diff --git a/.gitignore b/.gitignore
index 0845852..3e79af1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,3 +40,7 @@ testem.log
 Thumbs.db
 
 **/.env
+
+**/.terraform
+**/*.tfstate
+**/*.tfstate.*
diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile
index 2fbb812..8fb8425 100644
--- a/.gitpod.Dockerfile
+++ b/.gitpod.Dockerfile
@@ -20,3 +20,6 @@ RUN wget https://github.com/gruntwork-io/cloud-nuke/releases/download/${CLOUD_NU
 ### https://github.com/jckuester/awsls#installation
 RUN brew install jckuester/tap/awsls
 
+### Install terraform cli 1.1.3 as of 01/18/2022
+RUN brew tap hashicorp/tap && brew install hashicorp/tap/terraform
+RUN brew install hashicorp/tap/packer
diff --git a/.tool-versions b/.tool-versions
new file mode 100644
index 0000000..c430056
--- /dev/null
+++ b/.tool-versions
@@ -0,0 +1,9 @@
+terraform 1.1.4
+vault 1.9.3
+
+kubectl 1.23.3
+skaffold 1.35.2
+
+awscli 2.4.15
+aws-vault 6.4.0
+redis-cli 6.2.6
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 43fb340..39c5c40 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -8,6 +8,7 @@
     "users",
     "nx",
     "devx",
-    "spotify-passport-auth-express"
+    "spotify-passport-auth-express",
+    "serverless-framework-nestjs-sample"
   ]
 }
diff --git a/libs/aws-cloud9-terraform/.babelrc b/libs/aws-cloud9-terraform/.babelrc
new file mode 100644
index 0000000..cf7ddd9
--- /dev/null
+++ b/libs/aws-cloud9-terraform/.babelrc
@@ -0,0 +1,3 @@
+{
+  "presets": [["@nrwl/web/babel", { "useBuiltIns": "usage" }]]
+}
diff --git a/libs/aws-cloud9-terraform/.eslintrc.json b/libs/aws-cloud9-terraform/.eslintrc.json
new file mode 100644
index 0000000..9d9c0db
--- /dev/null
+++ b/libs/aws-cloud9-terraform/.eslintrc.json
@@ -0,0 +1,18 @@
+{
+  "extends": ["../../.eslintrc.json"],
+  "ignorePatterns": ["!**/*"],
+  "overrides": [
+    {
+      "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
+      "rules": {}
+    },
+    {
+      "files": ["*.ts", "*.tsx"],
+      "rules": {}
+    },
+    {
+      "files": ["*.js", "*.jsx"],
+      "rules": {}
+    }
+  ]
+}
diff --git a/libs/aws-cloud9-terraform/.terraform.lock.hcl b/libs/aws-cloud9-terraform/.terraform.lock.hcl
new file mode 100644
index 0000000..08d02b1
--- /dev/null
+++ b/libs/aws-cloud9-terraform/.terraform.lock.hcl
@@ -0,0 +1,59 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.74.0"
+  constraints = ">= 2.0.0, >= 3.0.0, ~> 3.0, >= 3.34.0, >= 3.72.0"
+  hashes = [
+    "h1:YNOblHBUf+XTjGTfIIsAMGp4weXB+tmQrMPCrpmM1/U=",
+    "zh:00767509c13c0d1c7ad6af702c6942e6572aa6d529b40a00baacc0e73faafea2",
+    "zh:03aafdc903ad49c2eda03889f927f44212674c50e475a9c6298850381319eec2",
+    "zh:2de8a6a97b180f909d652f215125aa4683e99db15fcf3b28d62e3d542f875ed6",
+    "zh:3ac29ebc3af99028f4230a79f56606a0c2954b68767bd749b921a76eb4f3bd30",
+    "zh:50add2e2d118a15a644360eabc5a34cec59f2560b491f8fabf9c52ab83ca7b09",
+    "zh:85dd8e81910ab79f841a4a595fdd8ac358fbfe460956144afb0be3d81f91fe10",
+    "zh:895de83d0f0941fde31bfc53fa6b1ea276901f006bec221bbdee4771a04f3693",
+    "zh:a15c9724aac52d1ba5001d2d83e42843099b52b1638ea29d84e20be0f45fa4f1",
+    "zh:c982a64463bd73e9bff2589de214b1de0a571438d9015001f9eae45cfc3a2559",
+    "zh:e9ef973c18078324e43213ea1252c12b9441e566bf054ddfdbff5dd62f3035d9",
+    "zh:f297e705b0f339c8baa27ae70db5df9aa6578adfe1ea3d2ba8edc186512464eb",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.1.0"
+  constraints = ">= 1.3.0"
+  hashes = [
+    "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
+    "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
+    "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
+    "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
+    "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
+    "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
+    "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
+    "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
+    "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
+    "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
+    "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
+    "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+  version     = "0.7.2"
+  constraints = ">= 0.7.0"
+  hashes = [
+    "h1:YYLAfhMFP5nhV2iZPslqsLkZN+6sZo7gMJW7pLcLfM8=",
+    "zh:0bbe0158c2a9e3f5be911b7e94477586110c51746bb13d102054f22754565bda",
+    "zh:3250af7fd49b8aaf2ccc895588af05197d886e38b727e3ba33bcbb8cc96ad34d",
+    "zh:35e4de0437f4fa9c1ad69aaf8136413be2369ea607d78e04bb68dc66a6a520b8",
+    "zh:369756417a6272e79cad31eb2c82c202f6a4b6e4204a893f656644ba9e149fa2",
+    "zh:390370f1179d89b33c3a0731691e772d5450a7d59fc66671ec625e201db74aa2",
+    "zh:3d12ac905259d225c685bc42e5507ed0fbdaa5a09c30dce7c1932d908df857f7",
+    "zh:75f63e5e1c68e6c5bccba4568c3564e2774eb3a7a19189eb8e2b6e0d58c8f8cc",
+    "zh:7c22a2078a608e3e0278c4cbc9c483909062ebd1843bddaf8f176346c6d378b1",
+    "zh:7cfb3c02f78f0060d59c757c4726ab45a962ce4a9cf4833beca704a1020785bd",
+    "zh:a0325917f47c28a2ed088dedcea0d9520d91b264e63cc667fe4336ac993c0c11",
+    "zh:c181551d4c0a40b52e236f1755cc340aeca0fb5dcfd08b3b1c393a7667d2f327",
+  ]
+}
diff --git a/libs/aws-cloud9-terraform/README.md b/libs/aws-cloud9-terraform/README.md
new file mode 100644
index 0000000..7dbff34
--- /dev/null
+++ b/libs/aws-cloud9-terraform/README.md
@@ -0,0 +1,3 @@
+# aws-cloud9-terraform
+
+This library was generated with [Nx](https://nx.dev).
diff --git a/libs/aws-cloud9-terraform/examples/minimal/.terraform.lock.hcl b/libs/aws-cloud9-terraform/examples/minimal/.terraform.lock.hcl
new file mode 100644
index 0000000..08d02b1
--- /dev/null
+++ b/libs/aws-cloud9-terraform/examples/minimal/.terraform.lock.hcl
@@ -0,0 +1,59 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.74.0"
+  constraints = ">= 2.0.0, >= 3.0.0, ~> 3.0, >= 3.34.0, >= 3.72.0"
+  hashes = [
+    "h1:YNOblHBUf+XTjGTfIIsAMGp4weXB+tmQrMPCrpmM1/U=",
+    "zh:00767509c13c0d1c7ad6af702c6942e6572aa6d529b40a00baacc0e73faafea2",
+    "zh:03aafdc903ad49c2eda03889f927f44212674c50e475a9c6298850381319eec2",
+    "zh:2de8a6a97b180f909d652f215125aa4683e99db15fcf3b28d62e3d542f875ed6",
+    "zh:3ac29ebc3af99028f4230a79f56606a0c2954b68767bd749b921a76eb4f3bd30",
+    "zh:50add2e2d118a15a644360eabc5a34cec59f2560b491f8fabf9c52ab83ca7b09",
+    "zh:85dd8e81910ab79f841a4a595fdd8ac358fbfe460956144afb0be3d81f91fe10",
+    "zh:895de83d0f0941fde31bfc53fa6b1ea276901f006bec221bbdee4771a04f3693",
+    "zh:a15c9724aac52d1ba5001d2d83e42843099b52b1638ea29d84e20be0f45fa4f1",
+    "zh:c982a64463bd73e9bff2589de214b1de0a571438d9015001f9eae45cfc3a2559",
+    "zh:e9ef973c18078324e43213ea1252c12b9441e566bf054ddfdbff5dd62f3035d9",
+    "zh:f297e705b0f339c8baa27ae70db5df9aa6578adfe1ea3d2ba8edc186512464eb",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.1.0"
+  constraints = ">= 1.3.0"
+  hashes = [
+    "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
+    "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
+    "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
+    "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
+    "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
+    "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
+    "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
+    "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
+    "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
+    "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
+    "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
+    "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+  version     = "0.7.2"
+  constraints = ">= 0.7.0"
+  hashes = [
+    "h1:YYLAfhMFP5nhV2iZPslqsLkZN+6sZo7gMJW7pLcLfM8=",
+    "zh:0bbe0158c2a9e3f5be911b7e94477586110c51746bb13d102054f22754565bda",
+    "zh:3250af7fd49b8aaf2ccc895588af05197d886e38b727e3ba33bcbb8cc96ad34d",
+    "zh:35e4de0437f4fa9c1ad69aaf8136413be2369ea607d78e04bb68dc66a6a520b8",
+    "zh:369756417a6272e79cad31eb2c82c202f6a4b6e4204a893f656644ba9e149fa2",
+    "zh:390370f1179d89b33c3a0731691e772d5450a7d59fc66671ec625e201db74aa2",
+    "zh:3d12ac905259d225c685bc42e5507ed0fbdaa5a09c30dce7c1932d908df857f7",
+    "zh:75f63e5e1c68e6c5bccba4568c3564e2774eb3a7a19189eb8e2b6e0d58c8f8cc",
+    "zh:7c22a2078a608e3e0278c4cbc9c483909062ebd1843bddaf8f176346c6d378b1",
+    "zh:7cfb3c02f78f0060d59c757c4726ab45a962ce4a9cf4833beca704a1020785bd",
+    "zh:a0325917f47c28a2ed088dedcea0d9520d91b264e63cc667fe4336ac993c0c11",
+    "zh:c181551d4c0a40b52e236f1755cc340aeca0fb5dcfd08b3b1c393a7667d2f327",
+  ]
+}
diff --git a/libs/aws-cloud9-terraform/examples/minimal/fixtures.auto.tfvars b/libs/aws-cloud9-terraform/examples/minimal/fixtures.auto.tfvars
new file mode 100644
index 0000000..16aeffa
--- /dev/null
+++ b/libs/aws-cloud9-terraform/examples/minimal/fixtures.auto.tfvars
@@ -0,0 +1,6 @@
+ami            = "ami-049164e77a2c5b5f9"
+vpc_id         = "vpc-2a1b2541"
+subnet_id      = "subnet-d99aba94"
+workstation_ip = "62.216.35.230"
+ssh_key_name   = "development"
+region         = "eu-central-1"
diff --git a/libs/aws-cloud9-terraform/examples/minimal/main.tf b/libs/aws-cloud9-terraform/examples/minimal/main.tf
new file mode 100644
index 0000000..022138b
--- /dev/null
+++ b/libs/aws-cloud9-terraform/examples/minimal/main.tf
@@ -0,0 +1,29 @@
+# You cannot create a new backend by simply defining this and then
+# immediately proceeding to "terraform apply". The S3 backend must
+# be bootstrapped according to the simple yet essential procedure in
+# https://github.com/cloudposse/terraform-aws-tfstate-backend#usage
+module "terraform_state_backend" {
+  source = "cloudposse/tfstate-backend/aws"
+  # Cloud Posse recommends pinning every module to a specific version
+  version    = "0.38.1"
+  namespace  = "lo"
+  stage      = "develop"
+  name       = "terraform"
+  attributes = ["state"]
+
+  terraform_backend_config_file_path = "."
+  terraform_backend_config_file_name = "backend.tf"
+  force_destroy                      = true
+}
+
+module "vscode_workstation" {
+  source = "../../terraform"
+
+  region = var.region
+
+  ami            = "ami-049164e77a2c5b5f9"
+  vpc_id         = var.vpc_id
+  subnet_id      = var.subnet_id
+  workstation_ip = var.workstation_ip
+  ssh_key_name   = var.ssh_key_name
+}
diff --git a/libs/aws-cloud9-terraform/examples/minimal/providers.tf b/libs/aws-cloud9-terraform/examples/minimal/providers.tf
new file mode 100644
index 0000000..5ca1ea5
--- /dev/null
+++ b/libs/aws-cloud9-terraform/examples/minimal/providers.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+# Configure the AWS Provider
+provider "aws" {
+  region = var.region
+}
+
diff --git a/libs/aws-cloud9-terraform/examples/minimal/variables.tf b/libs/aws-cloud9-terraform/examples/minimal/variables.tf
new file mode 100644
index 0000000..6ab3194
--- /dev/null
+++ b/libs/aws-cloud9-terraform/examples/minimal/variables.tf
@@ -0,0 +1,31 @@
+variable "ami" {
+  type    = string
+  default = "ami-0eaa6183e540e9b04"
+}
+
+variable "ec2_instance_type" {
+  type    = string
+  default = "t2.micro"
+}
+
+variable "subnet_id" {
+  type    = string
+  default = "subnet-fd6b7780"
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "workstation_ip" {
+  type = string
+}
+
+variable "ssh_key_name" {
+  type = string
+}
+
+variable "region" {
+  type    = string
+  default = "eu-central-1"
+}
diff --git a/libs/aws-cloud9-terraform/packer/aws-workstation-ubuntu.pkr.hcl b/libs/aws-cloud9-terraform/packer/aws-workstation-ubuntu.pkr.hcl
new file mode 100644
index 0000000..81c4d09
--- /dev/null
+++ b/libs/aws-cloud9-terraform/packer/aws-workstation-ubuntu.pkr.hcl
@@ -0,0 +1,79 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 0.0.2"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+source "amazon-ebs" "ubuntu" {
+  ami_name      = "aws-vscode-workstation-linux-aws-0.0.1-rc.7"
+  instance_type = "t2.micro"
+  region        = var.region
+
+  source_ami_filter {
+    filters = {
+      name                = "ubuntu/images/*ubuntu-bionic-18.04-amd64-server-*"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["099720109477"]
+  }
+
+  ssh_username = "ubuntu"
+}
+
+build {
+  name = "aws-vscode-workstation"
+
+  sources = [
+    "source.amazon-ebs.ubuntu"
+  ]
+
+  provisioner "file" {
+    content     = <<EOF
+ruby 3.1.0
+
+terraform ${var.terraform_version}
+vault 1.9.3
+
+kubectl 1.23.3
+skaffold ${var.skaffold_version}
+
+awscli 2.4.15
+aws-vault 6.4.0
+
+sonarscanner 4.4.0.2170
+
+jq 1.6
+nodejs 12.22.9
+EOF
+    destination = "~/.tool-versions"
+  }
+
+  provisioner "file" {
+    source      = "./install_asdf_plugins.sh"
+    destination = "/home/ubuntu/install_asdf_plugins.sh"
+  }
+
+  provisioner "file" {
+    source      = "./install_tools.sh"
+    destination = "/home/ubuntu/install_tools.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = [
+      "FOO=hello world"
+    ]
+
+    inline = [
+      "echo 'Sleeping for 30 seconds to give Ubuntu enough time to initialize (otherwise, packages may fail to install).'",
+      "sleep 30",
+      "./install_tools.sh",
+      "./install_asdf_plugins.sh"
+    ]
+  }
+
+}
diff --git a/libs/aws-cloud9-terraform/packer/install_asdf_plugins.sh b/libs/aws-cloud9-terraform/packer/install_asdf_plugins.sh
new file mode 100755
index 0000000..5c182e4
--- /dev/null
+++ b/libs/aws-cloud9-terraform/packer/install_asdf_plugins.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# install adsf version manager
+git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.9.0
+
+echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.zshrc
+echo -e '\n. $HOME/.asdf/completions/asdf.bash' >> ~/.zshrc
+
+source $HOME/.asdf/asdf.sh
+
+asdf plugin-add boundary https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add consul https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add nomad https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add packer https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add sentinel https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add serf https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add vault https://github.com/asdf-community/asdf-hashicorp.git
+asdf plugin-add waypoint https://github.com/asdf-community/asdf-hashicorp.git
+
+#
+asdf plugin-add kubectl https://github.com/asdf-community/asdf-kubectl.git
+asdf plugin-add skaffold https://github.com/virtualstaticvoid/asdf-skaffold.git
+
+#
+asdf plugin add awscli
+asdf plugin-add aws-vault https://github.com/virtualstaticvoid/asdf-aws-vault.git
+#
+asdf plugin add redis-cli https://github.com/NeoHsu/asdf-redis-cli.git
+asdf plugin add sonarscanner https://github.com/virtualstaticvoid/asdf-sonarscanner.git
+
+asdf plugin add jq
+asdf plugin add ruby
+asdf plugin add nodejs
+
+asdf install
diff --git a/libs/aws-cloud9-terraform/packer/install_tools.sh b/libs/aws-cloud9-terraform/packer/install_tools.sh
new file mode 100755
index 0000000..0aed88e
--- /dev/null
+++ b/libs/aws-cloud9-terraform/packer/install_tools.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+sudo apt-get update
+sudo apt-get install -qy wget unzip curl git procps libssl-dev zlib1g-dev
+
+sudo apt-get install -qy linux-headers-$(uname -r) build-essential
+sudo snap install amazon-ssm-agent --classic
+sudo apt-get install ec2-instance-connect -qy
+
+sudo snap install docker
+sleep 30
+sudo chmod 666 /var/run/docker.sock
+
+# install zsh
+sudo apt-get install -yq zsh
+
+git clone https://github.com/ohmyzsh/ohmyzsh.git ~/.oh-my-zsh
+cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc
+# "sudo chsh -s $(which zsh)",
+
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
+
+echo "\nsource ~/.nvm/nvm.sh\n" >> ~/.zshrc
+echo "export AWS_VAULT_BACKEND=file" >> ~/.zshrc
+
+sudo apt-get install postgresql-client -yq
diff --git a/libs/aws-cloud9-terraform/packer/variables.pkr.hcl b/libs/aws-cloud9-terraform/packer/variables.pkr.hcl
new file mode 100644
index 0000000..1a2f980
--- /dev/null
+++ b/libs/aws-cloud9-terraform/packer/variables.pkr.hcl
@@ -0,0 +1,12 @@
+
+variable terraform_version {
+  default = "1.1.4"
+}
+
+variable skaffold_version {
+  default = "1.35.2"
+}
+
+variable "region" {
+  default = "eu-central-1"
+}
diff --git a/libs/aws-cloud9-terraform/src/index.ts b/libs/aws-cloud9-terraform/src/index.ts
new file mode 100644
index 0000000..29d02ce
--- /dev/null
+++ b/libs/aws-cloud9-terraform/src/index.ts
@@ -0,0 +1 @@
+export * from './lib/aws-cloud9-terraform'
diff --git a/libs/aws-cloud9-terraform/src/lib/aws-cloud9-terraform.ts b/libs/aws-cloud9-terraform/src/lib/aws-cloud9-terraform.ts
new file mode 100644
index 0000000..9badf8d
--- /dev/null
+++ b/libs/aws-cloud9-terraform/src/lib/aws-cloud9-terraform.ts
@@ -0,0 +1,3 @@
+export function awsCloud9Terraform(): string {
+  return 'aws-cloud9-terraform'
+}
diff --git a/libs/aws-cloud9-terraform/terraform/ec2-instance.tf b/libs/aws-cloud9-terraform/terraform/ec2-instance.tf
new file mode 100644
index 0000000..6f25805
--- /dev/null
+++ b/libs/aws-cloud9-terraform/terraform/ec2-instance.tf
@@ -0,0 +1,96 @@
+module "labels" {
+  source = "cloudposse/label/null"
+  # Cloud Posse recommends pinning every module to a specific version
+  version = "0.25.0"
+
+  namespace   = "lazyorange"
+  environment = "development"
+  name        = "vscode-remote-workstation"
+  delimiter   = "-"
+  attributes  = []
+
+  tags = {
+    Terraform = true
+  }
+}
+
+module "vscode_workstation_sg" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "4.8.0"
+
+  name = "${module.labels.id}-sg"
+  tags = module.labels.tags
+
+  description = "Security group for user-service with custom ports open within VPC"
+  vpc_id      = var.vpc_id
+
+  # ingress_cidr_blocks = [""]
+  egress_rules = ["all-all"]
+
+  ingress_cidr_blocks = ["${var.workstation_ip}/32"]
+  ingress_rules       = ["ssh-tcp"]
+}
+
+// https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-assumable-role
+// https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/examples/iam-assumable-role
+module "iam_assumable_role_workstation" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
+  version = "~> 4"
+
+  trusted_role_services = [
+    "ec2.amazonaws.com"
+  ]
+
+  create_role             = true
+  create_instance_profile = true
+
+  role_name         = "custom"
+  role_requires_mfa = false
+
+  custom_role_policy_arns = [
+    "arn:aws:iam::aws:policy/AmazonSSMFullAccess",
+    "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+  ]
+
+  number_of_custom_role_policy_arns = 2
+}
+
+// https://github.com/terraform-aws-modules/terraform-aws-ec2-instance
+module "vscode_workstation_ec2" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  version = "~> 3.0"
+
+  name = module.labels.id
+  tags = module.labels.tags
+
+  ami           = var.ami
+  instance_type = var.ec2_instance_type # "t3.large"
+  cpu_credits   = "unlimited"
+  monitoring    = true
+
+  key_name = var.ssh_key_name
+
+  vpc_security_group_ids = [module.vscode_workstation_sg.security_group_id]
+  subnet_id              = var.subnet_id
+
+  associate_public_ip_address = true
+  iam_instance_profile        = module.iam_assumable_role_workstation.iam_instance_profile_name
+
+  # you don't need to install SSM agent until you use own ami
+  #   # https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-status-and-restart.html
+  #   user_data = <<EOF
+  # #!/bin/bash
+  # sudo snap install amazon-ssm-agent --classic
+  # sudo snap install aws-cli --classic
+  # EOF
+
+   root_block_device = [
+    {
+      encrypted   = false
+      volume_type = "gp3"
+      throughput  = 200
+      volume_size = 60
+    },
+  ]
+
+}
diff --git a/libs/aws-cloud9-terraform/terraform/main.tf b/libs/aws-cloud9-terraform/terraform/main.tf
new file mode 100644
index 0000000..5ca1ea5
--- /dev/null
+++ b/libs/aws-cloud9-terraform/terraform/main.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+# Configure the AWS Provider
+provider "aws" {
+  region = var.region
+}
+
diff --git a/libs/aws-cloud9-terraform/terraform/outputs.tf b/libs/aws-cloud9-terraform/terraform/outputs.tf
new file mode 100644
index 0000000..c5fcadf
--- /dev/null
+++ b/libs/aws-cloud9-terraform/terraform/outputs.tf
@@ -0,0 +1,9 @@
+output "ec2_instance_id" {
+  description = "The ID of the instance"
+  value = module.vscode_workstation_ec2.id
+}
+
+output "public_ip" {
+  description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
+  value = module.vscode_workstation_ec2.public_ip
+}
diff --git a/libs/aws-cloud9-terraform/terraform/variables.tf b/libs/aws-cloud9-terraform/terraform/variables.tf
new file mode 100644
index 0000000..1aeabb3
--- /dev/null
+++ b/libs/aws-cloud9-terraform/terraform/variables.tf
@@ -0,0 +1,31 @@
+variable "ami" {
+  type    = string
+  default = "ami-049164e77a2c5b5f9"
+}
+
+variable "ec2_instance_type" {
+  type    = string
+  default = "t2.micro"
+}
+
+variable "subnet_id" {
+  type    = string
+  default = "subnet-fd6b7780"
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "workstation_ip" {
+  type = string
+}
+
+variable "ssh_key_name" {
+  type = string
+}
+
+variable "region" {
+  type    = string
+  default = "eu-central-1"
+}
\ No newline at end of file
diff --git a/libs/aws-cloud9-terraform/tsconfig.json b/libs/aws-cloud9-terraform/tsconfig.json
new file mode 100644
index 0000000..cc38cf1
--- /dev/null
+++ b/libs/aws-cloud9-terraform/tsconfig.json
@@ -0,0 +1,16 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "files": [],
+  "include": [],
+  "references": [
+    {
+      "path": "./tsconfig.lib.json"
+    }
+  ],
+  "compilerOptions": {
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true
+  }
+}
diff --git a/libs/aws-cloud9-terraform/tsconfig.lib.json b/libs/aws-cloud9-terraform/tsconfig.lib.json
new file mode 100644
index 0000000..a8b9431
--- /dev/null
+++ b/libs/aws-cloud9-terraform/tsconfig.lib.json
@@ -0,0 +1,10 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../dist/out-tsc",
+    "declaration": true,
+    "types": []
+  },
+  "include": ["**/*.ts"],
+  "exclude": ["**/*.spec.ts"]
+}
diff --git a/tsconfig.base.json b/tsconfig.base.json
index 36f5c34..21e2885 100644
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -16,6 +16,9 @@
     "baseUrl": ".",
     "paths": {
       "@lazyorange/auth": ["libs/auth/src/index.ts"],
+      "@lazyorange/aws-cloud9-terraform": [
+        "libs/aws-cloud9-terraform/src/index.ts"
+      ],
       "@lazyorange/domain": ["libs/domain/src/index.ts"],
       "@lazyorange/infrastructure": ["libs/infrastructure/src/index.ts"],
       "@lazyorange/users-sequelize": ["libs/users-sequelize/src/index.ts"],
diff --git a/workspace.json b/workspace.json
index 771671a..160dea8 100644
--- a/workspace.json
+++ b/workspace.json
@@ -3,6 +3,21 @@
   "projects": {
     "app": "apps/app",
     "auth": "libs/auth",
+    "aws-cloud9-terraform": {
+      "root": "libs/aws-cloud9-terraform",
+      "sourceRoot": "libs/aws-cloud9-terraform/src",
+      "projectType": "library",
+      "targets": {
+        "lint": {
+          "executor": "@nrwl/linter:eslint",
+          "outputs": ["{options.outputFile}"],
+          "options": {
+            "lintFilePatterns": ["libs/aws-cloud9-terraform/**/*.ts"]
+          }
+        }
+      },
+      "tags": []
+    },
     "domain": "libs/domain",
     "infrastructure": "libs/infrastructure",
     "spotify-express-passport-auth-app": {