diff --git a/tools/testsys-config/src/lib.rs b/tools/testsys-config/src/lib.rs
index b841a72087b..867355cdb1b 100644
--- a/tools/testsys-config/src/lib.rs
+++ b/tools/testsys-config/src/lib.rs
@@ -360,6 +360,9 @@ pub struct DeveloperConfig {
     pub keep_tests_running: Option<bool>,
     /// Use an alternate account for image lookup
     pub image_account_id: Option<String>,
+    /// Overrides the EKS service endpoint for TestSys agents gathering EKS cluster metadata
+    /// (only for pre-existing EKS clusters, does not apply to new EKS cluster creation)
+    pub eks_service_endpoint: Option<String>,
 }
 
 impl DeveloperConfig {
@@ -374,6 +377,7 @@ impl DeveloperConfig {
                 .or(other.bottlerocket_destruction_policy),
             keep_tests_running: self.keep_tests_running.or(other.keep_tests_running),
             image_account_id: self.image_account_id.or(other.image_account_id),
+            eks_service_endpoint: self.eks_service_endpoint.or(other.eks_service_endpoint),
         }
     }
 }
diff --git a/tools/testsys/src/aws_k8s.rs b/tools/testsys/src/aws_k8s.rs
index 971607d9281..2fc063fabcd 100644
--- a/tools/testsys/src/aws_k8s.rs
+++ b/tools/testsys/src/aws_k8s.rs
@@ -106,6 +106,14 @@ impl CrdCreator for AwsK8sCreator {
 
         let eks_crd = EksClusterConfig::builder()
             .creation_policy(CreationPolicy::IfNotExists)
+            .eks_service_endpoint(
+                cluster_input
+                    .crd_input
+                    .config
+                    .dev
+                    .eks_service_endpoint
+                    .clone(),
+            )
             .assume_role(cluster_input.crd_input.config.agent_role.clone())
             .config(config)
             .image(
diff --git a/tools/testsys/src/aws_resources.rs b/tools/testsys/src/aws_resources.rs
index 5f6fc2f2772..aa97a3fb1d3 100644
--- a/tools/testsys/src/aws_resources.rs
+++ b/tools/testsys/src/aws_resources.rs
@@ -207,7 +207,7 @@ pub(crate) async fn ec2_crd<'a>(
     // Add in the EKS specific configuration.
     if cluster_type == ClusterType::Eks {
         ec2_builder
-            .subnet_ids_template(cluster_name, "privateSubnetIds")
+            .subnet_ids_template(cluster_name, "publicSubnetIds")
             .endpoint_template(cluster_name, "endpoint")
             .certificate_template(cluster_name, "certificate")
             .cluster_dns_ip_template(cluster_name, "clusterDnsIp")
@@ -305,7 +305,7 @@ pub(crate) async fn ec2_karpenter_crd<'a>(
         )
         .cluster_name_template(cluster_name, "clusterName")
         .region_template(cluster_name, "region")
-        .subnet_ids_template(cluster_name, "privateSubnetIds")
+        .subnet_ids_template(cluster_name, "publicSubnetIds")
         .endpoint_template(cluster_name, "endpoint")
         .cluster_sg_template(cluster_name, "clustersharedSg")
         .device_mappings(device_mappings)