diff --git a/tasks/iac.yaml b/tasks/iac.yaml
index d6ef7871ce..85c744fac4 100644
--- a/tasks/iac.yaml
+++ b/tasks/iac.yaml
@@ -46,6 +46,18 @@ tasks:
             serviceRolePermissionsBoundary: ${PERMISSIONS_BOUNDARY_ARN}
 
           addons:
+            - name: vpc-cni
+              attachPolicyARNs:
+                # Commercial IAM Policy
+                # - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
+                # Govcloud IAM policy
+                - arn:aws-us-gov:iam::aws:policy/AmazonEKS_CNI_Policy
+              permissionsBoundary: ${PERMISSIONS_BOUNDARY_ARN}
+              tags:
+                PermissionsBoundary: ${PERMISSIONS_BOUNDARY_NAME}
+              configurationValues: |-
+                enableNetworkPolicy: "true"
+
             - name: aws-ebs-csi-driver
               attachPolicyARNs:
                 # Commercial IAM Policy
@@ -59,16 +71,6 @@ tasks:
               tags:
                 PermissionsBoundary: ${PERMISSIONS_BOUNDARY_NAME}
 
-            - name: vpc-cni
-              attachPolicyARNs:
-                # Commercial IAM Policy
-                # - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
-                # Govcloud IAM policy
-                - arn:aws-us-gov:iam::aws:policy/AmazonEKS_CNI_Policy
-              permissionsBoundary: ${PERMISSIONS_BOUNDARY_ARN}
-              tags:
-                PermissionsBoundary: ${PERMISSIONS_BOUNDARY_NAME}
-
           managedNodeGroups:
             - name: ng-1
               instanceType: m5.2xlarge