diff --git a/.gitignore b/.gitignore
index 681f2bc..678bc80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@
 # Crash log files
 crash.log
 
+examples/test
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
diff --git a/main.tf b/main.tf
index 91e79e2..307de39 100644
--- a/main.tf
+++ b/main.tf
@@ -185,11 +185,12 @@ module "servers" {
   instance_type               = var.instance_type
   block_device_mappings       = var.block_device_mappings
   extra_block_device_mappings = var.extra_block_device_mappings
-  vpc_security_group_ids      = concat([aws_security_group.server.id, aws_security_group.cluster.id], var.extra_security_group_ids)
+  vpc_security_group_ids      = concat([aws_security_group.server.id, aws_security_group.cluster.id, module.cp_lb.security_group], var.extra_security_group_ids)
   spot                        = var.spot
   load_balancers              = [module.cp_lb.name]
   wait_for_capacity_timeout   = var.wait_for_capacity_timeout
   metadata_options            = var.metadata_options
+  associate_public_ip_address = var.associate_public_ip_address
 
   # Overrideable variables
   userdata             = data.cloudinit_config.this.rendered
diff --git a/modules/common/download.sh b/modules/common/download.sh
index f51fd52..427b6bc 100644
--- a/modules/common/download.sh
+++ b/modules/common/download.sh
@@ -47,7 +47,7 @@ do_download() {
   get_installer
 
   case $ID in
-  centos)
+  centos | rocky)
     yum install -y unzip
     install_awscli
 
diff --git a/modules/nodepool/main.tf b/modules/nodepool/main.tf
index 2491a95..bd01060 100644
--- a/modules/nodepool/main.tf
+++ b/modules/nodepool/main.tf
@@ -15,7 +15,6 @@ resource "aws_launch_template" "this" {
   image_id               = var.ami
   instance_type          = var.instance_type
   user_data              = var.userdata
-  vpc_security_group_ids = concat([aws_security_group.this.id], var.vpc_security_group_ids)
 
   metadata_options {
     http_endpoint               = var.metadata_options["http_endpoint"]
@@ -24,6 +23,12 @@ resource "aws_launch_template" "this" {
     instance_metadata_tags      = var.metadata_options["instance_metadata_tags"]
   }
 
+  network_interfaces {
+    associate_public_ip_address = var.associate_public_ip_address
+    delete_on_termination = true
+    security_groups       = var.vpc_security_group_ids
+  }
+
   block_device_mappings {
     device_name = lookup(var.block_device_mappings, "device_name", "/dev/sda1")
     ebs {
diff --git a/modules/nodepool/variables.tf b/modules/nodepool/variables.tf
index 0ae437b..a547d04 100644
--- a/modules/nodepool/variables.tf
+++ b/modules/nodepool/variables.tf
@@ -88,6 +88,11 @@ variable "spot" {
   type    = bool
 }
 
+variable "associate_public_ip_address" {
+  default = false
+  type    = bool
+}
+
 variable "min_elb_capacity" {
   type    = number
   default = null
@@ -97,3 +102,4 @@ variable "metadata_options" {
   type        = map
   description = "Instance Metadata Options"
 }
+
diff --git a/modules/statestore/main.tf b/modules/statestore/main.tf
index 0a886e8..99b14e9 100644
--- a/modules/statestore/main.tf
+++ b/modules/statestore/main.tf
@@ -20,7 +20,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "ssec" {
   }
 }
 
-resource "aws_s3_bucket_object" "token" {
+resource "aws_s3_object" "token" {
   bucket                 = aws_s3_bucket.bucket.id
   key                    = "token"
   content_type           = "text/plain"
@@ -33,7 +33,7 @@ data "aws_iam_policy_document" "getter" {
     effect  = "Allow"
     actions = ["s3:GetObject"]
     resources = [
-      "${aws_s3_bucket.bucket.arn}/${aws_s3_bucket_object.token.id}",
+      "${aws_s3_bucket.bucket.arn}/${aws_s3_object.token.id}",
     ]
   }
 }
diff --git a/modules/statestore/outputs.tf b/modules/statestore/outputs.tf
index 96420dd..90fcc6c 100644
--- a/modules/statestore/outputs.tf
+++ b/modules/statestore/outputs.tf
@@ -1,9 +1,9 @@
 output "bucket" {
-  value = aws_s3_bucket_object.token.bucket
+  value = aws_s3_object.token.bucket
 }
 
 output "token_object" {
-  value = aws_s3_bucket_object.token.id
+  value = aws_s3_object.token.id
 }
 
 output "kubeconfig_put_policy" {
@@ -12,8 +12,8 @@ output "kubeconfig_put_policy" {
 
 output "token" {
   value = {
-    bucket          = aws_s3_bucket_object.token.bucket
-    object          = aws_s3_bucket_object.token.id
+    bucket          = aws_s3_object.token.bucket
+    object          = aws_s3_object.token.id
     policy_document = data.aws_iam_policy_document.getter.json
     bucket_arn      = aws_s3_bucket.bucket.arn
   }
diff --git a/variables.tf b/variables.tf
index 01b6f86..6ff5477 100644
--- a/variables.tf
+++ b/variables.tf
@@ -173,3 +173,8 @@ variable "wait_for_capacity_timeout" {
   type        = string
   default     = "10m"
 }
+
+variable "associate_public_ip_address" {
+  default = false
+  type    = bool
+}