diff --git a/pkg/cloudinit/controlplane_init.go b/pkg/cloudinit/controlplane_init.go
index 0621b628..cd480ffa 100644
--- a/pkg/cloudinit/controlplane_init.go
+++ b/pkg/cloudinit/controlplane_init.go
@@ -57,6 +57,7 @@ func NewInitControlPlane(input InitControlPlaneInput) (CloudConfig, error) {
 		config.RunCommands = append(config.RunCommands, "/capi/scripts/install.sh")
 	}
 	config.RunCommands = append(config.RunCommands,
+		"/capi/scripts/disable-host-services.sh",
 		"/capi/scripts/bootstrap.sh",
 		"/capi/scripts/load-images.sh",
 		"/capi/scripts/wait-apiserver-ready.sh",
diff --git a/pkg/cloudinit/controlplane_init_test.go b/pkg/cloudinit/controlplane_init_test.go
index f4262044..d113658c 100644
--- a/pkg/cloudinit/controlplane_init_test.go
+++ b/pkg/cloudinit/controlplane_init_test.go
@@ -66,6 +66,7 @@ func TestNewInitControlPlane(t *testing.T) {
 		"prerun1",
 		"prerun2",
 		"/capi/scripts/install.sh",
+		"/capi/scripts/disable-host-services.sh",
 		"/capi/scripts/bootstrap.sh",
 		"/capi/scripts/load-images.sh",
 		"/capi/scripts/wait-apiserver-ready.sh",
@@ -79,6 +80,7 @@ func TestNewInitControlPlane(t *testing.T) {
 
 	// NOTE (mateoflorido): Keep this test in sync with the expected paths in the controlplane_init.go file.
 	g.Expect(config.WriteFiles).To(ConsistOf(
+		HaveField("Path", "/capi/scripts/disable-host-services.sh"),
 		HaveField("Path", "/capi/scripts/install.sh"),
 		HaveField("Path", "/capi/scripts/bootstrap.sh"),
 		HaveField("Path", "/capi/scripts/load-images.sh"),
diff --git a/pkg/cloudinit/controlplane_join.go b/pkg/cloudinit/controlplane_join.go
index d5deaa22..9e1ffa16 100644
--- a/pkg/cloudinit/controlplane_join.go
+++ b/pkg/cloudinit/controlplane_join.go
@@ -46,6 +46,7 @@ func NewJoinControlPlane(input JoinControlPlaneInput) (CloudConfig, error) {
 		config.RunCommands = append(config.RunCommands, "/capi/scripts/install.sh")
 	}
 	config.RunCommands = append(config.RunCommands,
+		"/capi/scripts/disable-host-services.sh",
 		"/capi/scripts/load-images.sh",
 		"/capi/scripts/join-cluster.sh",
 		"/capi/scripts/wait-apiserver-ready.sh",
diff --git a/pkg/cloudinit/controlplane_join_test.go b/pkg/cloudinit/controlplane_join_test.go
index 9e27ab9d..a9a009ae 100644
--- a/pkg/cloudinit/controlplane_join_test.go
+++ b/pkg/cloudinit/controlplane_join_test.go
@@ -46,6 +46,7 @@ func TestNewJoinControlPlane(t *testing.T) {
 		"prerun1",
 		"prerun2",
 		"/capi/scripts/install.sh",
+		"/capi/scripts/disable-host-services.sh",
 		"/capi/scripts/load-images.sh",
 		"/capi/scripts/join-cluster.sh",
 		"/capi/scripts/wait-apiserver-ready.sh",
@@ -58,6 +59,7 @@ func TestNewJoinControlPlane(t *testing.T) {
 	// NOTE (mateoflorido): Keep this test in sync with the expected paths in the controlplane_join.go file.
 	g.Expect(config.WriteFiles).To(ConsistOf(
 		HaveField("Path", "/capi/scripts/install.sh"),
+		HaveField("Path", "/capi/scripts/disable-host-services.sh"),
 		HaveField("Path", "/capi/scripts/bootstrap.sh"),
 		HaveField("Path", "/capi/scripts/load-images.sh"),
 		HaveField("Path", "/capi/scripts/join-cluster.sh"),
diff --git a/pkg/cloudinit/embed.go b/pkg/cloudinit/embed.go
index 3344056a..1d00a962 100644
--- a/pkg/cloudinit/embed.go
+++ b/pkg/cloudinit/embed.go
@@ -16,6 +16,7 @@ type script string
 // you need to add it to the scripts map below.
 var (
 	scriptInstall                 script = "install.sh"
+	scriptDisableHostServices     script = "disable-host-services.sh"
 	scriptBootstrap               script = "bootstrap.sh"
 	scriptLoadImages              script = "load-images.sh"
 	scriptConfigureAuthToken      script = "configure-auth-token.sh" // #nosec G101
@@ -39,6 +40,7 @@ var (
 	// scripts is a map of all embedded bash scripts used in the cloud-init.
 	scripts = map[script]string{
 		scriptInstall:                 mustEmbed(scriptInstall),
+		scriptDisableHostServices:     mustEmbed(scriptDisableHostServices),
 		scriptBootstrap:               mustEmbed(scriptBootstrap),
 		scriptLoadImages:              mustEmbed(scriptLoadImages),
 		scriptConfigureAuthToken:      mustEmbed(scriptConfigureAuthToken),
diff --git a/pkg/cloudinit/scripts/disable-host-services.sh b/pkg/cloudinit/scripts/disable-host-services.sh
new file mode 100644
index 00000000..e3b38402
--- /dev/null
+++ b/pkg/cloudinit/scripts/disable-host-services.sh
@@ -0,0 +1,12 @@
+#!/bin/bash -xe
+
+# Usage:
+#   $0
+#
+# Assumptions:
+#   - systemctl is available
+
+for svc in kubelet containerd; do
+  systemctl stop "${svc}" || true
+  systemctl disable "${svc}" || true
+done
diff --git a/pkg/cloudinit/worker_join.go b/pkg/cloudinit/worker_join.go
index 16c0ecd2..c225a7b5 100644
--- a/pkg/cloudinit/worker_join.go
+++ b/pkg/cloudinit/worker_join.go
@@ -46,6 +46,7 @@ func NewJoinWorker(input JoinWorkerInput) (CloudConfig, error) {
 		config.RunCommands = append(config.RunCommands, "/capi/scripts/install.sh")
 	}
 	config.RunCommands = append(config.RunCommands,
+		"/capi/scripts/disable-host-services.sh",
 		"/capi/scripts/load-images.sh",
 		"/capi/scripts/join-cluster.sh",
 		"/capi/scripts/configure-node-token.sh",
diff --git a/pkg/cloudinit/worker_join_test.go b/pkg/cloudinit/worker_join_test.go
index c41b6d94..addadc38 100644
--- a/pkg/cloudinit/worker_join_test.go
+++ b/pkg/cloudinit/worker_join_test.go
@@ -47,6 +47,7 @@ func TestNewJoinWorker(t *testing.T) {
 		"prerun1",
 		"prerun2",
 		"/capi/scripts/install.sh",
+		"/capi/scripts/disable-host-services.sh",
 		"/capi/scripts/load-images.sh",
 		"/capi/scripts/join-cluster.sh",
 		"/capi/scripts/configure-node-token.sh",
@@ -58,6 +59,7 @@ func TestNewJoinWorker(t *testing.T) {
 	// NOTE (mateoflorido): Keep this test in sync with the expected paths in the worker_join.go file.
 	g.Expect(config.WriteFiles).To(ConsistOf(
 		HaveField("Path", "/capi/scripts/install.sh"),
+		HaveField("Path", "/capi/scripts/disable-host-services.sh"),
 		HaveField("Path", "/capi/scripts/bootstrap.sh"),
 		HaveField("Path", "/capi/scripts/load-images.sh"),
 		HaveField("Path", "/capi/scripts/join-cluster.sh"),
diff --git a/templates/aws/template-variables.rc b/templates/aws/template-variables.rc
index 4251a012..5939f9da 100644
--- a/templates/aws/template-variables.rc
+++ b/templates/aws/template-variables.rc
@@ -1,19 +1,20 @@
 # Kubernetes cluster configuration
-export KUBERNETES_VERSION=v1.30.0
-export CONTROL_PLANE_MACHINE_COUNT=                 # e.g. 1
-export WORKER_MACHINE_COUNT=
+export KUBERNETES_VERSION=v1.31.0
+export CONTROL_PLANE_MACHINE_COUNT=3
+export WORKER_MACHINE_COUNT=3
 
 # AWS region
-export AWS_REGION=""                                # e.g. "us-east-2"
+export AWS_REGION="eu-central-1"
 
 # AWS machine configuration
-export AWS_CREATE_BASTION=                          # e.g. "true"
-export AWS_PUBLIC_IP=                               # e.g. "true"
-export AWS_CONTROL_PLANE_INSTANCE_TYPE=             # e.g. "t3.large"
-export AWS_NODE_INSTANCE_TYPE=                      # e.g. "t3.large"
-export AWS_CONTROL_PLANE_ROOT_VOLUME_SIZE=          # in Gigabyte, e.g. 16
-export AWS_NODE_ROOT_VOLUME_SIZE=                   # in Gigabyte, e.g. 16
-export AWS_SSH_KEY_NAME=                            # e.g. "default"
-export AWS_AMI_ID=                                  # e.g. "ami-0ad50e72a79228704"
+export AWS_CREATE_BASTION="true"
+export AWS_PUBLIC_IP="true"
+export AWS_CONTROL_PLANE_INSTANCE_TYPE="t3.large"
+export AWS_NODE_INSTANCE_TYPE="t3.large"
+export AWS_CONTROL_PLANE_ROOT_VOLUME_SIZE=16
+export AWS_NODE_ROOT_VOLUME_SIZE=16
+export AWS_SSH_KEY_NAME="default"
+# List upstream AMIs with clusterawsadm ami list --owner-id 819546954734
+export AWS_AMI_ID="ami-027b534ab5d0b4886"
 
 export AWS_CCM_IMAGE=registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.3