diff --git a/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java b/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java
index 5fefed5e8d65..57d14ba41164 100644
--- a/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java
+++ b/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java
@@ -307,11 +307,7 @@ private boolean matchesAllowedHostRules(InetAddress inetAddress) {
         }
 
         public boolean isMetadataServiceEndpoint(String host) {
-            String mode = SdkSystemSetting.AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE.getStringValueOrThrow();
-            if ("IPV6".equalsIgnoreCase(mode)) {
-                return VALID_LOOP_BACK_IPV6.contains(host);
-            }
-            return VALID_LOOP_BACK_IPV4.contains(host);
+            return VALID_LOOP_BACK_IPV4.contains(host) || VALID_LOOP_BACK_IPV6.contains(host);
         }
     }
 
diff --git a/core/auth/src/test/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsEndpointProviderTest.java b/core/auth/src/test/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsEndpointProviderTest.java
index 01b3d73416f9..d59c85f6b689 100644
--- a/core/auth/src/test/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsEndpointProviderTest.java
+++ b/core/auth/src/test/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsEndpointProviderTest.java
@@ -164,6 +164,20 @@ private static Stream<Arguments> requestConstruction() {
                                                .headers(new HashMap<>())
                                                .build())),
 
+            // EKS Pod Identity sets the IPv6 container URI but does NOT set
+            // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE (that controls IMDS, not the
+            // container credentials endpoint). The IPv6 host must be allowed with the
+            // mode left at its IPv4 default.
+            Arguments.of("http link-local EKS URI with IPv6, default endpoint mode",
+                         Collections.singletonList(Pair.of(FULL_URI_ENV, EKS_CONTAINER_HOST_IPV6 + "/credentials")),
+                         EKS_CONTAINER_HOST_IPV6 + "/credentials",
+                         new Result().type("success").sdkRequest(
+                             SdkHttpFullRequest.builder()
+                                               .uri(URI.create(EKS_CONTAINER_HOST_IPV6 + "/credentials"))
+                                               .method(SdkHttpMethod.GET)
+                                               .headers(new HashMap<>())
+                                               .build())),
+
             Arguments.of("complex full URI",
                          Collections.singletonList(Pair.of(FULL_URI_ENV, COMPLEX_URI)),
                          COMPLEX_URI,