diff --git a/README.md b/README.md
index 60347f57..ce990554 100644
--- a/README.md
+++ b/README.md
@@ -106,6 +106,7 @@ module "gce-lb-http" {
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
index 1e4b5ed1..c7c7eec6 100644
--- a/autogen/main.tf.tmpl
+++ b/autogen/main.tf.tmpl
@@ -119,11 +119,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map  = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy       = var.ssl_policy
-  quic_override    = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl
index 7ca6452a..25a8f815 100644
--- a/autogen/variables.tf.tmpl
+++ b/autogen/variables.tf.tmpl
@@ -337,3 +337,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}
diff --git a/examples/dynamic-backend/main.tf b/examples/dynamic-backend/main.tf
index dceeafb4..f6561ec8 100644
--- a/examples/dynamic-backend/main.tf
+++ b/examples/dynamic-backend/main.tf
@@ -34,11 +34,12 @@ module "load_balancer" {
   source  = "terraform-google-modules/lb-http/google//modules/dynamic_backends"
   version = "~> 10.0"
 
-  name                = "dynamic-backend-lb"
-  project             = var.project
-  enable_ipv6         = true
-  create_ipv6_address = true
-  http_forward        = false
+  name                        = "dynamic-backend-lb"
+  project                     = var.project
+  enable_ipv6                 = true
+  create_ipv6_address         = true
+  http_forward                = false
+  http_keep_alive_timeout_sec = 610
 
   load_balancing_scheme = "EXTERNAL_MANAGED"
 
diff --git a/main.tf b/main.tf
index 8255b6d9..ee1bcaf9 100644
--- a/main.tf
+++ b/main.tf
@@ -117,11 +117,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/modules/dynamic_backends/README.md b/modules/dynamic_backends/README.md
index d3556ab4..2bbda960 100644
--- a/modules/dynamic_backends/README.md
+++ b/modules/dynamic_backends/README.md
@@ -99,6 +99,7 @@ module "gce-lb-http" {
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf
index c9b5c921..a834a57a 100644
--- a/modules/dynamic_backends/main.tf
+++ b/modules/dynamic_backends/main.tf
@@ -117,11 +117,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/modules/dynamic_backends/variables.tf b/modules/dynamic_backends/variables.tf
index a4771f19..2339821c 100644
--- a/modules/dynamic_backends/variables.tf
+++ b/modules/dynamic_backends/variables.tf
@@ -324,3 +324,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}
diff --git a/modules/serverless_negs/README.md b/modules/serverless_negs/README.md
index 3178df06..43a3afc7 100644
--- a/modules/serverless_negs/README.md
+++ b/modules/serverless_negs/README.md
@@ -82,6 +82,7 @@ module "lb-http" {
 | edge\_security\_policy | The resource URL for the edge security policy to associate with the backend service | `string` | `null` | no |
 | enable\_ipv6 | Enable IPv6 address on the CDN load-balancer | `bool` | `false` | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
+| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
index 750f3540..f64d1180 100644
--- a/modules/serverless_negs/main.tf
+++ b/modules/serverless_negs/main.tf
@@ -116,11 +116,12 @@ resource "google_compute_target_https_proxy" "default" {
   name    = "${var.name}-https-proxy"
   url_map = local.url_map
 
-  ssl_certificates  = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
-  certificate_map   = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
-  ssl_policy        = var.ssl_policy
-  quic_override     = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
-  server_tls_policy = var.server_tls_policy
+  ssl_certificates            = compact(concat(var.ssl_certificates, google_compute_ssl_certificate.default[*].self_link, google_compute_managed_ssl_certificate.default[*].self_link, ), )
+  certificate_map             = var.certificate_map != null ? "//certificatemanager.googleapis.com/${var.certificate_map}" : null
+  ssl_policy                  = var.ssl_policy
+  quic_override               = var.quic == null ? "NONE" : var.quic ? "ENABLE" : "DISABLE"
+  server_tls_policy           = var.server_tls_policy
+  http_keep_alive_timeout_sec = var.http_keep_alive_timeout_sec
 }
 
 resource "google_compute_ssl_certificate" "default" {
diff --git a/modules/serverless_negs/variables.tf b/modules/serverless_negs/variables.tf
index f6817635..3bba7893 100644
--- a/modules/serverless_negs/variables.tf
+++ b/modules/serverless_negs/variables.tf
@@ -273,3 +273,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}
diff --git a/variables.tf b/variables.tf
index a4771f19..2339821c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -324,3 +324,9 @@ variable "https_port" {
     error_message = "You must specify exactly one port between 1 and 65535"
   }
 }
+
+variable "http_keep_alive_timeout_sec" {
+  description = "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds)."
+  type        = number
+  default     = null
+}