diff --git a/main.tf b/main.tf
index 4936d6a..089b55b 100644
--- a/main.tf
+++ b/main.tf
@@ -62,6 +62,24 @@ data "template_file" "user_data" {
   template = file("${path.module}/template/user_data.sh")
 }
 
+resource "aws_network_interface" "interface" {
+  subnet_id             = var.subnet_id
+  security_groups       = [aws_security_group.ami[0].id]
+
+  tags = merge(
+    {
+      "Name" = format("%s-bastion", var.environment)
+    },
+    {
+      "Environment" = format("%s", var.environment)
+    },
+    {
+      "Project" = format("%s", var.project)
+    },
+    var.tags,
+  )
+}
+
 resource "aws_instance" "instance" {
   count = var.enable_bastion ? 1 : 0
 
@@ -69,11 +87,16 @@ resource "aws_instance" "instance" {
   instance_type               = var.instance_type
   associate_public_ip_address = true
   ebs_optimized               = var.ebs_optimized
-  subnet_id                   = var.subnet_id
-  vpc_security_group_ids      = [aws_security_group.ami[0].id]
+  #subnet_id                   = var.subnet_id
+  #vpc_security_group_ids      = [aws_security_group.ami[0].id]
   key_name                    = var.key_name
   user_data                   = var.user_data == "" ? data.template_file.user_data.rendered : var.user_data
 
+  network_interface {
+    network_interface_id = aws_network_interface.interface.id
+    device_index         = 0
+  }
+
   metadata_options {
     http_endpoint = "enabled"
     http_tokens   = "required"
diff --git a/variables.tf b/variables.tf
index 16cc25e..fd7030a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -49,7 +49,7 @@ variable "instance_type" {
 variable "ebs_optimized" {
   description = "If true, the launched EC2 instance will be EBS-optimized."
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "admin_cidr" {