diff --git a/README.md b/README.md
index 90e375e..8043a83 100755
--- a/README.md
+++ b/README.md
@@ -246,6 +246,7 @@ These have been generated with [terraform-docs](https://github.com/segmentio/ter
 | lb_healthcheck_port | TCP port to conduct lb target group healthchecks. Acceptable values are 22 or 2222 | string | `2222` | no |
 | lb_healthy_threshold | Healthy threshold for lb target group | string | `2` | no |
 | lb_interval | interval for lb target group health check | string | `30` | no |
+| lb_is_internal | whether the lb will be internal | string | false | no |
 | lb_unhealthy_threshold | Unhealthy threshold for lb target group | string | `2` | no |
 | route53_zone_id | Route53 zoneId | string | `` | no |
 | security_groups_additional | additional security group IDs to attach to host instance | list | `<list>` | no |
diff --git a/load_balancer.tf b/load_balancer.tf
index 2ad158e..e391f6d 100644
--- a/load_balancer.tf
+++ b/load_balancer.tf
@@ -5,7 +5,7 @@
 resource "aws_lb" "bastion-service" {
   name                             = "${md5(format("bastion-service-%s",var.vpc))}"
   load_balancer_type               = "network"
-  internal                         = false
+  internal                         = "${var.lb_is_internal}"
   subnets                          = ["${var.subnets_lb}"]
   enable_cross_zone_load_balancing = true
   tags                             = "${var.tags}"
diff --git a/variables.tf b/variables.tf
index a194a79..8c867bb 100755
--- a/variables.tf
+++ b/variables.tf
@@ -91,6 +91,12 @@ variable "lb_interval" {
   default     = "30"
 }
 
+variable "lb_is_internal" {
+  type        = "string"
+  description = "whether the lb will be internal"
+  default     = false
+}
+
 variable "asg_max" {
   type        = "string"
   description = "Max numbers of bastion-service hosts in ASG"