diff --git a/.gitignore b/.gitignore
index 4f9d14f..58cd848 100644
--- a/.gitignore
+++ b/.gitignore
@@ -145,3 +145,14 @@ dist-ssr
 *.sw?
 
 **/venv
+
+# Terraform
+# local .terraform dir
+**/.terraform/*
+
+# tf state files
+**/*.tfstate
+**/*.tfstate.*
+
+# tf variable files, may include sensitive data
+**/*.tfvars
\ No newline at end of file
diff --git a/devops/terraform/.terraform.lock.hcl b/devops/terraform/.terraform.lock.hcl
new file mode 100644
index 0000000..9a0ebe6
--- /dev/null
+++ b/devops/terraform/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.65.0"
+  constraints = "4.65.0"
+  hashes = [
+    "h1:npDM2DHnGDKlXJJGWdBpTVywKHa9clSgXzvin5phSM4=",
+    "zh:0461b8dfc14e94971bfd12783cbd5a5574b9fcfc3694b6afaa8836f90b61c1f9",
+    "zh:24a27e7b1f6eb33e9da6f2ffaaa6bc48e933a24224c6572d6e588994e5c7130b",
+    "zh:2ca189d04573414bef4876c17ccb2b76f6e721e0450f6ab3700d94d7c04bec64",
+    "zh:3fb0654a527677231dab2140e9a55df3b90dba478b3db50001e21a045437a47a",
+    "zh:4918173d9c7d2735908622c17efd01746a046f0a571690afa7dd0866f22045f7",
+    "zh:491d259b15166f751076d2bdc443928ca63f6c0a83b02ea75fff8b4224662207",
+    "zh:4ff8e178f0656f04f88558c295a1d246b1bdcf5ad81d8b3b9ccceaeca2eb7fa8",
+    "zh:5e4eaf2855a740124f4bbe34ac4bd22c7f320aa3e91d9cef64396ad0a1571544",
+    "zh:65762c60c4bac2e0d55ed8c2877e455e84465cb12f0c885363a1b561cd4f5f07",
+    "zh:7c5e4f85eb5f70e6da2d64701dd5551f2bc334dbb9add76bfc6a2bea6acf4483",
+    "zh:90d32b238113528319d7a5fade97bd8ac9a8b654482fc9056478a43d2e297886",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:e6ed3299516a8fb2292af7e7e123d09817dfd8e039aaf35ad5a276f739668e88",
+    "zh:eb84fa96c63d836b3b4689835cb7c4487808dfd1ba7ddacf4d8c4c6ff65cdbef",
+    "zh:ff97d1498193c99c9c35afd9bfcdce011abf460ec041721727d6e542f7a3bedd",
+  ]
+}
diff --git a/devops/terraform/entry-template.tpl b/devops/terraform/entry-template.tpl
new file mode 100644
index 0000000..b431a71
--- /dev/null
+++ b/devops/terraform/entry-template.tpl
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+sudo yum update -y && sudo yum install -y docker
+sudo systemctl start docker
+sudo usermod -aG docker ec2-user
+public_ip=$(curl -s https://api.ipify.org)
+mqtt_endpoint="tcp://$public_ip:1883"
+export MQTT_ENDPOINT="$mqtt_endpoint"
+echo "MQTT_ENDPOINT=$mqtt_endpoint" | sudo tee -a /etc/environment
+docker run -d --name mqtt \
+    -p 1883:1883 \
+    -p 9001:9001 \
+    -e MQTT_USERNAME=${mqtt_username} \
+    -e MQTT_PASSWORD=${mqtt_password} \
+    -e MQTT_LISTENER=${mqtt_listener} \
+    rafalnowak444/dm-mosquitto:latest
+docker run -d --name react \
+    -p 80:5173 \
+    rafalnowak444/device-management-react:latest
+docker run -d --name device-management \
+    -p 8080:8080 \
+    -e MQTT_USERNAME=${mqtt_username} \
+    -e MQTT_PASSWORD=${mqtt_password} \
+    -e MQTT_ENDPOINT="$mqtt_endpoint" \
+    -e DYNAMO_ENDPOINT=${dynamo_endpoint} \
+    -e AWS_REGION=${aws_region} \
+    -e AWS_ACCESS_KEY_ID=${aws_access_key_id} \
+    -e AWS_SECRET_ACCESS_KEY=${aws_secret_access_key} \
+    rafalnowak444/device-management:latest
diff --git a/devops/terraform/main.tf b/devops/terraform/main.tf
new file mode 100644
index 0000000..fd66c00
--- /dev/null
+++ b/devops/terraform/main.tf
@@ -0,0 +1,156 @@
+provider "aws" {
+    region = "eu-north-1"
+}
+
+variable "vpc_cidr_block" {}
+variable "subnet_cidr_block" {}
+variable "avail_zone" {}
+variable "env_prefix" {}
+variable "instance_type" {}
+variable "public_key_location" {}
+variable "mqtt_username" {}
+variable "mqtt_password" {}
+variable "mqtt_listener" {}
+variable "dynamo_endpoint" {}
+variable "aws_region" {}
+variable "aws_access_key_id" {}
+variable "aws_secret_access_key" {}
+
+resource "aws_vpc" "myapp-vpc" {
+    cidr_block = var.vpc_cidr_block
+    tags = {
+      Name: "${var.env_prefix}-vpc"
+    }
+}
+
+resource "aws_subnet" "myapp-subnet-1" {
+    vpc_id = aws_vpc.myapp-vpc.id
+    cidr_block = var.subnet_cidr_block
+    availability_zone = var.avail_zone
+    tags = {
+      Name: "${var.env_prefix}-subnet-1"
+    }
+}
+
+resource "aws_route_table" "myapp-route-table" {
+  vpc_id = aws_vpc.myapp-vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.myapp-igw.id
+  }
+  tags = {
+    Name: "${var.env_prefix}-rtb"
+  }
+}
+
+resource "aws_internet_gateway" "myapp-igw" {
+  vpc_id = aws_vpc.myapp-vpc.id
+  tags = {
+    Name: "${var.env_prefix}-igw"
+  }
+}
+
+resource "aws_route_table_association" "a-rtb-subnet" {
+  subnet_id = aws_subnet.myapp-subnet-1.id
+  route_table_id = aws_route_table.myapp-route-table.id
+}
+
+resource "aws_security_group" "myapp-sg" {
+  name = "myapp-sg"
+  vpc_id = aws_vpc.myapp-vpc.id
+
+  ingress {
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 8080
+    to_port = 8080
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 1883
+    to_port = 1883
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 80
+    to_port = 80
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+    prefix_list_ids = []
+  }
+
+  tags = {
+    Name: "${var.env_prefix}-sg"
+  }
+}
+
+data "aws_ami" "latest-amazon-linux-image" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["al2023-ami-ecs-hvm-*-arm64"]
+  }
+  filter {
+    name = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
+output "aws_ami_id" {
+  value = data.aws_ami.latest-amazon-linux-image.id
+}
+
+output "ec2_public_ip" {
+  value = aws_instance.myapp-server.public_ip
+}
+
+resource "aws_key_pair" "ssh-key" {
+  key_name = "server-key"
+  public_key = file(var.public_key_location)
+}
+
+resource "aws_instance" "myapp-server" {
+  ami = data.aws_ami.latest-amazon-linux-image.id
+  instance_type = var.instance_type
+
+  subnet_id = aws_subnet.myapp-subnet-1.id
+  vpc_security_group_ids = [aws_security_group.myapp-sg.id]
+  availability_zone = var.avail_zone
+
+  associate_public_ip_address = true
+  key_name = aws_key_pair.ssh-key.key_name
+
+  # user_data = file("entry-script.sh")
+
+  user_data = templatefile("entry-template.tpl", {
+    mqtt_username = var.mqtt_username
+    mqtt_password = var.mqtt_password
+    mqtt_listener = var.mqtt_listener
+    dynamo_endpoint = var.dynamo_endpoint
+    aws_region = var.aws_region
+    aws_access_key_id = var.aws_access_key_id
+    aws_secret_access_key = var.aws_secret_access_key
+  })
+
+  tags = {
+    Name: "${var.env_prefix}-server"
+  }
+}
diff --git a/devops/terraform/providers.tf b/devops/terraform/providers.tf
new file mode 100644
index 0000000..af2a5f0
--- /dev/null
+++ b/devops/terraform/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "4.65.0"
+    }
+  }
+}
\ No newline at end of file