diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4b51fc4
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,42 @@
+# Local .terraform directories
+**/.terraform/*
+
+# terraform lock file.
+**/.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data,
+# such as password, private keys, and other secrets. These should not be
+# part of version control as they are data points which are potentially
+# sensitive and subject to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources
+# locally and so are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# include tg stuff
+.terragrunt-cache/
+backend.tf
+provider*.tf
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl
index dc5e1a0..ae4a9c1 100644
--- a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl
+++ b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl
@@ -26,7 +26,7 @@ locals {
 }
 
 terraform {
-  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=1.0.2"
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl
index bf1061a..62a03c5 100644
--- a/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl
+++ b/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git"
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
diff --git a/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl
similarity index 100%
rename from terragrunt.hcl
rename to lab/us-gov-east-1/vpc/cluster/terragrunt.hcl
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl
new file mode 100644
index 0000000..7e89b26
--- /dev/null
+++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl
@@ -0,0 +1,23 @@
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+dependency "eks-config" {
+  config_path = "../eks-config"
+}
+dependency "eks-istio" {
+  config_path = "../eks-istio"
+}
+
+inputs = {
+  cluster_name     = dependency.eks.inputs.cluster_name
+  profile          = dependency.eks.inputs.profile
+  contact_email    = dependency.eks.inputs.creator
+}
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl
new file mode 100644
index 0000000..b75605b
--- /dev/null
+++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl
@@ -0,0 +1,66 @@
+locals {
+  tag_costallocation                              = "census:csvd:platformbaseline"
+  region                                          = "us-gov-east-1"
+  tags = {
+      "eks-cluster-name"      = "platform-eng-eks-mcm"
+      "CostAllocation"        = "census:csvd:platformbaseline"
+      "boc:tf_module_version" = "1.0.0"
+      "boc:created_by"        = "terraform"
+  }
+}
+
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=lokiv3"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+
+inputs = {
+  profile                                         = dependency.eks.inputs.profile
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  cluster_name                                    = dependency.eks.inputs.cluster_name
+  cluster_autoscaler_role_name                    = dependency.eks.outputs.cluster_autoscaler_role_name
+  subnets                                         = dependency.eks.outputs.subnets
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  tags                                            = local.tags
+  tag_costallocation                              = local.tag_costallocation
+  region                                          = local.region
+}
+
+generate "provider-eks" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+data "aws_eks_cluster" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+provider "kubernetes" {
+  host = data.aws_eks_cluster.cluster.endpoint
+
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host = data.aws_eks_cluster.cluster.endpoint
+
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}
+EOF
+}
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf
new file mode 100644
index 0000000..7346788
--- /dev/null
+++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf
@@ -0,0 +1,30 @@
+
+
+provider "aws" {
+  profile = var.profile
+  region  = var.region
+}
+
+data "aws_eks_cluster" "cluster" {
+  name = var.cluster_name
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = var.cluster_name
+}
+
+provider "kubernetes" {
+  host = data.aws_eks_cluster.cluster.endpoint
+
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host = data.aws_eks_cluster.cluster.endpoint
+
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl
new file mode 100644
index 0000000..7a9a749
--- /dev/null
+++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl
@@ -0,0 +1,22 @@
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=1.0.4"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+dependency "eks-config" {
+  config_path = "../eks-config"
+}
+
+inputs = {
+  profile                                         = dependency.eks.inputs.profile
+  cluster_name                                    = dependency.eks.inputs.cluster_name
+  region                                          = dependency.eks.inputs.region
+  istio_chart_version                             = "1.22.1"
+  istio_version                                   = "1.22.1"
+}
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl
new file mode 100644
index 0000000..5bb2621
--- /dev/null
+++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl
@@ -0,0 +1,54 @@
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+dependency "eks-config" {
+  config_path = "../eks-config"
+}
+dependency "eks-istio" {
+  config_path = "../eks-istio"
+}
+
+inputs = {
+  profile                                         = dependency.eks.inputs.profile
+  cluster_name                                    = dependency.eks.inputs.cluster_name
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  region                                          = dependency.eks.inputs.region
+}
+
+generate "provider-eks" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+data "aws_eks_cluster" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+provider "kubernetes" {
+  host = data.aws_eks_cluster.cluster.endpoint
+
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host = data.aws_eks_cluster.cluster.endpoint
+
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}
+EOF
+}
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl
new file mode 100644
index 0000000..3d91b43
--- /dev/null
+++ b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl
@@ -0,0 +1,81 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+locals {
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  # In which AWS region are operations being performed
+  vpc_name                                 = "vpc3-lab-dev"
+  cluster_name                             = "platform-eng-eks-mcm"
+  cluster_version                          = "1.30"
+  domain                                   = "dev.lab.csp2.census.gov"
+  eks_instance_disk_size                   = 60
+  eks_vpc_name                             = "vpc3-lab-dev"
+  eks_ng_desired_size                      = 1
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 1
+  operators_ns                             = "operators"
+  enable_cluster_creator_admin_permissions = true
+  cluster_endpoint_public_access           = true
+  profile                                  = "224384469011-lab-dev-gov"
+  region                                   = local.region_vars.locals.aws_region
+  cluster_mailing_list                     = "matthew.c.morgan@census.gov"
+
+  # Tags applied to AWS objects created
+  tags = {
+    "Environment"   = "dev"
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+
+  aws_auth_roles = [
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t3_b200ae7af469cdc8"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    },
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/r-inf-terraform"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    },
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    }
+  ]
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=lokiv3"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+inputs = {
+  profile                = local.profile
+  vpc_name               = local.eks_vpc_name
+  cluster_name           = local.cluster_name
+  cluster_version        = local.cluster_version
+  eks_instance_disk_size = local.eks_instance_disk_size
+  eks_vpc_name           = local.eks_vpc_name
+  #eks_instance_types     = local.eks_instance_types
+  eks_ng_desired_size                      = local.eks_ng_desired_size
+  eks_ng_max_size                          = local.eks_ng_max_size
+  eks_ng_min_size                          = local.eks_ng_min_size
+  operators_ns                             = local.operators_ns
+  enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions
+  cluster_endpoint_public_access           = local.cluster_endpoint_public_access
+  tags                                     = local.tags
+  aws_auth_roles                           = local.aws_auth_roles
+  domain                                   = local.domain
+  region                                   = local.region
+  creator                                  = local.cluster_mailing_list
+}
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl
new file mode 100644
index 0000000..6455f13
--- /dev/null
+++ b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl
@@ -0,0 +1,72 @@
+locals {
+  # Automatically load _envcommon, cross account and environment common variables
+  # common_vars = read_terragrunt_config("${dirname(find_in_parent_folders())}/_envcommon/common-variables.hcl", "skip-account-if-does-not-exist")
+  // "${get_tfvars_dir()}/${find_in_parent_folders("account.tfvars", "skip-account-if-does-not-exist")}",
+ 
+  # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer)
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+ 
+  # Automatically load region-level variables
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+ 
+  # Automatically load vpc-level variables
+  # Not applicable in this demo, but including for reference, would be next level of variables and configurations
+  # vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist"))
+ 
+  # Extract the variables we need for easy access
+  account_name   = local.account_vars.locals.account_name
+  account_id     = local.account_vars.locals.aws_account_id
+  organization   = "census:ocio:csvd"
+  project_number = "fs0000000078"
+  project_name   = "csvd_platformbaseline"
+  project_role   = "csvd_platformbaseline_mcm"
+  creator        = "matthew.c.morgan@census.gov"
+  profile        = "224384469011-lab-dev-gov"
+}
+
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  region = "${local.region_vars.locals.aws_region}"
+  profile = "${local.profile}"
+  default_tags {
+    tags = {
+      ProjectNumber = "${local.project_number}"
+      "Project Name" = "${local.project_name}"
+      "Project Role" = "${local.project_role}"
+      "Project Identifier" = "${local.project_number}:${local.project_name}"
+      Organization = "${local.organization}"
+      created_by = "${local.creator}"
+      created_for = "${local.creator}"
+      created_reason = "Exploration of Terragrunt and Demonstration of CICD for Infrastructure"
+      Terraform = "true"
+      Terragrunt = "true"
+    }
+  }
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["${local.account_id}"]
+}
+EOF
+}
+
+remote_state {
+  backend     = "s3"
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket         = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
+    key            = "${local.project_number}/${local.project_name}/${local.project_role}/terraform.tfstate"
+    region         = local.region_vars.locals.aws_region
+    encrypt        = true
+    dynamodb_table = "tf_remote_state"
+  }
+}
+
+inputs = merge(
+  local.account_vars.locals,
+  local.region_vars.locals,
+)