diff --git a/.dockerignore b/.dockerignore
--- a/.dockerignore
+++ b/.dockerignore
@@ -45,6 +45,7 @@
 services/reports/email-config.json
 services/terraform/self-host/*.env
 services/terraform/self-host/*.env.*
+services/terraform/remote/*.env
 
 native/cpp/**/build
 
diff --git a/.sops.yaml b/.sops.yaml
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,3 +4,6 @@
     kms: 'arn:aws:kms:us-east-2:319076408221:key/2e54d528-50a2-489c-a4d7-d50c7c9f8303'
     # We can potentially re-use this KMS key for other SOPS-encrypted files
     # by either copying the 'kms' value or modifying the path regex
+  #  Terraform WebApp and Landing env file
+  - path_regex: services/terraform/remote/.env\.enc$
+    kms: 'arn:aws:kms:us-east-2:319076408221:key/2e54d528-50a2-489c-a4d7-d50c7c9f8303'
diff --git a/services/terraform/remote/.env.enc b/services/terraform/remote/.env.enc
new file mode 100644
--- /dev/null
+++ b/services/terraform/remote/.env.enc
@@ -0,0 +1,22 @@
+{
+	"data": "ENC[AES256_GCM,data:BgT5dpp4ooubzbNtqg03j+7CuJSUcTyO2b0LCr+UtszYDDVTHd9o8GbtUxSSLRMWZf8qaK1Cny/ex2ng737R6gZwwfXpvlTsuM91fDLD/0nCOCWcBYB7UXL6OrajWYOSO8s1sYYYc2WEj4qfHRhv0YQwEhePIAyoGC+TkLP7rcxDEeALXF7sNjtRHc3umMpbtJlOW6ZPEogWgMLzEE7CazjqYGsmB+pwFgYpRy1YQmcgbF0bDfnhlwP3BfYNVsNA+n+d6fsNpPnns/NiFiu6NeMVdaSAG3AGqHri3gcKUDgnf2aVq2KdCwPUAq/uhptduJwKaOdpH5raSR+242U0Sj9zTaWU2UiDpql6crZo6UhLr15u+ktbYc6KMXgJyJXNWmQCuRw0Jw1sn1nvKkpiLfPLmIZWEx76cmY1E2UKW9TNLcmaLHHTNeuf0MnaUF4EAtQyIp9Kx9Sfrw05vmlNJG2GHLkdpI9XioJSnTQYAS2n3+Hj2nZntEay3XVUbDP6OArZVdnoaCCf1ulYiRAzuK3ZUYbP9T6NVX8ziaAG+aSxCkfLQGuT6XBwo3qDLPF6kEVG8QV7Sx6K0kDJzEgLR5dCPFiBaxdpqvUYCxx7/zRXm9zPrFa/n0sOIUELZln6qplL+T/jAWZqBRzPusnoUTbSKdasExViqCkLZF97Yt4nbe/9c93YYKGpLV+yKwlgC4zrvRonvIDkDCajnT6yN3Kf8xQLEvyyQYik8+JOvRBRmx2Sd0XESK6afUESHjOl1NwDu3dFYRtn9CmiS3asRhMi4qg=,iv:cRws5u96gPiksTohYu8hrPvh1WM2iWklH2+zZr1ZoDc=,tag:FBPAhEsiC5mJ5fjmvW/04w==,type:str]",
+	"sops": {
+		"kms": [
+			{
+				"arn": "arn:aws:kms:us-east-2:319076408221:key/2e54d528-50a2-489c-a4d7-d50c7c9f8303",
+				"created_at": "2024-07-30T02:36:19Z",
+				"enc": "AQICAHj+McP79InpW8dFM/rPPvaCljIlb0zq8qoMY/a2UlUSewHIBpm7ei2INoXwEsK7J8ZaAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMYiRTiZIodjCLPggLAgEQgDvTv+Ktd1LyxzScJeRuon0J+srPn/7ubHXyr8I56nD2hO6hgrqG4+DSdPixbppNAc6VApwLCqJBBWsXxQ==",
+				"aws_profile": ""
+			}
+		],
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2024-07-30T02:36:19Z",
+		"mac": "ENC[AES256_GCM,data:SWTFWuXqspfHpPkiOuvuaWmpQpM89oqByE96MQjL6/8ox8HmnODHI0JzoiSnhque67BZlkKVEodoRpC/Y+EcnFq7pBWF0NfDxtWKpWcOgYPEyh+xqrKeqsUodVAOvgM6IoLgkkzuztHyO5PdnelqyR4EIHdqLhtfGZzDmF0X3SE=,iv:4t90LN2/NRjdZkEXhc+LD1td7Ly6rRpqPaDp5V9czxA=,tag:iBitiOkJjKALN37+rpC8AQ==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
diff --git a/services/terraform/remote/.gitignore b/services/terraform/remote/.gitignore
--- a/services/terraform/remote/.gitignore
+++ b/services/terraform/remote/.gitignore
@@ -5,6 +5,9 @@
 *.tfstate
 *.tfstate.*
 
+# Dotenv
+.env
+
 # Crash log files
 crash.log
 crash.*.log
diff --git a/services/terraform/remote/.terraform.lock.hcl b/services/terraform/remote/.terraform.lock.hcl
--- a/services/terraform/remote/.terraform.lock.hcl
+++ b/services/terraform/remote/.terraform.lock.hcl
@@ -17,6 +17,29 @@
   ]
 }
 
+provider "registry.terraform.io/germanbrew/dotenv" {
+  version     = "1.1.2"
+  constraints = "1.1.2"
+  hashes = [
+    "h1:rbzMuE2/HHDvrVRUaHabvG5c7y2TMfyoBl4ZOpp0mPw=",
+    "zh:179e7f19a66205b74b76d76dffc20287a03c68c76356bc9b894d52bf7702767d",
+    "zh:22f772f4380cb5cde5e3751dc47920c99943aa99f661b123f11bb6022471e976",
+    "zh:269a023043bd1cd4a6e231e9394d27ebf93df5e0a08751b4e18ff1a745e58cf4",
+    "zh:2b41bfbfb615a5ecbc1bfc195262e1dedf0e8d59ddae2995dbc308c2fb0fe62c",
+    "zh:3eeaa46fcf39719ff499b5b7d03dee4b7bfadd5f81549288c4d2640b4e6c3581",
+    "zh:4d428dc138bdebc69eecc53b2a87d7b7bfa485d3d6b7a651c8f1e97bc4408efc",
+    "zh:5870a658b75e8909e60beaacbbe9d42f957596a034af6e0d9e1780f96ee09e13",
+    "zh:7a7eb852fdad76077429b6bc624858df13a7e0571d7f9ee3ad6512b811ca5438",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:954b97dc6a3d84c637ceb3ab0b0f1b6eacf68200da62871b41c58c2356d2b722",
+    "zh:9ba67c1edfb9f4c83e0532c151fa3c1d13169e467b065d63465712f2050952a3",
+    "zh:a55998a075527c36fb4d8a9224c04b10383c8eabe0b8e9c3283c1e527bd9d2b8",
+    "zh:afa596b5103275ba75dd248bee68349de3ca535a3f8e28d95de8c52e42e438b3",
+    "zh:dc5312c982d3e24eab579f94f5b395b57fd65536369f6bcc8b3fd0f4bc78bdd0",
+    "zh:ea4c5db0d92a6e157ac84e7221da1dc42031d143418d3b719f8c7cbfc2a616d3",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "5.7.0"
   constraints = ">= 4.67.0, ~> 5.7.0"
@@ -41,6 +64,25 @@
   ]
 }
 
+provider "registry.terraform.io/hashicorp/null" {
+  version = "3.2.2"
+  hashes = [
+    "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
+    "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
+    "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
+    "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
+    "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
+    "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
+    "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
+    "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
+    "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
+    "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
+    "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/random" {
   version     = "3.5.1"
   constraints = "3.5.1"
diff --git a/services/terraform/remote/aws_iam.tf b/services/terraform/remote/aws_iam.tf
--- a/services/terraform/remote/aws_iam.tf
+++ b/services/terraform/remote/aws_iam.tf
@@ -70,6 +70,17 @@
   }
 }
 
+# Role with allow ecs exec 
+resource "aws_iam_role" "ecs_task_role" {
+  name               = "ecs-iam_role"
+  description        = "Allows to SSH into ECS containers"
+  assume_role_policy = data.aws_iam_policy_document.assume_role_ecs_ec2.json
+
+  managed_policy_arns = [
+    aws_iam_policy.allow_ecs_exec.arn,
+  ]
+}
+
 # Allows ECS Exec to SSH into service task containers
 resource "aws_iam_policy" "allow_ecs_exec" {
   name        = "allow-ecs-exec"
diff --git a/services/terraform/remote/env.tf b/services/terraform/remote/env.tf
new file mode 100644
--- /dev/null
+++ b/services/terraform/remote/env.tf
@@ -0,0 +1,20 @@
+resource "null_resource" "create_env_file" {
+  provisioner "local-exec" {
+    interpreter = ["bash", "-c"]
+    command     = <<EOT
+      sops -d ${path.module}/.env.enc > ${path.module}/.env
+    EOT
+  }
+
+  triggers = {
+    # Trigger if the .env.enc file changes
+    env_enc_checksum = filemd5("${path.module}/.env.enc")
+    # Triggers if dev doesn't have the .env file decrypted from .env.enc
+    env_not_exists = fileexists("${path.module}/.env")
+  }
+}
+
+# Use null_resource to ensure the dotenv provider uses the file
+data "dotenv" "local" {
+  depends_on = [null_resource.create_env_file]
+}
diff --git a/services/terraform/remote/providers.tf b/services/terraform/remote/providers.tf
--- a/services/terraform/remote/providers.tf
+++ b/services/terraform/remote/providers.tf
@@ -14,5 +14,10 @@
       source  = "hashicorp/random"
       version = "3.5.1"
     }
+
+    dotenv = {
+      source  = "germanbrew/dotenv"
+      version = "1.1.2"
+    }
   }
 }
diff --git a/services/terraform/remote/service_webapp.tf b/services/terraform/remote/service_webapp.tf
new file mode 100644
--- /dev/null
+++ b/services/terraform/remote/service_webapp.tf
@@ -0,0 +1,37 @@
+locals {
+  webapp_image_tag      = "1.0.102"
+  webapp_service_image  = "commapp/keyserver:${local.webapp_image_tag}"
+  webapp_container_name = "webapp"
+
+  webapp_run_server_config = jsonencode({
+    runKeyserver = false
+    runWebApp    = true
+    runLanding   = false
+  })
+
+  webapp_environment_vars = merge(data.dotenv.local.entries,
+    {
+      "COMM_NODE_ROLE"                          = "webapp",
+      "COMM_JSONCONFIG_facts_run_server_config" = local.webapp_run_server_config
+  })
+}
+
+module "webapp_service" {
+  source = "../modules/node_service"
+
+  container_name              = "webapp"
+  image                       = local.webapp_service_image
+  service_name                = "webapp"
+  cluster_id                  = aws_ecs_cluster.comm_services.id
+  domain_name                 = local.is_staging ? "comm.software" : "web.comm.app"
+  vpc_id                      = aws_vpc.default.id
+  vpc_subnets                 = [aws_subnet.public_a.id, aws_subnet.public_b.id]
+  region                      = "us-east-2"
+  environment_vars            = local.webapp_environment_vars
+  ecs_task_role_arn           = aws_iam_role.ecs_task_role.arn
+  ecs_task_execution_role_arn = aws_iam_role.ecs_task_execution.arn
+}
+
+output "webapp_service_load_balancer_dns_name" {
+  value = module.webapp_service.service_load_balancer_dns_name
+}