diff --git a/modules/inception/gcp/bastion.tf b/modules/inception/gcp/bastion.tf
index ed3a8009..53cff542 100644
--- a/modules/inception/gcp/bastion.tf
+++ b/modules/inception/gcp/bastion.tf
@@ -10,6 +10,11 @@ locals {
   bos_version     = "18.2.0"
   kratos_version  = "0.11.1"
 }
+data "google_compute_image" "bastion" {
+  family      = local.bastion_image_family
+  project     = local.bastion_image_project
+  most_recent = true
+}
 
 resource "google_compute_instance" "bastion" {
   project      = local.project
@@ -26,7 +31,7 @@ resource "google_compute_instance" "bastion" {
 
   boot_disk {
     initialize_params {
-      image = local.bastion_image
+      image = data.google_compute_image.bastion.self_link
     }
   }
 
diff --git a/modules/inception/gcp/variables.tf b/modules/inception/gcp/variables.tf
index 2522b7d3..7c3a90ba 100644
--- a/modules/inception/gcp/variables.tf
+++ b/modules/inception/gcp/variables.tf
@@ -12,8 +12,11 @@ variable "cluster_zone" {
 variable "bastion_machine_type" {
   default = "e2-micro"
 }
-variable "bastion_image" {
-  default = "ubuntu-os-cloud/ubuntu-2404-lts-amd64"
+variable "bastion_image_project" {
+  default = "ubuntu-os-cloud"
+}
+variable "bastion_image_family" {
+  default = "ubuntu-2404-lts-amd64"
 }
 variable "bastion_revoke_on_exit" {
   default = true
@@ -61,7 +64,8 @@ locals {
   cluster_location       = var.cluster_zone == "" ? local.region : "${local.region}-${var.cluster_zone}"
   bastion_zone           = "${local.region}-${var.primary_zone}"
   bastion_machine_type   = var.bastion_machine_type
-  bastion_image          = var.bastion_image
+  bastion_image_project  = var.bastion_image_project
+  bastion_image_family   = var.bastion_image_family
   bastion_revoke_on_exit = var.bastion_revoke_on_exit
   tf_state_bucket_policy = var.tf_state_bucket_policy
 }