diff --git a/examples/aws/poc/sonar_basic_deployment/main.tf b/examples/aws/poc/sonar_basic_deployment/main.tf
index 4dfcaa85b..32473b9d9 100644
--- a/examples/aws/poc/sonar_basic_deployment/main.tf
+++ b/examples/aws/poc/sonar_basic_deployment/main.tf
@@ -98,6 +98,7 @@ module "hub" {
   allowed_web_console_and_api_cidrs = var.web_console_cidr
   allowed_agentless_gw_cidrs        = [data.aws_subnet.gw.cidr_block]
   allowed_all_cidrs                 = local.workstation_cidr
+  allowed_ssh_cidrs                 = var.allowed_ssh_cidrs
   tags                              = local.tags
   depends_on = [
     module.vpc
@@ -122,6 +123,7 @@ module "agentless_gw" {
   }
   allowed_hub_cidrs = [data.aws_subnet.hub.cidr_block]
   allowed_all_cidrs = local.workstation_cidr
+  allowed_ssh_cidrs = var.allowed_ssh_cidrs
   ingress_communication_via_proxy = {
     proxy_address              = module.hub.public_ip
     proxy_private_ssh_key_path = module.key_pair.private_key_file_path
diff --git a/examples/aws/poc/sonar_basic_deployment/variables.tf b/examples/aws/poc/sonar_basic_deployment/variables.tf
index 8ce42e6a6..d8a4850c9 100644
--- a/examples/aws/poc/sonar_basic_deployment/variables.tf
+++ b/examples/aws/poc/sonar_basic_deployment/variables.tf
@@ -45,6 +45,12 @@ variable "workstation_cidr" {
   description = "IP ranges from which SSH/API access will be allowed to setup the deployment. If not set, the subnet (x.x.x.0/24) of the public IP of the computer where the Terraform is run is used Format - [\"x.x.x.x/x\", \"y.y.y.y/y\"]"
 }
 
+variable "allowed_ssh_cidrs" {
+  type        = list(string)
+  description = "IP ranges from which SSH access to the deployed DSF nodes will be allowed"
+  default = []
+}
+
 variable "additional_install_parameters" {
   default     = ""
   description = "Additional params for installation tarball. More info in https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/80035.htm"
diff --git a/examples/aws/poc/sonar_hadr_deployment/main.tf b/examples/aws/poc/sonar_hadr_deployment/main.tf
index df5094fb0..8c41ef191 100644
--- a/examples/aws/poc/sonar_hadr_deployment/main.tf
+++ b/examples/aws/poc/sonar_hadr_deployment/main.tf
@@ -106,6 +106,7 @@ module "hub_main" {
   allowed_hub_cidrs                 = [data.aws_subnet.dr_hub.cidr_block]
   allowed_agentless_gw_cidrs        = [data.aws_subnet.main_gw.cidr_block, data.aws_subnet.dr_gw.cidr_block]
   allowed_all_cidrs                 = local.workstation_cidr
+  allowed_ssh_cidrs                 = var.allowed_ssh_cidrs
   tags                              = local.tags
   depends_on = [
     module.vpc
@@ -135,6 +136,7 @@ module "hub_dr" {
   allowed_hub_cidrs          = [data.aws_subnet.main_hub.cidr_block]
   allowed_agentless_gw_cidrs = [data.aws_subnet.main_gw.cidr_block, data.aws_subnet.dr_gw.cidr_block]
   allowed_all_cidrs          = local.workstation_cidr
+  allowed_ssh_cidrs          = var.allowed_ssh_cidrs
   tags                       = local.tags
   depends_on = [
     module.vpc
@@ -160,6 +162,7 @@ module "agentless_gw_main" {
   allowed_agentless_gw_cidrs = [data.aws_subnet.dr_gw.cidr_block]
   allowed_hub_cidrs          = [data.aws_subnet.main_hub.cidr_block, data.aws_subnet.dr_hub.cidr_block]
   allowed_all_cidrs          = local.workstation_cidr
+  allowed_ssh_cidrs          = var.allowed_ssh_cidrs
   ingress_communication_via_proxy = {
     proxy_address              = module.hub_main.public_ip
     proxy_private_ssh_key_path = module.key_pair.private_key_file_path
@@ -193,6 +196,7 @@ module "agentless_gw_dr" {
   allowed_agentless_gw_cidrs = [data.aws_subnet.main_gw.cidr_block]
   allowed_hub_cidrs          = [data.aws_subnet.main_hub.cidr_block, data.aws_subnet.dr_hub.cidr_block]
   allowed_all_cidrs          = local.workstation_cidr
+  allowed_ssh_cidrs          = var.allowed_ssh_cidrs
   ingress_communication_via_proxy = {
     proxy_address              = module.hub_main.public_ip
     proxy_private_ssh_key_path = module.key_pair.private_key_file_path
diff --git a/examples/aws/poc/sonar_hadr_deployment/variables.tf b/examples/aws/poc/sonar_hadr_deployment/variables.tf
index 083c34319..5f243755a 100644
--- a/examples/aws/poc/sonar_hadr_deployment/variables.tf
+++ b/examples/aws/poc/sonar_hadr_deployment/variables.tf
@@ -59,6 +59,12 @@ variable "workstation_cidr" {
   description = "IP ranges from which SSH/API access will be allowed to setup the deployment. If not set, the subnet (x.x.x.0/24) of the public IP of the computer where the Terraform is run is used Format - [\"x.x.x.x/x\", \"y.y.y.y/y\"]"
 }
 
+variable "allowed_ssh_cidrs" {
+  type        = list(string)
+  description = "IP ranges from which SSH access to the deployed DSF nodes will be allowed"
+  default = []
+}
+
 variable "additional_install_parameters" {
   default     = ""
   description = "Additional params for installation tarball. More info in https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/80035.htm"