diff --git a/modules/terraform-cdp-deploy/main.tf b/modules/terraform-cdp-deploy/main.tf
index f7a9c19..c9b9a59 100644
--- a/modules/terraform-cdp-deploy/main.tf
+++ b/modules/terraform-cdp-deploy/main.tf
@@ -61,6 +61,8 @@ module "cdp_on_aws" {
   idbroker_instance_profile_arn = var.aws_idbroker_instance_profile_arn
   log_instance_profile_arn      = var.aws_log_instance_profile_arn
 
+  cdp_lb_subnet_ids = var.cdp_lb_subnet_ids
+
   # Optional parameters defaulting to null
   freeipa_catalog       = var.freeipa_catalog
   freeipa_image_id      = var.freeipa_image_id
diff --git a/modules/terraform-cdp-deploy/modules/aws/main.tf b/modules/terraform-cdp-deploy/modules/aws/main.tf
index e8c933e..c13095c 100644
--- a/modules/terraform-cdp-deploy/modules/aws/main.tf
+++ b/modules/terraform-cdp-deploy/modules/aws/main.tf
@@ -44,7 +44,7 @@ resource "cdp_environments_aws_environment" "cdp_env" {
   vpc_id                             = var.vpc_id
   subnet_ids                         = var.subnets_for_cdp
   endpoint_access_gateway_scheme     = var.endpoint_access_scheme
-  endpoint_access_gateway_subnet_ids = (length(var.public_subnet_ids) > 0) ? var.public_subnet_ids : null
+  endpoint_access_gateway_subnet_ids = length(var.cdp_lb_subnet_ids) > 0 && var.endpoint_access_scheme == "PRIVATE" ? var.cdp_lb_subnet_ids : length(var.public_subnet_ids) >0 && var.endpoint_access_scheme == "PUBLIC" ? var.public_subnet_ids : null
 
   freeipa = {
     instance_count_by_group = var.freeipa_instances
diff --git a/modules/terraform-cdp-deploy/modules/aws/variables.tf b/modules/terraform-cdp-deploy/modules/aws/variables.tf
index b9259c7..e73a07b 100644
--- a/modules/terraform-cdp-deploy/modules/aws/variables.tf
+++ b/modules/terraform-cdp-deploy/modules/aws/variables.tf
@@ -238,6 +238,7 @@ variable "vpc_id" {
 variable "public_subnet_ids" {
   type        = list(string)
   description = "List of public subnet ids."
+  default = null
 }
 
 # variable "private_subnet_ids" {
@@ -356,4 +357,11 @@ variable "idbroker_instance_profile_arn" {
     error_message = "Valid values for var: idbroker_instance_profile_arn must be a valid ARN for IDBroker Instance Profile."
   }
 
-}
\ No newline at end of file
+}
+
+variable "cdp_lb_subnet_ids" {
+   type        = list(any)
+  description = "List of subnet ids for Load Balancer. Required if we want to target subnets for LB"
+
+  default = null
+}
diff --git a/modules/terraform-cdp-deploy/modules/azure/main.tf b/modules/terraform-cdp-deploy/modules/azure/main.tf
index 1024622..68c1e15 100644
--- a/modules/terraform-cdp-deploy/modules/azure/main.tf
+++ b/modules/terraform-cdp-deploy/modules/azure/main.tf
@@ -53,7 +53,7 @@ resource "cdp_environments_azure_environment" "cdp_env" {
   }
 
   endpoint_access_gateway_scheme     = var.endpoint_access_scheme
-  endpoint_access_gateway_subnet_ids = (length(var.cdp_gateway_subnet_names) > 0) ? var.cdp_gateway_subnet_names : null
+  endpoint_access_gateway_subnet_ids = length(var.cdp_gateway_subnet_names) > 0 ? var.cdp_gateway_subnet_names : null
 
   # Set this parameter to deploy all resources into a single resource group
   resource_group_name = var.use_single_resource_group ? var.resource_group_name : null
diff --git a/modules/terraform-cdp-deploy/variables.tf b/modules/terraform-cdp-deploy/variables.tf
index 15750bd..7542f40 100644
--- a/modules/terraform-cdp-deploy/variables.tf
+++ b/modules/terraform-cdp-deploy/variables.tf
@@ -588,3 +588,10 @@ variable "azure_raz_identity_id" {
   default = null
 
 }
+
+variable "cdp_lb_subnet_ids" {
+   type        = list(any)
+  description = "List of subnet ids for Load Balancer. Required if we want to target subnets for LB"
+
+  default = null
+}