diff --git a/CHANGELOG.md b/CHANGELOG.md
index bbaec5d4..dc5f2969 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add new annotation for vintage irsa domain which is only used for migrating vintage clusters.
 - Use 443 as the default api-server Load Balancer port.
 
+### Changed
+
+- Remove allow-all cilium network policies.
+
 ## [0.56.0] - 2024-01-08
 
 ### Changed
diff --git a/helm/cluster-aws/templates/cilium-helmrelease.yaml b/helm/cluster-aws/templates/cilium-helmrelease.yaml
index e963dfe4..00d772ef 100644
--- a/helm/cluster-aws/templates/cilium-helmrelease.yaml
+++ b/helm/cluster-aws/templates/cilium-helmrelease.yaml
@@ -19,7 +19,8 @@ hubble:
         operator: "Exists"
         effect: "NoSchedule"
 defaultPolicies:
-  enabled: true
+  enabled: false
+  removed: true
 
   tolerations:
     - effect: NoSchedule