diff --git a/bastion.tf b/bastion.tf
index 905ffb6..23dcb24 100644
--- a/bastion.tf
+++ b/bastion.tf
@@ -1,5 +1,5 @@
 resource "aws_instance" "terraform_course_bastion" {
-  ami             = "ami-0ddc798b3f1a5117e"
+  ami             = var.ami
   instance_type   = "t2.micro"
   subnet_id       = aws_subnet.terraform_course_public_subnet_1.id
   key_name        = var.ec2_key_name
diff --git a/cluster.tf b/cluster.tf
index 59e0484..5ee9244 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -1,11 +1,19 @@
 resource "aws_instance" "terraform_course_k8s_server" {
-  ami             = "ami-0ddc798b3f1a5117e"
+  ami             = var.ami
   instance_type   = "t2.micro"
   subnet_id       = aws_subnet.terraform_course_private_subnet_1.id
   key_name        = var.ec2_key_name
   security_groups = [aws_security_group.terraform_course_k8s_sg.id]
 
-  user_data = templatefile("k8s_server.sh", {})
+  user_data = <<-EOF
+              #!/bin/bash
+              curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.21.3+k3s1 sh -s - server \
+                --token=${var.k3s_token} \
+                --disable traefik
+              chmod 644 /etc/rancher/k3s/k3s.yaml
+              EOF
+
+  user_data_replace_on_change = true
 
   tags = {
     Name = "terraform_course_k8s_server"
@@ -13,17 +21,21 @@ resource "aws_instance" "terraform_course_k8s_server" {
 }
 
 resource "aws_instance" "terraform_course_k8s_agent" {
-  ami             = "ami-0ddc798b3f1a5117e"
+  ami             = var.ami
   instance_type   = "t2.micro"
   subnet_id       = aws_subnet.terraform_course_private_subnet_2.id
   key_name        = var.ec2_key_name
   security_groups = [aws_security_group.terraform_course_k8s_sg.id]
   depends_on      = [aws_instance.terraform_course_k8s_server]
 
-  user_data = templatefile("k8s_agent.sh", {
-    token             = var.k8s_token,
-    server_private_ip = aws_instance.terraform_course_k8s_server.private_ip
-  })
+  user_data = <<-EOF
+              #!/bin/bash
+              curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.21.3+k3s1 K3S_URL=https://${aws_instance.terraform_course_k8s_server.private_ip}:6443 K3S_TOKEN=${var.k3s_token} sh -
+              chmod 644 /etc/rancher/k3s/k3s.yaml
+              EOF
+
+
+  user_data_replace_on_change = true
 
   tags = {
     Name = "terraform_course_k8s_agent"
diff --git a/securitygroups.tf b/securitygroups.tf
index 6a07d92..143d990 100644
--- a/securitygroups.tf
+++ b/securitygroups.tf
@@ -65,12 +65,21 @@ resource "aws_security_group" "terraform_course_bastion_sg" {
 
 resource "aws_security_group" "terraform_course_k8s_sg" {
   vpc_id = aws_vpc.terraform_course_main_vpc.id
+
   ingress {
     from_port   = 6443
     to_port     = 6443
     protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["${aws_instance.terraform_course_bastion.private_ip}/32"]
+  }
+
   egress {
     from_port   = 0
     to_port     = 0
diff --git a/variables.tf b/variables.tf
index 5623511..c129bee 100644
--- a/variables.tf
+++ b/variables.tf
@@ -51,7 +51,12 @@ variable "ec2_key_name" {
   sensitive = true
 }
 
-variable "k8s_token" {
+variable "k3s_token" {
   type      = string
   sensitive = true
+}
+
+variable "ami" {
+  type    = string
+  default = "ami-06b21ccaeff8cd686"
 }
\ No newline at end of file