diff --git a/locals.tf b/locals.tf
index 4cbe4d18b..04fa2ba61 100644
--- a/locals.tf
+++ b/locals.tf
@@ -17,6 +17,16 @@ locals {
   # Ensure max builds is optional
   runners_max_builds_string = var.runners_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runners_max_builds)
 
+  # convert the options for the session server
+  session_server_string = var.session_server == null ? "" : join("",
+    formatlist("%s", [
+      format("  listen_address = \"[::]:%d\"\n", var.session_server.port),
+      format("  advertise_address = \"%s:%d\"\n", aws_eip.gitlab_runner[0].public_ip, var.session_server.port),
+      format("  session_timeout = %s\n", var.session_server.timeout)
+      ]
+    )
+  )
+
   # Define key for runner token for SSM
   secure_parameter_store_runner_token_key  = "${var.environment}-${var.secure_parameter_store_runner_token_key}"
   secure_parameter_store_runner_sentry_dsn = "${var.environment}-${var.secure_parameter_store_runner_sentry_dsn}"
diff --git a/main.tf b/main.tf
index a6ce495c2..7590c5b8d 100644
--- a/main.tf
+++ b/main.tf
@@ -130,6 +130,7 @@ locals {
       bucket_name                       = local.bucket_name
       shared_cache                      = var.cache_shared
       sentry_dsn                        = var.sentry_dsn
+      session_server_string             = var.session_server == null ? "" : local.session_server_string
       prometheus_listen_address         = var.prometheus_listen_address
       auth_type                         = var.auth_type_cache_sr
     }
diff --git a/security_groups.tf b/security_groups.tf
index 6b5ea19f2..9ddfa74f7 100644
--- a/security_groups.tf
+++ b/security_groups.tf
@@ -36,6 +36,19 @@ resource "aws_security_group" "runner" {
   )
 }
 
+# Allow incoming traffic from Gitlab for the session server to Gitlab Runner
+resource "aws_security_group_rule" "runner_session_server" {
+  count = var.session_server == null ? 0 : 1
+
+  type      = "ingress"
+  from_port = var.session_server["port"]
+  to_port   = var.session_server["port"]
+  protocol  = "tcp"
+
+  cidr_blocks       = var.session_server["gitlab_cidr_block"]
+  security_group_id = aws_security_group.runner.id
+}
+
 ########################################
 ## Security group IDs to runner agent ##
 ########################################
diff --git a/template/runner-config.tpl b/template/runner-config.tpl
index 930cdea6f..da19ff51e 100644
--- a/template/runner-config.tpl
+++ b/template/runner-config.tpl
@@ -4,6 +4,9 @@ sentry_dsn = "${sentry_dsn}"
 log_format = "json"
 listen_address = "${prometheus_listen_address}"
 
+[session_server]
+${session_server_string}
+
 [[runners]]
   name = "${runners_name}"
   url = "${gitlab_url}"
diff --git a/variables.tf b/variables.tf
index f7178b3d6..55f53ab69 100644
--- a/variables.tf
+++ b/variables.tf
@@ -829,6 +829,18 @@ variable "docker_machine_egress_rules" {
   }]
 }
 
+variable "session_server" {
+  description = "Enables the session server support. Requires enable_eip = true!"
+  type = object({
+    timeout           = number       # Time in seconds how long the session stays active after the job completes. (1800)
+    port              = number       # Port which is used to connect to the session server. (8093)
+    gitlab_cidr_block = list(string) # CIDR block of the Gitlab server which connects to the Gitlab Runner
+    }
+  )
+
+  default = null
+}
+
 variable "subnet_id_runners" {
   description = "Deprecated! Use subnet_id instead. List of subnets used for hosting the gitlab-runners."
   type        = string