diff --git a/rds-postgres/CHANGELOG.md b/rds-postgres/CHANGELOG.md
new file mode 100644
index 0000000..239a373
--- /dev/null
+++ b/rds-postgres/CHANGELOG.md
@@ -0,0 +1,3 @@
+# v1.3 -- 20200604
+
+* add module version, update tags
diff --git a/rds-postgres/README.md b/rds-postgres/README.md
new file mode 100644
index 0000000..3ebe3d2
--- /dev/null
+++ b/rds-postgres/README.md
@@ -0,0 +1,57 @@
+# About
+
+This describes how to use the aws-common-security-groups submodule for rds-postgres
+
+# Usage
+
+```code
+module "rds-postgres" {
+ source = "git::https://vc1.csvd.census.gov/terraform-modules/aws-common-security-groups.git//rds-postgres"
+
+ # name = "m-rds-postgres"
+ vpc_id = var.vpc_id
+ # Name, CostAllocation, and Environment are pre-set
+ # tags = { }
+}
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Modules
+
+No Modules.
+
+## Resources
+
+| Name |
+|------|
+| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| \_module\_version | Module version number | `string` | `"1.3"` | no |
+| egress\_networks | List of egress networks (all ports) | `list(string)` | [
"0.0.0.0/0"
]
| no |
+| name | Security group Name | `string` | `"m-postgres-db"` | no |
+| networks | List of ingress networks (applies to all ports) | `list(string)` | [
"0.0.0.0/0"
]
| no |
+| tags | Extra security group tags | `map` | {
"CostAllocation": "csvd:infrastructure",
"Environment": "csvd-infrastructure"
} | no |
+| vpc\_full\_name | VPC Name | `string` | `""` | no |
+| vpc\_id | VPC ID Number | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this\_security\_group\_arn | Created security group ARN |
+| this\_security\_group\_id | Created security group ID |
diff --git a/rds-postgres/main.tf b/rds-postgres/main.tf
new file mode 100644
index 0000000..84b5dae
--- /dev/null
+++ b/rds-postgres/main.tf
@@ -0,0 +1,52 @@
+/**
+* # About
+*
+* This describes how to use the aws-common-security-groups submodule for rds-oracle
+*
+* # Usage
+*
+* ```code
+* module "rds-postgres" {
+* source = "git::https://vc1.csvd.census.gov/terraform-modules/aws-common-security-groups.git//rds-postgres"
+*
+* # name = "m-rds-postgres"
+* vpc_id = var.vpc_id
+* # Name, CostAllocation, and Environment are pre-set
+* # tags = { }
+* }
+* ```
+*/
+
+resource "aws_security_group" "this_security_group" {
+ name = local.name
+ description = local.description
+ vpc_id = var.vpc_id
+
+ # portlist
+ dynamic "ingress" {
+ for_each = local.ports_map
+ iterator = p
+ content {
+ description = "${local.description}: ${p.value["description"]}"
+ from_port = p.value["from"]
+ to_port = p.value["to"]
+ protocol = p.value["proto"]
+ cidr_blocks = length(p.value["cidr"]) == 0 ? local.ingress_networks : p.value["cidr"]
+ }
+ }
+
+ egress {
+ description = "${local.description}: All"
+ from_port = 0
+ to_port = 0
+ protocol = -1
+ cidr_blocks = local.egress_networks
+ }
+
+ tags = merge(
+ map("Name", "sg-${local.name}"),
+ var.tags,
+ map("boc:tf_module_version", var._module_version),
+ map("boc:vpc:info", join(" ", compact(list(var.vpc_id, var.vpc_full_name)))),
+ )
+}
diff --git a/rds-postgres/output.tf b/rds-postgres/output.tf
new file mode 100644
index 0000000..fbdd35a
--- /dev/null
+++ b/rds-postgres/output.tf
@@ -0,0 +1,9 @@
+output "this_security_group_id" {
+ description = "Created security group ID"
+ value = aws_security_group.this_security_group.id
+}
+
+output "this_security_group_arn" {
+ description = "Created security group ARN"
+ value = aws_security_group.this_security_group.arn
+}
diff --git a/rds-postgres/ports.tf b/rds-postgres/ports.tf
new file mode 100644
index 0000000..75527b3
--- /dev/null
+++ b/rds-postgres/ports.tf
@@ -0,0 +1,11 @@
+locals {
+ description = "module: PostGres common ports"
+ name = var.name
+ ports = [
+ [5482, 5482, "tcp", "postgres-db", []],
+ ]
+ ingress_networks = var.networks
+ egress_networks = var.egress_networks
+ ports_fields = ["from", "to", "proto", "description", "cidr"]
+ ports_map = [for p in local.ports : zipmap(local.ports_fields, p)]
+}
diff --git a/rds-postgres/variables.tf b/rds-postgres/variables.tf
new file mode 100644
index 0000000..d7c1cde
--- /dev/null
+++ b/rds-postgres/variables.tf
@@ -0,0 +1,38 @@
+variable "vpc_id" {
+ description = "VPC ID Number"
+ type = string
+}
+
+variable "vpc_full_name" {
+ description = "VPC Name"
+ type = string
+ default = ""
+}
+
+variable "name" {
+ description = "Security group Name"
+ type = string
+ # default = "m-rds-postgres"
+ default = "m-postgres-db"
+}
+
+variable "networks" {
+ description = "List of ingress networks (applies to all ports)"
+ type = list(string)
+ default = ["0.0.0.0/0"]
+}
+
+variable "egress_networks" {
+ description = "List of egress networks (all ports)"
+ type = list(string)
+ default = ["0.0.0.0/0"]
+}
+
+variable "tags" {
+ description = "Extra security group tags"
+ type = map
+ default = {
+ "CostAllocation" = "csvd:infrastructure"
+ "Environment" = "csvd-infrastructure"
+ }
+}
diff --git a/rds-postgres/version.tf b/rds-postgres/version.tf
new file mode 100644
index 0000000..38fadfd
--- /dev/null
+++ b/rds-postgres/version.tf
@@ -0,0 +1,5 @@
+variable "_module_version" {
+ description = "Module version number"
+ type = string
+ default = "1.3"
+}
diff --git a/rds-postgres/versions.tf b/rds-postgres/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/rds-postgres/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}