diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..8ce0778a0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+# Terraform
+terraform.tfstate
+terraform.tfstate.*
+.terraform/
+
diff --git a/terraform/aws/cloudwatch.tf b/terraform/aws/cloudwatch.tf
new file mode 100644
index 000000000..7b8a62c0f
--- /dev/null
+++ b/terraform/aws/cloudwatch.tf
@@ -0,0 +1,35 @@
+# -----------------------
+# SNS Topic for Alerts
+# -----------------------
+resource "aws_sns_topic" "alerts" {
+  name = "devops-alerts-topic"
+}
+
+# SNS Email Subscription
+resource "aws_sns_topic_subscription" "email" {
+  topic_arn = aws_sns_topic.alerts.arn
+  protocol  = "email"
+  endpoint  = var.alert_email
+}
+
+# -----------------------
+# CloudWatch Alarm - ECS CPU Utilization
+# -----------------------
+resource "aws_cloudwatch_metric_alarm" "ecs_cpu_high" {
+  alarm_name          = "ecs-cpu-utilization-high"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 1
+  metric_name         = "CPUUtilization"
+  namespace           = "AWS/ECS"
+  period              = 300
+  statistic           = "Average"
+  threshold           = 70
+  alarm_description   = "CPU utilization exceeds 70% for ECS service"
+  alarm_actions       = [aws_sns_topic.alerts.arn]
+
+  dimensions = {
+    ClusterName = aws_ecs_cluster.this.name
+    ServiceName = aws_ecs_service.this.name
+  }
+}
+
diff --git a/terraform/aws/secrets.tf b/terraform/aws/secrets.tf
new file mode 100644
index 000000000..9b3113164
--- /dev/null
+++ b/terraform/aws/secrets.tf
@@ -0,0 +1,19 @@
+# -----------------------
+# Secrets Manager Secret
+# -----------------------
+resource "aws_secretsmanager_secret" "app_secret" {
+  name = "devops/backend/app-secret"
+
+  tags = {
+    Name = "devops-backend-secret"
+  }
+}
+
+# -----------------------
+# Secret Value
+# -----------------------
+resource "aws_secretsmanager_secret_version" "app_secret_value" {
+  secret_id     = aws_secretsmanager_secret.app_secret.id
+  secret_string = var.app_secret_value
+}
+