diff --git a/main.tf b/main.tf
index 47bf3fa..fc626f4 100644
--- a/main.tf
+++ b/main.tf
@@ -6,6 +6,7 @@ locals {
   iam_role_policy_name       = "castai-user-policy-${substr(local.resource_name_postfix, 0, 45)}"
   instance_profile_role_name = "castai-eks-instance-${substr(local.resource_name_postfix, 0, 44)}"
   iam_policy_prefix          = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
+  ipv6_policy_name           = "CastEC2AssignIPv6Policy-${local.resource_name_postfix}"
 
   castai_instance_profile_policy_list = flatten([
     "${local.iam_policy_prefix}/AmazonEKSWorkerNodePolicy",
@@ -90,6 +91,30 @@ resource "aws_iam_role_policy_attachment" "castai_instance_profile_policy" {
   policy_arn = each.value
 }
 
+# Create the IAM Policy for IPv6 assignment
+resource "aws_iam_policy" "ec2_assign_ipv6" {
+  count       = var.enable_ipv6 ? 1 : 0
+  name        = local.ipv6_policy_name
+  description = "Policy to allow EC2 to assign IPv6 addresses"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect   = "Allow",
+        Action   = "ec2:AssignIpv6Addresses",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+# Attach the policy to the role associated with the instance profile
+resource "aws_iam_role_policy_attachment" "attach_ec2_assign_ipv6" {
+  count      = var.enable_ipv6 ? 1 : 0
+  role       = aws_iam_instance_profile.instance_profile.role
+  policy_arn = aws_iam_policy.ec2_assign_ipv6[0].arn
+}
+
 data "aws_iam_policy_document" "cast_assume_role_policy" {
   statement {
     sid = ""
diff --git a/variables.tf b/variables.tf
index 16ac4ae..3cdc16e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -35,4 +35,8 @@ variable "attach_worker_cni_policy" {
   default     = true
 }
 
-
+variable "enable_ipv6" {
+  type        = bool
+  description = "Whether to enable IPv6 CNI policy for the cluster."
+  default     = true
+}