diff --git a/terraform-modules/aws/qldb/main.tf b/terraform-modules/aws/qldb/main.tf
index 8dcb87819..642808eba 100644
--- a/terraform-modules/aws/qldb/main.tf
+++ b/terraform-modules/aws/qldb/main.tf
@@ -4,3 +4,48 @@ resource "aws_qldb_ledger" "this" {
   deletion_protection = var.deletion_protection
   tags                = var.tags
 }
+
+resource "aws_security_group" "qldb" {
+  name        = "qldb-${var.name}"
+  description = "qldb security group"
+  vpc_id      = var.vpc_id
+
+  dynamic "ingress" {
+    for_each = var.ingress_rule
+    content {
+      description      = ingress.value["description"]
+      from_port        = ingress.value["from_port"]
+      to_port          = ingress.value["to_port"]
+      protocol         = ingress.value["protocol"]
+      cidr_blocks      = ingress.value["cidr_blocks"]
+      ipv6_cidr_blocks = ingress.value["ipv6_cidr_blocks"]
+    }
+  }
+
+  dynamic "egress" {
+    for_each = var.egress_rule
+    content {
+      description      = egress.value["description"]
+      from_port        = egress.value["from_port"]
+      to_port          = egress.value["to_port"]
+      protocol         = egress.value["protocol"]
+      cidr_blocks      = egress.value["cidr_blocks"]
+      ipv6_cidr_blocks = egress.value["ipv6_cidr_blocks"]
+    }
+  }
+
+  tags = var.tags
+}
+
+resource "aws_vpc_endpoint" "qldb" {
+  vpc_id              = var.vpc_id
+  service_name        = "com.amazonaws.us-west-2.qldb.session"
+  vpc_endpoint_type   = "Interface"
+
+  security_group_ids  = [aws_security_group.qldb.id]
+  subnet_ids          = var.subnet_ids
+
+  private_dns_enabled = true
+
+  tags = var.tags
+}
\ No newline at end of file
diff --git a/terraform-modules/aws/qldb/outputs.tf b/terraform-modules/aws/qldb/outputs.tf
index 9a28b8721..4b4bf800c 100644
--- a/terraform-modules/aws/qldb/outputs.tf
+++ b/terraform-modules/aws/qldb/outputs.tf
@@ -5,3 +5,8 @@ output "id" {
 output "arn" {
   value       = aws_qldb_ledger.this.arn
 }
+
+output "vpc_endpoint_id" {
+  value       = aws_vpc_endpoint.qldb.id
+}
+
diff --git a/terraform-modules/aws/qldb/variables.tf b/terraform-modules/aws/qldb/variables.tf
index 08e8003c2..a087d7bcd 100644
--- a/terraform-modules/aws/qldb/variables.tf
+++ b/terraform-modules/aws/qldb/variables.tf
@@ -21,3 +21,47 @@ variable "tags" {
   default     = {}
   description = "AWS Tags"
 }
+
+variable "subnet_ids" {
+  type        = list(string)
+  default     = []
+  description = "(Required) The private subnet IDs in which the environment should be created. MWAA requires two subnets."
+}
+
+variable "vpc_id" {
+  type        = string
+  default     = ""
+  description = "The vpc ID"
+}
+
+variable "ingress_rule" {
+  type        = list(any)
+  description = "A list of ingress rules"
+  default = [
+    {
+      description      = "TLS from VPC"
+      //Port 443 is commonly used port for secure HTTPS traffic
+      from_port        = 443
+      to_port          = 443
+      protocol         = "tcp"
+      cidr_blocks      = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+      ipv6_cidr_blocks = []
+    },
+  ]
+}
+
+variable "egress_rule" {
+  type        = list(any)
+  description = "A list of egress rules"
+  default = [
+    {
+      description      = "Allow outbound HTTPS traffic to VPC"
+      //Port 443 is commonly used port for secure HTTPS traffic
+      from_port        = 443
+      to_port          = 443
+      protocol         = "tcp"
+      cidr_blocks      = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"] 
+      ipv6_cidr_blocks = ["::/0"]
+    },
+  ]
+}
\ No newline at end of file