diff --git a/examples/public-dns-external/custom.tf b/examples/public-dns-external/custom.tf
new file mode 100644
index 000000000..e128d9d5a
--- /dev/null
+++ b/examples/public-dns-external/custom.tf
@@ -0,0 +1,8 @@
+terraform {
+  cloud {
+    organization = "weights-and-biases"
+    workspaces {
+      name = "apple-replica-msk"
+    }
+  }
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 14bafe24e..271af9450 100644
--- a/main.tf
+++ b/main.tf
@@ -44,6 +44,7 @@ module "networking" {
   elasticache_subnet_cidrs  = var.network_elasticache_subnet_cidrs
 }
 
+
 locals {
   network_id             = var.create_vpc ? module.networking.vpc_id : var.network_id
   network_public_subnets = var.create_vpc ? module.networking.public_subnets : var.network_public_subnets
@@ -59,6 +60,14 @@ locals {
   network_elasticache_subnet_group_name = module.networking.elasticache_subnet_group_name
 }
 
+module "msk" {
+  source    = "./modules/msk"
+  namespace = var.namespace
+
+  private_subnets = local.network_private_subnets
+  vpc_id          = local.network_id
+}
+
 module "database" {
   source = "./modules/database"
 
diff --git a/modules/msk/main.tf b/modules/msk/main.tf
new file mode 100644
index 000000000..bff43b4ca
--- /dev/null
+++ b/modules/msk/main.tf
@@ -0,0 +1,56 @@
+# Security group for MSK (allows traffic within your VPC)
+resource "aws_security_group" "msk" {
+  name        = "${var.namespace}-msk-sg"
+  vpc_id      = var.vpc_id
+  description = "Allow MSK traffic within the VPC"
+
+  ingress {
+    from_port = 9092
+    to_port   = 9092
+    protocol  = "tcp"
+    self      = true
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_msk_cluster" "default" {
+  cluster_name           = var.namespace
+  kafka_version          = var.kafka_version
+  number_of_broker_nodes = length(var.private_subnets)
+
+  broker_node_group_info {
+    instance_type = var.instance_type
+
+    client_subnets  = var.private_subnets
+    security_groups = [aws_security_group.msk.id]
+
+    storage_info {
+      ebs_storage_info {
+        volume_size = var.volume_size
+      }
+    }
+  }
+
+  encryption_info {
+    encryption_in_transit {
+      client_broker = "TLS"
+    }
+  }
+
+  depends_on = [aws_security_group.msk]
+}
+
+output "zookeeper_connect_string" {
+  value = aws_msk_cluster.default.zookeeper_connect_string
+}
+
+output "bootstrap_brokers_tls" {
+  description = "TLS connection host:port pairs"
+  value       = aws_msk_cluster.default.bootstrap_brokers_tls
+}
\ No newline at end of file
diff --git a/modules/msk/variables.tf b/modules/msk/variables.tf
new file mode 100644
index 000000000..47d5a0cfd
--- /dev/null
+++ b/modules/msk/variables.tf
@@ -0,0 +1,26 @@
+variable "namespace" {
+  type = string
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "private_subnets" {
+  type = list(string)
+}
+
+variable "instance_type" {
+  type    = string
+  default = "kafka.m5.large"
+}
+
+variable "volume_size" {
+  type    = number
+  default = 20
+}
+
+variable "kafka_version" {
+  type    = string
+  default = "3.6.0"
+}
\ No newline at end of file