diff --git a/terraform/alb.tf b/terraform/alb.tf
new file mode 100644
index 00000000..e79d6e31
--- /dev/null
+++ b/terraform/alb.tf
@@ -0,0 +1,50 @@
+resource "aws_security_group" "lb" {
+  name   = "allow-all-lb"
+  vpc_id = aws_vpc.awsvpc.id
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_lb" "ecs-lb" {
+  name               = "ecs-lb"
+  load_balancer_type = "application"
+  internal           = false
+  subnets            = [aws_subnet.public-subnet-1.id, aws_subnet.public-subnet-2.id]
+  security_groups = [aws_security_group.lb.id]
+}
+
+resource "aws_lb_target_group" "lb_target_group" {
+  name        = "target-group"
+  port        = "80"
+  protocol    = "HTTP"
+  target_type = "instance"
+  vpc_id      = aws_vpc.awsvpc.id
+  health_check {
+    path                = "/"
+    healthy_threshold   = 2
+    unhealthy_threshold = 10
+    timeout             = 60
+    interval            = 300
+    matcher             = "200,301,302"
+  }
+}
+
+resource "aws_lb_listener" "web-listener" {
+  load_balancer_arn = aws_lb.ecs-lb.arn
+  port              = "80"
+  protocol          = "HTTP"
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.lb_target_group.arn
+  }
+}
\ No newline at end of file
diff --git a/terraform/app.tf b/terraform/app.tf
new file mode 100644
index 00000000..c0a3a369
--- /dev/null
+++ b/terraform/app.tf
@@ -0,0 +1,27 @@
+resource "aws_ecs_task_definition" "task-definition-test" {
+  family                = "app-family"
+  container_definitions = file("container-definition/container-definition.json")
+  network_mode          = "bridge"
+}
+
+resource "aws_ecs_service" "service" {
+  name            = "ecs-service"
+  cluster         = aws_ecs_cluster.ecs-cluster.id
+  task_definition = aws_ecs_task_definition.task-definition-test.arn
+  desired_count   = 1
+  load_balancer {
+    target_group_arn = aws_lb_target_group.lb_target_group.arn
+    container_name   = "nginx"
+    container_port   = "80"
+  }
+  lifecycle {
+    ignore_changes = [desired_count]
+  }
+  launch_type = "EC2"
+  depends_on  = [aws_lb_listener.web-listener]
+}
+
+resource "aws_cloudwatch_log_group" "log_group" {
+  name = "/ecs/container"
+}
+
diff --git a/terraform/backend.tf b/terraform/backend.tf
new file mode 100644
index 00000000..337cad36
--- /dev/null
+++ b/terraform/backend.tf
@@ -0,0 +1,6 @@
+terraform {
+  backend "s3" {
+    bucket = "ayushterraform-state"
+    region = "us-east-1"
+  }
+}
\ No newline at end of file
diff --git a/terraform/container-definition/container-definition.json b/terraform/container-definition/container-definition.json
new file mode 100644
index 00000000..a11568f5
--- /dev/null
+++ b/terraform/container-definition/container-definition.json
@@ -0,0 +1,82 @@
+[
+    {
+      "name": "spring3hibernate",
+      "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/spring3hibernate:latest",
+      "cpu": 10,
+      "memory": 512,
+      "essential": true,
+      "portMappings": [
+        {
+            "containerPort": 8080,
+            "hostPort": 8080,
+            "protocol": "tcp"
+        }
+    ],
+      "dependsOn": [
+          {
+            "containerName": "mysql",
+            "condition": "START"
+          }
+        ],
+      "links": [
+        
+          "mysql"
+        
+      ]
+    },
+
+    {
+        "name": "mysql",
+        "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/mysql:latest",
+        "cpu": 10,
+        "memory": 512,
+        "essential": true,
+          "portMappings": [
+            {
+                "containerPort": 3306,
+                "hostPort": 3306,
+                "protocol": "tcp"
+            }
+          ],
+          "environment": [
+              {
+                "name": "MYSQL_DATABASE",
+                "value": "employeedb"
+              },
+              {
+                "name": "MYSQL_PASSWORD",
+                "value": "password"
+              },
+              {
+                "name": "MYSQL_ROOT_PASSWORD",
+                "value": "password"
+              }              
+            ]
+    },
+    {
+        "name": "nginx",
+        "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/nginx:latest1",
+        "cpu": 10,
+        "memory": 512,
+        "essential": true,
+        "portMappings": [
+          {
+              "containerPort": 80,
+              "hostPort": 80,
+              "protocol": "tcp"
+          }
+      ],
+        "dependsOn": [
+            {
+              "containerName": "spring3hibernate",
+              "condition": "START"
+            }
+          ],
+        "links": [
+          
+            "spring3hibernate"
+        
+        ]
+    }
+
+]
\ No newline at end of file
diff --git a/terraform/ecs.tf b/terraform/ecs.tf
new file mode 100644
index 00000000..a741582f
--- /dev/null
+++ b/terraform/ecs.tf
@@ -0,0 +1,70 @@
+
+resource "aws_ecs_cluster" "ecs-cluster" {
+  name = "ecs-cluster"
+}
+
+data "aws_ami" "amazon_linux" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["amzn-ami*amazon-ecs-optimized"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+  owners = ["amazon", "self"]
+}
+
+resource "aws_security_group" "ec2-sg" {
+  name        = "allow-all-ec2"
+  description = "allow all"
+  vpc_id      = aws_vpc.awsvpc.id
+  ingress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    security_groups = [aws_security_group.lb.id]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_launch_configuration" "lc" {
+  name          = "test_ecs"
+  image_id      = data.aws_ami.amazon_linux.id
+  instance_type = "t3.medium"
+  lifecycle {
+    create_before_destroy = true
+  }
+  iam_instance_profile        = aws_iam_instance_profile.ecs-ec2-role.name
+  key_name                    = ""
+  security_groups             = [aws_security_group.ec2-sg.id]
+  associate_public_ip_address = true
+  user_data                   = <<EOF
+#! /bin/bash
+sudo apt-get update
+sudo echo ECS_CLUSTER=ecs-cluster >> /etc/ecs/ecs.config
+EOF
+}
+
+resource "aws_autoscaling_group" "asg" {
+  name                      = "test-asg"
+  launch_configuration      = aws_launch_configuration.lc.name
+  min_size                  = 1
+  max_size                  = 4
+  desired_capacity          = 1
+  health_check_type         = "ELB"
+  health_check_grace_period = 300
+  vpc_zone_identifier       = [aws_subnet.public-subnet-1.id, aws_subnet.public-subnet-2.id]
+  protect_from_scale_in = true
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/iam.tf b/terraform/iam.tf
new file mode 100644
index 00000000..7c4d9959
--- /dev/null
+++ b/terraform/iam.tf
@@ -0,0 +1,117 @@
+# ecs ec2 role
+resource "aws_iam_role" "ecs-ec2-role" {
+  name               = "ecs-ec2-role"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_instance_profile" "ecs-ec2-role" {
+  name = "ecs-ec2-role"
+  role = aws_iam_role.ecs-ec2-role.name
+}
+
+resource "aws_iam_role" "ecs-server-role" {
+  name = "ecs-server-role"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_role_policy" "ecs-ec2-role-policy" {
+name   = "ecs-ec2-role-policy"
+role   = aws_iam_role.ecs-ec2-role.id
+policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+              "ecs:CreateCluster",
+              "ecs:DeregisterContainerInstance",
+              "ecs:DiscoverPollEndpoint",
+              "ecs:Poll",
+              "ecs:RegisterContainerInstance",
+              "ecs:StartTelemetrySession",
+              "ecs:Submit*",
+              "ecs:StartTask",
+              "ecr:GetAuthorizationToken",
+              "ecr:BatchCheckLayerAvailability",
+              "ecr:GetDownloadUrlForLayer",
+              "ecr:BatchGetImage",
+              "logs:CreateLogStream",
+              "logs:PutLogEvents"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:CreateLogGroup",
+                "logs:CreateLogStream",
+                "logs:PutLogEvents",
+                "logs:DescribeLogStreams"
+            ],
+            "Resource": [
+                "arn:aws:logs:*:*:*"
+            ]
+        }
+    ]
+}
+EOF
+
+}
+
+# ecs service role
+resource "aws_iam_role" "ecs-service-role" {
+name = "ecs-service-role"
+assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ecs.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_policy_attachment" "ecs-service-attach" {
+  name       = "ecs-service-attach"
+  roles      = [aws_iam_role.ecs-service-role.name]
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
+}
\ No newline at end of file
diff --git a/terraform/provider.tf b/terraform/provider.tf
new file mode 100644
index 00000000..6d33ab9e
--- /dev/null
+++ b/terraform/provider.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+  region = var.AWS_REGION
+}
diff --git a/terraform/readme.md b/terraform/readme.md
new file mode 100644
index 00000000..000a2b09
--- /dev/null
+++ b/terraform/readme.md
@@ -0,0 +1,17 @@
+############################################################################################
+input steps:
+1. create a ECR repository and add the image url with tag under image section of container definiton file
+2. terraform init
+3. terraform plan
+4. terraform apply
+5. ECS ensure application availabiity all the time, you can define the desired, max and min count of Ec2 instance in asg.
+
+container-definition.json : define docker containers to run in the form task to be executed by the ecs service on ecs cluster.
+appication load balancer : to alow traffic to ecs service running task.
+task definition: required to run docker container in ECS.
+ecs service: to run and maintain particular no of task on ecs cluster.
+ecs cluster: grouping of task and service.
+
+Ec2 instance is running all the three containers. lb is connecting to nginx at port 80.
+facing issue with mounting volumes in container defintion.
+
diff --git a/terraform/variable.tf b/terraform/variable.tf
new file mode 100644
index 00000000..76797232
--- /dev/null
+++ b/terraform/variable.tf
@@ -0,0 +1,4 @@
+variable "AWS_REGION" {
+  default = "us-east-1"
+}
+
diff --git a/terraform/vpc.tf b/terraform/vpc.tf
new file mode 100644
index 00000000..5d3b1456
--- /dev/null
+++ b/terraform/vpc.tf
@@ -0,0 +1,117 @@
+resource "aws_vpc" "awsvpc" {
+  cidr_block           = "10.0.0.0/16"
+  instance_tenancy     = "default"
+  enable_dns_support   = "true"
+  enable_dns_hostnames = "true"
+  tags = {
+    Name = "awsvpc"
+  }
+}
+
+# Subnets
+resource "aws_subnet" "public-subnet-1" {
+  vpc_id                  = aws_vpc.awsvpc.id
+  cidr_block              = "10.0.1.0/24"
+  map_public_ip_on_launch = "true"
+  availability_zone       = "us-east-1a"
+
+  tags = {
+    Name = "public-subnet-1"
+  }
+}
+
+resource "aws_subnet" "public-subnet-2" {
+  vpc_id                  = aws_vpc.awsvpc.id
+  cidr_block              = "10.0.2.0/24"
+  map_public_ip_on_launch = "true"
+  availability_zone       = "us-east-1b"
+
+  tags = {
+    Name = "public-subnet-2"
+  }
+}
+
+resource "aws_subnet" "private-subnet-1" {
+  vpc_id                  = aws_vpc.awsvpc.id
+  cidr_block              = "10.0.3.0/24"
+  map_public_ip_on_launch = "false"
+  availability_zone       = "us-east-1a"
+
+  tags = {
+    Name = "private-subnet-1"
+  }
+}
+
+resource "aws_subnet" "private-subnet-2" {
+  vpc_id                  = aws_vpc.awsvpc.id
+  cidr_block              = "10.0.4.0/24"
+  map_public_ip_on_launch = "false"
+  availability_zone       = "us-east-1b"
+
+  tags = {
+    Name = "private-subnet-2"
+  }
+}
+
+# Internet GW
+resource "aws_internet_gateway" "main-gw" {
+  vpc_id = aws_vpc.awsvpc.id
+  }
+
+resource "aws_eip" "eip" {
+  vpc      = true
+}
+
+# NAT Gateway
+
+resource "aws_nat_gateway" "nat" {
+  allocation_id = aws_eip.eip.id
+  subnet_id     = aws_subnet.public-subnet-1.id
+  depends_on = [aws_internet_gateway.main-gw]
+}
+
+# route tables
+resource "aws_route_table" "public-route" {
+  vpc_id = aws_vpc.awsvpc.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.main-gw.id
+  }
+
+  tags = {
+    Name = "public-route"
+  }
+}
+
+resource "aws_route_table" "private-route" {
+  vpc_id = aws_vpc.awsvpc.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_nat_gateway.nat.id
+  }
+
+  tags = {
+    Name = "private-route"
+  }
+}
+
+# route associations public
+resource "aws_route_table_association" "main-public-1-a" {
+  subnet_id      = aws_subnet.public-subnet-1.id
+  route_table_id = aws_route_table.public-route.id
+}
+
+resource "aws_route_table_association" "main-public-2-b" {
+  subnet_id      = aws_subnet.public-subnet-2.id
+  route_table_id = aws_route_table.public-route.id
+}
+
+resource "aws_route_table_association" "main-private-1-a" {
+  subnet_id      = aws_subnet.private-subnet-1.id
+  route_table_id = aws_route_table.private-route.id
+}
+
+resource "aws_route_table_association" "main-private-2-b" {
+  subnet_id      = aws_subnet.private-subnet-2.id
+  route_table_id = aws_route_table.private-route.id
+}
\ No newline at end of file