diff --git a/modules/multi-port-sg/README.md b/modules/multi-port-sg/README.md
new file mode 100644
index 00000000..54adec34
--- /dev/null
+++ b/modules/multi-port-sg/README.md
@@ -0,0 +1,3 @@
+## Multiple Port Security Group Rule
+
+Create an `aws_security_group_rule` to allow ingress on some ports.
diff --git a/modules/multi-port-sg/main.tf b/modules/multi-port-sg/main.tf
new file mode 100644
index 00000000..88ff922a
--- /dev/null
+++ b/modules/multi-port-sg/main.tf
@@ -0,0 +1,57 @@
+/**
+ * ## Multiple Ports Security Group Rule
+ *
+ * Create an `aws_security_group_rule` to allow ingress on some ports.
+ *
+ */
+
+variable "security_group_id" {
+  description = "security group to attach the ingress rules to"
+  type        = string
+}
+
+variable "cidr_blocks" {
+  description = "List of CIDR block ranges that the SG allows ingress from"
+  type        = list(string)
+}
+
+variable "description" {
+  description = "Use this string to add a description for the SG rule"
+  type        = string
+}
+
+variable "tcp_ports" {
+  description = "TCP ports to open"
+  type        = set(string)
+  default     = []
+}
+
+variable "udp_ports" {
+  description = "UDP ports to open"
+  type        = set(string)
+  default     = []
+}
+
+# ingress rules for TCP
+resource "aws_security_group_rule" "tcp-ingress" {
+  for_each          = var.tcp_ports
+  type              = "ingress"
+  description       = "${var.description} (tcp)"
+  from_port         = each.value
+  to_port           = each.value
+  protocol          = "tcp"
+  cidr_blocks       = var.cidr_blocks
+  security_group_id = var.security_group_id
+}
+
+# ingress rule for UDP, if any ports were specified
+resource "aws_security_group_rule" "udp-ingress" {
+  for_each          = var.udp_ports
+  type              = "ingress"
+  description       = "${var.description} (udp)"
+  from_port         = each.value
+  to_port           = each.value
+  protocol          = "udp"
+  cidr_blocks       = var.cidr_blocks
+  security_group_id = var.security_group_id
+}
diff --git a/modules/multi-port-sg/versions.tf b/modules/multi-port-sg/versions.tf
new file mode 100644
index 00000000..ac97c6ac
--- /dev/null
+++ b/modules/multi-port-sg/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}