diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e291fcd..b24c6a7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -13,6 +13,7 @@ repos:
       exclude: common/*.tf
       exclude: version.tf
       exclude: examples
+      exclude: conversion
       args:
         - --args=--config .terraform-docs.yml
 #    - id: terraform_tflint 
diff --git a/conversion/ecs-update-cert.md b/conversion/ecs/README.md
similarity index 100%
rename from conversion/ecs-update-cert.md
rename to conversion/ecs/README.md
diff --git a/conversion/ecs/certs.tf b/conversion/ecs/certs.tf
new file mode 100644
index 0000000..c8f9f0c
--- /dev/null
+++ b/conversion/ecs/certs.tf
@@ -0,0 +1,25 @@
+## module "cert" {
+##   source = "git@github.e.it.census.gov:terraform-modules/aws-tls-certificate?ref=tf-upgrade"
+## 
+##   certificate_cn       = local.app_alb_dns_name
+##   certificate_download = local.app_cert_download
+## 
+##   tags = merge(
+##     local.base_tags,
+##     #local.common_tags,
+##     #var.application_tags,
+##   )
+## }
+
+module "cert" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acm"
+
+  certificate_dns = local.app_alb_dns_name
+  contact_email   = local.app_cert_contact_email
+
+  tags = merge(
+    local.base_tags,
+    local.common_tags,
+    var.application_tags,
+  )
+}
diff --git a/conversion/ecs/load-balancer.tf b/conversion/ecs/load-balancer.tf
new file mode 100644
index 0000000..f713a89
--- /dev/null
+++ b/conversion/ecs/load-balancer.tf
@@ -0,0 +1,84 @@
+resource "aws_lb_target_group" "app" {
+  name        = local.app_albtg_name
+  port        = local.app_lb_port
+  protocol    = "HTTP"
+  vpc_id      = local.vpc_id
+  target_type = "ip"
+
+  #  stickiness {
+  #    type = "lb_cookie"
+  #    cookie_duration = 3600
+  #    enabled = true
+  #  }
+
+  health_check {
+    enabled             = true
+    interval            = 6
+    port                = local.app_lb_port
+    timeout             = 5
+    protocol            = "HTTP"
+    path                = local.app_lb_health_monitor_path
+    healthy_threshold   = 3
+    unhealthy_threshold = 3
+    matcher             = "200"
+  }
+
+  tags = merge(
+    local.base_tags,
+    #local.common_tags,
+    #var.application_tags,
+    { "Name" = local.app_albtg_name },
+  )
+}
+
+resource "aws_lb" "app" {
+  name                       = local.app_alb_name
+  internal                   = true
+  load_balancer_type         = "application"
+  security_groups            = [local.sg_web_id]
+  subnets                    = local.lb_subnet_ids
+  enable_deletion_protection = true
+  idle_timeout               = 300
+
+  access_logs {
+    bucket  = data.terraform_remote_state.infrastructure_east.outputs.logs_id
+    prefix  = "alb-logs/${local.app_alb_dns_name}"
+    enabled = true
+  }
+
+  tags = merge(
+    local.base_tags,
+    #local.common_tags,
+    #var.application_tags,
+    { "Name" = local.app_alb_name },
+  )
+}
+
+resource "aws_lb_listener" "app_80_redirect" {
+  load_balancer_arn = aws_lb.app.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type = "redirect"
+
+    redirect {
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+resource "aws_lb_listener" "app_443" {
+  load_balancer_arn = aws_lb.app.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  certificate_arn   = module.cert.certificate_arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.app.arn
+  }
+}
diff --git a/conversion/ecs/settings.txt b/conversion/ecs/settings.txt
new file mode 100644
index 0000000..a620aae
--- /dev/null
+++ b/conversion/ecs/settings.txt
@@ -0,0 +1,4 @@
+# add/update
+
+  app_cert_download          = false
+  app_cert_contact_email     = "{group-email-address}"
diff --git a/conversion/ecs/tf-run.data b/conversion/ecs/tf-run.data
new file mode 100644
index 0000000..97d1ac3
--- /dev/null
+++ b/conversion/ecs/tf-run.data
@@ -0,0 +1,27 @@
+VERSION 2.0.0
+REMOTE-STATE
+COMMAND tf-directory-setup.py -l none -f
+COMMAND setup-new-directory.sh
+
+TAG links
+# COMMAND ln -sf ../../../../../../common/apps/dice-mojo/remote_state.common_apps_dice-mojo.tf .
+LINKTOP common/apps/dice-mojo/remote_state.common_apps_dice-mojo.tf
+LINKTOP includes.d/variables.account_tags.tf
+LINKTOP includes.d/variables.account_tags.auto.tfvars
+LINKTOP includes.d/variables.infrastructure_tags.tf
+LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars
+LINKTOP includes.d/variables.application_tags.tf
+## LINKTOP includes.d/variables.application_tags.auto.tfvars
+LINKTOP provider_configs.d/provider.ldap_new.auto.tfvars
+LINKTOP provider_configs.d/provider.ldap_new.tf
+LINKTOP provider_configs.d/provider.ldap_new.variables.tf
+COMMAND rm -f provider.ldap.*
+
+TAG init
+COMMAND tf-init -upgrade
+
+TAG start
+ALL
+
+TAG state-link
+COMMAND tf-directory-setup.py -l s3