diff --git a/.gitignore b/.gitignore
index 9df269f6e3d23d7b93383faef340c99ecef6571d..751b4bad1724a7137457c7b7a1d1ef94886501c6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,14 @@
 .env
 volumes/
+credentials.tf
+*.svg
+*_credentials.tf
+sandbox
+.DS_Store
+.vscode
+*.tfstate
+*.tfstate.backup
+.terraform
+*.tfvars
+.idea/
+*.backup
diff --git a/README.md b/README.md
index b800d4eed51e5477419745a5ec7fa58da30e3d6e..f8f34ed293dea036644624d2dd64d716135e0f3d 100644
--- a/README.md
+++ b/README.md
@@ -61,3 +61,17 @@ Minimum Hardware Specs
 ## Known Issues
 
 * Doesn't seem to be able to run in host network mode because it won't be able to talk to internal ports.  It would probably work if you expose those ports.
+
+## Terraform
+* Infrastructure is available as code in terraform. 
+* Before disposing and create a new instance of Informatica Secure Agent, existing live connections to various targets(for e.g. databases) 
+should be reviewed and terminated. Due to this reason this is not part of CI/CD pipeline and can be executed as per necessity.
+* Various configurations can be overridden using  `-var=`, see [variables.tf](./terraform/variables.tf) for available parameters.
+```
+$ cd terraform
+$ terraform init
+$ terraform validate
+$ terraform plan -out agent.tfplan
+$ terraform apply "agent.tfplan"
+```
+* See Terraform doc on [variables](https://www.terraform.io/docs/configuration/variables.html) to see how to pass command line arguments.
\ No newline at end of file
diff --git a/terraform/ecs.tf b/terraform/ecs.tf
new file mode 100644
index 0000000000000000000000000000000000000000..4031ae97b2cbff0f0a37a5461e1205e11294dcc9
--- /dev/null
+++ b/terraform/ecs.tf
@@ -0,0 +1,48 @@
+data "template_file" "container" {
+  template = file("./templates/container.tpl")
+  vars     = {
+    container_name = var.container_name
+    image_name     = var.image_name
+    fargate_cpu    = var.fargate_cpu
+    fargate_memory = var.fargate_memory
+    app_port1      = var.container_app_port[0]
+    app_port2      = var.container_app_port[1]
+    app_port3      = var.container_app_port[2]
+    network_mode   = var.container_network_mode
+  }
+}
+
+data "aws_iam_role" "ecs-task-execution" {
+  name = "ecsTaskExecutionRole"
+}
+
+resource "aws_ecs_task_definition" "task" {
+  family                   = var.ecs_task_name
+  execution_role_arn       = data.aws_iam_role.ecs-task-execution.arn
+  network_mode             = var.container_network_mode
+  requires_compatibilities = [
+    "FARGATE"]
+  cpu                      = var.fargate_cpu
+  memory                   = var.fargate_memory
+  container_definitions    = data.template_file.container.rendered
+}
+
+resource "aws_ecs_service" "service" {
+  name            = var.ecs_service_name
+  cluster         = aws_ecs_cluster.cluster.id
+  task_definition = aws_ecs_task_definition.task.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    security_groups  = [
+      data.aws_security_group.sec-group.id]
+    subnets          = data.aws_subnet_ids.subnets.ids
+    assign_public_ip = false
+  }
+}
+
+resource "aws_ecs_cluster" "cluster" {
+  name = var.ecs_cluster_name
+  tags = var.ecs_cluster_tags
+}
\ No newline at end of file
diff --git a/terraform/network.tf b/terraform/network.tf
new file mode 100644
index 0000000000000000000000000000000000000000..7f9c4847dfd6ee7efc8c2c6676593e66970e333c
--- /dev/null
+++ b/terraform/network.tf
@@ -0,0 +1,17 @@
+data "aws_vpc" "vpc" {
+  tags = var.vpc_tags
+}
+
+data "aws_subnet_ids" "subnets" {
+  vpc_id = data.aws_vpc.vpc.id
+  filter {
+    name   = "tag:Name"
+    values = [
+      var.private_subnets_filter["Name"]]
+  }
+}
+
+data "aws_security_group" "sec-group" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags   = var.security_group
+}
\ No newline at end of file
diff --git a/terraform/provider.tf b/terraform/provider.tf
new file mode 100644
index 0000000000000000000000000000000000000000..cceb810c04a0db753540abd900fd02332b35788c
--- /dev/null
+++ b/terraform/provider.tf
@@ -0,0 +1,7 @@
+provider "aws" {
+  access_key          = var.aws_access_key
+  secret_key          = var.aws_secret_key
+  region              = var.aws_region
+  allowed_account_ids = [
+    var.aws_account_id]
+}
\ No newline at end of file
diff --git a/terraform/security.tf b/terraform/security.tf
new file mode 100644
index 0000000000000000000000000000000000000000..dc048a8e07626073d1d87e79c85409d19583edab
--- /dev/null
+++ b/terraform/security.tf
@@ -0,0 +1,4 @@
+data "aws_security_group" "secgroup" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags   = var.security_group
+}
\ No newline at end of file
diff --git a/terraform/templates/container.tpl b/terraform/templates/container.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..f63dc8a4b2fc5b1ef3192ac33ca7ecf23ebc68a8
--- /dev/null
+++ b/terraform/templates/container.tpl
@@ -0,0 +1,23 @@
+[
+  {
+    "name": "${container_name}",
+    "image": "${image_name}",
+    "cpu": ${fargate_cpu},
+    "memory": ${fargate_memory},
+    "networkMode": "${network_mode}",
+    "portMappings": [
+      {
+        "containerPort": ${app_port1},
+        "hostPort": ${app_port1}
+      },
+      {
+        "containerPort": ${app_port2},
+        "hostPort": ${app_port2}
+      },
+      {
+        "containerPort": ${app_port3},
+        "hostPort": ${app_port3}
+      }
+    ]
+  }
+]
\ No newline at end of file
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..92cb9a4db8a2d9f5806b172e2700487cbe9319aa
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,89 @@
+variable "aws_access_key" {}
+variable "aws_secret_key" {}
+variable "aws_account_id" {
+  default = "265723766240"
+}
+variable "aws_region" {
+  default = "us-east-1"
+  # test tier
+}
+
+variable "vpc_tags" {
+  type    = map(string)
+  default = {
+    Name = "test-tier"
+    tier = "test"
+  }
+}
+
+# needs at least two subnets
+variable "private_subnets_filter" {
+  type    = map(string)
+  default = {
+    Name = "test-private-*"
+  }
+}
+
+variable "security_group" {
+  type    = map(string)
+  default = {
+    tier = "test"
+    Name = "internal"
+  }
+}
+
+variable "image_name" {
+  default = "265723766240.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent"
+}
+
+variable "container_name" {
+  default = "iics-secure-agent-test"
+}
+variable "container_network_mode" {
+  default = "awsvpc"
+}
+variable "container_app_port" {
+  type    = list(string)
+  default = [
+    7080,
+    7443,
+    5432]
+}
+
+# note that as per our licesning model each
+# container would be an extran instance
+variable "container_count" {
+  default = 1
+}
+
+# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html
+# see Secure Agent resource requirements for these numbers.
+variable "fargate_cpu" {
+	# 1 vCPU = 1024 CPU units
+	default = "4096"
+}
+variable "fargate_memory" {
+	# in MiB
+	default = "8192"
+}
+
+# ecs
+variable "ecs_cluster_name" {
+  default = "iics-agent-cluster"
+}
+
+variable "ecs_cluster_tags" {
+  type    = map(string)
+  default = {
+    Name = "iics-agent-cluster"
+    tier = "test"
+  }
+}
+
+variable "ecs_task_name" {
+  default = "iics-agent-task"
+}
+
+variable "ecs_service_name" {
+  default = "iics-agent-service"
+}
\ No newline at end of file