diff --git a/Jenkinsfile b/Jenkinsfile
index da9a0da..f617e13 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -34,17 +34,40 @@ pipeline {
                 }
             }
         }
+        stage('provision server') {
+            environment {
+                AWS_ACCESS_KEY_ID = credentials('jenkins_aws_access_key_id')
+                AWS_SECRET_ACCESS_KEY = credentials('jenkins_aws_secret_access_key')
+                TF_VAR_env_prefix = 'test'
+            }
+            steps {
+                script {
+                    dir('terraform') {
+                        sh "terraform init"
+                        sh "terraform apply --auto-approve"
+                        EC2_PUBLIC_IP = sh(
+                            script: "terraform output ec2_public_ip"
+                            returnStdout: true
+                        ).trim()
+                    }
+                }
+            }
+        }
         stage('deploy') {
             steps {
                 script {
+                   echo "waiting for EC2 server to initialize" 
+                   sleep(time: 90, unit: "SECONDS") 
+
                    echo 'deploying docker image to EC2...'
+                   echo "${EC2_PUBLIC_IP}"
 
                    def shellCmd = "bash ./server-cmds.sh ${IMAGE_NAME}"
-                   def ec2Instance = "ec2-user@35.180.251.121"
+                   def ec2Instance = "ec2-user@${EC2_PUBLIC_IP}"
 
-                   sshagent(['ec2-server-key']) {
-                       sh "scp server-cmds.sh ${ec2Instance}:/home/ec2-user"
-                       sh "scp docker-compose.yaml ${ec2Instance}:/home/ec2-user"
+                   sshagent(['server-ssh-key']) {
+                       sh "scp -o StrictHostKeyChecking=no server-cmds.sh ${ec2Instance}:/home/ec2-user"
+                       sh "scp -o StrictHostKeyChecking=no docker-compose.yaml ${ec2Instance}:/home/ec2-user"
                        sh "ssh -o StrictHostKeyChecking=no ${ec2Instance} ${shellCmd}"
                    }
                 }
diff --git a/terraform/entry-script.sh b/terraform/entry-script.sh
new file mode 100644
index 0000000..a275815
--- /dev/null
+++ b/terraform/entry-script.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+sudo yum update -y && sudo yum install -y docker
+sudo systemctl start docker 
+sudo usermod -aG docker ec2-user
+
+# install docker-compose 
+sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+sudo chmod +x /usr/local/bin/docker-compose
\ No newline at end of file
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..b0ce876
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,103 @@
+provider "aws" {
+    region = var.region
+}
+
+resource "aws_vpc" "myapp-vpc" {
+    cidr_block = var.vpc_cidr_block
+    tags = {
+        Name: "${var.env_prefix}-vpc"
+    }
+}
+
+resource "aws_subnet" "myapp-subnet-1" {
+    vpc_id = aws_vpc.myapp-vpc.id
+    cidr_block = var.subnet_cidr_block
+    availability_zone = var.avail_zone
+    tags = {
+        Name: "${var.env_prefix}-subnet-1"
+    }
+}
+
+resource "aws_internet_gateway" "myapp-igw" {
+    vpc_id = aws_vpc.myapp-vpc.id
+    tags = {
+        Name: "${var.env_prefix}-igw"
+    }
+}
+
+resource "aws_default_route_table" "main-rtb" {
+    default_route_table_id = aws_vpc.myapp-vpc.default_route_table_id
+
+    route {
+        cidr_block = "0.0.0.0/0"
+        gateway_id = aws_internet_gateway.myapp-igw.id
+    }
+    tags = {
+        Name: "${var.env_prefix}-main-rtb"
+    }
+}
+
+resource "aws_default_security_group" "default-sg" {
+    vpc_id = aws_vpc.myapp-vpc.id
+
+    ingress {
+        from_port = 22
+        to_port = 22
+        protocol = "tcp"
+        cidr_blocks = [var.my_ip]
+    }
+
+    ingress {
+        from_port = 8080
+        to_port = 8080
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    egress {
+        from_port = 0
+        to_port = 0
+        protocol = "-1"
+        cidr_blocks = ["0.0.0.0/0"]
+        prefix_list_ids = []
+    }
+
+    tags = {
+        Name: "${var.env_prefix}-default-sg"
+    }
+}
+
+data "aws_ami" "latest-amazon-linux-image" {
+    most_recent = true
+    owners = ["amazon"]
+    filter {
+        name = "name"
+        values = ["amzn2-ami-hvm-*-x86_64-gp2"]
+    }
+    filter {
+        name = "virtualization-type"
+        values = ["hvm"]
+    }
+}
+
+resource "aws_instance" "myapp-server" {
+    ami = data.aws_ami.latest-amazon-linux-image.id
+    instance_type = var.instance_type
+
+    subnet_id = aws_subnet.myapp-subnet-1.id
+    vpc_security_group_ids = [aws_default_security_group.default-sg.id]
+    availability_zone = var.avail_zone
+
+    associate_public_ip_address = true
+    key_name = "myapp-key-pair"
+
+    user_data = file("entry-script.sh")
+
+    tags = {
+        Name = "${var.env_prefix}-server"
+    }
+}
+
+output "ec2_public_ip" {
+    value = aws_instance.myapp-server.public_ip
+}
\ No newline at end of file
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..71452a4
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,21 @@
+variable vpc_cidr_block {
+    default = "10.0.0.0/16"
+}
+variable subnet_cidr_block {
+    default = "10.0.10.0/24"
+}
+variable avail_zone {
+    default = "eu-west-3a"
+}
+variable env_prefix {
+    default = "dev"
+}
+variable my_ip {
+    default = "212.124.154.110/32"
+}
+variable instance_type {
+    default = "t2.micro"
+}
+variable region {
+    default = "eu-west-3"
+}
\ No newline at end of file