diff --git a/src/main.tf b/src/main.tf
index 839fa40..8885d87 100644
--- a/src/main.tf
+++ b/src/main.tf
@@ -10,7 +10,7 @@ locals {
     for eks in module.eks :
     eks.outputs.eks_cluster_managed_security_group_id
   ]
-  allowed_security_groups = concat(data.aws_security_groups.allowed.ids, local.allowed_eks_security_groups)
+  allowed_security_groups = concat(data.aws_security_groups.allowed.ids, local.allowed_eks_security_groups, var.allowed_security_group_ids)
 
   zone_id = module.dns_gbl_delegated.outputs.default_dns_zone_id
 
diff --git a/src/variables.tf b/src/variables.tf
index fdc9adb..e6b8b8f 100644
--- a/src/variables.tf
+++ b/src/variables.tf
@@ -275,6 +275,12 @@ variable "allowed_security_group_names" {
   default     = []
 }
 
+variable "allowed_security_group_ids" {
+  type        = list(string)
+  description = "List of security group ids that should be allowed access to the database"
+  default     = []
+}
+
 variable "eks_security_group_enabled" {
   type        = bool
   description = "Use the eks default security group"