diff --git a/modules/compute_instance/README.md b/modules/compute_instance/README.md
index 15da6fed..b0d28d8b 100644
--- a/modules/compute_instance/README.md
+++ b/modules/compute_instance/README.md
@@ -23,6 +23,7 @@ See the [simple](https://github.com/terraform-google-modules/terraform-google-vm
 | hostname\_suffix\_separator | Separator character to compose hostname when add\_hostname\_suffix is set to true. | `string` | `"-"` | no |
 | instance\_template | Instance template self\_link used to create compute instances | `string` | n/a | yes |
 | ipv6\_access\_config | IPv6 access configurations. Currently a max of 1 IPv6 access configuration is supported. If not specified, the instance will have no external IPv6 Internet access. | <pre>list(object({<br>    network_tier = string<br>  }))</pre> | `[]` | no |
+| labels | (Optional) Labels to override those from the template, provided as a map | `map(string)` | `null` | no |
 | network | Network to deploy to. Only one of network or subnetwork should be specified. | `string` | `""` | no |
 | num\_instances | Number of instances to create. This value is ignored if static\_ips is provided. | `number` | `"1"` | no |
 | region | Region where the instances should be created. | `string` | `null` | no |
diff --git a/modules/instance_template/README.md b/modules/instance_template/README.md
index 5ce8c472..12bcbeb1 100644
--- a/modules/instance_template/README.md
+++ b/modules/instance_template/README.md
@@ -15,7 +15,7 @@ See the [simple](../../examples/instance_template/simple) for a usage example.
 |------|-------------|------|---------|:--------:|
 | access\_config | Access configurations, i.e. IPs via which the VM instance can be accessed via the Internet. | <pre>list(object({<br>    nat_ip       = string<br>    network_tier = string<br>  }))</pre> | `[]` | no |
 | additional\_disks | List of maps of additional disks. See https://www.terraform.io/docs/providers/google/r/compute_instance_template#disk_name | <pre>list(object({<br>    disk_name    = string<br>    device_name  = string<br>    auto_delete  = bool<br>    boot         = bool<br>    disk_size_gb = number<br>    disk_type    = string<br>    disk_labels  = map(string)<br>  }))</pre> | `[]` | no |
-| additional\_networks | Additional network interface details for GCE, if any. | <pre>list(object({<br>    network            = string<br>    subnetwork         = string<br>    subnetwork_project = string<br>    network_ip         = string<br>    access_config = list(object({<br>      nat_ip       = string<br>      network_tier = string<br>    }))<br>    ipv6_access_config = list(object({<br>      network_tier = string<br>    }))<br>  }))</pre> | `[]` | no |
+| additional\_networks | Additional network interface details for GCE, if any. | <pre>list(object({<br>    network            = string<br>    subnetwork         = string<br>    subnetwork_project = string<br>    network_ip         = string<br>    nic_type           = string<br>    stack_type         = string<br>    queue_count        = number<br>    access_config = list(object({<br>      nat_ip       = string<br>      network_tier = string<br>    }))<br>    ipv6_access_config = list(object({<br>      network_tier = string<br>    }))<br>    alias_ip_range = list(object({<br>      ip_cidr_range         = string<br>      subnetwork_range_name = string<br>    }))<br>  }))</pre> | `[]` | no |
 | alias\_ip\_range | An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.<br>ip\_cidr\_range: The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.<br>subnetwork\_range\_name: The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used. | <pre>object({<br>    ip_cidr_range         = string<br>    subnetwork_range_name = string<br>  })</pre> | `null` | no |
 | auto\_delete | Whether or not the boot disk should be auto-deleted | `string` | `"true"` | no |
 | automatic\_restart | (Optional) Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). | `bool` | `true` | no |
@@ -52,6 +52,7 @@ See the [simple](../../examples/instance_template/simple) for a usage example.
 | subnetwork\_project | The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used. | `string` | `""` | no |
 | tags | Network tags, provided as a list | `list(string)` | `[]` | no |
 | threads\_per\_core | The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. | `number` | `null` | no |
+| total\_egress\_bandwidth\_tier | Egress bandwidth tier setting for supported VM families | `string` | `"DEFAULT"` | no |
 
 ## Outputs
 
diff --git a/modules/instance_template/main.tf b/modules/instance_template/main.tf
index 4b2d4729..a7ee69b5 100644
--- a/modules/instance_template/main.tf
+++ b/modules/instance_template/main.tf
@@ -141,6 +141,9 @@ resource "google_compute_instance_template" "tpl" {
       subnetwork         = network_interface.value.subnetwork
       subnetwork_project = network_interface.value.subnetwork_project
       network_ip         = length(network_interface.value.network_ip) > 0 ? network_interface.value.network_ip : null
+      nic_type           = network_interface.value.nic_type
+      stack_type         = network_interface.value.stack_type
+      queue_count        = network_interface.value.queue_count
       dynamic "access_config" {
         for_each = network_interface.value.access_config
         content {
@@ -154,6 +157,13 @@ resource "google_compute_instance_template" "tpl" {
           network_tier = ipv6_access_config.value.network_tier
         }
       }
+      dynamic "alias_ip_range" {
+        for_each = network_interface.value.alias_ip_range
+        content {
+          ip_cidr_range         = alias_ip_range.value.ip_cidr_range
+          subnetwork_range_name = alias_ip_range.value.subnetwork_range_name
+        }
+      }
     }
   }
 
@@ -187,6 +197,10 @@ resource "google_compute_instance_template" "tpl" {
     enable_confidential_compute = var.enable_confidential_vm
   }
 
+  network_performance_config {
+    total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
+  }
+
   dynamic "guest_accelerator" {
     for_each = local.gpu_enabled ? [var.gpu] : []
     content {
diff --git a/modules/instance_template/variables.tf b/modules/instance_template/variables.tf
index 97e73958..e7a3d34c 100644
--- a/modules/instance_template/variables.tf
+++ b/modules/instance_template/variables.tf
@@ -204,6 +204,9 @@ variable "additional_networks" {
     subnetwork         = string
     subnetwork_project = string
     network_ip         = string
+    nic_type           = string
+    stack_type         = string
+    queue_count        = number
     access_config = list(object({
       nat_ip       = string
       network_tier = string
@@ -211,7 +214,39 @@ variable "additional_networks" {
     ipv6_access_config = list(object({
       network_tier = string
     }))
+    alias_ip_range = list(object({
+      ip_cidr_range         = string
+      subnetwork_range_name = string
+    }))
   }))
+  validation {
+    condition = alltrue([
+      for ni in var.additional_networks : (ni.network == null) != (ni.subnetwork == null)
+    ])
+    error_message = "All additional network interfaces must define exactly one of \"network\" or \"subnetwork\"."
+  }
+  validation {
+    condition = alltrue([
+      for ni in var.additional_networks : ni.nic_type == "GVNIC" || ni.nic_type == "VIRTIO_NET" || ni.nic_type == null
+    ])
+    error_message = "In the variable additional_networks, field \"nic_type\" must be either \"GVNIC\", \"VIRTIO_NET\" or null."
+  }
+  validation {
+    condition = alltrue([
+      for ni in var.additional_networks : ni.stack_type == "IPV4_ONLY" || ni.stack_type == "IPV4_IPV6" || ni.stack_type == null
+    ])
+    error_message = "In the variable additional_networks, field \"stack_type\" must be either \"IPV4_ONLY\", \"IPV4_IPV6\" or null."
+  }
+}
+
+variable "total_egress_bandwidth_tier" {
+  description = "Egress bandwidth tier setting for supported VM families"
+  type        = string
+  default     = "DEFAULT"
+  validation {
+    condition     = contains(["DEFAULT", "TIER_1"], var.total_egress_bandwidth_tier)
+    error_message = "Allowed values for bandwidth_tier are 'DEFAULT' or 'TIER_1'."
+  }
 }
 
 ###########
diff --git a/modules/instance_template/versions.tf b/modules/instance_template/versions.tf
index ca729df8..654c6b2f 100644
--- a/modules/instance_template/versions.tf
+++ b/modules/instance_template/versions.tf
@@ -17,7 +17,7 @@
 terraform {
   required_version = ">=0.13.0"
   required_providers {
-    google = ">= 3.88, < 5.0"
+    google = ">= 4.67, < 5.0"
   }
   provider_meta "google" {
     module_name = "blueprints/terraform/terraform-google-vm:instance_template/v9.0.0"