diff --git a/rds-oracle/CHANGELOG.md b/rds-oracle/CHANGELOG.md
index 239a373..167edf8 100644
--- a/rds-oracle/CHANGELOG.md
+++ b/rds-oracle/CHANGELOG.md
@@ -1,3 +1,5 @@
 # v1.3 -- 20200604
+  - add module version, update tags
 
-* add module version, update tags
+# v1.3.1 -- 20210621
+  - add ports 2483 and 2484 (tcp, tcp+ssl)
diff --git a/rds-oracle/README.md b/rds-oracle/README.md
index 9f48f1f..68a4079 100644
--- a/rds-oracle/README.md
+++ b/rds-oracle/README.md
@@ -19,39 +19,38 @@ module "rds-oracle" {
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 ## Modules
 
-No Modules.
+No modules.
 
 ## Resources
 
-| Name |
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) |
+| Name | Type |
+|------|------|
+| [aws_security_group.this_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| \_module\_version | Module version number | `string` | `"1.3"` | no |
-| egress\_networks | List of egress networks (all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
-| name | Security group Name | `string` | `"m-oracle-db"` | no |
-| networks | List of ingress networks (applies to all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
-| tags | Extra security group tags | `map` | <pre>{<br>  "CostAllocation": "csvd:infrastructure",<br>  "Environment": "csvd-infrastructure"<br>}</pre> | no |
-| vpc\_full\_name | VPC Name | `string` | `""` | no |
-| vpc\_id | VPC ID Number | `string` | n/a | yes |
+| <a name="input_egress_networks"></a> [egress\_networks](#input\_egress\_networks) | List of egress networks (all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_name"></a> [name](#input\_name) | Security group Name | `string` | `"m-oracle-db"` | no |
+| <a name="input_networks"></a> [networks](#input\_networks) | List of ingress networks (applies to all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Extra security group tags | `map` | <pre>{<br>  "CostAllocation": "csvd:infrastructure",<br>  "Environment": "csvd-infrastructure"<br>}</pre> | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC Name | `string` | `""` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID Number | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| this\_security\_group\_arn | Created security group ARN |
-| this\_security\_group\_id | Created security group ID |
+| <a name="output_this_security_group_arn"></a> [this\_security\_group\_arn](#output\_this\_security\_group\_arn) | Created security group ARN |
+| <a name="output_this_security_group_id"></a> [this\_security\_group\_id](#output\_this\_security\_group\_id) | Created security group ID |
diff --git a/rds-oracle/main.tf b/rds-oracle/main.tf
index 60be493..f3fd981 100644
--- a/rds-oracle/main.tf
+++ b/rds-oracle/main.tf
@@ -44,9 +44,12 @@ resource "aws_security_group" "this_security_group" {
   }
 
   tags = merge(
-    map("Name", "sg-${local.name}"),
     var.tags,
-    map("boc:tf_module_version", var._module_version),
-    map("boc:vpc:info", join(" ", compact(list(var.vpc_id, var.vpc_full_name)))),
+    tomap({
+      "Name"                  = "sg-${local.name}"
+      "boc:tf_module_version" = local._module_version
+      "boc:created_by"        = "terraform"
+      "boc:vpc:info"          = join(" ", compact(list(var.vpc_id, var.vpc_full_name)))
+    })
   )
 }
diff --git a/rds-oracle/ports.tf b/rds-oracle/ports.tf
index 80c0160..87e8dca 100644
--- a/rds-oracle/ports.tf
+++ b/rds-oracle/ports.tf
@@ -4,6 +4,7 @@ locals {
   ports = [
     [1521, 1521, "tcp", "oracle-db", []],
     [1570, 1571, "tcp", "oracle-db", []],
+    [2483, 2484, "tcp", "oracle-db", []],
     [3872, 3872, "tcp", "inbound-oracle-OEM", ["172.24.101.9/32", "172.24.101.10/32", "172.24.32.251/32"]],
     [7799, 7799, "tcp", "oracle-OEM", []],
   ]
@@ -12,3 +13,17 @@ locals {
   ports_fields     = ["from", "to", "proto", "description", "cidr"]
   ports_map        = [for p in local.ports : zipmap(local.ports_fields, p)]
 }
+
+# references
+#  https://docs.oracle.com/cd/B19306_01/install.102/b25293/app_port.htm
+#  https://docs.oracle.com/cd/B12037_01/network.101/b10776/protocoladd.htm
+#
+# Recommended Port Numbers
+# Table 4-2, "Recommended Port Numbers" lists the recommends the port numbers.
+# 
+# Table 4-2 Recommended Port Numbers
+# 
+# Port	Description
+# 1521	Default listening port for client connections to the listener. In future releases, this port number may change to the officially registered port number of 2483 for TCP/IP and 2484 for TCP/IP with SSL.
+# 1521	Default and officially registered listening port for client connections to Oracle Connection Manager
+# 1830	Default and officially registered listening port for administrative commands to Oracle Connection Manager
diff --git a/rds-oracle/version.tf b/rds-oracle/version.tf
index 38fadfd..e4a1130 100644
--- a/rds-oracle/version.tf
+++ b/rds-oracle/version.tf
@@ -1,5 +1,3 @@
-variable "_module_version" {
-  description = "Module version number"
-  type        = string
-  default     = "1.3"
+locals {
+  _module_version = "1.3.1"
 }