock)
 	in.InstanceTenancy = awsclients.LateInitializeStringPtr(in.InstanceTenancy, aws.String(string(v.InstanceTenancy)))
+	if attributes.EnableDnsHostnames != nil {
+		in.EnableDNSHostNames = awsclients.LateInitializeBoolPtr(in.EnableDNSHostNames, attributes.EnableDnsHostnames.Value)
+	}
+	if attributes.EnableDnsHostnames != nil {
+		in.EnableDNSSupport = awsclients.LateInitializeBoolPtr(in.EnableDNSSupport, attributes.EnableDnsSupport.Value)
+	}
 }
diff --git a/pkg/controller/ec2/vpc/controller.go b/pkg/controller/ec2/vpc/controller.go
index 68d096873e..3d50d36313 100644
--- a/pkg/controller/ec2/vpc/controller.go
+++ b/pkg/controller/ec2/vpc/controller.go
@@ -124,16 +124,6 @@ func (e *external) Observe(ctx context.Context, mgd resource.Managed) (managed.E
 
 	// update the CRD spec for any new values from provider
 	current := cr.Spec.ForProvider.DeepCopy()
-	ec2.LateInitializeVPC(&cr.Spec.ForProvider, &observed)
-
-	switch observed.State {
-	case awsec2.VpcStateAvailable:
-		cr.SetConditions(xpv1.Available())
-	case awsec2.VpcStatePending:
-		cr.SetConditions(xpv1.Creating())
-	}
-
-	cr.Status.AtProvider = ec2.GenerateVpcObservation(observed)
 
 	o := awsec2.DescribeVpcAttributeOutput{}
 
@@ -159,6 +149,17 @@ func (e *external) Observe(ctx context.Context, mgd resource.Managed) (managed.E
 		}
 	}
 
+	ec2.LateInitializeVPC(&cr.Spec.ForProvider, &observed, &o)
+
+	switch observed.State {
+	case awsec2.VpcStateAvailable:
+		cr.SetConditions(xpv1.Available())
+	case awsec2.VpcStatePending:
+		cr.SetConditions(xpv1.Creating())
+	}
+
+	cr.Status.AtProvider = ec2.GenerateVpcObservation(observed)
+
 	return managed.ExternalObservation{
 		ResourceExists:          true,
 		ResourceUpToDate:        ec2.IsVpcUpToDate(cr.Spec.ForProvider, observed, o),
@@ -191,17 +192,22 @@ func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.Ex
 		return managed.ExternalUpdate{}, errors.New(errUnexpectedObject)
 	}
 
-	for _, input := range []*awsec2.ModifyVpcAttributeInput{
-		{
+	if cr.Spec.ForProvider.EnableDNSSupport != nil {
+		modifyInput := &awsec2.ModifyVpcAttributeInput{
 			VpcId:            aws.String(meta.GetExternalName(cr)),
 			EnableDnsSupport: &awsec2.AttributeBooleanValue{Value: cr.Spec.ForProvider.EnableDNSSupport},
-		},
-		{
+		}
+		if _, err := e.client.ModifyVpcAttributeRequest(modifyInput).Send(ctx); err != nil {
+			return managed.ExternalUpdate{}, awsclient.Wrap(err, errModifyVPCAttributes)
+		}
+	}
+
+	if cr.Spec.ForProvider.EnableDNSHostNames != nil {
+		modifyInput := &awsec2.ModifyVpcAttributeInput{
 			VpcId:              aws.String(meta.GetExternalName(cr)),
 			EnableDnsHostnames: &awsec2.AttributeBooleanValue{Value: cr.Spec.ForProvider.EnableDNSHostNames},
-		},
-	} {
-		if _, err := e.client.ModifyVpcAttributeRequest(input).Send(ctx); err != nil {
+		}
+		if _, err := e.client.ModifyVpcAttributeRequest(modifyInput).Send(ctx); err != nil {
 			return managed.ExternalUpdate{}, awsclient.Wrap(err, errModifyVPCAttributes)
 		}
 	}
diff --git a/pkg/controller/ec2/vpc/controller_test.go b/pkg/controller/ec2/vpc/controller_test.go
index fa6bf48503..07e0239ff5 100644
--- a/pkg/controller/ec2/vpc/controller_test.go
+++ b/pkg/controller/ec2/vpc/controller_test.go
@@ -45,6 +45,7 @@ var (
 	vpcID          = "some Id"
 	cidr           = "192.168.0.0/32"
 	tenancyDefault = "default"
+	enableDNS      = true
 
 	errBoom = errors.New("boom")
 )
@@ -233,6 +234,27 @@ func TestCreate(t *testing.T) {
 		want
 	}{
 		"Successful": {
+			args: args{
+				vpc: &fake.MockVPCClient{
+					MockCreate: func(input *awsec2.CreateVpcInput) awsec2.CreateVpcRequest {
+						return awsec2.CreateVpcRequest{
+							Request: &aws.Request{HTTPRequest: &http.Request{}, Retryer: aws.NoOpRetryer{}, Data: &awsec2.CreateVpcOutput{
+								Vpc: &awsec2.Vpc{
+									VpcId:     aws.String(vpcID),
+									CidrBlock: aws.String(cidr),
+								},
+							}},
+						}
+					},
+				},
+				cr: vpc(),
+			},
+			want: want{
+				cr:     vpc(withExternalName(vpcID)),
+				result: managed.ExternalCreation{ExternalNameAssigned: true},
+			},
+		},
+		"SuccessfulWithAttributes": {
 			args: args{
 				vpc: &fake.MockVPCClient{
 					MockCreate: func(input *awsec2.CreateVpcInput) awsec2.CreateVpcRequest {
@@ -251,10 +273,15 @@ func TestCreate(t *testing.T) {
 						}
 					},
 				},
-				cr: vpc(),
+				cr: vpc(withSpec(v1beta1.VPCParameters{
+					EnableDNSSupport: &enableDNS,
+				})),
 			},
 			want: want{
-				cr:     vpc(withExternalName(vpcID)),
+				cr: vpc(withExternalName(vpcID),
+					withSpec(v1beta1.VPCParameters{
+						EnableDNSSupport: &enableDNS,
+					})),
 				result: managed.ExternalCreation{ExternalNameAssigned: true},
 			},
 		},