diff --git a/bastion.tf b/bastion.tf
new file mode 100644
index 0000000..a4b2785
--- /dev/null
+++ b/bastion.tf
@@ -0,0 +1,16 @@
+resource "aws_instance" "terraform_course_bastion" {
+  ami             = "ami-06b21ccaeff8cd686"
+  instance_type   = "t2.micro"
+  subnet_id       = aws_subnet.terraform_course_public_subnet_1.id
+  key_name        = var.ec2_key_name
+  security_groups = [aws_security_group.terraform_course_bastion_sg.id]
+
+  tags = {
+    Name = "terraform_course_bastion"
+  }
+}
+
+output "terraform_course_bastion_ip_addr" {
+  value = aws_instance.terraform_course_bastion.public_ip
+  sensitive = true
+}
\ No newline at end of file
diff --git a/securitygroups.tf b/securitygroups.tf
index 782c8b9..5357c5a 100644
--- a/securitygroups.tf
+++ b/securitygroups.tf
@@ -39,4 +39,26 @@ resource "aws_security_group" "terraform_course_private_subnet_sg" {
   tags = {
     Name = "terraform_course_private_subnet_sg"
   }
-}
\ No newline at end of file
+}
+
+resource "aws_security_group" "terraform_course_bastion_sg" {
+  vpc_id = aws_vpc.terraform_course_main_vpc.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["${var.ip_address}/32"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "terraform_course_bastion_sg"
+  }
+}
diff --git a/variables.tf b/variables.tf
index a25817b..887cf5f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -39,4 +39,14 @@ variable "private_subnet_2_cidr" {
 variable "az" {
   type    = list(string)
   default = ["us-east-1a", "us-east-1b", "us-east-1c"]
+}
+
+variable "ip_address" {
+  type      = string
+  sensitive = true
+}
+
+variable "ec2_key_name" {
+  type      = string
+  sensitive = true
 }
\ No newline at end of file