diff --git a/terraform-modules/aws/vpc-endpoint/README.md b/terraform-modules/aws/vpc-endpoint/README.md
new file mode 100644
index 000000000..1e5fe4ace
--- /dev/null
+++ b/terraform-modules/aws/vpc-endpoint/README.md
@@ -0,0 +1,37 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_vpc_endpoint.execute_api_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_private_dns_enabled"></a> [private\_dns\_enabled](#input\_private\_dns\_enabled) | Enable private DNS for the VPC endpoint | `bool` | `true` | no |
+| <a name="input_security_group_id"></a> [security\_group\_id](#input\_security\_group\_id) | ID of the security group to associate with the VPC endpoint | `any` | n/a | yes |
+| <a name="input_service_name"></a> [service\_name](#input\_service\_name) | Service name for the VPC endpoint | `any` | n/a | yes |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs where the VPC endpoint will be deployed | `list(string)` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | `{}` | no |
+| <a name="input_vpc_endpoint_type"></a> [vpc\_endpoint\_type](#input\_vpc\_endpoint\_type) | Type of VPC endpoint | `string` | `"Interface"` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC where the VPC endpoint will be created | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_execute_api_endpoint_id"></a> [execute\_api\_endpoint\_id](#output\_execute\_api\_endpoint\_id) | n/a |
diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf
new file mode 100644
index 000000000..4869fe90c
--- /dev/null
+++ b/terraform-modules/aws/vpc-endpoint/main.tf
@@ -0,0 +1,16 @@
+# Create a VPC endpoint for Execute API in the specified VPC
+resource "aws_vpc_endpoint" "execute_api_endpoint" {
+  vpc_id                = var.vpc_id
+  service_name          = var.service_name
+  vpc_endpoint_type     = var.vpc_endpoint_type
+  security_group_ids    = [var.security_group_id]
+  subnet_ids            = var.subnet_ids
+  private_dns_enabled   = var.private_dns_enabled
+  tags = var.tags
+}
+
+#data "aws_network_interface" "execute_api_nics" {
+#  for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids)
+#  id = each.key
+#  depends_on = ["aws_vpc_endpoint.execute_api_endpoint"]
+#}
\ No newline at end of file
diff --git a/terraform-modules/aws/vpc-endpoint/outputs.tf b/terraform-modules/aws/vpc-endpoint/outputs.tf
new file mode 100644
index 000000000..0e7e78f62
--- /dev/null
+++ b/terraform-modules/aws/vpc-endpoint/outputs.tf
@@ -0,0 +1,11 @@
+output "execute_api_endpoint_id" {
+  value = aws_vpc_endpoint.execute_api_endpoint.id
+}
+
+output "execute_api_endpoint_network_interface_ids" {
+  value = aws_vpc_endpoint.execute_api_endpoint.network_interface_ids
+}
+
+#output "execute_api_ips" {
+#  value = [for nic in data.aws_network_interface.execute_api_nics : nic.private_ip]
+#}
\ No newline at end of file
diff --git a/terraform-modules/aws/vpc-endpoint/variables.tf b/terraform-modules/aws/vpc-endpoint/variables.tf
new file mode 100644
index 000000000..963b49bd1
--- /dev/null
+++ b/terraform-modules/aws/vpc-endpoint/variables.tf
@@ -0,0 +1,32 @@
+variable "vpc_id" {
+  description = "ID of the VPC where the VPC endpoint will be created"
+}
+
+variable "security_group_id" {
+  description = "ID of the security group to associate with the VPC endpoint"
+}
+
+variable "subnet_ids" {
+  description = "List of subnet IDs where the VPC endpoint will be deployed"
+  type        = list(string)
+}
+
+variable "service_name" {
+  description = "Service name for the VPC endpoint"
+}
+
+variable "vpc_endpoint_type" {
+  description = "Type of VPC endpoint"
+  default     = "Interface"
+}
+
+variable "private_dns_enabled" {
+  description = "Enable private DNS for the VPC endpoint"
+  type        = bool
+  default     = true
+}
+
+variable "tags" {
+  type    = map(any)
+  default = {}
+}
\ No newline at end of file
diff --git a/terraform-modules/aws/waf/ip-set/README.md b/terraform-modules/aws/waf/ip-set/README.md
new file mode 100644
index 000000000..ea95dcc2f
--- /dev/null
+++ b/terraform-modules/aws/waf/ip-set/README.md
@@ -0,0 +1,78 @@
+## Why I might use ip set?
+An IP set is a feature provided by AWS Web Application Firewall (WAF) that allows you
+to define a collection of IP addresses or IP ranges (in CIDR notation) that you want
+to allow or block from accessing your web applications or APIs.
+
+There are several reasons why you might want to use an IP set:
+
+1. Security: By using an IP set, you can restrict access to your applications to a
+specific set of IP addresses. This helps to prevent unauthorized access, block
+malicious traffic, and protect your resources from various types of attacks, such as
+DDoS attacks or brute-force attempts.
+
+2. Whitelisting/Blacklisting: An IP set allows you to create a whitelist or
+blacklist of IP addresses. With a whitelist, you can specify the IP addresses that
+are allowed to access your application, blocking all others. Conversely, with a
+blacklist, you can specify the IP addresses that are not allowed, while allowing all
+other addresses.
+
+3. Geo-blocking: If you want to restrict access to your application based on
+geographic locations, an IP set can help. You can define IP ranges associated with
+specific countries or regions, allowing or blocking access based on those regions.
+This can be useful for compliance purposes or to prevent traffic from high-risk
+regions.
+
+4. Dynamic Updates: IP sets can be dynamically updated, allowing you to add or
+remove IP addresses as needed. This flexibility enables you to respond quickly to
+changing security requirements, such as adding new trusted IP addresses or blocking
+malicious sources.
+
+5. Integration with AWS WAF Rules: IP sets can be used in conjunction with other AWS
+WAF features, such as rules and conditions, to create more sophisticated access
+control policies. You can combine IP sets with rules to define complex logic for
+allowing or blocking traffic based on IP addresses, user agents, request headers, or
+other criteria.
+
+By leveraging AWS WAF's IP set feature, you can enhance the security of your web
+applications and APIs by controlling access at the IP address level. It provides a
+flexible and scalable mechanism to define and manage your desired IP address-based
+access control policies.
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_wafv2_ip_set.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_ip_set) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_ip_address_version"></a> [ip\_address\_version](#input\_ip\_address\_version) | (Required) Specify IPV4 or IPV6. Valid values are IPV4 or IPV6. | `string` | `"IPV4"` | no |
+| <a name="input_ip_addresses"></a> [ip\_addresses](#input\_ip\_addresses) | A list of IP addresses in CIDR notation to include in the IP set. | `list(string)` | n/a | yes |
+| <a name="input_ip_set_description"></a> [ip\_set\_description](#input\_ip\_set\_description) | A description of the IP set. | `string` | n/a | yes |
+| <a name="input_ip_set_name"></a> [ip\_set\_name](#input\_ip\_set\_name) | The name of the IP set. | `string` | n/a | yes |
+| <a name="input_scope"></a> [scope](#input\_scope) | (Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the Region US East (N. Virginia). | `string` | `"REGIONAL"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the IP set. | `map(string)` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The Amazon Resource Name (ARN) of the IP set. |
+| <a name="output_id"></a> [id](#output\_id) | A unique identifier for the IP set. |
+| <a name="output_tags_all"></a> [tags\_all](#output\_tags\_all) | A map of tags assigned to the IP set, including those inherited from the provider default\_tags configuration block. |
diff --git a/terraform-modules/aws/waf/ip-set/main.tf b/terraform-modules/aws/waf/ip-set/main.tf
new file mode 100644
index 000000000..5a2579dae
--- /dev/null
+++ b/terraform-modules/aws/waf/ip-set/main.tf
@@ -0,0 +1,11 @@
+# Create an AWS WAFv2 IP set
+
+resource "aws_wafv2_ip_set" "example" {
+  name               = var.ip_set_name
+  description        = var.ip_set_description
+  scope              = var.scope
+  ip_address_version = var.ip_address_version
+  addresses          = var.ip_addresses
+
+  tags = var.tags
+}
diff --git a/terraform-modules/aws/waf/ip-set/outputs.tf b/terraform-modules/aws/waf/ip-set/outputs.tf
new file mode 100644
index 000000000..5202f62ed
--- /dev/null
+++ b/terraform-modules/aws/waf/ip-set/outputs.tf
@@ -0,0 +1,16 @@
+# Define outputs for the IP set
+
+output "id" {
+  value       = aws_wafv2_ip_set.example.id
+  description = "A unique identifier for the IP set."
+}
+
+output "arn" {
+  value       = aws_wafv2_ip_set.example.arn
+  description = "The Amazon Resource Name (ARN) of the IP set."
+}
+
+output "tags_all" {
+  value       = aws_wafv2_ip_set.example.tags_all
+  description = "A map of tags assigned to the IP set, including those inherited from the provider default_tags configuration block."
+}
diff --git a/terraform-modules/aws/waf/ip-set/variables.tf b/terraform-modules/aws/waf/ip-set/variables.tf
new file mode 100644
index 000000000..983363227
--- /dev/null
+++ b/terraform-modules/aws/waf/ip-set/variables.tf
@@ -0,0 +1,33 @@
+# Define variables for the IP set
+
+variable "ip_set_name" {
+  type        = string
+  description = "The name of the IP set."
+}
+
+variable "ip_set_description" {
+  type        = string
+  description = "A description of the IP set."
+}
+
+variable "ip_addresses" {
+  type        = list(string)
+  description = "A list of IP addresses in CIDR notation to include in the IP set."
+}
+
+variable "scope" {
+  type        = string
+  description = "(Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the Region US East (N. Virginia)."
+  default     = "REGIONAL"
+}
+
+variable "ip_address_version" {
+  type        = string
+  description = "(Required) Specify IPV4 or IPV6. Valid values are IPV4 or IPV6."
+  default     = "IPV4"
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to assign to the IP set."
+}