diff --git a/README.md b/README.md
index 102d5c3..6149bc3 100644
--- a/README.md
+++ b/README.md
@@ -142,6 +142,10 @@ module "egress_space" {
   deployers = [
     var.cf_user
   ]
+  asg_names = [
+    "trusted_local_networks_egress",
+    "public_networks_egress"
+  ]
 }
 ```
 
diff --git a/cg_space/main.tf b/cg_space/main.tf
index e6e4fe5..f69f79d 100644
--- a/cg_space/main.tf
+++ b/cg_space/main.tf
@@ -46,3 +46,21 @@ resource "cloudfoundry_space_users" "space_permissions" {
   managers   = local.manager_ids
   developers = local.developer_ids
 }
+
+###
+# Space Security Groups
+###
+
+data "cloudfoundry_asg" "asgs" {
+  for_each = var.asg_names
+  name     = each.key
+}
+
+locals {
+  asg_ids = [for asg in data.cloudfoundry_asg.asgs : asg.id]
+}
+
+resource "cloudfoundry_space_asgs" "running_security_groups" {
+  space        = cloudfoundry_space.space.id
+  running_asgs = local.asg_ids
+}
diff --git a/cg_space/tests/creation.tftest.hcl b/cg_space/tests/creation.tftest.hcl
index 6d010ce..f43c914 100644
--- a/cg_space/tests/creation.tftest.hcl
+++ b/cg_space/tests/creation.tftest.hcl
@@ -22,6 +22,7 @@ mock_provider "cloudfoundry" {
 variables {
   cf_org_name   = "gsa-tts-devtools-prototyping"
   cf_space_name = "terraform-cloudgov-ci-tests-egress"
+  asg_names     = ["trusted_local_networks_egress"]
 }
 
 run "test_space_creation" {
diff --git a/cg_space/variables.tf b/cg_space/variables.tf
index 3a80cfe..6257cb9 100644
--- a/cg_space/variables.tf
+++ b/cg_space/variables.tf
@@ -8,6 +8,12 @@ variable "cf_space_name" {
   description = "cloud.gov space name to create"
 }
 
+variable "asg_names" {
+  type        = set(string)
+  description = "list of security group names to apply to the Space"
+  default     = []
+}
+
 variable "managers" {
   type        = set(string)
   description = "list of cloud.gov users to be assigned to the SpaceManager role"