diff --git a/main.tf b/main.tf
index 05f49a5..2379559 100644
--- a/main.tf
+++ b/main.tf
@@ -1,67 +1,89 @@
+provider "google" {
+  project = var.project
+  region  = var.region
+  zone    = var.zone
+}
+
+data "google_compute_image" "ubuntu" {
+  family  = "ubuntu-minimal-lts"
+  project = "ubuntu-os-cloud"
+}
+
 resource "random_id" "instance_id" {
-  byte_length = 8
+  byte_length = 4
 }
 
-resource "google_compute_instance" "default" {
-#   name         = "vm-${random_id.instance_id.hex}"
-  # count        = 1
-  name         = "ubuntu-server"
-  machine_type = "n1-custom-4-4096"
-  zone         = "us-central1-a"
-  
+resource "google_compute_address" "static_ip" {
+  name   = "prod-vm-ip"
+  region = var.region
+}
+
+resource "google_compute_instance" "prod_vm" {
+  name         = "vm-${random_id.instance_id.hex}"
+  machine_type = "e2-medium"
+  zone         = var.zone
 
   boot_disk {
     initialize_params {
-      image = "ubuntu-os-cloud/ubuntu-2004-lts"
+      image = data.google_compute_image.ubuntu.self_link
       type  = "pd-ssd"
       size  = 20
     }
   }
 
+  metadata_startup_script = <<-EOT
+    #!/bin/bash
+    apt-get update -y
+    apt-get dist-upgrade -y
+    apt-get install -y apache2 certbot python3-certbot-apache ufw
+
+    # Allow HTTP and HTTPS via firewall (ufw)
+    ufw allow OpenSSH
+    ufw allow 'Apache Full'
+    ufw --force enable
 
-  metadata_startup_script = "sudo apt-get update -y  && sudo apt-get upgrade -y && sudo apt autoremove -y && sudo apt-get install apache2 -y && echo '<!doctype html><html><body><h1>Hello from Terraform on Google Cloud!</h1></body></html>' | sudo tee /var/www/html/index.html"
+    # Replace this with your domain
+    DOMAIN_NAME="${var.domain_name}"
 
- metadata = {
-    ssh-keys = "sambit:${file("sambit.pub")}"
+    # Configure HTTPS with Certbot if domain is set
+    if [ ! -z "$DOMAIN_NAME" ]; then
+      certbot --apache -d "$DOMAIN_NAME" --non-interactive --agree-tos -m admin@$DOMAIN_NAME
+    fi
+
+    echo '<!doctype html><html><body><h1>Hello from secure Terraform VM!</h1></body></html>' > /var/www/html/index.html
+    systemctl restart apache2
+  EOT
+
+  metadata = {
+    ssh-keys = "${var.ssh_user}:${file(var.ssh_key_path)}"
   }
 
   scheduling {
-  preemptible = true
-  automatic_restart = false
-  on_host_maintenance = false
+    preemptible        = var.preemptible
+    automatic_restart  = false
+    on_host_maintenance = "TERMINATE"
   }
 
   network_interface {
     network = "default"
 
     access_config {
-      // Include this section to give the VM an external ip address
+      nat_ip = google_compute_address.static_ip.address
     }
   }
 
-  // Apply the firewall rule to allow external IPs to access this instance
-  tags = ["http-server"]
+  tags = ["http-server", "https-server"]
 }
 
-resource "google_compute_firewall" "http-server" {
-  name    = "default-allow-http"
+resource "google_compute_firewall" "allow_http_https_ssh" {
+  name    = "allow-http-https-ssh"
   network = "default"
 
-  allow {
-    protocol = "icmp"
-  }
-
   allow {
     protocol = "tcp"
-    ports    = ["80", "443", "111" , "8080"]
+    ports    = ["22", "80", "443"]
   }
 
-  // Allow traffic from everywhere to instances with an http-server tag
   source_ranges = ["0.0.0.0/0"]
-  target_tags   = ["http-server"]
+  target_tags   = ["http-server", "https-server"]
 }
-
-
-output "Instance-ip" {
-  value = "${google_compute_instance.default.network_interface.0.access_config.0.nat_ip}"
-}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..b501522
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,11 @@
+output "instance_name" {
+  value = google_compute_instance.prod_vm.name
+}
+
+output "instance_ip" {
+  value = google_compute_address.static_ip.address
+}
+
+output "ssh_command" {
+  value = "ssh -i ~/.ssh/id_rsa ${var.ssh_user}@${google_compute_address.static_ip.address}"
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..553be8f
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,35 @@
+variable "project" {
+  description = "Google Cloud project ID"
+  type        = string
+}
+
+variable "region" {
+  description = "Region"
+  default     = "us-central1"
+}
+
+variable "zone" {
+  description = "Zone"
+  default     = "us-central1-a"
+}
+
+variable "ssh_user" {
+  description = "SSH username"
+  default     = "ubuntu"
+}
+
+variable "ssh_key_path" {
+  description = "Path to your public SSH key (e.g., ~/.ssh/id_rsa.pub)"
+  default     = "~/.ssh/id_rsa.pub"
+}
+
+variable "domain_name" {
+  description = "Domain name for TLS (leave empty if not using)"
+  default     = ""
+}
+
+variable "preemptible" {
+  description = "Use preemptible instance?"
+  type        = bool
+  default     = false
+}