diff --git a/ec2-bastion.tf b/ec2-bastion.tf
index 9f52c19..18a3db6 100644
--- a/ec2-bastion.tf
+++ b/ec2-bastion.tf
@@ -5,7 +5,7 @@ resource "aws_instance" "bastion" {
   count = var.operator_mode ? 1 : 0
 
   ami = var.use_latest_ami ? data.aws_ssm_parameter.latest_ami.value : var.ami_id
-  instance_type = "t2.micro"
+  instance_type = var.bastion_instance_type
   key_name = var.ec2_key_pair_name
   vpc_security_group_ids = [aws_security_group.bastion.id]
   subnet_id = aws_subnet.public[0].id
diff --git a/variables.tf b/variables.tf
index 38e7e27..0683f66 100644
--- a/variables.tf
+++ b/variables.tf
@@ -46,6 +46,12 @@ variable "vault_version" {
   default = "1.15.5"
 }
 
+variable "bastion_instance_type" {
+  description = "The EC2 instance size of the bastion server."
+  type = string
+  default = "t3.micro"
+}
+
 # Operator Mode
 ## Turning this on will enable NAT and Bastion to access the Vault Instances