diff --git a/calico/getting-started/kubernetes/managed-public-cloud/eks.mdx b/calico/getting-started/kubernetes/managed-public-cloud/eks.mdx
index 4d99f037a1..4dd7155c40 100644
--- a/calico/getting-started/kubernetes/managed-public-cloud/eks.mdx
+++ b/calico/getting-started/kubernetes/managed-public-cloud/eks.mdx
@@ -35,9 +35,6 @@ When using the Amazon VPC CNI plugin, $[prodname] does not support enforcement o
 
 :::
 
-***Prerequisites***
-
-* You [disabled network policy for the AWS VPC CNI](https://docs.aws.amazon.com/eks/latest/userguide/network-policy-disable.html). 
 
 1. First, create an Amazon EKS cluster.
 
@@ -45,6 +42,25 @@ When using the Amazon VPC CNI plugin, $[prodname] does not support enforcement o
    eksctl create cluster --name  <my-calico-cluster>
    ```
 
+   Do **not** enable [network policy for the AWS VPC CNI](https://docs.aws.amazon.com/eks/latest/userguide/network-policy-disable.html); it conflicts with $[prodname].
+
+1. Configure AWS VPC CNI to [annotate Pods with their IPs](https://github.com/aws/amazon-vpc-cni-k8s?tab=readme-ov-file#annotate_pod_ip-v193).
+   Note the requirement to grant the "patch" permission to the `aws-node` daemon set to avoid permission errors.
+   This setting ensures that pod IPs propagate quickly from AWS VPC CNI to $[prodname].
+
+    ```bash
+    cat << EOF > append.yaml
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      verbs:
+      - patch
+    EOF
+    kubectl apply -f <(cat <(kubectl get clusterrole aws-node -o yaml) append.yaml)
+    kubectl set env  -n kube-system daemonset/aws-node ANNOTATE_POD_IP=true
+    ```
+
 1. Install the Tigera Operator and custom resource definitions.
 
    ```bash