diff --git a/roles/openshift/project/tasks/main.yml b/roles/openshift/project/tasks/main.yml
index 7c2c5184e9..87718c0a28 100644
--- a/roles/openshift/project/tasks/main.yml
+++ b/roles/openshift/project/tasks/main.yml
@@ -57,3 +57,10 @@
   vars:
     objectname: appowners.yml
     template_fullpath: "{{roles_path}}/openshift/project/templates/appowners.yml"
+
+- name: ergresspolicy.yml
+  include_role:
+    name: openshift/object
+  vars:
+    objectname: egresspolicy.yml
+    template_fullpath: "{{roles_path}}/openshift/project/templates/egresspolicy.yml"
diff --git a/roles/openshift/project/templates/egresspolicy.yml b/roles/openshift/project/templates/egresspolicy.yml
new file mode 100644
index 0000000000..99628876d6
--- /dev/null
+++ b/roles/openshift/project/templates/egresspolicy.yml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: EgressNetworkPolicy
+metadata:
+  name: default
+spec:
+  egress:
+{% if not allow_fas_db or env != "production" %}
+  - type: Deny
+    to:
+      cidrSelector: "10.5.126.99/32"
+{% endif %}
+{% if not allow_fas_db or env != "staging" %}
+  - type: Deny
+    to:
+      cidrSelector: "10.5.128.96/32"
+{% endif %}
+  - type: Allow
+    to:
+      cidrSelector: "0.0.0.0/0"
diff --git a/roles/openshift/project/vars/default.yml b/roles/openshift/project/vars/default.yml
new file mode 100644
index 0000000000..694a8aea0b
--- /dev/null
+++ b/roles/openshift/project/vars/default.yml
@@ -0,0 +1,2 @@
+---
+allow_fas_db: false