diff --git a/install/infra/modules/eks/output.tf b/install/infra/modules/eks/output.tf
index 6c3a6f141625c6..6c7815eaf2544d 100644
--- a/install/infra/modules/eks/output.tf
+++ b/install/infra/modules/eks/output.tf
@@ -24,6 +24,16 @@ output "secretAccessKey" {
   value     = try("${aws_iam_access_key.edns[0].secret}", "")
 }
 
+output "oidc_provider_arn" {
+  sensitive = false
+  value     = module.eks.oidc_provider_arn
+}
+
+output "cluster_id" {
+  sensitive = false
+  value     = module.eks.cluster_id
+}
+
 output "cert_manager_issuer" {
   value = try({
     region = var.region
diff --git a/install/infra/modules/tools/aws-cluster-autoscaler/main.tf b/install/infra/modules/tools/aws-cluster-autoscaler/main.tf
new file mode 100644
index 00000000000000..b7c8743b4d8678
--- /dev/null
+++ b/install/infra/modules/tools/aws-cluster-autoscaler/main.tf
@@ -0,0 +1,70 @@
+variable "kubeconfig" {
+  description = "Path to the KUBECONFIG file to connect to the cluster"
+  default     = "./kubeconfig"
+}
+
+variable "region" {}
+variable "cluster_name" {}
+variable "cluster_id" {}
+variable "oidc_provider_arn" {}
+
+provider "helm" {
+  kubernetes {
+    config_path = var.kubeconfig
+  }
+}
+
+module "cluster_autoscaler_irsa_role" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 4.12"
+
+  role_name_prefix                 = "cluster-autoscaler"
+  attach_cluster_autoscaler_policy = true
+  cluster_autoscaler_cluster_ids   = [var.cluster_id]
+
+  oidc_providers = {
+    ex = {
+      provider_arn               = var.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:cluster-autoscaler"]
+    }
+  }
+}
+
+# AWS cluster auto-scaler Deployment using Helm
+resource "helm_release" "cluster_autoscaler" {
+  name       = "cluster-autoscaler"
+  repository = "https://kubernetes.github.io/autoscaler"
+  chart      = "cluster-autoscaler"
+  version    = "9.20.1"
+  namespace  = "kube-system"
+
+  values = [
+    jsonencode({
+      cloudProvider = "aws"
+      awsRegion     = var.region
+      autoDiscovery = {
+        clusterName = var.cluster_name
+      }
+
+      rbac = {
+        serviceAccount = {
+          name = "cluster-autoscaler"
+          annotations = {
+            "eks.amazonaws.com/role-arn" = module.cluster_autoscaler_irsa_role.iam_role_arn
+          }
+          create = true
+        }
+      }
+
+      securityContext = {
+        fsGroup = 65534
+      }
+      extraArgs = {
+        skip-nodes-with-local-storage = false
+        balance-similar-node-groups   = true
+      }
+
+    })
+  ]
+
+}
diff --git a/install/infra/single-cluster/aws/Makefile b/install/infra/single-cluster/aws/Makefile
index 927522d366f4f3..557aba55732dc5 100644
--- a/install/infra/single-cluster/aws/Makefile
+++ b/install/infra/single-cluster/aws/Makefile
@@ -26,7 +26,11 @@ plan-cluster:
 	@terraform plan -target=module.eks
 
 .PHONY: plan-tools
-plan-tools: plan-cm-edns plan-cluster-issuer
+plan-tools: plan-cm-edns plan-cluster-issuer plan-cluster-autoscaler
+
+.PHONY: plan-cluster-autoscaler
+plan-cluster-autoscaler:
+	@terraform plan -target=module.cluster-autoscaler
 
 .PHONY: plan-cm-edns
 plan-cm-edns:
@@ -41,7 +45,11 @@ apply-cluster:
 	@terraform apply -target=module.eks --auto-approve
 
 .PHONY: apply-tools
-apply-tools: install-cm-edns install-cluster-issuer
+apply-tools: install-cm-edns install-cluster-issuer install-cluster-autoscaler
+
+.PHONY: install-cluster-autoscaler
+install-cluster-autoscaler:
+	@terraform apply -target=module.cluster-autoscaler --auto-approve
 
 .PHONY: install-cm-edns
 install-cm-edns:
@@ -56,7 +64,11 @@ destroy-cluster:
 	@terraform destroy -target=module.eks --auto-approve
 
 .PHONY: destroy-tools
-destroy-tools: destroy-cluster-issuer destroy-cm-edns
+destroy-tools: destroy-cluster-issuer destroy-cm-edns destroy-cluster-autoscaler
+
+.PHONY: destroy-cluster-autoscaler
+destroy-cluster-autoscaler:
+	@terraform destroy -target=module.cluster-autoscaler --auto-approve
 
 .PHONY: destroy-cm-edns
 destroy-cm-edns:
diff --git a/install/infra/single-cluster/aws/tools.tf b/install/infra/single-cluster/aws/tools.tf
index 400eb943674765..657804c084a79c 100644
--- a/install/infra/single-cluster/aws/tools.tf
+++ b/install/infra/single-cluster/aws/tools.tf
@@ -20,3 +20,12 @@ module "cluster-issuer" {
   secretAccessKey     = module.eks.secretAccessKey
   issuer_name         = "route53"
 }
+
+module "cluster-autoscaler" {
+  source            = "../../modules/tools/aws-cluster-autoscaler"
+  kubeconfig        = var.kubeconfig
+  region            = var.region
+  cluster_name      = var.cluster_name
+  cluster_id        = module.eks.cluster_id
+  oidc_provider_arn = module.eks.oidc_provider_arn
+}