diff --git a/patterns/karpenter-mng/eks.tf b/patterns/karpenter-mng/eks.tf
index 14717972f6..550e3fa7dc 100644
--- a/patterns/karpenter-mng/eks.tf
+++ b/patterns/karpenter-mng/eks.tf
@@ -61,12 +61,20 @@ module "eks" {
     }
   }
 
-  tags = merge(local.tags, {
+  # cluster_tags = merge(local.tags, {
+  #   NOTE - only use this option if you are using "attach_cluster_primary_security_group"
+  #   and you know what you're doing. In this case, you can remove the "node_security_group_tags" below.
+  #  "karpenter.sh/discovery" = local.name
+  # })
+
+  node_security_group_tags = merge(local.tags, {
     # NOTE - if creating multiple security groups with this module, only tag the
     # security group that Karpenter should utilize with the following tag
     # (i.e. - at most, only one security group should have this tag in your account)
     "karpenter.sh/discovery" = local.name
   })
+
+  tags = local.tags
 }
 
 output "configure_kubectl" {
diff --git a/patterns/karpenter-mng/main.tf b/patterns/karpenter-mng/main.tf
index c7faab9153..dd0fa19ea3 100644
--- a/patterns/karpenter-mng/main.tf
+++ b/patterns/karpenter-mng/main.tf
@@ -52,7 +52,13 @@ data "aws_ecrpublic_authorization_token" "token" {
   provider = aws.virginia
 }
 
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+  #Do not include local zones
+  filter {
+    name   = "opt-in-status"
+    values = ["opt-in-not-required"]
+  }
+}
 
 locals {
   name   = "ex-${basename(path.cwd)}"