diff --git a/backup.tf b/backup.tf
new file mode 100644
index 0000000..83ce09e
--- /dev/null
+++ b/backup.tf
@@ -0,0 +1,98 @@
+/* Resources for setting up Gitlab remote backup on Amazon S3 */
+locals {
+  gitlab_backup_iam_policy_name = "${local.environment_prefix}-gitlab-backup"
+  gitlab_backup_iam_role_name   = "${local.environment_prefix}-gitlab-backup"
+}
+resource "aws_s3_bucket" "gitlab_backup" {
+  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  bucket = var.gitlab_backup_bucket_name
+
+  tags = merge(local.default_tags, var.additional_tags)
+
+  lifecycle {
+    precondition {
+      condition = anytrue([
+        (var.enable_gitlab_backup_to_s3 == false),
+        (var.enable_gitlab_backup_to_s3 == true && var.gitlab_backup_bucket_name != null)
+      ])
+      error_message = "Gitlab backup to S3 is set to ${var.enable_gitlab_backup_to_s3}. gitlab_backup_bucket_name is mandatory to create S3 bucket."
+    }
+  }
+}
+
+resource "aws_s3_bucket_acl" "gitlab_backup" {
+  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  bucket = aws_s3_bucket.gitlab_backup[0].id
+  acl    = "private"
+}
+
+data "aws_iam_policy_document" "gitlab_s3_backup" {
+  count = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:AbortMultipartUpload",
+      "s3:GetBucketAcl",
+      "s3:GetBucketLocation",
+      "s3:GetObject",
+      "s3:GetObjectAcl",
+      "s3:ListBucketMultipartUploads",
+      "s3:PutObject",
+      "s3:PutObjectAcl"
+    ]
+    resources = [
+      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}/*"
+    ]
+  }
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:GetBucketLocation",
+      "s3:ListAllMyBuckets"
+    ]
+    resources = [
+      "*"
+    ]
+  }
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:ListBucket"
+    ]
+    resources = [
+      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "gitlab_backup" {
+  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  name   = local.gitlab_backup_iam_policy_name
+  policy = data.aws_iam_policy_document.gitlab_s3_backup[0].json
+  tags = merge({
+    Name = local.gitlab_backup_iam_policy_name
+  }, local.default_tags, var.additional_tags)
+}
+
+resource "aws_iam_role" "gitlab_backup" {
+  name                = local.gitlab_backup_iam_role_name
+  assume_role_policy  = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {
+               "Service": "ec2.amazonaws.com"
+            },
+            "Effect": "Allow",
+            "Sid": ""
+        }
+    ]
+}
+EOF
+  managed_policy_arns = var.enable_gitlab_backup_to_s3 ? [aws_iam_policy.gitlab_backup[0].arn] : []
+  tags = merge({
+    Name = local.gitlab_backup_iam_role_name
+  }, local.default_tags, var.additional_tags)
+}
diff --git a/config.tf b/config.tf
new file mode 100644
index 0000000..39c38dc
--- /dev/null
+++ b/config.tf
@@ -0,0 +1,68 @@
+/* Resources for management of gitlab.rb from within the terraform module itself using Ansible playbooks */
+
+locals {
+  gitlab_config_file_name            = "gitlab.rb"
+  rendered_gitlab_config_file_name   = "gitlab_rendered.rb"
+  gitlab_additional_config_file_name = "gitlab_additional.rb"
+  gitlab_config_tmp_path             = "/tmp/gitlab/gitlab_config"
+  gitlab_config_template_file_path   = "${path.module}/templates"
+  gitlab_config_file_path            = "${path.cwd}/gitlab_config"
+  gitlab_config_playbook_file        = "${path.module}/playbooks/gitlab_setup.yaml"
+  gitlab_complete_url                = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
+}
+
+data "template_file" "gitlab_config_template" {
+  template = join("\n", [
+    file("${local.gitlab_config_template_file_path}/postgres.tftpl"),
+    file("${local.gitlab_config_template_file_path}/redis.tftpl"),
+    file("${local.gitlab_config_template_file_path}/nginx.tftpl"),
+    file("${local.gitlab_config_template_file_path}/rails.tftpl"),
+    var.create_ses_identity ? file("${local.gitlab_config_template_file_path}/smtp.tftpl") : "",
+  ])
+  vars = merge({
+    gitlab_url                   = local.gitlab_complete_url,
+    gitlab_db_name               = module.gitlab_pg.db_instance_name,
+    gitlab_db_username           = module.gitlab_pg.db_instance_username,
+    gitlab_db_password           = module.gitlab_pg.db_instance_password,
+    gitlab_db_host               = module.gitlab_pg.db_instance_address,
+    gitlab_redis_host            = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address,
+    aws_region                   = aws_s3_bucket.gitlab_backup[0].region,
+    gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket
+    }, var.create_ses_identity ? {
+    smtp_address  = "email-smtp.${var.aws_region}.amazonaws.com",
+    smtp_username = aws_iam_access_key.gitlab_smtp_user[0].id,
+    smtp_password = aws_iam_access_key.gitlab_smtp_user[0].ses_smtp_password_v4,
+    smtp_domain   = data.aws_route53_zone.email_domain[0].name
+  } : {})
+}
+
+resource "local_sensitive_file" "rendered_gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}"
+  content  = data.template_file.gitlab_config_template.rendered
+}
+
+data "local_sensitive_file" "gitlab_additional_config" {
+  count    = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0
+  filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}"
+}
+
+resource "local_sensitive_file" "gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}"
+  content = join("\n", tolist([
+    data.template_file.gitlab_config_template.rendered,
+    data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : ""
+  ]))
+}
+
+/*
+  Adding null_resource trigger on timestamp is a hack to always check the diff in the
+  config if any and apply the config changes to Gitlab.
+*/
+resource "null_resource" "gitlab_reconfigure" {
+  triggers = {
+    timestamp = timestamp()
+  }
+  provisioner "local-exec" {
+    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab.private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
+  }
+}
diff --git a/gitlab_config_templates/gitlab-nginx.rb.tftpl b/gitlab_config_templates/gitlab-nginx.rb.tftpl
deleted file mode 100644
index 66b9a0c..0000000
--- a/gitlab_config_templates/gitlab-nginx.rb.tftpl
+++ /dev/null
@@ -1,3 +0,0 @@
-nginx['redirect_http_to_https'] = false
-nginx['listen_port'] = 80
-nginx['listen_https'] = false
diff --git a/gitlab_config_templates/gitlab-postgres.tftpl b/gitlab_config_templates/gitlab-postgres.tftpl
deleted file mode 100644
index b1908e3..0000000
--- a/gitlab_config_templates/gitlab-postgres.tftpl
+++ /dev/null
@@ -1 +0,0 @@
-postgresql['enable'] = false
diff --git a/gitlab_config_templates/gitlab-rails.tftpl b/gitlab_config_templates/gitlab-rails.tftpl
deleted file mode 100644
index 5dd46e6..0000000
--- a/gitlab_config_templates/gitlab-rails.tftpl
+++ /dev/null
@@ -1,22 +0,0 @@
-external_url '${gitlab_url}'
-
-gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128']
-
-gitlab_rails['db_adapter'] = "postgresql"
-gitlab_rails['db_encoding'] = "unicode"
-gitlab_rails['db_database'] = "${gitlab_db_name}"
-gitlab_rails['db_username'] = "${gitlab_db_username}"
-gitlab_rails['db_password'] = "${gitlab_db_password}"
-gitlab_rails['db_host'] = "${gitlab_db_host}"
-
-gitlab_rails['redis_host'] = "${gitlab_redis_host}"
-gitlab_rails['redis_port'] = 6379
-
-letsencrypt['enable'] = false
-
-gitlab_rails['backup_upload_connection'] = {
-  'provider' => 'AWS',
-  'region' => '${aws_region}',
-  'use_iam_profile' => true
-}
-gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}'
diff --git a/gitlab_config_templates/gitlab-redis.tftpl b/gitlab_config_templates/gitlab-redis.tftpl
deleted file mode 100644
index ed60013..0000000
--- a/gitlab_config_templates/gitlab-redis.tftpl
+++ /dev/null
@@ -1 +0,0 @@
-redis['enable'] = false
diff --git a/load_balancers.tf b/load_balancers.tf
new file mode 100644
index 0000000..20857c8
--- /dev/null
+++ b/load_balancers.tf
@@ -0,0 +1,103 @@
+/* Resources for Gitlab classic load balancer */
+locals {
+  gitlab_lb_sg_name = "${local.environment_prefix}-gitlab-lb"
+  gitlab_lb_name    = "${local.environment_prefix}-gitlab"
+}
+resource "aws_security_group" "gitlab_lb" {
+  name        = local.gitlab_lb_sg_name
+  vpc_id      = data.aws_vpc.vpc.id
+  description = "Security group for Gitlab load balancer"
+  ingress = [
+    {
+      from_port        = 80
+      protocol         = "tcp"
+      to_port          = 80
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow http ingress from anywhere"
+    },
+    {
+      from_port        = 443
+      protocol         = "tcp"
+      to_port          = 443
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow https ingress from anywhere"
+    },
+    {
+      from_port        = 22
+      protocol         = "tcp"
+      to_port          = 22
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow SSH ingress from anywhere"
+    }
+  ]
+  egress = [
+    {
+      from_port        = 0
+      protocol         = "-1"
+      to_port          = 0
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow all egress"
+    }
+  ]
+  tags = merge({
+    Name = local.gitlab_lb_sg_name
+  }, local.default_tags, var.additional_tags)
+}
+
+module "elb" {
+  source          = "terraform-aws-modules/elb/aws"
+  version         = "~> 2.0"
+  name            = local.gitlab_lb_name
+  subnets         = var.public_subnet_ids
+  security_groups = [aws_security_group.gitlab_lb.id]
+  internal        = false
+  listener = [
+    {
+      instance_port     = 80
+      instance_protocol = "HTTP"
+      lb_port           = 80
+      lb_protocol       = "HTTP"
+    },
+    {
+      instance_port      = 80
+      instance_protocol  = "HTTP"
+      lb_port            = 443
+      lb_protocol        = "HTTPS"
+      ssl_certificate_id = var.create_acm_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn
+    },
+    {
+      instance_port     = 22
+      instance_protocol = "TCP"
+      lb_port           = 22
+      lb_protocol       = "TCP"
+    },
+  ]
+  health_check = {
+    target              = "${var.healthcheck_protocol}:${var.healthcheck_port}${var.healthcheck_path}"
+    interval            = var.healthcheck_interval
+    healthy_threshold   = var.healthcheck_healthy_threshold
+    unhealthy_threshold = var.healthcheck_unhealthy_threshold
+    timeout             = var.healthcheck_timeout
+  }
+  number_of_instances = 1
+  instances           = tolist([aws_instance.gitlab.id])
+  tags = merge({
+    Name = local.gitlab_lb_name
+  }, local.default_tags, var.additional_tags)
+}
diff --git a/main.tf b/main.tf
index 826aa7e..55a551f 100644
--- a/main.tf
+++ b/main.tf
@@ -1,17 +1,16 @@
 locals {
-  managed_by                         = "Terraform"
-  gitlab_config_file_name            = "gitlab.rb"
-  rendered_gitlab_config_file_name   = "gitlab_rendered.rb"
-  gitlab_additional_config_file_name = "gitlab_additional.rb"
-  gitlab_config_tmp_path             = "/tmp/gitlab/gitlab_config"
-  gitlab_config_template_file_path   = "${path.module}/gitlab_config_templates"
-  gitlab_config_file_path            = "${path.cwd}/gitlab_config"
-  gitlab_config_playbook_file        = "${path.module}/playbooks/gitlab_setup.yaml"
-  gitlab_complete_url                = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
+  default_tags = {
+    ManagedBy   = "Terraform"
+    Environment = var.environment
+  }
+  environment_prefix           = substr(var.environment, 0, 1)
+  gitlab_instance_name         = "${local.environment_prefix}-gitlab"
+  gitlab_ssh_key_name          = "${local.environment_prefix}-gitlab-key-pair"
+  gitlab_instance_sg_name      = "${local.environment_prefix}-gitlab"
+  gitlab_instance_profile_name = "${local.environment_prefix}-gitlab"
 }
 
 resource "aws_instance" "gitlab" {
-  count                       = 1
   ami                         = var.ami_id
   instance_type               = var.instance_type
   subnet_id                   = var.private_subnet_id
@@ -22,21 +21,23 @@ resource "aws_instance" "gitlab" {
   root_block_device {
     volume_type           = var.volume_type
     volume_size           = var.volume_size
+    iops                  = var.volume_iops
     delete_on_termination = false
   }
 
-  tags = {
-    Name        = "${var.environment_prefix}-gitlab"
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
+  tags = merge({
+    Name = local.gitlab_instance_name
+  }, local.default_tags, var.additional_tags)
 
 }
 
 resource "aws_key_pair" "gitlab_ssh" {
   count      = var.gitlab_ssh_public_key != null ? 1 : 0
-  key_name   = "${var.environment_prefix}-gitlab-key-pair"
+  key_name   = local.gitlab_ssh_key_name
   public_key = var.gitlab_ssh_public_key
+  tags = merge({
+    Name = local.gitlab_ssh_key_name
+  }, local.default_tags, var.additional_tags)
 }
 
 data "aws_vpc" "vpc" {
@@ -48,7 +49,7 @@ data "aws_route53_zone" "zone" {
 }
 
 resource "aws_security_group" "gitlab" {
-  name        = "${var.environment_prefix}-gitlab"
+  name        = local.gitlab_instance_sg_name
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab instance"
   ingress = [
@@ -99,68 +100,9 @@ resource "aws_security_group" "gitlab" {
       description      = "allow all egress"
     }
   ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
-}
-
-resource "aws_security_group" "gitlab_lb" {
-  name        = "${var.environment_prefix}-gitlab-lb"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for Gitlab load balancer"
-  ingress = [
-    {
-      from_port        = 80
-      protocol         = "tcp"
-      to_port          = 80
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow http ingress from anywhere"
-    },
-    {
-      from_port        = 443
-      protocol         = "tcp"
-      to_port          = 443
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow https ingress from anywhere"
-    },
-    {
-      from_port        = 22
-      protocol         = "tcp"
-      to_port          = 22
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow SSH ingress from anywhere"
-    }
-  ]
-  egress = [
-    {
-      from_port        = 0
-      protocol         = "-1"
-      to_port          = 0
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow all egress"
-    }
-  ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
+  tags = merge({
+    Name = local.gitlab_instance_sg_name
+  }, local.default_tags, var.additional_tags)
 }
 
 module "records" {
@@ -190,375 +132,15 @@ module "acm" {
 
   wait_for_validation = true
 
-  tags = {
+  tags = merge({
     Name = var.gitlab_domain
-  }
-}
-
-module "elb" {
-  source  = "terraform-aws-modules/elb/aws"
-  version = "~> 2.0"
-
-  name = "${var.environment_prefix}-gitlab"
-
-  subnets         = var.public_subnet_ids
-  security_groups = [aws_security_group.gitlab_lb.id]
-  internal        = false
-
-  listener = [
-    {
-      instance_port     = 80
-      instance_protocol = "HTTP"
-      lb_port           = 80
-      lb_protocol       = "HTTP"
-    },
-    {
-      instance_port      = 80
-      instance_protocol  = "HTTP"
-      lb_port            = 443
-      lb_protocol        = "HTTPS"
-      ssl_certificate_id = var.create_acm_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn
-    },
-    {
-      instance_port     = 22
-      instance_protocol = "TCP"
-      lb_port           = 22
-      lb_protocol       = "TCP"
-    },
-  ]
-
-  health_check = {
-    target              = "${var.healthcheck_protocol}:${var.healthcheck_port}${var.healthcheck_path}"
-    interval            = var.healthcheck_interval
-    healthy_threshold   = var.healthcheck_healthy_threshold
-    unhealthy_threshold = var.healthcheck_unhealthy_threshold
-    timeout             = var.healthcheck_timeout
-  }
-  number_of_instances = length(aws_instance.gitlab)
-  instances           = aws_instance.gitlab[*].id
-
-  tags = {
-    Environment = var.environment_prefix
-  }
-}
-
-module "gitlab_pg" {
-  source                    = "terraform-aws-modules/rds/aws"
-  identifier                = "${var.environment_prefix}-gitlab-pg"
-  create_db_instance        = true
-  create_db_subnet_group    = true
-  create_db_parameter_group = var.gitlab_pg_create_db_parameter_group
-  parameter_group_name      = var.gitlab_pg_parameter_group_name
-  parameters                = var.gitlab_pg_parameters
-  db_subnet_group_name      = "${var.environment_prefix}-gitlab-pg"
-  subnet_ids                = var.gitlab_pg_subnet_ids
-  allocated_storage         = var.gitlab_pg_allocated_storage
-  storage_type              = var.gitlab_pg_storage_type
-  db_name                   = var.gitlab_pg_db_name
-  port                      = tostring(var.gitlab_pg_port)
-  engine                    = "postgres"
-  engine_version            = var.gitlab_pg_engine_version
-  instance_class            = var.gitlab_pg_db_instance_class
-  username                  = var.gitlab_pg_username
-  password                  = var.gitlab_pg_password
-  create_random_password    = false
-  publicly_accessible       = var.gitlab_pg_publicly_accessible
-  vpc_security_group_ids    = [aws_security_group.gitlab_rds.id]
-}
-
-resource "aws_security_group" "gitlab_rds" {
-  name        = "${var.environment_prefix}-gitlab-rds"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for Gitlab RDS"
-  ingress = [
-    {
-      from_port        = var.gitlab_pg_port
-      protocol         = "tcp"
-      to_port          = var.gitlab_pg_port
-      cidr_blocks      = []
-      ipv6_cidr_blocks = []
-      prefix_list_ids  = []
-      security_groups  = [aws_security_group.gitlab.id]
-      self             = false
-      description      = "allow TCP access from Gitlab instance"
-    }
-  ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
-}
-
-resource "aws_elasticache_cluster" "gitlab_redis" {
-  cluster_id           = "${var.environment_prefix}-gitlab-redis"
-  engine               = "redis"
-  node_type            = var.gitlab_redis_node_type
-  num_cache_nodes      = var.gitlab_redis_num_cache_nodes
-  parameter_group_name = var.gitlab_redis_create_parameter_group == true ? aws_elasticache_parameter_group.gitlab_redis[0].name : var.gitlab_redis_parameter_group_name
-  engine_version       = var.gitlab_redis_engine_version
-  port                 = var.gitlab_redis_port
-  security_group_ids   = [aws_security_group.gitlab_redis.id]
-  subnet_group_name    = var.gitlab_redis_create_subnet_group == true ? aws_elasticache_subnet_group.gitlab_redis[0].name : var.gitlab_redis_subnet_group_name
-
-  lifecycle {
-    precondition {
-      condition = anytrue([
-        (var.gitlab_redis_create_parameter_group == false && var.gitlab_redis_parameter_group_name != null),
-        (var.gitlab_redis_create_parameter_group)
-      ])
-      error_message = "Parameter Group creation for Gitlab Redis is set to ${var.gitlab_redis_create_parameter_group}. Provide a pre-existing Parameter Group name."
-    }
-  }
-}
-
-resource "aws_elasticache_parameter_group" "gitlab_redis" {
-  count  = var.gitlab_redis_create_parameter_group == true ? 1 : 0
-  family = var.gitlab_redis_parameter_group.family
-  name   = var.gitlab_redis_parameter_group.name
-
-  lifecycle {
-    precondition {
-      condition     = var.gitlab_redis_parameter_group.name != null && var.gitlab_redis_parameter_group.family != null
-      error_message = "Provide name and family in gitlab_redis_parameter_group for Parameter Group creation"
-    }
-  }
-}
-
-resource "aws_elasticache_subnet_group" "gitlab_redis" {
-  count      = var.gitlab_redis_create_subnet_group == true ? 1 : 0
-  name       = "${var.environment_prefix}-gitlab-redis"
-  subnet_ids = var.gitlab_redis_subnet_ids
-  tags = {
-    Name      = "${var.environment_prefix}-gitlab-redis"
-    ManagedBy = local.managed_by
-  }
-  lifecycle {
-    precondition {
-      condition     = var.gitlab_redis_create_subnet_group && length(var.gitlab_redis_subnet_ids) != 0
-      error_message = "Subnet Group creation needs subnet-ids. Add subnet-ids to gitlab_redis_subnet_ids"
-    }
-  }
-}
-
-resource "aws_security_group" "gitlab_redis" {
-  name        = "${var.environment_prefix}-gitlab-redis"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for Gitlab Redis"
-  ingress = [
-    {
-      from_port        = var.gitlab_redis_port
-      protocol         = "tcp"
-      to_port          = var.gitlab_redis_port
-      cidr_blocks      = []
-      ipv6_cidr_blocks = []
-      prefix_list_ids  = []
-      security_groups  = [aws_security_group.gitlab.id]
-      self             = false
-      description      = "allow TCP access from Gitlab instance"
-    }
-  ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
-}
-
-resource "aws_s3_bucket" "gitlab_backup" {
-  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  bucket = var.gitlab_backup_bucket_name
-  lifecycle {
-    precondition {
-      condition = anytrue([
-        (var.enable_gitlab_backup_to_s3 == false),
-        (var.enable_gitlab_backup_to_s3 == true && var.gitlab_backup_bucket_name != null)
-      ])
-      error_message = "Gitlab backup to S3 is set to ${var.enable_gitlab_backup_to_s3}. gitlab_backup_bucket_name is mandatory to create S3 bucket."
-    }
-
-  }
-}
-
-resource "aws_s3_bucket_acl" "gitlab_backup" {
-  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  bucket = aws_s3_bucket.gitlab_backup[0].id
-  acl    = "private"
-}
-
-data "aws_iam_policy_document" "gitlab_s3_backup" {
-  count = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:AbortMultipartUpload",
-      "s3:GetBucketAcl",
-      "s3:GetBucketLocation",
-      "s3:GetObject",
-      "s3:GetObjectAcl",
-      "s3:ListBucketMultipartUploads",
-      "s3:PutObject",
-      "s3:PutObjectAcl"
-    ]
-    resources = [
-      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}/*"
-    ]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetBucketLocation",
-      "s3:ListAllMyBuckets"
-    ]
-    resources = [
-      "*"
-    ]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:ListBucket"
-    ]
-    resources = [
-      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}"
-    ]
-  }
-}
-
-resource "aws_iam_policy" "gitlab_backup" {
-  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  name   = "gitlab-backup"
-  policy = data.aws_iam_policy_document.gitlab_s3_backup[0].json
-}
-
-resource "aws_iam_role" "gitlab_backup" {
-  name                = "gitlab-backup"
-  assume_role_policy  = <<EOF
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Action": "sts:AssumeRole",
-            "Principal": {
-               "Service": "ec2.amazonaws.com"
-            },
-            "Effect": "Allow",
-            "Sid": ""
-        }
-    ]
-}
-EOF
-  managed_policy_arns = var.enable_gitlab_backup_to_s3 ? [aws_iam_policy.gitlab_backup[0].arn] : []
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_iam_instance_profile" "gitlab" {
-  name = "gitlab"
+  name = local.gitlab_instance_profile_name
   role = aws_iam_role.gitlab_backup.name
-}
-
-data "template_file" "gitlab_config_template" {
-  template = join("\n", [
-    file("${local.gitlab_config_template_file_path}/postgres.tftpl"),
-    file("${local.gitlab_config_template_file_path}/redis.tftpl"),
-    file("${local.gitlab_config_template_file_path}/nginx.tftpl"),
-    file("${local.gitlab_config_template_file_path}/rails.tftpl"),
-    var.create_ses_identity ? file("${local.gitlab_config_template_file_path}/smtp.tftpl") : "",
-  ])
-  vars = merge({
-    gitlab_url                   = local.gitlab_complete_url,
-    gitlab_db_name               = module.gitlab_pg.db_instance_name,
-    gitlab_db_username           = module.gitlab_pg.db_instance_username,
-    gitlab_db_password           = module.gitlab_pg.db_instance_password,
-    gitlab_db_host               = module.gitlab_pg.db_instance_address,
-    gitlab_redis_host            = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address,
-    aws_region                   = aws_s3_bucket.gitlab_backup[0].region,
-    gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket
-    }, var.create_ses_identity ? {
-    smtp_address  = "email-smtp.${var.aws_region}.amazonaws.com",
-    smtp_username = aws_iam_access_key.gitlab_smtp_user[0].id,
-    smtp_password = aws_iam_access_key.gitlab_smtp_user[0].ses_smtp_password_v4,
-    smtp_domain   = data.aws_route53_zone.email_domain[0].name
-  } : {})
-}
-
-resource "local_sensitive_file" "rendered_gitlab_config_file" {
-  filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}"
-  content  = data.template_file.gitlab_config_template.rendered
-}
-
-data "local_sensitive_file" "gitlab_additional_config" {
-  count    = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0
-  filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}"
-}
-
-resource "local_sensitive_file" "gitlab_config_file" {
-  filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}"
-  content = join("\n", tolist([
-    data.template_file.gitlab_config_template.rendered,
-    data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : ""
-  ]))
-}
-
-resource "null_resource" "gitlab_reconfigure" {
-  triggers = {
-    timestamp = timestamp()
-  }
-  provisioner "local-exec" {
-    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab[0].private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab[0].private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
-  }
-}
-
-data "aws_route53_zone" "email_domain" {
-  count = var.create_ses_identity ? 1 : 0
-  name  = var.ses_domain != null ? var.ses_domain : var.hosted_zone
-}
-
-resource "aws_ses_domain_identity" "email_domain" {
-  count  = var.create_ses_identity ? 1 : 0
-  domain = data.aws_route53_zone.email_domain[0].name
-}
-
-resource "aws_route53_record" "email_domain_amazonses_verification_record" {
-  count   = var.create_ses_identity ? 1 : 0
-  zone_id = data.aws_route53_zone.email_domain[0].zone_id
-  name    = "_amazonses.${aws_ses_domain_identity.email_domain[0].id}"
-  type    = "TXT"
-  ttl     = "600"
-  records = [aws_ses_domain_identity.email_domain[0].verification_token]
-}
-
-resource "aws_ses_domain_identity_verification" "email_domain_verification" {
-  count  = var.create_ses_identity ? 1 : 0
-  domain = aws_ses_domain_identity.email_domain[0].id
-
-  depends_on = [aws_route53_record.email_domain_amazonses_verification_record[0]]
-}
-
-resource "aws_iam_user" "gitlab_smtp_user" {
-  count = var.create_ses_identity ? 1 : 0
-  name  = var.ses_username
-}
-
-resource "aws_iam_access_key" "gitlab_smtp_user" {
-  count = var.create_ses_identity ? 1 : 0
-  user  = aws_iam_user.gitlab_smtp_user[0].name
-}
-
-data "aws_iam_policy_document" "gitlab_ses_sender" {
-  count = var.create_ses_identity ? 1 : 0
-  statement {
-    actions   = ["ses:SendRawEmail"]
-    resources = [aws_ses_domain_identity.email_domain[0].arn]
-  }
-}
-
-resource "aws_iam_policy" "gitlab_ses_sender" {
-  count       = var.create_ses_identity ? 1 : 0
-  name        = "gitlab_ses_sender"
-  description = "Allows sending of e-mails via Simple Email Service"
-  policy      = data.aws_iam_policy_document.gitlab_ses_sender[0].json
-}
-
-resource "aws_iam_user_policy_attachment" "gitlab_ses_sender" {
-  count      = var.create_ses_identity ? 1 : 0
-  user       = aws_iam_user.gitlab_smtp_user[0].name
-  policy_arn = aws_iam_policy.gitlab_ses_sender[0].arn
+  tags = merge({
+    Name = local.gitlab_instance_profile_name
+  }, local.default_tags, var.additional_tags)
 }
diff --git a/outputs.tf b/outputs.tf
index 6c3dbea..4692735 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,6 @@
 output "gitlab_instance_id" {
   description = "Instance Id of the Gitlab EC2 instance."
-  value       = aws_instance.gitlab[*].id
+  value       = aws_instance.gitlab.id
 }
 
 output "gitlab_sg_id" {
diff --git a/rds.tf b/rds.tf
new file mode 100644
index 0000000..7b742c6
--- /dev/null
+++ b/rds.tf
@@ -0,0 +1,53 @@
+/* Resources for RDS setup */
+locals {
+  gitlab_rds_cluster_name = "${local.environment_prefix}-gitlab-pg"
+  gitlab_rds_sg_name      = "${local.environment_prefix}-gitlab-rds"
+}
+resource "aws_security_group" "gitlab_rds" {
+  name        = local.gitlab_rds_sg_name
+  vpc_id      = data.aws_vpc.vpc.id
+  description = "Security group for Gitlab RDS"
+  ingress = [
+    {
+      from_port        = var.gitlab_pg_port
+      protocol         = "tcp"
+      to_port          = var.gitlab_pg_port
+      cidr_blocks      = []
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      security_groups  = [aws_security_group.gitlab.id]
+      self             = false
+      description      = "allow TCP access from Gitlab instance"
+    }
+  ]
+  tags = merge({
+    Name = local.gitlab_rds_sg_name
+  }, local.default_tags, var.additional_tags)
+}
+
+module "gitlab_pg" {
+  source                    = "terraform-aws-modules/rds/aws"
+  identifier                = local.gitlab_rds_cluster_name
+  create_db_instance        = true
+  create_db_subnet_group    = true
+  create_db_parameter_group = var.gitlab_pg_create_db_parameter_group
+  parameter_group_name      = var.gitlab_pg_parameter_group_name
+  parameters                = var.gitlab_pg_parameters
+  db_subnet_group_name      = "${local.environment_prefix}-gitlab-pg"
+  subnet_ids                = var.gitlab_pg_subnet_ids
+  allocated_storage         = var.gitlab_pg_allocated_storage
+  storage_type              = var.gitlab_pg_storage_type
+  db_name                   = var.gitlab_pg_db_name
+  port                      = tostring(var.gitlab_pg_port)
+  engine                    = "postgres"
+  engine_version            = var.gitlab_pg_engine_version
+  instance_class            = var.gitlab_pg_db_instance_class
+  username                  = var.gitlab_pg_username
+  password                  = var.gitlab_pg_password
+  create_random_password    = false
+  publicly_accessible       = var.gitlab_pg_publicly_accessible
+  vpc_security_group_ids    = [aws_security_group.gitlab_rds.id]
+  tags = merge({
+    Name = local.gitlab_rds_cluster_name
+  }, local.default_tags, var.additional_tags)
+}
diff --git a/redis.tf b/redis.tf
new file mode 100644
index 0000000..b436649
--- /dev/null
+++ b/redis.tf
@@ -0,0 +1,85 @@
+/* Resources for Gitlab Redis setup */
+locals {
+  gitlab_redis_sg_name           = "${local.environment_prefix}-gitlab-redis"
+  gitlab_redis_subnet_group_name = "${local.environment_prefix}-gitlab-redis"
+  gitlab_redis_cluster_id        = "${local.environment_prefix}-gitlab-redis"
+}
+resource "aws_security_group" "gitlab_redis" {
+  name        = local.gitlab_redis_sg_name
+  vpc_id      = data.aws_vpc.vpc.id
+  description = "Security group for Gitlab Redis"
+  ingress = [
+    {
+      from_port        = var.gitlab_redis_port
+      protocol         = "tcp"
+      to_port          = var.gitlab_redis_port
+      cidr_blocks      = []
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      security_groups  = [aws_security_group.gitlab.id]
+      self             = false
+      description      = "allow TCP access from Gitlab instance"
+    }
+  ]
+  tags = merge({
+    Name = local.gitlab_redis_sg_name
+  }, local.default_tags, var.additional_tags)
+}
+
+resource "aws_elasticache_parameter_group" "gitlab_redis" {
+  count  = var.gitlab_redis_create_parameter_group == true ? 1 : 0
+  family = var.gitlab_redis_parameter_group.family
+  name   = var.gitlab_redis_parameter_group.name
+  tags = merge({
+    Name = "${local.environment_prefix}-${var.gitlab_redis_parameter_group.name}"
+  }, local.default_tags, var.additional_tags)
+  lifecycle {
+    precondition {
+      condition     = var.gitlab_redis_parameter_group.name != null && var.gitlab_redis_parameter_group.family != null
+      error_message = "Provide name and family in gitlab_redis_parameter_group for Parameter Group creation"
+    }
+  }
+}
+
+resource "aws_elasticache_subnet_group" "gitlab_redis" {
+  count      = var.gitlab_redis_create_subnet_group == true ? 1 : 0
+  name       = local.gitlab_redis_subnet_group_name
+  subnet_ids = var.gitlab_redis_subnet_ids
+
+  tags = merge({
+    Name = local.gitlab_redis_subnet_group_name
+  }, local.default_tags, var.additional_tags)
+
+  lifecycle {
+    precondition {
+      condition     = var.gitlab_redis_create_subnet_group && length(var.gitlab_redis_subnet_ids) != 0
+      error_message = "Subnet Group creation needs subnet-ids. Add subnet-ids to gitlab_redis_subnet_ids"
+    }
+  }
+}
+
+resource "aws_elasticache_cluster" "gitlab_redis" {
+  cluster_id           = local.gitlab_redis_cluster_id
+  engine               = "redis"
+  node_type            = var.gitlab_redis_node_type
+  num_cache_nodes      = var.gitlab_redis_num_cache_nodes
+  parameter_group_name = var.gitlab_redis_create_parameter_group == true ? aws_elasticache_parameter_group.gitlab_redis[0].name : var.gitlab_redis_parameter_group_name
+  engine_version       = var.gitlab_redis_engine_version
+  port                 = var.gitlab_redis_port
+  security_group_ids   = [aws_security_group.gitlab_redis.id]
+  subnet_group_name    = var.gitlab_redis_create_subnet_group == true ? aws_elasticache_subnet_group.gitlab_redis[0].name : var.gitlab_redis_subnet_group_name
+
+  tags = merge({
+    Name = local.gitlab_redis_cluster_id
+  }, local.default_tags, var.additional_tags)
+
+  lifecycle {
+    precondition {
+      condition = anytrue([
+        (var.gitlab_redis_create_parameter_group == false && var.gitlab_redis_parameter_group_name != null),
+        (var.gitlab_redis_create_parameter_group)
+      ])
+      error_message = "Parameter Group creation for Gitlab Redis is set to ${var.gitlab_redis_create_parameter_group}. Provide a pre-existing Parameter Group name."
+    }
+  }
+}
diff --git a/ses.tf b/ses.tf
new file mode 100644
index 0000000..b55bb3f
--- /dev/null
+++ b/ses.tf
@@ -0,0 +1,63 @@
+/* Resources for Amazon SES setup to be used as SMTP service for Gitlab */
+locals {
+  gitlab_ses_sender_name = "${local.environment_prefix}-gitlab-ses-sender"
+}
+data "aws_route53_zone" "email_domain" {
+  count = var.create_ses_identity ? 1 : 0
+  name  = var.ses_domain != null ? var.ses_domain : var.hosted_zone
+}
+
+resource "aws_ses_domain_identity" "email_domain" {
+  count  = var.create_ses_identity ? 1 : 0
+  domain = data.aws_route53_zone.email_domain[0].name
+}
+
+resource "aws_route53_record" "email_domain_amazonses_verification_record" {
+  count   = var.create_ses_identity ? 1 : 0
+  zone_id = data.aws_route53_zone.email_domain[0].zone_id
+  name    = "_amazonses.${aws_ses_domain_identity.email_domain[0].id}"
+  type    = "TXT"
+  ttl     = "600"
+  records = [aws_ses_domain_identity.email_domain[0].verification_token]
+}
+
+resource "aws_ses_domain_identity_verification" "email_domain_verification" {
+  count      = var.create_ses_identity ? 1 : 0
+  domain     = aws_ses_domain_identity.email_domain[0].id
+  depends_on = [aws_route53_record.email_domain_amazonses_verification_record[0]]
+}
+
+resource "aws_iam_user" "gitlab_smtp_user" {
+  count = var.create_ses_identity ? 1 : 0
+  name  = var.ses_username
+  tags  = merge(local.default_tags, var.additional_tags)
+}
+
+resource "aws_iam_access_key" "gitlab_smtp_user" {
+  count = var.create_ses_identity ? 1 : 0
+  user  = aws_iam_user.gitlab_smtp_user[0].name
+}
+
+data "aws_iam_policy_document" "gitlab_ses_sender" {
+  count = var.create_ses_identity ? 1 : 0
+  statement {
+    actions   = ["ses:SendRawEmail"]
+    resources = [aws_ses_domain_identity.email_domain[0].arn]
+  }
+}
+
+resource "aws_iam_policy" "gitlab_ses_sender" {
+  count       = var.create_ses_identity ? 1 : 0
+  name        = local.gitlab_ses_sender_name
+  description = "Allows sending of e-mails via Simple Email Service"
+  policy      = data.aws_iam_policy_document.gitlab_ses_sender[0].json
+  tags = merge({
+    Name = local.gitlab_ses_sender_name
+  }, local.default_tags, var.additional_tags)
+}
+
+resource "aws_iam_user_policy_attachment" "gitlab_ses_sender" {
+  count      = var.create_ses_identity ? 1 : 0
+  user       = aws_iam_user.gitlab_smtp_user[0].name
+  policy_arn = aws_iam_policy.gitlab_ses_sender[0].arn
+}
diff --git a/gitlab_config_templates/nginx.tftpl b/templates/nginx.tftpl
similarity index 100%
rename from gitlab_config_templates/nginx.tftpl
rename to templates/nginx.tftpl
diff --git a/gitlab_config_templates/postgres.tftpl b/templates/postgres.tftpl
similarity index 100%
rename from gitlab_config_templates/postgres.tftpl
rename to templates/postgres.tftpl
diff --git a/gitlab_config_templates/rails.tftpl b/templates/rails.tftpl
similarity index 100%
rename from gitlab_config_templates/rails.tftpl
rename to templates/rails.tftpl
diff --git a/gitlab_config_templates/redis.tftpl b/templates/redis.tftpl
similarity index 100%
rename from gitlab_config_templates/redis.tftpl
rename to templates/redis.tftpl
diff --git a/gitlab_config_templates/smtp.tftpl b/templates/smtp.tftpl
similarity index 100%
rename from gitlab_config_templates/smtp.tftpl
rename to templates/smtp.tftpl
diff --git a/variables.tf b/variables.tf
index f268e09..e84985c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,7 +1,7 @@
-variable "environment_prefix" {
+variable "environment" {
   type        = string
-  default     = "p"
-  description = "Development environment prefix. Eg: s for staging, p for production, etc."
+  default     = "production"
+  description = "Development environment. Eg: staging, production, etc."
 }
 
 variable "vpc_id" {
@@ -36,6 +36,12 @@ variable "volume_size" {
   description = "Size of root EBS volume for Gitlab instance."
 }
 
+variable "volume_iops" {
+  type        = number
+  default     = 3000
+  description = "IOPS for the Gitlab EBS volume"
+}
+
 variable "public_subnet_ids" {
   type        = list(string)
   description = "List of public subnet Ids for Gitlab load balancer."
@@ -295,5 +301,11 @@ variable "aws_region" {
 variable "ses_username" {
   type        = string
   description = "Username for Gitlab SMTP user"
-  default     = "gitlab_smtp_user"
+  default     = "gitlab-smtp-user"
+}
+
+variable "additional_tags" {
+  type        = map(string)
+  default     = {}
+  description = "A map of additional tags to attach to the resources."
 }