diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6a845515a..14eb7f103 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Add `controlPlane.allowList` to configure control plane load balancer ingress rules. It always adds GiantSwarm VPN IPs.
+- Add `controlPlane.allowList` to configure control plane load balancer ingress rules.
 
 ### Changed
 
diff --git a/helm/cluster-aws/templates/_aws_cluster.tpl b/helm/cluster-aws/templates/_aws_cluster.tpl
index b4c37f6af..39b60d6f6 100644
--- a/helm/cluster-aws/templates/_aws_cluster.tpl
+++ b/helm/cluster-aws/templates/_aws_cluster.tpl
@@ -32,17 +32,15 @@ spec:
     {{- end }}
   controlPlaneLoadBalancer:
     scheme: {{ if (eq .Values.controlPlane.apiMode "public") }}internet-facing{{ else }}internal{{ end }}
+    {{- if .Values.controlPlane.allowList }}
     ingressRules:
     - description: "Kubernetes API"
       protocol: tcp
       fromPort: 6443
       toPort: 6443
       cidrBlocks:
-      - 95.179.153.65/32
-      - 185.102.95.187/32
-      {{- if .Values.controlPlane.allowList }}
       {{- toYaml .Values.controlPlane.allowList | nindent 6 }}
-      {{- end }}
+    {{- end }}
   network:
     cni:
       cniIngressRules: