diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
index 62d2c86c..19a09a72 100644
--- a/tf/environments/prod/main.tf
+++ b/tf/environments/prod/main.tf
@@ -585,6 +585,7 @@ module "ansible_controller" {
   source = "../../modules/ansible_controller"
 
   vpc_id   = module.network.vpc_id
+  subnet_id = module.network.vpc_subnet_public[0].id
   key_name = module.adm_iam_roles.oonidevops_key_name
 
   dns_zone_ooni_io = local.dns_zone_ooni_io
diff --git a/tf/modules/ansible_controller/main.tf b/tf/modules/ansible_controller/main.tf
index 7efb25d6..9d90414b 100644
--- a/tf/modules/ansible_controller/main.tf
+++ b/tf/modules/ansible_controller/main.tf
@@ -44,6 +44,8 @@ resource "aws_instance" "ansible_controller" {
   instance_type = var.instance_type
   key_name      = var.key_name
 
+  subnet_id = var.subnet_id
+
   user_data = <<-EOF
               #!/bin/bash
               apt-get update
diff --git a/tf/modules/ansible_controller/variables.tf b/tf/modules/ansible_controller/variables.tf
index 6012cf22..bb882663 100644
--- a/tf/modules/ansible_controller/variables.tf
+++ b/tf/modules/ansible_controller/variables.tf
@@ -2,6 +2,11 @@ variable "vpc_id" {
   description = "the id of the VPC to deploy the instance into"
 }
 
+variable "subnet_id" {
+  description = "the id of the subnet to deploy the instance into"
+}
+
+
 variable "tags" {
   description = "tags to apply to the resources"
   default     = {}