diff --git a/README.md b/README.md
index 9d895cf6..16a9d69c 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,7 @@ If the user does not share the same domain as the org the bastion is in, you wil
 | name | Name of the Bastion instance | `string` | `"bastion-vm"` | no |
 | name\_prefix | Name prefix for instance template | `string` | `"bastion-instance-template"` | no |
 | network | Self link for the network on which the Bastion should live | `string` | n/a | yes |
+| network\_ip | Private IP address for the bastion host | `string` | `""` | no |
 | preemptible | Allow the instance to be preempted | `bool` | `false` | no |
 | project | The project ID to deploy to | `string` | n/a | yes |
 | random\_role\_id | Enables role random id generation. | `bool` | `true` | no |
diff --git a/main.tf b/main.tf
index 2f5cb321..90539f82 100644
--- a/main.tf
+++ b/main.tf
@@ -91,6 +91,7 @@ resource "google_compute_instance_from_template" "bastion_vm" {
     subnetwork         = var.subnet
     subnetwork_project = var.host_project != "" ? var.host_project : var.project
     access_config      = var.external_ip ? var.access_config : []
+    network_ip         = var.network_ip
   }
 
   source_instance_template = module.instance_template.self_link
diff --git a/variables.tf b/variables.tf
index bc722e22..ed0eb1a4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -88,6 +88,12 @@ variable "network" {
   description = "Self link for the network on which the Bastion should live"
 }
 
+variable "network_ip" {
+  type        = string
+  description = "Private IP address for the bastion host"
+  default     = ""
+}
+
 variable "project" {
   type = string
 
@@ -281,4 +287,3 @@ variable "can_ip_forward" {
   description = "Whether the bastion should allow IP forwarding."
   default     = false
 }
-