diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
new file mode 100644
index 0000000..3fe1368
--- /dev/null
+++ b/.github/workflows/terraform.yml
@@ -0,0 +1,53 @@
+name: 'Terraform'
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    environment: production
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+    - name: 'Set up Google Cloud credentials'
+      uses: google-github-actions/auth@v1
+      with:
+        credentials_json: ${{ secrets.GCP_CREDENTIALS }}
+
+    - name: 'Configure GCP Project'
+      run: gcloud config set project sit-23t1-project-echo-25288b9
+
+    - name: 'Configure GCP Region'
+      run: gcloud config set compute/region australia-southeast2
+
+    # No need to change directory since Terraform files are in the root directory
+    - name: Terraform Init
+      run: terraform init
+
+    - name: Terraform Format
+      run: terraform fmt -check
+
+    - name: Terraform Plan
+      run: terraform plan -input=false
+
+    - name: Terraform Apply
+      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+      run: terraform apply -auto-approve -input=false
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..c324850
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,21 @@
+provider "google" {
+  project = "sit-23t1-project-echo-25288b9"
+  region  = "australia-southeast2"
+}
+
+resource "google_compute_instance" "default" {
+  name         = "simple-instance"
+  machine_type = "n1-standard-1"
+  zone         = "australia-southeast2-a"
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-9"
+    }
+  }
+
+  network_interface {
+    network = "default"
+    access_config {}
+  }
+}