diff --git a/emr/README.md b/emr/README.md
new file mode 100644
index 0000000..c9e1a6e
--- /dev/null
+++ b/emr/README.md
@@ -0,0 +1,76 @@
+# About emr
+
+This describes how to use the aws-common-security-groups submodule for emr.
+
+## Usage
+
+```hcl
+module "emr" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//emr"
+
+  vpc_id = var.vpc_id
+  name_prefix = "edl-dev-124567"
+  ## optional
+  # ingress_prefix_list_names = [ "rds-postgres.edl.project" ]
+  # egress_prefix_list_names = [ ]
+
+  ## tags for Name, CostAllocation, and Environment are pre-set, but they can be overriden
+  # tags = { }
+}
+
+## ingress_networks
+This is the list of network CIDR blocks for inbound access to the ports defined for RDS Postgres.
+There is a default set of CIDR blocks provided if this field is not populated.  This is comprised of the
+Census networks:
+* 148.129.0.0/16: Census class B
+* 172.16.0.0/12: Census private class B
+* 192.168.0.0/16: Census private class C
+* 10.0.0.0/8: Censsu private class A
+
+Passing a null or empty list to this field will ignore the ingress setting on these networks.
+
+## ingress_prefix_list_names
+In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists
+will be looked up and the resultant IDs used in the security group for inbound port access to RDS
+Postgres.  This will fail if the prefix list does not exist.
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.66.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.80.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_description_prefix"></a> [description\_prefix](#input\_description\_prefix) | Security Group Description Prefix | `string` | `"Security Group"` | no |
+| <a name="input_egress_networks"></a> [egress\_networks](#input\_egress\_networks) | List of egress networks (all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_ingress_networks"></a> [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for external access (not all ports). Use null to disable built-in settings | `list(string)` | `[]` | no |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Security Group Name Prefix | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags | `map(any)` | <pre>{<br>  "CostAllocation": "csvd:infrastructure",<br>  "Environment": "infrastructure"<br>}</pre> | no |
+| <a name="input_use_vpc_cidr"></a> [use\_vpc\_cidr](#input\_use\_vpc\_cidr) | Enable\|Disable use of VPC CIDR block in the ingress\_networks | `bool` | `false` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID Number | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.