diff --git a/.gitignore b/.gitignore
index 9b8a46e..72e6014 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,3 +32,4 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+**/.terraform.lock.hcl
diff --git a/README.md b/README.md
index a2fcb60..6534073 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,92 @@
-# eks-terraform
-Building EKS cluster with Terraform
+
+# Amazon EKS with Terraform
+
+This repository provides Terraform scripts to deploy an Amazon EKS cluster along with base infrastructure and platform-specific infrastructure.
+
+## Folder Structure
+
+The repository is organized into the following folders:
+
+1. [`base_infra`](/baseinfra/): Contains Terraform scripts for setting up the base infrastructure, including VPC, subnets, and security groups.
+
+2. [`platform_infra`](/platforminfra/): Contains Terraform scripts for setting up the EKS cluster and nodes, as well as any additional resources required for your platform.
+
+## Prerequisites
+
+- [Terraform](https://www.terraform.io/downloads.html) (>= 0.13)
+- [AWS CLI](https://aws.amazon.com/cli/)
+- AWS account with appropriate IAM permissions
+
+## Workflow
+
+### Setting up Base Infrastructure
+
+1. Navigate to the `base_infra` folder:
+
+```bash
+cd base_infra
+```
+
+2. Initialize Terraform with backend configuration:
+
+```bash
+terraform init -backend-config="env/baseinfra.config"
+```
+
+3. Review and modify the `base_infra` configuration files as needed.
+
+4. Create an execution plan:
+
+```bash
+terraform plan
+```
+
+5. Apply the changes to create base infrastructure:
+
+```bash
+terraform apply
+```
+
+### Setting up Platform Infrastructure (EKS Cluster)
+
+1. Navigate to the `platform_infra` folder:
+
+```bash
+cd platform_infra
+```
+
+2. Initialize Terraform with backend configuration:
+
+```bash
+terraform init -backend-config="env/platforminfra.config"
+```
+
+3. Review and modify the `platform_infra` configuration files as needed.
+
+4. Create an execution plan:
+
+```bash
+terraform plan
+```
+
+5. Apply the changes to create the EKS cluster and associated resources:
+
+```bash
+terraform apply
+```
+
+## Cleanup
+
+To tear down the infrastructure when no longer needed:
+
+1. Navigate to each folder and run:
+
+```bash
+terraform destroy
+```
+
+## Notes
+
+- Replace placeholders like `env/baseinfra.config` and `env/platforminfra.config` with the actual paths to your backend configurations.
+
+- Make sure to review and adjust security group rules, IAM policies, and configurations as needed.
diff --git a/baseinfra/README.md b/baseinfra/README.md
new file mode 100644
index 0000000..5250ca1
--- /dev/null
+++ b/baseinfra/README.md
@@ -0,0 +1,68 @@
+# Base Infrastructure Setup with Terraform
+
+This directory contains Terraform scripts for setting up the base infrastructure, including VPC, subnets, IAM roles, security groups, and more.
+
+## Folder Structure
+
+- `data.tf`: Defines any external data sources needed for the base infrastructure.
+- `iam.tf`: Defines IAM roles and policies required for the base infrastructure.
+- `locals.tf`: Contains local values to simplify configuration.
+- `network.tf`: Defines the VPC, subnets, and other networking components.
+- `provider.tf`: Specifies the AWS provider configuration.
+- `security_group.tf`: Defines security groups and their associated rules.
+- `variables.tf`: Declares input variables for the base infrastructure.
+- `outputs.tf`: Specifies output values for reference.
+
+## Prerequisites
+
+- [Terraform](https://www.terraform.io/downloads.html) (>= 0.13)
+- [AWS CLI](https://aws.amazon.com/cli/)
+- AWS account with appropriate IAM permissions
+
+## Configuration
+
+1. Modify the variables in `variables.tf` to match your requirements.
+2. Customize IAM roles and policies in `iam.tf` according to your security needs.
+3. Adjust security group rules in `security_group.tf` to fit your organization's policies.
+4. Review and modify networking settings in `network.tf` as needed.
+5. Define any external data sources in `data.tf` if required.
+
+## Usage
+
+1. Initialize Terraform:
+
+```bash
+terraform init
+```
+
+2. Review the execution plan:
+
+```bash
+terraform plan
+```
+
+3. Apply the changes to create the base infrastructure:
+
+```bash
+terraform apply
+```
+
+## Cleanup
+
+To tear down the base infrastructure when no longer needed:
+
+1. Run:
+
+```bash
+terraform destroy
+```
+
+2. Confirm with "yes" when prompted.
+
+## Notes
+
+- Replace placeholders in the Terraform files with your actual configurations.
+
+- Ensure that security group rules and IAM policies align with your organization's security requirements.
+
+- Always practice best security practices when setting up IAM roles, security groups, and other resources.
diff --git a/baseinfra/data.tf b/baseinfra/data.tf
new file mode 100644
index 0000000..b32890e
--- /dev/null
+++ b/baseinfra/data.tf
@@ -0,0 +1,3 @@
+data "aws_availability_zones" "available" {
+  
+}
\ No newline at end of file
diff --git a/baseinfra/env/base_infra.config b/baseinfra/env/base_infra.config
new file mode 100644
index 0000000..a7a141f
--- /dev/null
+++ b/baseinfra/env/base_infra.config
@@ -0,0 +1,3 @@
+key="EKS/baseinfra.tfstate"
+bucket="eks-terraform-backend-state"
+region="us-east-1"
\ No newline at end of file
diff --git a/baseinfra/iam.tf b/baseinfra/iam.tf
new file mode 100644
index 0000000..e4a712f
--- /dev/null
+++ b/baseinfra/iam.tf
@@ -0,0 +1,58 @@
+# create an IAM role with the AmazonEKSClusterPolicy
+resource "aws_iam_role" "demo" {
+  name = "eks-cluster-demo"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+
+resource "aws_iam_role_policy_attachment" "demo-AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.demo.name
+}
+
+
+# create a single instance group for Kubernetes. Similar to the EKS cluster, it requires an IAM role as well.
+
+resource "aws_iam_role" "nodes" {
+  name = "eks-node-group-nodes"
+
+  assume_role_policy = jsonencode({
+    Statement = [{
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
+      Principal = {
+        Service = "ec2.amazonaws.com"
+      }
+    }]
+    Version = "2012-10-17"
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "nodes-AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.nodes.name
+}
+
+resource "aws_iam_role_policy_attachment" "nodes-AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.nodes.name
+}
+
+resource "aws_iam_role_policy_attachment" "nodes-AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.nodes.name
+}
diff --git a/baseinfra/locals.tf b/baseinfra/locals.tf
new file mode 100644
index 0000000..517b273
--- /dev/null
+++ b/baseinfra/locals.tf
@@ -0,0 +1,3 @@
+locals {
+  cluster_name = "test"
+}
\ No newline at end of file
diff --git a/baseinfra/network.tf b/baseinfra/network.tf
new file mode 100644
index 0000000..9fec38f
--- /dev/null
+++ b/baseinfra/network.tf
@@ -0,0 +1,112 @@
+# VPC Creation
+resource "aws_vpc" "main" {
+    cidr_block              = "${var.vpc_cidr_block}"
+    enable_dns_hostnames    = true
+    tags = {
+        Name                = "${var.environment}-vpc"
+    }
+}
+
+# Public Subnet Creation
+resource "aws_subnet" "public-subnet-1a" {
+    vpc_id              = aws_vpc.main.id
+    cidr_block          = var.public_subnet_1a_cidr_block
+    availability_zone   = "us-east-1a"
+    
+
+    tags = {
+        Name            = "${var.environment}-public-subnet-1a"
+    }
+}
+
+resource "aws_subnet" "public-subnet-1b" {
+    vpc_id              = aws_vpc.main.id
+    cidr_block          = var.public_subnet_1b_cidr_block
+    availability_zone   = "us-east-1b"
+    tags = {
+        Name            = "${var.environment}-public-subnet-1b"
+    }
+}
+
+# Private Subnet Creation
+resource "aws_subnet" "private-subnet-1a" {
+    vpc_id              = aws_vpc.main.id
+    cidr_block          = var.private_subnet_1a_cidr_block
+    availability_zone   = "us-east-1a"
+    tags = {
+        Name            = "${var.environment}-private-subnet-1a"
+    }
+}
+
+resource "aws_subnet" "private-subnet-1b" {
+    vpc_id              = aws_vpc.main.id
+    cidr_block          = var.private_subnet_1b_cidr_block
+    availability_zone   = "us-east-1b"
+
+    tags = {
+        Name            = "${var.environment}-private-subnet-1b"
+    }
+  
+}
+
+# Route Table Creation - Public 
+resource "aws_route_table" "public-route-table" {
+    vpc_id = aws_vpc.main.id
+
+    tags = {
+      Name = "${var.environment}-public-route-table"
+    }
+}
+
+# Route Table Creation - Private
+resource "aws_route_table" "private-route-table" {
+    vpc_id = aws_vpc.main.id
+
+    tags = {
+      Name = "${var.environment}-private-route-table"
+    }
+}
+
+# Route Table Association - Public
+
+resource "aws_route_table_association" "public-subnet-1a" {
+    subnet_id       = aws_subnet.public-subnet-1a.id
+    route_table_id  = aws_route_table.public-route-table.id
+}
+
+resource "aws_route_table_association" "public-subnet-1b" {
+    subnet_id       = aws_subnet.public-subnet-1b.id
+    route_table_id  = aws_route_table.public-route-table.id
+}
+
+# Route Table Association - Private
+
+resource "aws_route_table_association" "private-subnet-1a" {
+    subnet_id       = aws_subnet.private-subnet-1a.id
+    route_table_id  = aws_route_table.private-route-table.id
+}
+
+resource "aws_route_table_association" "private-subnet-1b" {
+    subnet_id       = aws_subnet.private-subnet-1b.id
+    route_table_id  = aws_route_table.private-route-table.id
+}
+
+
+# Internet Gateway Creation
+
+resource "aws_internet_gateway" "main-igw" {
+    vpc_id = aws_vpc.main.id
+
+    tags = {
+      Name = "${var.environment}-IGW"
+    }
+}
+
+
+# Public IGW & route table association [ public route]
+
+resource "aws_route" "igw-route" {
+    route_table_id          = aws_route_table.public-route-table.id
+    gateway_id              = aws_internet_gateway.main-igw.id
+    destination_cidr_block  = "0.0.0.0/0"
+}
\ No newline at end of file
diff --git a/baseinfra/output.tf b/baseinfra/output.tf
new file mode 100644
index 0000000..adf15db
--- /dev/null
+++ b/baseinfra/output.tf
@@ -0,0 +1,42 @@
+output "vpc_id" {
+  value = aws_vpc.main.id
+}
+
+output "vpc_cidr_block" {
+  value = aws_vpc.main.cidr_block
+}
+
+output "public_subnet_1a_id" {
+  value = aws_subnet.public-subnet-1a.id
+}
+
+output "public_subnet_1b_id" {
+  value = aws_subnet.public-subnet-1b.id
+}
+
+output "private_subnet_1a_id" {
+  value = aws_subnet.private-subnet-1a.id
+}
+
+output "private_subnet_1b_id" {
+  value = aws_subnet.private-subnet-1b.id
+}
+
+output "private_subnets" {
+  value = tolist([aws_subnet.private-subnet-1a.id, aws_subnet.private-subnet-1b.id])
+}
+
+output "public_subnets" {
+  value = tolist([aws_subnet.public-subnet-1a.id, aws_subnet.public-subnet-1b.id])
+}
+
+output "aws_iam_role_demo" {
+  value = aws_iam_role.demo.arn
+
+}
+output "aws_iam_role_node" {
+  value = aws_iam_role.nodes
+}
+output "policy_attachment_demo_AmazonEKSClusterPolicy" {
+  value = aws_iam_role_policy_attachment.demo-AmazonEKSClusterPolicy
+}
\ No newline at end of file
diff --git a/baseinfra/provider.tf b/baseinfra/provider.tf
new file mode 100644
index 0000000..17695b4
--- /dev/null
+++ b/baseinfra/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+    required_providers{
+        aws = {
+            source = "hashicorp/aws"   
+        }
+    }
+    backend "s3" {
+
+    }
+
+    #  backend "local" {
+    # path = "/home/pradip/infra_ajit/eks-terraform/baseinfra/terraform.tfstate"
+    #                 }
+}
+provider "aws" {
+    region = var.aws_region
+}
+
+
diff --git a/baseinfra/sg.tf b/baseinfra/sg.tf
new file mode 100644
index 0000000..8454b17
--- /dev/null
+++ b/baseinfra/sg.tf
@@ -0,0 +1,60 @@
+resource "aws_security_group" "base_sg" {
+  name        = "base-security-group"
+  description = "Base security group for VPC"
+
+  // Inbound rules
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]  # Limit this to your specific IPs
+
+    description = "SSH Access"
+  }
+
+  // Outbound rules
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"  # All traffic
+    cidr_blocks = ["0.0.0.0/0"]
+
+    description = "Outbound traffic"
+  }
+}
+
+resource "aws_security_group_rule" "eks_cluster_ingress" {
+  type        = "ingress"
+  from_port   = 443
+  to_port     = 443
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]  # Limit this to your specific IPs
+  security_group_id = aws_security_group.base_sg.id
+}
+
+resource "aws_security_group_rule" "eks_cluster_egress" {
+  type        = "egress"
+  from_port   = 0
+  to_port     = 0
+  protocol    = "-1"  # All traffic
+  cidr_blocks = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.base_sg.id
+}
+
+resource "aws_security_group_rule" "eks_nodes_ingress" {
+  type        = "ingress"
+  from_port   = 0
+  to_port     = 65535  # Example: Allow all ports for communication within nodes
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.base_sg.id
+}
+
+resource "aws_security_group_rule" "eks_nodes_egress" {
+  type        = "egress"
+  from_port   = 0
+  to_port     = 0
+  protocol    = "-1"  # All traffic
+  cidr_blocks = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.base_sg.id
+}
\ No newline at end of file
diff --git a/baseinfra/variables.tf b/baseinfra/variables.tf
new file mode 100644
index 0000000..b29180a
--- /dev/null
+++ b/baseinfra/variables.tf
@@ -0,0 +1,39 @@
+variable "aws_region" {
+  description = "Default AWS region"
+  default     = "us-east-1"
+}
+
+variable "remote_state_bucket" {}
+variable "remote_state_key" {}
+
+variable "environment" {
+  default     = "DEV"
+  description = "Environment name used a sprefix"
+}
+
+
+variable "vpc_cidr_block" {
+  default     = "10.0.0.0/16"
+  description = "CIDR block for the VPC"
+}
+
+variable "public_subnet_1a_cidr_block" {
+  description = "value of the public subnet 1a cidr block"
+  default = "10.0.1.0/24"
+}
+
+variable "public_subnet_1b_cidr_block" {
+  description = "value of the public subnet 1b cidr block"
+  default = "10.0.2.0/24"
+}
+
+variable "private_subnet_1a_cidr_block" {
+  description = "value of the private subnet 1a cidr block"
+  default = "10.0.10.0/24"
+}
+
+variable "private_subnet_1b_cidr_block" {
+  description = "value of the private subnet 1b cidr block"
+  default = "10.0.11.0/24"
+}
+
diff --git a/platforminfra/README.md b/platforminfra/README.md
new file mode 100644
index 0000000..222dc0c
--- /dev/null
+++ b/platforminfra/README.md
@@ -0,0 +1,62 @@
+# Platform-Specific Infrastructure Setup with Terraform
+
+This directory contains Terraform scripts for setting up platform-specific infrastructure, including Amazon EKS cluster, nodes, application resources, and more.
+
+## Folder Structure
+
+- `app.tf`: Defines application-specific resources to deploy on the EKS cluster.
+- `provider.tf`: Specifies the AWS provider configuration.
+- `variable.tf`: Declares input variables for the platform-specific infrastructure.
+- `outputs.tf`: Specifies output values for reference.
+
+## Prerequisites
+
+- [Terraform](https://www.terraform.io/downloads.html) (>= 0.13)
+- [AWS CLI](https://aws.amazon.com/cli/)
+- AWS account with appropriate IAM permissions
+
+## Configuration
+
+1. Modify the variables in `variable.tf` to match your requirements.
+2. Customize application-specific resources in `app.tf` according to your application's needs.
+
+## Usage
+
+1. Ensure that the base infrastructure (VPC, subnets, security groups) has been set up using the `base_infra` module.
+2. Initialize Terraform:
+
+```bash
+terraform init
+```
+
+3. Review the execution plan:
+
+```bash
+terraform plan
+```
+
+4. Apply the changes to create the platform-specific infrastructure:
+
+```bash
+terraform apply
+```
+
+## Cleanup
+
+To tear down the platform-specific infrastructure when no longer needed:
+
+1. Run:
+
+```bash
+terraform destroy
+```
+
+2. Confirm with "yes" when prompted.
+
+## Notes
+
+- Replace placeholders in the Terraform files with your actual configurations.
+
+- Ensure that the application resources in `app.tf` are aligned with your application's requirements.
+
+- Always follow best practices when deploying application resources on the EKS cluster.
\ No newline at end of file
diff --git a/platforminfra/app.tf b/platforminfra/app.tf
new file mode 100644
index 0000000..61005e2
--- /dev/null
+++ b/platforminfra/app.tf
@@ -0,0 +1,13 @@
+# Create AWS EKS Cluster using predefine arn and subnet ids
+resource "aws_eks_cluster" "demo" {
+  name     = "demo"
+  role_arn = data.terraform_remote_state.baseinfra.outputs.aws_iam_role_demo
+  vpc_config {
+    subnet_ids = [
+      data.terraform_remote_state.baseinfra.outputs.public_subnet_1a_id,  
+      data.terraform_remote_state.baseinfra.outputs.public_subnet_1b_id
+    ]
+  }
+
+  depends_on = [data.terraform_remote_state.baseinfra.outputs.policy_attachment_demo_AmazonEKSClusterPolicy]
+}
\ No newline at end of file
diff --git a/platforminfra/env/platform_infra.config b/platforminfra/env/platform_infra.config
new file mode 100644
index 0000000..af99f07
--- /dev/null
+++ b/platforminfra/env/platform_infra.config
@@ -0,0 +1,3 @@
+key="EKS/platform_infra.tfstate"
+bucket="eks-terraform-backend-state"
+region="us-east-1"
\ No newline at end of file
diff --git a/platforminfra/provider.tf b/platforminfra/provider.tf
new file mode 100644
index 0000000..f1485b9
--- /dev/null
+++ b/platforminfra/provider.tf
@@ -0,0 +1,27 @@
+terraform {
+    required_providers{
+        aws = {
+            source = "hashicorp/aws"   
+        }
+    }
+    backend "s3" {
+
+    }
+
+    #  backend "local" {
+    # path = "/home/pradip/infra_ajit/eks-terraform/baseinfra/terraform.tfstate"
+    #                 }
+}
+provider "aws" {
+    region = var.aws_region
+}
+
+
+data "terraform_remote_state" "baseinfra" {
+    backend = "s3"
+    config = {
+        bucket      = "${var.remote_state_bucket}"
+        key         = "${var.remote_state_key}"
+        region      = "${var.aws_region}"
+    }
+}
diff --git a/platforminfra/variable.tf b/platforminfra/variable.tf
new file mode 100644
index 0000000..154574a
--- /dev/null
+++ b/platforminfra/variable.tf
@@ -0,0 +1,2 @@
+variable "remote_state_bucket" {}
+variable "remote_state_key" {}