diff --git a/modules/app/main.tf b/modules/app/main.tf
new file mode 100755
index 0000000..725bbff
--- /dev/null
+++ b/modules/app/main.tf
@@ -0,0 +1,89 @@
+resource "aws_security_group" "this" {
+  name = "demo-app-autoscaling-group-sg"
+
+  vpc_id = var.VPC_ID
+
+  ingress {
+    description = "Self all"
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    self        = true
+  }
+
+  ingress {
+    description = "SSH"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "HTTP"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "HTTPS"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+data "template_file" "bootstrap" {
+  template = file("${path.module}/resources/bootstrap.sh")
+}
+
+resource "aws_launch_configuration" "this" {
+  name = "demo-app-launch-configuration"
+
+  image_id      = var.EC2_IMAGE_ID
+  instance_type = var.EC2_TYPE
+
+  key_name = var.EC2_KEY_NAME
+  security_groups = [aws_security_group.this.id]
+  user_data = data.template_file.bootstrap.rendered
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name = "demo-app-autoscaling-group"
+
+  min_size         = var.ASG_MIN_SIZE
+  max_size         = var.ASG_MAX_SIZE
+
+  launch_configuration      = aws_launch_configuration.this.name
+  vpc_zone_identifier       = var.VPC_SUBNETS_IDS
+  health_check_type         = "ELB"
+  health_check_grace_period = "90"
+
+  tag {
+    key                 = "Name"
+    value               = "demo-app-instance"
+    propagate_at_launch = true
+  }
+}
+
+resource "aws_autoscaling_policy" "this" {
+  name                   = "demo-app-autoscaling-policy"
+  scaling_adjustment     = 1
+  adjustment_type        = "ChangeInCapacity"
+  cooldown               = 300
+  autoscaling_group_name = aws_autoscaling_group.this.name
+}
\ No newline at end of file
diff --git a/modules/app/outputs.tf b/modules/app/outputs.tf
new file mode 100755
index 0000000..e69de29
diff --git a/modules/app/resources/bootstrap.sh b/modules/app/resources/bootstrap.sh
new file mode 100755
index 0000000..5479620
--- /dev/null
+++ b/modules/app/resources/bootstrap.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+yum update -y
+amazon-linux-extras install docker
+service docker start
+usermod -a -G docker ec2-user
+chkconfig docker on
+
+docker run \
+  -p 80:80 \
+  --restart unless-stopped \
+  nginxdemos/hello
\ No newline at end of file
diff --git a/modules/app/variables.tf b/modules/app/variables.tf
new file mode 100755
index 0000000..1e9fbd6
--- /dev/null
+++ b/modules/app/variables.tf
@@ -0,0 +1,30 @@
+# VPC
+variable "VPC_ID" {
+  type = string
+}
+
+variable "VPC_SUBNETS_IDS" {
+  type = list(string)
+}
+
+# EC2
+variable "EC2_IMAGE_ID" {
+  type = string
+}
+
+variable "EC2_TYPE" {
+  type = string
+}
+
+variable "EC2_KEY_NAME" {
+  type = string
+}
+
+# ASG
+variable "ASG_MIN_SIZE" {
+  type = number
+}
+
+variable "ASG_MAX_SIZE" {
+  type = number
+}
\ No newline at end of file
diff --git a/prod/main.tf b/prod/main.tf
index 0d98bad..082635a 100755
--- a/prod/main.tf
+++ b/prod/main.tf
@@ -5,7 +5,7 @@ provider "aws" {
 
 # Create VPC with NAT Gateway and route tables
 module "vpc" {
-  source = "terraform-aws-modules/vpc/aws"
+  source  = "terraform-aws-modules/vpc/aws"
   version = "3.14.2"
 
   name = var.DEMO_VPC_NAME
@@ -15,22 +15,22 @@ module "vpc" {
   private_subnets = var.DEMO_VPC_PRIVATE_SUBNET_CIDRS
   public_subnets  = var.DEMO_VPC_PUBLIC_SUBNET_CIDRS
 
-  enable_nat_gateway = true
-  single_nat_gateway = true
+  enable_nat_gateway     = true
+  single_nat_gateway     = true
   one_nat_gateway_per_az = false
 
   tags = {
     Terraform = "true"
-    Project = var.PROJECT_TAG
+    Project   = var.PROJECT_TAG
   }
 }
 
 # Get VPC data
 module "vpc_data" {
   depends_on = [module.vpc]
-  source = "../modules/vpc_data"
+  source     = "../modules/vpc_data"
 
-  VPC_NAME = var.DEMO_VPC_NAME
+  VPC_NAME        = var.DEMO_VPC_NAME
   BASTION_HOST_AZ = var.DEMO_BASTION_HOST_AZ
 }
 
@@ -38,9 +38,46 @@ module "vpc_data" {
 module "bastion_host" {
   source = "../modules/bastion_host"
 
-  VPC_ID        = module.vpc_data.vpc.id
-  SUBNET_ID     = module.vpc_data.bastion_host_subnet.id
+  VPC_ID    = module.vpc_data.vpc.id
+  SUBNET_ID = module.vpc_data.bastion_host_subnet.id
+
   INSTANCE_TYPE = var.DEMO_BASTION_HOST_TYPE
   INSTANCE_NAME = var.DEMO_BASTION_HOST_NAME
   KEY_NAME      = var.DEMO_BASTION_HOST_KEY_NAME
-}
\ No newline at end of file
+}
+
+data "aws_ami" "amazon-linux" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-*-gp2"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["amazon"]
+}
+
+# Create demo app
+module "app" {
+  source = "../modules/app"
+
+  VPC_ID          = module.vpc_data.vpc.id
+  VPC_SUBNETS_IDS = module.vpc_data.private_subnets.ids
+
+  EC2_IMAGE_ID = data.aws_ami.amazon-linux.id
+  EC2_TYPE     = var.DEMO_APP_EC2_TYPE
+  EC2_KEY_NAME = var.DEMO_APP_EC2_KEY_NAME
+
+  ASG_MIN_SIZE     = var.DEMO_APP_ASG_MIN_SIZE
+  ASG_MAX_SIZE     = var.DEMO_APP_ASG_MAX_SIZE
+}
diff --git a/prod/outputs.tf b/prod/outputs.tf
index 0c670c0..a3add65 100755
--- a/prod/outputs.tf
+++ b/prod/outputs.tf
@@ -1,5 +1,5 @@
 output "demo_vpc_id" {
-  value       = module.vpc_data.vpc.id
+  value = module.vpc_data.vpc.id
 }
 
 output "public_subnets" {
@@ -11,11 +11,7 @@ output "private_subnets" {
 }
 
 output "demo_bastion_host_subnet_id" {
-  value       = module.vpc_data.bastion_host_subnet.id
-}
-
-output "demo_bastion_host_private_ip" {
-  value = module.bastion_host.bastion_host_private_ip
+  value = module.vpc_data.bastion_host_subnet.id
 }
 
 output "demo_bastion_host_public_ip" {
diff --git a/prod/variables.tf b/prod/variables.tf
index 4cdf4f0..ffaef1f 100755
--- a/prod/variables.tf
+++ b/prod/variables.tf
@@ -1,4 +1,4 @@
-# General
+# general
 variable "REGION" {
   type    = string
   default = "eu-west-3"
@@ -8,7 +8,7 @@ variable "PROJECT_TAG" {
   type = string
 }
 
-# DEMO_VPC (network, network_data)
+# vpc
 variable "DEMO_VPC_NAME" {
   type = string
 }
@@ -30,7 +30,7 @@ variable "DEMO_VPC_PUBLIC_SUBNET_CIDRS" {
   type = list(string)
 }
 
-# Bastion host (bastion_host)
+# bastion host
 variable "DEMO_BASTION_HOST_TYPE" {
   type    = string
   default = "t2.micro"
@@ -47,3 +47,20 @@ variable "DEMO_BASTION_HOST_KEY_NAME" {
 variable "DEMO_BASTION_HOST_AZ" {
   type = string
 }
+
+# demo app
+variable "DEMO_APP_EC2_TYPE" {
+  type = string
+}
+
+variable "DEMO_APP_EC2_KEY_NAME" {
+  type = string
+}
+
+variable "DEMO_APP_ASG_MIN_SIZE" {
+  type = number
+}
+
+variable "DEMO_APP_ASG_MAX_SIZE" {
+  type = number
+}
\ No newline at end of file