diff --git a/locals.tf b/locals.tf
new file mode 100644
index 0000000..a435bc4
--- /dev/null
+++ b/locals.tf
@@ -0,0 +1,31 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Local values for resource names and tags
+locals {
+  resource_group_name             = module.resource_names["resource_group"].standard
+  endpoint_name                   = "hygtmp-sandbox-004-neu-postgresql-001"
+  private_endpoint_tags = merge({ resource_name = local.endpoint_name }, local.default_tags, var.tags)
+  endpoint_name                   = var.endpoint_name
+  private_endpoint_tags = merge({ resource_name = local.endpoint_name }, local.default_tags, var.tags)
+  private_service_connection_name = "${local.endpoint_name}-psc"
+    default_tags = {
+    "provisioner" = "terraform"
+  default_tags = {
+    "provisioner" = "terraform"
+  }
+  private_endpoint_tags = merge({ resource_name = local.endpoint_name }, local.default_tags, var.tags)
+  private_service_connection_name = "hygtmp-sandbox-004-neu-postgresql-001-psc"
+}
+
+ 
\ No newline at end of file
diff --git a/main.tf b/main.tf
index c4fd1fb..dc0e5a3 100644
--- a/main.tf
+++ b/main.tf
@@ -1,3 +1,4 @@
+
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -101,3 +102,25 @@ module "postgresql_server_ad_administrator" {
   principal_name = var.ad_administrator.principal_name
   principal_type = var.ad_administrator.principal_type
 }
+
+module "private_endpoint" {
+  source  = "terraform.registry.launch.nttdata.com/module_primitive/private_endpoint/azurerm"
+  version = "~> 1.0"
+
+  count = var.public_network_access_enabled ? 0 : 1
+
+  endpoint_name                   = local.endpoint_name
+  resource_group_name             = local.resource_group_name
+  region                          = var.location
+  subnet_id                       = var.subnet_id
+  private_dns_zone_group_name     = var.private_dns_zone_group_name
+  private_dns_zone_ids            = var.private_dns_zone_ids
+  is_manual_connection            = var.is_manual_connection
+  private_connection_resource_id  = module.postgresql_server.id
+  subresource_names               = var.subresource_names
+  request_message                 = var.request_message
+  tags                            = local.private_endpoint_tags
+  private_service_connection_name = local.private_service_connection_name
+
+  depends_on = [module.postgresql_server]
+}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
index e6f29c9..175b133 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -52,4 +52,4 @@ output "source_server_id" {
 
 output "server_configuration" {
   value = { for config in module.postgresql_server_configuration : config.name => config.value }
-}
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index e3d4e69..572fc6b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -146,6 +146,56 @@ variable "delegated_subnet_id" {
   type        = string
   default     = null
 }
+variable "subnet_id" {
+  description = <<EOT
+    The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint.
+    Changing this forces a new resource to be created.
+  EOT
+  type        = string
+  default     = null
+}
+
+variable "private_dns_zone_group_name" {
+  description = "Specifies the Name of the Private DNS Zone Group."
+  type        = string
+  default     = "vault"
+}
+
+
+variable "private_dns_zone_ids" {
+  description = "A list of Private DNS Zone IDs to link with the Private Endpoint."
+  type        = list(string)
+  default     = []
+}
+
+variable "is_manual_connection" {
+  description = <<EOT
+    Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource
+    to be created.
+  EOT
+  type        = bool
+  default     = false
+}
+
+variable "subresource_names" {
+  description = <<EOT
+    A list of subresource names which the Private Endpoint is able to connect to. subresource_names corresponds to group_id.
+    Possible values are detailed in the product documentation in the Subresources column.
+    https://docs.microsoft.com/azure/private-link/private-endpoint-overview#private-link-resource
+  EOT
+  type        = list(string)
+  default     = ["vault"]
+}
+
+variable "request_message" {
+  description = <<EOT
+    A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection
+    to the remote resource. The request message can be a maximum of 140 characters in length.
+    Only valid if `is_manual_connection=true`
+  EOT
+  type        = string
+  default     = ""
+}
 
 variable "private_dns_zone_id" {
   description = "The ID of the private DNS zone. Required when `delegated_subnet_id` is set"
@@ -339,4 +389,4 @@ variable "tags" {
   description = "A mapping of tags to assign to the resource."
   type        = map(string)
   default     = {}
-}
+}
\ No newline at end of file