diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml
index 461b44b..04edeb4 100644
--- a/.github/workflows/release-image.yml
+++ b/.github/workflows/release-image.yml
@@ -29,5 +29,5 @@ jobs:
         context: .
         file: ./Dockerfile
         push: true
-        tags: ghcr.io/${{ github.repository_owner }}/ciinabox-ecs:${{ github.event.release.tag_name }}
+        tags: ghcr.io/${{ github.repository_owner.lowercase }}/ciinabox-ecs:${{ github.event.release.tag_name }}
         build-args: CIINABOX_ECS_VERSION=${{ github.event.release.tag_name }}
diff --git a/ciinabox-ecs.gemspec b/ciinabox-ecs.gemspec
index bbb32b2..a53128f 100644
--- a/ciinabox-ecs.gemspec
+++ b/ciinabox-ecs.gemspec
@@ -3,7 +3,7 @@ require 'date'
 
 Gem::Specification.new do |s|
   s.name = 'ciinabox-ecs'
-  s.version = '0.4.0'
+  s.version = '0.4.1'
   s.version = "#{s.version}.alpha.#{Time.now.getutc.to_i}" if ENV['TRAVIS'] and ENV['TRAVIS_BRANCH'] != 'master'
   s.date = Date.today.to_s
   s.summary = 'Manage ciinabox on Aws Ecs'
diff --git a/templates/vpc.rb b/templates/vpc.rb
index 59a1f75..6906e74 100644
--- a/templates/vpc.rb
+++ b/templates/vpc.rb
@@ -158,6 +158,9 @@
   end
 
   rules = []
+
+  opsAccess = opsAccess || []
+
   opsAccess.each do |ip|
     rules << { IpProtocol: 'tcp', FromPort: '22', ToPort: '22', CidrIp: ip }
     rules << { IpProtocol: 'tcp', FromPort: '80', ToPort: '80', CidrIp: ip }
@@ -178,10 +181,13 @@
     Type 'AWS::EC2::SecurityGroup'
     Property('VpcId', Ref('VPC'))
     Property('GroupDescription', 'Ops External Access')
-    Property('SecurityGroupIngress', rules)
+    Property('SecurityGroupIngress', rules) if rules.any?
   }
 
   rules = []
+
+  devAccess = devAccess || []
+
   devAccess.each do |ip|
     rules << { IpProtocol: 'tcp', FromPort: '22', ToPort: '22', CidrIp: ip }
     rules << { IpProtocol: 'tcp', FromPort: '80', ToPort: '80', CidrIp: ip }
@@ -202,7 +208,7 @@
     Type 'AWS::EC2::SecurityGroup'
     Property('VpcId', Ref('VPC'))
     Property('GroupDescription', 'Dev Team Access')
-    Property('SecurityGroupIngress', rules)
+    Property('SecurityGroupIngress', rules) if rules.any?
   }
 
 
@@ -300,4 +306,4 @@
     Value(Ref('SecurityGroupDev'))
   }
 
-}
+}
\ No newline at end of file
diff --git a/templates/vpn.rb b/templates/vpn.rb
index 8da2c2c..3b9fb56 100644
--- a/templates/vpn.rb
+++ b/templates/vpn.rb
@@ -41,6 +41,9 @@
   security_groups << Ref('VpnSecurityGroupOps')
 
   rules = []
+  
+  devAccess = devAccess || []
+
   devAccess.each do |ip|
     rules << { IpProtocol: 'tcp', FromPort: '443', ToPort: '443', CidrIp: ip }
     rules << { IpProtocol: 'tcp', FromPort: '9443', ToPort: '9443', CidrIp: ip }
@@ -48,11 +51,20 @@
     rules << { IpProtocol: 'udp', FromPort: '1194', ToPort: '1194', CidrIp: ip }
   end
 
+  devIpPrefixLists = devIpPrefixLists || []
+
+  devIpPrefixLists.each do |list|
+    rules << { IpProtocol: 'tcp', FromPort: '443', ToPort: '443', SourcePrefixListId: list }
+    rules << { IpProtocol: 'tcp', FromPort: '9443', ToPort: '9443', SourcePrefixListId: list }
+    rules << { IpProtocol: 'tcp', FromPort: '943', ToPort: '943', SourcePrefixListId: list }
+    rules << { IpProtocol: 'udp', FromPort: '1194', ToPort: '1194', SourcePrefixListId: list }
+  end
+
   Resource("VpnSecurityGroupDev") {
     Type 'AWS::EC2::SecurityGroup'
     Property('VpcId', Ref('VPC'))
     Property('GroupDescription', 'Dev Team Access')
-    Property('SecurityGroupIngress', rules)
+    Property('SecurityGroupIngress', rules) if rules.any?
   }
 
   security_groups << Ref('VpnSecurityGroupDev')