diff --git a/.github/workflows/terraform-test.yml b/.github/workflows/terraform-test.yml
new file mode 100644
index 0000000..3281240
--- /dev/null
+++ b/.github/workflows/terraform-test.yml
@@ -0,0 +1,86 @@
+---
+name: Terratest
+on:        # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened]
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'Pull Request Number'
+        required: true
+
+permissions:
+  id-token: write
+  contents: read
+  statuses: write  # Required for setting commit status
+
+jobs:
+  terratest:
+    runs-on: ubuntu-latest
+    name: Terratest Checks
+
+    env:
+      PR_NUMBER: >-
+        ${{ github.event_name == 'workflow_dispatch' &&
+        github.event.inputs.pr_number || github.event.pull_request.number }}
+
+
+    steps:
+      - name: Checkout PR code
+        uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ env.PR_NUMBER }}/head
+
+      - name: Configure AWS credentials via OIDC
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.ARC_IAC_TERRATEST_ROLE }}
+          aws-region: us-east-1
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.5.7
+          terraform_wrapper: false
+
+      - name: Create test directory and download go from S3
+        run: |
+          mkdir -p terra-test
+          aws s3 cp ${{ secrets.ARC_TERRATEST_GO_FILE }} terra-test/terra_test.go
+      - name: Initialize Go module and install dependencies
+        run: |
+          cd terra-test
+          ls
+          go mod init terraform-test || true
+          go get github.com/gruntwork-io/terratest/modules/terraform
+          go get github.com/stretchr/testify/assert
+          go mod tidy
+          go test -v -timeout 40m
+      - name: Report check status manually
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const pr_number = parseInt(process.env.PR_NUMBER);
+            const pr = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: pr_number,
+            });
+            const sha = pr.data.head.sha;
+            await github.rest.repos.createCommitStatus({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              sha: sha,
+              state: 'success',
+              context: 'terratest',
+              description: 'Manual terratest completed successfully',
+              target_url:
+                `https://github.com/${context.repo.owner}/${context.repo.repo}` +
+                `/actions/runs/${process.env.GITHUB_RUN_ID}`,
+            });
diff --git a/examples/ecs-ec2/.terraform.lock.hcl b/examples/ecs-ec2/.terraform.lock.hcl
index 9984bd5..ce44b1b 100644
--- a/examples/ecs-ec2/.terraform.lock.hcl
+++ b/examples/ecs-ec2/.terraform.lock.hcl
@@ -6,6 +6,7 @@ provider "registry.terraform.io/hashicorp/aws" {
   constraints = "~> 5.0"
   hashes = [
     "h1:PXaP+z5Z9pcUUcJqS6ea09wR/cscBq1F9jRsNqe39rM=",
+    "h1:YwZyjmqgCzgSq5YzfPmb8Iqy5u/7SiJECeUyQK8kma0=",
     "zh:24f852b1cca276d91f950cb7fb575cacc385f55edccf4beec1f611cdd7626cf5",
     "zh:2a3b3f5ac513f8d6448a31d9619f8a96e0597dd354459de3a4698e684c909f96",
     "zh:3700499885a8e0e532eccba3cb068340e411cf9e616bf8a59e815d3b62ca3e46",
diff --git a/examples/ecs-ec2/locals.tf b/examples/ecs-ec2/locals.tf
index efbc341..70ca5e4 100644
--- a/examples/ecs-ec2/locals.tf
+++ b/examples/ecs-ec2/locals.tf
@@ -143,7 +143,8 @@ locals {
 
       lb_data = {
         listener_port     = 80
-        security_group_id = "sg-023e8f71ae18450ff"
+        #security_group_id = "sg-023e8f71ae18450ff"
+        security_group_id = "sg-03fce1229012b0955"
       }
     }
 
@@ -154,7 +155,8 @@ locals {
       ecs_service = {
         cluster_name             = "arc-ecs-module-poc-2"
         service_name             = "arc-ecs-module-service-poc-2"
-        repository_name          = "12345.dkr.ecr.us-east-1.amazonaws.com/arc/arc-poc-ecs"
+        #repository_name          = "12345.dkr.ecr.us-east-1.amazonaws.com/arc/arc-poc-ecs"
+        repository_name          = "884360309640.dkr.ecr.us-east-1.amazonaws.com/arc/arc-poc-ecs-test"
         ecs_subnets              = data.aws_subnets.private.ids
         enable_load_balancer     = true
         aws_lb_target_group_name = "arc-poc-alb-tg"
@@ -174,7 +176,8 @@ locals {
 
       lb_data = {
         listener_port     = 80
-        security_group_id = "sg-023e8f71ae18450ff"
+        #security_group_id = "sg-023e8f71ae18450ff"
+        security_group_id = "sg-03fce1229012b0955"
       }
     }
   }
diff --git a/examples/ecs-ec2/terraform.tfvars b/examples/ecs-ec2/terraform.tfvars
index 74fcf7e..e7d62c9 100644
--- a/examples/ecs-ec2/terraform.tfvars
+++ b/examples/ecs-ec2/terraform.tfvars
@@ -1,5 +1,6 @@
 region       = "us-east-1"
 environment  = "develop"
 namespace    = "arc"
-vpc_name     = "arc-poc"
-subnet_names = ["arc-poc-db-az1", "arc-poc-db-az2"]
+vpc_name     = "arc-poc-vpc"
+#subnet_names = ["arc-poc-db-az1", "arc-poc-db-az2"]
+subnet_names = ["arc-poc-private-subnet-private-us-east-1a","arc-poc-private-subnet-private-us-east-1b"]
diff --git a/examples/ecs-fargate/.terraform.lock.hcl b/examples/ecs-fargate/.terraform.lock.hcl
index 9984bd5..ce44b1b 100644
--- a/examples/ecs-fargate/.terraform.lock.hcl
+++ b/examples/ecs-fargate/.terraform.lock.hcl
@@ -6,6 +6,7 @@ provider "registry.terraform.io/hashicorp/aws" {
   constraints = "~> 5.0"
   hashes = [
     "h1:PXaP+z5Z9pcUUcJqS6ea09wR/cscBq1F9jRsNqe39rM=",
+    "h1:YwZyjmqgCzgSq5YzfPmb8Iqy5u/7SiJECeUyQK8kma0=",
     "zh:24f852b1cca276d91f950cb7fb575cacc385f55edccf4beec1f611cdd7626cf5",
     "zh:2a3b3f5ac513f8d6448a31d9619f8a96e0597dd354459de3a4698e684c909f96",
     "zh:3700499885a8e0e532eccba3cb068340e411cf9e616bf8a59e815d3b62ca3e46",
diff --git a/examples/ecs-fargate/locals.tf b/examples/ecs-fargate/locals.tf
index 29d4ded..37cbf1b 100644
--- a/examples/ecs-fargate/locals.tf
+++ b/examples/ecs-fargate/locals.tf
@@ -61,7 +61,8 @@ locals {
 
       lb_data = {
         listener_port     = 80
-        security_group_id = "sg-023e8f71ae18450ff"
+        #security_group_id = "sg-023e8f71ae18450ff"
+        security_group_id =  "sg-03fce1229012b0955"
       }
     }
 
@@ -92,7 +93,8 @@ locals {
 
       lb_data = {
         listener_port     = 80
-        security_group_id = "sg-023e8f71ae18450ff"
+        #security_group_id = "sg-023e8f71ae18450ff"
+        security_group_id =  "sg-03fce1229012b0955"
       }
     }
   }
diff --git a/examples/ecs-fargate/terraform.tfvars b/examples/ecs-fargate/terraform.tfvars
index 74fcf7e..e54563c 100644
--- a/examples/ecs-fargate/terraform.tfvars
+++ b/examples/ecs-fargate/terraform.tfvars
@@ -1,5 +1,6 @@
 region       = "us-east-1"
 environment  = "develop"
 namespace    = "arc"
-vpc_name     = "arc-poc"
-subnet_names = ["arc-poc-db-az1", "arc-poc-db-az2"]
+vpc_name     = "arc-poc-vpc"
+#subnet_names = ["arc-poc-db-az1", "arc-poc-db-az2"]
+subnet_names = ["arc-poc-private-subnet-private-us-east-1a","arc-poc-private-subnet-private-us-east-1b"]