diff --git a/main.tf b/main.tf
index 4ba1831..6be9c56 100644
--- a/main.tf
+++ b/main.tf
@@ -45,6 +45,7 @@ resource "aws_instance" "this" {
     volume_size           = var.disk_size
   }
 
+  // TODO: Add secondary conditional volume
 }
 
 module "asg_bastion" {
@@ -95,6 +96,15 @@ module "asg_bastion" {
       }
     },
 
+    var.external_ebs_volume_id != "" ? {
+      device_name = "/dev/sdh"
+      no_device   = 0
+      ebs = {
+        delete_on_termination = false
+        encrypted             = true
+        volume_id             = var.external_ebs_volume_id
+      }
+    } : null
   ]
 
   capacity_reservation_specification = {
diff --git a/variables.tf b/variables.tf
index 9f811a0..094427b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -112,5 +112,11 @@ variable "disk_size" {
 variable "disk_type" {
   type        = string
   description = "Disk type for the bastion host"
-  default     = "gp2"
+  default     = "gp3"
+}
+
+variable "external_ebs_volume_id" {
+    type        = string
+    description = "External EBS volume ID to attach to the bastion host"
+    default     = ""
 }