diff --git a/.gitignore b/.gitignore
index 1dcef2d9..d63f37f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,31 @@
 node_modules
-.env
\ No newline at end of file
+.env
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+.idea/
\ No newline at end of file
diff --git a/terraform/backend/.terraform.lock.hcl b/terraform/backend/.terraform.lock.hcl
new file mode 100644
index 00000000..aa47e49a
--- /dev/null
+++ b/terraform/backend/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "6.10.0"
+  hashes = [
+    "h1:ToB7wJhFPmcX1/0vbx5NgZAnP+cJ7Rti5NpNPyEJpxI=",
+    "zh:3c92efebaf635372bf7283e04fc667d59b0ff3cf1aacd011fc484a11f70954d9",
+    "zh:404b2a1d360851e63f25945406f2d0c2cb9c20b361552ce01bf7fe3df516a5bf",
+    "zh:523b1640e2b9e2b548876a1dccc627c290f342255d727568fe4becfd9a8f5689",
+    "zh:697adf10c76384195303650555229129d64135f5be3abf95da0bf4b6de742054",
+    "zh:69d6177e3e106518844373871d4e6377003336761aab884da32f66b034229b5c",
+    "zh:6a41899ce8ab9cdd6f706160fd350951e5f3fc1432a37e638d3576a780c686fd",
+    "zh:6e8fd28299d6bf0ab6922cf987757e578f357a45ac45abc312688580dbde3bee",
+    "zh:7ca4bfb5a8f89586dd0c8dd9c1e638a03bc7c6f456bcc29be57cfb7bdc90fc30",
+    "zh:8fe1f6e0a2718318bae3f53a4fb77bc9eaef0fc4131145996f48482b135830c6",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:b221cfbc9f19ad30719b773f05f45571e88b124c15c35ac230021df1bb1110f5",
+    "zh:b458c357b5f38092e374957e51827d9113447696deccf0cb01f5684d976e7725",
+    "zh:b7fbb1b05972d73d72af58a2179ac124c6d69a4f0392aa2ce4dc855e78f52268",
+    "zh:d95da0dc45df0f30005e17c5206addbd62b0471c265d9855fe8039bf6f2adef7",
+    "zh:db5dd4120c6ab6ae13df67353a9bc902ac34d01c1d297812d628ebf61dc6f681",
+  ]
+}
diff --git a/terraform/backend/main.tf b/terraform/backend/main.tf
new file mode 100644
index 00000000..d66d4a20
--- /dev/null
+++ b/terraform/backend/main.tf
@@ -0,0 +1,36 @@
+provider "aws" {
+  region = var.aws_region
+}
+
+# S3 bucket to store remote Terraform state
+resource "aws_s3_bucket" "tf_state" {
+  bucket = var.s3_bucket_name
+
+  tags = {
+    Name = var.s3_bucket_name
+  }
+}
+
+# Enable versioning
+resource "aws_s3_bucket_versioning" "enabled" {
+  bucket = aws_s3_bucket.tf_state.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+# DynamoDB table for state locking
+resource "aws_dynamodb_table" "tf_lock" {
+  name         = var.dynamodb_table_name
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = {
+    Name = var.dynamodb_table_name
+  }
+}
diff --git a/terraform/backend/variables.tf b/terraform/backend/variables.tf
new file mode 100644
index 00000000..1cd37853
--- /dev/null
+++ b/terraform/backend/variables.tf
@@ -0,0 +1,16 @@
+variable "aws_region" {
+  description = "AWS region where resources will be provisioned"
+  type        = string
+  default     = "ap-south-1"
+}
+
+variable "s3_bucket_name" {
+  description = "Unique S3 bucket name for Terraform remote state"
+  type        = string
+}
+
+variable "dynamodb_table_name" {
+  description = "DynamoDB table name for Terraform state locking"
+  type        = string
+  default     = "terraform_locks"
+}
\ No newline at end of file
diff --git a/terraform/ec2-instance/.terraform.lock.hcl b/terraform/ec2-instance/.terraform.lock.hcl
new file mode 100644
index 00000000..b8232066
--- /dev/null
+++ b/terraform/ec2-instance/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "6.10.0"
+  constraints = ">= 6.0.0"
+  hashes = [
+    "h1:ToB7wJhFPmcX1/0vbx5NgZAnP+cJ7Rti5NpNPyEJpxI=",
+    "zh:3c92efebaf635372bf7283e04fc667d59b0ff3cf1aacd011fc484a11f70954d9",
+    "zh:404b2a1d360851e63f25945406f2d0c2cb9c20b361552ce01bf7fe3df516a5bf",
+    "zh:523b1640e2b9e2b548876a1dccc627c290f342255d727568fe4becfd9a8f5689",
+    "zh:697adf10c76384195303650555229129d64135f5be3abf95da0bf4b6de742054",
+    "zh:69d6177e3e106518844373871d4e6377003336761aab884da32f66b034229b5c",
+    "zh:6a41899ce8ab9cdd6f706160fd350951e5f3fc1432a37e638d3576a780c686fd",
+    "zh:6e8fd28299d6bf0ab6922cf987757e578f357a45ac45abc312688580dbde3bee",
+    "zh:7ca4bfb5a8f89586dd0c8dd9c1e638a03bc7c6f456bcc29be57cfb7bdc90fc30",
+    "zh:8fe1f6e0a2718318bae3f53a4fb77bc9eaef0fc4131145996f48482b135830c6",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:b221cfbc9f19ad30719b773f05f45571e88b124c15c35ac230021df1bb1110f5",
+    "zh:b458c357b5f38092e374957e51827d9113447696deccf0cb01f5684d976e7725",
+    "zh:b7fbb1b05972d73d72af58a2179ac124c6d69a4f0392aa2ce4dc855e78f52268",
+    "zh:d95da0dc45df0f30005e17c5206addbd62b0471c265d9855fe8039bf6f2adef7",
+    "zh:db5dd4120c6ab6ae13df67353a9bc902ac34d01c1d297812d628ebf61dc6f681",
+  ]
+}
diff --git a/terraform/ec2-instance/main.tf b/terraform/ec2-instance/main.tf
new file mode 100644
index 00000000..83d03fb1
--- /dev/null
+++ b/terraform/ec2-instance/main.tf
@@ -0,0 +1,83 @@
+# Fetch default VPC
+data "aws_vpc" "default" {
+  default = true
+}
+
+# Get all subnets in the default VPC
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+# Create SSH key pair in AWS from local public key
+resource "aws_key_pair" "ssh" {
+  key_name   = "aws_ec2_key_pair"
+  public_key = var.public_key
+}
+
+# Security Group to allow traffic
+resource "aws_security_group" "ec2_sg" {
+  name        = "aws_ec2_sg"
+  description = "Allow SSH, HTTP, HTTPS"
+  vpc_id      = data.aws_vpc.default.id
+
+  tags = {
+    Name = "aws_ec2_sg"
+  }
+}
+
+# Allow SSH
+resource "aws_vpc_security_group_ingress_rule" "ssh_in" {
+  security_group_id = aws_security_group.ec2_sg.id
+  from_port         = 22
+  to_port           = 22
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Allow HTTP
+resource "aws_vpc_security_group_ingress_rule" "http_in" {
+  security_group_id = aws_security_group.ec2_sg.id
+  from_port         = 80
+  to_port           = 80
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Allow HTTPS
+resource "aws_vpc_security_group_ingress_rule" "https_in" {
+  security_group_id = aws_security_group.ec2_sg.id
+  from_port         = 443
+  to_port           = 443
+  ip_protocol       = "tcp"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Allow all outbound traffic
+resource "aws_vpc_security_group_egress_rule" "all_out" {
+  security_group_id = aws_security_group.ec2_sg.id
+  ip_protocol       = "-1"
+  cidr_ipv4         = "0.0.0.0/0"
+}
+
+# Create EC2 instance
+resource "aws_instance" "resource_machine" {
+  count                       = var.instance_count
+  ami                         = var.ami_id
+  instance_type               = var.instance_type
+  key_name                    = aws_key_pair.ssh.key_name
+  vpc_security_group_ids      = [aws_security_group.ec2_sg.id]
+  subnet_id                   = data.aws_subnets.default.ids[0]
+  associate_public_ip_address = true
+
+  root_block_device {
+    volume_size = var.root_volume_size
+    volume_type = var.root_volume_type
+  }
+
+  tags = {
+    Name = "aws_ec2_machine"
+  }
+}
diff --git a/terraform/ec2-instance/output.tf b/terraform/ec2-instance/output.tf
new file mode 100644
index 00000000..4f765cdf
--- /dev/null
+++ b/terraform/ec2-instance/output.tf
@@ -0,0 +1,7 @@
+output "public_ip" {
+  value = aws_instance.resource_machine[*].public_ip
+}
+
+output "public_dns" {
+  value = aws_instance.resource_machine[*].public_dns
+}
\ No newline at end of file
diff --git a/terraform/ec2-instance/terraform.tf b/terraform/ec2-instance/terraform.tf
new file mode 100644
index 00000000..8f9c2287
--- /dev/null
+++ b/terraform/ec2-instance/terraform.tf
@@ -0,0 +1,19 @@
+terraform {
+  backend "s3" {
+    bucket         = "chat-app-s3-bucket-for-state-management"
+    key            = "ec2-instance/terraform.tfstate"
+    region         = "ap-south-1"
+    dynamodb_table = "terraform_locks"
+    encrypt        = true
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">=6.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+}
\ No newline at end of file
diff --git a/terraform/ec2-instance/variables.tf b/terraform/ec2-instance/variables.tf
new file mode 100644
index 00000000..1047c3b9
--- /dev/null
+++ b/terraform/ec2-instance/variables.tf
@@ -0,0 +1,35 @@
+variable "aws_region" {
+  type    = string
+  default = "ap-south-1"
+}
+
+variable "ami_id" {
+  description = "AMI ID for EC2 instance"
+  type        = string
+  default     = "ami-02d26659fd82cf299"
+}
+
+variable "instance_type" {
+  type    = string
+  default = "t2.micro"
+}
+
+variable "instance_count" {
+  type    = number
+  default = 1
+}
+
+variable "public_key" {
+  description = "SSH public key for EC2"
+  type        = string
+}
+
+variable "root_volume_size" {
+  type    = number
+  default = 30
+}
+
+variable "root_volume_type" {
+  type    = string
+  default = "gp3"
+}
\ No newline at end of file