diff --git a/upup/pkg/fi/cloudup/awsup/aws_cloud.go b/upup/pkg/fi/cloudup/awsup/aws_cloud.go
index 13be9f429f..358fb1c34d 100644
--- a/upup/pkg/fi/cloudup/awsup/aws_cloud.go
+++ b/upup/pkg/fi/cloudup/awsup/aws_cloud.go
@@ -29,6 +29,7 @@ import (
 	awsconfig "github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/eventbridge"
 	"github.com/aws/aws-sdk-go-v2/service/sqs"
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
 	"golang.org/x/sync/errgroup"
 
 	"github.com/aws/aws-sdk-go-v2/aws/arn"
@@ -50,8 +51,6 @@ import (
 	"github.com/aws/aws-sdk-go/service/iam/iamiface"
 	"github.com/aws/aws-sdk-go/service/route53"
 	"github.com/aws/aws-sdk-go/service/route53/route53iface"
-	"github.com/aws/aws-sdk-go/service/ssm"
-	"github.com/aws/aws-sdk-go/service/ssm/ssmiface"
 	"github.com/aws/aws-sdk-go/service/sts"
 	"k8s.io/klog/v2"
 
@@ -137,7 +136,7 @@ type AWSCloud interface {
 	Spotinst() spotinst.Cloud
 	SQS() awsinterfaces.SQSAPI
 	EventBridge() awsinterfaces.EventBridgeAPI
-	SSM() ssmiface.SSMAPI
+	SSM() awsinterfaces.SSMAPI
 
 	// TODO: Document and rationalize these tags/filters methods
 	AddTags(name *string, tags map[string]string)
@@ -207,7 +206,7 @@ type awsCloudImplementation struct {
 	sts         *sts.STS
 	sqs         *sqs.Client
 	eventbridge *eventbridge.Client
-	ssm         *ssm.SSM
+	ssm         *ssm.Client
 
 	region string
 
@@ -409,17 +408,7 @@ func NewAWSCloud(region string, tags map[string]string) (AWSCloud, error) {
 
 		c.sqs = sqs.NewFromConfig(cfgV2)
 		c.eventbridge = eventbridge.NewFromConfig(cfgV2)
-
-		sess, err = session.NewSessionWithOptions(session.Options{
-			Config:            *config,
-			SharedConfigState: session.SharedConfigEnable,
-		})
-		if err != nil {
-			return c, err
-		}
-		c.ssm = ssm.New(sess, config)
-		c.ssm.Handlers.Send.PushFront(requestLogger)
-		c.addHandlers(region, &c.ssm.Handlers)
+		c.ssm = ssm.NewFromConfig(cfgV2)
 
 		updateAwsCloudInstances(region, c)
 
@@ -2044,16 +2033,16 @@ func describeVPC(c AWSCloud, vpcID string) (*ec2.Vpc, error) {
 // owner/name in which case we find the image with the specified name, owned by owner
 // name in which case we find the image with the specified name, with the current owner
 func (c *awsCloudImplementation) ResolveImage(name string) (*ec2.Image, error) {
-	return resolveImage(c.ssm, c.ec2, name)
+	return resolveImage(context.TODO(), c.ssm, c.ec2, name)
 }
 
-func resolveSSMParameter(ssmClient ssmiface.SSMAPI, name string) (string, error) {
+func resolveSSMParameter(ctx context.Context, ssmClient awsinterfaces.SSMAPI, name string) (string, error) {
 	klog.V(2).Infof("Resolving SSM parameter %q", name)
 	request := &ssm.GetParameterInput{
 		Name: aws.String(name),
 	}
 
-	response, err := ssmClient.GetParameter(request)
+	response, err := ssmClient.GetParameter(ctx, request)
 	if err != nil {
 		return "", fmt.Errorf("failed to get value for SSM parameter: %w", err)
 	}
@@ -2061,7 +2050,7 @@ func resolveSSMParameter(ssmClient ssmiface.SSMAPI, name string) (string, error)
 	return aws.StringValue(response.Parameter.Value), nil
 }
 
-func resolveImage(ssmClient ssmiface.SSMAPI, ec2Client ec2iface.EC2API, name string) (*ec2.Image, error) {
+func resolveImage(ctx context.Context, ssmClient awsinterfaces.SSMAPI, ec2Client ec2iface.EC2API, name string) (*ec2.Image, error) {
 	// TODO: Cache this result during a single execution (we get called multiple times)
 	klog.V(2).Infof("Calling DescribeImages to resolve name %q", name)
 	request := &ec2.DescribeImagesInput{}
@@ -2072,7 +2061,7 @@ func resolveImage(ssmClient ssmiface.SSMAPI, ec2Client ec2iface.EC2API, name str
 	} else if strings.HasPrefix(name, "ssm:") {
 		parameter := strings.TrimPrefix(name, "ssm:")
 
-		image, err := resolveSSMParameter(ssmClient, parameter)
+		image, err := resolveSSMParameter(ctx, ssmClient, parameter)
 		if err != nil {
 			return nil, err
 		}
@@ -2230,7 +2219,7 @@ func (c *awsCloudImplementation) EventBridge() awsinterfaces.EventBridgeAPI {
 	return c.eventbridge
 }
 
-func (c *awsCloudImplementation) SSM() ssmiface.SSMAPI {
+func (c *awsCloudImplementation) SSM() awsinterfaces.SSMAPI {
 	return c.ssm
 }
 
diff --git a/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go b/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go
index e1ebcf6dd8..5d044ffb00 100644
--- a/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go
+++ b/upup/pkg/fi/cloudup/awsup/mock_aws_cloud.go
@@ -32,7 +32,6 @@ import (
 	"github.com/aws/aws-sdk-go/service/elbv2/elbv2iface"
 	"github.com/aws/aws-sdk-go/service/iam/iamiface"
 	"github.com/aws/aws-sdk-go/service/route53/route53iface"
-	"github.com/aws/aws-sdk-go/service/ssm/ssmiface"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/klog/v2"
 	"k8s.io/kops/dnsprovider/pkg/dnsprovider"
@@ -87,7 +86,7 @@ type MockCloud struct {
 	MockSpotinst    spotinst.Cloud
 	MockSQS         awsinterfaces.SQSAPI
 	MockEventBridge awsinterfaces.EventBridgeAPI
-	MockSSM         ssmiface.SSMAPI
+	MockSSM         awsinterfaces.SSMAPI
 }
 
 func (c *MockAWSCloud) DeleteGroup(g *cloudinstances.CloudInstanceGroup) error {
@@ -228,7 +227,7 @@ func (c *MockAWSCloud) DescribeVPC(vpcID string) (*ec2.Vpc, error) {
 }
 
 func (c *MockAWSCloud) ResolveImage(name string) (*ec2.Image, error) {
-	return resolveImage(c.MockSSM, c.MockEC2, name)
+	return resolveImage(context.TODO(), c.MockSSM, c.MockEC2, name)
 }
 
 func (c *MockAWSCloud) WithTags(tags map[string]string) AWSCloud {
@@ -301,7 +300,7 @@ func (c *MockAWSCloud) EventBridge() awsinterfaces.EventBridgeAPI {
 	return c.MockEventBridge
 }
 
-func (c *MockAWSCloud) SSM() ssmiface.SSMAPI {
+func (c *MockAWSCloud) SSM() awsinterfaces.SSMAPI {
 	if c.MockSSM == nil {
 		klog.Fatalf("MockSSM not set")
 	}
diff --git a/util/pkg/awsinterfaces/ssm.go b/util/pkg/awsinterfaces/ssm.go
new file mode 100644
index 0000000000..b42a22c99b
--- /dev/null
+++ b/util/pkg/awsinterfaces/ssm.go
@@ -0,0 +1,27 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package awsinterfaces
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
+)
+
+type SSMAPI interface {
+	GetParameter(ctx context.Context, input *ssm.GetParameterInput, optFns ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)
+}