diff --git a/templates/al2/provisioners/cache-pause-container.sh b/templates/al2/provisioners/cache-pause-container.sh
index 3b01e34ad..3cc817321 100755
--- a/templates/al2/provisioners/cache-pause-container.sh
+++ b/templates/al2/provisioners/cache-pause-container.sh
@@ -6,4 +6,18 @@ set -o pipefail
 
 AWS_DOMAIN=$(imds 'latest/meta-data/services/domain')
 ECR_URI="$(/etc/eks/get-ecr-uri.sh ${AWS_REGION} ${AWS_DOMAIN})"
-cache-pause-container "${ECR_URI}/eks/pause:3.5"
+
+TAG="localhost/kubernetes/pause:0.1.0"
+EXPORT_PATH=/etc/eks/pause.tar
+
+sudo systemctl start containerd
+cache-pause-container -i "${ECR_URI}/eks/pause:3.5" -t ${TAG} -e ${EXPORT_PATH}
+sudo systemctl stop containerd
+
+# we also need to import the image into docker, which is still default on 1.23
+# and supportted below 1.25.
+if vercmp ${KUBERNETES_VERSION} lt "1.25"; then
+  sudo systemctl start docker
+  sudo docker image import ${EXPORT_PATH} ${TAG}
+  sudo systemctl stop docker
+fi
diff --git a/templates/al2/template.json b/templates/al2/template.json
index 7bb79eb50..fdc98ddf9 100644
--- a/templates/al2/template.json
+++ b/templates/al2/template.json
@@ -216,7 +216,8 @@
         "AWS_ACCESS_KEY_ID={{user `aws_access_key_id`}}",
         "AWS_SECRET_ACCESS_KEY={{user `aws_secret_access_key`}}",
         "AWS_SESSION_TOKEN={{user `aws_session_token`}}",
-        "AWS_REGION={{user `aws_region`}}"
+        "AWS_REGION={{user `aws_region`}}",
+        "KUBERNETES_VERSION={{user `kubernetes_version`}}"
       ]
     },
     {
diff --git a/templates/al2023/provisioners/cache-pause-container.sh b/templates/al2023/provisioners/cache-pause-container.sh
index f690defea..c9472bd46 100755
--- a/templates/al2023/provisioners/cache-pause-container.sh
+++ b/templates/al2023/provisioners/cache-pause-container.sh
@@ -4,4 +4,6 @@ set -o nounset
 set -o errexit
 set -o pipefail
 
-cache-pause-container "$(nodeadm runtime ecr-uri)/eks/pause:3.5"
+sudo systemctl start containerd
+cache-pause-container -i "$(nodeadm runtime ecr-uri)/eks/pause:3.5"
+sudo systemctl stop containerd
diff --git a/templates/shared/runtime/bin/cache-pause-container b/templates/shared/runtime/bin/cache-pause-container
index 17bb1c2e9..a59215a63 100755
--- a/templates/shared/runtime/bin/cache-pause-container
+++ b/templates/shared/runtime/bin/cache-pause-container
@@ -4,16 +4,20 @@ set -o nounset
 set -o errexit
 set -o pipefail
 
-PAUSE_CONTAINER=${1}
-LOCAL_REF=${2:-"localhost/kubernetes/pause:0.1.0"}
+TAG="localhost/kubernetes/pause:0.1.0"
+EXPORT_PATH=/etc/eks/pause.tar
 
-sudo systemctl start containerd
+while getopts 'i:t:e:' OPTION; do
+  case "$OPTION" in
+    i) PAUSE_CONTAINER_IMAGE="$OPTARG";;
+    t) TAG="$OPTARG";;
+    e) EXPORT_PATH="$OPTARG";;
+  esac
+done
 
-sudo ctr --namespace k8s.io content fetch ${PAUSE_CONTAINER} --user AWS:$(aws ecr get-login-password)
-sudo ctr --namespace k8s.io image tag ${PAUSE_CONTAINER} ${LOCAL_REF}
+sudo ctr --namespace k8s.io content fetch ${PAUSE_CONTAINER_IMAGE} --user AWS:$(aws ecr get-login-password)
+sudo ctr --namespace k8s.io image tag ${PAUSE_CONTAINER_IMAGE} ${TAG}
 # store the archive locally just in case so that it can be imported in the future.
-sudo ctr --namespace k8s.io image export /etc/eks/pause.tar ${LOCAL_REF}
+sudo ctr --namespace k8s.io image export ${EXPORT_PATH} ${TAG}
 # labels the image using a CRI aware key. might not be necessary
-sudo ctr --namespace=k8s.io image label ${LOCAL_REF} io.cri-containerd.pinned=pinned
-
-sudo systemctl stop containerd
+sudo ctr --namespace k8s.io image label ${TAG} io.cri-containerd.pinned=pinned