diff --git a/main.tf b/main.tf
index ba1d8aa..82f4828 100644
--- a/main.tf
+++ b/main.tf
@@ -14,10 +14,11 @@ module "tailscale_subnet_router" {
   context = module.this.context
   tags    = module.this.tags
 
-  vpc_id                    = var.vpc_id
-  subnet_ids                = var.subnet_ids
-  key_pair_name             = var.key_pair_name
-  create_run_shell_document = var.create_run_shell_document
+  vpc_id                        = var.vpc_id
+  subnet_ids                    = var.subnet_ids
+  key_pair_name                 = var.key_pair_name
+  additional_security_group_ids = var.additional_security_group_ids
+  create_run_shell_document     = var.create_run_shell_document
 
   session_logging_kms_key_alias     = var.session_logging_kms_key_alias
   session_logging_enabled           = var.session_logging_enabled
diff --git a/variables.tf b/variables.tf
index f659c65..a505d4e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -12,6 +12,12 @@ variable "subnet_ids" {
   description = "The Subnet IDs which the Tailscale Subnet Router EC2 instance will run in. These *should* be private subnets."
 }
 
+variable "additional_security_group_ids" {
+  default     = []
+  type        = list(string)
+  description = "Additional Security Group IDs to associate with the Tailscale Subnet Router EC2 instance."
+}
+
 variable "create_run_shell_document" {
   default     = true
   type        = bool