diff --git a/modules/mig-l7xlb/README.md b/modules/mig-l7xlb/README.md
index 10e1d40..b42eed0 100644
--- a/modules/mig-l7xlb/README.md
+++ b/modules/mig-l7xlb/README.md
@@ -27,6 +27,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_backend_migs"></a> [backend\_migs](#input\_backend\_migs) | List of MIGs to be used as backends. | `list(string)` | n/a | yes |
 | <a name="input_backend_timeout"></a> [backend\_timeout](#input\_backend\_timeout) | Backend timeout in seconds | `number` | `10` | no |
+| <a name="input_edge_security_policy"></a> [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no |
 | <a name="input_external_ip"></a> [external\_ip](#input\_external\_ip) | (Optional) External IP for the L7 XLB. | `string` | `null` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.<br>Default is an empty map. | `map(string)` | `{}` | no |
 | <a name="input_logs_enabled"></a> [logs\_enabled](#input\_logs\_enabled) | Whether to enable logging for the load balancer traffic served by this backend service. | `bool` | `false` | no |
diff --git a/modules/mig-l7xlb/main.tf b/modules/mig-l7xlb/main.tf
index 7006d84..83519bc 100644
--- a/modules/mig-l7xlb/main.tf
+++ b/modules/mig-l7xlb/main.tf
@@ -24,13 +24,14 @@ resource "google_compute_health_check" "mig_lb_hc" {
 }
 
 resource "google_compute_backend_service" "mig_backend" {
-  project         = var.project_id
-  name            = "${var.name}-backend"
-  port_name       = "https"
-  protocol        = "HTTPS"
-  timeout_sec     = var.backend_timeout
-  health_checks   = [google_compute_health_check.mig_lb_hc.id]
-  security_policy = var.security_policy
+  project               = var.project_id
+  name                  = "${var.name}-backend"
+  port_name             = "https"
+  protocol              = "HTTPS"
+  timeout_sec           = var.backend_timeout
+  health_checks         = [google_compute_health_check.mig_lb_hc.id]
+  security_policy       = var.security_policy
+  edge_security_policy  = var.edge_security_policy
   dynamic "backend" {
     for_each = var.backend_migs
     content {
diff --git a/modules/mig-l7xlb/variables.tf b/modules/mig-l7xlb/variables.tf
index 2e35654..3763892 100644
--- a/modules/mig-l7xlb/variables.tf
+++ b/modules/mig-l7xlb/variables.tf
@@ -46,6 +46,12 @@ variable "security_policy" {
   default     = null
 }
 
+variable "edge_security_policy" {
+  description = "(Optional) The edge security policy associated with this backend service."
+  type        = string
+  default     = null
+}
+
 variable "logs_enabled" {
   type        = bool
   default     = false
diff --git a/modules/nb-psc-l7xlb/README.md b/modules/nb-psc-l7xlb/README.md
index 96aaf60..645494d 100644
--- a/modules/nb-psc-l7xlb/README.md
+++ b/modules/nb-psc-l7xlb/README.md
@@ -22,6 +22,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_edge_security_policy"></a> [edge\_security\_policy](#input\_edge\_security\_policy) | (Optional) The edge security policy associated with this backend service. | `string` | `null` | no |
 | <a name="input_external_ip"></a> [external\_ip](#input\_external\_ip) | External IP for the L7 XLB. | `string` | `null` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | An optional map of label key:value pairs to assign to the forwarding rule.<br>Default is an empty map. | `map(string)` | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | External LB name. | `string` | n/a | yes |
diff --git a/modules/nb-psc-l7xlb/main.tf b/modules/nb-psc-l7xlb/main.tf
index e8225f0..d49bfe0 100644
--- a/modules/nb-psc-l7xlb/main.tf
+++ b/modules/nb-psc-l7xlb/main.tf
@@ -21,6 +21,7 @@ resource "google_compute_backend_service" "psc_backend" {
   protocol              = "HTTPS"
   load_balancing_scheme = "EXTERNAL_MANAGED"
   security_policy       = var.security_policy
+  edge_security_policy  = var.edge_security_policy
   dynamic "backend" {
     for_each = var.psc_negs
     content {
diff --git a/modules/nb-psc-l7xlb/variables.tf b/modules/nb-psc-l7xlb/variables.tf
index 782d656..47d65f0 100644
--- a/modules/nb-psc-l7xlb/variables.tf
+++ b/modules/nb-psc-l7xlb/variables.tf
@@ -41,6 +41,12 @@ variable "security_policy" {
   default     = null
 }
 
+variable "edge_security_policy" {
+  description = "(Optional) The edge security policy associated with this backend service."
+  type        = string
+  default     = null
+}
+
 variable "psc_negs" {
   description = "List of PSC NEGs to be used as backends."
   type        = list(string)