diff --git a/agw.tf b/agw.tf
index 4f4704b..d25c9a0 100644
--- a/agw.tf
+++ b/agw.tf
@@ -1,6 +1,6 @@
 # Public Ip
 resource "azurerm_public_ip" "main" {
-  count               = local.app_gateway.enabled ? 1 : 0
+  count               = (local.app_gateway.enabled && local.app_gateway.public_ip_id == "") ? 1 : 0
   name                = local.names.agw
   resource_group_name = local.global_settings.resource_group_name
   location            = local.global_settings.location
@@ -48,7 +48,7 @@ resource "azurerm_application_gateway" "main" {
   }
   frontend_ip_configuration {
     name                 = "appGatewayFrontendIP"
-    public_ip_address_id = azurerm_public_ip.main[0].id
+    public_ip_address_id = local.app_gateway.public_ip_id == "" ? azurerm_public_ip.main[0].id : local.app_gateway.public_ip_id
   }
   backend_address_pool {
     name = "defaultaddresspool"
diff --git a/main.tf b/main.tf
index 67e7867..ee2d479 100644
--- a/main.tf
+++ b/main.tf
@@ -20,6 +20,7 @@ locals {
   app_gateway = defaults(var.app_gateway, {
     enabled      = false
     name         = ""
+    public_ip_id = ""
     sku_capacity = "2"
     sku_name     = "WAF_v2"
     sku_tier     = "WAF_v2"
diff --git a/variables.tf b/variables.tf
index 2bcc992..fe32598 100644
--- a/variables.tf
+++ b/variables.tf
@@ -15,6 +15,7 @@ variable app_gateway {
   type        = object ({
       enabled      = optional(bool)
       name         = optional(string)
+      public_ip_id = optional(string)
       sku_capacity = optional(string)
       sku_name     = optional(string)
       sku_tier     = optional(string)