diff --git a/Access_Controls-Applications.tf b/Access_Controls-Applications.tf
index 5757751..59d3cb8 100644
--- a/Access_Controls-Applications.tf
+++ b/Access_Controls-Applications.tf
@@ -2,9 +2,13 @@
 # CLOUDFLARE : Access Controls : Applications
 # =============================================================================
 
-# 
+#======================================================
+# INFRASTRUCTURE APP: TEST
+#======================================================
+
 resource "cloudflare_zero_trust_access_application" "zero_trust_access_application" {
   account_id        = local.cloudflare_account_id
+
   type              = "self_hosted"
   name              = "Home Network Access Application"
   domain            = "home.tips-of-mine.org"
@@ -20,5 +24,98 @@ resource "cloudflare_zero_trust_access_application" "zero_trust_access_applicati
 
 data "cloudflare_zero_trust_access_application" "zero_trust_access_application" {
   account_id = local.cloudflare_account_id
+
   app_id     = cloudflare_zero_trust_access_application.zero_trust_access_application.id
 }
+
+#======================================================
+# INFRASTRUCTURE APP: MySQL Database (Infrastructure)
+#======================================================
+
+# Creating the Target
+resource "cloudflare_zero_trust_access_infrastructure_target" "gcp_ssh_target" {
+  account_id = local.cloudflare_account_id
+
+  hostname   = var.cloudflare_target_ssh_name
+  ip = {
+    ipv4 = {
+      ip_addr = var.gcp_vm_internal_ip
+    }
+  }
+}
+
+# Creating the infrastructure Application
+resource "cloudflare_zero_trust_access_application" "cloudflare_app_ssh_infra" {
+  account_id                   = local.cloudflare_account_id
+
+  type                         = "infrastructure"
+  name                         = var.cloudflare_infra_app_name
+  logo_url                     = "https://upload.wikimedia.org/wikipedia/commons/0/01/Google-cloud-platform.svg"
+  tags                         = [cloudflare_zero_trust_access_tag.zero_trust_demo_tag.name]
+  custom_deny_url              = "https://denied.macharpe.com/"
+  custom_non_identity_deny_url = "https://denied.macharpe.com/"
+
+  target_criteria = [{
+    port     = "22",
+    protocol = "SSH"
+    target_attributes = {
+      hostname = [var.cloudflare_target_ssh_name]
+    },
+  }]
+
+  policies = [{
+    name     = "SSH GCP Infrastructure Policy"
+    decision = "allow"
+
+    allowed_idps                = [var.cloudflare_okta_identity_provider_id]
+    auto_redirect_to_identity   = true
+    allow_authenticate_via_warp = false
+
+    include = [
+      {
+        saml = {
+          identity_provider_id = var.cloudflare_okta_identity_provider_id
+          attribute_name       = "groups"
+          attribute_value      = var.okta_infra_admin_saml_group_name
+        }
+      },
+      {
+        saml = {
+          identity_provider_id = var.cloudflare_okta_identity_provider_id
+          attribute_name       = "groups"
+          attribute_value      = var.okta_contractors_saml_group_name
+        }
+      },
+      {
+        email_domain = {
+          domain = var.cloudflare_email_domain
+        }
+      }
+    ]
+    require = [
+      {
+        device_posture = {
+          integration_uid = var.cloudflare_gateway_posture_id
+        }
+      },
+      {
+        auth_method = {
+          auth_method = "mfa"
+        }
+      }
+    ]
+    exclude = [
+      {
+        auth_method = {
+          auth_method = "sms"
+        }
+      }
+    ]
+    connection_rules = {
+      ssh = {
+        allow_email_alias = true
+        usernames         = [] # None
+      }
+    }
+  }]
+}