diff --git a/.gitignore b/.gitignore
index e121dfb5677d6b02333fd0163ba4bd26823515d6..751b4bad1724a7137457c7b7a1d1ef94886501c6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,14 @@
-*.idea
 .env
 volumes/
+credentials.tf
+*.svg
+*_credentials.tf
+sandbox
+.DS_Store
+.vscode
+*.tfstate
+*.tfstate.backup
+.terraform
+*.tfvars
+.idea/
+*.backup
diff --git a/README.md b/README.md
index b800d4eed51e5477419745a5ec7fa58da30e3d6e..f8f34ed293dea036644624d2dd64d716135e0f3d 100644
--- a/README.md
+++ b/README.md
@@ -61,3 +61,17 @@ Minimum Hardware Specs
 ## Known Issues
 
 * Doesn't seem to be able to run in host network mode because it won't be able to talk to internal ports.  It would probably work if you expose those ports.
+
+## Terraform
+* Infrastructure is available as code in terraform. 
+* Before disposing and create a new instance of Informatica Secure Agent, existing live connections to various targets(for e.g. databases) 
+should be reviewed and terminated. Due to this reason this is not part of CI/CD pipeline and can be executed as per necessity.
+* Various configurations can be overridden using  `-var=`, see [variables.tf](./terraform/variables.tf) for available parameters.
+```
+$ cd terraform
+$ terraform init
+$ terraform validate
+$ terraform plan -out agent.tfplan
+$ terraform apply "agent.tfplan"
+```
+* See Terraform doc on [variables](https://www.terraform.io/docs/configuration/variables.html) to see how to pass command line arguments.
\ No newline at end of file
diff --git a/terraform/ecs.tf b/terraform/ecs.tf
index 2f8fcd3238774e91e4e7412b75a80c59fd49139d..4031ae97b2cbff0f0a37a5461e1205e11294dcc9 100644
--- a/terraform/ecs.tf
+++ b/terraform/ecs.tf
@@ -1,14 +1,14 @@
 data "template_file" "container" {
   template = file("./templates/container.tpl")
-  vars = {
+  vars     = {
     container_name = var.container_name
-    image_name = var.image_name
-    fargate_cpu = var.fargate_cpu
+    image_name     = var.image_name
+    fargate_cpu    = var.fargate_cpu
     fargate_memory = var.fargate_memory
-    app_port1 = var.container_app_port[0]
-    app_port2 = var.container_app_port[1]
-    app_port3 = var.container_app_port[2]
-    network_mode = var.container_network_mode
+    app_port1      = var.container_app_port[0]
+    app_port2      = var.container_app_port[1]
+    app_port3      = var.container_app_port[2]
+    network_mode   = var.container_network_mode
   }
 }
 
@@ -17,26 +17,28 @@ data "aws_iam_role" "ecs-task-execution" {
 }
 
 resource "aws_ecs_task_definition" "task" {
-  family = var.ecs_task_name
-  execution_role_arn = data.aws_iam_role.ecs-task-execution.arn
-  network_mode = var.container_network_mode
-  requires_compatibilities = ["FARGATE"]
-  cpu = var.fargate_cpu
-  memory = var.fargate_memory
-  container_definitions = data.template_file.container.rendered
+  family                   = var.ecs_task_name
+  execution_role_arn       = data.aws_iam_role.ecs-task-execution.arn
+  network_mode             = var.container_network_mode
+  requires_compatibilities = [
+    "FARGATE"]
+  cpu                      = var.fargate_cpu
+  memory                   = var.fargate_memory
+  container_definitions    = data.template_file.container.rendered
 }
 
 resource "aws_ecs_service" "service" {
-  name = var.ecs_service_name
-  cluster = aws_ecs_cluster.cluster.id
+  name            = var.ecs_service_name
+  cluster         = aws_ecs_cluster.cluster.id
   task_definition = aws_ecs_task_definition.task.arn
-  desired_count = 1
-  launch_type = "FARGATE"
+  desired_count   = 1
+  launch_type     = "FARGATE"
 
   network_configuration {
+    security_groups  = [
+      data.aws_security_group.sec-group.id]
+    subnets          = data.aws_subnet_ids.subnets.ids
     assign_public_ip = false
-    subnets = [data.aws_subnet_ids.subnet-a.id,data.aws_subnet_ids.subnet-b.id]
-    security_groups = [data.aws_security_group.sec-group.id]
   }
 }
 
diff --git a/terraform/network.tf b/terraform/network.tf
index 8eeba970e58bd6cd1995ecfb146031843860dfc0..7f9c4847dfd6ee7efc8c2c6676593e66970e333c 100644
--- a/terraform/network.tf
+++ b/terraform/network.tf
@@ -2,17 +2,16 @@ data "aws_vpc" "vpc" {
   tags = var.vpc_tags
 }
 
-data "aws_subnet_ids" "subnet-a" {
+data "aws_subnet_ids" "subnets" {
   vpc_id = data.aws_vpc.vpc.id
-  tags = var.private_subnet_a_tags
-}
-
-data "aws_subnet_ids" "subnet-b" {
-  vpc_id = data.aws_vpc.vpc.id
-  tags = var.private_subnet_b_tags
+  filter {
+    name   = "tag:Name"
+    values = [
+      var.private_subnets_filter["Name"]]
+  }
 }
 
 data "aws_security_group" "sec-group" {
   vpc_id = data.aws_vpc.vpc.id
-  tags = var.security_group
+  tags   = var.security_group
 }
\ No newline at end of file
diff --git a/terraform/provider.tf b/terraform/provider.tf
index cf3045437146dec8cd61411077f362bee98661d4..cceb810c04a0db753540abd900fd02332b35788c 100644
--- a/terraform/provider.tf
+++ b/terraform/provider.tf
@@ -1,6 +1,7 @@
 provider "aws" {
-	access_key = var.aws_access_key
-	secret_key = var.aws_secret_key
-	region     = var.aws_region
-	allowed_account_ids = [var.aws_account_id]
+  access_key          = var.aws_access_key
+  secret_key          = var.aws_secret_key
+  region              = var.aws_region
+  allowed_account_ids = [
+    var.aws_account_id]
 }
\ No newline at end of file
diff --git a/terraform/security.tf b/terraform/security.tf
index 0b371380b103e4a8fb37dcdac3aeb5a402e320f7..dc048a8e07626073d1d87e79c85409d19583edab 100644
--- a/terraform/security.tf
+++ b/terraform/security.tf
@@ -1,4 +1,4 @@
 data "aws_security_group" "secgroup" {
   vpc_id = data.aws_vpc.vpc.id
-  tags = var.security_group
+  tags   = var.security_group
 }
\ No newline at end of file
diff --git a/terraform/templates/container.tpl b/terraform/templates/container.tpl
index a85158e44d9abd364d4df19b271ca0629abadedb..f63dc8a4b2fc5b1ef3192ac33ca7ecf23ebc68a8 100644
--- a/terraform/templates/container.tpl
+++ b/terraform/templates/container.tpl
@@ -15,8 +15,8 @@
         "hostPort": ${app_port2}
       },
       {
-        "containerPort": ${app_port2},
-        "hostPort": ${app_port2}
+        "containerPort": ${app_port3},
+        "hostPort": ${app_port3}
       }
     ]
   }
diff --git a/terraform/variables.tf b/terraform/variables.tf
index df2b4d9a3b26b4fef7f4b561e8696bf59a193c40..92cb9a4db8a2d9f5806b172e2700487cbe9319aa 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,91 +1,89 @@
 variable "aws_access_key" {}
 variable "aws_secret_key" {}
 variable "aws_account_id" {
-	default = "265723766240"
+  default = "265723766240"
 }
 variable "aws_region" {
-	default = "us-east-1" # test tier
+  default = "us-east-1"
+  # test tier
 }
 
 variable "vpc_tags" {
-	type = map(string)
-	default = {
-		Name = "test-tier"
-		tier = "test"
-	}
+  type    = map(string)
+  default = {
+    Name = "test-tier"
+    tier = "test"
+  }
 }
 
 # needs at least two subnets
-variable "private_subnet_a_tags" {
-	type = map(string)
-	default = {
-		Name = "test-private-a"
-		tier = "test"
-		network = "private"
-	}
-}
-variable "private_subnet_b_tags" {
-	type = map(string)
-	default = {
-		Name = "test-private-b"
-		tier = "test"
-		network = "private"
-	}
+variable "private_subnets_filter" {
+  type    = map(string)
+  default = {
+    Name = "test-private-*"
+  }
 }
 
 variable "security_group" {
-	type = map(string)
-	default = {
-		tier = "test"
-		Name = "internal"
-	}
+  type    = map(string)
+  default = {
+    tier = "test"
+    Name = "internal"
+  }
 }
 
 variable "image_name" {
-	default = "265723766240.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent"
+  default = "265723766240.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent"
 }
 
 variable "container_name" {
-	default = "iics-secure-agent-test"
+  default = "iics-secure-agent-test"
 }
 variable "container_network_mode" {
-	default = "awsvpc"
+  default = "awsvpc"
 }
 variable "container_app_port" {
-	type = list(string)
-	default = [7080, 7443, 5432]
+  type    = list(string)
+  default = [
+    7080,
+    7443,
+    5432]
 }
 
 # note that as per our licesning model each
 # container would be an extran instance
 variable "container_count" {
-	default = 1
+  default = 1
 }
 
+# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html
+# see Secure Agent resource requirements for these numbers.
 variable "fargate_cpu" {
-	default = "4096" # 1 vCPU = 1024 CPU units
+	# 1 vCPU = 1024 CPU units
+	default = "4096"
 }
 variable "fargate_memory" {
-	default = "4095" # in MiB
+	# in MiB
+	default = "8192"
 }
 
 # ecs
 variable "ecs_cluster_name" {
-	default = "iics-agent-cluster"
+  default = "iics-agent-cluster"
 }
 
 variable "ecs_cluster_tags" {
-	type = map(string)
-	default = {
-		Name = "iics-agent-cluster"
-		tier = "test"
-	}
+  type    = map(string)
+  default = {
+    Name = "iics-agent-cluster"
+    tier = "test"
+  }
 }
 
 variable "ecs_task_name" {
-	default = "iics-secure-agent-test"
+  default = "iics-agent-task"
 }
 
 variable "ecs_service_name" {
-	default = "iics-secure-agent-test"
+  default = "iics-agent-service"
 }
\ No newline at end of file