diff --git a/services/terraform/self-host/aws_db.tf b/services/terraform/self-host/aws_db.tf
index 1bc9e77ae..7f2c68978 100644
--- a/services/terraform/self-host/aws_db.tf
+++ b/services/terraform/self-host/aws_db.tf
@@ -1,93 +1,92 @@
 # MariaDB Security Group
 resource "aws_security_group" "keyserver_mariadb_security_group" {
   name        = "keyserver-mariadb-sg"
   description = "Allow inbound traffic on port 3307 and all outbound traffic"
-  vpc_id      = aws_vpc.default.id
+  vpc_id      = local.vpc_id
 
   # Inbound rules
   ingress {
     from_port   = 3307
     to_port     = 3307
     protocol    = "tcp"
     cidr_blocks = ["${var.allowed_ip}/32"]
   }
 
   # Outbound rules
   egress {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
 
-
 # MariaDB RDS Instance
 resource "aws_db_instance" "mariadb" {
   allocated_storage      = 100
   max_allocated_storage  = 3000
   storage_type           = "gp3"
   db_name                = "mariadb"
   identifier             = "mariadb-instance"
   engine                 = "mariadb"
   engine_version         = "10.11"
   instance_class         = "db.m6g.large"
   db_subnet_group_name   = aws_db_subnet_group.public_db_subnet_group.name
   vpc_security_group_ids = [aws_security_group.keyserver_mariadb_security_group.id]
   username               = var.mariadb_username
   password               = var.mariadb_password
   parameter_group_name   = aws_db_parameter_group.mariadb_parameter_group.name
   storage_encrypted      = true
   publicly_accessible    = true
   port                   = 3307
   skip_final_snapshot    = true
 }
 
 # MariaDB Parameter Group
 resource "aws_db_parameter_group" "mariadb_parameter_group" {
   name   = "mariadb-parameter-group"
   family = "mariadb10.11"
 
   parameter {
     apply_method = "pending-reboot"
     name         = "performance_schema"
     value        = "1"
   }
 
   parameter {
     apply_method = "immediate"
     name         = "max_allowed_packet"
     # 256 MiB: (1024 * 1024 * 256)
     value = "268435456"
   }
 
   parameter {
     apply_method = "immediate"
     name         = "local_infile"
     value        = "0"
   }
 
   parameter {
     apply_method = "immediate"
     name         = "sql_mode"
     value        = "STRICT_ALL_TABLES"
   }
 
   parameter {
     apply_method = "pending-reboot"
     name         = "innodb_buffer_pool_size"
     value        = "{DBInstanceClassMemory*3/4}"
   }
 
   parameter {
     apply_method = "pending-reboot"
     name         = "innodb_ft_min_token_size"
     value        = "1"
   }
 
   parameter {
     apply_method = "immediate"
     name         = "innodb_ft_enable_stopword"
     value        = "0"
   }
 }
diff --git a/services/terraform/self-host/aws_vpc.tf b/services/terraform/self-host/aws_vpc.tf
index 41e68efe9..bd39444ca 100644
--- a/services/terraform/self-host/aws_vpc.tf
+++ b/services/terraform/self-host/aws_vpc.tf
@@ -1,56 +1,80 @@
-# VPC
+# Default VPC Data
+
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+data "aws_internet_gateway" "default" {
+  filter {
+    name   = "attachment.vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+
+# User Created VPC
 resource "aws_vpc" "default" {
+  count                = var.user_created_vpc ? 1 : 0
   cidr_block           = "172.31.0.0/16"
   enable_dns_support   = true
   enable_dns_hostnames = true
 }
 
-# Public Subnets
 resource "aws_subnet" "public_1" {
-  vpc_id                  = aws_vpc.default.id
+  count                   = var.user_created_vpc ? 1 : 0
+  vpc_id                  = aws_vpc.default[0].id
   cidr_block              = "172.31.0.0/20"
   availability_zone       = var.availability_zone_1
   map_public_ip_on_launch = true
 }
 
 resource "aws_subnet" "public_2" {
-  vpc_id                  = aws_vpc.default.id
+  count                   = var.user_created_vpc ? 1 : 0
+  vpc_id                  = aws_vpc.default[0].id
   cidr_block              = "172.31.16.0/20"
   availability_zone       = var.availability_zone_2
   map_public_ip_on_launch = true
 }
 
-# Internet Gateway
+
 resource "aws_internet_gateway" "default" {
-  vpc_id = aws_vpc.default.id
+  count  = var.user_created_vpc ? 1 : 0
+  vpc_id = aws_vpc.default[0].id
 }
 
 # Route Table for Internet Gateway
 resource "aws_route_table" "public_igw_route_table" {
-  vpc_id = aws_vpc.default.id
+  vpc_id = local.vpc_id
 
   route {
-    cidr_block = "${var.allowed_ip}/32"
-    gateway_id = aws_internet_gateway.default.id
+    cidr_block = "0.0.0.0/0"
+    gateway_id = var.user_created_vpc ? aws_internet_gateway.default[0].id : data.aws_internet_gateway.default.id
   }
 }
 
 resource "aws_route_table_association" "public_1_igw_route_association" {
-  subnet_id      = aws_subnet.public_1.id
+  subnet_id      = local.vpc_subnets[0]
   route_table_id = aws_route_table.public_igw_route_table.id
 }
 
 resource "aws_route_table_association" "public_2_igw_route_association" {
-  subnet_id      = aws_subnet.public_2.id
+  subnet_id      = local.vpc_subnets[1]
   route_table_id = aws_route_table.public_igw_route_table.id
 }
 
 # DB Subnet Group
 resource "aws_db_subnet_group" "public_db_subnet_group" {
   name       = "public-db-subnet-group"
-  subnet_ids = [aws_subnet.public_1.id, aws_subnet.public_2.id]
+  subnet_ids = local.vpc_subnets
 
   tags = {
     Name = "DB subnet group associated with private vpc subnet"
   }
 }
diff --git a/services/terraform/self-host/main.tf b/services/terraform/self-host/main.tf
index d7d5b72f1..608ee8337 100644
--- a/services/terraform/self-host/main.tf
+++ b/services/terraform/self-host/main.tf
@@ -1,9 +1,14 @@
+locals {
+  vpc_id      = var.user_created_vpc ? aws_vpc.default[0].id : data.aws_vpc.default.id
+  vpc_subnets = var.user_created_vpc ? [aws_subnet.public_1[0].id, aws_subnet.public_2[0].id] : [data.aws_subnets.default.ids[0], data.aws_subnets.default.ids[1]]
+}
+
 provider "aws" {
   region = var.region
 
   default_tags {
     tags = {
       managed_by = "terraform"
     }
   }
 }
diff --git a/services/terraform/self-host/terraform.tfvars.example b/services/terraform/self-host/terraform.tfvars.example
index 5ff4efbbd..d335a8b79 100644
--- a/services/terraform/self-host/terraform.tfvars.example
+++ b/services/terraform/self-host/terraform.tfvars.example
@@ -1,6 +1,4 @@
 mariadb_username    = "username"
 mariadb_password    = "password"
 region              = "us-west-1"
-availability_zone_1 = "us-west-1b"
-availability_zone_2 = "us-west-1c"
 allowed_ip          = "0.0.0.0"
diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf
index 610f4f86d..3e52f231e 100644
--- a/services/terraform/self-host/variables.tf
+++ b/services/terraform/self-host/variables.tf
@@ -1,34 +1,40 @@
 variable "mariadb_username" {
   description = "MariaDB username"
   type        = string
   sensitive   = true
 }
 
 variable "mariadb_password" {
   description = "MariaDB password"
   type        = string
   sensitive   = true
 }
 
 variable "region" {
   description = "The AWS region to deploy your keyserver in"
   type        = string
   default     = "us-west-1"
 }
 
 variable "allowed_ip" {
   description = "IP address"
   type        = string
 }
 
+variable "user_created_vpc" {
+  description = "Use non-default vpc and subnets"
+  type        = bool
+  default     = false
+}
+
 variable "availability_zone_1" {
-  description = "First availability zone for vpc subnet"
+  description = "First availability zone for vpc subnet if user created vpc"
   type        = string
   default     = "us-west-1b"
 }
 
 variable "availability_zone_2" {
-  description = "Second availability zone for vpc subnet"
+  description = "Second availability zone for vpc subnet if user created vpc"
   type        = string
   default     = "us-west-1c"
 }