diff --git a/terraform/environments/production/main.tf b/terraform/environments/production/main.tf
index d8869ee81..fee7c0bd1 100644
--- a/terraform/environments/production/main.tf
+++ b/terraform/environments/production/main.tf
@@ -201,8 +201,7 @@ resource "google_compute_firewall" "ssh-ipv4" {
   target_tags = concat(
     module.web.target_tags,
     module.api.target_tags,
-    module.domain.target_tags,
-    length(module.relays) > 0 ? module.relays[0].target_tags : []
+    module.domain.target_tags
   )
 }
 
diff --git a/terraform/environments/production/relays.tf b/terraform/environments/production/relays.tf
index 251bfc94b..446812ec5 100644
--- a/terraform/environments/production/relays.tf
+++ b/terraform/environments/production/relays.tf
@@ -121,3 +121,32 @@ module "relays" {
   api_url = "wss://api.${local.tld}"
   token   = var.relay_token
 }
+
+# Allow SSH acces using IAP for relays
+resource "google_compute_firewall" "relays-ssh-ipv4" {
+  count = length(module.relays) > 0 ? 1 : 0
+
+  project = module.google-cloud-project.project.project_id
+
+  name    = "relays-ssh-ipv4"
+  network = module.google-cloud-vpc.id
+
+  allow {
+    protocol = "tcp"
+    ports    = [22]
+  }
+
+  allow {
+    protocol = "udp"
+    ports    = [22]
+  }
+
+  allow {
+    protocol = "sctp"
+    ports    = [22]
+  }
+
+  # Only allows connections using IAP
+  source_ranges = local.iap_ipv4_ranges
+  target_tags   = module.relays[0].target_tags
+}
diff --git a/terraform/environments/staging/main.tf b/terraform/environments/staging/main.tf
index 77ca486aa..b7d463689 100644
--- a/terraform/environments/staging/main.tf
+++ b/terraform/environments/staging/main.tf
@@ -201,8 +201,7 @@ resource "google_compute_firewall" "ssh-ipv6" {
   target_tags = concat(
     module.web.target_tags,
     module.api.target_tags,
-    module.domain.target_tags,
-    length(module.relays) > 0 ? module.relays[0].target_tags : []
+    module.domain.target_tags
   )
 }
 
diff --git a/terraform/environments/staging/relays.tf b/terraform/environments/staging/relays.tf
index 571bade30..fbfebb02e 100644
--- a/terraform/environments/staging/relays.tf
+++ b/terraform/environments/staging/relays.tf
@@ -121,3 +121,32 @@ module "relays" {
   api_url = "wss://api.${local.tld}"
   token   = var.relay_token
 }
+
+# Allow SSH acces using IAP for relays
+resource "google_compute_firewall" "relays-ssh-ipv4" {
+  count = length(module.relays) > 0 ? 1 : 0
+
+  project = module.google-cloud-project.project.project_id
+
+  name    = "relays-ssh-ipv4"
+  network = module.google-cloud-vpc.id
+
+  allow {
+    protocol = "tcp"
+    ports    = [22]
+  }
+
+  allow {
+    protocol = "udp"
+    ports    = [22]
+  }
+
+  allow {
+    protocol = "sctp"
+    ports    = [22]
+  }
+
+  # Only allows connections using IAP
+  source_ranges = local.iap_ipv4_ranges
+  target_tags   = module.relays[0].target_tags
+}