diff --git a/eks-service-definition.yml b/eks-service-definition.yml
index eaac1545..a9ca1242 100644
--- a/eks-service-definition.yml
+++ b/eks-service-definition.yml
@@ -49,6 +49,10 @@ provision:
     required: false
     type: array
     details: "A list of the desired AWS Compute types that the nodes will be launched with (e.g. [\"m5.large\"])"
+  - field_name: single_az
+    required: false
+    type: boolean
+    details: "Specify whether the managed node group should span only a single availability zone"
 
   computed_inputs:
   - name: instance_name
@@ -89,9 +93,9 @@ provision:
     type: array
     default: ["m5.large"]
     overwrite: true
-  - name: install_vpc_cni
+  - name: single_az
     type: boolean
-    default: true
+    default: false
     overwrite: true
 
   outputs:
diff --git a/terraform/modules/provision-aws/eks.tf b/terraform/modules/provision-aws/eks.tf
index 5f600c47..a756f938 100644
--- a/terraform/modules/provision-aws/eks.tf
+++ b/terraform/modules/provision-aws/eks.tf
@@ -109,6 +109,7 @@ module "eks" {
       launch_template_name = "${local.cluster_name}-lt"
       name                 = "${local.cluster_name}"
       ami_id               = data.aws_ami.gsa-ise.id
+      subnet_ids           = var.single_az ? [module.vpc.private_subnets[0]] : module.vpc.private_subnets
 
       enable_bootstrap_user_data = true
       bootstrap_extra_args       = "--container-runtime dockerd"
@@ -309,10 +310,10 @@ data "template_file" "kubeconfig" {
 
 resource "local_sensitive_file" "kubeconfig" {
   # Only create the file if requested; it's not needed by provisioners
-  count             = var.write_kubeconfig ? 1 : 0
-  content           = data.template_file.kubeconfig.rendered
-  filename          = local.kubeconfig_name
-  file_permission   = "0600"
+  count           = var.write_kubeconfig ? 1 : 0
+  content         = data.template_file.kubeconfig.rendered
+  filename        = local.kubeconfig_name
+  file_permission = "0600"
 }
 
 
diff --git a/terraform/modules/provision-aws/variables.tf b/terraform/modules/provision-aws/variables.tf
index ceace970..23651efe 100644
--- a/terraform/modules/provision-aws/variables.tf
+++ b/terraform/modules/provision-aws/variables.tf
@@ -45,3 +45,8 @@ variable "write_kubeconfig" {
   type    = bool
   default = false
 }
+
+variable "single_az" {
+  type    = bool
+  default = false
+}
diff --git a/terraform/modules/provision-k8s/k8s-persistent-storage.tf b/terraform/modules/provision-k8s/k8s-persistent-storage.tf
index a024b574..74674f83 100644
--- a/terraform/modules/provision-k8s/k8s-persistent-storage.tf
+++ b/terraform/modules/provision-k8s/k8s-persistent-storage.tf
@@ -11,4 +11,22 @@ resource "kubernetes_storage_class" "ebs-sc" {
   # https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html
   storage_provisioner    = "kubernetes.io/aws-ebs"
   allow_volume_expansion = true
+
+  # Ensure volumes are created in the correct topology (specifically availability zone)
+  # https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
+  volume_binding_mode    = "WaitForFirstConsumer"
+
+  # The following code uses an optional nested block to define EBS volume parameters
+  # References:
+  # - https://codeinthehole.com/tips/conditional-nested-blocks-in-terraform/
+  # - https://medium.com/@business_99069/terraform-0-12-conditional-block-7d166e4abcbf
+  allowed_topologies {
+    dynamic "match_label_expressions" {
+      for_each = var.single_az ? [1] : []
+      content {
+        key    = "topology.ebs.csi.aws.com/zone"
+        values = ["${var.region}a"]
+      }
+    }
+  }
 }