diff --git a/.circleci/config.yml b/.circleci/config.yml
index 41a0245f1..360de6159 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -25,6 +25,9 @@ jobs:
           command: |
             NORMALIZED_BRANCH_NAME=$(echo ${CIRCLE_BRANCH} | sed 's/[^a-zA-Z0-9]/-/g' | cut -c 1-50)
             echo "export BUILD_TAG=${NORMALIZED_BRANCH_NAME}-${CIRCLE_BUILD_NUM}-${CIRCLE_SHA1::7}" >> ${BASH_ENV}
+      - run:
+          name: Install aws cli
+          command: apk add aws-cli
       - run:
           name: Packer validate and build AMI
           # AWS sometimes take really long to finish ami build.
diff --git a/.github/actions/ci/build/action.yaml b/.github/actions/ci/build/action.yaml
index 822617abb..5b91c3d0d 100644
--- a/.github/actions/ci/build/action.yaml
+++ b/.github/actions/ci/build/action.yaml
@@ -24,6 +24,7 @@ runs:
     - id: build
       shell: bash
       run: |
+        packer plugins install github.com/hashicorp/amazon
         AMI_NAME="amazon-eks-node-${{ inputs.k8s_version }}-${{ inputs.build_id }}"
         make ${{ inputs.k8s_version }} ami_name=${AMI_NAME} ${{ inputs.additional_arguments }}
         echo "ami_id=$(jq -r .builds[0].artifact_id "${AMI_NAME}-manifest.json" | cut -d ':' -f 2)" >> $GITHUB_OUTPUT
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a3047068a..de8de2923 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,1064 @@
 
 <!--new-changelog-entry-placeholder-->
 
+# AMI Release v20231220
+<!-- Release notes generated using configuration in .github/release.yaml at 72aa58b200a628d9ec316765aef6a46ee58ce296 -->
+
+## What's Changed
+* Set containerd LimitNOFILE to recommended value by @cartermckinnon in https://github.com/awslabs/amazon-eks-ami/pull/1535
+* Update get-ecr-uri.sh with ca-west-1 account by @mmerkes in https://github.com/awslabs/amazon-eks-ami/pull/1542
+* Fix typo opt names in `bootstrap.sh` logging by @ketozhang in https://github.com/awslabs/amazon-eks-ami/pull/1547
+
+## New Contributors
+* @ketozhang made their first contribution in https://github.com/awslabs/amazon-eks-ami/pull/1547
+
+**Full Changelog**: https://github.com/awslabs/amazon-eks-ami/compare/v20231201...v20231220
+
+---
+
+<h2>AMI Details</h2>
+
+
+<details>
+<summary><b>Kubernetes 1.28</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.28-v20231220</td>
+      <td rowspan="3">1.28.3-20231220</td>
+      <td rowspan="3">s3://amazon-eks/1.28.3/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.28-v20231220</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.28-v20231220</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.2-1</td>
+    </tr>
+    <tr>
+      <td>efa</td>
+      <td>2.6.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.201-191.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.129.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.27</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.27-v20231220</td>
+      <td rowspan="3">1.27.7-20231220</td>
+      <td rowspan="3">s3://amazon-eks/1.27.7/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.27-v20231220</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.27-v20231220</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.2-1</td>
+    </tr>
+    <tr>
+      <td>efa</td>
+      <td>2.6.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.201-191.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.129.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.26</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.26-v20231220</td>
+      <td rowspan="3">1.26.10-20231220</td>
+      <td rowspan="3">s3://amazon-eks/1.26.10/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.26-v20231220</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.26-v20231220</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.2-1</td>
+    </tr>
+    <tr>
+      <td>efa</td>
+      <td>2.6.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.201-191.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.129.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.25</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.25-v20231220</td>
+      <td rowspan="3">1.25.15-20231220</td>
+      <td rowspan="3">s3://amazon-eks/1.25.15/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.25-v20231220</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.25-v20231220</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.2-1</td>
+    </tr>
+    <tr>
+      <td>efa</td>
+      <td>2.6.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.201-191.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.129.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.24</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.24-v20231220</td>
+      <td rowspan="3">1.24.17-20231220</td>
+      <td rowspan="3">s3://amazon-eks/1.24.17/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.24-v20231220</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.24-v20231220</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>11.4.0-1</td>
+    </tr>
+    <tr>
+      <td>docker</td>
+      <td>20.10.25-1.amzn2.0.3</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.201-191.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>470.182.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.23</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.23-v20231220</td>
+      <td rowspan="3">1.23.17-20231220</td>
+      <td rowspan="3">s3://amazon-eks/1.23.17/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.23-v20231220</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.23-v20231220</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>11.4.0-1</td>
+    </tr>
+    <tr>
+      <td>docker</td>
+      <td>20.10.25-1.amzn2.0.3</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.4.261-174.360.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>470.182.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+
+> **Note**
+> A recent change in the Linux kernel caused the EFA and NVIDIA drivers to be incompatible. More information is available in #1494.
+> To prevent unexpected failures, the kernel in the GPU AMI will remain at the following versions until we have determined a solution:
+> - Kubernetes 1.24 and below: `5.4.254-170.358.amzn2`
+> - Kubernetes 1.25 and above: `5.10.192-183.736.amzn2`
+
+---
+
+
+# AMI Release v20231201
+<!-- Release notes generated using configuration in .github/release.yaml at fb87d587ff27b3098176792859115ec0ee7a6429 -->
+
+## What's Changed
+* Check for ecr-fips endpoint availability by @cartermckinnon in https://github.com/awslabs/amazon-eks-ami/pull/1524
+* Install SSM agent from AL core repo by default by @cartermckinnon in https://github.com/awslabs/amazon-eks-ami/pull/1531
+* Update to `containerd` 1.7 by @cartermckinnon in https://github.com/awslabs/amazon-eks-ami/pull/1516
+
+## New Contributors
+* @JoeNorth made their first contribution in https://github.com/awslabs/amazon-eks-ami/pull/1533
+
+**Full Changelog**: https://github.com/awslabs/amazon-eks-ami/compare/v20231116...v20231201
+
+---
+
+<h2>AMI Details</h2>
+
+
+<details>
+<summary><b>Kubernetes 1.28</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.28-v20231201</td>
+      <td rowspan="3">1.28.3-20231201</td>
+      <td rowspan="3">s3://amazon-eks/1.28.3/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.28-v20231201</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.28-v20231201</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.199-190.747.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.27</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.27-v20231201</td>
+      <td rowspan="3">1.27.7-20231201</td>
+      <td rowspan="3">s3://amazon-eks/1.27.7/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.27-v20231201</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.27-v20231201</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.199-190.747.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.26</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.26-v20231201</td>
+      <td rowspan="3">1.26.10-20231201</td>
+      <td rowspan="3">s3://amazon-eks/1.26.10/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.26-v20231201</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.26-v20231201</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.199-190.747.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.25</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.25-v20231201</td>
+      <td rowspan="3">1.25.15-20231201</td>
+      <td rowspan="3">s3://amazon-eks/1.25.15/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.25-v20231201</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.25-v20231201</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.199-190.747.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.24</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.24-v20231201</td>
+      <td rowspan="3">1.24.17-20231201</td>
+      <td rowspan="3">s3://amazon-eks/1.24.17/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.24-v20231201</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.24-v20231201</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>11.4.0-1</td>
+    </tr>
+    <tr>
+      <td>docker</td>
+      <td>20.10.25-1.amzn2.0.3</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.199-190.747.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>470.182.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.23</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.23-v20231201</td>
+      <td rowspan="3">1.23.17-20231201</td>
+      <td rowspan="3">s3://amazon-eks/1.23.17/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.23-v20231201</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.23-v20231201</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1705.0-1.amzn2</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.7.2-1.amzn2.0.1</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>11.4.0-1</td>
+    </tr>
+    <tr>
+      <td>docker</td>
+      <td>20.10.25-1.amzn2.0.3</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.4.259-173.361.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>470.182.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+
+> **Note**
+> A recent change in the Linux kernel caused the EFA and NVIDIA drivers to be incompatible. More information is available in #1494.
+> To prevent unexpected failures, the kernel in the GPU AMI will remain at the following versions until we have determined a solution:
+> - Kubernetes 1.24 and below: `5.4.254-170.358.amzn2`
+> - Kubernetes 1.25 and above: `5.10.192-183.736.amzn2`
+
+---
+
+
+# AMI Release v20231116
+<!-- Release notes generated using configuration in .github/release.yaml at 872f5505e1de493694e74141985091b2c6f8354d -->
+
+## What's Changed
+* Sets docker to the latest 20.10 version by @mmerkes in https://github.com/awslabs/amazon-eks-ami/pull/1510
+
+## New Contributors
+* @edmondceausu made their first contribution in https://github.com/awslabs/amazon-eks-ami/pull/1504
+
+**Full Changelog**: https://github.com/awslabs/amazon-eks-ami/compare/v20231106...v20231116
+
+---
+
+<h2>AMI Details</h2>
+
+
+<details>
+<summary><b>Kubernetes 1.28</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.28-v20231116</td>
+      <td rowspan="3">1.28.3-20231116</td>
+      <td rowspan="3">s3://amazon-eks/1.28.3/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.28-v20231116</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.28-v20231116</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1798.0-1</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.6.19-1.amzn2.0.5</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.198-187.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.27</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.27-v20231116</td>
+      <td rowspan="3">1.27.7-20231116</td>
+      <td rowspan="3">s3://amazon-eks/1.27.7/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.27-v20231116</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.27-v20231116</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1798.0-1</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.6.19-1.amzn2.0.5</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.198-187.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.26</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.26-v20231116</td>
+      <td rowspan="3">1.26.10-20231116</td>
+      <td rowspan="3">s3://amazon-eks/1.26.10/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.26-v20231116</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.26-v20231116</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1798.0-1</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.6.19-1.amzn2.0.5</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.198-187.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.25</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.25-v20231116</td>
+      <td rowspan="3">1.25.15-20231116</td>
+      <td rowspan="3">s3://amazon-eks/1.25.15/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.25-v20231116</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.25-v20231116</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1798.0-1</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.6.19-1.amzn2.0.5</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>12.2.0-1</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.198-187.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>535.54.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.24</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.24-v20231116</td>
+      <td rowspan="3">1.24.17-20231116</td>
+      <td rowspan="3">s3://amazon-eks/1.24.17/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.24-v20231116</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.24-v20231116</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1798.0-1</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.6.19-1.amzn2.0.5</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>11.4.0-1</td>
+    </tr>
+    <tr>
+      <td>docker</td>
+      <td>20.10.25-1.amzn2.0.3</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.10.198-187.748.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>470.182.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+<details>
+<summary><b>Kubernetes 1.23</b></summary>
+  <table>
+    <tr>
+      <th>AMI names</th>
+      <th>Release version</th>
+      <th>Included artifacts</th>
+    <tr>
+    <tr>
+      <td>amazon-eks-node-1.23-v20231116</td>
+      <td rowspan="3">1.23.17-20231116</td>
+      <td rowspan="3">s3://amazon-eks/1.23.17/2023-11-14/</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-gpu-node-1.23-v20231116</td>
+    </tr>
+    <tr>
+      <td>amazon-eks-arm64-node-1.23-v20231116</td>
+    </tr>
+  </table>
+  <table>
+    <tr>
+      <th>Package</th>
+      <th>Version</th>
+    </tr>
+    <tr>
+      <td>amazon-ssm-agent</td>
+      <td>3.2.1798.0-1</td>
+    </tr>
+    <tr>
+      <td>containerd</td>
+      <td>1.6.19-1.amzn2.0.5</td>
+    </tr>
+    <tr>
+      <td>cuda</td>
+      <td>11.4.0-1</td>
+    </tr>
+    <tr>
+      <td>docker</td>
+      <td>20.10.25-1.amzn2.0.3</td>
+    </tr>
+    <tr>
+      <td>kernel</td>
+      <td>5.4.258-171.360.amzn2</td>
+    </tr>
+    <tr>
+      <td>nvidia-driver-latest-dkms</td>
+      <td>470.182.03-1.el7</td>
+    </tr>
+    <tr>
+      <td>runc</td>
+      <td>1.1.7-4.amzn2</td>
+    </tr>
+  </table>
+</details>
+
+
+> **Note**
+> A recent change in the Linux kernel caused the EFA and NVIDIA drivers to be incompatible. More information is available in #1494.
+> To prevent unexpected failures, the kernel in the GPU AMI will remain at the following versions until we have determined a solution:
+> - Kubernetes 1.24 and below: `5.4.254-170.358.amzn2`
+> - Kubernetes 1.25 and above: `5.10.192-183.736.amzn2`
+
+---
+
+
 # AMI Release v20231106
 ## What's Changed
 * Add new i4i sizes to eni-max-pods.txt by @github-actions in https://github.com/awslabs/amazon-eks-ami/pull/1495
diff --git a/doc/USER_GUIDE.md b/doc/USER_GUIDE.md
index f96c046ea..a546ab034 100644
--- a/doc/USER_GUIDE.md
+++ b/doc/USER_GUIDE.md
@@ -37,7 +37,7 @@ Users have the following options for specifying their own values:
 | `binary_bucket_region` | ```us-west-2``` |  |
 | `cache_container_images` | ```false``` |  |
 | `cni_plugin_version` | ```v1.2.0``` |  |
-| `containerd_version` | ```1.6.*``` |  |
+| `containerd_version` | ```1.7.*``` |  |
 | `creator` | ```{{env `USER`}}``` |  |
 | `docker_version` | ```20.10.*``` |  |
 | `encrypted` | ```false``` |  |
@@ -58,7 +58,7 @@ Users have the following options for specifying their own values:
 | `source_ami_owners` | ```137112412989``` |  |
 | `ssh_interface` | `""` |  |
 | `ssh_username` | ```ec2-user``` |  |
-| `ssm_agent_version` | ```latest``` |  |
+| `ssm_agent_version` | `""` | Version of the SSM agent to install from the S3 bucket provided by the SSM agent project, such as ```latest```. If empty, the latest version of the SSM agent available in the Amazon Linux core repositories will be installed. |
 | `subnet_id` | `""` |  |
 | `temporary_security_group_source_cidrs` | `""` |  |
 | `volume_type` | ```gp2``` |  |
diff --git a/eks-worker-al2-variables.json b/eks-worker-al2-variables.json
index 43b60748c..10a46fdbc 100644
--- a/eks-worker-al2-variables.json
+++ b/eks-worker-al2-variables.json
@@ -13,7 +13,7 @@
     "binary_bucket_region": "us-west-2",
     "cache_container_images": "false",
     "cni_plugin_version": "v1.2.0",
-    "containerd_version": "1.6.*",
+    "containerd_version": "1.7.*",
     "creator": "{{env `USER`}}",
     "docker_version": "20.10.*",
     "enable_fips": "false",
diff --git a/files/bootstrap.sh b/files/bootstrap.sh
index 36f47d9c3..42567a495 100755
--- a/files/bootstrap.sh
+++ b/files/bootstrap.sh
@@ -345,7 +345,7 @@ CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki
 CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt
 mkdir -p $CA_CERTIFICATE_DIRECTORY
 if [[ -z "${B64_CLUSTER_CA}" ]] || [[ -z "${APISERVER_ENDPOINT}" ]]; then
-  log "INFO: --cluster-ca or --api-server-endpoint is not defined, describing cluster..."
+  log "INFO: --b64-cluster-ca or --apiserver-endpoint is not defined, describing cluster..."
   DESCRIBE_CLUSTER_RESULT="/tmp/describe_cluster_result.txt"
 
   # Retry the DescribeCluster API for API_RETRY_ATTEMPTS
@@ -407,7 +407,7 @@ fi
 
 log "INFO: Using IP family: ${IP_FAMILY}"
 
-echo $B64_CLUSTER_CA | base64 -d > $CA_CERTIFICATE_FILE_PATH
+echo "$B64_CLUSTER_CA" | base64 -d > $CA_CERTIFICATE_FILE_PATH
 
 sed -i s,MASTER_ENDPOINT,$APISERVER_ENDPOINT,g /var/lib/kubelet/kubeconfig
 sed -i s,AWS_REGION,$AWS_DEFAULT_REGION,g /var/lib/kubelet/kubeconfig
diff --git a/files/eni-max-pods.txt b/files/eni-max-pods.txt
index 0d5e473f0..70f9a59bc 100644
--- a/files/eni-max-pods.txt
+++ b/files/eni-max-pods.txt
@@ -231,6 +231,7 @@ d3en.6xlarge 58
 d3en.8xlarge 78
 d3en.xlarge 10
 dl1.24xlarge 737
+dl2q.24xlarge 737
 f1.16xlarge 394
 f1.2xlarge 58
 f1.4xlarge 234
diff --git a/files/get-ecr-uri.sh b/files/get-ecr-uri.sh
index a160cebcb..3dc56523a 100755
--- a/files/get-ecr-uri.sh
+++ b/files/get-ecr-uri.sh
@@ -63,6 +63,9 @@ else
     il-central-1)
       acct="066635153087"
       ;;
+    ca-west-1)
+      acct="761377655185"
+      ;;
     # This sections includes all commercial non-opt-in regions, which use
     # the same account for ECR pause container images, but still have in-region
     # registries.
@@ -110,10 +113,15 @@ else
   esac # end region check
 fi
 
-AWS_ECR_SUBDOMAIN="ecr"
-# if FIPS is enabled on the machine, use the FIPS endpoint.
+ECR_DOMAIN="${acct}.dkr.ecr.${region}.${aws_domain}"
+
+# if FIPS is enabled on the machine, use the FIPS endpoint if it's available
 if [[ "$(sysctl -n crypto.fips_enabled)" == 1 ]]; then
-  AWS_ECR_SUBDOMAIN="ecr-fips"
+  ECR_FIPS_DOMAIN="${acct}.dkr.ecr-fips.${region}.${aws_domain}"
+  if [ $(getent hosts "$ECR_FIPS_DOMAIN" | wc -l) -gt 0 ]; then
+    echo "$ECR_FIPS_DOMAIN"
+    exit 0
+  fi
 fi
 
-echo "${acct}.dkr.${AWS_ECR_SUBDOMAIN}.${region}.${aws_domain}"
+echo "$ECR_DOMAIN"
diff --git a/log-collector-script/linux/eks-log-collector.sh b/log-collector-script/linux/eks-log-collector.sh
index ee03b46ac..6c4c03528 100644
--- a/log-collector-script/linux/eks-log-collector.sh
+++ b/log-collector-script/linux/eks-log-collector.sh
@@ -359,6 +359,7 @@ get_common_logs() {
         cp --force --dereference --recursive /var/log/containers/fsx-csi* "${COLLECT_DIR}"/var_log/ 2> /dev/null
         cp --force --dereference --recursive /var/log/containers/fsx-openzfs-csi* "${COLLECT_DIR}"/var_log/ 2> /dev/null
         cp --force --dereference --recursive /var/log/containers/file-cache-csi* "${COLLECT_DIR}"/var_log/ 2> /dev/null
+        cp --force --dereference --recursive /var/log/containers/eks-pod-identity-agent* "${COLLECT_DIR}"/var_log/ 2> /dev/null
         continue
       fi
       if [[ "${entry}" == "pods" ]]; then
@@ -371,6 +372,7 @@ get_common_logs() {
         cp --force --dereference --recursive /var/log/pods/kube-system_fsx-csi-* "${COLLECT_DIR}"/var_log/ 2> /dev/null
         cp --force --dereference --recursive /var/log/pods/kube-system_fsx-openzfs-csi-* "${COLLECT_DIR}"/var_log/ 2> /dev/null
         cp --force --dereference --recursive /var/log/pods/kube-system_file-cache-csi-* "${COLLECT_DIR}"/var_log/ 2> /dev/null
+        cp --force --dereference --recursive /var/log/pods/kube-system_eks-pod-identity-agent* "${COLLECT_DIR}"/var_log/ 2> /dev/null
         continue
       fi
       cp --force --recursive --dereference /var/log/"${entry}" "${COLLECT_DIR}"/var_log/ 2> /dev/null
diff --git a/scripts/install-worker.sh b/scripts/install-worker.sh
index a664485d3..f0baeb1ea 100644
--- a/scripts/install-worker.sh
+++ b/scripts/install-worker.sh
@@ -87,14 +87,29 @@ fi
 # packages that need special handling
 if cat /etc/*release | grep "al2023" > /dev/null 2>&1; then
   # exists in al2023 only (needed by kubelet)
-  sudo yum install -y iptables-legacy
+  sudo yum install -y iptables-nft
+
+  # Mask udev triggers installed by amazon-ec2-net-utils package
+  sudo touch /etc/udev/rules.d/99-vpc-policy-routes.rules
+
+  # Make networkd ignore foreign settings, else it may unexpectedly delete IP rules and routes added by CNI
+  sudo mkdir -p /usr/lib/systemd/networkd.conf.d/
+  cat << EOF | sudo tee /usr/lib/systemd/networkd.conf.d/80-release.conf
+# Do not clobber any routes or rules added by CNI.
+[Network]
+ManageForeignRoutes=no
+ManageForeignRoutingPolicyRules=no
+EOF
+
+  # Temporary fix for https://github.com/aws/amazon-vpc-cni-k8s/pull/2118
+  sudo sed -i "s/^MACAddressPolicy=.*/MACAddressPolicy=none/" /usr/lib/systemd/network/99-default.link || true
 else
   # curl-minimal already exists in al2023 so install curl only on al2
   sudo yum install -y curl
-fi
 
-# Remove the ec2-net-utils package, if it's installed. This package interferes with the route setup on the instance.
-if yum list installed | grep ec2-net-utils; then sudo yum remove ec2-net-utils -y -q; fi
+  # Remove the ec2-net-utils package, if it's installed. This package interferes with the route setup on the instance.
+  if yum list installed | grep ec2-net-utils; then sudo yum remove ec2-net-utils -y -q; fi
+fi
 
 sudo mkdir -p /etc/eks/
 
@@ -512,10 +527,11 @@ fi
 if yum list installed | grep amazon-ssm-agent; then
   echo "amazon-ssm-agent already present - skipping install"
 else
-  echo "Installing amazon-ssm-agent"
-  if ! [[ ${ISOLATED_REGIONS} =~ $BINARY_BUCKET_REGION ]]; then
+  if ! [[ -z "${SSM_AGENT_VERSION}" ]]; then
+    echo "Installing amazon-ssm-agent@${SSM_AGENT_VERSION} from S3"
     sudo yum install -y https://s3.${BINARY_BUCKET_REGION}.${S3_DOMAIN}/amazon-ssm-${BINARY_BUCKET_REGION}/${SSM_AGENT_VERSION}/linux_${ARCH}/amazon-ssm-agent.rpm
   else
+    echo "Installing amazon-ssm-agent from AL core repository"
     sudo yum install -y amazon-ssm-agent
   fi
 fi