diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f4873d7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,13 @@
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfvars files
+*.tfvars
+
+.terraform/*
+logs
+common/README.md
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..6f20ddd
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,18 @@
+repos:
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.48.0
+  hooks:
+#    - id: terraform_validate
+    - id: terraform_fmt
+    - id: terraform_docs_replace
+      args: ['table']
+      exclude: common/*.tf
+      exclude: version.tf
+    - id: terraform_tflint 
+      args:  [ "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"]
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v3.4.0
+  hooks:
+    - id: check-symlinks
+    - id: detect-aws-credentials
+    - id: detect-private-key
diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000..fcc2fa8
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,21 @@
+config {
+  module = true
+  force = false
+  disabled_by_default = false
+
+#  ignore_module = {
+#    "terraform-aws-modules/vpc/aws"            = true
+#    "terraform-aws-modules/security-group/aws" = true
+#  }
+
+#  varfile = ["example1.tfvars", "example2.tfvars"]
+#  variables = ["foo=bar", "bar=[\"baz\"]"]
+}
+
+rule "aws_instance_invalid_type" {
+  enabled = true
+}
+
+plugin "aws" {
+  enabled = true
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..b6d58f4
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,4 @@
+# Versions
+
+* v1.0.0 -- 20210502
+  - initial creation
diff --git a/common/data.tf b/common/data.tf
new file mode 100644
index 0000000..c99f19d
--- /dev/null
+++ b/common/data.tf
@@ -0,0 +1,23 @@
+data "aws_caller_identity" "current" {}
+
+data "aws_arn" "current" {
+  arn = data.aws_caller_identity.current.arn
+}
+
+data "aws_region" "current" {}
+
+# output "caller_account_id" {
+#   value = data.aws_caller_identity.current.account_id
+# }
+#
+# output "account_caller_arn" {
+#   value = data.aws_caller_identity.current.arn
+# }
+#
+# output "account_caller_arn_partition" {
+#   value = data.aws_arn.current.partition
+# }
+#
+# output "account_region_name" {
+#   value = data.aws_region.current.name
+# }
diff --git a/common/defaults.tf b/common/defaults.tf
new file mode 100644
index 0000000..8d1ef16
--- /dev/null
+++ b/common/defaults.tf
@@ -0,0 +1,22 @@
+# for the accesss logs for load balancers
+# https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions
+
+locals {
+  _defaults = {
+    "load-balancer" = {
+      "gov"           = ["190560391635", "048591011584"]
+      "us-gov-east-1" = "190560391635"
+      "us-gov-west-1" = "048591011584"
+
+      "ew"        = ["127311923021", "033677994240", "027434742980", "797873946194"]
+      "us-east-1" = "127311923021"
+      "us-east-2" = "033677994240"
+      "us-west-1" = "027434742980"
+      "us-west-2" = "797873946194"
+    }
+    "ses" = {
+      "event_types" = ["bounce", "delivery", "complaint"]
+    }
+  }
+}
+
diff --git a/common/prefixes.tf b/common/prefixes.tf
new file mode 100644
index 0000000..0e2960d
--- /dev/null
+++ b/common/prefixes.tf
@@ -0,0 +1,26 @@
+locals {
+  _prefixes = {
+    "efs"            = "v-efs-"
+    "s3"             = "v-s3-"
+    "ebs"            = "v-ebs-"
+    "kms"            = "k-kms-"
+    "role"           = "r-"
+    "policy"         = "p-"
+    "group"          = "g-"
+    "security-group" = "" # "sg-"
+    # VPC
+    "vpc"              = ""
+    "dhcp-options"     = ""
+    "vpc-peer"         = "vpcp-"
+    "route-table"      = "route-"
+    "subnet"           = ""
+    "vpc-endpoint"     = "vpce-"
+    "elastic-ip"       = "eip-"
+    "nat-gateway"      = "nat-"
+    "internet-gateway" = "igw-"
+    "network-acl"      = "nacl-"
+    "customer-gateway" = "cgw-"
+    "vpn-gateweay"     = "vpcg-"
+    "vpn-connection"   = "vpn_"
+  }
+}
diff --git a/common/variables.common.tf b/common/variables.common.tf
new file mode 100644
index 0000000..1f96a36
--- /dev/null
+++ b/common/variables.common.tf
@@ -0,0 +1,26 @@
+#---
+# account info
+#---
+variable "account_id" {
+  description = "AWS Account ID (default will pull from current user)"
+  type        = string
+  default     = ""
+}
+
+variable "account_alias" {
+  description = "AWS Account Alias"
+  type        = string
+  default     = ""
+}
+
+variable "override_prefixes" {
+  description = "Override built-in prefixes by component. This should be used primarily for common infrastructure things"
+  type        = map(string)
+  default     = {}
+}
+
+variable "tags" {
+  description = "AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data_safeguard field for such things."
+  type        = map(string)
+  default     = {}
+}
diff --git a/common/variables.common.vpc.tf b/common/variables.common.vpc.tf
new file mode 100644
index 0000000..30643a3
--- /dev/null
+++ b/common/variables.common.vpc.tf
@@ -0,0 +1,32 @@
+#---
+# common variables for defining specific VPC components used throughout the submodules
+#---
+variable "vpc_name" {
+  description = "VPC name component used through the VPC descrbing its purpose (ex: dice-dev)"
+  type        = string
+  default     = null
+}
+
+variable "vpc_short_name" {
+  description = "VPC short name component (vpc{index})"
+  type        = string
+  default     = null
+}
+
+variable "vpc_full_name" {
+  description = "VPC full name component (vpc{index}-{vpc_name})"
+  type        = string
+  default     = null
+}
+
+variable "vpc_index" {
+  description = "VPC index number (integer starting at 1)"
+  type        = number
+  default     = null
+}
+
+variable "vpc_environment" {
+  description = "VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod)"
+  type        = string
+  default     = null
+}
diff --git a/common/version.tf b/common/version.tf
new file mode 100644
index 0000000..fa2705b
--- /dev/null
+++ b/common/version.tf
@@ -0,0 +1,3 @@
+locals {
+  _module_version = "1.0.0"
+}
diff --git a/security-groups/data.tf b/security-groups/data.tf
new file mode 120000
index 0000000..995624d
--- /dev/null
+++ b/security-groups/data.tf
@@ -0,0 +1 @@
+../common/data.tf
\ No newline at end of file
diff --git a/security-groups/defaults.tf b/security-groups/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/security-groups/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/security-groups/main.tf b/security-groups/main.tf
new file mode 100644
index 0000000..979a17b
--- /dev/null
+++ b/security-groups/main.tf
@@ -0,0 +1,70 @@
+/*
+* # About aws-vpc-setup :: security-groups
+* 
+* This sets up the default base security groups needed in each VPC from the `aws-common-security-groups` module
+* and associated submodules.
+* * it-linux-base
+* * it-windows-base
+* * ois-scanner
+* 
+* # Usage
+* 
+* ```hcl
+* module "vpc-base-security-groups"
+*   source          = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//security-groups"
+*   vpc_id          = "vpc-1234568"
+*   vpc_full_name   = "vpc2-dice-dev"
+*   vpc_environment = "dev"
+*   tags            = {}
+* }
+* ```
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:created_by"        = "terraform"
+  }
+}
+
+module "sg-linux-base" {
+  source        = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//it-linux-base"
+  vpc_id        = var.vpc_id
+  vpc_full_name = var.vpc_full_name
+  use_vpc_cidr  = false
+  enable_self   = false
+  tags = merge(
+    local.base_tags,
+    local.tags,
+    map("Environment", var.vpc_environment),
+  )
+}
+
+module "sg-windows-base" {
+  source        = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//it-windows-base"
+  vpc_id        = var.vpc_id
+  vpc_full_name = var.vpc_full_name
+  use_vpc_cidr  = false
+  enable_self   = false
+  tags = merge(
+    local.base_tags,
+    local.tags,
+    map("Environment", var.vpc_environment),
+  )
+}
+
+module "sg-ois-scanner" {
+  source        = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//ois-scanner"
+  vpc_id        = var.vpc_id
+  vpc_full_name = var.vpc_full_name
+  use_vpc_cidr  = false
+  enable_self   = false
+  tags = merge(
+    local.tags,
+    local.base_tags,
+    map("Environment", var.vpc_environment),
+  )
+}
diff --git a/security-groups/prefixes.tf b/security-groups/prefixes.tf
new file mode 120000
index 0000000..7e265d5
--- /dev/null
+++ b/security-groups/prefixes.tf
@@ -0,0 +1 @@
+../common/prefixes.tf
\ No newline at end of file
diff --git a/security-groups/variables.common.tf b/security-groups/variables.common.tf
new file mode 120000
index 0000000..7439ed8
--- /dev/null
+++ b/security-groups/variables.common.tf
@@ -0,0 +1 @@
+../common/variables.common.tf
\ No newline at end of file
diff --git a/security-groups/variables.common.vpc.tf b/security-groups/variables.common.vpc.tf
new file mode 120000
index 0000000..5e77d37
--- /dev/null
+++ b/security-groups/variables.common.vpc.tf
@@ -0,0 +1 @@
+../common/variables.common.vpc.tf
\ No newline at end of file
diff --git a/security-groups/variables.tf b/security-groups/variables.tf
new file mode 100644
index 0000000..38ced37
--- /dev/null
+++ b/security-groups/variables.tf
@@ -0,0 +1,5 @@
+variable "vpc_id" {
+  description = "VPC ID"
+  type        = string
+}
+
diff --git a/security-groups/version.tf b/security-groups/version.tf
new file mode 120000
index 0000000..b83c5b7
--- /dev/null
+++ b/security-groups/version.tf
@@ -0,0 +1 @@
+../common/version.tf
\ No newline at end of file