diff --git a/main.tf b/main.tf
index 641703f..9a616f0 100644
--- a/main.tf
+++ b/main.tf
@@ -125,6 +125,7 @@ resource "aws_security_group" "default" {
     to_port         = var.database_port
     protocol        = "tcp"
     security_groups = var.security_group_ids
+    cidr_blocks     = var.cidr_blocks
   }
 
   egress {
diff --git a/variables.tf b/variables.tf
index 4997dcc..7b4c45b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -36,6 +36,12 @@ variable "security_group_ids" {
   description = "The IDs of the security groups from which to allow `ingress` traffic to the DB instance"
 }
 
+variable "cidr_blocks" {
+  type        = list(string)
+  default     = []
+  description = "The cidr blocks from which to allow `ingress` traffic to the DB instance"
+}
+
 variable "associate_security_group_ids" {
   type        = list(string)
   default     = []