diff --git a/groups/frontend/instance.tf b/groups/frontend/instance.tf
index 1012bd0..21a7d5c 100644
--- a/groups/frontend/instance.tf
+++ b/groups/frontend/instance.tf
@@ -85,6 +85,19 @@ resource "aws_security_group" "services" {
     }
   }
 
+  # TODO Remove this; this was added for testing Tuxedo services in live using on-premise frontend services
+  dynamic "ingress" {
+    for_each = var.environment == "live" ? each.value : {}
+    iterator = service
+    content {
+      description = "Allow client requests from on-premise frontend web servers to ${service.key} service in ${each.key} server group"
+      from_port   = service.value
+      to_port     = service.value
+      protocol    = "TCP"
+      cidr_blocks = [var.on_premise_frontend_cidr]
+    }
+  }
+
   dynamic "ingress" {
     for_each = each.value
     iterator = service
diff --git a/groups/frontend/variables.tf b/groups/frontend/variables.tf
index 2d9f7e1..df52686 100644
--- a/groups/frontend/variables.tf
+++ b/groups/frontend/variables.tf
@@ -82,6 +82,13 @@ variable "lvm_block_devices" {
   default = []
 }
 
+  # TODO Remove this; this was added for testing Tuxedo services in live using on-premise frontend services
+variable "on_premise_frontend_cidr" {
+  type        = string
+  description = "A string representing the CIDR range for on-premise frontend services"
+  default     = ""
+}
+
 variable "region" {
   type        = string
   description = "The AWS region in which resources will be administered"