diff --git a/terraform/modules/az-acr/README.md b/terraform/modules/az-acr/README.md
index f79406c..c26309b 100644
Binary files a/terraform/modules/az-acr/README.md and b/terraform/modules/az-acr/README.md differ
diff --git a/terraform/modules/az-acr/main.tf b/terraform/modules/az-acr/main.tf
index 2cd4323..cdf56f1 100644
--- a/terraform/modules/az-acr/main.tf
+++ b/terraform/modules/az-acr/main.tf
@@ -26,6 +26,23 @@ resource "azurerm_container_registry" "acr" {
     }
   }
 
+  dynamic "network_rule_set" {
+    for_each = length(var.ip_rules) > 0 ? [1] : []
+
+    content {
+      default_action = "Deny"
+
+      dynamic "ip_rule" {
+        for_each = var.ip_rules
+
+        content {
+          action   = "Allow"
+          ip_range = ip_rule.value
+        }
+      }
+    }
+  }
+
   zone_redundancy_enabled = var.zone_redundancy_enabled
 
   identity {
diff --git a/terraform/modules/az-acr/tests/acr_secure.tftest.hcl b/terraform/modules/az-acr/tests/acr_secure.tftest.hcl
index 84893a7..d786e0b 100644
--- a/terraform/modules/az-acr/tests/acr_secure.tftest.hcl
+++ b/terraform/modules/az-acr/tests/acr_secure.tftest.hcl
@@ -14,11 +14,11 @@ run "plan" {
   command = plan
 
   variables {
-    name                        = "usingsystemazacrtest1"
-    location                    = run.setup.resource_group_location
-    resource_group_name         = run.setup.resource_group_name
-    
-    tags                        = { Environment = "Test" }
+    name                          = "usingsystemazacrtest1"
+    location                      = run.setup.resource_group_location
+    resource_group_name           = run.setup.resource_group_name
+    ip_rules                      = ["20.75.211.8/29", "20.99.157.152/29"]
+    tags                          = { Environment = "Test" }
   }
 
   assert {
@@ -126,7 +126,8 @@ run "apply" {
         name                        = "usingsystemazacrtest1"
         location                    = run.setup.resource_group_location
         resource_group_name         = run.setup.resource_group_name
-    
+        ip_rules                    = ["20.75.211.8/29", "20.99.157.152/29"]
+        
         tags                        = { Environment = "Test" }
     }
 
diff --git a/terraform/modules/az-acr/variables.tf b/terraform/modules/az-acr/variables.tf
index 1c21c35..502cb51 100644
--- a/terraform/modules/az-acr/variables.tf
+++ b/terraform/modules/az-acr/variables.tf
@@ -87,6 +87,12 @@ variable "identity_ids" {
   default     = []
 }
 
+variable "ip_rules" {
+  description = "List of IP rules to allow on the acr."
+  type        = list(string)
+  default     = []
+}
+
 variable "tags" {
   description = "Tags to associate with resources."
   type        = map(string)