diff --git a/09_aws_vpc/base.tf b/09_aws_vpc/base.tf
new file mode 100644
index 0000000..c89f0f9
--- /dev/null
+++ b/09_aws_vpc/base.tf
@@ -0,0 +1,22 @@
+provider "aws" {
+  region = var.region
+}
+
+resource "aws_key_pair" "default" {
+  key_name = "cedric-key"
+  public_key = file(var.key_path)
+}
+
+resource "aws_instance" "webserver" {
+  ami = var.ami
+  instance_type = "t2.micro"
+  key_name = aws_key_pair.default.id
+  subnet_id = aws_subnet.public-subnet1.id
+  vpc_security_group_ids = [ aws_security_group.sg.id ]
+  associate_public_ip_address = true
+  source_dest_check = false
+  user_data = file(var.userdata_file)
+  tags = {
+    Name = "cedric-webserver"
+  }
+}
diff --git a/09_aws_vpc/terraform.tfvars b/09_aws_vpc/terraform.tfvars
new file mode 100644
index 0000000..9d391c5
--- /dev/null
+++ b/09_aws_vpc/terraform.tfvars
@@ -0,0 +1,21 @@
+key_path = "~/.ssh/id_gk_tf.pub"
+region = "eu-west-3"
+ami = "ami-00077e3fed5089981"
+cidr_block = "10.0.0.0/16"
+subnet1 = {
+  cidr = "10.0.1.0/24"
+  az = "eu-west-3a"
+}
+subnet2 = {
+  cidr = "10.0.2.0/24"
+  az = "eu-west-3b"
+}
+subnet3 = {
+  cidr = "10.0.10.0/24"
+  az = "eu-west-3a"
+}
+subnet4 = {
+  cidr = "10.0.20.0/24"
+  az = "eu-west-3b"
+}
+userdata_file = "userdata.sh"
diff --git a/09_aws_vpc/userdata.sh b/09_aws_vpc/userdata.sh
new file mode 100644
index 0000000..a2f813f
--- /dev/null
+++ b/09_aws_vpc/userdata.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+yum install -y httpd
+service httpd start
+chkconfig httpd on
+echo "hello world" > /var/www/html/index.html
+systemctl enable httpd
diff --git a/09_aws_vpc/variables.tf b/09_aws_vpc/variables.tf
new file mode 100644
index 0000000..7ceb199
--- /dev/null
+++ b/09_aws_vpc/variables.tf
@@ -0,0 +1,9 @@
+variable "key_path" {}
+variable "region" {}
+variable "ami" {}
+variable "userdata_file" {}
+variable "cidr_block" {}
+variable "subnet1" {}
+variable "subnet2" {}
+variable "subnet3" {}
+variable "subnet4" {}
diff --git a/09_aws_vpc/vpc.tf b/09_aws_vpc/vpc.tf
new file mode 100644
index 0000000..bdc314a
--- /dev/null
+++ b/09_aws_vpc/vpc.tf
@@ -0,0 +1,112 @@
+resource "aws_vpc" "default" {
+  cidr_block = var.cidr_block
+  enable_dns_hostnames = true
+  tags = {
+    Name = "cedric-vpc"
+  }
+}
+
+resource "aws_subnet" "public-subnet1" {
+  vpc_id = aws_vpc.default.id
+  cidr_block = var.subnet1.cidr
+  availability_zone = var.subnet1.az
+  map_public_ip_on_launch = true
+  tags = {
+    Name = "cedric-pub-sub1"
+  }
+}
+
+resource "aws_subnet" "public-subnet2" {
+  vpc_id = aws_vpc.default.id
+  cidr_block = var.subnet2.cidr
+  availability_zone = var.subnet2.az
+  map_public_ip_on_launch = true
+  tags = {
+    Name = "cedric-pub-sub2"
+  }
+}
+
+resource "aws_subnet" "private-subnet1" {
+  vpc_id = aws_vpc.default.id
+  cidr_block = var.subnet3.cidr
+  availability_zone = var.subnet3.az
+  tags = {
+    Name = "cedric-priv-sub1"
+  }
+}
+
+resource "aws_subnet" "private-subnet2" {
+  vpc_id = aws_vpc.default.id
+  cidr_block = var.subnet4.cidr
+  availability_zone = var.subnet4.az
+  tags = {
+    Name = "cedric-priv-sub2"
+  }
+}
+
+resource "aws_internet_gateway" "gw" {
+  vpc_id = aws_vpc.default.id
+  tags = {
+    Name = "cedric-gw"
+  }
+}
+
+resource "aws_route_table" "rt" {
+  vpc_id = aws_vpc.default.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.gw.id
+  }
+  tags = {
+    Name = "cedric-rt"
+  }
+}
+
+resource "aws_route_table_association" "rt" {
+  subnet_id = aws_subnet.public-subnet1.id
+  route_table_id = aws_route_table.rt.id
+}
+
+resource "aws_security_group" "sg" {
+  vpc_id = aws_vpc.default.id
+  name = "cedric-sg"
+  tags = {
+    Name = "cedric-sg"
+  }
+  description = "HTTP-S/SSH/icmp"
+
+  ingress {
+    from_port = 80
+    to_port = 80
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 443
+    to_port = 443
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = -1
+    to_port = -1
+    protocol = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}