diff --git a/aws/elastikube/variables.tf b/aws/elastikube/variables.tf
index f43d9f2d..34716836 100644
--- a/aws/elastikube/variables.tf
+++ b/aws/elastikube/variables.tf
@@ -94,6 +94,12 @@ variable "ssh_key" {
   description = "The key name that should be used for the instances."
 }
 
+variable "allowed_ssh_cidr" {
+  type        = "list"
+  default     = ["0.0.0.0/0"]
+  description = "(Optional) A list of CIDR networks to allow ssh access to. Defaults to \"0.0.0.0/0\""
+}
+
 variable "service_cidr" {
   type        = "string"
   default     = "172.16.0.0/13"
diff --git a/aws/elastikube/worker-sg.tf b/aws/elastikube/worker-sg.tf
index c3a4b39e..5f149838 100644
--- a/aws/elastikube/worker-sg.tf
+++ b/aws/elastikube/worker-sg.tf
@@ -48,7 +48,7 @@ resource "aws_security_group_rule" "workers_ingress_ssh" {
   security_group_id = "${aws_security_group.workers.id}"
 
   protocol    = "tcp"
-  cidr_blocks = ["0.0.0.0/0"]
+  cidr_blocks = ["${var.allowed_ssh_cidr}"]
   from_port   = 22
   to_port     = 22
 }