diff --git a/locals.tf b/locals.tf
new file mode 100644
index 0000000..84d6ee1
--- /dev/null
+++ b/locals.tf
@@ -0,0 +1,3 @@
+locals {
+  network_interface_names = ["nic1", "nic2", "nic3"]
+}
diff --git a/main.tf b/main.tf
deleted file mode 100644
index 5302110..0000000
--- a/main.tf
+++ /dev/null
@@ -1,79 +0,0 @@
-terraform {
-  required_providers {
-    azurerm = {
-      source = "hashicorp/azurerm"
-      version = "3.105.0"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {}
-}
-
-variable "prefix" {
-  default = "tfvmex"
-}
-
-resource "azurerm_resource_group" "example" {
-  name     = "${var.prefix}-resources"
-  location = "West Europe"
-}
-
-resource "azurerm_virtual_network" "main" {
-  name                = "${var.prefix}-network"
-  address_space       = ["10.0.0.0/16"]
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-}
-
-resource "azurerm_subnet" "internal" {
-  name                 = "internal"
-  resource_group_name  = azurerm_resource_group.example.name
-  virtual_network_name = azurerm_virtual_network.main.name
-  address_prefixes     = ["10.0.2.0/24"]
-}
-
-resource "azurerm_network_interface" "main" {
-  name                = "${var.prefix}-nic"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-
-  ip_configuration {
-    name                          = "testconfiguration1"
-    subnet_id                     = azurerm_subnet.internal.id
-    private_ip_address_allocation = "Dynamic"
-  }
-}
-
-resource "azurerm_virtual_machine" "main" {
-  name                  = "${var.prefix}-vm"
-  location              = azurerm_resource_group.example.location
-  resource_group_name   = azurerm_resource_group.example.name
-  network_interface_ids = [azurerm_network_interface.main.id]
-  vm_size               = "Standard_DS1_v2"
-
-  storage_image_reference {
-    publisher = "Canonical"
-    offer     = "0001-com-ubuntu-server-jammy"
-    sku       = "22_04-lts"
-    version   = "latest"
-  }
-  storage_os_disk {
-    name              = "myosdisk1"
-    caching           = "ReadWrite"
-    create_option     = "FromImage"
-    managed_disk_type = "Standard_LRS"
-  }
-  os_profile {
-    computer_name  = "hostname"
-    admin_username = "testadmin"
-    admin_password = "Password1234!"
-  }
-  os_profile_linux_config {
-    disable_password_authentication = false
-  }
-  tags = {
-    environment = "staging"
-  }
-}
diff --git a/networking.tf b/networking.tf
new file mode 100644
index 0000000..655d37b
--- /dev/null
+++ b/networking.tf
@@ -0,0 +1,49 @@
+
+resource "azurerm_virtual_network" "main" {
+  name                = "${var.prefix}-network"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+resource "azurerm_subnet" "internal" {
+  name                 = "internal"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.main.name
+  address_prefixes     = ["10.0.2.0/24"]
+}
+
+resource "azurerm_network_interface" "main" {
+  for_each            = toset(local.network_interface_names)
+  name                = "${var.prefix}-${each.value}"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  ip_configuration {
+    name                          = "testconfiguration-${each.value}"
+    subnet_id                     = azurerm_subnet.internal.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_network_security_group" "main" {
+  name                = "${var.prefix}-nsg"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  dynamic "security_rule" {
+    for_each = var.security_rules
+
+    content {
+      name                       = security_rule.value.name
+      priority                   = security_rule.value.priority
+      direction                  = "Inbound"
+      access                     = "Allow"
+      protocol                   = "Tcp"
+      source_port_range          = "*"
+      destination_port_range     = security_rule.value.destination_port_range
+      source_address_prefix      = "*"
+      destination_address_prefix = "*"
+    }
+  }
+}
diff --git a/output.tf b/output.tf
new file mode 100644
index 0000000..12d1545
--- /dev/null
+++ b/output.tf
@@ -0,0 +1,17 @@
+output "vm_name_uppercase" {
+  value = [for vm in azurerm_virtual_machine.main : upper(vm.name)]
+}
+
+output "tags_combined" {
+  value = [
+    for vm in azurerm_virtual_machine.main : join(", ", [
+      vm.tags["name"],
+      vm.tags["environment"],
+      vm.tags["creation_date"]
+    ])
+  ]
+}
+
+output "vm_ids" {
+  value = [for vm in azurerm_virtual_machine.main : vm.id]
+}
diff --git a/provider.tf b/provider.tf
new file mode 100644
index 0000000..bd3cb94
--- /dev/null
+++ b/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.105.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/resource_group.tf b/resource_group.tf
new file mode 100644
index 0000000..1e062a6
--- /dev/null
+++ b/resource_group.tf
@@ -0,0 +1,4 @@
+resource "azurerm_resource_group" "example" {
+  name     = "${var.prefix}-resources"
+  location = "West Europe"
+}
diff --git a/tfplan b/tfplan
new file mode 100644
index 0000000..7ce9e7a
Binary files /dev/null and b/tfplan differ
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..f7f1e33
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,40 @@
+variable "prefix" {
+  default     = "tfvmex"
+  description = "Prefix for azure resources"
+}
+
+variable "vm_number" {
+  type        = number
+  description = "Number of virtual machine to create"
+  default     = 3
+}
+
+variable "security_rules" {
+  type = list(object({
+    name                   = string
+    priority               = number
+    destination_port_range = string
+  }))
+  default = [
+    {
+      name                   = "allow-ssh"
+      priority               = 100
+      destination_port_range = "22"
+    },
+    {
+      name                   = "allow-http"
+      priority               = 200
+      destination_port_range = "80"
+    }
+  ]
+}
+
+variable "admin_username" {
+  type    = string
+  default = "testadmin"
+}
+
+variable "admin_password" { # I have set an environment variable before running Terraform commands export TF_VAR_admin_password=""
+  type      = string
+  sensitive = true
+}
diff --git a/vm.tf b/vm.tf
new file mode 100644
index 0000000..63d622c
--- /dev/null
+++ b/vm.tf
@@ -0,0 +1,38 @@
+
+resource "azurerm_virtual_machine" "main" {
+  count                 = var.vm_number
+  name                  = "${var.prefix}-vm-${count.index + 1}"
+  location              = azurerm_resource_group.example.location
+  resource_group_name   = azurerm_resource_group.example.name
+  network_interface_ids = [azurerm_network_interface.main[local.network_interface_names[count.index]].id]
+  vm_size               = "Standard_DS1_v2"
+
+  storage_image_reference {
+    publisher = "Canonical"
+    offer     = "0001-com-ubuntu-server-jammy"
+    sku       = "22_04-lts"
+    version   = "latest"
+  }
+  storage_os_disk {
+    name              = "myosdisk-${count.index + 1}"
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = "Standard_LRS"
+  }
+  os_profile {
+    computer_name  = "hostname-${count.index + 1}"
+    admin_username = var.admin_username
+    admin_password = var.admin_password
+  }
+  os_profile_linux_config {
+    disable_password_authentication = false
+  }
+  tags = {
+    environment   = "staging"
+    name          = "vm${count.index}"
+    creation_date = formatdate("YYYY-MM-DD", timestamp())
+  }
+  lifecycle {
+    prevent_destroy = true
+  }
+}