diff --git a/bin/config.ts b/bin/config.ts
index 50d14bbff..f0dac1654 100644
--- a/bin/config.ts
+++ b/bin/config.ts
@@ -11,6 +11,7 @@ export function getConfig(): SystemConfig {
     /* vpc: {
        vpcId: "vpc-00000000000000000",
        createVpcEndpoints: true,
+       vpcDefaultSecurityGroup: "sg-00000000000"
     },*/
     privateWebsite: false,
     certificate : "",
diff --git a/lib/model-interfaces/idefics/index.ts b/lib/model-interfaces/idefics/index.ts
index 8bb894053..a9a1d6b94 100644
--- a/lib/model-interfaces/idefics/index.ts
+++ b/lib/model-interfaces/idefics/index.ts
@@ -38,10 +38,13 @@ export class IdeficsInterface extends Construct {
     // Create a private API to serve images and other files from S3
     // in order to avoid using signed URLs and run out of input tokens
     // with the idefics model
+    const defaultSecurityGroup = (props.config.vpc?.vpcId && props.config.vpc.vpcDefaultSecurityGroup) ?
+        props.config.vpc.vpcDefaultSecurityGroup : props.shared.vpc.vpcDefaultSecurityGroup
+
     const vpcDefaultSecurityGroup = ec2.SecurityGroup.fromSecurityGroupId(
-      this,
-      "VPCDefaultSecurityGroup",
-      props.shared.vpc.vpcDefaultSecurityGroup
+        this,
+        'VPCDefaultSecurityGroup',
+        defaultSecurityGroup
     );
 
     const vpcEndpoint = props.shared.vpc.addInterfaceEndpoint(
diff --git a/lib/shared/types.ts b/lib/shared/types.ts
index 0b3f3c341..d25037c87 100644
--- a/lib/shared/types.ts
+++ b/lib/shared/types.ts
@@ -74,6 +74,7 @@ export interface SystemConfig {
   vpc?: {
     vpcId?: string;
     createVpcEndpoints?: boolean;
+    vpcDefaultSecurityGroup?: string;
   };
   certificate?: string;
   domain?: string;