diff --git a/.github/workflows/update-generated.yaml b/.github/workflows/update-generated.yaml
index e584663fa2..6de8fb9d13 100644
--- a/.github/workflows/update-generated.yaml
+++ b/.github/workflows/update-generated.yaml
@@ -2,7 +2,7 @@ name: Update generated files
 on:
   workflow_dispatch: {}
   schedule:
-    - cron: "0 5 * * Thu"
+  - cron: "0 5 * * Thu"
 
 permissions:
   id-token: write
@@ -15,47 +15,47 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        resource: ["coredns", "aws-node"]    
+        resource: ["coredns", "aws-node", "nvidia-device-plugin"]
     name: Update ${{ matrix.resource }} and open PR
     runs-on: ubuntu-latest
     container: public.ecr.aws/eksctl/eksctl-build:833f4464e865a6398788bf6cbc5447967b8974b7
     env:
       GOPRIVATE: ""
     steps:
-      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
-        with:
-          token: ${{ secrets.EKSCTLBOT_TOKEN }}
-          fetch-depth: 0
-      - name: Configure AWS credentials for coredns update
-        if: ${{ matrix.resource == 'coredns' }}
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          aws-region: us-west-2
-          role-duration-seconds: 900
-          role-session-name: eksctl-update-coredns-assets
-          role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }}
-      - name: Setup identity as eksctl-bot
-        uses: ./.github/actions/setup-identity
-        with:
-          token: "${{ secrets.EKSCTLBOT_TOKEN }}"
-      - name: Cache go-build and mod
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
-        with:
-          path: |
-            ~/.cache/go-build/
-            ~/go/pkg/mod/
-          key: go-${{ hashFiles('go.sum') }}
-          restore-keys: |
-            go-
-      - name: Update ${{ matrix.resource }}
-        run: make update-${{ matrix.resource }}
-      - name: Upsert pull request
-        uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2
-        with:
-          token: ${{ secrets.EKSCTLBOT_TOKEN }}
-          commit-message: update ${{ matrix.resource }}
-          committer: eksctl-bot <eksctl-bot@users.noreply.github.com>
-          title: 'Update ${{ matrix.resource }}'
-          branch: update-${{ matrix.resource }}
-          labels: area/tech-debt
+    - name: Checkout
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
+      with:
+        token: ${{ secrets.EKSCTLBOT_TOKEN }}
+        fetch-depth: 0
+    - name: Configure AWS credentials for coredns update
+      if: ${{ matrix.resource == 'coredns' }}
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      with:
+        aws-region: us-west-2
+        role-duration-seconds: 900
+        role-session-name: eksctl-update-coredns-assets
+        role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }}
+    - name: Setup identity as eksctl-bot
+      uses: ./.github/actions/setup-identity
+      with:
+        token: "${{ secrets.EKSCTLBOT_TOKEN }}"
+    - name: Cache go-build and mod
+      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
+      with:
+        path: |
+          ~/.cache/go-build/
+          ~/go/pkg/mod/
+        key: go-${{ hashFiles('go.sum') }}
+        restore-keys: |
+          go-
+    - name: Update ${{ matrix.resource }}
+      run: make update-${{ matrix.resource }}
+    - name: Upsert pull request
+      uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2
+      with:
+        token: ${{ secrets.EKSCTLBOT_TOKEN }}
+        commit-message: update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }}
+        committer: eksctl-bot <eksctl-bot@users.noreply.github.com>
+        title: 'Update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }}'
+        branch: update-${{ matrix.resource }}
+        labels: area/tech-debt
diff --git a/Makefile b/Makefile
index 6ed100d875..31b27f4c32 100644
--- a/Makefile
+++ b/Makefile
@@ -160,6 +160,9 @@ generate-all: generate-always $(conditionally_generated_files) ## Re-generate al
 check-all-generated-files-up-to-date: generate-all ## Run the generate all command and verify there is no new diff
 	git diff --quiet -- $(conditionally_generated_files) || (git --no-pager diff $(conditionally_generated_files); echo "HINT: to fix this, run 'git commit $(conditionally_generated_files) --message \"Update generated files\"'"; exit 1)
 
+.PHONY: update-nvidia-device-plugin
+update-nvidia-device-plugin: ## fetch the latest static manifest
+	pkg/addons/assets/scripts/update_nvidia_device_plugin.sh
 
 .PHONY: update-aws-node
 update-aws-node: ## Re-download the aws-node manifests from AWS
diff --git a/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh b/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh
new file mode 100755
index 0000000000..1ae0da602e
--- /dev/null
+++ b/pkg/addons/assets/scripts/update_nvidia_device_plugin.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+get_latest_release_tag() {
+  curl -sL https://api.github.com/repos/NVIDIA/k8s-device-plugin/releases/latest | jq -r '.tag_name'
+}
+
+latest_release_tag=$(get_latest_release_tag)
+
+# Check if the latest release tag was found
+if [ -z "$latest_release_tag" ]; then
+  echo "Could not find the latest release tag."
+  exit 1
+fi
+
+# If running in GitHub Actions, export the release tag for use in the workflow
+if [ "$GITHUB_ACTIONS" = "true" ]; then
+  echo "LATEST_RELEASE_TAG= to $latest_release_tag" >> $GITHUB_ENV
+else
+  echo "Found the latest release tag: $latest_release_tag"
+fi
+
+assets_addons_dir="pkg/addons/assets"
+
+curl -sL "https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/$latest_release_tag/deployments/static/nvidia-device-plugin.yml" -o "$assets_addons_dir/nvidia-device-plugin.yaml"
+
+
+# Check if the download was successful
+if [ $? -eq 0 ]; then
+  echo "Downloaded the latest NVIDIA device plugin manifest to $assets_addons_dir/nvidia-device-plugin.yaml"
+else
+  echo "Failed to download the NVIDIA device plugin manifest."
+  exit 1
+fi
diff --git a/pkg/addons/default/assets/aws-node.yaml b/pkg/addons/default/assets/aws-node.yaml
index a251eb4951..a4c3788a03 100644
--- a/pkg/addons/default/assets/aws-node.yaml
+++ b/pkg/addons/default/assets/aws-node.yaml
@@ -266,7 +266,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -278,7 +278,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -297,7 +297,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -343,7 +343,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -363,7 +363,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -384,7 +384,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.1
+        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.2
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -405,7 +405,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.1
+          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.2
           ports:
             - containerPort: 61678
               name: metrics
@@ -469,7 +469,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.18.1"
+              value: "v1.18.2"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -504,7 +504,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1
+          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2
           env:
             - name: MY_NODE_NAME
               valueFrom:
@@ -516,6 +516,7 @@ spec:
             - --enable-network-policy=false
             - --enable-cloudwatch-logs=false
             - --enable-policy-event-logs=false
+            - --log-file=/var/log/aws-routed-eni/network-policy-agent.log
             - --metrics-bind-addr=:8162
             - --health-probe-bind-addr=:8163
             - --conntrack-cache-cleanup-period=300
@@ -557,6 +558,7 @@ spec:
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
+          type: FileOrCreate
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/pkg/addons/default/aws_node_test.go b/pkg/addons/default/aws_node_test.go
index d7de3cd751..8054a053d2 100644
--- a/pkg/addons/default/aws_node_test.go
+++ b/pkg/addons/default/aws_node_test.go
@@ -61,7 +61,7 @@ var _ = Describe("AWS Node", func() {
 
 	Describe("UpdateAWSNode", func() {
 		var preUpdateAwsNode *v1.DaemonSet
-		const expectedVersion = "v1.18.1"
+		const expectedVersion = "v1.18.2"
 		BeforeEach(func() {
 			loadSamples(rawClient, "testdata/sample-1.15.json")
 
diff --git a/pkg/addons/default/scripts/update_aws_node.sh b/pkg/addons/default/scripts/update_aws_node.sh
index 6f17d9c96e..f29ac75cc4 100755
--- a/pkg/addons/default/scripts/update_aws_node.sh
+++ b/pkg/addons/default/scripts/update_aws_node.sh
@@ -9,12 +9,31 @@ get_latest_release_tag() {
 
 latest_release_tag=$(get_latest_release_tag)
 
+# Check if the latest release tag was found
+if [ -z "$latest_release_tag" ]; then
+  echo "Could not find the latest release tag."
+  exit 1
+fi
+
+# If running in GitHub Actions, export the release tag for use in the workflow
+if [ "$GITHUB_ACTIONS" = "true" ]; then
+  echo "LATEST_RELEASE_TAG= to $latest_release_tag" >> $GITHUB_ENV
+else
+  echo "Found the latest release tag: $latest_release_tag"
+fi
+
 default_addons_dir="pkg/addons/default"
 
 # Download the latest aws-k8s-cni.yaml file
 curl -sL "$base_url$latest_release_tag/config/master/aws-k8s-cni.yaml?raw=1" --output "$default_addons_dir/assets/aws-node.yaml"
 
-echo "found latest release tag:" $latest_release_tag
+# Check if the download was successful
+if [ $? -eq 0 ]; then
+  echo "Downloaded the latest AWS Node manifest to $default_addons_dir/assets/aws-node.yaml"
+else
+  echo "Failed to download the latest AWS Node manifest."
+  exit 1
+fi
 
 # Update the unit test file
 sed -i "s/expectedVersion = \"\(.*\)\"/expectedVersion = \"$latest_release_tag\"/g" "$default_addons_dir/aws_node_test.go"