diff --git a/examples/vpc-transit-gateway-attachment/vpn-transit-gateway.tf b/examples/vpc-transit-gateway-attachment/vpn-transit-gateway.tf
new file mode 100644
index 0000000..cec2b6e
--- /dev/null
+++ b/examples/vpc-transit-gateway-attachment/vpn-transit-gateway.tf
@@ -0,0 +1,57 @@
+locals {
+  #  trs_region_outputs = data.terraform_remote_state.vpc_east.outputs
+  tgw_outputs = data.terraform_remote_state.vpc_global_transit-gateway.outputs
+  #  info_vpc    = data.terraform_remote_state.vpc.outputs.info_vpc
+
+  #   _prefixes = {
+  #     "transit-gateway"             = "tgw-"
+  #     "transit-gateway-peer"        = "tgwp-"
+  #     "transit-gateway-route-table" = "tgwr-"
+  #     "transit-gateway-attachment"  = "tgwa-"
+  #   }
+  use_prefixes = false
+}
+
+# vpn for transit gateway
+module "vpn_transit_gateway" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpn-transit-gateway?ref=tf-upgrade"
+
+  vpc_id                      = local.vpc_id
+  create                      = var.tgw_enable_vpn
+  profile                     = var.profile
+  vpc_name                    = var.vpc_name
+  vpc_short_name              = var.vpc_short_name
+  transit_gateway_id          = local.tgw_outputs.transit_gateway_ids[local.region]
+  tgw_environment             = var.tgw_environment
+  tgw_vpn_settings            = var.tgw_vpn_settings
+  use_tgw_prefixes            = local.use_prefixes
+  use_single_cgw              = var.use_single_cgw
+  tgw_route_table_association = local.tgw_outputs.transit_gateway_vpn_route_table_ids[local.region][var.tgw_environment]
+  tgw_route_table_propagation = [
+    local.tgw_outputs.transit_gateway_vpn_route_table_ids[local.region][var.tgw_environment],
+    local.tgw_outputs.transit_gateway_route_table_ids[local.region][var.tgw_environment],
+  ]
+  enable_cloudwatch_logging = true
+
+  tags = merge(
+    local.tags,
+    local.common_tags,
+    {
+      Environment           = "csvd:infrastructure"
+      CostAllocation        = "csvd:infrastructure:network"
+      "boc:tgw_environment" = var.tgw_environment
+    }
+  )
+}
+
+# propagate self cidr to vpn tgw route table
+resource "aws_ec2_transit_gateway_route_table_propagation" "vpn_vpc_self" {
+  count                          = var.tgw_enable_vpn && var.tgw_environment != null ? 1 : 0
+  transit_gateway_attachment_id  = one(module.vpc_tgw_self[*].vpc_attachment_id)
+  transit_gateway_route_table_id = local.tgw_outputs.transit_gateway_vpn_route_table_ids[local.region][var.tgw_environment]
+}
+
+output "tgw_vpn_labels" {
+  description = "Label for Transit Gateway VPNs for Description field of Endpoint device (Cisco ASR)"
+  value       = var.tgw_enable_vpn ? module.vpn_transit_gateway.vpn_labels : {}
+}
diff --git a/vpc-transit-gateway-association/common/README.md b/vpc-transit-gateway-association/common/README.md
new file mode 100644
index 0000000..0cfb0dc
--- /dev/null
+++ b/vpc-transit-gateway-association/common/README.md
@@ -0,0 +1,25 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+No modules.
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_data_input"></a> [data\_input](#input\_data\_input) | Map of data generated by vpc-transit-gateway-association-data | <pre>object({<br>    availablity_zone          = map(any)<br>    gateway_self              = string<br>    gateway_peer              = string<br>    route_tables_self         = map(any)<br>    route_tables_peer         = map(any)<br>    map_route_tables_self     = map(any)<br>    map_route_tables_peer     = map(any)<br>    map_vpn_route_tables_self = map(any)<br>    map_vpn_route_tables_peer = map(any)<br>    prefix_list_id_ipv4       = string<br>    vpn_prefix_list_id_ipv4   = string<br>    vpc_id                    = string<br>    vpc_cidr_block            = string<br>    vpc_cidr_blocks           = list(string)<br>  })</pre> | n/a | yes |
+
+## Outputs
+
+No outputs.