diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/README.md b/automation/terraform/modules/google-cloud/cloud-postgres/README.md
new file mode 100644
index 00000000000..7ac9d424959
--- /dev/null
+++ b/automation/terraform/modules/google-cloud/cloud-postgres/README.md
@@ -0,0 +1,26 @@
+# Google Cloud Postgres Deployment
+
+This terraform configuration is used to deploy an instance of Google Cloud Postgres. Although the default configuration works without creating a conflict, it is recommended to deploy the postgres instance as a module within a larger terraform deployment (which passes it unique var values).
+
+The default configuration uses Google Secret Manager to pull in a password for the default `postgres` user. After deployment, the assigned IP addresses, username, and password will be printed to the terminal as shown below:
+
+```
+Outputs:
+
+cloud_postgres_ip = tolist([
+  {
+    "ip_address" = "35.35.35.35" <---- example IP
+    "time_to_retire" = ""
+    "type" = "PRIMARY"
+  },
+  {
+    "ip_address" = "34.34.34.34" <---- example IP
+    "time_to_retire" = ""
+    "type" = "OUTGOING"
+  },
+])
+db_password = "PASSWORD_HERE"
+db_user = "postgres"
+```
+
+The `PRIMARY` IP should be used when connecting to the new instance. By default, not database or schema is defined on the newly deployed db.
diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/main.tf b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf
new file mode 100644
index 00000000000..bcf21243df1
--- /dev/null
+++ b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf
@@ -0,0 +1,36 @@
+# Configure the Google Cloud provider
+provider "google" {
+  project = var.gcp_project
+  region  = var.gcp_region
+}
+
+resource "random_id" "instance_id" {
+  byte_length = 4
+}
+
+data "google_secret_manager_secret_version" "db_password" {
+  provider = google
+  secret   = var.db_pass
+}
+
+# Create a Google Cloud SQL PostgreSQL instance
+resource "google_sql_database_instance" "postgres_instance" {
+  name             = "${var.db_name}-${random_id.instance_id.hex}"
+  database_version = var.postgres_version
+  project          = var.gcp_project
+  region           = var.gcp_region
+  settings {
+    tier = var.db_spec
+    user_labels = {
+      service = var.service_label
+    }
+  }
+  deletion_protection = var.deletion_protection
+}
+
+# Define the database user
+resource "google_sql_user" "database_user" {
+  name     = var.db_user
+  instance = google_sql_database_instance.postgres_instance.name
+  password = data.google_secret_manager_secret_version.db_password.secret_data
+}
diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/output.tf b/automation/terraform/modules/google-cloud/cloud-postgres/output.tf
new file mode 100644
index 00000000000..b6f2e78cd34
--- /dev/null
+++ b/automation/terraform/modules/google-cloud/cloud-postgres/output.tf
@@ -0,0 +1,13 @@
+output "cloud_postgres_ip" {
+  value = google_sql_database_instance.postgres_instance.ip_address
+}
+
+output "db_user" {
+  value = google_sql_user.database_user.name
+}
+
+output "db_password" {
+  value = data.google_secret_manager_secret_version.db_password.secret_data
+}
+
+
diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf
new file mode 100644
index 00000000000..fe6c59fbdd6
--- /dev/null
+++ b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf
@@ -0,0 +1,39 @@
+variable "gcp_project" {
+  default = "o1labs-192920"
+}
+
+variable "gcp_region" {
+  default = "us-east4"
+}
+
+variable "gcp_zone" {
+  default = "us-east4-b"
+}
+
+variable "db_name" {
+  default = "o1db"
+}
+
+variable "db_user" {
+  default = "postgres"
+}
+
+variable "db_pass" {
+  default = "o1db-pass"
+}
+
+variable "deletion_protection" {
+  default = false
+}
+
+variable "postgres_version" {
+  default = "POSTGRES_14"
+}
+
+variable "db_spec" {
+  default = "db-g1-small"
+}
+
+variable "service_label" {
+  default = "none"
+}