diff --git a/terraform-provider-constellation/examples/full/gcp/main.tf b/terraform-provider-constellation/examples/full/gcp/main.tf
index 04ede4b59f..a2db9c23b7 100644
--- a/terraform-provider-constellation/examples/full/gcp/main.tf
+++ b/terraform-provider-constellation/examples/full/gcp/main.tf
@@ -76,6 +76,7 @@ module "gcp_infrastructure" {
   }
   image_id               = data.constellation_image.bar.image.reference
   debug                  = false
+  console_access         = false
   zone                   = local.zone
   region                 = local.region
   project                = local.project_id
diff --git a/terraform/infrastructure/gcp/main.tf b/terraform/infrastructure/gcp/main.tf
index 83fb9c182b..3071c7c702 100644
--- a/terraform/infrastructure/gcp/main.tf
+++ b/terraform/infrastructure/gcp/main.tf
@@ -183,6 +183,7 @@ module "instance_group" {
   alias_ip_range_name = google_compute_subnetwork.vpc_subnetwork.secondary_ip_range[0].range_name
   kube_env            = local.kube_env
   debug               = var.debug
+  console_access      = var.console_access
   named_ports         = each.value.role == "control-plane" ? local.control_plane_named_ports : []
   labels              = local.labels
   init_secret_hash    = local.init_secret_hash
diff --git a/terraform/infrastructure/gcp/modules/instance_group/main.tf b/terraform/infrastructure/gcp/modules/instance_group/main.tf
index 2e92d43751..16ae90cd45 100644
--- a/terraform/infrastructure/gcp/modules/instance_group/main.tf
+++ b/terraform/infrastructure/gcp/modules/instance_group/main.tf
@@ -70,7 +70,7 @@ resource "google_compute_instance_template" "template" {
   metadata = {
     kube-env                       = var.kube_env
     constellation-init-secret-hash = var.init_secret_hash
-    serial-port-enable             = var.debug ? "TRUE" : "FALSE"
+    serial-port-enable             = (var.debug || var.console_access) ? "TRUE" : "FALSE"
   }
 
   network_interface {
diff --git a/terraform/infrastructure/gcp/modules/instance_group/variables.tf b/terraform/infrastructure/gcp/modules/instance_group/variables.tf
index 5370ec7d15..090f204400 100644
--- a/terraform/infrastructure/gcp/modules/instance_group/variables.tf
+++ b/terraform/infrastructure/gcp/modules/instance_group/variables.tf
@@ -85,6 +85,11 @@ variable "debug" {
   description = "DO NOT USE IN PRODUCTION. Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
 }
 
+variable "console_access" {
+  type        = bool
+  description = "Enable serial console access to OS images that expose a serial console. This will be shadowed by `debug` (i.e. if `debug` is enabled, console access will be enabled)."
+}
+
 variable "alias_ip_range_name" {
   type        = string
   description = "Name of the alias IP range to use."
diff --git a/terraform/infrastructure/gcp/variables.tf b/terraform/infrastructure/gcp/variables.tf
index 601394a557..71ba7aa4ce 100644
--- a/terraform/infrastructure/gcp/variables.tf
+++ b/terraform/infrastructure/gcp/variables.tf
@@ -32,6 +32,12 @@ variable "debug" {
   description = "DO NOT USE IN PRODUCTION. Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
 }
 
+variable "console_access" {
+  type        = bool
+  default     = false
+  description = "Enable serial console access to OS images that expose a serial console. This will be shadowed by `debug` (i.e. if `debug` is enabled, console access will be enabled)."
+}
+
 variable "custom_endpoint" {
   type        = string
   default     = ""