diff --git a/services/terraform/self-host/aws_db.tf b/services/terraform/self-host/aws_db.tf
--- a/services/terraform/self-host/aws_db.tf
+++ b/services/terraform/self-host/aws_db.tf
@@ -23,7 +23,7 @@
     from_port   = local.mariadb_port
     to_port     = local.mariadb_port
     protocol    = "tcp"
-    cidr_blocks = ["${var.allowed_ip}/32"]
+    cidr_blocks = [for ip in var.allowed_ips : "${ip}/32"]
   }
 
   # Outbound rules
diff --git a/services/terraform/self-host/aws_lb.tf b/services/terraform/self-host/aws_lb.tf
--- a/services/terraform/self-host/aws_lb.tf
+++ b/services/terraform/self-host/aws_lb.tf
@@ -14,7 +14,7 @@
     from_port   = 443
     to_port     = 443
     protocol    = "tcp"
-    cidr_blocks = ["${var.allowed_ip}/32"]
+    cidr_blocks = [for ip in var.allowed_ips : "${ip}/32"]
   }
 
   egress {
diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf
--- a/services/terraform/self-host/variables.tf
+++ b/services/terraform/self-host/variables.tf
@@ -19,9 +19,9 @@
   default     = "us-west-1"
 }
 
-variable "allowed_ip" {
-  description = "IP address"
-  type        = string
+variable "allowed_ips" {
+  description = "List of allowed ipv4 addresses"
+  type        = list(string)
 }
 
 variable "user_created_vpc" {