diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index b49c282354091844db32a2ab99d7e25d93ccba78..81aa55fc1cfaa8fa41c7af3a5af875659a388a8e 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -48,6 +48,15 @@ spec:
     - podSelector:
         matchLabels:
           ozg-component: xta-adapter
+{{- if ((.Values.ozgcloud).aggregationManager).enabled }}
+  - from:
+    - podSelector: 
+        matchLabels:
+          component: aggregation-manager
+    ports:
+    - protocol: TCP
+      port: 9090
+{{- end }}
   - from:
     - namespaceSelector:
         matchLabels:
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 832dfa01e3780329f886285f08da840d8f482dba..593494119835552285fd6e4dd2f957e775ec5d8a 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -61,4 +61,8 @@ elasticsearch:
     certificateSecretName: elasticsearch-certificate
 
 networkPolicy:
-  zentralerEingangNamespace: zentraler-eingang
\ No newline at end of file
+  zentralerEingangNamespace: zentraler-eingang
+
+ozgcloud:
+  aggregationManager:
+    enabled: false
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 618dba7961d5776726e0c51387ae466a5036a409..9dd6c548bddab9a9874c912b109b624a171d3c95 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -649,4 +649,39 @@ tests:
         dnsServerNamespace: test-dns-server-namespace
     asserts:
       - hasDocuments:
-          count: 1
\ No newline at end of file
+          count: 1
+
+  - it: should add ingress rule for aggregation-manager
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        aggregationManager:
+          enabled: true
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+              ports:
+              - port: 9090
+                protocol: TCP
+              from:
+              - podSelector: 
+                  matchLabels:
+                    component: aggregation-manager
+
+  - it: should not add ingress rule for aggregation-manager
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+    asserts:
+      - notContains:
+          path: spec.ingress
+          content:
+              ports:
+              - port: 9090
+                protocol: TCP
+              from:
+              - podSelector: 
+                  matchLabels:
+                    component: aggregation-manager