diff --git a/aws/scripts/cloud-init-cratedb-rpm.tftpl b/aws/scripts/cloud-init-cratedb-rpm.tftpl
index 7d010cc..ee98564 100644
--- a/aws/scripts/cloud-init-cratedb-rpm.tftpl
+++ b/aws/scripts/cloud-init-cratedb-rpm.tftpl
@@ -95,8 +95,19 @@ write_files:
     owner: root:root
     path: /etc/default/crate
     permissions: "0755"
+  - content: |
+      # Certain load balancers (i.e. AWS NLB) terminate idle connections.
+      # We set explicit TCP keepalives so that this does not happen.
+      # https://github.com/crate/crate-operator/commit/383c5f4795e58fe1a61fab0cfdfba4e294953f9f
+      net.ipv4.tcp_keepalive_time = 120
+      net.ipv4.tcp_keepalive_intvl = 30
+      net.ipv4.tcp_keepalive_probes = 6
+    owner: root:root
+    path: /etc/sysctl.d/90-crate-net.conf
+    permissions: "0644"
 
 runcmd:
+  - sysctl -p /etc/sysctl.d/90-crate-net.conf
   - openssl pkcs12 -export -in /etc/crate/certificate.pem -inkey /etc/crate/private_key.pem -certfile /etc/crate/certificate.pem -out /etc/crate/keystore.p12 -passout pass:changeit
   - rm /etc/crate/certificate.pem && rm /etc/crate/private_key.pem
   - dnf install -y crate
diff --git a/aws/scripts/cloud-init-cratedb-tar.tftpl b/aws/scripts/cloud-init-cratedb-tar.tftpl
index 77404fc..d2a0cad 100644
--- a/aws/scripts/cloud-init-cratedb-tar.tftpl
+++ b/aws/scripts/cloud-init-cratedb-tar.tftpl
@@ -140,8 +140,21 @@ write_files:
     owner: root:root
     path: /usr/lib/systemd/system/crate.service
     permissions: "0444"
+  - content: |
+      vm.max_map_count = 262144
+
+      # Certain load balancers (i.e. AWS NLB) terminate idle connections.
+      # We set explicit TCP keepalives so that this does not happen.
+      # https://github.com/crate/crate-operator/commit/383c5f4795e58fe1a61fab0cfdfba4e294953f9f
+      net.ipv4.tcp_keepalive_time = 120
+      net.ipv4.tcp_keepalive_intvl = 30
+      net.ipv4.tcp_keepalive_probes = 6
+    owner: root:root
+    path: /etc/sysctl.d/90-crate-net.conf
+    permissions: "0644"
 
 runcmd:
+  - sysctl -p /etc/sysctl.d/90-crate-net.conf
   - groupadd -r crate
   - useradd -r -g crate -d /opt/crate -s /sbin/nologin -c "Dude, it's a storage!" crate
   - chown -R crate:crate /opt/data