diff --git a/README.md b/README.md
index adb340b..fd672c7 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ module "vpc" {
 
   bastion_ssh_keys                = ["ssh-ed25519 AAAAC3Nznte5aaCdi1a1Lzaai/tX6Mc2E+S6g3lrClL09iBZ5cW2OZdSIqomcMko 2 mysshkey"]
   bastion_route53_public_dns_name = "my-project.example.com"
-  bastion_subdomain"              = "bastion-host"
+  bastion_subdomain               = "bastion-host"
 }
 ```
 
@@ -232,6 +232,14 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_bastion_ssh_user"></a> [bastion\_ssh\_user](#input\_bastion\_ssh\_user)
+
+Description: User name used for SSH-connections.
+
+Type: `string`
+
+Default: `"ec2-user"`
+
 ### <a name="input_bastion_ssh_keys"></a> [bastion\_ssh\_keys](#input\_bastion\_ssh\_keys)
 
 Description: A list of public ssh keys to add to authorized\_keys file
diff --git a/main.tf b/main.tf
index f408e1b..9c189b8 100644
--- a/main.tf
+++ b/main.tf
@@ -137,7 +137,7 @@ resource "aws_launch_template" "bastion" {
   vpc_security_group_ids = [aws_security_group.bastion[0].id]
   user_data = length(var.bastion_ssh_keys) > 0 ? base64encode(templatefile("${path.module}/user_data.sh.tftpl",
     {
-      ssh_user = "ec2-user"
+      ssh_user = var.bastion_ssh_user
       ssh_keys = join("\n", var.bastion_ssh_keys)
     }
   )) : null
diff --git a/variables.tf b/variables.tf
index 99f86d6..8993645 100644
--- a/variables.tf
+++ b/variables.tf
@@ -133,6 +133,12 @@ variable "bastion_name" {
   default     = ""
 }
 
+variable "bastion_ssh_user" {
+  description = "User name used for SSH-connections."
+  type        = string
+  default     = "ec2-user"
+}
+
 variable "bastion_ssh_keys" {
   description = "A list of public ssh keys to add to authorized_keys file"
   type        = list(string)