diff --git a/subnets/README.md b/subnets/README.md
new file mode 100644
index 0000000..7b182f4
--- /dev/null
+++ b/subnets/README.md
@@ -0,0 +1,78 @@
+# About aws-vpc-setup :: subnets
+
+This submodule creates public and private subnets.
+
+# Usage
+
+```hcl
+module "subnets" {
+  source               = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//subnets"
+  vpc_id               = var.vpc_id
+  availability_zones   = var.availability_zones
+  public_subnets       = [ { base_cidr = "10.188.16.0/24", label = "public", bits = 2, private = false } ]
+  private_subnets      = [
+    { base_cidr = "10.188.18.0/23", label = "private-lb", bits = 2, private = true },
+    { base_cidr = "10.188.20.0/23", label = "db", bits = 2, private = true },
+    { base_cidr = "10.188.22.0/23", label = "apps", bits = 2, private = true } ]
+
+  vpc_name             = var.vpc_name
+  vpc_short_name       = var.vpc_short_name
+  vpc_full_name        = var.vpc_full_name
+
+  tags = {}
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | List of objects with private subnet information to be created | <pre>list(object({<br>    base_cidr = string<br>    label     = string<br>    bits      = number<br>    private   = bool<br>    #      subnets     = list(string)<br>    #      labels      = list(string)<br>    #      availability_zones = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | List of objects with public subnet information to be created | <pre>list(object({<br>    base_cidr = string<br>    label     = string<br>    bits      = number<br>    private   = bool<br>    #      subnets     = list(string)<br>    #      labels      = list(string)<br>    #      availability_zones = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
+| <a name="input_vpc_index"></a> [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_vpc_short_name"></a> [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_availability_zone_ids"></a> [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list (3) |
+| <a name="output_availability_zone_names"></a> [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list (3) |
+| <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list (3) |
+| <a name="output_private_subnets_list"></a> [private\_subnets\_list](#output\_private\_subnets\_list) | Resulting private subnets list of objects: subnet, label, availability\_zone, id |
+| <a name="output_public_subnets_list"></a> [public\_subnets\_list](#output\_public\_subnets\_list) | Resulting public subnets list of objects: subnet, label, availability\_zone, id |
diff --git a/subnets/outputs.tf b/subnets/outputs.tf
new file mode 100644
index 0000000..6822e58
--- /dev/null
+++ b/subnets/outputs.tf
@@ -0,0 +1,24 @@
+locals {
+  output_public_subnets = [for subnet in local.public_map :
+    merge(
+      subnet,
+      tomap({ "id" = aws_subnet.public[subnet.label].id }),
+    )
+  ]
+  output_private_subnets = [for subnet in local.private_map :
+    merge(
+      subnet,
+      tomap({ "id" = aws_subnet.private[subnet.label].id }),
+    )
+  ]
+}
+
+output "public_subnets_list" {
+  description = "Resulting public subnets list of objects: subnet, label, availability_zone, id"
+  value       = local.output_public_subnets
+}
+
+output "private_subnets_list" {
+  description = "Resulting private subnets list of objects: subnet, label, availability_zone, id"
+  value       = local.output_private_subnets
+}
diff --git a/vpc/README.md b/vpc/README.md
new file mode 100644
index 0000000..eaba559
--- /dev/null
+++ b/vpc/README.md
@@ -0,0 +1,83 @@
+# About aws-vpc-setup :: vpc
+
+This submodule creates a VPC with DHCP setting.  Used in conjunction with other submodules (routing, subnets, etc.)
+it allows for a complete setup.  See the [main module](../README.md) documentation for more details.
+
+# Usage
+
+```hcl
+module "vpc" {
+  source               = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc"
+  vpc_name             = var.vpc_name
+  vpc_cidr_block       = var.vpc_cidr_block
+  vpc_index            = var.vpc_index
+  vpc_short_name       = var.vpc_short_name
+  vpc_full_name        = var.vpc_full_name
+  vpc_environment      = var.vpc_environment
+  vpc_domain_name      = var.vpc_domain_name
+  vpc_dns_servers      = var.vpc_dns_servers
+  vpc_ntp_servers      = var.vpc_ntp_servers
+
+  # optional
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+
+  tags = {}
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
+| [aws_vpc_dhcp_options.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options) | resource |
+| [aws_vpc_dhcp_options_association.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options_association) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_enable_dns_hostnames"></a> [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | Enable DNS hostnames within the VPC | `bool` | `true` | no |
+| <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | Enable DNS support within the VPC | `bool` | `true` | no |
+| <a name="input_network_census"></a> [network\_census](#input\_network\_census) | Census Subnets | `list` | <pre>[<br>  "148.129.0.0/16",<br>  "172.16.0.0/12",<br>  "192.168.0.0/16"<br>]</pre> | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR Block | `string` | n/a | yes |
+| <a name="input_vpc_dns_servers"></a> [vpc\_dns\_servers](#input\_vpc\_dns\_servers) | VPC DNS Servers (default: Enterprise primary DNS at BCC and HQ) | `list(string)` | <pre>[<br>  "148.129.127.22",<br>  "148.129.191.22"<br>]</pre> | no |
+| <a name="input_vpc_domain_name"></a> [vpc\_domain\_name](#input\_vpc\_domain\_name) | VPC Domain Name for DHCP settings | `string` | `"unknown.census.gov"` | no |
+| <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
+| <a name="input_vpc_index"></a> [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_vpc_ntp_servers"></a> [vpc\_ntp\_servers](#input\_vpc\_ntp\_servers) | VPC NTP Servers (default: Enterprise primary NPT at BCC and HQ) | `list(string)` | <pre>[<br>  "148.129.127.23",<br>  "148.129.191.23"<br>]</pre> | no |
+| <a name="input_vpc_short_name"></a> [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_vpc_arn"></a> [vpc\_arn](#output\_vpc\_arn) | VPC ARN |
+| <a name="output_vpc_dns_servers"></a> [vpc\_dns\_servers](#output\_vpc\_dns\_servers) | VPC DNS Servers |
+| <a name="output_vpc_domain_name"></a> [vpc\_domain\_name](#output\_vpc\_domain\_name) | VPC domain name |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | VPC ID |
+| <a name="output_vpc_info"></a> [vpc\_info](#output\_vpc\_info) | VPC info |