diff --git a/main.tf b/main.tf
index 131a6c9..57636ba 100644
--- a/main.tf
+++ b/main.tf
@@ -10,6 +10,15 @@ resource "azurerm_virtual_network" "vnet" {
   address_space       = var.address_space
   dns_servers         = var.dns_servers
   tags                = var.tags
+
+  dynamic "ddos_protection_plan" {
+    for_each = var.ddos_protection_plan != null ? [var.ddos_protection_plan] : []
+
+    content {
+      enable = ddos_protection_plan.value.enable
+      id     = ddos_protection_plan.value.id
+    }
+  }
 }
 
 resource "azurerm_subnet" "subnet" {
diff --git a/variables.tf b/variables.tf
index 755f2b1..9133350 100644
--- a/variables.tf
+++ b/variables.tf
@@ -86,3 +86,12 @@ variable "vnet_location" {
   type        = string
   default     = null
 }
+
+variable "ddos_protection_plan" {
+  description = "The set of DDoS protection plan configuration"
+  type = object({
+    enable = bool
+    id     = string
+  })
+  default = null
+}