diff --git a/azure/terraform/graph.tf b/azure/terraform/graph.tf
new file mode 100644
--- /dev/null
+++ b/azure/terraform/graph.tf
@@ -0,0 +1,73 @@
+variable "region" {
+    type = "string"
+    default = "westeurope"
+}
+
+resource "azurerm_resource_group" "euwest-graph" {
+  name     = "euwest-graph"
+  location = "${var.region}"
+
+  tags {
+      environment = "SWH Graph"
+  }
+}
+
+resource "azurerm_network_interface" "graph-interface" {
+  name                = "graph"
+  location            = "${var.region}"
+  resource_group_name = "${azurerm_resource_group.euwest-graph.name}"
+  network_security_group_id = "${data.azurerm_network_security_group.worker-nsg.id}"
+
+  ip_configuration {
+    name                          = "graphNicConfiguration"
+    subnet_id                     = "${data.azurerm_subnet.default.id}"
+    public_ip_address_id          = ""
+    private_ip_address_allocation = "Dynamic"
+  }
+  tags {
+      environment = "SWH Graph"
+  }
+}
+
+resource "azurerm_virtual_machine" "graph-server" {
+  name                  = "graph0"
+  location              = "${var.region}"
+  resource_group_name   = "euwest-vault"
+  network_interface_ids = ["${azurerm_network_interface.graph-interface.id}"]
+    # multiple issues with this vm
+    # 1. we have only 8 vcpus left
+    # 2. this is location dependent, "west us" seems ok, the others not (I did
+    # not check all regions but europe/uk in general seems a nogo)
+    # vm_size               = "Standard_H16m_Promo"
+    vm_size               = "Standard_B2ms"
+
+  storage_image_reference {
+    publisher = "credativ"
+    offer     = "Debian"
+    sku       = "9"
+    version   = "latest"
+  }
+
+  storage_os_disk {
+    name              = "graph0-osdisk"
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+  }
+
+  os_profile {
+    computer_name  = "graph0"
+    admin_username = "${var.user_admin}"
+  }
+
+  os_profile_linux_config {
+    disable_password_authentication = true
+    ssh_keys {
+      path = "/home/${var.user_admin}/.ssh/authorized_keys"
+      key_data = "${var.ssh_key_data}"
+    }
+  }
+
+  tags {
+      environment = "SWH Graph"
+  }
+}
diff --git a/azure/terraform/init.tf b/azure/terraform/init.tf
new file mode 100644
--- /dev/null
+++ b/azure/terraform/init.tf
@@ -0,0 +1,33 @@
+# Keyword use:
+# - provider: Define the provider(s)
+# - data: Retrieve data information to be used within the file
+# - resource: Define resource and create/update
+
+# Configure the Microsoft Azure Provider
+# Empty if using the `az login` tool
+provider "azurerm" {
+  version             = "~> 1.27"
+}
+
+# Reuse the network security group as defined currently
+data "azurerm_network_security_group" "worker-nsg" {
+  name                = "worker-nsg"
+  resource_group_name = "swh-resource"
+}
+
+# Same for the subnet
+data "azurerm_subnet" "default" {
+  name                 = "default"
+  virtual_network_name = "swh-vnet"
+  resource_group_name  = "swh-resource"
+}
+
+variable "ssh_key_data" {
+  type = "string"
+  default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@yavin4"
+}
+
+variable "user_admin" {
+    type = "string"
+    default = "root"
+}
diff --git a/azure/terraform/variables.tf b/azure/terraform/variables.tf
--- a/azure/terraform/variables.tf
+++ b/azure/terraform/variables.tf
@@ -1,9 +0,0 @@
-variable "ssh_key_data" {
-  type = "string"
-  default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@bespin"
-}
-
-variable "user_admin" {
-    type = "string"
-    default = "ardumont"
-}
diff --git a/azure/terraform/vault.tf b/azure/terraform/vault.tf
--- a/azure/terraform/vault.tf
+++ b/azure/terraform/vault.tf
@@ -1,27 +1,3 @@
-# Keyword use:
-# - provider: Define the provider(s)
-# - data: Retrieve data information to be used within the file
-# - resource: Define resource and create/update
-
-# Configure the Microsoft Azure Provider
-# Empty if using the `az login` tool
-provider "azurerm" {
-  version             = "~> 1.27"
-}
-
-# Reuse the network security group as defined currently
-data "azurerm_network_security_group" "worker-nsg" {
-  name                = "worker-nsg"
-  resource_group_name = "swh-resource"
-}
-
-# Same for the subnet
-data "azurerm_subnet" "default" {
-  name                 = "default"
-  virtual_network_name = "swh-vnet"
-  resource_group_name  = "swh-resource"
-}
-
 # Define a new resource for the vault
 # matching what we name elsewhere "euwest-${resource}"