diff --git a/terraform/providers.tf b/terraform/providers.tf
index 8ae5534..6d4bc9c 100644
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -8,3 +8,7 @@ provider "cloudflare" {
   email   = "hosting+cloudflare@theorangeone.net"
   api_key = var.cloudflare_api_key
 }
+
+provider "aws" {
+  region = "eu-west-2"
+}
diff --git a/terraform/state.tf b/terraform/state.tf
new file mode 100644
index 0000000..767c211
--- /dev/null
+++ b/terraform/state.tf
@@ -0,0 +1,36 @@
+resource "aws_iam_user" "terraform" {
+  name = "terraform"
+}
+
+resource "aws_s3_bucket" "tfstate" {
+    bucket = "0rng-terraform"
+    acl = "private"
+}
+
+resource "aws_iam_user_policy" "terraform" {
+    name = "terraform"
+    user = aws_iam_user.terraform.name
+
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": "iam:*",
+            "Resource": "${aws_iam_user.terraform.arn}"
+        },
+        {
+            "Sid": "VisualEditor1",
+            "Effect": "Allow",
+            "Action": "s3:*",
+            "Resource": [
+                "${aws_s3_bucket.tfstate.arn}",
+                "${aws_s3_bucket.tfstate.arn}/*"
+            ]
+        }
+    ]
+}
+EOF
+}