diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go
index 7f76697676..2c4d17c2c5 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go
@@ -49,7 +49,21 @@ func NewAWS() (*AWS, error) {
 
 // ParseMetadata converts AWS platform metadata into platform network config.
 func (a *AWS) ParseMetadata(metadata *MetadataConfig) (*runtime.PlatformNetworkConfig, error) {
-	networkConfig := &runtime.PlatformNetworkConfig{}
+	networkConfig := &runtime.PlatformNetworkConfig{
+		TimeServers: []network.TimeServerSpecSpec{
+			{
+				NTPServers: []string{
+					// See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-ec2-ntp.html
+					//
+					// Include both IPv4 & IPv6 addresses for the NTP servers, Talos would lock to one of them (whichever works),
+					// but it would be compatible with v4-only and v6-only deployments.
+					"169.254.169.123",
+					"fd00:ec2::123",
+				},
+				ConfigLayer: network.ConfigPlatform,
+			},
+		},
+	}
 
 	if metadata.Hostname != "" {
 		hostnameSpec := network.HostnameSpecSpec{
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected.yaml
index 15bec75e5e..cb4a4d6007 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected.yaml
@@ -6,7 +6,11 @@ hostnames:
       domainname: ""
       layer: platform
 resolvers: []
-timeServers: []
+timeServers:
+    - timeServers:
+        - 169.254.169.123
+        - fd00:ec2::123
+      layer: platform
 operators: []
 externalIPs:
     - 1.2.3.4