diff --git a/pkg/config/apiserver.go b/pkg/config/apiserver.go
index f2151ebe8f..10c6be6f79 100644
--- a/pkg/config/apiserver.go
+++ b/pkg/config/apiserver.go
@@ -185,6 +185,9 @@ func (fg *FeatureGates) validateFeatureGates() error {
 
 	switch fg.FeatureSet {
 	case "":
+		if len(fg.CustomNoUpgrade.Enabled) > 0 || len(fg.CustomNoUpgrade.Disabled) > 0 {
+			return fmt.Errorf("CustomNoUpgrade enabled/disabled lists must be empty when FeatureSet is empty")
+		}
 		return nil
 	case FeatureSetCustomNoUpgrade:
 		// Valid - continue with validation
@@ -211,6 +214,7 @@ func (fg *FeatureGates) validateFeatureGates() error {
 		msg  string
 	}{
 		{disabledCustom, sets.New(RequiredFeatureGates...), "required feature gates cannot be disabled"},
+		{enabledCustom, sets.New(RequiredFeatureGates...), "required feature gates cannot be explicitly enabled"},
 		{enabledCustom, disabledCustom, "feature gates cannot be both enabled and disabled"},
 	}
 
diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
index 1f9defbb9d..497fe49953 100644
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
@@ -818,16 +818,6 @@ func TestValidate(t *testing.T) {
 			}(),
 			expectErr: true,
 		},
-		{
-			name: "feature-gates-custom-no-upgrade-with-feature-set-empty",
-			config: func() *Config {
-				c := mkDefaultConfig()
-				c.ApiServer.FeatureGates.FeatureSet = ""
-				c.ApiServer.FeatureGates.CustomNoUpgrade.Enabled = []string{"feature1"}
-				c.ApiServer.FeatureGates.CustomNoUpgrade.Disabled = []string{"feature2"}
-				return c
-			}(),
-		},
 		{
 			name: "feature-gates-custom-no-upgrade-valid",
 			config: func() *Config {
@@ -840,15 +830,15 @@ func TestValidate(t *testing.T) {
 			expectErr: false,
 		},
 		{
-			name: "feature-gates-required-feature-gate-cannot-be-explicitly-enabled",
+			name: "feature-gates-custom-no-upgrade-with-feature-set-empty",
 			config: func() *Config {
 				c := mkDefaultConfig()
-				c.ApiServer.FeatureGates.FeatureSet = "CustomNoUpgrade"
-				c.ApiServer.FeatureGates.CustomNoUpgrade.Enabled = []string{"UserNamespacesSupport"}
+				c.ApiServer.FeatureGates.FeatureSet = ""
+				c.ApiServer.FeatureGates.CustomNoUpgrade.Enabled = []string{"feature1"}
 				c.ApiServer.FeatureGates.CustomNoUpgrade.Disabled = []string{"feature2"}
 				return c
 			}(),
-			expectErr: false,
+			expectErr: true,
 		},
 		{
 			name: "feature-gates-custom-no-upgrade-enabled-and-disabled-have-same-feature-gate",
@@ -872,6 +862,17 @@ func TestValidate(t *testing.T) {
 			}(),
 			expectErr: true,
 		},
+		{
+			name: "feature-gates-required-feature-gate-cannot-be-explicitly-enabled",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.ApiServer.FeatureGates.FeatureSet = "CustomNoUpgrade"
+				c.ApiServer.FeatureGates.CustomNoUpgrade.Enabled = []string{"UserNamespacesSupport"}
+				c.ApiServer.FeatureGates.CustomNoUpgrade.Disabled = []string{"feature2"}
+				return c
+			}(),
+			expectErr: true,
+		},
 		{
 			name: "feature-gates-custom-no-upgrade-with-empty-enabled-and-disabled-lists",
 			config: func() *Config {
diff --git a/scripts/aws/cf-gen.yaml b/scripts/aws/cf-gen.yaml
index a7a58814ce..babea03205 100644
--- a/scripts/aws/cf-gen.yaml
+++ b/scripts/aws/cf-gen.yaml
@@ -32,8 +32,8 @@ Parameters:
     Description: Current RHEL AMI to use.
     Type: AWS::EC2::Image::Id
   Machinename:
-    AllowedPattern: ^([a-zA-Z][a-zA-Z0-9\-]{0,26})$
-    MaxLength: 27
+    AllowedPattern: ^([a-zA-Z][a-zA-Z0-9\-]*)$
+    MaxLength: 64
     MinLength: 1
     ConstraintDescription: Machinename
     Description: Machinename