diff --git a/aws/cluster/README.md b/aws/cluster/README.md
index 70ac0d68..3b469b4c 100644
--- a/aws/cluster/README.md
+++ b/aws/cluster/README.md
@@ -97,10 +97,11 @@ module "cluster" {
 |------|-------------|------|---------|:--------:|
 | <a name="input_enabled_cluster_log_types"></a> [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | `[]` | no |
 | <a name="input_k8s_version"></a> [k8s\_version](#input\_k8s\_version) | Kubernetes version to deploy | `string` | n/a | yes |
+| <a name="input_labels"></a> [labels](#input\_labels) | Labels to be applied to created resources | `map(string)` | `{}` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | How many days until control plane logs are purged | `number` | `7` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name for this EKS cluster | `string` | n/a | yes |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Prefix to be applied to created resources | `list(string)` | `[]` | no |
-| <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Node groups to create in this cluster | <pre>map(object({<br>    capacity_type  = optional(string, "ON_DEMAND")<br>    instance_types = list(string),<br>    max_size       = number<br>    min_size       = number<br>  }))</pre> | n/a | yes |
+| <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Node groups to create in this cluster | <pre>map(object({<br>    capacity_type   = optional(string, "ON_DEMAND")<br>    instance_types  = list(string),<br>    max_size        = number<br>    max_unavailable = optional(number, 3)<br>    min_size        = number<br>  }))</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to be applied to all created resources | `map(string)` | `{}` | no |
 
 ## Outputs
diff --git a/aws/cluster/main.tf b/aws/cluster/main.tf
index caceb270..d217e8cc 100644
--- a/aws/cluster/main.tf
+++ b/aws/cluster/main.tf
@@ -39,16 +39,18 @@ module "node_groups" {
   for_each = var.node_groups
   source   = "./modules/eks-node-group"
 
-  capacity_type  = each.value.capacity_type
-  cluster        = module.eks_cluster.instance
-  instance_types = each.value.instance_types
-  max_size       = each.value.max_size
-  min_size       = each.value.min_size
-  name           = each.key
-  namespace      = [module.cluster_name.full]
-  role           = module.node_role.instance
-  subnets        = values(data.aws_subnet.private)
-  tags           = var.tags
+  capacity_type   = each.value.capacity_type
+  cluster         = module.eks_cluster.instance
+  instance_types  = each.value.instance_types
+  labels          = var.labels
+  max_size        = each.value.max_size
+  max_unavailable = each.value.max_unavailable
+  min_size        = each.value.min_size
+  name            = each.key
+  namespace       = [module.cluster_name.full]
+  role            = module.node_role.instance
+  subnets         = values(data.aws_subnet.private)
+  tags            = var.tags
 
   depends_on = [module.node_role]
 }
diff --git a/aws/cluster/modules/eks-cluster/main.tf b/aws/cluster/modules/eks-cluster/main.tf
index 613399fe..d8c1e178 100644
--- a/aws/cluster/modules/eks-cluster/main.tf
+++ b/aws/cluster/modules/eks-cluster/main.tf
@@ -29,7 +29,10 @@ resource "aws_eks_cluster" "this" {
 
     # Ensure EKS doesn't automatically create the log group before we create it
     # and set retention.
-    aws_cloudwatch_log_group.eks
+    aws_cloudwatch_log_group.eks,
+
+    # Ensure that the KMS key is created before EKS Cluster start using it.
+    aws_kms_key.eks_key
   ]
 }
 
@@ -95,8 +98,10 @@ resource "aws_kms_key" "eks_key" {
 }
 
 resource "aws_kms_alias" "eks_key_alias" {
-  target_key_id = aws_kms_key.eks_key
+  target_key_id = aws_kms_key.eks_key.key_id
   name_prefix   = "alias/${var.name}"
+
+  depends_on = [aws_kms_key.eks_key]
 }
 
 data "aws_partition" "current" {
diff --git a/aws/cluster/modules/eks-node-group/README.md b/aws/cluster/modules/eks-node-group/README.md
index 6ffcdc0a..cc755c8a 100644
--- a/aws/cluster/modules/eks-node-group/README.md
+++ b/aws/cluster/modules/eks-node-group/README.md
@@ -25,7 +25,10 @@
 | <a name="input_capacity_type"></a> [capacity\_type](#input\_capacity\_type) | Allow values: ON\_DEMAND (default), SPOT | `string` | `"ON_DEMAND"` | no |
 | <a name="input_cluster"></a> [cluster](#input\_cluster) | Cluster which this node group should join | `object({ name = string })` | n/a | yes |
 | <a name="input_instance_types"></a> [instance\_types](#input\_instance\_types) | EC2 instance types allowed in this node group | `list(string)` | <pre>[<br>  "t3.medium"<br>]</pre> | no |
+| <a name="input_label_node_role"></a> [label\_node\_role](#input\_label\_node\_role) | Role to struct kubernetes scheduler to use for this node group | `string` | `"general"` | no |
+| <a name="input_labels"></a> [labels](#input\_labels) | Labels to be applied to created resources | `map(string)` | `{}` | no |
 | <a name="input_max_size"></a> [max\_size](#input\_max\_size) | Maximum number of nodes in this group | `number` | n/a | yes |
+| <a name="input_max_unavailable"></a> [max\_unavailable](#input\_max\_unavailable) | Maximum number of nodes that can be unavailable during a rolling update | `number` | `1` | no |
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | Minimum number of nodes in this group | `number` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name for this EKS node group | `string` | n/a | yes |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Prefix to be applied to created resources | `list(string)` | `[]` | no |
diff --git a/aws/cluster/modules/eks-node-group/main.tf b/aws/cluster/modules/eks-node-group/main.tf
index ecc2920b..07e34434 100644
--- a/aws/cluster/modules/eks-node-group/main.tf
+++ b/aws/cluster/modules/eks-node-group/main.tf
@@ -14,6 +14,14 @@ resource "aws_eks_node_group" "this" {
     min_size     = local.min_size_per_node_group
   }
 
+  update_config {
+    max_unavailable = var.max_unavailable
+  }
+
+  labels = merge(var.labels, {
+    role = var.label_node_role
+  })
+
   tags = merge(var.tags, {
     AvailabilityZone = each.key
   })
diff --git a/aws/cluster/modules/eks-node-group/variables.tf b/aws/cluster/modules/eks-node-group/variables.tf
index 8f678fc8..5cf01019 100644
--- a/aws/cluster/modules/eks-node-group/variables.tf
+++ b/aws/cluster/modules/eks-node-group/variables.tf
@@ -51,3 +51,21 @@ variable "tags" {
   description = "Tags to be applied to created resources"
   default     = {}
 }
+
+variable "labels" {
+  type        = map(string)
+  description = "Labels to be applied to created resources"
+  default     = {}
+}
+
+variable "label_node_role" {
+  type        = string
+  description = "Role to struct kubernetes scheduler to use for this node group"
+  default     = "general"
+}
+
+variable "max_unavailable" {
+  type        = number
+  description = "Maximum number of nodes that can be unavailable during a rolling update"
+  default     = 1
+}
diff --git a/aws/cluster/variables.tf b/aws/cluster/variables.tf
index c9353dd9..fa27b4d3 100644
--- a/aws/cluster/variables.tf
+++ b/aws/cluster/variables.tf
@@ -30,10 +30,11 @@ variable "node_groups" {
   description = "Node groups to create in this cluster"
 
   type = map(object({
-    capacity_type  = optional(string, "ON_DEMAND")
-    instance_types = list(string),
-    max_size       = number
-    min_size       = number
+    capacity_type   = optional(string, "ON_DEMAND")
+    instance_types  = list(string),
+    max_size        = number
+    max_unavailable = optional(number, 3)
+    min_size        = number
   }))
 }
 
@@ -42,3 +43,9 @@ variable "tags" {
   description = "Tags to be applied to all created resources"
   default     = {}
 }
+
+variable "labels" {
+  type        = map(string)
+  description = "Labels to be applied to created resources"
+  default     = {}
+}