diff --git a/option/terraform/network.j2.tf b/option/terraform/network.j2.tf
index e209eb7..77f9e5d 100644
--- a/option/terraform/network.j2.tf
+++ b/option/terraform/network.j2.tf
@@ -17,8 +17,14 @@ data "oci_core_subnet" "starter_private_subnet" {
 }
 
 {%- else %}  
+locals {
+  cidr_vcn = "10.0.0.0/16"
+  cidr_public_subnet = "10.0.1.0/24"
+  cidr_private_subnet =  "10.0.2.0/24"
+}
+
 resource "oci_core_vcn" "starter_vcn" {
-  cidr_block     = "10.0.0.0/16"
+  cidr_block     = local.cidr_vcn
   compartment_id = local.lz_network_cmp_ocid
   display_name   = "${var.prefix}-vcn"
   dns_label      = "${var.prefix}vcn"
@@ -46,7 +52,7 @@ resource "oci_core_default_route_table" "default_route_table" {
 
 # Public Subnet
 resource "oci_core_subnet" "starter_public_subnet" {
-  cidr_block        = "10.0.1.0/24"
+  cidr_block        = local.cidr_public_subnet
   display_name      = "${var.prefix}-pub-subnet"
   dns_label         = "${var.prefix}pub"
   security_list_ids = [oci_core_vcn.starter_vcn.default_security_list_id, oci_core_security_list.starter_security_list.id]
@@ -59,7 +65,7 @@ resource "oci_core_subnet" "starter_public_subnet" {
 
 # Private Subnet
 resource "oci_core_subnet" "starter_private_subnet" {
-  cidr_block        = "10.0.2.0/24"
+  cidr_block        = local.cidr_private_subnet
   display_name      = "${var.prefix}-priv-subnet"
   dns_label         = "${var.prefix}priv"
   security_list_ids = [oci_core_vcn.starter_vcn.default_security_list_id, oci_core_security_list.starter_security_list.id]
@@ -113,7 +119,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // Oracle TNS Listener port
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -125,7 +131,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // MySQL listener port: XXX optional ?
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -137,7 +143,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // MySQL listener port_x: XXX optional ?
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -149,7 +155,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // PostgreSQL
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -161,7 +167,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // Opensearch
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -172,7 +178,7 @@ resource "oci_core_security_list" "starter_security_list" {
 
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -184,7 +190,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // External access to Kubernetes API endpoint
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "0.0.0.0/0"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -196,7 +202,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // Kubernetes worker to control plane communication
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -208,7 +214,7 @@ resource "oci_core_security_list" "starter_security_list" {
   // K8S Ingress-Controller
   ingress_security_rules {
     protocol  = "6" // tcp
-    source    = "10.0.0.0/8"
+    source    = local.cidr_vcn
     stateless = false
 
     tcp_options {
@@ -247,6 +253,8 @@ resource "oci_core_route_table" "starter_route_private" {
 }
 
 {%- else %} 
+
+# NAT Gateway
 resource "oci_core_nat_gateway" "starter_nat_gateway" {
   compartment_id = local.lz_network_cmp_ocid
   vcn_id         = oci_core_vcn.starter_vcn.id
@@ -254,11 +262,29 @@ resource "oci_core_nat_gateway" "starter_nat_gateway" {
   freeform_tags  = local.freeform_tags
 }
 
+# Service Gateway
+resource "oci_core_service_gateway" "starter_service_gateway" {
+  compartment_id = local.lz_network_cmp_ocid
+  services {
+    service_id = data.oci_core_services.all_services.services[0]["id"]
+  }
+  vcn_id         = oci_core_vcn.starter_vcn.id
+
+  display_name   = "${var.prefix}-service-gateway"
+  freeform_tags  = local.freeform_tags
+}
+
+# Route Private Subnet
 resource "oci_core_route_table" "starter_route_private" {
   compartment_id = local.lz_network_cmp_ocid
   vcn_id         = oci_core_vcn.starter_vcn.id
   display_name   = "${var.prefix}-route-private"
 
+  route_rules {
+    destination       = data.oci_core_services.all_services.services[0]["cidr_block"]
+    destination_type  = "SERVICE_CIDR_BLOCK"
+    network_entity_id = oci_core_service_gateway.starter_service_gateway.id
+  }  
   route_rules {
     destination       = "0.0.0.0/0"
     destination_type  = "CIDR_BLOCK"