diff --git a/terraform/environments/cdpt-ifs/bastion.json b/terraform/environments/cdpt-ifs/bastion.json
new file mode 100644
index 00000000000..f97bec0e4f8
--- /dev/null
+++ b/terraform/environments/cdpt-ifs/bastion.json
@@ -0,0 +1,13 @@
+{
+  "keys": {
+    "development": {
+      "acurtis": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7Z+QprFiensJ1Kw08i9shm5lfritcI3/71nrDu2S3H alistair.curtis@digital.justice.gov.uk"
+    },
+    "preproduction": {
+      "acurtis": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7Z+QprFiensJ1Kw08i9shm5lfritcI3/71nrDu2S3H alistair.curtis@digital.justice.gov.uk"
+    },
+    "production": {
+      "acurtis": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7Z+QprFiensJ1Kw08i9shm5lfritcI3/71nrDu2S3H alistair.curtis@digital.justice.gov.uk"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/environments/cdpt-ifs/bastion_linux.tf b/terraform/environments/cdpt-ifs/bastion_linux.tf
new file mode 100644
index 00000000000..588ece74247
--- /dev/null
+++ b/terraform/environments/cdpt-ifs/bastion_linux.tf
@@ -0,0 +1,38 @@
+locals {
+  public_key_data = jsondecode(file("./bastion_linux.json"))
+}
+
+module "bastion_linux" {
+  source = "github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=v4.0.0"
+
+  providers = {
+    aws.share-host   = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
+    aws.share-tenant = aws          # The default provider (unaliased, `aws`) is the tenant
+  }
+
+  # s3 - used for logs and user ssh public keys
+  bucket_name          = "bastion"
+  bucket_versioning    = true
+  bucket_force_destroy = true
+  # public keys
+  public_key_data = local.public_key_data.keys[local.environment]
+  # logs
+  log_auto_clean       = "Enabled"
+  log_standard_ia_days = 30  # days before moving to IA storage
+  log_glacier_days     = 60  # days before moving to Glacier
+  log_expiry_days      = 180 # days before log expiration
+  # bastion
+  allow_ssh_commands = false
+
+  app_name      = var.networking[0].application
+  business_unit = local.vpc_name
+  subnet_set    = local.subnet_set
+  environment   = local.environment
+  region        = "eu-west-2"
+
+  extra_user_data_content = "yum install -y openldap-clients"
+
+  # Tags
+  tags_common = local.tags
+  tags_prefix = terraform.workspace
+}