diff --git a/pkg/awsutils/vpc_ip_resource_limit.go b/pkg/awsutils/vpc_ip_resource_limit.go
index bc5534b3f6..57172d8f91 100644
--- a/pkg/awsutils/vpc_ip_resource_limit.go
+++ b/pkg/awsutils/vpc_ip_resource_limit.go
@@ -172,7 +172,7 @@ var InstanceNetworkingLimits = map[string]InstanceTypeLimits{
 	"c7g.8xlarge":   {ENILimit: 8, IPv4Limit: 30, HypervisorType:"nitro", IsBareMetal:false},
 	"c7g.large":     {ENILimit: 3, IPv4Limit: 10, HypervisorType:"nitro", IsBareMetal:false},
 	"c7g.medium":    {ENILimit: 2, IPv4Limit: 4, HypervisorType:"nitro", IsBareMetal:false},
-	"c7g.metal":     {ENILimit: 15, IPv4Limit: 50, HypervisorType:"unknown", IsBareMetal:true},
+	"c7g.metal":     {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:true},
 	"c7g.xlarge":    {ENILimit: 4, IPv4Limit: 15, HypervisorType:"nitro", IsBareMetal:false},
 	"cr1.8xlarge":   {ENILimit: 8, IPv4Limit: 30, HypervisorType:"unknown", IsBareMetal:false},
 	"d2.2xlarge":    {ENILimit: 4, IPv4Limit: 15, HypervisorType:"xen", IsBareMetal:false},
@@ -449,7 +449,7 @@ var InstanceNetworkingLimits = map[string]InstanceTypeLimits{
 	"p3.8xlarge":    {ENILimit: 8, IPv4Limit: 30, HypervisorType:"xen", IsBareMetal:false},
 	"p3dn.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:false},
 	"p4d.24xlarge":  {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:false},
-	"p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"unknown", IsBareMetal:false},
+	"p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:false},
 	"r3.2xlarge":    {ENILimit: 4, IPv4Limit: 15, HypervisorType:"xen", IsBareMetal:false},
 	"r3.4xlarge":    {ENILimit: 8, IPv4Limit: 30, HypervisorType:"xen", IsBareMetal:false},
 	"r3.8xlarge":    {ENILimit: 8, IPv4Limit: 30, HypervisorType:"xen", IsBareMetal:false},
diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go
index 91289818fe..ed16d9ae94 100644
--- a/pkg/ipamd/ipamd.go
+++ b/pkg/ipamd/ipamd.go
@@ -439,14 +439,8 @@ func New(rawK8SClient client.Client, cachedK8SClient client.Client) (*IPAMContex
 	checkpointer := datastore.NewJSONFile(dsBackingStorePath())
 	c.dataStore = datastore.NewDataStore(log, checkpointer, c.enablePrefixDelegation)
 
-	err = c.nodeInit()
-	if err != nil {
-		return nil, err
-	}
-
-	mac := c.awsClient.GetPrimaryENImac()
-
 	// Retrieve security groups
+	mac := c.awsClient.GetPrimaryENImac()
 	if c.enableIPv4 && !c.disableENIProvisioning {
 		err = c.awsClient.RefreshSGIDs(mac)
 		if err != nil {
@@ -458,6 +452,11 @@ func New(rawK8SClient client.Client, cachedK8SClient client.Client) (*IPAMContex
 		go wait.Forever(func() { _ = c.awsClient.RefreshSGIDs(mac) }, 30*time.Second)
 	}
 
+	err = c.nodeInit()
+	if err != nil {
+		return nil, err
+	}
+
 	return c, nil
 }
 
diff --git a/scripts/gen_vpc_ip_limits.go b/scripts/gen_vpc_ip_limits.go
index 5ee298b8ff..2187af3af3 100644
--- a/scripts/gen_vpc_ip_limits.go
+++ b/scripts/gen_vpc_ip_limits.go
@@ -201,8 +201,8 @@ func addManualLimits(limitMap map[string]awsutils.InstanceTypeLimits) map[string
 		"u-9tb1.metal":  {ENILimit: 5, IPv4Limit: 30, HypervisorType: "unknown", IsBareMetal: true},
 		"c5a.metal":     {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true},
 		"c5ad.metal":    {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true},
-		"p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: false},
-		"c7g.metal":     {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true},
+		"p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "nitro", IsBareMetal: false},
+		"c7g.metal":     {ENILimit: 15, IPv4Limit: 50, HypervisorType: "nitro", IsBareMetal: true},
 		"bmn-sf1.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true},
 	}
 	for instanceType, instanceLimits := range manuallyAddedLimits {
diff --git a/scripts/run-canary-test.sh b/scripts/run-canary-test.sh
index 666f7a46de..97680cdb49 100755
--- a/scripts/run-canary-test.sh
+++ b/scripts/run-canary-test.sh
@@ -11,10 +11,6 @@ GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build"
 TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"}
 ADC_REGIONS="us-iso-east-1 us-isob-east-1 us-iso-west-1"
 
-# authenticate into test registry
-echo "authenticate to test image registry in $REGION"
-aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${TEST_IMAGE_REGISTRY}
-
 source "$SCRIPT_DIR"/lib/add-on.sh
 source "$SCRIPT_DIR"/lib/cluster.sh
 source "$SCRIPT_DIR"/lib/canary.sh