diff --git a/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md b/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md
index a5709df46..56f55d901 100644
--- a/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md
+++ b/avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md
@@ -1,10 +1,9 @@
 
 Enable logging for API Gateway stages
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good Example of ApiGateway
 Resources:
   GoodApi:
     Type: AWS::ApiGatewayV2::Api
@@ -16,4 +15,7 @@ Resources:
         Format: json
       ApiId: !Ref GoodApi
       StageName: GoodApiStage
+
 ```
+
+
diff --git a/avd_docs/aws/apigateway/AVD-AWS-0001/Terraform.md b/avd_docs/aws/apigateway/AVD-AWS-0001/Terraform.md
index d2bbddf71..9c220637b 100644
--- a/avd_docs/aws/apigateway/AVD-AWS-0001/Terraform.md
+++ b/avd_docs/aws/apigateway/AVD-AWS-0001/Terraform.md
@@ -2,28 +2,29 @@
 Enable logging for API Gateway stages
 
 ```hcl
-resource "aws_apigatewayv2_stage" "good_example" {
-  api_id = aws_apigatewayv2_api.example.id
-  name   = "example-stage"
-  
-  access_log_settings {
-    destination_arn = ""
-    format          = ""
-  }
-}
-
-resource "aws_api_gateway_stage" "good_example" {
-  deployment_id = aws_api_gateway_deployment.example.id
-  rest_api_id   = aws_api_gateway_rest_api.example.id
-  stage_name    = "example"
-  
-  access_log_settings {
-    destination_arn = ""
-    format          = ""
-  }
-}
+ resource "aws_apigatewayv2_stage" "good_example" {
+   api_id = aws_apigatewayv2_api.example.id
+   name   = "example-stage"
+ 
+   access_log_settings {
+    destination_arn = "arn:aws:logs:region:0123456789:log-group:access_logging"
+    format          = "json"
+   }
+ }
+ 
+ resource "aws_api_gateway_stage" "good_example" {
+   deployment_id = aws_api_gateway_deployment.example.id
+   rest_api_id   = aws_api_gateway_rest_api.example.id
+   stage_name    = "example"
+ 
+   access_log_settings {
+     destination_arn = "arn:aws:logs:region:0123456789:log-group:access_logging"
+     format          = "json"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_stage#access_log_settings
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/apigateway/AVD-AWS-0002/Terraform.md b/avd_docs/aws/apigateway/AVD-AWS-0002/Terraform.md
index 2654b683b..6d0a04e06 100644
--- a/avd_docs/aws/apigateway/AVD-AWS-0002/Terraform.md
+++ b/avd_docs/aws/apigateway/AVD-AWS-0002/Terraform.md
@@ -2,27 +2,29 @@
 Enable cache encryption
 
 ```hcl
-resource "aws_api_gateway_rest_api" "example" {
-  
-}
+ resource "aws_api_gateway_rest_api" "example" {
+	
+ }
 
-resource "aws_api_gateway_stage" "example" {
-  
-}
+ resource "aws_api_gateway_stage" "example" {
 
-resource "aws_api_gateway_method_settings" "good_example" {
-  rest_api_id = aws_api_gateway_rest_api.example.id
-  stage_name  = aws_api_gateway_stage.example.stage_name
-  method_path = "path1/GET"
-  
-  settings {
-    metrics_enabled = true
-    logging_level   = "INFO"
-    cache_data_encrypted = true
-  }
-}
+ }
+
+ resource "aws_api_gateway_method_settings" "good_example" {
+   rest_api_id = aws_api_gateway_rest_api.example.id
+   stage_name  = aws_api_gateway_stage.example.stage_name
+   method_path = "path1/GET"
+ 
+   settings {
+     metrics_enabled = true
+     logging_level   = "INFO"
+     caching_enabled = true
+     cache_data_encrypted = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_settings#cache_data_encrypted
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/apigateway/AVD-AWS-0003/Terraform.md b/avd_docs/aws/apigateway/AVD-AWS-0003/Terraform.md
index 9cb06bfd1..0feb27312 100644
--- a/avd_docs/aws/apigateway/AVD-AWS-0003/Terraform.md
+++ b/avd_docs/aws/apigateway/AVD-AWS-0003/Terraform.md
@@ -2,18 +2,19 @@
 Enable tracing
 
 ```hcl
-resource "aws_api_gateway_rest_api" "test" {
-  
-}
+ resource "aws_api_gateway_rest_api" "test" {
+	
+ }
 
-resource "aws_api_gateway_stage" "good_example" {
-  stage_name    = "prod"
-  rest_api_id   = aws_api_gateway_rest_api.test.id
-  deployment_id = aws_api_gateway_deployment.test.id
-  xray_tracing_enabled = true
-}
+ resource "aws_api_gateway_stage" "good_example" {
+   stage_name    = "prod"
+   rest_api_id   = aws_api_gateway_rest_api.test.id
+   deployment_id = aws_api_gateway_deployment.test.id
+   xray_tracing_enabled = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage#xray_tracing_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/apigateway/AVD-AWS-0004/Terraform.md b/avd_docs/aws/apigateway/AVD-AWS-0004/Terraform.md
index 6d3fb3e7a..102ec3c02 100644
--- a/avd_docs/aws/apigateway/AVD-AWS-0004/Terraform.md
+++ b/avd_docs/aws/apigateway/AVD-AWS-0004/Terraform.md
@@ -2,18 +2,58 @@
 Use and authorization method or require API Key
 
 ```hcl
-resource "aws_api_gateway_rest_api" "MyDemoAPI" {
-  
-}
-
-resource "aws_api_gateway_method" "good_example" {
-  rest_api_id   = aws_api_gateway_rest_api.MyDemoAPI.id
-  resource_id   = aws_api_gateway_resource.MyDemoResource.id
-  http_method   = "GET"
-  authorization = "AWS_IAM"
-}
+ resource "aws_api_gateway_rest_api" "MyDemoAPI" {
+	
+ }
+
+ resource "aws_api_gateway_resource" "MyDemoResource" {
+	rest_api_id      = aws_api_gateway_rest_api.MyDemoAPI.id
+ }
+
+ resource "aws_api_gateway_method" "good_example" {
+   rest_api_id   = aws_api_gateway_rest_api.MyDemoAPI.id
+   resource_id   = aws_api_gateway_resource.MyDemoResource.id
+   http_method   = "GET"
+   authorization = "AWS_IAM"
+ }
+ 
+```
+```hcl
+ resource "aws_api_gateway_rest_api" "MyDemoAPI" {
+	
+ }
+
+ resource "aws_api_gateway_resource" "MyDemoResource" {
+	rest_api_id      = aws_api_gateway_rest_api.MyDemoAPI.id
+ }
+
+ resource "aws_api_gateway_method" "good_example" {
+   rest_api_id      = aws_api_gateway_rest_api.MyDemoAPI.id
+   resource_id      = aws_api_gateway_resource.MyDemoResource.id
+   http_method      = "GET"
+   authorization    = "NONE"
+   api_key_required = true
+ }
+ 
+```
+```hcl
+ resource "aws_api_gateway_rest_api" "MyDemoAPI" {
+	
+ }
+
+ resource "aws_api_gateway_resource" "MyDemoResource" {
+	rest_api_id      = aws_api_gateway_rest_api.MyDemoAPI.id
+ }
+
+ resource "aws_api_gateway_method" "good_example" {
+   rest_api_id   = aws_api_gateway_rest_api.MyDemoAPI.id
+   resource_id   = aws_api_gateway_resource.MyDemoResource.id
+   http_method   = "OPTION"
+   authorization = "NONE"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method#authorization
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/apigateway/AVD-AWS-0005/Terraform.md b/avd_docs/aws/apigateway/AVD-AWS-0005/Terraform.md
index 5e77f8f52..e7cd3ef00 100644
--- a/avd_docs/aws/apigateway/AVD-AWS-0005/Terraform.md
+++ b/avd_docs/aws/apigateway/AVD-AWS-0005/Terraform.md
@@ -2,11 +2,12 @@
 Use the most modern TLS/SSL policies available
 
 ```hcl
-resource "aws_api_gateway_domain_name" "good_example" {
-  security_policy = "TLS_1_2"
-}
+ resource "aws_api_gateway_domain_name" "good_example" {
+ 	security_policy = "TLS_1_2"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_domain_name#security_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md b/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md
index dec1f5f09..8fbe3d37c 100644
--- a/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md
+++ b/avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption at rest for Athena databases and workgroup configurations
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -14,4 +11,7 @@ Resources:
           EncryptionConfiguration:
             EncryptionOption: SSE_KMS
     Type: AWS::Athena::WorkGroup
+
 ```
+
+
diff --git a/avd_docs/aws/athena/AVD-AWS-0006/Terraform.md b/avd_docs/aws/athena/AVD-AWS-0006/Terraform.md
index 729fe213e..b59ec1cdb 100644
--- a/avd_docs/aws/athena/AVD-AWS-0006/Terraform.md
+++ b/avd_docs/aws/athena/AVD-AWS-0006/Terraform.md
@@ -2,36 +2,38 @@
 Enable encryption at rest for Athena databases and workgroup configurations
 
 ```hcl
-resource "aws_athena_database" "good_example" {
-  name   = "database_name"
-  bucket = aws_s3_bucket.hoge.bucket
-  
-  encryption_configuration {
-    encryption_option = "SSE_KMS"
-    kms_key_arn       = aws_kms_key.example.arn
+ resource "aws_athena_database" "good_example" {
+   name   = "database_name"
+   bucket = aws_s3_bucket.hoge.bucket
+ 
+   encryption_configuration {
+      encryption_option = "SSE_KMS"
+      kms_key_arn       = aws_kms_key.example.arn
   }
-}
-
-resource "aws_athena_workgroup" "good_example" {
-  name = "example"
-  
-  configuration {
-    enforce_workgroup_configuration    = true
-    publish_cloudwatch_metrics_enabled = true
-    
-    result_configuration {
-      output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
-      
-      encryption_configuration {
-        encryption_option = "SSE_KMS"
-        kms_key_arn       = aws_kms_key.example.arn
-      }
-    }
-  }
-}
+ }
+ 
+ resource "aws_athena_workgroup" "good_example" {
+   name = "example"
+ 
+   configuration {
+     enforce_workgroup_configuration    = true
+     publish_cloudwatch_metrics_enabled = true
+ 
+     result_configuration {
+       output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
+ 
+       encryption_configuration {
+         encryption_option = "SSE_KMS"
+         kms_key_arn       = aws_kms_key.example.arn
+       }
+     }
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup#encryption_configuration
+
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database#encryption_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md b/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md
index 003914a2e..be71571ce 100644
--- a/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md
+++ b/avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enforce the configuration to prevent client overrides
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -15,4 +12,7 @@ Resources:
           EncryptionConfiguration:
             EncryptionOption: SSE_KMS
     Type: AWS::Athena::WorkGroup
+
 ```
+
+
diff --git a/avd_docs/aws/athena/AVD-AWS-0007/Terraform.md b/avd_docs/aws/athena/AVD-AWS-0007/Terraform.md
index cd6a0a928..4da01fe85 100644
--- a/avd_docs/aws/athena/AVD-AWS-0007/Terraform.md
+++ b/avd_docs/aws/athena/AVD-AWS-0007/Terraform.md
@@ -2,25 +2,26 @@
 Enforce the configuration to prevent client overrides
 
 ```hcl
-resource "aws_athena_workgroup" "good_example" {
-  name = "example"
-  
-  configuration {
-    enforce_workgroup_configuration    = true
-    publish_cloudwatch_metrics_enabled = true
-    
-    result_configuration {
-      output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
-      
-      encryption_configuration {
-        encryption_option = "SSE_KMS"
-        kms_key_arn       = aws_kms_key.example.arn
-      }
-    }
-  }
-}
+ resource "aws_athena_workgroup" "good_example" {
+   name = "example"
+ 
+   configuration {
+     enforce_workgroup_configuration    = true
+     publish_cloudwatch_metrics_enabled = true
+ 
+     result_configuration {
+       output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
+ 
+       encryption_configuration {
+         encryption_option = "SSE_KMS"
+         kms_key_arn       = aws_kms_key.example.arn
+       }
+     }
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup#configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md
index 834c9f1bc..51f56f9d3 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable logging for CloudFront distributions
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -19,4 +16,7 @@ Resources:
           - DomainName: https://some.domain
             Id: somedomain1
     Type: AWS::CloudFront::Distribution
+
 ```
+
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0010/Terraform.md b/avd_docs/aws/cloudfront/AVD-AWS-0010/Terraform.md
index 479bed3c5..ae92e5309 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0010/Terraform.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0010/Terraform.md
@@ -2,16 +2,17 @@
 Enable logging for CloudFront distributions
 
 ```hcl
-resource "aws_cloudfront_distribution" "good_example" {
-  // other config
-  logging_config {
-    include_cookies = false
-    bucket          = "mylogs.s3.amazonaws.com"
-    prefix          = "myprefix"
-  }
-}
+ resource "aws_cloudfront_distribution" "good_example" {
+ 	// other config
+ 	logging_config {
+ 		include_cookies = false
+ 		bucket          = "mylogs.s3.amazonaws.com"
+ 		prefix          = "myprefix"
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#logging_config
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md
index 3b759abb6..044d621f0 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable WAF for the CloudFront distribution
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -20,4 +17,7 @@ Resources:
             Id: somedomain1
         WebACLId: waf_id
     Type: AWS::CloudFront::Distribution
+
 ```
+
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0011/Terraform.md b/avd_docs/aws/cloudfront/AVD-AWS-0011/Terraform.md
index ac80547b7..d9558fc91 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0011/Terraform.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0011/Terraform.md
@@ -2,34 +2,35 @@
 Enable WAF for the CloudFront distribution
 
 ```hcl
-resource "aws_cloudfront_distribution" "good_example" {
-  
-  origin {
-    domain_name = aws_s3_bucket.primary.bucket_regional_domain_name
-    origin_id   = "primaryS3"
-    
-    s3_origin_config {
-      origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
-    }
-  }
-  
-  origin {
-    domain_name = aws_s3_bucket.failover.bucket_regional_domain_name
-    origin_id   = "failoverS3"
-    
-    s3_origin_config {
-      origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
-    }
-  }
-  
-  default_cache_behavior {
-    target_origin_id = "groupS3"
-  }
-  
-  web_acl_id = "waf_id"
-}
+ resource "aws_cloudfront_distribution" "good_example" {
+ 
+   origin {
+     domain_name = aws_s3_bucket.primary.bucket_regional_domain_name
+     origin_id   = "primaryS3"
+ 
+     s3_origin_config {
+       origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
+     }
+   }
+ 
+   origin {
+     domain_name = aws_s3_bucket.failover.bucket_regional_domain_name
+     origin_id   = "failoverS3"
+ 
+     s3_origin_config {
+       origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
+     }
+   }
+ 
+   default_cache_behavior {
+     target_origin_id = "groupS3"
+   }
+ 
+   web_acl_id = "waf_id"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#web_acl_id
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md
index d7877e60a..6e8bc873c 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Only allow HTTPS for CloudFront distribution communication
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -20,4 +17,7 @@ Resources:
             Id: somedomain1
         WebACLId: waf_id
     Type: AWS::CloudFront::Distribution
+
 ```
+
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0012/Terraform.md b/avd_docs/aws/cloudfront/AVD-AWS-0012/Terraform.md
index 2c4c1b86a..3387e8ea1 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0012/Terraform.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0012/Terraform.md
@@ -2,13 +2,14 @@
 Only allow HTTPS for CloudFront distribution communication
 
 ```hcl
-resource "aws_cloudfront_distribution" "good_example" {
-  default_cache_behavior {
-    viewer_protocol_policy = "redirect-to-https"
-  }
-}
+ resource "aws_cloudfront_distribution" "good_example" {
+ 	default_cache_behavior {
+ 	    viewer_protocol_policy = "redirect-to-https"
+ 	  }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#viewer_protocol_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md b/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md
index 9a2052aca..9702ba05e 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Use the most modern TLS/SSL policies available
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -21,4 +18,7 @@ Resources:
         ViewerCertificate:
           MinimumProtocolVersion: TLSv1.2_2021
     Type: AWS::CloudFront::Distribution
+
 ```
+
+
diff --git a/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md b/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md
index 4316bada5..981514037 100644
--- a/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md
+++ b/avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md
@@ -2,14 +2,15 @@
 Use the most modern TLS/SSL policies available
 
 ```hcl
-resource "aws_cloudfront_distribution" "good_example" {
-  viewer_certificate {
-    cloudfront_default_certificate = true
-    minimum_protocol_version = "TLSv1.2_2021"
-  }
-}
+ resource "aws_cloudfront_distribution" "good_example" {
+   viewer_certificate {
+     cloudfront_default_certificate = aws_acm_certificate.example.arn
+     minimum_protocol_version = "TLSv1.2_2021"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#minimum_protocol_version
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md
index b08da1525..6f69815d4 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable Cloudtrail in all regions
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   BadExample:
     Type: AWS::CloudTrail::Trail
@@ -14,4 +11,7 @@ Resources:
       S3BucketName: "CloudtrailBucket"
       S3KeyPrefix: "/trailing"
       TrailName: "Cloudtrail"
+
 ```
+
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0014/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0014/Terraform.md
index 3667f48a8..254aa7d49 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0014/Terraform.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0014/Terraform.md
@@ -2,21 +2,22 @@
 Enable Cloudtrail in all regions
 
 ```hcl
-resource "aws_cloudtrail" "good_example" {
-  is_multi_region_trail = true
-  
-  event_selector {
-    read_write_type           = "All"
-    include_management_events = true
-    
-    data_resource {
-      type = "AWS::S3::Object"
-      values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
-    }
-  }
-}
+ resource "aws_cloudtrail" "good_example" {
+   is_multi_region_trail = true
+ 
+   event_selector {
+     read_write_type           = "All"
+     include_management_events = true
+ 
+     data_resource {
+       type = "AWS::S3::Object"
+       values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
+     }
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
index 49a5a22ab..b17b69fec 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption at rest
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   BadExample:
     Type: AWS::CloudTrail::Trail
@@ -15,4 +12,7 @@ Resources:
       S3BucketName: "CloudtrailBucket"
       S3KeyPrefix: "/trailing"
       TrailName: "Cloudtrail"
+
 ```
+
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
index 00084007e..befbea4fc 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
@@ -2,23 +2,24 @@
 Enable encryption at rest
 
 ```hcl
-resource "aws_cloudtrail" "good_example" {
-  is_multi_region_trail = true
-  enable_log_file_validation = true
-  kms_key_id = var.kms_id
-  
-  event_selector {
-    read_write_type           = "All"
-    include_management_events = true
-    
-    data_resource {
-      type = "AWS::S3::Object"
-      values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
-    }
-  }
-}
+ resource "aws_cloudtrail" "good_example" {
+   is_multi_region_trail = true
+   enable_log_file_validation = true
+   kms_key_id = var.kms_id
+ 
+   event_selector {
+     read_write_type           = "All"
+     include_management_events = true
+ 
+     data_resource {
+       type = "AWS::S3::Object"
+       values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
+     }
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#kms_key_id
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md
index 001dbb50f..bb9a815c5 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Turn on log validation for Cloudtrail
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   BadExample:
     Type: AWS::CloudTrail::Trail
@@ -15,4 +12,7 @@ Resources:
       S3BucketName: "CloudtrailBucket"
       S3KeyPrefix: "/trailing"
       TrailName: "Cloudtrail"
+
 ```
+
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0016/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0016/Terraform.md
index e100368be..f5e1c895f 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0016/Terraform.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0016/Terraform.md
@@ -2,22 +2,23 @@
 Turn on log validation for Cloudtrail
 
 ```hcl
-resource "aws_cloudtrail" "good_example" {
-  is_multi_region_trail = true
-  enable_log_file_validation = true
-  
-  event_selector {
-    read_write_type           = "All"
-    include_management_events = true
-    
-    data_resource {
-      type = "AWS::S3::Object"
-      values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
-    }
-  }
-}
+ resource "aws_cloudtrail" "good_example" {
+   is_multi_region_trail = true
+   enable_log_file_validation = true
+ 
+   event_selector {
+     read_write_type           = "All"
+     include_management_events = true
+ 
+     data_resource {
+       type = "AWS::S3::Object"
+       values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
+     }
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#enable_log_file_validation
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md
new file mode 100644
index 000000000..764810725
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md
@@ -0,0 +1,20 @@
+
+Restrict public access to the S3 bucket
+
+```yaml---
+Resources:
+  GoodExampleTrail:
+    Type: AWS::CloudTrail::Trail
+    Properties:
+      IsLogging: true
+      S3BucketName: "my-bucket"
+      TrailName: "Cloudtrail"
+  GoodExampleBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: "my-bucket"
+      AccessControl: Private
+
+```
+
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0161/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0161/Terraform.md
new file mode 100644
index 000000000..bc14a8754
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0161/Terraform.md
@@ -0,0 +1,29 @@
+
+Restrict public access to the S3 bucket
+
+```hcl
+ resource "aws_cloudtrail" "good_example" {
+   is_multi_region_trail = true
+   s3_bucket_name = "abcdefgh"
+ 
+   event_selector {
+     read_write_type           = "All"
+     include_management_events = true
+ 
+     data_resource {
+       type = "AWS::S3::Object"
+       values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
+     }
+   }
+ }
+
+resource "aws_s3_bucket" "good_example" {
+	bucket = "abcdefgh"
+	acl = "private"
+}
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md
new file mode 100644
index 000000000..e7e20897f
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md
@@ -0,0 +1,14 @@
+
+Enable logging to CloudWatch
+
+```yaml---
+Resources:
+  GoodExampleTrail:
+    Type: AWS::CloudTrail::Trail
+    Properties:
+      TrailName: "Cloudtrail"
+      CloudWatchLogsLogGroupArn: "arn:aws:logs:us-east-1:123456789012:log-group:CloudTrail/DefaultLogGroup:*"
+
+```
+
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0162/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0162/Terraform.md
new file mode 100644
index 000000000..493ed0dd8
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0162/Terraform.md
@@ -0,0 +1,29 @@
+
+Enable logging to CloudWatch
+
+```hcl
+ resource "aws_cloudtrail" "good_example" {
+   is_multi_region_trail = true
+   cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.example.arn}:*" 
+
+ 
+   event_selector {
+     read_write_type           = "All"
+     include_management_events = true
+ 
+     data_resource {
+       type = "AWS::S3::Object"
+       values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
+     }
+   }
+ }
+
+resource "aws_cloudwatch_log_group" "example" {
+  name = "Example"
+}
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0163/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0163/CloudFormation.md
new file mode 100644
index 000000000..4fcfa1396
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0163/CloudFormation.md
@@ -0,0 +1,22 @@
+
+Enable access logging on the bucket
+
+```yaml---
+Resources:
+  GoodExampleTrail:
+    Type: AWS::CloudTrail::Trail
+    Properties:
+      IsLogging: true
+      S3BucketName: "my-bucket"
+      TrailName: "Cloudtrail"
+  GoodExampleBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: "my-bucket"
+      LoggingConfiguration:
+        DestinationBucketName: logging-bucket
+        LogFilePrefix: accesslogs/
+
+```
+
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0163/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0163/Terraform.md
new file mode 100644
index 000000000..3fff0e5c7
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0163/Terraform.md
@@ -0,0 +1,31 @@
+
+Enable access logging on the bucket
+
+```hcl
+ resource "aws_cloudtrail" "good_example" {
+   is_multi_region_trail = true
+   s3_bucket_name = "abcdefgh"
+ 
+   event_selector {
+     read_write_type           = "All"
+     include_management_events = true
+ 
+     data_resource {
+       type = "AWS::S3::Object"
+       values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
+     }
+   }
+ }
+
+resource "aws_s3_bucket" "good_example" {
+	bucket = "abcdefgh"
+	logging {
+		target_bucket = "target-bucket"
+	}
+}
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md
index 6975606a8..51028be22 100644
--- a/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0017/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable CMK encryption of CloudWatch Log Groups
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Logs::LogGroup
@@ -12,4 +9,7 @@ Resources:
       KmsKeyId: "arn:aws:kms:us-west-2:111122223333:key/lambdalogging"
       LogGroupName: "aws/lambda/goodExample"
       RetentionInDays: 30
+
 ```
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0017/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0017/Terraform.md
index 780417c8c..1909e47da 100644
--- a/avd_docs/aws/cloudwatch/AVD-AWS-0017/Terraform.md
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0017/Terraform.md
@@ -2,13 +2,14 @@
 Enable CMK encryption of CloudWatch Log Groups
 
 ```hcl
-resource "aws_cloudwatch_log_group" "good_example" {
-  name = "good_example"
-  
-  kms_key_id = aws_kms_key.log_key.arn
-}
+ resource "aws_cloudwatch_log_group" "good_example" {
+ 	name = "good_example"
+ 
+ 	kms_key_id = aws_kms_key.log_key.arn
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0147/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0147/CloudFormation.md
new file mode 100644
index 000000000..e9b82fad0
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0147/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on unauthorized API calls
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0147/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0147/Terraform.md
new file mode 100644
index 000000000..e9b82fad0
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0147/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on unauthorized API calls
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0148/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0148/CloudFormation.md
new file mode 100644
index 000000000..ef7de47cf
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0148/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on non MFA logins
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0148/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0148/Terraform.md
new file mode 100644
index 000000000..ef7de47cf
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0148/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on non MFA logins
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0149/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0149/CloudFormation.md
new file mode 100644
index 000000000..793070477
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0149/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on root user login
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0149/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0149/Terraform.md
new file mode 100644
index 000000000..793070477
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0149/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on root user login
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0150/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0150/CloudFormation.md
new file mode 100644
index 000000000..7c7215228
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0150/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on IAM Policy changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0150/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0150/Terraform.md
new file mode 100644
index 000000000..7c7215228
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0150/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on IAM Policy changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0151/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0151/CloudFormation.md
new file mode 100644
index 000000000..baaae93aa
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0151/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on CloudTrail configuration changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0151/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0151/Terraform.md
new file mode 100644
index 000000000..baaae93aa
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0151/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on CloudTrail configuration changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0152/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0152/CloudFormation.md
new file mode 100644
index 000000000..163f2f8dc
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0152/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on console login failures
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0152/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0152/Terraform.md
new file mode 100644
index 000000000..163f2f8dc
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0152/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on console login failures
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0153/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0153/CloudFormation.md
new file mode 100644
index 000000000..1eeab6a2e
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0153/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on CMKs being disabled or scheduled for deletion
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0153/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0153/Terraform.md
new file mode 100644
index 000000000..1eeab6a2e
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0153/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on CMKs being disabled or scheduled for deletion
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0154/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0154/CloudFormation.md
new file mode 100644
index 000000000..cc7958c8b
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0154/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on S3 Bucket policy changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0154/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0154/Terraform.md
new file mode 100644
index 000000000..cc7958c8b
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0154/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on S3 Bucket policy changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0155/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0155/CloudFormation.md
new file mode 100644
index 000000000..cf6be7ab1
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0155/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on AWS Config configuration changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0155/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0155/Terraform.md
new file mode 100644
index 000000000..cf6be7ab1
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0155/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on AWS Config configuration changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0156/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0156/CloudFormation.md
new file mode 100644
index 000000000..53476a4db
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0156/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on security group changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0156/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0156/Terraform.md
new file mode 100644
index 000000000..53476a4db
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0156/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on security group changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0157/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0157/CloudFormation.md
new file mode 100644
index 000000000..7a6b201ca
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0157/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on network acl changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0157/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0157/Terraform.md
new file mode 100644
index 000000000..7a6b201ca
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0157/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on network acl changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0158/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0158/CloudFormation.md
new file mode 100644
index 000000000..6baa5b1d2
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0158/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on network gateway changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0158/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0158/Terraform.md
new file mode 100644
index 000000000..6baa5b1d2
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0158/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on network gateway changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0159/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0159/CloudFormation.md
new file mode 100644
index 000000000..b7e556d0a
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0159/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on route table changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0159/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0159/Terraform.md
new file mode 100644
index 000000000..b7e556d0a
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0159/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on route table changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0160/CloudFormation.md b/avd_docs/aws/cloudwatch/AVD-AWS-0160/CloudFormation.md
new file mode 100644
index 000000000..b7e556d0a
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0160/CloudFormation.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on route table changes
+
+
+
diff --git a/avd_docs/aws/cloudwatch/AVD-AWS-0160/Terraform.md b/avd_docs/aws/cloudwatch/AVD-AWS-0160/Terraform.md
new file mode 100644
index 000000000..b7e556d0a
--- /dev/null
+++ b/avd_docs/aws/cloudwatch/AVD-AWS-0160/Terraform.md
@@ -0,0 +1,5 @@
+
+Create an alarm to alert on route table changes
+
+
+
diff --git a/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md b/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md
index 18ef77e22..62177016b 100644
--- a/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md
+++ b/avd_docs/aws/codebuild/AVD-AWS-0018/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption for CodeBuild project artifacts
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodProject:
     Type: AWS::CodeBuild::Project
@@ -29,4 +26,7 @@ Resources:
           Packaging: "String"
           Path: "String"
           Type: "String"
+
 ```
+
+
diff --git a/avd_docs/aws/codebuild/AVD-AWS-0018/Terraform.md b/avd_docs/aws/codebuild/AVD-AWS-0018/Terraform.md
index f50f7bafe..71dc0d75d 100644
--- a/avd_docs/aws/codebuild/AVD-AWS-0018/Terraform.md
+++ b/avd_docs/aws/codebuild/AVD-AWS-0018/Terraform.md
@@ -2,39 +2,40 @@
 Enable encryption for CodeBuild project artifacts
 
 ```hcl
-resource "aws_codebuild_project" "good_example" {
-  // other config
-  
-  artifacts {
-    // other artifacts config
-    
-    encryption_disabled = false
-  }
-}
-
-resource "aws_codebuild_project" "good_example" {
-  // other config
-  
-  artifacts {
-    // other artifacts config
-  }
-}
-
-resource "aws_codebuild_project" "codebuild" {
-  // other config
-  
-  secondary_artifacts {
-    // other artifacts config
-    
-    encryption_disabled = false
-  }
-  
-  secondary_artifacts {
-    // other artifacts config
-  }
-}
+ resource "aws_codebuild_project" "good_example" {
+ 	// other config
+ 
+ 	artifacts {
+ 		// other artifacts config
+ 
+ 		encryption_disabled = false
+ 	}
+ }
+ 
+ resource "aws_codebuild_project" "good_example" {
+ 	// other config
+ 
+ 	artifacts {
+ 		// other artifacts config
+ 	}
+ }
+ 
+ resource "aws_codebuild_project" "codebuild" {
+ 	// other config
+ 
+ 	secondary_artifacts {
+ 		// other artifacts config
+ 
+ 		encryption_disabled = false
+ 	}
+ 
+ 	secondary_artifacts {
+ 		// other artifacts config
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#encryption_disabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md b/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md
index 3375e27ec..542908cf9 100644
--- a/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md
+++ b/avd_docs/aws/config/AVD-AWS-0019/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Set the aggregator to cover all regions
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Config::ConfigurationAggregator
@@ -12,4 +9,17 @@ Resources:
       AccountAggregationSources:
         - AllAwsRegions: true
       ConfigurationAggregatorName: "GoodAccountLevelAggregation"
+
+```
+```yaml---
+Resources:
+  GoodExample:
+    Type: AWS::Config::ConfigurationAggregator
+    Properties:
+      OrganizationAggregationSource: 
+        AllAwsRegions: true
+      ConfigurationAggregatorName: "GoodAccountLevelAggregation"
+
 ```
+
+
diff --git a/avd_docs/aws/config/AVD-AWS-0019/Terraform.md b/avd_docs/aws/config/AVD-AWS-0019/Terraform.md
index 20f9e0a7f..a7539df05 100644
--- a/avd_docs/aws/config/AVD-AWS-0019/Terraform.md
+++ b/avd_docs/aws/config/AVD-AWS-0019/Terraform.md
@@ -2,16 +2,17 @@
 Set the aggregator to cover all regions
 
 ```hcl
-resource "aws_config_configuration_aggregator" "good_example" {
-  name = "example"
-  
-  account_aggregation_source {
-    account_ids = ["123456789012"]
-    all_regions = true
-  }
-}
+ resource "aws_config_configuration_aggregator" "good_example" {
+ 	name = "example"
+ 	  
+ 	account_aggregation_source {
+ 	  account_ids = ["123456789012"]
+ 	  all_regions = true
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_aggregator#all_regions
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md b/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md
index 4714c8edc..58819786e 100644
--- a/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md
+++ b/avd_docs/aws/documentdb/AVD-AWS-0020/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable export logs
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: "AWS::DocDB::DBCluster"
@@ -25,4 +22,7 @@ Resources:
       DBInstanceClass: "db.r5.large"
       DBInstanceIdentifier: "sample-cluster-instance-0"
       PreferredMaintenanceWindow: "sat:06:54-sat:07:24"
+
 ```
+
+
diff --git a/avd_docs/aws/documentdb/AVD-AWS-0020/Terraform.md b/avd_docs/aws/documentdb/AVD-AWS-0020/Terraform.md
index 7cd2a2945..d93f1706e 100644
--- a/avd_docs/aws/documentdb/AVD-AWS-0020/Terraform.md
+++ b/avd_docs/aws/documentdb/AVD-AWS-0020/Terraform.md
@@ -2,18 +2,19 @@
 Enable export logs
 
 ```hcl
-resource "aws_docdb_cluster" "good_example" {
-  cluster_identifier      = "my-docdb-cluster"
-  engine                  = "docdb"
-  master_username         = "foo"
-  master_password         = "mustbeeightchars"
-  backup_retention_period = 5
-  preferred_backup_window = "07:00-09:00"
-  skip_final_snapshot     = true
-  enabled_cloudwatch_logs_exports = "audit"
-}
+ resource "aws_docdb_cluster" "good_example" {
+   cluster_identifier      = "my-docdb-cluster"
+   engine                  = "docdb"
+   master_username         = "foo"
+   master_password         = "mustbeeightchars"
+   backup_retention_period = 5
+   preferred_backup_window = "07:00-09:00"
+   skip_final_snapshot     = true
+   enabled_cloudwatch_logs_exports = "audit"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#enabled_cloudwatch_logs_exports
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md b/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md
index 17c0e8616..921fd35a7 100644
--- a/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md
+++ b/avd_docs/aws/documentdb/AVD-AWS-0021/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable storage encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: "AWS::DocDB::DBCluster"
@@ -26,4 +23,7 @@ Resources:
       DBInstanceClass: "db.r5.large"
       DBInstanceIdentifier: "sample-cluster-instance-0"
       PreferredMaintenanceWindow: "sat:06:54-sat:07:24"
+
 ```
+
+
diff --git a/avd_docs/aws/documentdb/AVD-AWS-0021/Terraform.md b/avd_docs/aws/documentdb/AVD-AWS-0021/Terraform.md
index 480799058..71cd4c022 100644
--- a/avd_docs/aws/documentdb/AVD-AWS-0021/Terraform.md
+++ b/avd_docs/aws/documentdb/AVD-AWS-0021/Terraform.md
@@ -2,18 +2,19 @@
 Enable storage encryption
 
 ```hcl
-resource "aws_docdb_cluster" "good_example" {
-  cluster_identifier      = "my-docdb-cluster"
-  engine                  = "docdb"
-  master_username         = "foo"
-  master_password         = "mustbeeightchars"
-  backup_retention_period = 5
-  preferred_backup_window = "07:00-09:00"
-  skip_final_snapshot     = true
-  storage_encrypted = true
-}
+ resource "aws_docdb_cluster" "good_example" {
+   cluster_identifier      = "my-docdb-cluster"
+   engine                  = "docdb"
+   master_username         = "foo"
+   master_password         = "mustbeeightchars"
+   backup_retention_period = 5
+   preferred_backup_window = "07:00-09:00"
+   skip_final_snapshot     = true
+   storage_encrypted = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#storage_encrypted
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md b/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md
index 17864b3d2..695177a67 100644
--- a/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md
+++ b/avd_docs/aws/documentdb/AVD-AWS-0022/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption using customer managed keys
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: "AWS::DocDB::DBCluster"
@@ -25,4 +22,7 @@ Resources:
       DBInstanceClass: "db.r5.large"
       DBInstanceIdentifier: "sample-cluster-instance-0"
       PreferredMaintenanceWindow: "sat:06:54-sat:07:24"
+
 ```
+
+
diff --git a/avd_docs/aws/documentdb/AVD-AWS-0022/Terraform.md b/avd_docs/aws/documentdb/AVD-AWS-0022/Terraform.md
index 6a8a5a650..301457298 100644
--- a/avd_docs/aws/documentdb/AVD-AWS-0022/Terraform.md
+++ b/avd_docs/aws/documentdb/AVD-AWS-0022/Terraform.md
@@ -2,22 +2,23 @@
 Enable encryption using customer managed keys
 
 ```hcl
-resource "aws_kms_key" "docdb_encryption" {
-  enable_key_rotation = true
-}
-
-resource "aws_docdb_cluster" "docdb" {
-  cluster_identifier      = "my-docdb-cluster"
-  engine                  = "docdb"
-  master_username         = "foo"
-  master_password         = "mustbeeightchars"
-  backup_retention_period = 5
-  preferred_backup_window = "07:00-09:00"
-  skip_final_snapshot     = true
-  kms_key_id 			  = aws_kms_key.docdb_encryption.arn
-}
+ resource "aws_kms_key" "docdb_encryption" {
+ 	enable_key_rotation = true
+ }
+ 			
+ resource "aws_docdb_cluster" "docdb" {
+   cluster_identifier      = "my-docdb-cluster"
+   engine                  = "docdb"
+   master_username         = "foo"
+   master_password         = "mustbeeightchars"
+   backup_retention_period = 5
+   preferred_backup_window = "07:00-09:00"
+   skip_final_snapshot     = true
+   kms_key_id 			  = aws_kms_key.docdb_encryption.arn
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#kms_key_id
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md b/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md
index 465fe0f59..558e673d7 100644
--- a/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md
+++ b/avd_docs/aws/dynamodb/AVD-AWS-0023/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption at rest for DAX Cluster
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   daxCluster:
     Type: AWS::DAX::Cluster
@@ -16,4 +13,7 @@ Resources:
       Description: "DAX cluster created with CloudFormation"
       SSESpecification:
         SSEEnabled: true
+
 ```
+
+
diff --git a/avd_docs/aws/dynamodb/AVD-AWS-0023/Terraform.md b/avd_docs/aws/dynamodb/AVD-AWS-0023/Terraform.md
index e17c1f821..23355ed15 100644
--- a/avd_docs/aws/dynamodb/AVD-AWS-0023/Terraform.md
+++ b/avd_docs/aws/dynamodb/AVD-AWS-0023/Terraform.md
@@ -2,15 +2,16 @@
 Enable encryption at rest for DAX Cluster
 
 ```hcl
-resource "aws_dax_cluster" "good_example" {
-  // other DAX config
-  
-  server_side_encryption {
-    enabled = true // enabled server side encryption
-  }
-}
+ resource "aws_dax_cluster" "good_example" {
+ 	// other DAX config
+ 
+ 	server_side_encryption {
+ 		enabled = true // enabled server side encryption
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dax_cluster#server_side_encryption
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/dynamodb/AVD-AWS-0024/Terraform.md b/avd_docs/aws/dynamodb/AVD-AWS-0024/Terraform.md
index 4dc8dc3f9..9a5811f53 100644
--- a/avd_docs/aws/dynamodb/AVD-AWS-0024/Terraform.md
+++ b/avd_docs/aws/dynamodb/AVD-AWS-0024/Terraform.md
@@ -2,24 +2,25 @@
 Enable point in time recovery
 
 ```hcl
-resource "aws_dynamodb_table" "good_example" {
-  name             = "example"
-  hash_key         = "TestTableHashKey"
-  billing_mode     = "PAY_PER_REQUEST"
-  stream_enabled   = true
-  stream_view_type = "NEW_AND_OLD_IMAGES"
-  
-  attribute {
-    name = "TestTableHashKey"
-    type = "S"
-  }
-  
-  point_in_time_recovery {
-    enabled = true
-  }
-}
+ resource "aws_dynamodb_table" "good_example" {
+ 	name             = "example"
+ 	hash_key         = "TestTableHashKey"
+ 	billing_mode     = "PAY_PER_REQUEST"
+ 	stream_enabled   = true
+ 	stream_view_type = "NEW_AND_OLD_IMAGES"
+   
+ 	attribute {
+ 	  name = "TestTableHashKey"
+ 	  type = "S"
+ 	}
+ 
+ 	point_in_time_recovery {
+ 		enabled = true
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table#point_in_time_recovery
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/dynamodb/AVD-AWS-0025/Terraform.md b/avd_docs/aws/dynamodb/AVD-AWS-0025/Terraform.md
index 95c83a6ba..843a790c5 100644
--- a/avd_docs/aws/dynamodb/AVD-AWS-0025/Terraform.md
+++ b/avd_docs/aws/dynamodb/AVD-AWS-0025/Terraform.md
@@ -2,37 +2,38 @@
 Enable server side encryption with a customer managed key
 
 ```hcl
-resource "aws_kms_key" "dynamo_db_kms" {
-  enable_key_rotation = true
-}
-
-resource "aws_dynamodb_table" "good_example" {
-  name             = "example"
-  hash_key         = "TestTableHashKey"
-  billing_mode     = "PAY_PER_REQUEST"
-  stream_enabled   = true
-  stream_view_type = "NEW_AND_OLD_IMAGES"
-  
-  attribute {
-    name = "TestTableHashKey"
-    type = "S"
-  }
-  
-  replica {
-    region_name = "us-east-2"
-  }
-  
-  replica {
-    region_name = "us-west-2"
-  }
-  
-  server_side_encryption {
-    enabled     = true
-    kms_key_arn = aws_kms_key.dynamo_db_kms.key_id
-  }
-}
+ resource "aws_kms_key" "dynamo_db_kms" {
+ 	enable_key_rotation = true
+ }
+ 
+ resource "aws_dynamodb_table" "good_example" {
+ 	name             = "example"
+ 	hash_key         = "TestTableHashKey"
+ 	billing_mode     = "PAY_PER_REQUEST"
+ 	stream_enabled   = true
+ 	stream_view_type = "NEW_AND_OLD_IMAGES"
+   
+ 	attribute {
+ 	  name = "TestTableHashKey"
+ 	  type = "S"
+ 	}
+   
+ 	replica {
+ 	  region_name = "us-east-2"
+ 	}
+   
+ 	replica {
+ 	  region_name = "us-west-2"
+ 	}
+ 
+ 	server_side_encryption {
+ 		enabled     = true
+ 		kms_key_arn = aws_kms_key.dynamo_db_kms.key_id
+ 	}
+   }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table#server_side_encryption
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0008/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0008/CloudFormation.md
new file mode 100644
index 000000000..8439a5faf
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0008/CloudFormation.md
@@ -0,0 +1,18 @@
+
+Turn on encryption for all block devices
+
+```yaml---
+Resources:
+  GoodExample:
+    Properties:
+      BlockDeviceMappings:
+        - DeviceName: root
+          Ebs:
+            Encrypted: true
+      ImageId: ami-123456
+      InstanceType: t2.small
+    Type: AWS::AutoScaling::LaunchConfiguration
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0008/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0008/Terraform.md
new file mode 100644
index 000000000..89f8ee15e
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0008/Terraform.md
@@ -0,0 +1,15 @@
+
+Turn on encryption for all block devices
+
+```hcl
+ resource "aws_launch_configuration" "good_example" {
+ 	root_block_device {
+ 		encrypted = true
+ 	}
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0009/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0009/CloudFormation.md
new file mode 100644
index 000000000..0292fee90
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0009/CloudFormation.md
@@ -0,0 +1,14 @@
+
+Set the instance to not be publicly accessible
+
+```yaml---
+Resources:
+  GoodExample:
+    Properties:
+      ImageId: ami-123456
+      InstanceType: t2.small
+    Type: AWS::AutoScaling::LaunchConfiguration
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0009/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0009/Terraform.md
new file mode 100644
index 000000000..14eb2802c
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0009/Terraform.md
@@ -0,0 +1,15 @@
+
+Set the instance to not be publicly accessible
+
+```hcl
+ resource "aws_launch_configuration" "good_example" {
+ 	associate_public_ip_address = false
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration#associate_public_ip_address
+
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#associate_public_ip_address
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0026/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0026/CloudFormation.md
new file mode 100644
index 000000000..f0378b74e
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0026/CloudFormation.md
@@ -0,0 +1,16 @@
+
+Enable encryption of EBS volumes
+
+```yaml---
+Resources:
+  GoodExample:
+    Type: AWS::EC2::Volume
+    Properties: 
+      Size: 100
+      Encrypted: true
+      KmsKeyId: "alias/volumeEncrypt"
+    DeletionPolicy: Snapshot
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0026/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0026/Terraform.md
new file mode 100644
index 000000000..43891b769
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0026/Terraform.md
@@ -0,0 +1,19 @@
+
+Enable encryption of EBS volumes
+
+```hcl
+ resource "aws_ebs_volume" "good_example" {
+   availability_zone = "us-west-2a"
+   size              = 40
+ 
+   tags = {
+     Name = "HelloWorld"
+   }
+   encrypted = true
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#encrypted
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0027/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0027/CloudFormation.md
new file mode 100644
index 000000000..00ad68051
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0027/CloudFormation.md
@@ -0,0 +1,27 @@
+
+Enable encryption using customer managed keys
+
+```yaml---
+Resources:
+  GoodExample:
+    Type: AWS::EC2::Volume
+    Properties: 
+      Size: 100
+      Encrypted: true
+      KmsKeyId: "alias/volumeEncrypt"
+    DeletionPolicy: Snapshot
+
+```
+```yaml---
+Resources:
+  GoodExample:
+    Type: AWS::EC2::Volume
+    Properties: 
+      Size: 100
+      Encrypted: true
+      KmsKeyId: !ImportValue "MyStack:Key"
+    DeletionPolicy: Snapshot
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0027/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0027/Terraform.md
new file mode 100644
index 000000000..42977ae0e
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0027/Terraform.md
@@ -0,0 +1,24 @@
+
+Enable encryption using customer managed keys
+
+```hcl
+ resource "aws_kms_key" "ebs_encryption" {
+ 	enable_key_rotation = true
+ }
+ 
+ resource "aws_ebs_volume" "example" {
+   availability_zone = "us-west-2a"
+   size              = 40
+ 
+   kms_key_id = aws_kms_key.ebs_encryption.arn
+ 
+   tags = {
+     Name = "HelloWorld"
+   }
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#kms_key_id
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0028/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0028/Terraform.md
index 156520523..7b323dc09 100644
--- a/avd_docs/aws/ec2/AVD-AWS-0028/Terraform.md
+++ b/avd_docs/aws/ec2/AVD-AWS-0028/Terraform.md
@@ -2,15 +2,16 @@
 Enable HTTP token requirement for IMDS
 
 ```hcl
-resource "aws_instance" "good_example" {
-  ami           = "ami-005e54dee72cc1d00"
-  instance_type = "t2.micro"
-  metadata_options {
-    http_tokens = "required"
-  }
-}
+ resource "aws_instance" "good_example" {
+	 ami           = "ami-005e54dee72cc1d00"
+	 instance_type = "t2.micro"
+	 metadata_options {
+	 http_tokens = "required"
+	 }	
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md
index 659c7402a..361b833ef 100644
--- a/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md
+++ b/avd_docs/aws/ec2/AVD-AWS-0029/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Remove sensitive data from the EC2 instance user-data
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::EC2::Instance
@@ -20,4 +17,8 @@ Resources:
             DeleteOnTermination: "false"
             VolumeSize: "20"
         - DeviceName: "/dev/sdk"
+
+
 ```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0029/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0029/Terraform.md
index 1619f2a08..813649655 100644
--- a/avd_docs/aws/ec2/AVD-AWS-0029/Terraform.md
+++ b/avd_docs/aws/ec2/AVD-AWS-0029/Terraform.md
@@ -2,22 +2,23 @@
 Remove sensitive data from the EC2 instance user-data
 
 ```hcl
-resource "aws_iam_instance_profile" "good_example" {
-  // ...
-}
-
-resource "aws_instance" "good_example" {
-  ami           = "ami-12345667"
-  instance_type = "t2.small"
-  
-  iam_instance_profile = aws_iam_instance_profile.good_profile.arn
-  
-  user_data = <<EOF
-  export GREETING=hello
-  EOF
-}
+ resource "aws_iam_instance_profile" "good_example" {
+		 // ...
+ }
+ 
+ resource "aws_instance" "good_example" {
+	 ami           = "ami-12345667"
+	 instance_type = "t2.small"
+ 
+	 iam_instance_profile = aws_iam_instance_profile.good_profile.arn
+ 
+	 user_data = <<EOF
+	 export GREETING=hello
+ EOF
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#user_data
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md
new file mode 100644
index 000000000..c9599ebbe
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0099/CloudFormation.md
@@ -0,0 +1,18 @@
+
+Add descriptions for all security groups
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good example of group description
+Resources:
+  GoodSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Limits security group egress traffic
+      SecurityGroupEgress:
+      - CidrIp: 127.0.0.1/32
+        IpProtocol: "-1"
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0099/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0099/Terraform.md
new file mode 100644
index 000000000..fc950bc7b
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0099/Terraform.md
@@ -0,0 +1,24 @@
+
+Add descriptions for all security groups
+
+```hcl
+ resource "aws_security_group" "good_example" {
+   name        = "http"
+   description = "Allow inbound HTTP traffic"
+ 
+   ingress {
+     description = "HTTP from VPC"
+     from_port   = 80
+     to_port     = 80
+     protocol    = "tcp"
+     cidr_blocks = [aws_vpc.main.cidr_block]
+   }
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
+
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0101/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0101/Terraform.md
new file mode 100644
index 000000000..f760a2577
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0101/Terraform.md
@@ -0,0 +1,11 @@
+
+Create a non-default vpc for resources to be created in
+
+```hcl
+ # no aws default vpc present
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0102/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0102/CloudFormation.md
new file mode 100644
index 000000000..c211d876e
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0102/CloudFormation.md
@@ -0,0 +1,21 @@
+
+Set specific allowed ports
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Godd example of excessive ports
+Resources: 
+  NetworkACL:
+    Type: AWS::EC2::NetworkAcl
+    Properties:
+      VpcId: "something"
+  Rule:
+    Type: AWS::EC2::NetworkAclEntry
+    Properties:
+      NetworkAclId:
+        Ref: NetworkACL
+      Protocol: 6
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0102/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0102/Terraform.md
new file mode 100644
index 000000000..e3fa62461
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0102/Terraform.md
@@ -0,0 +1,18 @@
+
+Set specific allowed ports
+
+```hcl
+ resource "aws_network_acl_rule" "good_example" {
+   egress         = false
+   protocol       = "tcp"
+   from_port      = 22
+   to_port        = 22
+   rule_action    = "allow"
+   cidr_block     = "0.0.0.0/0"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule#to_port
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0104/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0104/CloudFormation.md
new file mode 100644
index 000000000..95ca059e3
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0104/CloudFormation.md
@@ -0,0 +1,18 @@
+
+Set a more restrictive cidr range
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good example of egress rule
+Resources:
+  BadSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Limits security group egress traffic
+      SecurityGroupEgress:
+      - CidrIp: 127.0.0.1/32
+        IpProtocol: "6"
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0104/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0104/Terraform.md
new file mode 100644
index 000000000..286b989af
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0104/Terraform.md
@@ -0,0 +1,15 @@
+
+Set a more restrictive cidr range
+
+```hcl
+ resource "aws_security_group" "good_example" {
+ 	egress {
+ 		cidr_blocks = ["1.2.3.4/32"]
+ 	}
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0105/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0105/CloudFormation.md
new file mode 100644
index 000000000..456412e0e
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0105/CloudFormation.md
@@ -0,0 +1,23 @@
+
+Set a more restrictive cidr range
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Godd example of excessive ports
+Resources: 
+  NetworkACL:
+    Type: AWS::EC2::NetworkAcl
+    Properties:
+      VpcId: "something"
+  Rule:
+    Type: AWS::EC2::NetworkAclEntry
+    Properties:
+      NetworkAclId:
+        Ref: NetworkACL
+      Protocol: 6
+      CidrBlock: 10.0.0.0/8
+      RuleAction: allow
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0105/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0105/Terraform.md
new file mode 100644
index 000000000..62d3cb4f6
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0105/Terraform.md
@@ -0,0 +1,18 @@
+
+Set a more restrictive cidr range
+
+```hcl
+ resource "aws_network_acl_rule" "good_example" {
+   egress         = false
+   protocol       = "tcp"
+   from_port      = 22
+   to_port        = 22
+   rule_action    = "allow"
+   cidr_block     = "10.0.0.0/16"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule#cidr_block
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md
new file mode 100644
index 000000000..d4d611442
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0107/CloudFormation.md
@@ -0,0 +1,18 @@
+
+Set a more restrictive cidr range
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good example of ingress rule
+Resources:
+  BadSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Limits security group egress traffic
+      SecurityGroupIngress:
+      - CidrIp: 127.0.0.1/32
+        IpProtocol: "6"
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0107/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0107/Terraform.md
new file mode 100644
index 000000000..4f72892d3
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0107/Terraform.md
@@ -0,0 +1,28 @@
+
+Set a more restrictive cidr range
+
+```hcl
+ resource "aws_security_group_rule" "good_example" {
+ 	type = "ingress"
+ 	cidr_blocks = ["10.0.0.0/16"]
+ }
+ 
+```
+```hcl
+resource "aws_security_group_rule" "allow_partner_rsync" {
+  type              = "ingress"
+  security_group_id = aws_security_group.….id
+  from_port         = 22
+  to_port           = 22
+  protocol          = "tcp"
+  cidr_blocks = [
+    "1.2.3.4/32",
+    "4.5.6.7/32",
+  ]
+}
+
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule#cidr_blocks
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0122/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0122/Terraform.md
new file mode 100644
index 000000000..b2a67c84d
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0122/Terraform.md
@@ -0,0 +1,27 @@
+
+Don't use sensitive data in user data
+
+```hcl
+ resource "aws_launch_configuration" "as_conf" {
+   name          = "web_config"
+   image_id      = data.aws_ami.ubuntu.id
+   instance_type = "t2.micro"
+   user_data     = <<EOF
+ export GREETING="Hello there"
+ EOF
+ }
+ 
+```
+```hcl
+ resource "aws_launch_configuration" "as_conf" {
+ 	name             = "web_config"
+ 	image_id         = data.aws_ami.ubuntu.id
+ 	instance_type    = "t2.micro"
+ 	user_data_base64 = "ZXhwb3J0IEVESVRPUj12aW1hY3M="
+   }
+   
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration#user_data,user_data_base64
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md
new file mode 100644
index 000000000..c358b87b9
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0124/CloudFormation.md
@@ -0,0 +1,19 @@
+
+Add descriptions for all security groups rules
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good example of SGR description
+Resources:
+  GoodSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Limits security group egress traffic
+      SecurityGroupEgress:
+      - CidrIp: 127.0.0.1/32
+        Description: "Can connect to loopback"
+        IpProtocol: "-1"
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0124/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0124/Terraform.md
new file mode 100644
index 000000000..d6718d6d2
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0124/Terraform.md
@@ -0,0 +1,24 @@
+
+Add descriptions for all security groups rules
+
+```hcl
+ resource "aws_security_group" "good_example" {
+   name        = "http"
+   description = "Allow inbound HTTP traffic"
+ 
+   ingress {
+     description = "HTTP from VPC"
+     from_port   = 80
+     to_port     = 80
+     protocol    = "tcp"
+     cidr_blocks = [aws_vpc.main.cidr_block]
+   }
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
+
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md
new file mode 100644
index 000000000..fa6907651
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md
@@ -0,0 +1,34 @@
+
+Remove sensitive data from the EC2 instance user-data generated by launch templates
+
+```yaml---
+Resources:
+  InstanceProfile:
+    Type: AWS::IAM::InstanceProfile
+    Properties:
+      InstanceProfileName: MyIamInstanceProfile
+      Path: "/"
+      Roles:
+      - MyAdminRole
+  GoodExample:
+    Type: AWS::EC2::LaunchTemplate
+    Properties:
+      LaunchTemplateName: MyLaunchTemplate
+      LaunchTemplateData:
+        IamInstanceProfile:
+          Arn: !GetAtt
+            - MyIamInstanceProfile
+            - Arn
+        DisableApiTermination: true
+        ImageId: ami-04d5cc9b88example
+        UserData: export SSM_PATH=/database/creds
+        InstanceType: t2.micro
+        KeyName: MyKeyPair
+        MetadataOptions:
+          - HttpTokens: required
+        SecurityGroupIds:
+          - sg-083cd3bfb8example
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0129/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0129/Terraform.md
new file mode 100644
index 000000000..c9d9865a0
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0129/Terraform.md
@@ -0,0 +1,25 @@
+
+Remove sensitive data from the EC2 instance user-data generated by launch templates
+
+```hcl
+ resource "aws_iam_instance_profile" "good_example" {
+		 // ...
+ }
+ 
+ resource "aws_launch_template" "good_example" {
+	 image_id      = "ami-12345667"
+	 instance_type = "t2.small"
+ 
+	 iam_instance_profile {
+		 name = aws_iam_instance_profile.good_profile.arn
+	 }
+	 user_data = <<EOF
+	 export GREETING=hello
+EOF
+}
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#user_data
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0130/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0130/CloudFormation.md
new file mode 100644
index 000000000..7cd3654ca
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0130/CloudFormation.md
@@ -0,0 +1,15 @@
+
+Enable HTTP token requirement for IMDS
+
+```yaml---
+Resources:
+  GoodExample:
+    Type: AWS::AutoScaling::LaunchConfiguration
+    Properties:
+      MetadataOptions:
+        HttpTokens: required
+        HttpEndpoint: enabled
+ 
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0130/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0130/Terraform.md
new file mode 100644
index 000000000..714c1c146
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0130/Terraform.md
@@ -0,0 +1,17 @@
+
+Enable HTTP token requirement for IMDS
+
+```hcl
+ resource "aws_launch_template" "good_example" {
+	 image_id      = "ami-005e54dee72cc1d00"
+	 instance_type = "t2.micro"
+	 metadata_options {
+	   http_tokens = "required"
+	 }	
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0131/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0131/CloudFormation.md
new file mode 100644
index 000000000..8db6bf76e
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0131/CloudFormation.md
@@ -0,0 +1,24 @@
+
+Turn on encryption for all block devices
+
+```yaml---
+Resources:
+  GoodExample:
+    Type: AWS::EC2::Instance
+    Properties:
+      ImageId: "ami-79fd7eee"
+      KeyName: "testkey"
+      UserData: export SSM_PATH=/database/creds
+      BlockDeviceMappings:
+        - DeviceName: "/dev/sdm"
+          Ebs:
+            Encrypted: True
+            VolumeType: "io1"
+            Iops: "200"
+            DeleteOnTermination: "false"
+            VolumeSize: "20"
+
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0131/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0131/Terraform.md
new file mode 100644
index 000000000..9e316c805
--- /dev/null
+++ b/avd_docs/aws/ec2/AVD-AWS-0131/Terraform.md
@@ -0,0 +1,26 @@
+
+Turn on encryption for all block devices
+
+```hcl
+resource "aws_instance" "good_example" {
+  ami = "ami-7f89a64f"
+  instance_type = "t1.micro"
+
+  root_block_device {
+      encrypted = true
+  }
+
+  ebs_block_device {
+    device_name = "/dev/sdg"
+    volume_size = 5
+    volume_type = "gp2"
+    delete_on_termination = false
+    encrypted = true
+  }
+}
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md
index f0ffb9b66..a1d034af9 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0030/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable ECR image scanning
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::ECR::Repository
@@ -12,8 +9,11 @@ Resources:
       RepositoryName: "test-repository"
       ImageTagImmutability: IMMUTABLE
       ImageScanningConfiguration:
-        ScanOnPush: true
+        ScanOnPush: True
       EncryptionConfiguration:
         EncryptionType: KMS
         KmsKey: "alias/ecr-key"
+
 ```
+
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0030/Terraform.md b/avd_docs/aws/ecr/AVD-AWS-0030/Terraform.md
index 8c91e155a..0e23e9a33 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0030/Terraform.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0030/Terraform.md
@@ -2,16 +2,17 @@
 Enable ECR image scanning
 
 ```hcl
-resource "aws_ecr_repository" "good_example" {
-  name                 = "bar"
-  image_tag_mutability = "MUTABLE"
-  
-  image_scanning_configuration {
-    scan_on_push = true
-  }
-}
+ resource "aws_ecr_repository" "good_example" {
+   name                 = "bar"
+   image_tag_mutability = "MUTABLE"
+ 
+   image_scanning_configuration {
+     scan_on_push = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository#image_scanning_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md
index 8253eaf67..842d1c7d0 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0031/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Only use immutable images in ECR
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::ECR::Repository
@@ -16,4 +13,7 @@ Resources:
       EncryptionConfiguration:
         EncryptionType: KMS
         KmsKey: "alias/ecr-key"
+
 ```
+
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0031/Terraform.md b/avd_docs/aws/ecr/AVD-AWS-0031/Terraform.md
index 7745fe54d..5ef303e13 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0031/Terraform.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0031/Terraform.md
@@ -2,16 +2,17 @@
 Only use immutable images in ECR
 
 ```hcl
-resource "aws_ecr_repository" "good_example" {
-  name                 = "bar"
-  image_tag_mutability = "IMMUTABLE"
-  
-  image_scanning_configuration {
-    scan_on_push = true
-  }
-}
+ resource "aws_ecr_repository" "good_example" {
+   name                 = "bar"
+   image_tag_mutability = "IMMUTABLE"
+ 
+   image_scanning_configuration {
+     scan_on_push = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md
index 0df62dbed..08fb12325 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0032/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Do not allow public access in the policy
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::ECR::Repository
@@ -33,4 +30,7 @@ Resources:
               - "ecr:InitiateLayerUpload"
               - "ecr:UploadLayerPart"
               - "ecr:CompleteLayerUpload"
+
 ```
+
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0032/Terraform.md b/avd_docs/aws/ecr/AVD-AWS-0032/Terraform.md
index 2c0f88ad2..8cd602bac 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0032/Terraform.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0032/Terraform.md
@@ -2,44 +2,45 @@
 Do not allow public access in the policy
 
 ```hcl
-resource "aws_ecr_repository" "foo" {
-  name = "bar"
-}
-
-resource "aws_ecr_repository_policy" "foopolicy" {
-  repository = aws_ecr_repository.foo.name
-  
-  policy = <<EOF
-  {
-    "Version": "2008-10-17",
-    "Statement": [
-    {
-      "Sid": "new policy",
-      "Effect": "Allow",
-      "Principal": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
-      "Action": [
-      "ecr:GetDownloadUrlForLayer",
-      "ecr:BatchGetImage",
-      "ecr:BatchCheckLayerAvailability",
-      "ecr:PutImage",
-      "ecr:InitiateLayerUpload",
-      "ecr:UploadLayerPart",
-      "ecr:CompleteLayerUpload",
-      "ecr:DescribeRepositories",
-      "ecr:GetRepositoryPolicy",
-      "ecr:ListImages",
-      "ecr:DeleteRepository",
-      "ecr:BatchDeleteImage",
-      "ecr:SetRepositoryPolicy",
-      "ecr:DeleteRepositoryPolicy"
-      ]
-    }
-    ]
-  }
-  EOF
-}
+ resource "aws_ecr_repository" "foo" {
+   name = "bar"
+ }
+ 
+ resource "aws_ecr_repository_policy" "foopolicy" {
+   repository = aws_ecr_repository.foo.name
+ 
+   policy = <<EOF
+ {
+     "Version": "2008-10-17",
+     "Statement": [
+         {
+             "Sid": "new policy",
+             "Effect": "Allow",
+             "Principal": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
+             "Action": [
+                 "ecr:GetDownloadUrlForLayer",
+                 "ecr:BatchGetImage",
+                 "ecr:BatchCheckLayerAvailability",
+                 "ecr:PutImage",
+                 "ecr:InitiateLayerUpload",
+                 "ecr:UploadLayerPart",
+                 "ecr:CompleteLayerUpload",
+                 "ecr:DescribeRepositories",
+                 "ecr:GetRepositoryPolicy",
+                 "ecr:ListImages",
+                 "ecr:DeleteRepository",
+                 "ecr:BatchDeleteImage",
+                 "ecr:SetRepositoryPolicy",
+                 "ecr:DeleteRepositoryPolicy"
+             ]
+         }
+     ]
+ }
+ EOF
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository_policy#policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md b/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md
index 87b440a0f..23bf080e8 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0033/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Use customer managed keys
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::ECR::Repository
@@ -16,4 +13,7 @@ Resources:
       EncryptionConfiguration:
         EncryptionType: KMS
         KmsKey: "alias/ecr-key"
+
 ```
+
+
diff --git a/avd_docs/aws/ecr/AVD-AWS-0033/Terraform.md b/avd_docs/aws/ecr/AVD-AWS-0033/Terraform.md
index 3d1edf5d3..072c59469 100644
--- a/avd_docs/aws/ecr/AVD-AWS-0033/Terraform.md
+++ b/avd_docs/aws/ecr/AVD-AWS-0033/Terraform.md
@@ -2,25 +2,26 @@
 Use customer managed keys
 
 ```hcl
-resource "aws_kms_key" "ecr_kms" {
-  enable_key_rotation = true
-}
-
-resource "aws_ecr_repository" "good_example" {
-  name                 = "bar"
-  image_tag_mutability = "MUTABLE"
-  
-  image_scanning_configuration {
-    scan_on_push = true
-  }
-  
-  encryption_configuration {
-    encryption_type = "KMS"
-    kms_key = aws_kms_key.ecr_kms.key_id
-  }
-}
+ resource "aws_kms_key" "ecr_kms" {
+ 	enable_key_rotation = true
+ }
+ 
+ resource "aws_ecr_repository" "good_example" {
+ 	name                 = "bar"
+ 	image_tag_mutability = "MUTABLE"
+   
+ 	image_scanning_configuration {
+ 	  scan_on_push = true
+ 	}
+ 
+ 	encryption_configuration {
+ 		encryption_type = "KMS"
+ 		kms_key = aws_kms_key.ecr_kms.key_id
+ 	}
+   }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository#encryption_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md b/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md
index c478c44bb..def3d7ad6 100644
--- a/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md
+++ b/avd_docs/aws/ecs/AVD-AWS-0034/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable Container Insights
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: 'AWS::ECS::Cluster'
@@ -13,4 +10,7 @@ Resources:
       ClusterSettings:
         - Name: containerInsights
           Value: enabled
+
 ```
+
+
diff --git a/avd_docs/aws/ecs/AVD-AWS-0034/Terraform.md b/avd_docs/aws/ecs/AVD-AWS-0034/Terraform.md
index 6ab9800b6..2f3310348 100644
--- a/avd_docs/aws/ecs/AVD-AWS-0034/Terraform.md
+++ b/avd_docs/aws/ecs/AVD-AWS-0034/Terraform.md
@@ -2,16 +2,17 @@
 Enable Container Insights
 
 ```hcl
-resource "aws_ecs_cluster" "good_example" {
-  name = "services-cluster"
-  
-  setting {
-    name  = "containerInsights"
-    value = "enabled"
-  }
-}
+ resource "aws_ecs_cluster" "good_example" {
+ 	name = "services-cluster"
+   
+ 	setting {
+ 	  name  = "containerInsights"
+ 	  value = "enabled"
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster#setting
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md b/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md
index bb78a7409..4530960a0 100644
--- a/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md
+++ b/avd_docs/aws/ecs/AVD-AWS-0035/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable in transit encryption when using efs
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: 'AWS::ECS::Cluster'
@@ -40,4 +37,7 @@ Resources:
           EFSVolumeConfiguration:
             FilesystemId: "fs1"
             TransitEncryption: ENABLED
+
 ```
+
+
diff --git a/avd_docs/aws/ecs/AVD-AWS-0035/Terraform.md b/avd_docs/aws/ecs/AVD-AWS-0035/Terraform.md
index f040027f6..319cb1b33 100644
--- a/avd_docs/aws/ecs/AVD-AWS-0035/Terraform.md
+++ b/avd_docs/aws/ecs/AVD-AWS-0035/Terraform.md
@@ -2,27 +2,28 @@
 Enable in transit encryption when using efs
 
 ```hcl
-resource "aws_ecs_task_definition" "good_example" {
-  family                = "service"
-  container_definitions = file("task-definitions/service.json")
-  
-  volume {
-    name = "service-storage"
-    
-    efs_volume_configuration {
-      file_system_id          = aws_efs_file_system.fs.id
-      root_directory          = "/opt/data"
-      transit_encryption      = "ENABLED"
-      transit_encryption_port = 2999
-      authorization_config {
-        access_point_id = aws_efs_access_point.test.id
-        iam             = "ENABLED"
-      }
-    }
-  }
-}
+ resource "aws_ecs_task_definition" "good_example" {
+ 	family                = "service"
+ 	container_definitions = file("task-definitions/service.json")
+   
+ 	volume {
+ 	  name = "service-storage"
+   
+ 	  efs_volume_configuration {
+ 		file_system_id          = aws_efs_file_system.fs.id
+ 		root_directory          = "/opt/data"
+ 		transit_encryption      = "ENABLED"
+ 		transit_encryption_port = 2999
+ 		authorization_config {
+ 		  access_point_id = aws_efs_access_point.test.id
+ 		  iam             = "ENABLED"
+ 		}
+ 	  }
+ 	}
+   }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#transit_encryption
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md b/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md
index 6e4d1d69c..f0c745456 100644
--- a/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md
+++ b/avd_docs/aws/ecs/AVD-AWS-0036/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Use secrets for the task definition
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: 'AWS::ECS::Cluster'
@@ -40,4 +37,7 @@ Resources:
           EFSVolumeConfiguration:
             FilesystemId: "fs1"
             TransitEncryption: ENABLED
+
 ```
+
+
diff --git a/avd_docs/aws/ecs/AVD-AWS-0036/Terraform.md b/avd_docs/aws/ecs/AVD-AWS-0036/Terraform.md
index 8641f7ee1..e031cfcfb 100644
--- a/avd_docs/aws/ecs/AVD-AWS-0036/Terraform.md
+++ b/avd_docs/aws/ecs/AVD-AWS-0036/Terraform.md
@@ -2,23 +2,24 @@
 Use secrets for the task definition
 
 ```hcl
-resource "aws_ecs_task_definition" "good_example" {
-  container_definitions = <<EOF
-  [
-  {
-    "name": "my_service",
-    "essential": true,
-    "memory": 256,
-    "environment": [
-    { "name": "ENVIRONMENT", "value": "development" }
-    ]
-  }
-  ]
-  EOF
-  
-}
+ resource "aws_ecs_task_definition" "good_example" {
+   container_definitions = <<EOF
+ [
+   {
+     "name": "my_service",
+     "essential": true,
+     "memory": 256,
+     "environment": [
+       { "name": "ENVIRONMENT", "value": "development" }
+     ]
+   }
+ ]
+ EOF
+ 
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md b/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md
index 3bc4fa657..33e73a0cb 100644
--- a/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md
+++ b/avd_docs/aws/efs/AVD-AWS-0037/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption for EFS
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::EFS::FileSystem
@@ -16,4 +13,7 @@ Resources:
       PerformanceMode: generalPurpose
       Encrypted: true
       ThroughputMode: bursting
+
 ```
+
+
diff --git a/avd_docs/aws/efs/AVD-AWS-0037/Terraform.md b/avd_docs/aws/efs/AVD-AWS-0037/Terraform.md
index e46174791..ec6dadc26 100644
--- a/avd_docs/aws/efs/AVD-AWS-0037/Terraform.md
+++ b/avd_docs/aws/efs/AVD-AWS-0037/Terraform.md
@@ -2,13 +2,13 @@
 Enable encryption for EFS
 
 ```hcl
-resource "aws_efs_file_system" "good_example" {
-  name       = "bar"
-  encrypted  = true
-  kms_key_id = "my_kms_key"
-}
+ resource "aws_efs_file_system" "good_example" {
+   name       = "bar"
+   encrypted  = true
+   kms_key_id = "my_kms_key"
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/eks/AVD-AWS-0038/Terraform.md b/avd_docs/aws/eks/AVD-AWS-0038/Terraform.md
index 2938d3836..f2c7b51a8 100644
--- a/avd_docs/aws/eks/AVD-AWS-0038/Terraform.md
+++ b/avd_docs/aws/eks/AVD-AWS-0038/Terraform.md
@@ -2,24 +2,25 @@
 Enable logging for the EKS control plane
 
 ```hcl
-resource "aws_eks_cluster" "good_example" {
-  encryption_config {
-    resources = [ "secrets" ]
-    provider {
-      key_arn = var.kms_arn
-    }
-  }
-  
-  enabled_cluster_log_types = ["api", "authenticator", "audit", "scheduler", "controllerManager"]
-  
-  name = "good_example_cluster"
-  role_arn = var.cluster_arn
-  vpc_config {
-    endpoint_public_access = false
-  }
-}
+ resource "aws_eks_cluster" "good_example" {
+     encryption_config {
+         resources = [ "secrets" ]
+         provider {
+             key_arn = var.kms_arn
+         }
+     }
+ 
+ 	enabled_cluster_log_types = ["api", "authenticator", "audit", "scheduler", "controllerManager"]
+ 
+     name = "good_example_cluster"
+     role_arn = var.cluster_arn
+     vpc_config {
+         endpoint_public_access = false
+     }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabled_cluster_log_types
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md b/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md
index a3a801c28..e03a4953e 100644
--- a/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md
+++ b/avd_docs/aws/eks/AVD-AWS-0039/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption of EKS secrets
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: 'AWS::EKS::Cluster'
@@ -24,4 +21,7 @@ Resources:
         SubnetIds:
           - subnet-6782e71e
           - subnet-e7e761ac
+
 ```
+
+
diff --git a/avd_docs/aws/eks/AVD-AWS-0039/Terraform.md b/avd_docs/aws/eks/AVD-AWS-0039/Terraform.md
index a6e333162..9a499ea92 100644
--- a/avd_docs/aws/eks/AVD-AWS-0039/Terraform.md
+++ b/avd_docs/aws/eks/AVD-AWS-0039/Terraform.md
@@ -2,22 +2,23 @@
 Enable encryption of EKS secrets
 
 ```hcl
-resource "aws_eks_cluster" "good_example" {
-  encryption_config {
-    resources = [ "secrets" ]
-    provider {
-      key_arn = var.kms_arn
-    }
-  }
-  
-  name = "good_example_cluster"
-  role_arn = var.cluster_arn
-  vpc_config {
-    endpoint_public_access = false
-  }
-}
+ resource "aws_eks_cluster" "good_example" {
+     encryption_config {
+         resources = [ "secrets" ]
+         provider {
+             key_arn = var.kms_arn
+         }
+     }
+ 
+     name = "good_example_cluster"
+     role_arn = var.cluster_arn
+     vpc_config {
+         endpoint_public_access = false
+     }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#encryption_config
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/eks/AVD-AWS-0040/Terraform.md b/avd_docs/aws/eks/AVD-AWS-0040/Terraform.md
index f93c3714b..71e4ed015 100644
--- a/avd_docs/aws/eks/AVD-AWS-0040/Terraform.md
+++ b/avd_docs/aws/eks/AVD-AWS-0040/Terraform.md
@@ -2,17 +2,18 @@
 Don't enable public access to EKS Clusters
 
 ```hcl
-resource "aws_eks_cluster" "good_example" {
-  // other config
-  
-  name = "good_example_cluster"
-  role_arn = var.cluster_arn
-  vpc_config {
-    endpoint_public_access = false
-  }
-}
+ resource "aws_eks_cluster" "good_example" {
+     // other config 
+ 
+     name = "good_example_cluster"
+     role_arn = var.cluster_arn
+     vpc_config {
+         endpoint_public_access = false
+     }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#endpoint_public_access
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/eks/AVD-AWS-0041/Terraform.md b/avd_docs/aws/eks/AVD-AWS-0041/Terraform.md
index b63f90041..74a497a7e 100644
--- a/avd_docs/aws/eks/AVD-AWS-0041/Terraform.md
+++ b/avd_docs/aws/eks/AVD-AWS-0041/Terraform.md
@@ -2,18 +2,19 @@
 Don't enable public access to EKS Clusters
 
 ```hcl
-resource "aws_eks_cluster" "good_example" {
-  // other config
-  
-  name = "good_example_cluster"
-  role_arn = var.cluster_arn
-  vpc_config {
-    endpoint_public_access = true
-    public_access_cidrs = ["10.2.0.0/8"]
-  }
-}
+ resource "aws_eks_cluster" "good_example" {
+     // other config 
+ 
+     name = "good_example_cluster"
+     role_arn = var.cluster_arn
+     vpc_config {
+         endpoint_public_access = true
+         public_access_cidrs = ["10.2.0.0/8"]
+     }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#vpc_config
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticache/AVD-AWS-0045/Terraform.md b/avd_docs/aws/elasticache/AVD-AWS-0045/Terraform.md
index 63c4dca68..7cfe0952b 100644
--- a/avd_docs/aws/elasticache/AVD-AWS-0045/Terraform.md
+++ b/avd_docs/aws/elasticache/AVD-AWS-0045/Terraform.md
@@ -2,14 +2,15 @@
 Enable at-rest encryption for replication group
 
 ```hcl
-resource "aws_elasticache_replication_group" "good_example" {
-  replication_group_id = "foo"
-  replication_group_description = "my foo cluster"
-  
-  at_rest_encryption_enabled = true
-}
+ resource "aws_elasticache_replication_group" "good_example" {
+         replication_group_id = "foo"
+         replication_group_description = "my foo cluster"
+ 
+         at_rest_encryption_enabled = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#at_rest_encryption_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md b/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md
index 7c32b7ace..d3f2cf4cd 100644
--- a/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md
+++ b/avd_docs/aws/elasticache/AVD-AWS-0049/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Add descriptions for all security groups and rules
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExampleCacheGroup:
     Type: AWS::ElastiCache::SecurityGroup
@@ -20,4 +17,7 @@ Resources:
     Properties: 
       CacheSecurityGroupName: GoodExampleCacheGroup
       EC2SecurityGroupName: GoodExampleEc2SecurityGroup
+
 ```
+
+
diff --git a/avd_docs/aws/elasticache/AVD-AWS-0049/Terraform.md b/avd_docs/aws/elasticache/AVD-AWS-0049/Terraform.md
index 98b9f838a..62602230c 100644
--- a/avd_docs/aws/elasticache/AVD-AWS-0049/Terraform.md
+++ b/avd_docs/aws/elasticache/AVD-AWS-0049/Terraform.md
@@ -3,16 +3,17 @@ Add descriptions for all security groups and rules
 
 ```hcl
 resource "aws_security_group" "bar" {
-  name = "security-group"
+	name = "security-group"
 }
 
 resource "aws_elasticache_security_group" "good_example" {
-  name = "elasticache-security-group"
-  security_group_names = [aws_security_group.bar.name]
-  description = "something"
+	name = "elasticache-security-group"
+	security_group_names = [aws_security_group.bar.name]
+	description = "something"
 }
+	
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_security_group#description
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md b/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md
index 35472c5ef..15d4092f0 100644
--- a/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md
+++ b/avd_docs/aws/elasticache/AVD-AWS-0050/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Configure snapshot retention for redis cluster
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::ElastiCache::CacheCluster
@@ -17,5 +14,8 @@ Resources:
       PreferredAvailabilityZones:
         - us-west-2a
         - us-west-2a
-        - us-west-2b
+        - us-west-2b 
+
 ```
+
+
diff --git a/avd_docs/aws/elasticache/AVD-AWS-0050/Terraform.md b/avd_docs/aws/elasticache/AVD-AWS-0050/Terraform.md
index 95e93b140..06fde6de2 100644
--- a/avd_docs/aws/elasticache/AVD-AWS-0050/Terraform.md
+++ b/avd_docs/aws/elasticache/AVD-AWS-0050/Terraform.md
@@ -2,19 +2,20 @@
 Configure snapshot retention for redis cluster
 
 ```hcl
-resource "aws_elasticache_cluster" "good_example" {
-  cluster_id           = "cluster-example"
-  engine               = "redis"
-  node_type            = "cache.m4.large"
-  num_cache_nodes      = 1
-  parameter_group_name = "default.redis3.2"
-  engine_version       = "3.2.10"
-  port                 = 6379
-  
-  snapshot_retention_limit = 5
-}
+ resource "aws_elasticache_cluster" "good_example" {
+ 	cluster_id           = "cluster-example"
+ 	engine               = "redis"
+ 	node_type            = "cache.m4.large"
+ 	num_cache_nodes      = 1
+ 	parameter_group_name = "default.redis3.2"
+ 	engine_version       = "3.2.10"
+ 	port                 = 6379
+ 
+ 	snapshot_retention_limit = 5
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster#snapshot_retention_limit
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md b/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md
index 2ca444b96..7d204cd9f 100644
--- a/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md
+++ b/avd_docs/aws/elasticache/AVD-AWS-0051/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable in transit encryption for replication group
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: 'AWS::ElastiCache::ReplicationGroup'
@@ -24,4 +21,7 @@ Resources:
       SnapshotRetentionLimit: 5
       SnapshotWindow: '10:00-12:00'   
       TransitEncryptionEnabled: true
+
 ```
+
+
diff --git a/avd_docs/aws/elasticache/AVD-AWS-0051/Terraform.md b/avd_docs/aws/elasticache/AVD-AWS-0051/Terraform.md
index ce6f338db..73c0f94cf 100644
--- a/avd_docs/aws/elasticache/AVD-AWS-0051/Terraform.md
+++ b/avd_docs/aws/elasticache/AVD-AWS-0051/Terraform.md
@@ -2,13 +2,14 @@
 Enable in transit encryption for replication group
 
 ```hcl
-resource "aws_elasticache_replication_group" "good_example" {
-  replication_group_id = "foo"
-  replication_group_description = "my foo cluster"
-  transit_encryption_enabled = true
-}
+ resource "aws_elasticache_replication_group" "good_example" {
+         replication_group_id = "foo"
+         replication_group_description = "my foo cluster"
+         transit_encryption_enabled = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#transit_encryption_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md
index 703fb1c88..99e1befb8 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0042/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable logging for ElasticSearch domains
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Elasticsearch::Domain
@@ -15,7 +12,8 @@ Resources:
         Enabled: true
         KmsKeyId: alias/kmskey
       LogPublishingOptions:
-        Enabled: true
+        AUDIT_LOGS:
+          Enabled: true
       ElasticsearchClusterConfig:
         DedicatedMasterEnabled: true
         InstanceCount: '2'
@@ -28,4 +26,7 @@ Resources:
         Iops: '0'
         VolumeSize: '20'
         VolumeType: 'gp2'
+
 ```
+
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0042/Terraform.md b/avd_docs/aws/elasticsearch/AVD-AWS-0042/Terraform.md
index be3a407f8..05d4bcc2c 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0042/Terraform.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0042/Terraform.md
@@ -2,18 +2,19 @@
 Enable logging for ElasticSearch domains
 
 ```hcl
-resource "aws_elasticsearch_domain" "good_example" {
-  domain_name           = "example"
-  elasticsearch_version = "1.5"
-  
-  log_publishing_options {
-    cloudwatch_log_group_arn = aws_cloudwatch_log_group.example.arn
-    log_type                 = "AUDIT_LOGS"
-    enabled                  = true
-  }
-}
+ resource "aws_elasticsearch_domain" "good_example" {
+   domain_name           = "example"
+   elasticsearch_version = "1.5"
+ 
+   log_publishing_options {
+     cloudwatch_log_group_arn = aws_cloudwatch_log_group.example.arn
+     log_type                 = "AUDIT_LOGS"
+     enabled                  = true  
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#log_type
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md
index 8344bcd3c..4b71c5a86 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0043/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encrypted node to node communication
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Elasticsearch::Domain
@@ -28,4 +25,7 @@ Resources:
         VolumeType: 'gp2'
       NodeToNodeEncryptionOptions:
         Enabled: true
+
 ```
+
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0043/Terraform.md b/avd_docs/aws/elasticsearch/AVD-AWS-0043/Terraform.md
index fb57e183f..6514328f8 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0043/Terraform.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0043/Terraform.md
@@ -2,15 +2,16 @@
 Enable encrypted node to node communication
 
 ```hcl
-resource "aws_elasticsearch_domain" "good_example" {
-  domain_name = "domain-foo"
-  
-  node_to_node_encryption {
-    enabled = true
-  }
-}
+ resource "aws_elasticsearch_domain" "good_example" {
+   domain_name = "domain-foo"
+ 
+   node_to_node_encryption {
+     enabled = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#encrypt_at_rest
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md
index 5355649cf..f26427a95 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0046/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enforce the use of HTTPS for ElasticSearch
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Elasticsearch::Domain
@@ -29,4 +26,7 @@ Resources:
         Iops: '0'
         VolumeSize: '20'
         VolumeType: 'gp2'
+
 ```
+
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0046/Terraform.md b/avd_docs/aws/elasticsearch/AVD-AWS-0046/Terraform.md
index f43de4c21..a4b9fd681 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0046/Terraform.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0046/Terraform.md
@@ -2,15 +2,16 @@
 Enforce the use of HTTPS for ElasticSearch
 
 ```hcl
-resource "aws_elasticsearch_domain" "good_example" {
-  domain_name = "domain-foo"
-  
-  domain_endpoint_options {
-    enforce_https = true
-  }
-}
+ resource "aws_elasticsearch_domain" "good_example" {
+   domain_name = "domain-foo"
+ 
+   domain_endpoint_options {
+     enforce_https = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#enforce_https
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md
index c72a9be71..66839d551 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0048/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable ElasticSearch domain encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Elasticsearch::Domain
@@ -26,4 +23,7 @@ Resources:
         Iops: '0'
         VolumeSize: '20'
         VolumeType: 'gp2'
+
 ```
+
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0048/Terraform.md b/avd_docs/aws/elasticsearch/AVD-AWS-0048/Terraform.md
index b03e02942..416021d38 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0048/Terraform.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0048/Terraform.md
@@ -2,15 +2,16 @@
 Enable ElasticSearch domain encryption
 
 ```hcl
-resource "aws_elasticsearch_domain" "good_example" {
-  domain_name = "domain-foo"
-  
-  encrypt_at_rest {
-    enabled = true
-  }
-}
+ resource "aws_elasticsearch_domain" "good_example" {
+   domain_name = "domain-foo"
+ 
+   encrypt_at_rest {
+     enabled = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#encrypt_at_rest
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md b/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md
index 8ab0a6e67..41ad3cff1 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0126/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Use the most modern TLS/SSL policies available
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Elasticsearch::Domain
@@ -28,4 +25,7 @@ Resources:
         Iops: '0'
         VolumeSize: '20'
         VolumeType: 'gp2'
+
 ```
+
+
diff --git a/avd_docs/aws/elasticsearch/AVD-AWS-0126/Terraform.md b/avd_docs/aws/elasticsearch/AVD-AWS-0126/Terraform.md
index d2e99282d..95e2476ab 100644
--- a/avd_docs/aws/elasticsearch/AVD-AWS-0126/Terraform.md
+++ b/avd_docs/aws/elasticsearch/AVD-AWS-0126/Terraform.md
@@ -2,16 +2,17 @@
 Use the most modern TLS/SSL policies available
 
 ```hcl
-resource "aws_elasticsearch_domain" "good_example" {
-  domain_name = "domain-foo"
-  
-  domain_endpoint_options {
-    enforce_https = true
-    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
-  }
-}
+ resource "aws_elasticsearch_domain" "good_example" {
+   domain_name = "domain-foo"
+ 
+   domain_endpoint_options {
+     enforce_https = true
+     tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#tls_security_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elb/AVD-AWS-0047/Terraform.md b/avd_docs/aws/elb/AVD-AWS-0047/Terraform.md
index 3f00b729c..564997c37 100644
--- a/avd_docs/aws/elb/AVD-AWS-0047/Terraform.md
+++ b/avd_docs/aws/elb/AVD-AWS-0047/Terraform.md
@@ -2,12 +2,13 @@
 Use a more recent TLS/SSL policy for the load balancer
 
 ```hcl
-resource "aws_alb_listener" "good_example" {
-  ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
-  protocol = "HTTPS"
-}
+ resource "aws_alb_listener" "good_example" {
+ 	ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
+ 	protocol = "HTTPS"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elb/AVD-AWS-0052/Terraform.md b/avd_docs/aws/elb/AVD-AWS-0052/Terraform.md
index 5a232488b..d12b6629d 100644
--- a/avd_docs/aws/elb/AVD-AWS-0052/Terraform.md
+++ b/avd_docs/aws/elb/AVD-AWS-0052/Terraform.md
@@ -2,21 +2,22 @@
 Set drop_invalid_header_fields to true
 
 ```hcl
-resource "aws_alb" "good_example" {
-  name               = "good_alb"
-  internal           = false
-  load_balancer_type = "application"
-  
-  access_logs {
-    bucket  = aws_s3_bucket.lb_logs.bucket
-    prefix  = "test-lb"
-    enabled = true
-  }
-  
-  drop_invalid_header_fields = true
-}
+ resource "aws_alb" "good_example" {
+ 	name               = "good_alb"
+ 	internal           = false
+ 	load_balancer_type = "application"
+ 	
+ 	access_logs {
+ 	  bucket  = aws_s3_bucket.lb_logs.bucket
+ 	  prefix  = "test-lb"
+ 	  enabled = true
+ 	}
+   
+ 	drop_invalid_header_fields = true
+   }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb#drop_invalid_header_fields
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elb/AVD-AWS-0053/Terraform.md b/avd_docs/aws/elb/AVD-AWS-0053/Terraform.md
index ba15c9836..d463fedc4 100644
--- a/avd_docs/aws/elb/AVD-AWS-0053/Terraform.md
+++ b/avd_docs/aws/elb/AVD-AWS-0053/Terraform.md
@@ -2,11 +2,12 @@
 Switch to an internal load balancer or add a tfsec ignore
 
 ```hcl
-resource "aws_alb" "good_example" {
-  internal = true
-}
+ resource "aws_alb" "good_example" {
+ 	internal = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/elb/AVD-AWS-0054/Terraform.md b/avd_docs/aws/elb/AVD-AWS-0054/Terraform.md
index c3b8c76bc..1aa76bd38 100644
--- a/avd_docs/aws/elb/AVD-AWS-0054/Terraform.md
+++ b/avd_docs/aws/elb/AVD-AWS-0054/Terraform.md
@@ -2,11 +2,12 @@
 Switch to HTTPS to benefit from TLS security features
 
 ```hcl
-resource "aws_alb_listener" "good_example" {
-  protocol = "HTTPS"
-}
+ resource "aws_alb_listener" "good_example" {
+ 	protocol = "HTTPS"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/emr/AVD-AWS-0137/Terraform.md b/avd_docs/aws/emr/AVD-AWS-0137/Terraform.md
index 63e552cc5..87b822185 100644
--- a/avd_docs/aws/emr/AVD-AWS-0137/Terraform.md
+++ b/avd_docs/aws/emr/AVD-AWS-0137/Terraform.md
@@ -1,29 +1,30 @@
-At-rest encryption for emr security configuration
 
-```hcl
-resource "aws_emr_security_configuration" "foo" {
-  name = "emrsc_other"
+Enable at-rest encryption for EMR cluster
 
-  configuration = <<EOF
-{
-  "EncryptionConfiguration": {
-    "AtRestEncryptionConfiguration": {
-      "S3EncryptionConfiguration": {
-        "EncryptionMode": "SSE-S3"
+```hcl
+  resource "aws_emr_security_configuration" "good_example" {
+    name = "emrsc_other"
+  
+    configuration = <<EOF
+  {
+    "EncryptionConfiguration": {
+      "AtRestEncryptionConfiguration": {
+        "S3EncryptionConfiguration": {
+          "EncryptionMode": "SSE-S3"
+        },
+        "LocalDiskEncryptionConfiguration": {
+          "EncryptionKeyProviderType": "AwsKms",
+          "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
+        }
       },
-      "LocalDiskEncryptionConfiguration": {
-        "EncryptionKeyProviderType": "AwsKms",
-        "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
-      }
-    },
-    "EnableInTransitEncryption": true,
-    "EnableAtRestEncryption": true
+      "EnableInTransitEncryption": true,
+      "EnableAtRestEncryption": true
+    }
+  }
+  EOF
   }
-}
-EOF
-}
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/emr_security_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/emr/AVD-AWS-0138/Terraform.md b/avd_docs/aws/emr/AVD-AWS-0138/Terraform.md
index bb129b575..68fe7a675 100644
--- a/avd_docs/aws/emr/AVD-AWS-0138/Terraform.md
+++ b/avd_docs/aws/emr/AVD-AWS-0138/Terraform.md
@@ -1,29 +1,30 @@
-In-transit encryption for emr security configuration
 
-```hcl
-resource "aws_emr_security_configuration" "foo" {
-  name = "emrsc_other"
+Enable in-transit encryption for EMR cluster
 
-  configuration = <<EOF
-{
-  "EncryptionConfiguration": {
-    "AtRestEncryptionConfiguration": {
-      "S3EncryptionConfiguration": {
-        "EncryptionMode": "SSE-S3"
+```hcl
+  resource "aws_emr_security_configuration" "good_example" {
+    name = "emrsc_other"
+  
+    configuration = <<EOF
+  {
+    "EncryptionConfiguration": {
+      "AtRestEncryptionConfiguration": {
+        "S3EncryptionConfiguration": {
+          "EncryptionMode": "SSE-S3"
+        },
+        "LocalDiskEncryptionConfiguration": {
+          "EncryptionKeyProviderType": "AwsKms",
+          "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
+        }
       },
-      "LocalDiskEncryptionConfiguration": {
-        "EncryptionKeyProviderType": "AwsKms",
-        "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
-      }
-    },
-    "EnableInTransitEncryption": true,
-    "EnableAtRestEncryption": true
+      "EnableInTransitEncryption": true,
+      "EnableAtRestEncryption": true
+    }
+  }
+  EOF
   }
-}
-EOF
-}
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/emr_security_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/emr/AVD-AWS-0139/Terraform.md b/avd_docs/aws/emr/AVD-AWS-0139/Terraform.md
index fe1826522..b48b12bfe 100644
--- a/avd_docs/aws/emr/AVD-AWS-0139/Terraform.md
+++ b/avd_docs/aws/emr/AVD-AWS-0139/Terraform.md
@@ -1,29 +1,30 @@
-Local-disk encryption for emr security configuration
 
-```hcl
-resource "aws_emr_security_configuration" "foo" {
-  name = "emrsc_other"
+Enable local-disk encryption for EMR cluster
 
-  configuration = <<EOF
-{
-  "EncryptionConfiguration": {
-    "AtRestEncryptionConfiguration": {
-      "S3EncryptionConfiguration": {
-        "EncryptionMode": "SSE-S3"
+```hcl
+  resource "aws_emr_security_configuration" "good_example" {
+    name = "emrsc_other"
+  
+    configuration = <<EOF
+  {
+    "EncryptionConfiguration": {
+      "AtRestEncryptionConfiguration": {
+        "S3EncryptionConfiguration": {
+          "EncryptionMode": "SSE-S3"
+        },
+        "LocalDiskEncryptionConfiguration": {
+          "EncryptionKeyProviderType": "AwsKms",
+          "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
+        }
       },
-      "LocalDiskEncryptionConfiguration": {
-        "EncryptionKeyProviderType": "AwsKms",
-        "AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
-      }
-    },
-    "EnableInTransitEncryption": true,
-    "EnableAtRestEncryption": true
+      "EnableInTransitEncryption": true,
+      "EnableAtRestEncryption": true
+    }
+  }
+  EOF
   }
-}
-EOF
-}
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/emr_security_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0056/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0056/Terraform.md
index 08bbbf00d..6b43b4583 100644
--- a/avd_docs/aws/iam/AVD-AWS-0056/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0056/Terraform.md
@@ -2,13 +2,14 @@
 Prevent password reuse in the policy
 
 ```hcl
-resource "aws_iam_account_password_policy" "good_example" {
-  # ...
-  password_reuse_prevention = 5
-  # ...
-}
+ resource "aws_iam_account_password_policy" "good_example" {
+ 	# ...
+ 	password_reuse_prevention = 5
+ 	# ...
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0057/CloudFormation.md b/avd_docs/aws/iam/AVD-AWS-0057/CloudFormation.md
index eecd5ef97..a83817323 100644
--- a/avd_docs/aws/iam/AVD-AWS-0057/CloudFormation.md
+++ b/avd_docs/aws/iam/AVD-AWS-0057/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of policy
 Resources:
@@ -19,4 +16,7 @@ Resources:
             Action:
               - 's3:ListBuckets'
             Resource: 'specific-bucket'
+
 ```
+
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0057/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0057/Terraform.md
index 0969e680e..d9ef5b23f 100644
--- a/avd_docs/aws/iam/AVD-AWS-0057/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0057/Terraform.md
@@ -2,42 +2,43 @@
 Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
 
 ```hcl
-resource "aws_iam_role_policy" "test_policy" {
-  name = "test_policy"
-  role = aws_iam_role.test_role.id
-  
-  policy = data.aws_iam_policy_document.s3_policy.json
-}
-
-resource "aws_iam_role" "test_role" {
-  name = "test_role"
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-    {
-      Action = "sts:AssumeRole"
-      Effect = "Allow"
-      Sid    = ""
-      Principal = {
-        Service = "s3.amazonaws.com"
-      }
-      },
-      ]
-      })
-    }
-    
-    data "aws_iam_policy_document" "s3_policy" {
-      statement {
-        principals {
-          type        = "AWS"
-          identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
-        }
-        actions   = ["s3:GetObject"]
-        resources = [aws_s3_bucket.example.arn]
-      }
-    }
+ resource "aws_iam_role_policy" "test_policy" {
+ 	name = "test_policy"
+ 	role = aws_iam_role.test_role.id
+ 
+ 	policy = data.aws_iam_policy_document.s3_policy.json
+ }
+ 
+ resource "aws_iam_role" "test_role" {
+ 	name = "test_role"
+ 	assume_role_policy = jsonencode({
+ 		Version = "2012-10-17"
+ 		Statement = [
+ 		{
+ 			Action = "sts:AssumeRole"
+ 			Effect = "Allow"
+ 			Sid    = ""
+ 			Principal = {
+ 			Service = "s3.amazonaws.com"
+ 			}
+ 		},
+ 		]
+ 	})
+ }
+ 
+ data "aws_iam_policy_document" "s3_policy" {
+   statement {
+     principals {
+       type        = "AWS"
+       identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
+     }
+     actions   = ["s3:GetObject"]
+     resources = [aws_s3_bucket.example.arn]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0058/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0058/Terraform.md
index 677c8115f..0d57b6162 100644
--- a/avd_docs/aws/iam/AVD-AWS-0058/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0058/Terraform.md
@@ -2,13 +2,13 @@
 Enforce longer, more complex passwords in the policy
 
 ```hcl
-resource "aws_iam_account_password_policy" "good_example" {
-  # ...
-  require_lowercase_characters = true
-  # ...
-}
+ resource "aws_iam_account_password_policy" "good_example" {
+ 	# ...
+ 	require_lowercase_characters = true
+ 	# ...
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0059/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0059/Terraform.md
index 3b9443181..ad45c0621 100644
--- a/avd_docs/aws/iam/AVD-AWS-0059/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0059/Terraform.md
@@ -2,13 +2,14 @@
 Enforce longer, more complex passwords in the policy
 
 ```hcl
-resource "aws_iam_account_password_policy" "good_example" {
-  # ...
-  require_numbers = true
-  # ...
-}
+ resource "aws_iam_account_password_policy" "good_example" {
+ 	# ...
+ 	require_numbers = true
+ 	# ...
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0060/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0060/Terraform.md
index 58b0a3071..9a7bfc9b4 100644
--- a/avd_docs/aws/iam/AVD-AWS-0060/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0060/Terraform.md
@@ -2,13 +2,14 @@
 Enforce longer, more complex passwords in the policy
 
 ```hcl
-resource "aws_iam_account_password_policy" "good_example" {
-  # ...
-  require_symbols = true
-  # ...
-}
+ resource "aws_iam_account_password_policy" "good_example" {
+ 	# ...
+ 	require_symbols = true
+ 	# ...
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0061/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0061/Terraform.md
index 2061bc521..0194aef9a 100644
--- a/avd_docs/aws/iam/AVD-AWS-0061/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0061/Terraform.md
@@ -2,13 +2,14 @@
 Enforce longer, more complex passwords in the policy
 
 ```hcl
-resource "aws_iam_account_password_policy" "good_example" {
-  # ...
-  require_uppercase_characters = true
-  # ...
-}
+ resource "aws_iam_account_password_policy" "good_example" {
+ 	# ...
+ 	require_uppercase_characters = true
+ 	# ...
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0062/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0062/Terraform.md
index df50490ba..a0b04eafa 100644
--- a/avd_docs/aws/iam/AVD-AWS-0062/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0062/Terraform.md
@@ -3,10 +3,10 @@ Limit the password duration with an expiry in the policy
 
 ```hcl
 resource "aws_iam_account_password_policy" "good_example" {
-  max_password_age = 90
+	max_password_age = 90
 }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0063/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0063/Terraform.md
index e8396c82b..b61b23c05 100644
--- a/avd_docs/aws/iam/AVD-AWS-0063/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0063/Terraform.md
@@ -3,10 +3,11 @@ Enforce longer, more complex passwords in the policy
 
 ```hcl
 resource "aws_iam_account_password_policy" "good_example" {
-  minimum_password_length = 14
+	minimum_password_length = 14
 }
+	
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md
index 13273884e..c1ac8a8e0 100644
--- a/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md
+++ b/avd_docs/aws/iam/AVD-AWS-0123/Terraform.md
@@ -2,26 +2,127 @@
 Use terraform-module/enforce-mfa/aws to ensure that MFA is enforced
 
 ```hcl
-data aws_caller_identity current {}
+resource "aws_iam_group" "support" {
+  name =  "support"
+}
+resource aws_iam_group_policy mfa {
+   
+    group = aws_iam_group.support.name
+    policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Action": "ec2:*",
+      "Resource": "*",
+      "Condition": {
+          "Bool": {
+              "aws:MultiFactorAuthPresent": ["true"]
+          }
+      }
+    }
+  ]
+}
+EOF
+}
 
-resource aws_iam_group support {
+```
+```hcl
+resource "aws_iam_group" "support" {
   name =  "support"
 }
+resource aws_iam_policy mfa {
+   
+    name = "something"
+    policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Action": "ec2:*",
+      "Resource": "*",
+      "Condition": {
+          "Bool": {
+              "aws:MultiFactorAuthPresent": ["true"]
+          }
+      }
+    }
+  ]
+}
+EOF
+}
+resource aws_iam_group_policy_attachment attach {
+    group = aws_iam_group.support.name
+    policy_arn = aws_iam_policy.mfa.id
+}
 
-module enforce_mfa {
-  source  = "terraform-module/enforce-mfa/aws"
-  version = "0.12.0"
-  
-  policy_name                     = "managed-mfa-enforce"
-  account_id                      = data.aws_caller_identity.current.id
-  groups                          = [aws_iam_group.support.name]
-  manage_own_signing_certificates  = true
-  manage_own_ssh_public_keys      = true
-  manage_own_git_credentials      = true
+```
+```hcl
+resource "aws_iam_group" "support" {
+  name =  "support"
+}
+resource aws_iam_group_policy mfa {
+  group = aws_iam_group.support.name
+  policy = data.aws_iam_policy_document.combined.json
+}
+data "aws_iam_policy_document" "policy_override" {
+  statement {
+    sid    = "main"
+    effect = "Allow"
+    actions   = ["s3:*"]
+    resources = ["*"]
+    condition {
+        test = "Bool"
+        variable = "aws:MultiFactorAuthPresent"
+        values = ["true"]
+    }
+  }
+}
+data "aws_iam_policy_document" "policy_source" {
+  statement {
+    sid    = "main"
+    effect = "Allow"
+    actions   = ["iam:*"]
+    resources = ["*"]
+  }
 }
+data "aws_iam_policy_document" "policy_misc" {
+  statement {
+    sid    = "misc"
+    effect = "Deny"
+    actions   = ["logs:*"]
+    resources = ["*"]
+  }
+}
+data "aws_iam_policy_document" "combined" {
+  source_json = <<EOF
+    {
+        "Id": "base"
+    }
+EOF
+  source_policy_documents = [
+    data.aws_iam_policy_document.policy_source.json
+  ]
+  override_policy_documents = [
+    data.aws_iam_policy_document.policy_override.json,
+    data.aws_iam_policy_document.policy_misc.json
+  ]
+  statement {
+    sid    = "whatever"
+    effect = "Deny"
+    actions   = ["*"]
+    resources = ["*"]
+  }
+}
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/modules/terraform-module/enforce-mfa/aws/latest
+
  - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0141/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0141/Terraform.md
new file mode 100644
index 000000000..0a9c0dd01
--- /dev/null
+++ b/avd_docs/aws/iam/AVD-AWS-0141/Terraform.md
@@ -0,0 +1,13 @@
+
+Use lower privileged accounts instead, so only required privileges are available.
+
+```hcl
+resource "aws_iam_access_key" "good_example" {
+ 	user = "lowprivuser"
+}
+ 			
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key
+
diff --git a/avd_docs/aws/iam/AVD-AWS-0143/Terraform.md b/avd_docs/aws/iam/AVD-AWS-0143/Terraform.md
new file mode 100644
index 000000000..2215dea1f
--- /dev/null
+++ b/avd_docs/aws/iam/AVD-AWS-0143/Terraform.md
@@ -0,0 +1,48 @@
+
+Grant policies at the group level instead.
+
+```hcl
+resource "aws_iam_group" "developers" {
+  name = "developers"
+  path = "/users/"
+}
+
+resource "aws_iam_user" "jim" {
+  name = "jim"
+}
+
+resource "aws_iam_group_membership" "devteam" {
+  name = "developers-team"
+
+  users = [
+    aws_iam_user.jim.name,
+  ]
+
+  group = aws_iam_group.developers.name
+}
+
+resource "aws_iam_group_policy" "ec2policy" {
+  name = "test"
+  group = aws_iam_group.developers.name
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+ 			
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user
+
diff --git a/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md b/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md
index f8ea866e5..96b99c9c3 100644
--- a/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md
+++ b/avd_docs/aws/kinesis/AVD-AWS-0064/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable in transit encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Kinesis::Stream
@@ -19,4 +16,7 @@ Resources:
         -
           Key: Environment 
           Value: Production
+
 ```
+
+
diff --git a/avd_docs/aws/kinesis/AVD-AWS-0064/Terraform.md b/avd_docs/aws/kinesis/AVD-AWS-0064/Terraform.md
index 7ce1686ff..c770c5794 100644
--- a/avd_docs/aws/kinesis/AVD-AWS-0064/Terraform.md
+++ b/avd_docs/aws/kinesis/AVD-AWS-0064/Terraform.md
@@ -2,12 +2,13 @@
 Enable in transit encryption
 
 ```hcl
-resource "aws_kinesis_stream" "good_example" {
-  encryption_type = "KMS"
-  kms_key_id = "my/special/key"
-}
+ resource "aws_kinesis_stream" "good_example" {
+ 	encryption_type = "KMS"
+ 	kms_key_id = "my/special/key"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream#encryption_type
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/kms/AVD-AWS-0065/Terraform.md b/avd_docs/aws/kms/AVD-AWS-0065/Terraform.md
index f0f6c97f1..74228a68e 100644
--- a/avd_docs/aws/kms/AVD-AWS-0065/Terraform.md
+++ b/avd_docs/aws/kms/AVD-AWS-0065/Terraform.md
@@ -2,11 +2,12 @@
 Configure KMS key to auto rotate
 
 ```hcl
-resource "aws_kms_key" "good_example" {
-  enable_key_rotation = true
-}
+ resource "aws_kms_key" "good_example" {
+ 	enable_key_rotation = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key#enable_key_rotation
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md b/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md
index 2d9b3f489..b08a117f4 100644
--- a/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md
+++ b/avd_docs/aws/lambda/AVD-AWS-0066/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable tracing
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   Function:
     Type: AWS::Lambda::Function
@@ -25,3 +22,5 @@ Resources:
           - subnet-071f712345678e7c8
           - subnet-07fd123456788a036
 ```
+
+
diff --git a/avd_docs/aws/lambda/AVD-AWS-0066/Terraform.md b/avd_docs/aws/lambda/AVD-AWS-0066/Terraform.md
index 3e7f62c69..9aced68b5 100644
--- a/avd_docs/aws/lambda/AVD-AWS-0066/Terraform.md
+++ b/avd_docs/aws/lambda/AVD-AWS-0066/Terraform.md
@@ -2,50 +2,51 @@
 Enable tracing
 
 ```hcl
-resource "aws_iam_role" "iam_for_lambda" {
-  name = "iam_for_lambda"
-  
-  assume_role_policy = <<EOF
-  {
-    "Version": "2012-10-17",
-    "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "lambda.amazonaws.com"
-        },
-        "Effect": "Allow",
-        "Sid": ""
-      }
-      ]
-    }
-    EOF
-  }
-  
-  resource "aws_lambda_function" "good_example" {
-    filename      = "lambda_function_payload.zip"
-    function_name = "lambda_function_name"
-    role          = aws_iam_role.iam_for_lambda.arn
-    handler       = "exports.test"
-    
-    # The filebase64sha256() function is available in Terraform 0.11.12 and later
-    # For Terraform 0.11.11 and earlier, use the base64sha256() function and the file() function:
-    # source_code_hash = "${base64sha256(file("lambda_function_payload.zip"))}"
-    source_code_hash = filebase64sha256("lambda_function_payload.zip")
-    
-    runtime = "nodejs12.x"
-    
-    environment {
-      variables = {
-        foo = "bar"
-      }
-    }
-    tracing_config {
-      mode = "something"
-    }
-  }
+ resource "aws_iam_role" "iam_for_lambda" {
+   name = "iam_for_lambda"
+ 
+   assume_role_policy = <<EOF
+ {
+   "Version": "2012-10-17",
+   "Statement": [
+     {
+       "Action": "sts:AssumeRole",
+       "Principal": {
+         "Service": "lambda.amazonaws.com"
+       },
+       "Effect": "Allow",
+       "Sid": ""
+     }
+   ]
+ }
+ EOF
+ }
+ 
+ resource "aws_lambda_function" "good_example" {
+   filename      = "lambda_function_payload.zip"
+   function_name = "lambda_function_name"
+   role          = aws_iam_role.iam_for_lambda.arn
+   handler       = "exports.test"
+ 
+   # The filebase64sha256() function is available in Terraform 0.11.12 and later
+   # For Terraform 0.11.11 and earlier, use the base64sha256() function and the file() function:
+   # source_code_hash = "${base64sha256(file("lambda_function_payload.zip"))}"
+   source_code_hash = filebase64sha256("lambda_function_payload.zip")
+ 
+   runtime = "nodejs12.x"
+ 
+   environment {
+     variables = {
+       foo = "bar"
+     }
+   }
+   tracing_config {
+     mode = "Active"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#mode
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md b/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md
index a1f9c4176..92b925877 100644
--- a/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md
+++ b/avd_docs/aws/lambda/AVD-AWS-0067/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Always provide a source arn for Lambda permissions
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::Lambda::Function
@@ -31,4 +28,8 @@ Resources:
       Action: lambda:InvokeFunction
       Principal: s3.amazonaws.com
       SourceArn: "lambda.amazonaws.com"
+  
+
 ```
+
+
diff --git a/avd_docs/aws/lambda/AVD-AWS-0067/Terraform.md b/avd_docs/aws/lambda/AVD-AWS-0067/Terraform.md
index 4d95c762f..1ae4a7851 100644
--- a/avd_docs/aws/lambda/AVD-AWS-0067/Terraform.md
+++ b/avd_docs/aws/lambda/AVD-AWS-0067/Terraform.md
@@ -3,14 +3,15 @@ Always provide a source arn for Lambda permissions
 
 ```hcl
 resource "aws_lambda_permission" "good_example" {
-  statement_id = "AllowExecutionFromSNS"
-  action = "lambda:InvokeFunction"
-  function_name = aws_lambda_function.func.function_name
-  principal = "sns.amazonaws.com"
-  source_arn = aws_sns_topic.default.arn
+	statement_id = "AllowExecutionFromSNS"
+	action = "lambda:InvokeFunction"
+	function_name = aws_lambda_function.func.function_name
+	principal = "sns.amazonaws.com"
+	source_arn = aws_sns_topic.default.arn
 }
+		
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md
index 5a6d354bc..e71d17229 100644
--- a/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md
+++ b/avd_docs/aws/mq/AVD-AWS-0070/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable audit logging
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       Logs:
         Audit: true
+
+
 ```
+
+
diff --git a/avd_docs/aws/mq/AVD-AWS-0070/Terraform.md b/avd_docs/aws/mq/AVD-AWS-0070/Terraform.md
index ab8aec3d1..950c475e3 100644
--- a/avd_docs/aws/mq/AVD-AWS-0070/Terraform.md
+++ b/avd_docs/aws/mq/AVD-AWS-0070/Terraform.md
@@ -2,29 +2,30 @@
 Enable audit logging
 
 ```hcl
-resource "aws_mq_broker" "good_example" {
-  broker_name = "example"
-  
-  configuration {
-    id       = aws_mq_configuration.test.id
-    revision = aws_mq_configuration.test.latest_revision
-  }
-  
-  engine_type        = "ActiveMQ"
-  engine_version     = "5.15.0"
-  host_instance_type = "mq.t2.micro"
-  security_groups    = [aws_security_group.test.id]
-  
-  user {
-    username = "ExampleUser"
-    password = "MindTheGap"
-  }
-  logs {
-    audit = true
-  }
-}
+ resource "aws_mq_broker" "good_example" {
+   broker_name = "example"
+ 
+   configuration {
+     id       = aws_mq_configuration.test.id
+     revision = aws_mq_configuration.test.latest_revision
+   }
+ 
+   engine_type        = "ActiveMQ"
+   engine_version     = "5.15.0"
+   host_instance_type = "mq.t2.micro"
+   security_groups    = [aws_security_group.test.id]
+ 
+   user {
+     username = "ExampleUser"
+     password = "MindTheGap"
+   }
+   logs {
+     audit = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#audit
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md
index a10baa55d..a2363b8de 100644
--- a/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md
+++ b/avd_docs/aws/mq/AVD-AWS-0071/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable general logging
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       Logs:
         General: true
+
+
 ```
+
+
diff --git a/avd_docs/aws/mq/AVD-AWS-0071/Terraform.md b/avd_docs/aws/mq/AVD-AWS-0071/Terraform.md
index 6799b77dc..c0ed8ab86 100644
--- a/avd_docs/aws/mq/AVD-AWS-0071/Terraform.md
+++ b/avd_docs/aws/mq/AVD-AWS-0071/Terraform.md
@@ -2,29 +2,30 @@
 Enable general logging
 
 ```hcl
-resource "aws_mq_broker" "good_example" {
-  broker_name = "example"
-  
-  configuration {
-    id       = aws_mq_configuration.test.id
-    revision = aws_mq_configuration.test.latest_revision
-  }
-  
-  engine_type        = "ActiveMQ"
-  engine_version     = "5.15.0"
-  host_instance_type = "mq.t2.micro"
-  security_groups    = [aws_security_group.test.id]
-  
-  user {
-    username = "ExampleUser"
-    password = "MindTheGap"
-  }
-  logs {
-    general = true
-  }
-}
+ resource "aws_mq_broker" "good_example" {
+   broker_name = "example"
+ 
+   configuration {
+     id       = aws_mq_configuration.test.id
+     revision = aws_mq_configuration.test.latest_revision
+   }
+ 
+   engine_type        = "ActiveMQ"
+   engine_version     = "5.15.0"
+   host_instance_type = "mq.t2.micro"
+   security_groups    = [aws_security_group.test.id]
+ 
+   user {
+     username = "ExampleUser"
+     password = "MindTheGap"
+   }
+   logs {
+     general = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#general
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md b/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md
index 247185789..8aad33210 100644
--- a/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md
+++ b/avd_docs/aws/mq/AVD-AWS-0072/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Disable public access when not required
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -12,4 +9,8 @@ Resources:
     Type: AWS::AmazonMQ::Broker
     Properties:
       PubliclyAccessible: false
+
+
 ```
+
+
diff --git a/avd_docs/aws/mq/AVD-AWS-0072/Terraform.md b/avd_docs/aws/mq/AVD-AWS-0072/Terraform.md
index 8dbef306f..10ea73e44 100644
--- a/avd_docs/aws/mq/AVD-AWS-0072/Terraform.md
+++ b/avd_docs/aws/mq/AVD-AWS-0072/Terraform.md
@@ -2,27 +2,28 @@
 Disable public access when not required
 
 ```hcl
-resource "aws_mq_broker" "good_example" {
-  broker_name = "example"
-  
-  configuration {
-    id       = aws_mq_configuration.test.id
-    revision = aws_mq_configuration.test.latest_revision
-  }
-  
-  engine_type        = "ActiveMQ"
-  engine_version     = "5.15.0"
-  host_instance_type = "mq.t2.micro"
-  security_groups    = [aws_security_group.test.id]
-  
-  user {
-    username = "ExampleUser"
-    password = "MindTheGap"
-  }
-  publicly_accessible = false
-}
+ resource "aws_mq_broker" "good_example" {
+   broker_name = "example"
+ 
+   configuration {
+     id       = aws_mq_configuration.test.id
+     revision = aws_mq_configuration.test.latest_revision
+   }
+ 
+   engine_type        = "ActiveMQ"
+   engine_version     = "5.15.0"
+   host_instance_type = "mq.t2.micro"
+   security_groups    = [aws_security_group.test.id]
+ 
+   user {
+     username = "ExampleUser"
+     password = "MindTheGap"
+   }
+   publicly_accessible = false
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#publicly_accessible
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md
index 387220b31..b9f7fa1b2 100644
--- a/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md
+++ b/avd_docs/aws/msk/AVD-AWS-0073/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable in transit encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -14,4 +11,7 @@ Resources:
       EncryptionInfo:
         EncryptionInTransit:
           ClientBroker: "TLS"
+
 ```
+
+
diff --git a/avd_docs/aws/msk/AVD-AWS-0073/Terraform.md b/avd_docs/aws/msk/AVD-AWS-0073/Terraform.md
index df410786f..dd3094c65 100644
--- a/avd_docs/aws/msk/AVD-AWS-0073/Terraform.md
+++ b/avd_docs/aws/msk/AVD-AWS-0073/Terraform.md
@@ -2,16 +2,17 @@
 Enable in transit encryption
 
 ```hcl
-resource "aws_msk_cluster" "good_example" {
-  encryption_info {
-    encryption_in_transit {
-      client_broker = "TLS"
-      in_cluster = true
-    }
-  }
-}
+ resource "aws_msk_cluster" "good_example" {
+ 	encryption_info {
+ 		encryption_in_transit {
+ 			client_broker = "TLS"
+ 			in_cluster = true
+ 		}
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#encryption_info-argument-reference
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md b/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md
index bbdf61b0f..595b3aff5 100644
--- a/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md
+++ b/avd_docs/aws/msk/AVD-AWS-0074/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable logging
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -15,4 +12,9 @@ Resources:
         BrokerLogs:
           S3:
             Enabled: true
+
+
+
 ```
+
+
diff --git a/avd_docs/aws/msk/AVD-AWS-0074/Terraform.md b/avd_docs/aws/msk/AVD-AWS-0074/Terraform.md
index 3a683375e..54d332f31 100644
--- a/avd_docs/aws/msk/AVD-AWS-0074/Terraform.md
+++ b/avd_docs/aws/msk/AVD-AWS-0074/Terraform.md
@@ -2,42 +2,120 @@
 Enable logging
 
 ```hcl
-resource "aws_msk_cluster" "example" {
-  cluster_name           = "example"
-  kafka_version          = "2.4.1"
-  number_of_broker_nodes = 3
-  
-  broker_node_group_info {
-    instance_type   = "kafka.m5.large"
-    ebs_volume_size = 1000
-    client_subnets = [
-    aws_subnet.subnet_az1.id,
-    aws_subnet.subnet_az2.id,
-    aws_subnet.subnet_az3.id,
-    ]
-    security_groups = [aws_security_group.sg.id]
-  }
-  
-  logging_info {
-    broker_logs {
-      firehose {
-        enabled         = false
-        delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
-      }
-      s3 {
-        enabled = true
-        bucket  = aws_s3_bucket.bucket.id
-        prefix  = "logs/msk-"
-      }
-    }
-  }
-  
-  tags = {
-    foo = "bar"
-  }
-}
+ resource "aws_msk_cluster" "example" {
+   cluster_name           = "example"
+   kafka_version          = "2.4.1"
+   number_of_broker_nodes = 3
+ 
+   broker_node_group_info {
+     instance_type   = "kafka.m5.large"
+     ebs_volume_size = 1000
+     client_subnets = [
+       aws_subnet.subnet_az1.id,
+       aws_subnet.subnet_az2.id,
+       aws_subnet.subnet_az3.id,
+     ]
+     security_groups = [aws_security_group.sg.id]
+   }
+ 
+   logging_info {
+     broker_logs {
+       firehose {
+         enabled         = false
+         delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
+       }
+       s3 {
+         enabled = true
+         bucket  = aws_s3_bucket.bucket.id
+         prefix  = "logs/msk-"
+       }
+     }
+   }
+ 
+   tags = {
+     foo = "bar"
+   }
+ }
+ 
+```
+```hcl
+ resource "aws_msk_cluster" "example" {
+   cluster_name           = "example"
+   kafka_version          = "2.4.1"
+   number_of_broker_nodes = 3
+ 
+   broker_node_group_info {
+     instance_type   = "kafka.m5.large"
+     ebs_volume_size = 1000
+     client_subnets = [
+       aws_subnet.subnet_az1.id,
+       aws_subnet.subnet_az2.id,
+       aws_subnet.subnet_az3.id,
+     ]
+     security_groups = [aws_security_group.sg.id]
+   }
+ 
+   logging_info {
+     broker_logs {
+       cloudwatch_logs {
+         enabled   = false
+         log_group = aws_cloudwatch_log_group.test.name
+       }
+       firehose {
+         enabled         = true
+         delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
+       }
+     }
+   }
+ 
+   tags = {
+     foo = "bar"
+   }
+ }
+ 
+```
+```hcl
+ resource "aws_msk_cluster" "example" {
+   cluster_name           = "example"
+   kafka_version          = "2.4.1"
+   number_of_broker_nodes = 3
+ 
+   broker_node_group_info {
+     instance_type   = "kafka.m5.large"
+     ebs_volume_size = 1000
+     client_subnets = [
+       aws_subnet.subnet_az1.id,
+       aws_subnet.subnet_az2.id,
+       aws_subnet.subnet_az3.id,
+     ]
+     security_groups = [aws_security_group.sg.id]
+   }
+ 
+   logging_info {
+     broker_logs {
+       cloudwatch_logs {
+         enabled   = true
+         log_group = aws_cloudwatch_log_group.test.name
+       }
+       firehose {
+         enabled         = false
+         delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
+       }
+       s3 {
+         enabled = true
+         bucket  = aws_s3_bucket.bucket.id
+         prefix  = "logs/msk-"
+       }
+     }
+   }
+ 
+   tags = {
+     foo = "bar"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md
index 83ea434d5..92802079f 100644
--- a/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md
+++ b/avd_docs/aws/neptune/AVD-AWS-0075/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable export logs
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Bad example
 Resources:
@@ -13,4 +10,9 @@ Resources:
     Properties:
       EnableCloudwatchLogsExports:
         - audit
+
+
+
 ```
+
+
diff --git a/avd_docs/aws/neptune/AVD-AWS-0075/Terraform.md b/avd_docs/aws/neptune/AVD-AWS-0075/Terraform.md
index a3ce172ae..ce1837284 100644
--- a/avd_docs/aws/neptune/AVD-AWS-0075/Terraform.md
+++ b/avd_docs/aws/neptune/AVD-AWS-0075/Terraform.md
@@ -2,18 +2,19 @@
 Enable export logs
 
 ```hcl
-resource "aws_neptune_cluster" "good_example" {
-  cluster_identifier                  = "neptune-cluster-demo"
-  engine                              = "neptune"
-  backup_retention_period             = 5
-  preferred_backup_window             = "07:00-09:00"
-  skip_final_snapshot                 = true
-  iam_database_authentication_enabled = true
-  apply_immediately                   = true
-  enable_cloudwatch_logs_exports      = ["audit"]
-}
+ resource "aws_neptune_cluster" "good_example" {
+   cluster_identifier                  = "neptune-cluster-demo"
+   engine                              = "neptune"
+   backup_retention_period             = 5
+   preferred_backup_window             = "07:00-09:00"
+   skip_final_snapshot                 = true
+   iam_database_authentication_enabled = true
+   apply_immediately                   = true
+   enable_cloudwatch_logs_exports      = ["audit"]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#enable_cloudwatch_logs_exports
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md
index 67a1e1914..d8fa03ee7 100644
--- a/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md
+++ b/avd_docs/aws/neptune/AVD-AWS-0076/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption of Neptune storage
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
+
+
 ```
+
+
diff --git a/avd_docs/aws/neptune/AVD-AWS-0076/Terraform.md b/avd_docs/aws/neptune/AVD-AWS-0076/Terraform.md
index 44f0eeb58..de85fb653 100644
--- a/avd_docs/aws/neptune/AVD-AWS-0076/Terraform.md
+++ b/avd_docs/aws/neptune/AVD-AWS-0076/Terraform.md
@@ -2,18 +2,20 @@
 Enable encryption of Neptune storage
 
 ```hcl
-resource "aws_neptune_cluster" "good_example" {
-  cluster_identifier                  = "neptune-cluster-demo"
-  engine                              = "neptune"
-  backup_retention_period             = 5
-  preferred_backup_window             = "07:00-09:00"
-  skip_final_snapshot                 = true
-  iam_database_authentication_enabled = true
-  apply_immediately                   = true
-  storage_encrypted = true
-}
+ resource "aws_neptune_cluster" "good_example" {
+   cluster_identifier                  = "neptune-cluster-demo"
+   engine                              = "neptune"
+   backup_retention_period             = 5
+   preferred_backup_window             = "07:00-09:00"
+   skip_final_snapshot                 = true
+   iam_database_authentication_enabled = true
+   apply_immediately                   = true
+   storage_encrypted                   = true
+   kms_key_arn                         = aws_kms_key.example.arn
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md b/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md
new file mode 100644
index 000000000..e66851046
--- /dev/null
+++ b/avd_docs/aws/neptune/AVD-AWS-0128/CloudFormation.md
@@ -0,0 +1,17 @@
+
+Enable encryption using customer managed keys
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good example
+Resources:
+  Cluster:
+    Type: AWS::Neptune::DBCluster
+    Properties:
+      StorageEncrypted: true
+      KmsKeyId: "something"
+
+
+```
+
+
diff --git a/avd_docs/aws/neptune/AVD-AWS-0128/Terraform.md b/avd_docs/aws/neptune/AVD-AWS-0128/Terraform.md
new file mode 100644
index 000000000..a52438fcc
--- /dev/null
+++ b/avd_docs/aws/neptune/AVD-AWS-0128/Terraform.md
@@ -0,0 +1,21 @@
+
+Enable encryption using customer managed keys
+
+```hcl
+ resource "aws_neptune_cluster" "good_example" {
+   cluster_identifier                  = "neptune-cluster-demo"
+   engine                              = "neptune"
+   backup_retention_period             = 5
+   preferred_backup_window             = "07:00-09:00"
+   skip_final_snapshot                 = true
+   iam_database_authentication_enabled = true
+   apply_immediately                   = true
+   storage_encrypted                   = true
+   kms_key_arn                         = true
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md
index 70f68aae4..77970d107 100644
--- a/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md
+++ b/avd_docs/aws/rds/AVD-AWS-0077/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Explicitly set the retention period to greater than the default
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -12,4 +9,8 @@ Resources:
     Type: AWS::RDS::DBInstance
     Properties:
       BackupRetentionPeriod: 30
+
+
 ```
+
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0077/Terraform.md b/avd_docs/aws/rds/AVD-AWS-0077/Terraform.md
index a7d08b988..9c7f7fa16 100644
--- a/avd_docs/aws/rds/AVD-AWS-0077/Terraform.md
+++ b/avd_docs/aws/rds/AVD-AWS-0077/Terraform.md
@@ -2,20 +2,38 @@
 Explicitly set the retention period to greater than the default
 
 ```hcl
-resource "aws_rds_cluster" "good_example" {
-  cluster_identifier      = "aurora-cluster-demo"
-  engine                  = "aurora-mysql"
-  engine_version          = "5.7.mysql_aurora.2.03.2"
-  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
-  database_name           = "mydb"
-  master_username         = "foo"
-  master_password         = "bar"
-  backup_retention_period = 5
-  preferred_backup_window = "07:00-09:00"
-}
+ resource "aws_rds_cluster" "good_example" {
+ 	cluster_identifier      = "aurora-cluster-demo"
+ 	engine                  = "aurora-mysql"
+ 	engine_version          = "5.7.mysql_aurora.2.03.2"
+ 	availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
+ 	database_name           = "mydb"
+ 	master_username         = "foo"
+ 	master_password         = "bar"
+ 	backup_retention_period = 5
+ 	preferred_backup_window = "07:00-09:00"
+   }
+ 
+
+```
+```hcl 
+   resource "aws_db_instance" "good_example" {
+ 	allocated_storage    = 10
+ 	engine               = "mysql"
+ 	engine_version       = "5.7"
+ 	instance_class       = "db.t3.micro"
+ 	name                 = "mydb"
+ 	username             = "foo"
+ 	password             = "foobarbaz"
+ 	parameter_group_name = "default.mysql5.7"
+ 	backup_retention_period = 5
+ 	skip_final_snapshot  = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#backup_retention_period
+
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#backup_retention_period
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md
index 14d30fb2a..6e5469670 100644
--- a/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md
+++ b/avd_docs/aws/rds/AVD-AWS-0078/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption for RDS clusters and instances
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       EnablePerformanceInsights: true
       PerformanceInsightsKMSKeyId: "something"
+
+
 ```
+
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0078/Terraform.md b/avd_docs/aws/rds/AVD-AWS-0078/Terraform.md
index 841940680..8d20b41ec 100644
--- a/avd_docs/aws/rds/AVD-AWS-0078/Terraform.md
+++ b/avd_docs/aws/rds/AVD-AWS-0078/Terraform.md
@@ -3,13 +3,15 @@ Enable encryption for RDS clusters and instances
 
 ```hcl
 resource "aws_rds_cluster_instance" "good_example" {
-  name = "bar"
-  performance_insights_enabled = true
-  performance_insights_kms_key_id = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+	name = "bar"
+	performance_insights_enabled = true
+	performance_insights_kms_key_id = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
 }
+		
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance#performance_insights_kms_key_id
+
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#performance_insights_kms_key_id
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md
index 0f8d4ffa8..935d8e209 100644
--- a/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md
+++ b/avd_docs/aws/rds/AVD-AWS-0079/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption for RDS clusters
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of rds sgr
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
+
+
 ```
+
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0079/Terraform.md b/avd_docs/aws/rds/AVD-AWS-0079/Terraform.md
index eb088c935..6a75a93cc 100644
--- a/avd_docs/aws/rds/AVD-AWS-0079/Terraform.md
+++ b/avd_docs/aws/rds/AVD-AWS-0079/Terraform.md
@@ -2,13 +2,13 @@
 Enable encryption for RDS clusters
 
 ```hcl
-resource "aws_rds_cluster" "good_example" {
-  name              = "bar"
-  kms_key_id  = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
-  storage_encrypted = true
-}
+ resource "aws_rds_cluster" "good_example" {
+   name              = "bar"
+   kms_key_id  = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+   storage_encrypted = true
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md
index 31693a255..d4c0592ac 100644
--- a/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md
+++ b/avd_docs/aws/rds/AVD-AWS-0080/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption for RDS instances
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of rds sgr
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
+
+
 ```
+
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0080/Terraform.md b/avd_docs/aws/rds/AVD-AWS-0080/Terraform.md
index fe5741b02..dc2a0fda9 100644
--- a/avd_docs/aws/rds/AVD-AWS-0080/Terraform.md
+++ b/avd_docs/aws/rds/AVD-AWS-0080/Terraform.md
@@ -2,11 +2,12 @@
 Enable encryption for RDS instances
 
 ```hcl
-resource "aws_db_instance" "good_example" {
-  storage_encrypted  = true
-}
+ resource "aws_db_instance" "good_example" {
+ 	storage_encrypted  = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0081/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0081/CloudFormation.md
index 790e0120d..285befd3a 100644
--- a/avd_docs/aws/rds/AVD-AWS-0081/CloudFormation.md
+++ b/avd_docs/aws/rds/AVD-AWS-0081/CloudFormation.md
@@ -1,11 +1,12 @@
 
 Switch to VPC resources
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of rds sgr
 Resources:
+
+
 ```
+
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0081/Terraform.md b/avd_docs/aws/rds/AVD-AWS-0081/Terraform.md
index d8bfe1ae1..7eb02e264 100644
--- a/avd_docs/aws/rds/AVD-AWS-0081/Terraform.md
+++ b/avd_docs/aws/rds/AVD-AWS-0081/Terraform.md
@@ -2,11 +2,12 @@
 Switch to VPC resources
 
 ```hcl
-resource "aws_security_group" "good_example" {
-  # ...
-}
+ resource "aws_security_group" "good_example" {
+   # ...
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_security_group
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0082/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0082/CloudFormation.md
index d2b953b29..dd2719f76 100644
--- a/avd_docs/aws/rds/AVD-AWS-0082/CloudFormation.md
+++ b/avd_docs/aws/rds/AVD-AWS-0082/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Set the database to not be publicly accessible
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Bad example
 Resources:
@@ -12,4 +9,8 @@ Resources:
     Type: AWS::RDS::DBInstance
     Properties:
       PubliclyAccessible: false
+
+
 ```
+
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0082/Terraform.md b/avd_docs/aws/rds/AVD-AWS-0082/Terraform.md
index 48c26b2dc..8293883ed 100644
--- a/avd_docs/aws/rds/AVD-AWS-0082/Terraform.md
+++ b/avd_docs/aws/rds/AVD-AWS-0082/Terraform.md
@@ -2,11 +2,12 @@
 Set the database to not be publicly accessible
 
 ```hcl
-resource "aws_db_instance" "good_example" {
-  publicly_accessible = false
-}
+ resource "aws_db_instance" "good_example" {
+ 	publicly_accessible = false
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md b/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md
index 72503d8f7..8701d5356 100644
--- a/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md
+++ b/avd_docs/aws/rds/AVD-AWS-0133/CloudFormation.md
@@ -1,10 +1,7 @@
 
-Enable Performance Insights to detect potential problems
+Enable performance insights
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example
 Resources:
@@ -12,4 +9,9 @@ Resources:
     Type: AWS::RDS::DBInstance
     Properties:
       EnablePerformanceInsights: true
+      PerformanceInsightsKMSKeyId: "something"
+
+
 ```
+
+
diff --git a/avd_docs/aws/rds/AVD-AWS-0133/Terraform.md b/avd_docs/aws/rds/AVD-AWS-0133/Terraform.md
index 68e03c6f4..95f5db04a 100644
--- a/avd_docs/aws/rds/AVD-AWS-0133/Terraform.md
+++ b/avd_docs/aws/rds/AVD-AWS-0133/Terraform.md
@@ -1,14 +1,17 @@
 
-Enable Performance Insights to detect potential problems
+Enable performance insights
 
 ```hcl
 resource "aws_rds_cluster_instance" "good_example" {
-  name = "bar"
-  performance_insights_enabled = true
+	name = "bar"
+	performance_insights_enabled = true
+	performance_insights_kms_key_id = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
 }
+		
 ```
 
 #### Remediation Links
- - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance#performance_insights_enabled
- - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#performance_insights_enabled
-        
\ No newline at end of file
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance#performance_insights_kms_key_id
+
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#performance_insights_kms_key_id
+
diff --git a/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md
index 28f036b1a..85e3cd047 100644
--- a/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md
+++ b/avd_docs/aws/redshift/AVD-AWS-0083/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Add descriptions for all security groups and rules
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of redshift sgr
 Resources:
@@ -12,4 +9,8 @@ Resources:
     Type: AWS::Redshift::ClusterSecurityGroup
     Properties:
       Description: "Disallow bad stuff"
+
+
 ```
+
+
diff --git a/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md
index fbf6d2235..884d57067 100644
--- a/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md
+++ b/avd_docs/aws/redshift/AVD-AWS-0084/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable encryption using CMK
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Bad example of redshift cluster
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       Encrypted: true
       KmsKeyId: "something"
+
+
 ```
+
+
diff --git a/avd_docs/aws/redshift/AVD-AWS-0084/Terraform.md b/avd_docs/aws/redshift/AVD-AWS-0084/Terraform.md
index 027c2f5ea..0bd4140b4 100644
--- a/avd_docs/aws/redshift/AVD-AWS-0084/Terraform.md
+++ b/avd_docs/aws/redshift/AVD-AWS-0084/Terraform.md
@@ -2,22 +2,23 @@
 Enable encryption using CMK
 
 ```hcl
-resource "aws_kms_key" "redshift" {
-  enable_key_rotation = true
-}
-
-resource "aws_redshift_cluster" "good_example" {
-  cluster_identifier = "tf-redshift-cluster"
-  database_name      = "mydb"
-  master_username    = "foo"
-  master_password    = "Mustbe8characters"
-  node_type          = "dc1.large"
-  cluster_type       = "single-node"
-  encrypted          = true
-  kms_key_id         = aws_kms_key.redshift.key_id
-}
+ resource "aws_kms_key" "redshift" {
+ 	enable_key_rotation = true
+ }
+ 
+ resource "aws_redshift_cluster" "good_example" {
+   cluster_identifier = "tf-redshift-cluster"
+   database_name      = "mydb"
+   master_username    = "foo"
+   master_password    = "Mustbe8characters"
+   node_type          = "dc1.large"
+   cluster_type       = "single-node"
+   encrypted          = true
+   kms_key_id         = aws_kms_key.redshift.key_id
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md
index c504637b8..c69a49720 100644
--- a/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md
+++ b/avd_docs/aws/redshift/AVD-AWS-0085/CloudFormation.md
@@ -1,11 +1,12 @@
 
 Switch to VPC resources
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of redshift sgr
 Resources:
+
+
 ```
+
+
diff --git a/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md b/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md
index 5daa3b8e7..425e2bc34 100644
--- a/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md
+++ b/avd_docs/aws/redshift/AVD-AWS-0127/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Deploy Redshift cluster into a non default VPC
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Bad example of redshift cluster
 Resources:
@@ -12,4 +9,8 @@ Resources:
     Type: AWS::Redshift::Cluster
     Properties:
       ClusterSubnetGroupName: "my-subnet-group"
+
+
 ```
+
+
diff --git a/avd_docs/aws/redshift/AVD-AWS-0127/Terraform.md b/avd_docs/aws/redshift/AVD-AWS-0127/Terraform.md
index e6dd1c59f..2a2226fad 100644
--- a/avd_docs/aws/redshift/AVD-AWS-0127/Terraform.md
+++ b/avd_docs/aws/redshift/AVD-AWS-0127/Terraform.md
@@ -2,18 +2,19 @@
 Deploy Redshift cluster into a non default VPC
 
 ```hcl
-resource "aws_redshift_cluster" "good_example" {
-  cluster_identifier = "tf-redshift-cluster"
-  database_name      = "mydb"
-  master_username    = "foo"
-  master_password    = "Mustbe8characters"
-  node_type          = "dc1.large"
-  cluster_type       = "single-node"
-  
-  cluster_subnet_group_name = "redshift_subnet"
-}
+ resource "aws_redshift_cluster" "good_example" {
+ 	cluster_identifier = "tf-redshift-cluster"
+ 	database_name      = "mydb"
+ 	master_username    = "foo"
+ 	master_password    = "Mustbe8characters"
+ 	node_type          = "dc1.large"
+ 	cluster_type       = "single-node"
+ 
+ 	cluster_subnet_group_name = "redshift_subnet"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#cluster_subnet_group_name
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md
index 2cab6fc0e..1d1956058 100644
--- a/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0086/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable blocking any PUT calls with a public ACL specified
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -14,4 +11,7 @@ Resources:
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0086/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0086/Terraform.md
index b159386c6..1f730ebe0 100644
--- a/avd_docs/aws/s3/AVD-AWS-0086/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0086/Terraform.md
@@ -10,8 +10,9 @@ resource "aws_s3_bucket_public_access_block" "good_example" {
   bucket = aws_s3_bucket.good_example.id
   block_public_acls = true
 }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#block_public_acls
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md
index 4ebeeae90..826c03762 100644
--- a/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0087/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Prevent policies that allow public access being PUT
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -14,4 +11,7 @@ Resources:
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0087/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0087/Terraform.md
index 8acccab64..a999b3116 100644
--- a/avd_docs/aws/s3/AVD-AWS-0087/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0087/Terraform.md
@@ -7,11 +7,12 @@ resource "aws_s3_bucket" "example" {
 }
 
 resource "aws_s3_bucket_public_access_block" "good_example" {
-  bucket = aws_s3_bucket.example.id
-  block_public_policy = true
+  bucket = aws_s3_bucket.example.id 
+  block_public_policy = true 
 }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#block_public_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md
index ccb634d4a..56c5f8c69 100644
--- a/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0088/CloudFormation.md
@@ -9,7 +9,9 @@ Resources:
         ServerSideEncryptionConfiguration:
           - BucketKeyEnabled: true
             ServerSideEncryptionByDefault:
-              KMSMasterKeyID: kms-arn
-              SSEAlgorithm: aws:kms
+              SSEAlgorithm: AES256
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0088/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0088/Terraform.md
index f234c07e8..fa27f8532 100644
--- a/avd_docs/aws/s3/AVD-AWS-0088/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0088/Terraform.md
@@ -2,24 +2,82 @@
 Configure bucket encryption
 
 ```hcl
-resource "aws_kms_key" "good_example" {
-  enable_key_rotation = true
-}
-
-resource "aws_s3_bucket" "good_example" {
+ resource "aws_s3_bucket" "good_example" {
    bucket = "mybucket"
  
    server_side_encryption_configuration {
      rule {
        apply_server_side_encryption_by_default {
-         kms_master_key_id = aws_kms_key.example.arn
+         kms_master_key_id = "arn"
          sse_algorithm     = "aws:kms"
        }
      }
    }
  }
+ 
+```
+```hcl
+ resource "aws_s3_bucket" "good_example" {
+   bucket = "mybucket"
+ 
+   # ... other configuration ...
+ }
+ 
+ resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
+   bucket = aws_s3_bucket.good_example.id
+ 
+   rule {
+     apply_server_side_encryption_by_default {
+       kms_master_key_id = aws_kms_key.mykey.arn
+       sse_algorithm     = "aws:kms"
+     }
+   }
+ }
+ 
+```
+```hcl
+terraform {
+  required_version = ">= 1.0, < 2.0"
+
+  required_providers {
+    aws = ">= 4.0"
+  }
+}
+
+resource "aws_kms_key" "s3_key" {
+  description         = "This key is used to encrypt S3 bucket objects"
+  enable_key_rotation = true
+}
+
+module "s3_bucket" {
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "~> 3.0"
+
+  bucket                  = "my_bucket"
+  acl                     = "private"
+  force_destroy           = true
+  restrict_public_buckets = true
+  ignore_public_acls      = true
+  block_public_policy     = true
+  block_public_acls       = true
+
+  versioning = {
+    enabled = true
+  }
+
+  server_side_encryption_configuration = {
+    rule = {
+      apply_server_side_encryption_by_default = {
+        sse_algorithm     = "aws:kms"
+        kms_master_key_id = aws_kms_key.s3_key.arn
+      }
+    }
+  }
+
+}
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#enable-default-server-side-encryption
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md
index 9cbc5e7a1..c9826289a 100644
--- a/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0089/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Add a logging block to the resource to enable access logging
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -12,4 +9,26 @@ Resources:
         DestinationBucketName: logging-bucket
         LogFilePrefix: accesslogs/
     Type: AWS::S3::Bucket
+
 ```
+```yaml---
+Resources:
+  MyS3Bucket:
+    Type: AWS::S3::Bucket
+    DeletionPolicy: Retain
+    UpdateReplacePolicy: Retain
+    Properties:
+      BucketName: !Sub my-s3-bucket-${BucketSuffix}
+      LoggingConfiguration:
+        DestinationBucketName: !FindInMap [EnvironmentMapping, s3, logging]
+        LogFilePrefix: !Sub s3-logs/AWSLogs/${AWS::AccountId}/my-s3-bucket-${BucketSuffix}
+      AccessControl: Private
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
+
+```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0089/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0089/Terraform.md
index 9af092cb7..e695d2da8 100644
--- a/avd_docs/aws/s3/AVD-AWS-0089/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0089/Terraform.md
@@ -3,12 +3,27 @@ Add a logging block to the resource to enable access logging
 
 ```hcl
 resource "aws_s3_bucket" "good_example" {
-  logging {
-    target_bucket = "target-bucket"
-  }
+	logging {
+		target_bucket = "target-bucket"
+	}
 }
+
+```
+```hcl
+resource "aws_s3_bucket" "example" {
+  bucket = "yournamehere"
+
+  # ... other configuration ...
+}
+
+resource "aws_s3_bucket_logging" "example" {
+  bucket        = aws_s3_bucket.example.id
+  target_bucket = aws_s3_bucket.log_bucket.id
+  target_prefix = "log/"
+}
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md
index 2f307dd27..a7766b3f7 100644
--- a/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0090/CloudFormation.md
@@ -1,14 +1,14 @@
 
 Enable versioning to protect against accidental/malicious removal or modification
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
       VersioningConfiguration:
         Status: Enabled
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0090/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0090/Terraform.md
index 117820a86..79d3a20c2 100644
--- a/avd_docs/aws/s3/AVD-AWS-0090/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0090/Terraform.md
@@ -3,13 +3,28 @@ Enable versioning to protect against accidental/malicious removal or modificatio
 
 ```hcl
 resource "aws_s3_bucket" "good_example" {
-  
-  versioning {
-    enabled = true
+
+	versioning {
+		enabled = true
+	}
+}
+
+```
+```hcl
+resource "aws_s3_bucket" "example" {
+  bucket = "yournamehere"
+
+  # ... other configuration ...
+}
+
+resource "aws_s3_bucket_versioning" "example" {
+  bucket = aws_s3_bucket.example.id
+  versioning_configuration {
+    status = "Enabled"
   }
 }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md
index f5a757ac4..b4cf72f03 100644
--- a/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0091/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable ignoring the application of public ACLs in PUT calls
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -15,4 +12,7 @@ Resources:
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0091/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0091/Terraform.md
index dcac81c16..99f208423 100644
--- a/avd_docs/aws/s3/AVD-AWS-0091/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0091/Terraform.md
@@ -2,13 +2,18 @@
 Enable ignoring the application of public ACLs in PUT calls
 
 ```hcl
-resource "aws_s3_bucket_public_access_block" "good_example" {
-  bucket = aws_s3_bucket.example.id
-  
-  ignore_public_acls = true
+resource "aws_s3_bucket" "example" {
+	bucket = "bucket"
 }
+
+ resource "aws_s3_bucket_public_access_block" "good_example" {
+ 	bucket = aws_s3_bucket.example.id
+   
+ 	ignore_public_acls = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#ignore_public_acls
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md
index e6eec7811..ba29b3387 100644
--- a/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0092/CloudFormation.md
@@ -1,13 +1,13 @@
 
-Add a logging block to the resource to enable access logging
+Don't use canned ACLs or switch to private acl
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
       AccessControl: Private
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0092/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0092/Terraform.md
index 373167545..1cb25bc31 100644
--- a/avd_docs/aws/s3/AVD-AWS-0092/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0092/Terraform.md
@@ -1,12 +1,23 @@
 
-Add a logging block to the resource to enable access logging
+Don't use canned ACLs or switch to private acl
 
 ```hcl
 resource "aws_s3_bucket" "good_example" {
-  acl = "private"
+	acl = "private"
+}
+
+```
+```hcl
+resource "aws_s3_bucket" "example" {
+  bucket = "yournamehere"
+}
+
+resource "aws_s3_bucket_acl" "example" {
+  bucket = aws_s3_bucket.example.id
+  acl    = "private"
 }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md
index 280a0bc34..0f77f2e3f 100644
--- a/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0093/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Limit the access to public buckets to only the owner or AWS Services (eg; CloudFront)
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -14,4 +11,7 @@ Resources:
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0093/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0093/Terraform.md
index d42552a91..08467ca3c 100644
--- a/avd_docs/aws/s3/AVD-AWS-0093/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0093/Terraform.md
@@ -2,13 +2,18 @@
 Limit the access to public buckets to only the owner or AWS Services (eg; CloudFront)
 
 ```hcl
-resource "aws_s3_bucket_public_access_block" "good_example" {
-  bucket = aws_s3_bucket.example.id
-  
-  restrict_public_buckets = true
+resource "aws_s3_bucket" "example" {
+	bucket = "bucket"
 }
+
+resource "aws_s3_bucket_public_access_block" "good_example" {
+ 	bucket = aws_s3_bucket.example.id
+   
+ 	restrict_public_buckets = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#restrict_public_buckets¡
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md
index 37ca10874..2fcff6ae0 100644
--- a/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0094/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Define a aws_s3_bucket_public_access_block for the given bucket to control public access policies
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Properties:
@@ -15,4 +12,7 @@ Resources:
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0094/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0094/Terraform.md
index 490457eaf..1e9d7feda 100644
--- a/avd_docs/aws/s3/AVD-AWS-0094/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0094/Terraform.md
@@ -2,18 +2,19 @@
 Define a aws_s3_bucket_public_access_block for the given bucket to control public access policies
 
 ```hcl
-resource "aws_s3_bucket" "example" {
-  bucket = "example"
-  acl = "private-read"
-}
-
-resource "aws_s3_bucket_public_access_block" "example" {
-  bucket = aws_s3_bucket.example.id
-  block_public_acls   = true
-  block_public_policy = true
-}
+ resource "aws_s3_bucket" "example" {
+ 	bucket = "example"
+ 	acl = "private-read"
+ }
+   
+ resource "aws_s3_bucket_public_access_block" "example" {
+ 	bucket = aws_s3_bucket.example.id
+ 	block_public_acls   = true
+ 	block_public_policy = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#bucket
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md b/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md
index 3cd3c167f..ca02c350b 100644
--- a/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md
+++ b/avd_docs/aws/s3/AVD-AWS-0132/CloudFormation.md
@@ -1,5 +1,5 @@
 
-Configure bucket encryption
+Enable encryption using customer managed keys
 
 ```yaml
 Resources:
@@ -9,6 +9,10 @@ Resources:
         ServerSideEncryptionConfiguration:
           - BucketKeyEnabled: true
             ServerSideEncryptionByDefault:
-              SSEAlgorithm: AES256
+              KMSMasterKeyID: kms-arn
+              SSEAlgorithm: aws:kms
     Type: AWS::S3::Bucket
+
 ```
+
+
diff --git a/avd_docs/aws/s3/AVD-AWS-0132/Terraform.md b/avd_docs/aws/s3/AVD-AWS-0132/Terraform.md
index be2273880..aa75efe7c 100644
--- a/avd_docs/aws/s3/AVD-AWS-0132/Terraform.md
+++ b/avd_docs/aws/s3/AVD-AWS-0132/Terraform.md
@@ -1,21 +1,41 @@
 
-Configure bucket encryption
+Enable encryption using customer managed keys
 
 ```hcl
-resource "aws_s3_bucket" "good_example" {
-  bucket = "mybucket"
-  
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        kms_master_key_id = "arn"
-        sse_algorithm     = "aws:kms"
-      }
-    }
-  }
+resource "aws_kms_key" "good_example" {
+  enable_key_rotation = true
 }
+
+resource "aws_s3_bucket" "good_example" {
+   bucket = "mybucket"
+ 
+   server_side_encryption_configuration {
+     rule {
+       apply_server_side_encryption_by_default {
+         kms_master_key_id = aws_kms_key.example.arn
+         sse_algorithm     = "aws:kms"
+       }
+     }
+   }
+ }
+ 
+```
+```hcl
+resource "aws_s3_bucket" "good_example" {
+   bucket = "mybucket" 
+   acl    = "log-delivery-write"
+ 
+   server_side_encryption_configuration {
+     rule {
+       apply_server_side_encryption_by_default {
+         sse_algorithm     = "AES256"
+       }
+     }
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#enable-default-server-side-encryption
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md
index 3daabbbc6..df4a97795 100644
--- a/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0110/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable cache encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM API
 Resources:
@@ -18,4 +15,7 @@ Resources:
         SecurityPolicy: TLS_1_2
       MethodSettings:
         CacheDataEncrypted: true
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md
index dc7152da7..70af5c175 100644
--- a/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0111/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable tracing
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM API
 Resources:
@@ -14,4 +11,7 @@ Resources:
       Name: Good SAM API example
       StageName: Prod
       TracingEnabled: true
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md
index dcc6c7bbe..4ccf336a6 100644
--- a/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0112/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Use the most modern TLS/SSL policies available
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM API
 Resources:
@@ -16,4 +13,7 @@ Resources:
       TracingEnabled: false
       Domain:
         SecurityPolicy: TLS_1_2
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md
index 9ad02b1d0..95ca9abea 100644
--- a/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0113/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable logging for API Gateway stages
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM API
 Resources:
@@ -19,4 +16,7 @@ Resources:
       AccessLogSetting:
         DestinationArn: gateway-logging
         Format: json
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0114/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0114/CloudFormation.md
index c46dca1ab..51d1242a5 100644
--- a/avd_docs/aws/sam/AVD-AWS-0114/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0114/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM Function
 Resources:
@@ -28,4 +25,7 @@ Resources:
             - s3:GetObject
             - s3:GetObjectACL
             Resource: 'arn:aws:s3:::my-bucket/*'
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md
index edcefa0c7..e2d76354a 100644
--- a/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0116/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable logging for API Gateway stages
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM API
 Resources:
@@ -17,4 +14,7 @@ Resources:
       AccessLogSetting:
         DestinationArn: gateway-logging
         Format: json
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md
index 61cba7d20..9cc1aa668 100644
--- a/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0117/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable tracing
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM API
 Resources:
@@ -21,4 +18,7 @@ Resources:
       Role: arn:aws:iam::123456123456:role/service-role/my-sample-role
       Tracing:
         Enabled: true
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0120/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0120/CloudFormation.md
index 7273634dc..07f97cb8c 100644
--- a/avd_docs/aws/sam/AVD-AWS-0120/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0120/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM Function
 Resources:
@@ -30,4 +27,7 @@ Resources:
             - s3:GetObject
             - s3:GetObjectACL
             Resource: 'arn:aws:s3:::my-bucket/*'
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md
index 9ec86caaa..a9e173d78 100644
--- a/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0121/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable server side encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM Table
 Resources:
@@ -14,4 +11,7 @@ Resources:
       TableName: GoodTable
       SSESpecification:
         SSEEnabled: true
+
 ```
+
+
diff --git a/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md b/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md
index 61701e2ff..132c68a6f 100644
--- a/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md
+++ b/avd_docs/aws/sam/AVD-AWS-0125/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Enable tracing
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good Example of SAM Function
 Resources:
@@ -20,4 +17,7 @@ Resources:
           - "entrypoint1"
         WorkingDirectory: "workDir"
       Tracing: Active
+
 ```
+
+
diff --git a/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md b/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md
index 84c23ca80..ab23afc71 100644
--- a/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md
+++ b/avd_docs/aws/sns/AVD-AWS-0095/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Turn on SNS Topic encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of topic
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       TopicName: blah
       KmsMasterKeyId: some-key
+
+
 ```
+
+
diff --git a/avd_docs/aws/sns/AVD-AWS-0095/Terraform.md b/avd_docs/aws/sns/AVD-AWS-0095/Terraform.md
index d963ed050..dc95563ff 100644
--- a/avd_docs/aws/sns/AVD-AWS-0095/Terraform.md
+++ b/avd_docs/aws/sns/AVD-AWS-0095/Terraform.md
@@ -2,11 +2,12 @@
 Turn on SNS Topic encryption
 
 ```hcl
-resource "aws_sns_topic" "good_example" {
-  kms_master_key_id = "/blah"
-}
+ resource "aws_sns_topic" "good_example" {
+ 	kms_master_key_id = "/blah"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic#example-with-server-side-encryption-sse
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/sns/AVD-AWS-0136/CloudFormation.md b/avd_docs/aws/sns/AVD-AWS-0136/CloudFormation.md
new file mode 100644
index 000000000..fee037017
--- /dev/null
+++ b/avd_docs/aws/sns/AVD-AWS-0136/CloudFormation.md
@@ -0,0 +1,17 @@
+
+Use a CMK for SNS Topic encryption
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good example of topic
+Resources:
+  Queue:
+    Type: AWS::SQS::Topic
+    Properties:
+      TopicName: blah
+      KmsMasterKeyId: some-key
+
+
+```
+
+
diff --git a/avd_docs/aws/sns/AVD-AWS-0136/Terraform.md b/avd_docs/aws/sns/AVD-AWS-0136/Terraform.md
new file mode 100644
index 000000000..32ec4d1c0
--- /dev/null
+++ b/avd_docs/aws/sns/AVD-AWS-0136/Terraform.md
@@ -0,0 +1,13 @@
+
+Use a CMK for SNS Topic encryption
+
+```hcl
+ resource "aws_sns_topic" "good_example" {
+ 	kms_master_key_id = "/blah"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic#example-with-server-side-encryption-sse
+
diff --git a/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md b/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md
index 729d6ada0..5408c537b 100644
--- a/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md
+++ b/avd_docs/aws/sqs/AVD-AWS-0096/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Turn on SQS Queue encryption
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of queue
 Resources:
@@ -13,4 +10,8 @@ Resources:
     Properties:
       KmsMasterKeyId: some-key
       QueueName: my-queue
+
+
 ```
+
+
diff --git a/avd_docs/aws/sqs/AVD-AWS-0096/Terraform.md b/avd_docs/aws/sqs/AVD-AWS-0096/Terraform.md
index 85c3bd105..b4b506578 100644
--- a/avd_docs/aws/sqs/AVD-AWS-0096/Terraform.md
+++ b/avd_docs/aws/sqs/AVD-AWS-0096/Terraform.md
@@ -2,11 +2,18 @@
 Turn on SQS Queue encryption
 
 ```hcl
-resource "aws_sqs_queue" "good_example" {
-  kms_master_key_id = "/blah"
+ resource "aws_sqs_queue" "good_example" {
+ 	kms_master_key_id = "/blah"
+ }
+ 
+```
+```hcl
+resource "aws_sqs_queue" "terraform_queue" {
+   name                    = "terraform-example-queue"
+   sqs_managed_sse_enabled = true
 }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#server-side-encryption-sse
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md b/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md
index d1f67379a..98791c9e9 100644
--- a/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md
+++ b/avd_docs/aws/sqs/AVD-AWS-0097/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Keep policy scope to the minimum that is required to be effective
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of queue policy
 Resources:
@@ -27,5 +24,8 @@ Resources:
             Resource: "arn:aws:sqs:us-east-2:444455556666:queue2"
             Principal:  
               AWS: 
-                - "111122223333"
+                - "111122223333"        
+
 ```
+
+
diff --git a/avd_docs/aws/sqs/AVD-AWS-0097/Terraform.md b/avd_docs/aws/sqs/AVD-AWS-0097/Terraform.md
index 20f1fc518..0ec8a884c 100644
--- a/avd_docs/aws/sqs/AVD-AWS-0097/Terraform.md
+++ b/avd_docs/aws/sqs/AVD-AWS-0097/Terraform.md
@@ -2,23 +2,24 @@
 Keep policy scope to the minimum that is required to be effective
 
 ```hcl
-resource "aws_sqs_queue_policy" "good_example" {
-  queue_url = aws_sqs_queue.q.id
-  
-  policy = <<POLICY
-  {
-    "Statement": [
-    {
-      "Effect": "Allow",
-      "Principal": "*",
-      "Action": "sqs:SendMessage"
-    }
-    ]
-  }
-  POLICY
-}
+ resource "aws_sqs_queue_policy" "good_example" {
+   queue_url = aws_sqs_queue.q.id
+ 
+   policy = <<POLICY
+ {
+   "Statement": [
+     {
+       "Effect": "Allow",
+       "Principal": "*",
+       "Action": "sqs:SendMessage"
+     }
+   ]
+ }
+ POLICY
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/sqs/AVD-AWS-0135/CloudFormation.md b/avd_docs/aws/sqs/AVD-AWS-0135/CloudFormation.md
new file mode 100644
index 000000000..45c261df2
--- /dev/null
+++ b/avd_docs/aws/sqs/AVD-AWS-0135/CloudFormation.md
@@ -0,0 +1,17 @@
+
+Encrypt SQS Queue with a customer-managed key
+
+```yaml---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good example of queue
+Resources:
+  Queue:
+    Type: AWS::SQS::Queue
+    Properties:
+      KmsMasterKeyId: some-key
+      QueueName: my-queue
+
+
+```
+
+
diff --git a/avd_docs/aws/sqs/AVD-AWS-0135/Terraform.md b/avd_docs/aws/sqs/AVD-AWS-0135/Terraform.md
new file mode 100644
index 000000000..a0ccb6405
--- /dev/null
+++ b/avd_docs/aws/sqs/AVD-AWS-0135/Terraform.md
@@ -0,0 +1,13 @@
+
+Encrypt SQS Queue with a customer-managed key
+
+```hcl
+ resource "aws_sqs_queue" "good_example" {
+ 	kms_master_key_id = "/blah"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#server-side-encryption-sse
+
diff --git a/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md b/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md
index 535af1cdd..b8b3b11bb 100644
--- a/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md
+++ b/avd_docs/aws/ssm/AVD-AWS-0098/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Use customer managed keys
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 AWSTemplateFormatVersion: 2010-09-09
 Description: Good example of ingress rule
 Resources:
@@ -15,4 +12,7 @@ Resources:
       KmsKeyId: "my-key-id"
       Name: "blah"
       SecretString: "don't tell anyone"
+
 ```
+
+
diff --git a/avd_docs/aws/ssm/AVD-AWS-0098/Terraform.md b/avd_docs/aws/ssm/AVD-AWS-0098/Terraform.md
index 4adcce4f8..ce02fbef6 100644
--- a/avd_docs/aws/ssm/AVD-AWS-0098/Terraform.md
+++ b/avd_docs/aws/ssm/AVD-AWS-0098/Terraform.md
@@ -2,16 +2,17 @@
 Use customer managed keys
 
 ```hcl
-resource "aws_kms_key" "secrets" {
-  enable_key_rotation = true
-}
-
-resource "aws_secretsmanager_secret" "good_example" {
-  name       = "lambda_password"
-  kms_key_id = aws_kms_key.secrets.arn
-}
+ resource "aws_kms_key" "secrets" {
+ 	enable_key_rotation = true
+ }
+ 
+ resource "aws_secretsmanager_secret" "good_example" {
+   name       = "lambda_password"
+   kms_key_id = aws_kms_key.secrets.arn
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret#kms_key_id
-        
\ No newline at end of file
+
diff --git a/avd_docs/aws/ssm/AVD-AWS-0134/Terraform.md b/avd_docs/aws/ssm/AVD-AWS-0134/Terraform.md
new file mode 100644
index 000000000..f2a0349ff
--- /dev/null
+++ b/avd_docs/aws/ssm/AVD-AWS-0134/Terraform.md
@@ -0,0 +1,14 @@
+
+Remove this potential exfiltration HTTP request.
+
+```hcl
+resource "aws_ssm_parameter" "db_password" {
+  name = "db_password"
+  type = "SecureString"
+  value = var.db_password
+}
+
+ 
+```
+
+
diff --git a/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md b/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md
index c3fd4767a..0c7200da5 100644
--- a/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md
+++ b/avd_docs/aws/workspaces/AVD-AWS-0109/CloudFormation.md
@@ -1,10 +1,7 @@
 
 Root and user volume encryption should be enabled
 
-```yaml
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: A sample template
+```yaml---
 Resources:
   GoodExample:
     Type: AWS::WorkSpaces::Workspace
@@ -12,4 +9,20 @@ Resources:
       RootVolumeEncryptionEnabled: true
       UserVolumeEncryptionEnabled: true
       UserName: "admin"
+
+```
+```yaml{
+		    "Resources": {
+		      "GoodExample": {
+		        "Type": "AWS::WorkSpaces::Workspace",
+		        "Properties": {
+		          "RootVolumeEncryptionEnabled": true,
+		          "UserVolumeEncryptionEnabled": true,
+		          "UserName": "admin"
+		  	  }
+		  	}
+		    }
+		  }
 ```
+
+
diff --git a/avd_docs/aws/workspaces/AVD-AWS-0109/Terraform.md b/avd_docs/aws/workspaces/AVD-AWS-0109/Terraform.md
index 6906fe828..823c02912 100644
--- a/avd_docs/aws/workspaces/AVD-AWS-0109/Terraform.md
+++ b/avd_docs/aws/workspaces/AVD-AWS-0109/Terraform.md
@@ -1,24 +1,25 @@
 
 Root and user volume encryption should be enabled
 
-```hcl
-resource "aws_workspaces_workspace" "good_example" {
-  directory_id 				   = aws_workspaces_directory.test.id
-  bundle_id    				   = data.aws_workspaces_bundle.value_windows_10.id
-  user_name    				   = "Administrator"
-  root_volume_encryption_enabled = true
-  user_volume_encryption_enabled = true
-  
-  workspace_properties {
-    compute_type_name                         = "VALUE"
-    user_volume_size_gib                      = 10
-    root_volume_size_gib                      = 80
-    running_mode                              = "AUTO_STOP"
-    running_mode_auto_stop_timeout_in_minutes = 60
-  }
-}
+```hcl	
+ resource "aws_workspaces_workspace" "good_example" {
+ 		directory_id 				   = aws_workspaces_directory.test.id
+ 		bundle_id    				   = data.aws_workspaces_bundle.value_windows_10.id
+ 		user_name    				   = "Administrator"
+ 		root_volume_encryption_enabled = true
+ 		user_volume_encryption_enabled = true
+ 	  
+ 		workspace_properties {
+ 		  compute_type_name                         = "VALUE"
+ 		  user_volume_size_gib                      = 10
+ 		  root_volume_size_gib                      = 80
+ 		  running_mode                              = "AUTO_STOP"
+ 		  running_mode_auto_stop_timeout_in_minutes = 60
+ 		}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/workspaces_workspace#root_volume_encryption_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/appservice/AVD-AZU-0001/Terraform.md b/avd_docs/azure/appservice/AVD-AZU-0001/Terraform.md
index 6e822e159..fcc8f7117 100644
--- a/avd_docs/azure/appservice/AVD-AZU-0001/Terraform.md
+++ b/avd_docs/azure/appservice/AVD-AZU-0001/Terraform.md
@@ -2,15 +2,16 @@
 Enable incoming certificates for clients
 
 ```hcl
-resource "azurerm_app_service" "good_example" {
-  name                = "example-app-service"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  app_service_plan_id = azurerm_app_service_plan.example.id
-  client_cert_enabled = true
-}
+ resource "azurerm_app_service" "good_example" {
+   name                = "example-app-service"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+   app_service_plan_id = azurerm_app_service_plan.example.id
+   client_cert_enabled = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#client_cert_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/appservice/AVD-AZU-0002/Terraform.md b/avd_docs/azure/appservice/AVD-AZU-0002/Terraform.md
index de0e0d7df..7cc96bc2c 100644
--- a/avd_docs/azure/appservice/AVD-AZU-0002/Terraform.md
+++ b/avd_docs/azure/appservice/AVD-AZU-0002/Terraform.md
@@ -2,19 +2,20 @@
 Register the app identity with AD
 
 ```hcl
-resource "azurerm_app_service" "good_example" {
-  name                = "example-app-service"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  app_service_plan_id = azurerm_app_service_plan.example.id
-  
-  identity {
-    type = "UserAssigned"
-    identity_ids = "webapp1"
-  }
-}
+ resource "azurerm_app_service" "good_example" {
+   name                = "example-app-service"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+   app_service_plan_id = azurerm_app_service_plan.example.id
+ 
+   identity {
+     type = "UserAssigned"
+     identity_ids = "webapp1"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#identity
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/appservice/AVD-AZU-0003/Terraform.md b/avd_docs/azure/appservice/AVD-AZU-0003/Terraform.md
index 9160a9220..6d7da57da 100644
--- a/avd_docs/azure/appservice/AVD-AZU-0003/Terraform.md
+++ b/avd_docs/azure/appservice/AVD-AZU-0003/Terraform.md
@@ -2,18 +2,19 @@
 Enable authentication to prevent anonymous request being accepted
 
 ```hcl
-resource "azurerm_app_service" "good_example" {
-  name                = "example-app-service"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  app_service_plan_id = azurerm_app_service_plan.example.id
-  
-  auth_settings {
-    enabled = true
-  }
-}
+ resource "azurerm_app_service" "good_example" {
+   name                = "example-app-service"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+   app_service_plan_id = azurerm_app_service_plan.example.id
+ 
+   auth_settings {
+     enabled = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/appservice/AVD-AZU-0004/Terraform.md b/avd_docs/azure/appservice/AVD-AZU-0004/Terraform.md
index 954d92b4c..344874b35 100644
--- a/avd_docs/azure/appservice/AVD-AZU-0004/Terraform.md
+++ b/avd_docs/azure/appservice/AVD-AZU-0004/Terraform.md
@@ -2,18 +2,19 @@
 You can redirect all HTTP requests to the HTTPS port.
 
 ```hcl
-resource "azurerm_function_app" "good_example" {
-  name                       = "test-azure-functions"
-  location                   = azurerm_resource_group.example.location
-  resource_group_name        = azurerm_resource_group.example.name
-  app_service_plan_id        = azurerm_app_service_plan.example.id
-  storage_account_name       = azurerm_storage_account.example.name
-  storage_account_access_key = azurerm_storage_account.example.primary_access_key
-  os_type                    = "linux"
-  https_only                 = true
-}
+ resource "azurerm_function_app" "good_example" {
+   name                       = "test-azure-functions"
+   location                   = azurerm_resource_group.example.location
+   resource_group_name        = azurerm_resource_group.example.name
+   app_service_plan_id        = azurerm_app_service_plan.example.id
+   storage_account_name       = azurerm_storage_account.example.name
+   storage_account_access_key = azurerm_storage_account.example.primary_access_key
+   os_type                    = "linux"
+   https_only                 = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#https_only
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/appservice/AVD-AZU-0005/Terraform.md b/avd_docs/azure/appservice/AVD-AZU-0005/Terraform.md
index dc4ba3d74..95cd5b3bb 100644
--- a/avd_docs/azure/appservice/AVD-AZU-0005/Terraform.md
+++ b/avd_docs/azure/appservice/AVD-AZU-0005/Terraform.md
@@ -2,18 +2,19 @@
 Use the latest version of HTTP
 
 ```hcl
-resource "azurerm_app_service" "good_example" {
-  name                = "example-app-service"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  app_service_plan_id = azurerm_app_service_plan.example.id
-  
-  site_config {
-    http2_enabled = true
-  }
-}
+ resource "azurerm_app_service" "good_example" {
+   name                = "example-app-service"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+   app_service_plan_id = azurerm_app_service_plan.example.id
+ 
+   site_config {
+ 	  http2_enabled = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#http2_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/appservice/AVD-AZU-0006/Terraform.md b/avd_docs/azure/appservice/AVD-AZU-0006/Terraform.md
index 3811e2f22..e83651be7 100644
--- a/avd_docs/azure/appservice/AVD-AZU-0006/Terraform.md
+++ b/avd_docs/azure/appservice/AVD-AZU-0006/Terraform.md
@@ -2,14 +2,15 @@
 The TLS version being outdated and has known vulnerabilities
 
 ```hcl
-resource "azurerm_app_service" "good_example" {
-  name                = "example-app-service"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  app_service_plan_id = azurerm_app_service_plan.example.id
-}
+ resource "azurerm_app_service" "good_example" {
+   name                = "example-app-service"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+   app_service_plan_id = azurerm_app_service_plan.example.id
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#min_tls_version
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/authorization/AVD-AZU-0030/Terraform.md b/avd_docs/azure/authorization/AVD-AZU-0030/Terraform.md
index 3bb8b761a..bea3b019d 100644
--- a/avd_docs/azure/authorization/AVD-AZU-0030/Terraform.md
+++ b/avd_docs/azure/authorization/AVD-AZU-0030/Terraform.md
@@ -2,25 +2,26 @@
 Use targeted permissions for roles
 
 ```hcl
-data "azurerm_subscription" "primary" {
-}
-
-resource "azurerm_role_definition" "example" {
-  name        = "my-custom-role"
-  scope       = data.azurerm_subscription.primary.id
-  description = "This is a custom role created via Terraform"
-  
-  permissions {
-    actions     = ["*"]
-    not_actions = []
-  }
-  
-  assignable_scopes = [
-  data.azurerm_subscription.primary.id,
-  ]
-}
+ data "azurerm_subscription" "primary" {
+ }
+ 
+ resource "azurerm_role_definition" "example" {
+   name        = "my-custom-role"
+   scope       = data.azurerm_subscription.primary.id
+   description = "This is a custom role created via Terraform"
+ 
+   permissions {
+     actions     = ["*"]
+     not_actions = []
+   }
+ 
+   assignable_scopes = [
+     data.azurerm_subscription.primary.id,
+   ]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition#actions
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/compute/AVD-AZU-0037/Terraform.md b/avd_docs/azure/compute/AVD-AZU-0037/Terraform.md
index 92e0919a8..1ca9aad29 100644
--- a/avd_docs/azure/compute/AVD-AZU-0037/Terraform.md
+++ b/avd_docs/azure/compute/AVD-AZU-0037/Terraform.md
@@ -2,19 +2,20 @@
 Don't use sensitive credentials in the VM custom_data
 
 ```hcl
-resource "azurerm_virtual_machine" "good_example" {
-  name = "good_example"
-  os_profile_linux_config {
-    disable_password_authentication = false
-  }
-  os_profile {
-    custom_data =<<EOF
-    export GREETING="Hello there"
-    EOF
-  }
-}
+ resource "azurerm_virtual_machine" "good_example" {
+ 	name = "good_example"
+	os_profile_linux_config {
+		disable_password_authentication = false
+	}
+	os_profile {
+		custom_data =<<EOF
+			export GREETING="Hello there"
+			EOF
+	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine#custom_data
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/compute/AVD-AZU-0038/Terraform.md b/avd_docs/azure/compute/AVD-AZU-0038/Terraform.md
index f8450549b..3bb69e040 100644
--- a/avd_docs/azure/compute/AVD-AZU-0038/Terraform.md
+++ b/avd_docs/azure/compute/AVD-AZU-0038/Terraform.md
@@ -2,13 +2,13 @@
 Enable encryption on managed disks
 
 ```hcl
-resource "azurerm_managed_disk" "good_example" {
-  encryption_settings {
-    enabled = true
-  }
-}
+ resource "azurerm_managed_disk" "good_example" {
+ 	encryption_settings {
+ 		enabled = true
+ 	}
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/compute/AVD-AZU-0039/Terraform.md b/avd_docs/azure/compute/AVD-AZU-0039/Terraform.md
index d0141040c..8295effab 100644
--- a/avd_docs/azure/compute/AVD-AZU-0039/Terraform.md
+++ b/avd_docs/azure/compute/AVD-AZU-0039/Terraform.md
@@ -2,40 +2,42 @@
 Use ssh authentication for virtual machines
 
 ```hcl
-resource "azurerm_linux_virtual_machine" "good_linux_example" {
-  name                            = "good-linux-machine"
-  resource_group_name             = azurerm_resource_group.example.name
-  location                        = azurerm_resource_group.example.location
-  size                            = "Standard_F2"
-  admin_username                  = "adminuser"
-  admin_password                  = "somePassword"
-  
-  admin_ssh_key {
-    username   = "adminuser"
-    public_key = file("~/.ssh/id_rsa.pub")
-  }
-}
-
-resource "azurerm_virtual_machine" "good_example" {
-  name                            = "good-linux-machine"
-  resource_group_name             = azurerm_resource_group.example.name
-  location                        = azurerm_resource_group.example.location
-  size                            = "Standard_F2"
-  admin_username                  = "adminuser"
-  
-  
-  os_profile_linux_config {
-    ssh_keys = [{
-      key_data = file("~/.ssh/id_rsa.pub")
-      path = "~/.ssh/id_rsa.pub"
-      }]
-      
-      disable_password_authentication = true
-    }
-  }
+ resource "azurerm_linux_virtual_machine" "good_linux_example" {
+   name                            = "good-linux-machine"
+   resource_group_name             = azurerm_resource_group.example.name
+   location                        = azurerm_resource_group.example.location
+   size                            = "Standard_F2"
+   admin_username                  = "adminuser"
+   admin_password                  = "somePassword"
+   
+   admin_ssh_key {
+     username   = "adminuser"
+     public_key = file("~/.ssh/id_rsa.pub")
+   }
+ }
+ 
+ resource "azurerm_virtual_machine" "good_example" {
+ 	name                            = "good-linux-machine"
+ 	resource_group_name             = azurerm_resource_group.example.name
+ 	location                        = azurerm_resource_group.example.location
+ 	size                            = "Standard_F2"
+ 	admin_username                  = "adminuser"
+ 
+ 	
+ 	os_profile_linux_config {
+ 		ssh_keys = [{
+ 			key_data = file("~/.ssh/id_rsa.pub")
+ 			path = "~/.ssh/id_rsa.pub"
+ 		}]
+ 
+ 		disable_password_authentication = true
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#disable_password_authentication
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine#disable_password_authentication
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/container/AVD-AZU-0040/Terraform.md b/avd_docs/azure/container/AVD-AZU-0040/Terraform.md
index 2978965ef..1a65b18d4 100644
--- a/avd_docs/azure/container/AVD-AZU-0040/Terraform.md
+++ b/avd_docs/azure/container/AVD-AZU-0040/Terraform.md
@@ -1,37 +1,25 @@
 
 Enable logging for AKS
 
-For AzureRM provider 2.x
-
 ```hcl
-resource "azurerm_kubernetes_cluster" "good_example" {
-  addon_profile {
-    oms_agent {
-      enabled = true
-    }
-  }
-}
+ resource "azurerm_kubernetes_cluster" "good_example" {
+     addon_profile {
+ 		oms_agent {
+ 			enabled = true
+ 		}
+ 	}
+ }
+ 
 ```
-
-Alternatively, in AzureRM provider 3.x
-
 ```hcl
-
-resource "azurerm_log_analytics_workspace" "example" {
-  name                = "acctest-01"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  sku                 = "PerGB2018"
-  retention_in_days   = 30
-}
-
-resource "azurerm_kubernetes_cluster" "good_example" {
-   oms_agent {
-     log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
-   }
-}
+ resource "azurerm_kubernetes_cluster" "good_example" {
+ 		oms_agent {
+			log_analytics_workspace_id = "whatever"
+ 		}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#oms_agent
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/container/AVD-AZU-0041/Terraform.md b/avd_docs/azure/container/AVD-AZU-0041/Terraform.md
index 37399ab05..ed7c2a5df 100644
--- a/avd_docs/azure/container/AVD-AZU-0041/Terraform.md
+++ b/avd_docs/azure/container/AVD-AZU-0041/Terraform.md
@@ -2,13 +2,14 @@
 Limit the access to the API server to a limited IP range
 
 ```hcl
-resource "azurerm_kubernetes_cluster" "good_example" {
-  api_server_authorized_ip_ranges = [
-  "1.2.3.4/32"
-  ]
-}
+ resource "azurerm_kubernetes_cluster" "good_example" {
+     api_server_authorized_ip_ranges = [
+ 		"1.2.3.4/32"
+ 	]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#api_server_authorized_ip_ranges
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/container/AVD-AZU-0042/Terraform.md b/avd_docs/azure/container/AVD-AZU-0042/Terraform.md
index 75666e764..bb096862d 100644
--- a/avd_docs/azure/container/AVD-AZU-0042/Terraform.md
+++ b/avd_docs/azure/container/AVD-AZU-0042/Terraform.md
@@ -2,12 +2,18 @@
 Enable RBAC
 
 ```hcl
-resource "azurerm_kubernetes_cluster" "good_example" {
-  role_based_access_control {
-    enabled = true
-  }
-}
-
+ resource "azurerm_kubernetes_cluster" "good_example" {
+	// azurerm < 2.99.0
+	role_based_access_control {
+ 		enabled = true
+ 	}
+
+	// azurerm >= 2.99.0
+ 	role_based_access_control_enabled = true
+ }
+ 
+```
+```hcl
 resource "azurerm_kubernetes_cluster" "aks_cluster" {
   name                            = var.name
   location                        = var.location
@@ -44,9 +50,8 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
 
 }
 
-
 ```
 
 #### Remediation Links
  - https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html#role_based_access_control
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/container/AVD-AZU-0043/Terraform.md b/avd_docs/azure/container/AVD-AZU-0043/Terraform.md
index 38eba1d52..ffa1276dc 100644
--- a/avd_docs/azure/container/AVD-AZU-0043/Terraform.md
+++ b/avd_docs/azure/container/AVD-AZU-0043/Terraform.md
@@ -2,13 +2,14 @@
 Configure a network policy
 
 ```hcl
-resource "azurerm_kubernetes_cluster" "good_example" {
-  network_profile {
-    network_policy = "calico"
-  }
-}
+ resource "azurerm_kubernetes_cluster" "good_example" {
+ 	network_profile {
+ 	  network_policy = "calico"
+ 	  }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#network_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0018/Terraform.md b/avd_docs/azure/database/AVD-AZU-0018/Terraform.md
index a18807965..288e9a40a 100644
--- a/avd_docs/azure/database/AVD-AZU-0018/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0018/Terraform.md
@@ -2,20 +2,21 @@
 Provide at least one email address for threat alerts
 
 ```hcl
-resource "azurerm_mssql_server_security_alert_policy" "good_example" {
-  resource_group_name        = azurerm_resource_group.example.name
-  server_name                = azurerm_sql_server.example.name
-  state                      = "Enabled"
-  storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
-  storage_account_access_key = azurerm_storage_account.example.primary_access_key
-  disabled_alerts = [
-  "Sql_Injection",
-  "Data_Exfiltration"
-  ]
-  email_addresses = ["db-security@acme.org"]
-}
+ resource "azurerm_mssql_server_security_alert_policy" "good_example" {
+   resource_group_name        = azurerm_resource_group.example.name
+   server_name                = azurerm_sql_server.example.name
+   state                      = "Enabled"
+   storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
+   storage_account_access_key = azurerm_storage_account.example.primary_access_key
+   disabled_alerts = [
+     "Sql_Injection",
+     "Data_Exfiltration"
+   ]
+   email_addresses = ["db-security@acme.org"]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_security_alert_policy#email_addresses
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0019/Terraform.md b/avd_docs/azure/database/AVD-AZU-0019/Terraform.md
index d5715c919..6f264c562 100644
--- a/avd_docs/azure/database/AVD-AZU-0019/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0019/Terraform.md
@@ -2,33 +2,36 @@
 Enable connection logging
 
 ```hcl
-resource "azurerm_resource_group" "example" {
-  name     = "example-resources"
-  location = "West Europe"
-}
-
-resource "azurerm_postgresql_server" "example" {
-  name                = "example-psqlserver"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  
-  administrator_login          = "psqladminun"
-  administrator_login_password = "H@Sh1CoR3!"
-  
-  sku_name   = "GP_Gen5_4"
-  version    = "9.6"
-  storage_mb = 640000
-}
-
-resource "azurerm_postgresql_configuration" "example" {
-  name                = "log_connections"
-  resource_group_name = azurerm_resource_group.example.name
-  server_name         = azurerm_postgresql_server.example.name
-  value               = "on"
-}
+ resource "azurerm_resource_group" "example" {
+   name     = "example-resources"
+   location = "West Europe"
+ }
+ 
+ resource "azurerm_postgresql_server" "example" {
+   name                = "example-psqlserver"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+ 
+   administrator_login          = "psqladminun"
+   administrator_login_password = "H@Sh1CoR3!"
+ 
+   sku_name   = "GP_Gen5_4"
+   version    = "9.6"
+   storage_mb = 640000
+ }
+ 
+ resource "azurerm_postgresql_configuration" "example" {
+ 	name                = "log_connections"
+ 	resource_group_name = azurerm_resource_group.example.name
+ 	server_name         = azurerm_postgresql_server.example.name
+ 	value               = "on"
+   }
+   
+   
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration
+
  - https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs#configure-logging
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0020/Terraform.md b/avd_docs/azure/database/AVD-AZU-0020/Terraform.md
index bc231c30b..e1c54cd0f 100644
--- a/avd_docs/azure/database/AVD-AZU-0020/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0020/Terraform.md
@@ -2,17 +2,20 @@
 Enable SSL enforcement
 
 ```hcl
-resource "azurerm_postgresql_server" "good_example" {
-  name                = "good_example"
-  
-  public_network_access_enabled    = false
-  ssl_enforcement_enabled          = true
-  ssl_minimal_tls_version_enforced = "TLS1_2"
-}
+ resource "azurerm_postgresql_server" "good_example" {
+   name                = "good_example"
+ 
+   public_network_access_enabled    = false
+   ssl_enforcement_enabled          = true
+   ssl_minimal_tls_version_enforced = "TLS1_2"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#ssl_enforcement_enabled
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_enforcement_enabled
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server#ssl_enforcement_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0021/Terraform.md b/avd_docs/azure/database/AVD-AZU-0021/Terraform.md
index 774449f70..94895ffa3 100644
--- a/avd_docs/azure/database/AVD-AZU-0021/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0021/Terraform.md
@@ -2,32 +2,34 @@
 Enable connection throttling logging
 
 ```hcl
-resource "azurerm_resource_group" "example" {
-  name     = "example-resources"
-  location = "West Europe"
-}
-
-resource "azurerm_postgresql_server" "example" {
-  name                = "example-psqlserver"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  
-  administrator_login          = "psqladminun"
-  administrator_login_password = "H@Sh1CoR3!"
-  
-  sku_name   = "GP_Gen5_4"
-  version    = "9.6"
-  storage_mb = 640000
-}
-
-resource "azurerm_postgresql_configuration" "example" {
-  name                = "connection_throttling"
-  resource_group_name = azurerm_resource_group.example.name
-  server_name         = azurerm_postgresql_server.example.name
-  value               = "on"
-}
+ resource "azurerm_resource_group" "example" {
+   name     = "example-resources"
+   location = "West Europe"
+ }
+ 
+ resource "azurerm_postgresql_server" "example" {
+   name                = "example-psqlserver"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+ 
+   administrator_login          = "psqladminun"
+   administrator_login_password = "H@Sh1CoR3!"
+ 
+   sku_name   = "GP_Gen5_4"
+   version    = "9.6"
+   storage_mb = 640000
+ }
+ 
+ resource "azurerm_postgresql_configuration" "example" {
+ 	name                = "connection_throttling"
+ 	resource_group_name = azurerm_resource_group.example.name
+ 	server_name         = azurerm_postgresql_server.example.name
+ 	value               = "on"
+   }
+   
+   
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0022/Terraform.md b/avd_docs/azure/database/AVD-AZU-0022/Terraform.md
index e083caff8..217393a60 100644
--- a/avd_docs/azure/database/AVD-AZU-0022/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0022/Terraform.md
@@ -2,17 +2,20 @@
 Disable public access to database when not required
 
 ```hcl
-resource "azurerm_postgresql_server" "good_example" {
-  name                = "bad_example"
-  
-  public_network_access_enabled    = false
-  ssl_enforcement_enabled          = false
-  ssl_minimal_tls_version_enforced = "TLS1_2"
-}
+ resource "azurerm_postgresql_server" "good_example" {
+   name                = "bad_example"
+ 
+   public_network_access_enabled    = false
+   ssl_enforcement_enabled          = false
+   ssl_minimal_tls_version_enforced = "TLS1_2"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#public_network_access_enabled
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#public_network_access_enabled
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server#public_network_access_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0023/Terraform.md b/avd_docs/azure/database/AVD-AZU-0023/Terraform.md
index ac3acf67c..b42927755 100644
--- a/avd_docs/azure/database/AVD-AZU-0023/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0023/Terraform.md
@@ -2,18 +2,19 @@
 Enable email to subscription owners
 
 ```hcl
-resource "azurerm_mssql_server_security_alert_policy" "good_example" {
-  resource_group_name        = azurerm_resource_group.example.name
-  server_name                = azurerm_sql_server.example.name
-  state                      = "Enabled"
-  storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
-  storage_account_access_key = azurerm_storage_account.example.primary_access_key
-  disabled_alerts = []
-  
-  email_account_admins = true
-}
+ resource "azurerm_mssql_server_security_alert_policy" "good_example" {
+   resource_group_name        = azurerm_resource_group.example.name
+   server_name                = azurerm_sql_server.example.name
+   state                      = "Enabled"
+   storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
+   storage_account_access_key = azurerm_storage_account.example.primary_access_key
+   disabled_alerts = []
+ 
+   email_account_admins = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_security_alert_policy#email_account_admins
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0024/Terraform.md b/avd_docs/azure/database/AVD-AZU-0024/Terraform.md
index 44e788da2..d9aa58a04 100644
--- a/avd_docs/azure/database/AVD-AZU-0024/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0024/Terraform.md
@@ -2,32 +2,34 @@
 Enable checkpoint logging
 
 ```hcl
-resource "azurerm_resource_group" "example" {
-  name     = "example-resources"
-  location = "West Europe"
-}
-
-resource "azurerm_postgresql_server" "example" {
-  name                = "example-psqlserver"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  
-  administrator_login          = "psqladminun"
-  administrator_login_password = "H@Sh1CoR3!"
-  
-  sku_name   = "GP_Gen5_4"
-  version    = "9.6"
-  storage_mb = 640000
-}
-
-resource "azurerm_postgresql_configuration" "example" {
-  name                = "log_checkpoints"
-  resource_group_name = azurerm_resource_group.example.name
-  server_name         = azurerm_postgresql_server.example.name
-  value               = "on"
-}
+ resource "azurerm_resource_group" "example" {
+   name     = "example-resources"
+   location = "West Europe"
+ }
+ 
+ resource "azurerm_postgresql_server" "example" {
+   name                = "example-psqlserver"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+ 
+   administrator_login          = "psqladminun"
+   administrator_login_password = "H@Sh1CoR3!"
+ 
+   sku_name   = "GP_Gen5_4"
+   version    = "9.6"
+   storage_mb = 640000
+ }
+ 
+ resource "azurerm_postgresql_configuration" "example" {
+   name                = "log_checkpoints"
+   resource_group_name = azurerm_resource_group.example.name
+   server_name         = azurerm_postgresql_server.example.name
+   value               = "on"
+ }
+ 
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0025/Terraform.md b/avd_docs/azure/database/AVD-AZU-0025/Terraform.md
index 45af45523..4693d398a 100644
--- a/avd_docs/azure/database/AVD-AZU-0025/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0025/Terraform.md
@@ -2,23 +2,25 @@
 Set retention periods of database auditing to greater than 90 days
 
 ```hcl
-resource "azurerm_mssql_database_extended_auditing_policy" "good_example" {
-  database_id                             = azurerm_mssql_database.example.id
-  storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
-  storage_account_access_key              = azurerm_storage_account.example.primary_access_key
-  storage_account_access_key_is_secondary = false
-}
-
-resource "azurerm_mssql_database_extended_auditing_policy" "good_example" {
-  database_id                             = azurerm_mssql_database.example.id
-  storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
-  storage_account_access_key              = azurerm_storage_account.example.primary_access_key
-  storage_account_access_key_is_secondary = false
-  retention_in_days                       = 90
-}
+ resource "azurerm_mssql_database_extended_auditing_policy" "good_example" {
+   database_id                             = azurerm_mssql_database.example.id
+   storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
+   storage_account_access_key              = azurerm_storage_account.example.primary_access_key
+   storage_account_access_key_is_secondary = false
+ }
+ 
+ resource "azurerm_mssql_database_extended_auditing_policy" "good_example" {
+   database_id                             = azurerm_mssql_database.example.id
+   storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
+   storage_account_access_key              = azurerm_storage_account.example.primary_access_key
+   storage_account_access_key_is_secondary = false
+   retention_in_days                       = 90
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database_extended_auditing_policy
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#retention_in_days
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0026/Terraform.md b/avd_docs/azure/database/AVD-AZU-0026/Terraform.md
index 1ebb93cf2..86ba9c297 100644
--- a/avd_docs/azure/database/AVD-AZU-0026/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0026/Terraform.md
@@ -2,27 +2,30 @@
 Use the most modern TLS policies available
 
 ```hcl
-resource "azurerm_mssql_server" "good_example" {
-  name                         = "mssqlserver"
-  resource_group_name          = azurerm_resource_group.example.name
-  location                     = azurerm_resource_group.example.location
-  version                      = "12.0"
-  administrator_login          = "missadministrator"
-  administrator_login_password = "thisIsKat11"
-  minimum_tls_version          = "1.2"
-}
-
-resource "azurerm_postgresql_server" "good_example" {
-  name                = "bad_example"
-  
-  public_network_access_enabled    = true
-  ssl_enforcement_enabled          = false
-  ssl_minimal_tls_version_enforced = "TLS1_2"
-}
+ resource "azurerm_mssql_server" "good_example" {
+   name                         = "mssqlserver"
+   resource_group_name          = azurerm_resource_group.example.name
+   location                     = azurerm_resource_group.example.location
+   version                      = "12.0"
+   administrator_login          = "missadministrator"
+   administrator_login_password = "thisIsKat11"
+   minimum_tls_version          = "1.2"
+ }
+ 
+ resource "azurerm_postgresql_server" "good_example" {
+   name                = "bad_example"
+ 
+   public_network_access_enabled    = true
+   ssl_enforcement_enabled          = false
+   ssl_minimal_tls_version_enforced = "TLS1_2"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#minimum_tls_version
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_minimal_tls_version_enforced
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#ssl_minimal_tls_version_enforced
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0027/Terraform.md b/avd_docs/azure/database/AVD-AZU-0027/Terraform.md
index 3e23d3747..81b530905 100644
--- a/avd_docs/azure/database/AVD-AZU-0027/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0027/Terraform.md
@@ -2,23 +2,24 @@
 Enable auditing on Azure SQL databases
 
 ```hcl
-resource "azurerm_sql_server" "good_example" {
-  name                         = "mssqlserver"
-  resource_group_name          = azurerm_resource_group.example.name
-  location                     = azurerm_resource_group.example.location
-  version                      = "12.0"
-  administrator_login          = "mradministrator"
-  administrator_login_password = "tfsecRocks"
-  
-  extended_auditing_policy {
-    storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
-    storage_account_access_key              = azurerm_storage_account.example.primary_access_key
-    storage_account_access_key_is_secondary = true
-    retention_in_days                       = 6
-  }
-}
+ resource "azurerm_sql_server" "good_example" {
+   name                         = "mssqlserver"
+   resource_group_name          = azurerm_resource_group.example.name
+   location                     = azurerm_resource_group.example.location
+   version                      = "12.0"
+   administrator_login          = "mradministrator"
+   administrator_login_password = "tfsecRocks"
+ 
+   extended_auditing_policy {
+     storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
+     storage_account_access_key              = azurerm_storage_account.example.primary_access_key
+     storage_account_access_key_is_secondary = true
+     retention_in_days                       = 6
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#extended_auditing_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0028/Terraform.md b/avd_docs/azure/database/AVD-AZU-0028/Terraform.md
index aa813b808..0f07baae0 100644
--- a/avd_docs/azure/database/AVD-AZU-0028/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0028/Terraform.md
@@ -2,17 +2,18 @@
 Use all provided threat alerts
 
 ```hcl
-resource "azurerm_mssql_server_security_alert_policy" "good_example" {
-  resource_group_name        = azurerm_resource_group.example.name
-  server_name                = azurerm_sql_server.example.name
-  state                      = "Enabled"
-  storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
-  storage_account_access_key = azurerm_storage_account.example.primary_access_key
-  disabled_alerts = []
-  retention_days = 20
-}
+ resource "azurerm_mssql_server_security_alert_policy" "good_example" {
+   resource_group_name        = azurerm_resource_group.example.name
+   server_name                = azurerm_sql_server.example.name
+   state                      = "Enabled"
+   storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
+   storage_account_access_key = azurerm_storage_account.example.primary_access_key
+   disabled_alerts = []
+   retention_days = 20
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_security_alert_policy#disabled_alerts
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/database/AVD-AZU-0029/Terraform.md b/avd_docs/azure/database/AVD-AZU-0029/Terraform.md
index 6c0eba8f7..11e31700b 100644
--- a/avd_docs/azure/database/AVD-AZU-0029/Terraform.md
+++ b/avd_docs/azure/database/AVD-AZU-0029/Terraform.md
@@ -2,15 +2,16 @@
 Don't use wide ip ranges for the sql firewall
 
 ```hcl
-resource "azurerm_sql_firewall_rule" "good_example" {
-  name                = "good_rule"
-  resource_group_name = azurerm_resource_group.example.name
-  server_name         = azurerm_sql_server.example.name
-  start_ip_address    = "0.0.0.0"
-  end_ip_address      = "0.0.0.0"
-}
+ resource "azurerm_sql_firewall_rule" "good_example" {
+   name                = "good_rule"
+   resource_group_name = azurerm_resource_group.example.name
+   server_name         = azurerm_sql_server.example.name
+   start_ip_address    = "0.0.0.0"
+   end_ip_address      = "0.0.0.0"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_firewall_rule#end_ip_address
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/datafactory/AVD-AZU-0035/Terraform.md b/avd_docs/azure/datafactory/AVD-AZU-0035/Terraform.md
index a1d4d0dcc..f249dcaca 100644
--- a/avd_docs/azure/datafactory/AVD-AZU-0035/Terraform.md
+++ b/avd_docs/azure/datafactory/AVD-AZU-0035/Terraform.md
@@ -2,14 +2,15 @@
 Set public access to disabled for Data Factory
 
 ```hcl
-resource "azurerm_data_factory" "good_example" {
-  name                = "example"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  public_network_enabled = false
-}
+ resource "azurerm_data_factory" "good_example" {
+   name                = "example"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+   public_network_enabled = false
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory#public_network_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/datalake/AVD-AZU-0036/Terraform.md b/avd_docs/azure/datalake/AVD-AZU-0036/Terraform.md
index 3bd1a98bb..d25432cd8 100644
--- a/avd_docs/azure/datalake/AVD-AZU-0036/Terraform.md
+++ b/avd_docs/azure/datalake/AVD-AZU-0036/Terraform.md
@@ -2,11 +2,11 @@
 Enable encryption of data lake storage
 
 ```hcl
-resource "azurerm_data_lake_store" "good_example" {
-  encryption_state = "Enabled"
-}
+ resource "azurerm_data_lake_store" "good_example" {
+ 	encryption_state = "Enabled"
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_lake_store
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/keyvault/AVD-AZU-0013/Terraform.md b/avd_docs/azure/keyvault/AVD-AZU-0013/Terraform.md
index 654b49105..eadbee784 100644
--- a/avd_docs/azure/keyvault/AVD-AZU-0013/Terraform.md
+++ b/avd_docs/azure/keyvault/AVD-AZU-0013/Terraform.md
@@ -2,20 +2,21 @@
 Set a network ACL for the key vault
 
 ```hcl
-resource "azurerm_key_vault" "good_example" {
-  name                        = "examplekeyvault"
-  location                    = azurerm_resource_group.good_example.location
-  enabled_for_disk_encryption = true
-  soft_delete_retention_days  = 7
-  purge_protection_enabled    = false
-  
-  network_acls {
-    bypass = "AzureServices"
-    default_action = "Deny"
-  }
-}
+ resource "azurerm_key_vault" "good_example" {
+     name                        = "examplekeyvault"
+     location                    = azurerm_resource_group.good_example.location
+     enabled_for_disk_encryption = true
+     soft_delete_retention_days  = 7
+     purge_protection_enabled    = false
+ 
+     network_acls {
+         bypass = "AzureServices"
+         default_action = "Deny"
+     }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault#network_acls
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/keyvault/AVD-AZU-0014/Terraform.md b/avd_docs/azure/keyvault/AVD-AZU-0014/Terraform.md
index d188dff20..e4cda441a 100644
--- a/avd_docs/azure/keyvault/AVD-AZU-0014/Terraform.md
+++ b/avd_docs/azure/keyvault/AVD-AZU-0014/Terraform.md
@@ -2,24 +2,25 @@
 Set an expiration date on the vault key
 
 ```hcl
-resource "azurerm_key_vault_key" "good_example" {
-  name         = "generated-certificate"
-  key_vault_id = azurerm_key_vault.example.id
-  key_type     = "RSA"
-  key_size     = 2048
-  expiration_date = "1982-12-31T00:00:00Z"
-  
-  key_opts = [
-  "decrypt",
-  "encrypt",
-  "sign",
-  "unwrapKey",
-  "verify",
-  "wrapKey",
-  ]
-}
+ resource "azurerm_key_vault_key" "good_example" {
+   name         = "generated-certificate"
+   key_vault_id = azurerm_key_vault.example.id
+   key_type     = "RSA"
+   key_size     = 2048
+   expiration_date = "1982-12-31T00:00:00Z"
+ 
+   key_opts = [
+     "decrypt",
+     "encrypt",
+     "sign",
+     "unwrapKey",
+     "verify",
+     "wrapKey",
+   ]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key#expiration_date
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/keyvault/AVD-AZU-0015/Terraform.md b/avd_docs/azure/keyvault/AVD-AZU-0015/Terraform.md
index a300b3a0f..b8896eb1b 100644
--- a/avd_docs/azure/keyvault/AVD-AZU-0015/Terraform.md
+++ b/avd_docs/azure/keyvault/AVD-AZU-0015/Terraform.md
@@ -2,14 +2,15 @@
 Provide content type for secrets to aid interpretation on retrieval
 
 ```hcl
-resource "azurerm_key_vault_secret" "good_example" {
-  name         = "secret-sauce"
-  value        = "szechuan"
-  key_vault_id = azurerm_key_vault.example.id
-  content_type = "password"
-}
+ resource "azurerm_key_vault_secret" "good_example" {
+   name         = "secret-sauce"
+   value        = "szechuan"
+   key_vault_id = azurerm_key_vault.example.id
+   content_type = "password"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret#content_type
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/keyvault/AVD-AZU-0016/Terraform.md b/avd_docs/azure/keyvault/AVD-AZU-0016/Terraform.md
index 2a4464af8..3ab531c1c 100644
--- a/avd_docs/azure/keyvault/AVD-AZU-0016/Terraform.md
+++ b/avd_docs/azure/keyvault/AVD-AZU-0016/Terraform.md
@@ -2,15 +2,16 @@
 Enable purge protection for key vaults
 
 ```hcl
-resource "azurerm_key_vault" "good_example" {
-  name                        = "examplekeyvault"
-  location                    = azurerm_resource_group.good_example.location
-  enabled_for_disk_encryption = true
-  soft_delete_retention_days  = 7
-  purge_protection_enabled    = true
-}
+ resource "azurerm_key_vault" "good_example" {
+     name                        = "examplekeyvault"
+     location                    = azurerm_resource_group.good_example.location
+     enabled_for_disk_encryption = true
+     soft_delete_retention_days  = 7
+     purge_protection_enabled    = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault#purge_protection_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/keyvault/AVD-AZU-0017/Terraform.md b/avd_docs/azure/keyvault/AVD-AZU-0017/Terraform.md
index d38d0cf36..e5b1f8e64 100644
--- a/avd_docs/azure/keyvault/AVD-AZU-0017/Terraform.md
+++ b/avd_docs/azure/keyvault/AVD-AZU-0017/Terraform.md
@@ -2,14 +2,37 @@
 Set an expiry for secrets
 
 ```hcl
-resource "azurerm_key_vault_secret" "good_example" {
-  name            = "secret-sauce"
-  value           = "szechuan"
-  key_vault_id    = azurerm_key_vault.example.id
-  expiration_date = "1982-12-31T00:00:00Z"
+ resource "azurerm_key_vault_secret" "good_example" {
+   name            = "secret-sauce"
+   value           = "szechuan"
+   key_vault_id    = azurerm_key_vault.example.id
+   expiration_date = "1982-12-31T00:00:00Z"
+ }
+ 
+```
+```hcl
+resource "azuread_application" "myapp" {
+  display_name = "MyAzureAD App"
+
+  group_membership_claims = ["ApplicationGroup"]
+  prevent_duplicate_names = true
+
+}
+
+resource "azuread_application_password" "myapp" {
+  application_object_id = azuread_application.myapp.object_id
+}
+
+resource "azurerm_key_vault_secret" "myapp_pass" {
+  name            = "myapp-oauth"
+  value           = azuread_application_password.myapp.value
+  key_vault_id    = azurerm_key_vault.cluster_key_vault.id
+  expiration_date = azuread_application_password.myapp.end_date
+  content_type    = "Password"
 }
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret#expiration_date
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/monitor/AVD-AZU-0031/Terraform.md b/avd_docs/azure/monitor/AVD-AZU-0031/Terraform.md
index 6584e3272..ed69ea036 100644
--- a/avd_docs/azure/monitor/AVD-AZU-0031/Terraform.md
+++ b/avd_docs/azure/monitor/AVD-AZU-0031/Terraform.md
@@ -2,16 +2,17 @@
 Set a retention period that will allow for delayed investigation
 
 ```hcl
-resource "azurerm_monitor_log_profile" "good_example" {
-  name = "good_example"
-  
-  retention_policy {
-    enabled = true
-    days    = 365
-  }
-}
+ resource "azurerm_monitor_log_profile" "good_example" {
+   name = "good_example"
+ 
+   retention_policy {
+     enabled = true
+     days    = 365
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_log_profile#retention_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/monitor/AVD-AZU-0032/Terraform.md b/avd_docs/azure/monitor/AVD-AZU-0032/Terraform.md
index 3749d45cf..13445bda0 100644
--- a/avd_docs/azure/monitor/AVD-AZU-0032/Terraform.md
+++ b/avd_docs/azure/monitor/AVD-AZU-0032/Terraform.md
@@ -2,89 +2,91 @@
 Enable capture for all locations
 
 ```hcl
-resource "azurerm_monitor_log_profile" "bad_example" {
-  name = "bad_example"
-  
-  categories = []
-  
-  locations = [
-  "eastus",
-  "eastus2",
-  "southcentralus",
-  "westus2",
-  "westus3",
-  "australiaeast",
-  "southeastasia",
-  "northeurope",
-  "swedencentral",
-  "uksouth",
-  "westeurope",
-  "centralus",
-  "northcentralus",
-  "westus",
-  "southafricanorth",
-  "centralindia",
-  "eastasia",
-  "japaneast",
-  "jioindiawest",
-  "koreacentral",
-  "canadacentral",
-  "francecentral",
-  "germanywestcentral",
-  "norwayeast",
-  "switzerlandnorth",
-  "uaenorth",
-  "brazilsouth",
-  "centralusstage",
-  "eastusstage",
-  "eastus2stage",
-  "northcentralusstage",
-  "southcentralusstage",
-  "westusstage",
-  "westus2stage",
-  "asia",
-  "asiapacific",
-  "australia",
-  "brazil",
-  "canada",
-  "europe",
-  "global",
-  "india",
-  "japan",
-  "uk",
-  "unitedstates",
-  "eastasiastage",
-  "southeastasiastage",
-  "centraluseuap",
-  "eastus2euap",
-  "westcentralus",
-  "southafricawest",
-  "australiacentral",
-  "australiacentral2",
-  "australiasoutheast",
-  "japanwest",
-  "jioindiacentral",
-  "koreasouth",
-  "southindia",
-  "westindia",
-  "canadaeast",
-  "francesouth",
-  "germanynorth",
-  "norwaywest",
-  "swedensouth",
-  "switzerlandwest",
-  "ukwest",
-  "uaecentral",
-  "brazilsoutheast",
-  ]
-  
-  retention_policy {
-    enabled = true
-    days    = 7
-  }
-}
+ resource "azurerm_monitor_log_profile" "bad_example" {
+   name = "bad_example"
+ 
+   categories = []
+ 
+   locations = [
+ 	"eastus",
+ 	"eastus2",
+ 	"southcentralus",
+ 	"westus2",
+ 	"westus3",
+ 	"australiaeast",
+ 	"southeastasia",
+ 	"northeurope",
+ 	"swedencentral",
+ 	"uksouth",
+ 	"westeurope",
+ 	"centralus",
+ 	"northcentralus",
+ 	"westus",
+ 	"southafricanorth",
+ 	"centralindia",
+ 	"eastasia",
+ 	"japaneast",
+ 	"jioindiawest",
+ 	"koreacentral",
+ 	"canadacentral",
+ 	"francecentral",
+ 	"germanywestcentral",
+ 	"norwayeast",
+ 	"switzerlandnorth",
+ 	"uaenorth",
+ 	"brazilsouth",
+ 	"centralusstage",
+ 	"eastusstage",
+ 	"eastus2stage",
+ 	"northcentralusstage",
+ 	"southcentralusstage",
+ 	"westusstage",
+ 	"westus2stage",
+ 	"asia",
+ 	"asiapacific",
+ 	"australia",
+ 	"brazil",
+ 	"canada",
+ 	"europe",
+ 	"global",
+ 	"india",
+ 	"japan",
+ 	"uk",
+ 	"unitedstates",
+ 	"eastasiastage",
+ 	"southeastasiastage",
+ 	"centraluseuap",
+ 	"eastus2euap",
+ 	"westcentralus",
+ 	"southafricawest",
+ 	"australiacentral",
+ 	"australiacentral2",
+ 	"australiasoutheast",
+ 	"japanwest",
+ 	"jioindiacentral",
+ 	"koreasouth",
+ 	"southindia",
+ 	"westindia",
+ 	"canadaeast",
+ 	"francesouth",
+ 	"germanynorth",
+ 	"norwaywest",
+ 	"swedensouth",
+ 	"switzerlandwest",
+ 	"ukwest",
+ 	"uaecentral",
+ 	"brazilsoutheast",
+   ]
+ 
+   retention_policy {
+     enabled = true
+     days    = 7
+   }
+ }
+ 
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_log_profile#locations
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/monitor/AVD-AZU-0033/Terraform.md b/avd_docs/azure/monitor/AVD-AZU-0033/Terraform.md
index ec207d4ef..be85029a5 100644
--- a/avd_docs/azure/monitor/AVD-AZU-0033/Terraform.md
+++ b/avd_docs/azure/monitor/AVD-AZU-0033/Terraform.md
@@ -2,22 +2,23 @@
 Configure log profile to capture all activities
 
 ```hcl
-resource "azurerm_monitor_log_profile" "good_example" {
-  name = "good_example"
-  
-  categories = [
-  "Action",
-  "Delete",
-  "Write",
-  ]
-  
-  retention_policy {
-    enabled = true
-    days    = 365
-  }
-}
+ resource "azurerm_monitor_log_profile" "good_example" {
+   name = "good_example"
+ 
+   categories = [
+ 	  "Action",
+ 	  "Delete",
+ 	  "Write",
+   ]
+ 
+   retention_policy {
+     enabled = true
+     days    = 365
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_log_profile#categories
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/network/AVD-AZU-0047/Terraform.md b/avd_docs/azure/network/AVD-AZU-0047/Terraform.md
index f313d07b6..9d0018d9a 100644
--- a/avd_docs/azure/network/AVD-AZU-0047/Terraform.md
+++ b/avd_docs/azure/network/AVD-AZU-0047/Terraform.md
@@ -2,13 +2,23 @@
 Set a more restrictive cidr range
 
 ```hcl
-resource "azurerm_network_security_rule" "good_example" {
-  direction = "Inbound"
-  destination_address_prefix = "10.0.0.0/16"
-  access = "Allow"
+ resource "azurerm_network_security_rule" "good_example" {
+ 	direction = "Inbound"
+ 	destination_address_prefix = "10.0.0.0/16"
+ 	access = "Allow"
+ }
+```
+```hcl
+resource "azurerm_network_security_rule" "allow_lb_prober" {
+  direction                                  = "Inbound"
+  access                                     = "Allow"
+  protocol                                   = "Tcp" # Probes are always TCP
+  source_port_range                          = "*"
+  destination_port_ranges                    = "443"
+  source_address_prefix                      = "168.63.129.16" // single public IP (Azure well known)
 }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/network/AVD-AZU-0048/Terraform.md b/avd_docs/azure/network/AVD-AZU-0048/Terraform.md
index de53fdea3..0012503fc 100644
--- a/avd_docs/azure/network/AVD-AZU-0048/Terraform.md
+++ b/avd_docs/azure/network/AVD-AZU-0048/Terraform.md
@@ -2,32 +2,34 @@
 Block RDP port from internet
 
 ```hcl
-resource "azurerm_network_security_rule" "good_example" {
-  name                        = "good_example_security_rule"
-  direction                   = "Inbound"
-  access                      = "Allow"
-  protocol                    = "TCP"
-  source_port_range           = "*"
-  destination_port_range      = ["3389"]
-  source_address_prefix       = "4.53.160.75"
-  destination_address_prefix  = "*"
-}
-
-resource "azurerm_network_security_group" "example" {
-  name                = "tf-appsecuritygroup"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  
-  security_rule {
-    source_port_range           = "any"
-    destination_port_range      = ["3389"]
-    source_address_prefix       = "4.53.160.75"
-    destination_address_prefix  = "*"
-  }
-}
+ resource "azurerm_network_security_rule" "good_example" {
+      name                        = "good_example_security_rule"
+      direction                   = "Inbound"
+      access                      = "Allow"
+      protocol                    = "TCP"
+      source_port_range           = "*"
+      destination_port_ranges     = ["3389"]
+      source_address_prefix       = "4.53.160.75"
+      destination_address_prefix  = "*"
+ }
+ 
+ resource "azurerm_network_security_group" "example" {
+   name                = "tf-appsecuritygroup"
+   location            = azurerm_resource_group.example.location
+   resource_group_name = azurerm_resource_group.example.name
+   
+   security_rule {
+ 	 source_port_range           = "any"
+      destination_port_ranges     = ["3389"]
+      source_address_prefix       = "4.53.160.75"
+      destination_address_prefix  = "*"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/network_security_group#security_rule
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule#source_port_ranges
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/network/AVD-AZU-0049/Terraform.md b/avd_docs/azure/network/AVD-AZU-0049/Terraform.md
index 4b318c91f..f8b5db66b 100644
--- a/avd_docs/azure/network/AVD-AZU-0049/Terraform.md
+++ b/avd_docs/azure/network/AVD-AZU-0049/Terraform.md
@@ -3,20 +3,21 @@ Ensure flow log retention is turned on with an expiry of >90 days
 
 ```hcl
 resource "azurerm_network_watcher_flow_log" "good_watcher" {
-  network_watcher_name = "good_watcher"
-  resource_group_name = "resource-group"
-  
-  network_security_group_id = azurerm_network_security_group.test.id
-  storage_account_id = azurerm_storage_account.test.id
-  enabled = true
-  
-  retention_policy {
-    enabled = true
-    days = 90
-  }
+	network_watcher_name = "good_watcher"
+	resource_group_name = "resource-group"
+
+	network_security_group_id = azurerm_network_security_group.test.id
+	storage_account_id = azurerm_storage_account.test.id
+	enabled = true
+
+	retention_policy {
+		enabled = true
+		days = 90
+	}
 }
+	
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_watcher_flow_log#retention_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/network/AVD-AZU-0050/Terraform.md b/avd_docs/azure/network/AVD-AZU-0050/Terraform.md
index 9ad9e1a11..65c256ad5 100644
--- a/avd_docs/azure/network/AVD-AZU-0050/Terraform.md
+++ b/avd_docs/azure/network/AVD-AZU-0050/Terraform.md
@@ -2,32 +2,21 @@
 Block port 22 access from the internet
 
 ```hcl
-resource "azurerm_network_security_rule" "good_example" {
-  name                        = "good_example_security_rule"
-  direction                   = "Inbound"
-  access                      = "Allow"
-  protocol                    = "TCP"
-  source_port_range           = "*"
-  destination_port_range      = ["22"]
-  source_address_prefix       = "82.102.23.23"
-  destination_address_prefix  = "*"
-}
-
-resource "azurerm_network_security_group" "example" {
-  name                = "tf-appsecuritygroup"
-  location            = azurerm_resource_group.example.location
-  resource_group_name = azurerm_resource_group.example.name
-  
-  security_rule {
-    source_port_range           = "any"
-    destination_port_range      = ["22"]
-    source_address_prefix       = "82.102.23.23"
-    destination_address_prefix  = "*"
-  }
-}
+ resource "azurerm_network_security_rule" "good_example" {
+      name                        = "good_example_security_rule"
+      direction                   = "Inbound"
+      access                      = "Allow"
+      protocol                    = "TCP"
+      source_port_range           = "*"
+      destination_port_range      = "22"
+      source_address_prefix       = "82.102.23.23"
+      destination_address_prefix  = "*"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/network_security_group#security_rule
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule#source_port_ranges
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/network/AVD-AZU-0051/Terraform.md b/avd_docs/azure/network/AVD-AZU-0051/Terraform.md
index 0cb252b46..1781c9ce6 100644
--- a/avd_docs/azure/network/AVD-AZU-0051/Terraform.md
+++ b/avd_docs/azure/network/AVD-AZU-0051/Terraform.md
@@ -2,13 +2,13 @@
 Set a more restrictive cidr range
 
 ```hcl
-resource "azurerm_network_security_rule" "good_example" {
-  direction = "Outbound"
-  destination_address_prefix = "10.0.0.0/16"
-  access = "Allow"
-}
+ resource "azurerm_network_security_rule" "good_example" {
+ 	direction = "Outbound"
+ 	destination_address_prefix = "10.0.0.0/16"
+ 	access = "Allow"
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/securitycenter/AVD-AZU-0044/Terraform.md b/avd_docs/azure/securitycenter/AVD-AZU-0044/Terraform.md
index c142a28cb..ddd8c460a 100644
--- a/avd_docs/azure/securitycenter/AVD-AZU-0044/Terraform.md
+++ b/avd_docs/azure/securitycenter/AVD-AZU-0044/Terraform.md
@@ -2,15 +2,16 @@
  Set alert notifications to be on
 
 ```hcl
-resource "azurerm_security_center_contact" "good_example" {
-  email = "good_example@example.com"
-  phone = "+1-555-555-5555"
-  
-  alert_notifications = true
-  alerts_to_admins = true
-}
+		resource "azurerm_security_center_contact" "good_example" {
+		email = "good_example@example.com"
+		phone = "+1-555-555-5555"
+
+		alert_notifications = true
+		alerts_to_admins = true
+		}
+	
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact#alert_notifications
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/securitycenter/AVD-AZU-0045/Terraform.md b/avd_docs/azure/securitycenter/AVD-AZU-0045/Terraform.md
index 6441b5efc..4db565e94 100644
--- a/avd_docs/azure/securitycenter/AVD-AZU-0045/Terraform.md
+++ b/avd_docs/azure/securitycenter/AVD-AZU-0045/Terraform.md
@@ -2,12 +2,13 @@
 Enable standard subscription tier to benefit from Azure Defender
 
 ```hcl
-resource "azurerm_security_center_subscription_pricing" "good_example" {
-  tier          = "Standard"
-  resource_type = "VirtualMachines"
-}
+ resource "azurerm_security_center_subscription_pricing" "good_example" {
+   tier          = "Standard"
+   resource_type = "VirtualMachines"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing#tier
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/securitycenter/AVD-AZU-0046/Terraform.md b/avd_docs/azure/securitycenter/AVD-AZU-0046/Terraform.md
index f427134bb..af31d46ae 100644
--- a/avd_docs/azure/securitycenter/AVD-AZU-0046/Terraform.md
+++ b/avd_docs/azure/securitycenter/AVD-AZU-0046/Terraform.md
@@ -2,15 +2,16 @@
 Set a telephone number for security center contact
 
 ```hcl
-resource "azurerm_security_center_contact" "good_example" {
-  email = "good_contact@example.com"
-  phone = "+1-555-555-5555"
-  
-  alert_notifications = true
-  alerts_to_admins = true
-}
+		resource "azurerm_security_center_contact" "good_example" {
+		email = "good_contact@example.com"
+		phone = "+1-555-555-5555"
+
+		alert_notifications = true
+		alerts_to_admins = true
+		}
+	
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact#phone
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/storage/AVD-AZU-0007/Terraform.md b/avd_docs/azure/storage/AVD-AZU-0007/Terraform.md
index 7b6252ad5..57a503085 100644
--- a/avd_docs/azure/storage/AVD-AZU-0007/Terraform.md
+++ b/avd_docs/azure/storage/AVD-AZU-0007/Terraform.md
@@ -2,16 +2,13 @@
 Disable public access to storage containers
 
 ```hcl
-resource "azure_storage_container" "good_example" {
-  name                  = "terraform-container-storage"
-  container_access_type = "blob"
-  
-  properties = {
-    "publicAccess" = "off"
-  }
-}
+ resource "azurerm_storage_container" "good_example" {
+ 	name                  = "terraform-container-storage"
+ 	container_access_type = "private"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://www.terraform.io/docs/providers/azure/r/storage_container.html#properties
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/storage/AVD-AZU-0008/Terraform.md b/avd_docs/azure/storage/AVD-AZU-0008/Terraform.md
index 8f2b6991a..e94b9e755 100644
--- a/avd_docs/azure/storage/AVD-AZU-0008/Terraform.md
+++ b/avd_docs/azure/storage/AVD-AZU-0008/Terraform.md
@@ -2,16 +2,17 @@
 Only allow secure connection for transferring data into storage accounts
 
 ```hcl
-resource "azurerm_storage_account" "good_example" {
-  name                      = "storageaccountname"
-  resource_group_name       = azurerm_resource_group.example.name
-  location                  = azurerm_resource_group.example.location
-  account_tier              = "Standard"
-  account_replication_type  = "GRS"
-  enable_https_traffic_only = true
-}
+ resource "azurerm_storage_account" "good_example" {
+   name                      = "storageaccountname"
+   resource_group_name       = azurerm_resource_group.example.name
+   location                  = azurerm_resource_group.example.location
+   account_tier              = "Standard"
+   account_replication_type  = "GRS"
+   enable_https_traffic_only = true
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#enable_https_traffic_only
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/storage/AVD-AZU-0009/Terraform.md b/avd_docs/azure/storage/AVD-AZU-0009/Terraform.md
index dc4dba488..a0170a992 100644
--- a/avd_docs/azure/storage/AVD-AZU-0009/Terraform.md
+++ b/avd_docs/azure/storage/AVD-AZU-0009/Terraform.md
@@ -2,24 +2,25 @@
 Enable logging for Queue Services
 
 ```hcl
-resource "azurerm_storage_account" "good_example" {
-  name                     = "example"
-  resource_group_name      = data.azurerm_resource_group.example.name
-  location                 = data.azurerm_resource_group.example.location
-  account_tier             = "Standard"
-  account_replication_type = "GRS"
-  queue_properties  {
-    logging {
-      delete                = true
-      read                  = true
-      write                 = true
-      version               = "1.0"
-      retention_policy_days = 10
-    }
-  }
-}
+ resource "azurerm_storage_account" "good_example" {
+     name                     = "example"
+     resource_group_name      = data.azurerm_resource_group.example.name
+     location                 = data.azurerm_resource_group.example.location
+     account_tier             = "Standard"
+     account_replication_type = "GRS"
+     queue_properties  {
+     logging {
+         delete                = true
+         read                  = true
+         write                 = true
+         version               = "1.0"
+         retention_policy_days = 10
+     }
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#logging
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/storage/AVD-AZU-0010/Terraform.md b/avd_docs/azure/storage/AVD-AZU-0010/Terraform.md
index 3cb65447b..cf440d43c 100644
--- a/avd_docs/azure/storage/AVD-AZU-0010/Terraform.md
+++ b/avd_docs/azure/storage/AVD-AZU-0010/Terraform.md
@@ -2,38 +2,40 @@
 Allow Trusted Microsoft Services to bypass
 
 ```hcl
-resource "azurerm_storage_account" "good_example" {
-  name                = "storageaccountname"
-  resource_group_name = azurerm_resource_group.example.name
-  
-  location                 = azurerm_resource_group.example.location
-  account_tier             = "Standard"
-  account_replication_type = "LRS"
-  
-  network_rules {
-    default_action             = "Deny"
-    ip_rules                   = ["100.0.0.1"]
-    virtual_network_subnet_ids = [azurerm_subnet.example.id]
-    bypass                     = ["Metrics", "AzureServices"]
-  }
-  
-  tags = {
-    environment = "staging"
-  }
-}
-
-resource "azurerm_storage_account_network_rules" "test" {
-  resource_group_name  = azurerm_resource_group.test.name
-  storage_account_name = azurerm_storage_account.test.name
-  
-  default_action             = "Allow"
-  ip_rules                   = ["127.0.0.1"]
-  virtual_network_subnet_ids = [azurerm_subnet.test.id]
-  bypass                     = ["Metrics", "AzureServices"]
-}
+ resource "azurerm_storage_account" "good_example" {
+   name                = "storageaccountname"
+   resource_group_name = azurerm_resource_group.example.name
+ 
+   location                 = azurerm_resource_group.example.location
+   account_tier             = "Standard"
+   account_replication_type = "LRS"
+ 
+   network_rules {
+     default_action             = "Deny"
+     ip_rules                   = ["100.0.0.1"]
+     virtual_network_subnet_ids = [azurerm_subnet.example.id]
+     bypass                     = ["Metrics", "AzureServices"]
+   }
+ 
+   tags = {
+     environment = "staging"
+   }
+ }
+ 
+ resource "azurerm_storage_account_network_rules" "test" {
+   resource_group_name  = azurerm_resource_group.test.name
+   storage_account_name = azurerm_storage_account.test.name
+ 
+   default_action             = "Allow"
+   ip_rules                   = ["127.0.0.1"]
+   virtual_network_subnet_ids = [azurerm_subnet.test.id]
+   bypass                     = ["Metrics", "AzureServices"]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#bypass
+
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules#bypass
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/storage/AVD-AZU-0011/Terraform.md b/avd_docs/azure/storage/AVD-AZU-0011/Terraform.md
index 26a0dbff3..5f4780943 100644
--- a/avd_docs/azure/storage/AVD-AZU-0011/Terraform.md
+++ b/avd_docs/azure/storage/AVD-AZU-0011/Terraform.md
@@ -2,14 +2,15 @@
 Use a more recent TLS/SSL policy for the load balancer
 
 ```hcl
-resource "azurerm_storage_account" "good_example" {
-  name                     = "storageaccountname"
-  resource_group_name      = azurerm_resource_group.example.name
-  location                 = azurerm_resource_group.example.location
-  min_tls_version          = "TLS1_2"
-}
+ resource "azurerm_storage_account" "good_example" {
+   name                     = "storageaccountname"
+   resource_group_name      = azurerm_resource_group.example.name
+   location                 = azurerm_resource_group.example.location
+   min_tls_version          = "TLS1_2"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#min_tls_version
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/storage/AVD-AZU-0012/Terraform.md b/avd_docs/azure/storage/AVD-AZU-0012/Terraform.md
index 024b977ae..b6ed570dc 100644
--- a/avd_docs/azure/storage/AVD-AZU-0012/Terraform.md
+++ b/avd_docs/azure/storage/AVD-AZU-0012/Terraform.md
@@ -2,15 +2,16 @@
 Set network rules to deny
 
 ```hcl
-resource "azurerm_storage_account_network_rules" "good_example" {
-  
-  default_action             = "Deny"
-  ip_rules                   = ["127.0.0.1"]
-  virtual_network_subnet_ids = [azurerm_subnet.test.id]
-  bypass                     = ["Metrics"]
-}
+ resource "azurerm_storage_account_network_rules" "good_example" {
+   
+   default_action             = "Deny"
+   ip_rules                   = ["127.0.0.1"]
+   virtual_network_subnet_ids = [azurerm_subnet.test.id]
+   bypass                     = ["Metrics"]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules#default_action
-        
\ No newline at end of file
+
diff --git a/avd_docs/azure/synapse/AVD-AZU-0034/Terraform.md b/avd_docs/azure/synapse/AVD-AZU-0034/Terraform.md
index 64dd36bb0..ca7bcf0cf 100644
--- a/avd_docs/azure/synapse/AVD-AZU-0034/Terraform.md
+++ b/avd_docs/azure/synapse/AVD-AZU-0034/Terraform.md
@@ -2,26 +2,27 @@
 Set manage virtual network to enabled
 
 ```hcl
-resource "azurerm_synapse_workspace" "good_example" {
-  name                                 = "example"
-  resource_group_name                  = azurerm_resource_group.example.name
-  location                             = azurerm_resource_group.example.location
-  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id
-  sql_administrator_login              = "sqladminuser"
-  sql_administrator_login_password     = "H@Sh1CoR3!"
-  managed_virtual_network_enabled	   = true
-  aad_admin {
-    login     = "AzureAD Admin"
-    object_id = "00000000-0000-0000-0000-000000000000"
-    tenant_id = "00000000-0000-0000-0000-000000000000"
-  }
-  
-  tags = {
-    Env = "production"
-  }
-}
+ resource "azurerm_synapse_workspace" "good_example" {
+   name                                 = "example"
+   resource_group_name                  = azurerm_resource_group.example.name
+   location                             = azurerm_resource_group.example.location
+   storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id
+   sql_administrator_login              = "sqladminuser"
+   sql_administrator_login_password     = "H@Sh1CoR3!"
+   managed_virtual_network_enabled	   = true
+   aad_admin {
+     login     = "AzureAD Admin"
+     object_id = "00000000-0000-0000-0000-000000000000"
+     tenant_id = "00000000-0000-0000-0000-000000000000"
+   }
+ 
+   tags = {
+     Env = "production"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace#managed_virtual_network_enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/cloudstack/compute/AVD-CLDSTK-0001/Terraform.md b/avd_docs/cloudstack/compute/AVD-CLDSTK-0001/Terraform.md
index daf6a3820..5cec9f625 100644
--- a/avd_docs/cloudstack/compute/AVD-CLDSTK-0001/Terraform.md
+++ b/avd_docs/cloudstack/compute/AVD-CLDSTK-0001/Terraform.md
@@ -2,18 +2,30 @@
 Don't use sensitive data in the user data section
 
 ```hcl
-resource "cloudstack_instance" "web" {
-  name             = "server-1"
-  service_offering = "small"
-  network_id       = "6eb22f91-7454-4107-89f4-36afcdf33021"
-  template         = "CentOS 6.5"
-  zone             = "zone-1"
-  user_data        = <<EOF
-  export GREETING="Hello there"
-  EOF
-}
+ resource "cloudstack_instance" "web" {
+   name             = "server-1"
+   service_offering = "small"
+   network_id       = "6eb22f91-7454-4107-89f4-36afcdf33021"
+   template         = "CentOS 6.5"
+   zone             = "zone-1"
+   user_data        = <<EOF
+ export GREETING="Hello there"
+ EOF
+ }
+ 
+```
+```hcl
+ resource "cloudstack_instance" "web" {
+   name             = "server-1"
+   service_offering = "small"
+   network_id       = "6eb22f91-7454-4107-89f4-36afcdf33021"
+   template         = "CentOS 6.5"
+   zone             = "zone-1"
+   user_data        = "ZXhwb3J0IEVESVRPUj12aW1hY3M="
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/cloudstack/latest/docs/resources/instance#
-        
\ No newline at end of file
+
diff --git a/avd_docs/digitalocean/compute/AVD-DIG-0001/Terraform.md b/avd_docs/digitalocean/compute/AVD-DIG-0001/Terraform.md
index 5e4d415ba..bc13b4669 100644
--- a/avd_docs/digitalocean/compute/AVD-DIG-0001/Terraform.md
+++ b/avd_docs/digitalocean/compute/AVD-DIG-0001/Terraform.md
@@ -2,19 +2,20 @@
 Set a more restrictive CIRDR range
 
 ```hcl
-resource "digitalocean_firewall" "good_example" {
-  name = "only-22-80-and-443"
-  
-  droplet_ids = [digitalocean_droplet.web.id]
-  
-  inbound_rule {
-    protocol         = "tcp"
-    port_range       = "22"
-    source_addresses = ["192.168.1.0/24", "fc00::/7"]
-  }
-}
+ resource "digitalocean_firewall" "good_example" {
+ 	name = "only-22-80-and-443"
+   
+ 	droplet_ids = [digitalocean_droplet.web.id]
+   
+ 	inbound_rule {
+ 	  protocol         = "tcp"
+ 	  port_range       = "22"
+ 	  source_addresses = ["192.168.1.0/24", "fc00::/7"]
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/firewall
-        
\ No newline at end of file
+
diff --git a/avd_docs/digitalocean/compute/AVD-DIG-0002/Terraform.md b/avd_docs/digitalocean/compute/AVD-DIG-0002/Terraform.md
index 77deb10ef..9a9482851 100644
--- a/avd_docs/digitalocean/compute/AVD-DIG-0002/Terraform.md
+++ b/avd_docs/digitalocean/compute/AVD-DIG-0002/Terraform.md
@@ -2,22 +2,23 @@
 Switch to HTTPS to benefit from TLS security features
 
 ```hcl
-resource "digitalocean_loadbalancer" "bad_example" {
-  name   = "bad_example-1"
-  region = "nyc3"
-  
-  forwarding_rule {
-    entry_port     = 443
-    entry_protocol = "https"
-    
-    target_port     = 443
-    target_protocol = "https"
-  }
-  
-  droplet_ids = [digitalocean_droplet.web.id]
-}
+ resource "digitalocean_loadbalancer" "bad_example" {
+   name   = "bad_example-1"
+   region = "nyc3"
+   
+   forwarding_rule {
+ 	entry_port     = 443
+ 	entry_protocol = "https"
+   
+ 	target_port     = 443
+ 	target_protocol = "https"
+   }
+   
+   droplet_ids = [digitalocean_droplet.web.id]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/loadbalancer
-        
\ No newline at end of file
+
diff --git a/avd_docs/digitalocean/compute/AVD-DIG-0003/Terraform.md b/avd_docs/digitalocean/compute/AVD-DIG-0003/Terraform.md
index ddf3b3a1e..4dea4aa16 100644
--- a/avd_docs/digitalocean/compute/AVD-DIG-0003/Terraform.md
+++ b/avd_docs/digitalocean/compute/AVD-DIG-0003/Terraform.md
@@ -2,19 +2,20 @@
 Set a more restrictive cidr range
 
 ```hcl
-resource "digitalocean_firewall" "good_example" {
-  name = "only-22-80-and-443"
-  
-  droplet_ids = [digitalocean_droplet.web.id]
-  
-  outbound_rule {
-    protocol         = "tcp"
-    port_range       = "22"
-    destination_addresses = ["192.168.1.0/24", "fc00::/7"]
-  }
-}
+ resource "digitalocean_firewall" "good_example" {
+ 	name = "only-22-80-and-443"
+   
+ 	droplet_ids = [digitalocean_droplet.web.id]
+   
+ 	outbound_rule {
+ 	  protocol         = "tcp"
+ 	  port_range       = "22"
+ 	  destination_addresses = ["192.168.1.0/24", "fc00::/7"]
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/firewall
-        
\ No newline at end of file
+
diff --git a/avd_docs/digitalocean/compute/AVD-DIG-0004/Terraform.md b/avd_docs/digitalocean/compute/AVD-DIG-0004/Terraform.md
index d245d0323..54ca633a7 100644
--- a/avd_docs/digitalocean/compute/AVD-DIG-0004/Terraform.md
+++ b/avd_docs/digitalocean/compute/AVD-DIG-0004/Terraform.md
@@ -2,19 +2,20 @@
 Use ssh keys for login
 
 ```hcl
-data "digitalocean_ssh_key" "terraform" {
-  name = "myKey"
-}
-
-resource "digitalocean_droplet" "good_example" {
-  image    = "ubuntu-18-04-x64"
-  name     = "web-1"
-  region   = "nyc2"
-  size     = "s-1vcpu-1gb"
-  ssh_keys = [ data.digitalocean_ssh_key.myKey.id ]
-}
+ data "digitalocean_ssh_key" "terraform" {
+ 	name = "myKey"
+   }
+   
+ resource "digitalocean_droplet" "good_example" {
+ 	image    = "ubuntu-18-04-x64"
+ 	name     = "web-1"
+ 	region   = "nyc2"
+ 	size     = "s-1vcpu-1gb"
+ 	ssh_keys = [ data.digitalocean_ssh_key.myKey.id ]
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/droplet#ssh_keys
-        
\ No newline at end of file
+
diff --git a/avd_docs/digitalocean/compute/AVD-DIG-0005/Terraform.md b/avd_docs/digitalocean/compute/AVD-DIG-0005/Terraform.md
index 6431307b2..be591c2c9 100644
--- a/avd_docs/digitalocean/compute/AVD-DIG-0005/Terraform.md
+++ b/avd_docs/digitalocean/compute/AVD-DIG-0005/Terraform.md
@@ -1,23 +1,28 @@
 
-Enable surge upgrades for a faster and more reliable upgrade of your Kubernetes cluster.
+Enable surge upgrades in your Kubernetes cluster
 
 ```hcl
-data "digitalocean_kubernetes_versions" "example" {
-  version_prefix = "1.22."
-}
-resource "digitalocean_kubernetes_cluster" "foo" {
-  name          = "foo"
-  region        = "nyc1"
-  surge_upgrade = true
-  version       = data.digitalocean_kubernetes_versions.example.latest_version
+resource "digitalocean_kubernetes_cluster" "surge_upgrade_good" {
+	name   = "foo"
+	region = "nyc1"
+	version = "1.20.2-do.0"
+	surge_upgrade = true
 
-  node_pool {
-    name       = "default"
-    size       = "s-1vcpu-2gb"
-    node_count = 3
-  }
+	node_pool {
+		name       = "worker-pool"
+		size       = "s-2vcpu-2gb"
+		node_count = 3
+	
+		taint {
+			key    = "workloadKind"
+			value  = "database"
+			effect = "NoSchedule"
+		}
+	}
 }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/kubernetes_cluster#surge_upgrade
+
diff --git a/avd_docs/digitalocean/compute/AVD-DIG-0008/Terraform.md b/avd_docs/digitalocean/compute/AVD-DIG-0008/Terraform.md
new file mode 100644
index 000000000..4d6ebad69
--- /dev/null
+++ b/avd_docs/digitalocean/compute/AVD-DIG-0008/Terraform.md
@@ -0,0 +1,24 @@
+
+Set maintenance policy deterministically when auto upgrades are enabled
+
+```hcl
+resource "digitalocean_kubernetes_cluster" "foo" {
+	name    	 = "foo"
+	region  	 = "nyc1"
+	version 	 = "1.20.2-do.0"
+	auto_upgrade = true
+
+	node_pool {
+		name       = "autoscale-worker-pool"
+		size       = "s-2vcpu-2gb"
+		auto_scale = true
+		min_nodes  = 1
+		max_nodes  = 5
+	}
+}
+
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/kubernetes_cluster#auto-upgrade-example
+
diff --git a/avd_docs/digitalocean/spaces/AVD-DIG-0006/Terraform.md b/avd_docs/digitalocean/spaces/AVD-DIG-0006/Terraform.md
index 715f8bf5c..b66249c11 100644
--- a/avd_docs/digitalocean/spaces/AVD-DIG-0006/Terraform.md
+++ b/avd_docs/digitalocean/spaces/AVD-DIG-0006/Terraform.md
@@ -2,22 +2,24 @@
 Apply a more restrictive ACL
 
 ```hcl
-resource "digitalocean_spaces_bucket" "good_example" {
-  name   = "private_space"
-  region = "nyc3"
-  acl    = "private"
-}
-
-resource "digitalocean_spaces_bucket_object" "index" {
-  region       = digitalocean_spaces_bucket.good_example.region
-  bucket       = digitalocean_spaces_bucket.good_example.name
-  key          = "index.html"
-  content      = "<html><body><p>This page is empty.</p></body></html>"
-  content_type = "text/html"
-}
+ resource "digitalocean_spaces_bucket" "good_example" {
+   name   = "private_space"
+   region = "nyc3"
+   acl    = "private"
+ }
+   
+ resource "digitalocean_spaces_bucket_object" "index" {
+   region       = digitalocean_spaces_bucket.good_example.region
+   bucket       = digitalocean_spaces_bucket.good_example.name
+   key          = "index.html"
+   content      = "<html><body><p>This page is empty.</p></body></html>"
+   content_type = "text/html"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/spaces_bucket#acl
+
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/spaces_bucket_object#acl
-        
\ No newline at end of file
+
diff --git a/avd_docs/digitalocean/spaces/AVD-DIG-0007/Terraform.md b/avd_docs/digitalocean/spaces/AVD-DIG-0007/Terraform.md
index 891a82f81..dbacca517 100644
--- a/avd_docs/digitalocean/spaces/AVD-DIG-0007/Terraform.md
+++ b/avd_docs/digitalocean/spaces/AVD-DIG-0007/Terraform.md
@@ -2,16 +2,17 @@
 Enable versioning to protect against accidental or malicious removal or modification
 
 ```hcl
-resource "digitalocean_spaces_bucket" "good_example" {
-  name   = "foobar"
-  region = "nyc3"
-  
-  versioning {
-    enabled = true
-  }
-}
+ resource "digitalocean_spaces_bucket" "good_example" {
+   name   = "foobar"
+   region = "nyc3"
+ 
+   versioning {
+ 	enabled = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/spaces_bucket#versioning
-        
\ No newline at end of file
+
diff --git a/avd_docs/digitalocean/spaces/AVD-DIG-0009/Terraform.md b/avd_docs/digitalocean/spaces/AVD-DIG-0009/Terraform.md
new file mode 100644
index 000000000..28eee9d11
--- /dev/null
+++ b/avd_docs/digitalocean/spaces/AVD-DIG-0009/Terraform.md
@@ -0,0 +1,14 @@
+
+Don't use force destroy on bucket configuration
+
+```hcl
+ resource "digitalocean_spaces_bucket" "good_example" {
+   name   = "foobar"
+   region = "nyc3"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/spaces_bucket#force_destroy
+
diff --git a/avd_docs/github/actions/AVD-GIT-0002/Terraform.md b/avd_docs/github/actions/AVD-GIT-0002/Terraform.md
index 75e30fe22..f9e895c0d 100644
--- a/avd_docs/github/actions/AVD-GIT-0002/Terraform.md
+++ b/avd_docs/github/actions/AVD-GIT-0002/Terraform.md
@@ -3,14 +3,16 @@ Do not store plaintext values in your code but rather populate the encrypted_val
 
 ```hcl
 resource "github_actions_environment_secret" "good_example" {
-  repository       = "my repository name"
-  environment       = "my environment"
-  secret_name       = "my secret name"
-  encrypted_value   = var.some_encrypted_secret_string
+	repository       = "my repository name"
+	environment       = "my environment"
+	secret_name       = "my secret name"
+	encrypted_value   = var.some_encrypted_secret_string
 }
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_secret
+
  - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
-        
\ No newline at end of file
+
diff --git a/avd_docs/github/branch_protections/AVD-GIT-0004/Terraform.md b/avd_docs/github/branch_protections/AVD-GIT-0004/Terraform.md
index 54940cf5f..038560d0b 100644
--- a/avd_docs/github/branch_protections/AVD-GIT-0004/Terraform.md
+++ b/avd_docs/github/branch_protections/AVD-GIT-0004/Terraform.md
@@ -1,14 +1,16 @@
 
-Require signed commits for a repository
+Require signed commits
 
 ```hcl
-resource "github_branch_protection" "good_example" {
-  repository_id = "example"
-  pattern       = "main"
+ resource "github_branch_protection" "good_example" {
+   repository_id = "example"
+   pattern       = "main"
 
-  require_signed_commits = true
-}
+   require_signed_commits = true
+ }
+ 
 ```
 
 #### Remediation Links
- - https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection#require_signed_commits
+ - https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection
+
diff --git a/avd_docs/github/repositories/AVD-GIT-0001/Terraform.md b/avd_docs/github/repositories/AVD-GIT-0001/Terraform.md
index a4a3d0807..57d847410 100644
--- a/avd_docs/github/repositories/AVD-GIT-0001/Terraform.md
+++ b/avd_docs/github/repositories/AVD-GIT-0001/Terraform.md
@@ -2,19 +2,20 @@
 Make sensitive or commercially important repositories private
 
 ```hcl
-resource "github_repository" "good_example" {
-  name        = "example"
-  description = "My awesome codebase"
-  
-  visibility  = "private"
-  
-  template {
-    owner = "github"
-    repository = "terraform-module-template"
-  }
-}
+ resource "github_repository" "good_example" {
+   name        = "example"
+   description = "My awesome codebase"
+ 
+   visibility  = "private"
+ 
+   template {
+     owner = "github"
+     repository = "terraform-module-template"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository
-        
\ No newline at end of file
+
diff --git a/avd_docs/github/repositories/AVD-GIT-0003/Terraform.md b/avd_docs/github/repositories/AVD-GIT-0003/Terraform.md
index d7c8b5a3c..5e179adaa 100644
--- a/avd_docs/github/repositories/AVD-GIT-0003/Terraform.md
+++ b/avd_docs/github/repositories/AVD-GIT-0003/Terraform.md
@@ -1,19 +1,21 @@
 
-Enable vulnerability alerts for a repository
+Enable vulnerability alerts
 
 ```hcl
-resource "github_repository" "good_example" {
-  name        = "example"
-  description = "My awesome codebase"
+ resource "github_repository" "good_example" {
+   name        = "example"
+   description = "My awesome codebase"
 
-  vulnerability_alerts = true
+   vulnerability_alerts = true
 
-  template {
-    owner = "github"
-    repository = "terraform-module-template"
-  }
-}
+   template {
+     owner = "github"
+     repository = "terraform-module-template"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository
+
diff --git a/avd_docs/google/bigquery/AVD-GCP-0046/Terraform.md b/avd_docs/google/bigquery/AVD-GCP-0046/Terraform.md
index f68eee7c8..587723ad5 100644
--- a/avd_docs/google/bigquery/AVD-GCP-0046/Terraform.md
+++ b/avd_docs/google/bigquery/AVD-GCP-0046/Terraform.md
@@ -2,33 +2,34 @@
 Configure access permissions with higher granularity
 
 ```hcl
-resource "google_bigquery_dataset" "good_example" {
-  dataset_id                  = "example_dataset"
-  friendly_name               = "test"
-  description                 = "This is a test description"
-  location                    = "EU"
-  default_table_expiration_ms = 3600000
-  
-  labels = {
-    env = "default"
-  }
-  
-  access {
-    role          = "OWNER"
-    user_by_email = google_service_account.bqowner.email
-  }
-  
-  access {
-    role   = "READER"
-    domain = "hashicorp.com"
-  }
-}
-
-resource "google_service_account" "bqowner" {
-  account_id = "bqowner"
-}
+ resource "google_bigquery_dataset" "good_example" {
+   dataset_id                  = "example_dataset"
+   friendly_name               = "test"
+   description                 = "This is a test description"
+   location                    = "EU"
+   default_table_expiration_ms = 3600000
+ 
+   labels = {
+     env = "default"
+   }
+ 
+   access {
+     role          = "OWNER"
+     user_by_email = google_service_account.bqowner.email
+   }
+ 
+   access {
+     role   = "READER"
+     domain = "hashicorp.com"
+   }
+ }
+ 
+ resource "google_service_account" "bqowner" {
+   account_id = "bqowner"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_dataset#special_group
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0027/Terraform.md b/avd_docs/google/compute/AVD-GCP-0027/Terraform.md
index 0e80208a3..39a4ceea2 100644
--- a/avd_docs/google/compute/AVD-GCP-0027/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0027/Terraform.md
@@ -4,10 +4,11 @@ Set a more restrictive cidr range
 ```hcl
 resource "google_compute_firewall" "good_example" {
   source_ranges = ["1.2.3.4/32"]
+  allow {
+    protocol = "icmp"
+  }
 }
 ```
-
-Alternatively, specify source and target tags will negate the CIDR requirement
 ```hcl
 resource "google_compute_firewall" "allow-vms-to-some-machine" {
   name      = "allow-vms-to-some-machine"
@@ -21,9 +22,25 @@ resource "google_compute_firewall" "allow-vms-to-some-machine" {
   source_tags = ["vms"]
   target_tags = ["some-machine"]
 }
+```
+```hcl
+resource "google_compute_firewall" "test" {
+  name    = "gmp-validating-webhook-fw"
+  network = google_compute_network.my_vpc_name.self_link
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8443"]
+  }
+
+  target_tags   = [ "k8s-node-pool" ]
+  source_ranges = [google_container_cluster.my_cluster_name.private_cluster_config[0].master_ipv4_cidr_block]
+}
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#source_ranges
+
  - https://www.terraform.io/docs/providers/google/r/compute_firewall.html
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0029/Terraform.md b/avd_docs/google/compute/AVD-GCP-0029/Terraform.md
index 58bc288e2..20b577402 100644
--- a/avd_docs/google/compute/AVD-GCP-0029/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0029/Terraform.md
@@ -21,8 +21,9 @@ resource "google_compute_network" "custom-test" {
   name                    = "test-network"
   auto_create_subnetworks = false
 }
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork#enable_flow_logs
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0030/Terraform.md b/avd_docs/google/compute/AVD-GCP-0030/Terraform.md
index f67e0cb76..515055666 100644
--- a/avd_docs/google/compute/AVD-GCP-0030/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0030/Terraform.md
@@ -2,51 +2,52 @@
 Disable project-wide SSH keys
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service_account_id"
-  display_name = "Service Account"
-}
-
-resource "google_compute_instance" "default" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  tags = ["foo", "bar"]
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  network_interface {
-    network = "default"
-    
-    access_config {
-      // Ephemeral IP
-    }
-  }
-  
-  metadata = {
-    block-project-ssh-keys = true
-  }
-  
-  metadata_startup_script = "echo hi > /test.txt"
-  
-  service_account {
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    email  = google_service_account.default.email
-    scopes = ["cloud-platform"]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service_account_id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_compute_instance" "default" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   network_interface {
+     network = "default"
+ 
+     access_config {
+       // Ephemeral IP
+     }
+   }
+ 
+   metadata = {
+     block-project-ssh-keys = true
+   }
+ 
+   metadata_startup_script = "echo hi > /test.txt"
+ 
+   service_account {
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     email  = google_service_account.default.email
+     scopes = ["cloud-platform"]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0031/Terraform.md b/avd_docs/google/compute/AVD-GCP-0031/Terraform.md
index 86220712e..c52aa99c1 100644
--- a/avd_docs/google/compute/AVD-GCP-0031/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0031/Terraform.md
@@ -2,30 +2,31 @@
 Remove public IP
 
 ```hcl
-resource "google_compute_instance" "good_example" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  tags = ["foo", "bar"]
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  network_interface {
-    network = "default"
-  }
-}
+ resource "google_compute_instance" "good_example" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   network_interface {
+     network = "default"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#access_config
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0032/Terraform.md b/avd_docs/google/compute/AVD-GCP-0032/Terraform.md
index 66b9c6a50..ff4b8588f 100644
--- a/avd_docs/google/compute/AVD-GCP-0032/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0032/Terraform.md
@@ -2,51 +2,52 @@
 Disable serial port access
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service_account_id"
-  display_name = "Service Account"
-}
-
-resource "google_compute_instance" "default" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  tags = ["foo", "bar"]
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  network_interface {
-    network = "default"
-    
-    access_config {
-      // Ephemeral IP
-    }
-  }
-  
-  metadata = {
-    serial-port-enable = false
-  }
-  
-  metadata_startup_script = "echo hi > /test.txt"
-  
-  service_account {
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    email  = google_service_account.default.email
-    scopes = ["cloud-platform"]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service_account_id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_compute_instance" "default" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   network_interface {
+     network = "default"
+ 
+     access_config {
+       // Ephemeral IP
+     }
+   }
+ 
+   metadata = {
+     serial-port-enable = false
+   }
+ 
+   metadata_startup_script = "echo hi > /test.txt"
+ 
+   service_account {
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     email  = google_service_account.default.email
+     scopes = ["cloud-platform"]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0033/Terraform.md b/avd_docs/google/compute/AVD-GCP-0033/Terraform.md
index 44add3f52..686fe629b 100644
--- a/avd_docs/google/compute/AVD-GCP-0033/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0033/Terraform.md
@@ -2,52 +2,53 @@
 Use managed keys 
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service_account_id"
-  display_name = "Service Account"
-}
-
-resource "google_compute_instance" "good_example" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  tags = ["foo", "bar"]
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-    kms_key_self_link = "something"
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  network_interface {
-    network = "default"
-    
-    access_config {
-      // Ephemeral IP
-    }
-  }
-  
-  metadata = {
-    foo = "bar"
-  }
-  
-  metadata_startup_script = "echo hi > /test.txt"
-  
-  service_account {
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    email  = google_service_account.default.email
-    scopes = ["cloud-platform"]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service_account_id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_compute_instance" "good_example" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+     kms_key_self_link = "something"
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   network_interface {
+     network = "default"
+ 
+     access_config {
+       // Ephemeral IP
+     }
+   }
+ 
+   metadata = {
+     foo = "bar"
+   }
+ 
+   metadata_startup_script = "echo hi > /test.txt"
+ 
+   service_account {
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     email  = google_service_account.default.email
+     scopes = ["cloud-platform"]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#kms_key_self_link
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0034/Terraform.md b/avd_docs/google/compute/AVD-GCP-0034/Terraform.md
index 33d496200..1b36b8d4f 100644
--- a/avd_docs/google/compute/AVD-GCP-0034/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0034/Terraform.md
@@ -2,21 +2,22 @@
 Use managed keys to encrypt disks.
 
 ```hcl
-resource "google_compute_disk" "good_example" {
-  name  = "test-disk"
-  type  = "pd-ssd"
-  zone  = "us-central1-a"
-  image = "debian-9-stretch-v20200805"
-  labels = {
-    environment = "dev"
-  }
-  physical_block_size_bytes = 4096
-  disk_encryption_key {
-    kms_key_self_link = "something"
-  }
-}
+ resource "google_compute_disk" "good_example" {
+   name  = "test-disk"
+   type  = "pd-ssd"
+   zone  = "us-central1-a"
+   image = "debian-9-stretch-v20200805"
+   labels = {
+     environment = "dev"
+   }
+   physical_block_size_bytes = 4096
+   disk_encryption_key {
+     kms_key_self_link = "something"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk#kms_key_self_link
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0035/Terraform.md b/avd_docs/google/compute/AVD-GCP-0035/Terraform.md
index 3d3c07a6c..60b166753 100644
--- a/avd_docs/google/compute/AVD-GCP-0035/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0035/Terraform.md
@@ -2,11 +2,15 @@
 Set a more restrictive cidr range
 
 ```hcl
-resource "google_compute_firewall" "good_example" {
+ resource "google_compute_firewall" "good_example" {
+  direction = "EGRESS"
+  allow {
+    protocol = "icmp"
+  }
   destination_ranges = ["1.2.3.4/32"]
 }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0036/Terraform.md b/avd_docs/google/compute/AVD-GCP-0036/Terraform.md
index 039546a09..2220b685b 100644
--- a/avd_docs/google/compute/AVD-GCP-0036/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0036/Terraform.md
@@ -2,27 +2,28 @@
 Enable OS Login at project level and remove instance-level overrides
 
 ```hcl
-resource "google_compute_instance" "default" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  metadata = {
-  }
-}
+ resource "google_compute_instance" "default" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   metadata = {
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0037/Terraform.md b/avd_docs/google/compute/AVD-GCP-0037/Terraform.md
index 4c70ccd99..28195e988 100644
--- a/avd_docs/google/compute/AVD-GCP-0037/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0037/Terraform.md
@@ -2,13 +2,14 @@
 Reference a managed key rather than include the key in raw format.
 
 ```hcl
-resource "google_compute_disk" "good_example" {
-  disk_encryption_key {
-    kms_key_self_link = google_kms_crypto_key.my_crypto_key.id
-  }
-}
+ resource "google_compute_disk" "good_example" {
+ 	disk_encryption_key {
+ 		kms_key_self_link = google_kms_crypto_key.my_crypto_key.id
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk#kms_key_self_link
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0039/Terraform.md b/avd_docs/google/compute/AVD-GCP-0039/Terraform.md
index b65cdc0a9..96546aaf9 100644
--- a/avd_docs/google/compute/AVD-GCP-0039/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0039/Terraform.md
@@ -2,13 +2,14 @@
 Enforce a minimum TLS version of 1.2
 
 ```hcl
-resource "google_compute_ssl_policy" "good_example" {
-  name    = "production-ssl-policy"
-  profile = "MODERN"
-  min_tls_version = "TLS_1_2"
-}
+ resource "google_compute_ssl_policy" "good_example" {
+   name    = "production-ssl-policy"
+   profile = "MODERN"
+   min_tls_version = "TLS_1_2"
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_ssl_policy#min_tls_version
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0041/Terraform.md b/avd_docs/google/compute/AVD-GCP-0041/Terraform.md
index 68709317f..29df19577 100644
--- a/avd_docs/google/compute/AVD-GCP-0041/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0041/Terraform.md
@@ -2,30 +2,31 @@
 Enable Shielded VM VTPM
 
 ```hcl
-resource "google_compute_instance" "bad_example" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  tags = ["foo", "bar"]
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  shielded_instance_config {
-    enable_vtpm = true
-  }
-}
+ resource "google_compute_instance" "bad_example" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   shielded_instance_config {
+     enable_vtpm = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#enable_vtpm
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0042/Terraform.md b/avd_docs/google/compute/AVD-GCP-0042/Terraform.md
index 2498c3482..9745c441c 100644
--- a/avd_docs/google/compute/AVD-GCP-0042/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0042/Terraform.md
@@ -2,13 +2,14 @@
 Enable OS Login at project level
 
 ```hcl
-resource "google_compute_project_metadata" "default" {
-  metadata = {
-    enable-oslogin = true
-  }
-}
+ resource "google_compute_project_metadata" "default" {
+   metadata = {
+     enable-oslogin = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_project_metadata#
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0043/Terraform.md b/avd_docs/google/compute/AVD-GCP-0043/Terraform.md
index e19711b55..45089339c 100644
--- a/avd_docs/google/compute/AVD-GCP-0043/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0043/Terraform.md
@@ -2,26 +2,27 @@
 Disable IP forwarding
 
 ```hcl
-resource "google_compute_instance" "bad_example" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  can_ip_forward = false
-}
+ resource "google_compute_instance" "bad_example" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+   
+   can_ip_forward = false
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#can_ip_forward
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0044/Terraform.md b/avd_docs/google/compute/AVD-GCP-0044/Terraform.md
index f26a4eccd..42e5a523e 100644
--- a/avd_docs/google/compute/AVD-GCP-0044/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0044/Terraform.md
@@ -2,51 +2,52 @@
 Remove use of default service account
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service_account_id"
-  display_name = "Service Account"
-}
-
-resource "google_compute_instance" "default" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  tags = ["foo", "bar"]
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  network_interface {
-    network = "default"
-    
-    access_config {
-      // Ephemeral IP
-    }
-  }
-  
-  metadata = {
-    foo = "bar"
-  }
-  
-  metadata_startup_script = "echo hi > /test.txt"
-  
-  service_account {
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    email  = google_service_account.default.email
-    scopes = ["cloud-platform"]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service_account_id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_compute_instance" "default" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   network_interface {
+     network = "default"
+ 
+     access_config {
+       // Ephemeral IP
+     }
+   }
+ 
+   metadata = {
+     foo = "bar"
+   }
+ 
+   metadata_startup_script = "echo hi > /test.txt"
+ 
+   service_account {
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     email  = google_service_account.default.email
+     scopes = ["cloud-platform"]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/compute/AVD-GCP-0045/Terraform.md b/avd_docs/google/compute/AVD-GCP-0045/Terraform.md
index 10bf76069..e9ee194b4 100644
--- a/avd_docs/google/compute/AVD-GCP-0045/Terraform.md
+++ b/avd_docs/google/compute/AVD-GCP-0045/Terraform.md
@@ -2,30 +2,31 @@
 Enable Shielded VM Integrity Monitoring
 
 ```hcl
-resource "google_compute_instance" "bad_example" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  
-  tags = ["foo", "bar"]
-  
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-9"
-    }
-  }
-  
-  // Local SSD disk
-  scratch_disk {
-    interface = "SCSI"
-  }
-  
-  shielded_instance_config {
-    enable_integrity_monitoring = true
-  }
-}
+ resource "google_compute_instance" "bad_example" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   shielded_instance_config {
+     enable_integrity_monitoring = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#enable_vtpm
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/dns/AVD-GCP-0012/Terraform.md b/avd_docs/google/dns/AVD-GCP-0012/Terraform.md
index a85a6bf95..171af985f 100644
--- a/avd_docs/google/dns/AVD-GCP-0012/Terraform.md
+++ b/avd_docs/google/dns/AVD-GCP-0012/Terraform.md
@@ -2,29 +2,30 @@
 Use RSA SHA512
 
 ```hcl
-resource "google_dns_managed_zone" "foo" {
-  name     = "foobar"
-  dns_name = "foo.bar."
-  
-  dnssec_config {
-    state         = "on"
-    non_existence = "nsec3"
-  }
-}
-
-data "google_dns_keys" "foo_dns_keys" {
-  managed_zone = google_dns_managed_zone.foo.id
-  zone_signing_keys {
-    algorithm = "rsasha512"
-  }
-}
-
-output "foo_dns_ds_record" {
-  description = "DS record of the foo subdomain."
-  value       = data.google_dns_keys.foo_dns_keys.key_signing_keys[0].ds_record
-}
+ resource "google_dns_managed_zone" "foo" {
+ 	name     = "foobar"
+ 	dns_name = "foo.bar."
+ 	
+ 	dnssec_config {
+ 		state         = "on"
+ 		non_existence = "nsec3"
+ 	}
+ }
+ 	
+ data "google_dns_keys" "foo_dns_keys" {
+ 	managed_zone = google_dns_managed_zone.foo.id
+ 	zone_signing_keys {
+ 		algorithm = "rsasha512"
+ 	}
+ }
+ 	
+ output "foo_dns_ds_record" {
+ 	description = "DS record of the foo subdomain."
+ 	value       = data.google_dns_keys.foo_dns_keys.key_signing_keys[0].ds_record
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone#algorithm
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/dns/AVD-GCP-0013/Terraform.md b/avd_docs/google/dns/AVD-GCP-0013/Terraform.md
index bde7834a5..89a78e401 100644
--- a/avd_docs/google/dns/AVD-GCP-0013/Terraform.md
+++ b/avd_docs/google/dns/AVD-GCP-0013/Terraform.md
@@ -2,23 +2,24 @@
 Enable DNSSEC
 
 ```hcl
-resource "google_dns_managed_zone" "good_example" {
-  name        = "example-zone"
-  dns_name    = "example-${random_id.rnd.hex}.com."
-  description = "Example DNS zone"
-  labels = {
-    foo = "bar"
-  }
-  dnssec_config {
-    state = "on"
-  }
-}
-
-resource "random_id" "rnd" {
-  byte_length = 4
-}
+ resource "google_dns_managed_zone" "good_example" {
+   name        = "example-zone"
+   dns_name    = "example-${random_id.rnd.hex}.com."
+   description = "Example DNS zone"
+   labels = {
+     foo = "bar"
+   }
+   dnssec_config {
+     state = "on"
+   }
+ }
+ 
+ resource "random_id" "rnd" {
+   byte_length = 4
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone#state
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0047/Terraform.md b/avd_docs/google/gke/AVD-GCP-0047/Terraform.md
index aa930e4ec..abac2710f 100644
--- a/avd_docs/google/gke/AVD-GCP-0047/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0047/Terraform.md
@@ -2,13 +2,13 @@
 Use security policies for pods to restrict permissions to those needed to be effective
 
 ```hcl
-resource "google_container_cluster" "good_example" {
-  pod_security_policy_config {
-    enabled = "true"
-  }
-}
+ resource "google_container_cluster" "good_example" {
+ 	pod_security_policy_config {
+         enabled = "true"
+ 	}
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#pod_security_policy_config
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0048/Terraform.md b/avd_docs/google/gke/AVD-GCP-0048/Terraform.md
index 9dc4b9c78..e2e7c1f2f 100644
--- a/avd_docs/google/gke/AVD-GCP-0048/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0048/Terraform.md
@@ -2,13 +2,15 @@
 Disable legacy metadata endpoints
 
 ```hcl
-resource "google_container_cluster" "good_example" {
-  metadata {
-    disable-legacy-endpoints = true
-  }
-}
+ resource "google_container_cluster" "good_example" {
+    node_config {
+      metadata = {
+        disable-legacy-endpoints = true
+      }
+    }
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#metadata
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0049/Terraform.md b/avd_docs/google/gke/AVD-GCP-0049/Terraform.md
index f6246199e..b2c0423fc 100644
--- a/avd_docs/google/gke/AVD-GCP-0049/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0049/Terraform.md
@@ -2,42 +2,43 @@
 Enable IP aliasing
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "good_example" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  ip_allocation_policy = {}
-}
-
-resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
-  location   = "us-central1"
-  cluster    = google_container_cluster.primary.name
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes    = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "good_example" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   ip_allocation_policy {}
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#ip_allocation_policy
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0050/Terraform.md b/avd_docs/google/gke/AVD-GCP-0050/Terraform.md
index 023566039..99c4a78af 100644
--- a/avd_docs/google/gke/AVD-GCP-0050/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0050/Terraform.md
@@ -2,13 +2,14 @@
 Use limited permissions for service accounts to be effective
 
 ```hcl
-resource "google_container_cluster" "good_example" {
-  node_config {
-    service_account = "cool-service-account@example.com"
-  }
-}
+ resource "google_container_cluster" "good_example" {
+ 	node_config {
+ 		service_account = "cool-service-account@example.com"
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#service_account
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0051/Terraform.md b/avd_docs/google/gke/AVD-GCP-0051/Terraform.md
index 4f1cda66a..80b8e635a 100644
--- a/avd_docs/google/gke/AVD-GCP-0051/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0051/Terraform.md
@@ -2,44 +2,45 @@
 Set cluster resource labels
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "good_example" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  resource_labels = {
-    "env" = "staging"
-  }
-}
-
-resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
-  location   = "us-central1"
-  cluster    = google_container_cluster.primary.name
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes    = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "good_example" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   resource_labels = {
+     "env" = "staging"
+   }
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#resource_labels
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0052/Terraform.md b/avd_docs/google/gke/AVD-GCP-0052/Terraform.md
index fce18770f..79773dd51 100644
--- a/avd_docs/google/gke/AVD-GCP-0052/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0052/Terraform.md
@@ -2,42 +2,43 @@
 Enable StackDriver monitoring
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "good_example" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  monitoring_service = "monitoring.googleapis.com/kubernetes"
-}
-
-resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
-  location   = "us-central1"
-  cluster    = google_container_cluster.primary.name
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes    = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "good_example" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   monitoring_service = "monitoring.googleapis.com/kubernetes"
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#monitoring_service
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0053/Terraform.md b/avd_docs/google/gke/AVD-GCP-0053/Terraform.md
index cebeb9f6c..de70a0210 100644
--- a/avd_docs/google/gke/AVD-GCP-0053/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0053/Terraform.md
@@ -2,47 +2,48 @@
 Use private nodes and master authorised networks to prevent exposure
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "primary" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  master_authorized_networks_config {
-    cidr_blocks {
-      cidr_block = "10.10.128.0/24"
-      display_name = "internal"
-    }
-  }
-}
-    
-    resource "google_container_node_pool" "primary_preemptible_nodes" {
-      name       = "my-node-pool"
-      location   = "us-central1"
-      cluster    = google_container_cluster.primary.name
-      node_count = 1
-      
-      node_config {
-        preemptible  = true
-        machine_type = "e2-medium"
-        
-        # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-        service_account = google_service_account.default.email
-        oauth_scopes    = [
-        "https://www.googleapis.com/auth/cloud-platform"
-        ]
-      }
-    }
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "primary" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   master_authorized_networks_config {
+     cidr_blocks {
+       cidr_block = "10.10.128.0/24"
+       display_name = "internal"
+     }
+   }
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#
-        
+
diff --git a/avd_docs/google/gke/AVD-GCP-0054/Terraform.md b/avd_docs/google/gke/AVD-GCP-0054/Terraform.md
index 469076df7..4cce7655c 100644
--- a/avd_docs/google/gke/AVD-GCP-0054/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0054/Terraform.md
@@ -2,41 +2,42 @@
 Use the COS image type
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "primary" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-}
-
-resource "google_container_node_pool" "good_example" {
-  name       = "my-node-pool"
-  cluster    = google_container_cluster.primary.id
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-    image_type = "COS"
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "primary" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+ }
+ 
+ resource "google_container_node_pool" "good_example" {
+   name       = "my-node-pool"
+   cluster    = google_container_cluster.primary.id
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+     image_type = "COS"
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool#image_type
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0055/Terraform.md b/avd_docs/google/gke/AVD-GCP-0055/Terraform.md
index 212b5b14c..b303a4277 100644
--- a/avd_docs/google/gke/AVD-GCP-0055/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0055/Terraform.md
@@ -2,11 +2,11 @@
 Enable node shielding
 
 ```hcl
-resource "google_container_cluster" "good_example" {
-  enable_shielded_nodes = "true"
-}
+ resource "google_container_cluster" "good_example" {
+ 	enable_shielded_nodes = "true"
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_shielded_nodes
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0056/Terraform.md b/avd_docs/google/gke/AVD-GCP-0056/Terraform.md
index 570dc3c0f..c17da33f8 100644
--- a/avd_docs/google/gke/AVD-GCP-0056/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0056/Terraform.md
@@ -2,44 +2,45 @@
 Enable network policy
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "good_example" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  network_policy {
-    enabled = true
-  }
-}
-
-resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
-  location   = "us-central1"
-  cluster    = google_container_cluster.primary.name
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes    = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "good_example" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   network_policy {
+     enabled = true
+   }
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enabled
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0057/Terraform.md b/avd_docs/google/gke/AVD-GCP-0057/Terraform.md
index bf9037c7e..99ac81b8f 100644
--- a/avd_docs/google/gke/AVD-GCP-0057/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0057/Terraform.md
@@ -2,15 +2,15 @@
 Set node metadata to SECURE or GKE_METADATA_SERVER
 
 ```hcl
-resource "google_container_node_pool" "good_example" {
-  node_config {
-    workload_metadata_config {
-      node_metadata = "SECURE"
-    }
-  }
-}
+ resource "google_container_node_pool" "good_example" {
+ 	node_config {
+ 		workload_metadata_config {
+ 			node_metadata = "SECURE"
+ 		}
+ 	}
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#node_metadata
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0058/Terraform.md b/avd_docs/google/gke/AVD-GCP-0058/Terraform.md
index 6d5f0bee7..fc8b53304 100644
--- a/avd_docs/google/gke/AVD-GCP-0058/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0058/Terraform.md
@@ -2,43 +2,44 @@
 Enable automatic upgrades
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "primary" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-}
-
-resource "google_container_node_pool" "good_example" {
-  name       = "my-node-pool"
-  cluster    = google_container_cluster.primary.id
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-  management {
-    auto_upgrade = true
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "primary" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+ }
+ 
+ resource "google_container_node_pool" "good_example" {
+   name       = "my-node-pool"
+   cluster    = google_container_cluster.primary.id
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+   management {
+     auto_upgrade = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool#auto_upgrade
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0059/Terraform.md b/avd_docs/google/gke/AVD-GCP-0059/Terraform.md
index 209c759de..5d3b8aff8 100644
--- a/avd_docs/google/gke/AVD-GCP-0059/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0059/Terraform.md
@@ -2,44 +2,45 @@
 Enable private cluster
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "good_example" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  private_cluster_config {
-    enable_private_nodes = true
-  }
-}
-
-resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
-  location   = "us-central1"
-  cluster    = google_container_cluster.primary.name
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes    = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "good_example" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   private_cluster_config {
+     enable_private_nodes = true
+   }
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_private_nodes
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0060/Terraform.md b/avd_docs/google/gke/AVD-GCP-0060/Terraform.md
index c0b471e5e..b1a3e99a9 100644
--- a/avd_docs/google/gke/AVD-GCP-0060/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0060/Terraform.md
@@ -2,42 +2,43 @@
 Enable StackDriver logging
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "good_example" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  logging_service = "logging.googleapis.com/kubernetes"
-}
-
-resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
-  location   = "us-central1"
-  cluster    = google_container_cluster.primary.name
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes    = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "good_example" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   logging_service = "logging.googleapis.com/kubernetes"
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#logging_service
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0061/Terraform.md b/avd_docs/google/gke/AVD-GCP-0061/Terraform.md
index 138484ed7..d331a45bc 100644
--- a/avd_docs/google/gke/AVD-GCP-0061/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0061/Terraform.md
@@ -2,47 +2,48 @@
 Enable master authorized networks
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "primary" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-  master_authorized_networks_config {
-    cidr_blocks {
-      cidr_block = "10.10.128.0/24"
-      display_name = "internal"
-    }
-  }
-}
-    
-    resource "google_container_node_pool" "primary_preemptible_nodes" {
-      name       = "my-node-pool"
-      location   = "us-central1"
-      cluster    = google_container_cluster.primary.name
-      node_count = 1
-      
-      node_config {
-        preemptible  = true
-        machine_type = "e2-medium"
-        
-        # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-        service_account = google_service_account.default.email
-        oauth_scopes    = [
-        "https://www.googleapis.com/auth/cloud-platform"
-        ]
-      }
-    }
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "primary" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+   master_authorized_networks_config {
+     cidr_blocks {
+       cidr_block = "10.10.128.0/24"
+       display_name = "internal"
+     }
+   }
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#
-        
+
diff --git a/avd_docs/google/gke/AVD-GCP-0062/Terraform.md b/avd_docs/google/gke/AVD-GCP-0062/Terraform.md
index 41998671a..9fe7d44db 100644
--- a/avd_docs/google/gke/AVD-GCP-0062/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0062/Terraform.md
@@ -2,13 +2,14 @@
 Switch to using RBAC permissions
 
 ```hcl
-resource "google_container_cluster" "good_example" {
-  # ...
-  # enable_legacy_abac not set
-  # ...
-}
+ resource "google_container_cluster" "good_example" {
+ 	# ...
+ 	# enable_legacy_abac not set
+ 	# ...
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_legacy_abac
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0063/Terraform.md b/avd_docs/google/gke/AVD-GCP-0063/Terraform.md
index 16b32bb70..997cc57e7 100644
--- a/avd_docs/google/gke/AVD-GCP-0063/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0063/Terraform.md
@@ -2,43 +2,44 @@
 Enable automatic repair
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "primary" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-}
-
-resource "google_container_node_pool" "good_example" {
-  name       = "my-node-pool"
-  cluster    = google_container_cluster.primary.id
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-  management {
-    auto_repair = true
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "primary" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+ }
+ 
+ resource "google_container_node_pool" "good_example" {
+   name       = "my-node-pool"
+   cluster    = google_container_cluster.primary.id
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+   management {
+     auto_repair = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool#auto_repair
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/gke/AVD-GCP-0064/Terraform.md b/avd_docs/google/gke/AVD-GCP-0064/Terraform.md
index d153e8203..ccf52e779 100644
--- a/avd_docs/google/gke/AVD-GCP-0064/Terraform.md
+++ b/avd_docs/google/gke/AVD-GCP-0064/Terraform.md
@@ -2,41 +2,42 @@
 Use service account or OAuth for authentication
 
 ```hcl
-resource "google_service_account" "default" {
-  account_id   = "service-account-id"
-  display_name = "Service Account"
-}
-
-resource "google_container_cluster" "good_example" {
-  name     = "my-gke-cluster"
-  location = "us-central1"
-  
-  # We can't create a cluster with no node pool defined, but we want to only use
-  # separately managed node pools. So we create the smallest possible default
-  # node pool and immediately delete it.
-  remove_default_node_pool = true
-  initial_node_count       = 1
-}
-
-resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
-  location   = "us-central1"
-  cluster    = google_container_cluster.primary.name
-  node_count = 1
-  
-  node_config {
-    preemptible  = true
-    machine_type = "e2-medium"
-    
-    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
-    service_account = google_service_account.default.email
-    oauth_scopes    = [
-    "https://www.googleapis.com/auth/cloud-platform"
-    ]
-  }
-}
+ resource "google_service_account" "default" {
+   account_id   = "service-account-id"
+   display_name = "Service Account"
+ }
+ 
+ resource "google_container_cluster" "good_example" {
+   name     = "my-gke-cluster"
+   location = "us-central1"
+ 
+   # We can't create a cluster with no node pool defined, but we want to only use
+   # separately managed node pools. So we create the smallest possible default
+   # node pool and immediately delete it.
+   remove_default_node_pool = true
+   initial_node_count       = 1
+ }
+ 
+ resource "google_container_node_pool" "primary_preemptible_nodes" {
+   name       = "my-node-pool"
+   location   = "us-central1"
+   cluster    = google_container_cluster.primary.name
+   node_count = 1
+ 
+   node_config {
+     preemptible  = true
+     machine_type = "e2-medium"
+ 
+     # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+     service_account = google_service_account.default.email
+     oauth_scopes    = [
+       "https://www.googleapis.com/auth/cloud-platform"
+     ]
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#master_auth
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/iam/AVD-GCP-0003/Terraform.md b/avd_docs/google/iam/AVD-GCP-0003/Terraform.md
new file mode 100644
index 000000000..29c76f2e2
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0003/Terraform.md
@@ -0,0 +1,18 @@
+
+Roles should be granted permissions and assigned to users
+
+```hcl
+ resource "google_project_iam_binding" "good_example" {
+ 	members = [
+ 		"group:test@example.com",
+ 		]
+ }
+ 
+ resource "google_storage_bucket_iam_member" "good_example" {
+ 	member = "serviceAccount:test@example.com"
+ }
+```
+
+#### Remediation Links
+ - https://www.terraform.io/docs/providers/google/d/iam_policy.html#members
+
diff --git a/avd_docs/google/iam/AVD-GCP-0004/Terraform.md b/avd_docs/google/iam/AVD-GCP-0004/Terraform.md
new file mode 100644
index 000000000..6992cec7f
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0004/Terraform.md
@@ -0,0 +1,22 @@
+
+Use specialised service accounts for specific purposes.
+
+```hcl
+ resource "google_service_account" "test" {
+ 	account_id   = "account123"
+ 	display_name = "account123"
+ }
+ 			  
+ resource "google_folder_iam_member" "folder-123" {
+ 	folder = "folder-123"
+ 	role    = "roles/whatever"
+ 	member  = "serviceAccount:${google_service_account.test.email}"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_folder_iam
+
+ - 
+
diff --git a/avd_docs/google/iam/AVD-GCP-0005/Terraform.md b/avd_docs/google/iam/AVD-GCP-0005/Terraform.md
new file mode 100644
index 000000000..8d3a30222
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0005/Terraform.md
@@ -0,0 +1,14 @@
+
+Provide access at the service-level instead of folder-level, if required
+
+```hcl
+ resource "google_folder_iam_binding" "folder-123" {
+ 	folder = "folder-123"
+ 	role    = "roles/nothingInParticular"
+ }
+ 			
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_folder_iam
+
diff --git a/avd_docs/google/iam/AVD-GCP-0006/Terraform.md b/avd_docs/google/iam/AVD-GCP-0006/Terraform.md
new file mode 100644
index 000000000..1de6f0e76
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0006/Terraform.md
@@ -0,0 +1,22 @@
+
+Use specialised service accounts for specific purposes.
+
+```hcl
+ resource "google_service_account" "test" {
+ 	account_id   = "account123"
+ 	display_name = "account123"
+ }
+ 			  
+ resource "google_project_iam_member" "project-123" {
+ 	project = "project-123"
+ 	role    = "roles/whatever"
+ 	member  = "serviceAccount:${google_service_account.test.email}"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam
+
+ - 
+
diff --git a/avd_docs/google/iam/AVD-GCP-0007/Terraform.md b/avd_docs/google/iam/AVD-GCP-0007/Terraform.md
new file mode 100644
index 000000000..7322e4d9b
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0007/Terraform.md
@@ -0,0 +1,21 @@
+
+Limit service account access to minimal required set
+
+```hcl
+ resource "google_service_account" "test" {
+ 	account_id   = "account123"
+ 	display_name = "account123"
+    email        = "jim@tfsec.dev"
+ }
+ 
+ resource "google_project_iam_member" "project" {
+ 	project = "your-project-id"
+ 	role    = "roles/logging.logWriter"
+ 	member  = "serviceAccount:${google_service_account.test.email}"
+ }
+ 			
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam
+
diff --git a/avd_docs/google/iam/AVD-GCP-0008/Terraform.md b/avd_docs/google/iam/AVD-GCP-0008/Terraform.md
new file mode 100644
index 000000000..733b20e67
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0008/Terraform.md
@@ -0,0 +1,22 @@
+
+Use specialised service accounts for specific purposes.
+
+```hcl
+ resource "google_service_account" "test" {
+ 	account_id   = "account123"
+ 	display_name = "account123"
+ }
+ 			  
+ resource "google_organization_iam_member" "org-123" {
+ 	org_id = "org-123"
+ 	role    = "roles/whatever"
+ 	member  = "serviceAccount:${google_service_account.test.email}"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_organization_iam
+
+ - 
+
diff --git a/avd_docs/google/iam/AVD-GCP-0009/Terraform.md b/avd_docs/google/iam/AVD-GCP-0009/Terraform.md
new file mode 100644
index 000000000..367d3eb14
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0009/Terraform.md
@@ -0,0 +1,14 @@
+
+Provide access at the service-level instead of organization-level, if required
+
+```hcl
+ resource "google_organization_iam_binding" "organization-123" {
+ 	org_id  = "org-123"
+ 	role    = "roles/nothingInParticular"
+ }
+ 			
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_organization_iam
+
diff --git a/avd_docs/google/iam/AVD-GCP-0010/Terraform.md b/avd_docs/google/iam/AVD-GCP-0010/Terraform.md
new file mode 100644
index 000000000..8eeacd724
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0010/Terraform.md
@@ -0,0 +1,16 @@
+
+Disable automatic default network creation
+
+```hcl
+ resource "google_project" "good_example" {
+   name       = "My Project"
+   project_id = "your-project-id"
+   org_id     = "1234567"
+   auto_create_network = false
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project#auto_create_network
+
diff --git a/avd_docs/google/iam/AVD-GCP-0011/Terraform.md b/avd_docs/google/iam/AVD-GCP-0011/Terraform.md
new file mode 100644
index 000000000..b3fe7b29f
--- /dev/null
+++ b/avd_docs/google/iam/AVD-GCP-0011/Terraform.md
@@ -0,0 +1,14 @@
+
+Provide access at the service-level instead of project-level, if required
+
+```hcl
+ resource "google_project_iam_binding" "project-123" {
+ 	project = "project-123"
+ 	role    = "roles/nothingInParticular"
+ }
+ 			
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam
+
diff --git a/avd_docs/google/kms/AVD-GCP-0065/Terraform.md b/avd_docs/google/kms/AVD-GCP-0065/Terraform.md
index 4054653eb..9fb0a7770 100644
--- a/avd_docs/google/kms/AVD-GCP-0065/Terraform.md
+++ b/avd_docs/google/kms/AVD-GCP-0065/Terraform.md
@@ -2,22 +2,23 @@
 Set key rotation period to 90 days
 
 ```hcl
-resource "google_kms_key_ring" "keyring" {
-  name     = "keyring-example"
-  location = "global"
-}
-
-resource "google_kms_crypto_key" "example-key" {
-  name            = "crypto-key-example"
-  key_ring        = google_kms_key_ring.keyring.id
-  rotation_period = "7776000s"
-  
-  lifecycle {
-    prevent_destroy = true
-  }
-}
+ resource "google_kms_key_ring" "keyring" {
+   name     = "keyring-example"
+   location = "global"
+ }
+ 
+ resource "google_kms_crypto_key" "example-key" {
+   name            = "crypto-key-example"
+   key_ring        = google_kms_key_ring.keyring.id
+   rotation_period = "7776000s"
+ 
+   lifecycle {
+     prevent_destroy = true
+   }
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key#rotation_period
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0014/Terraform.md b/avd_docs/google/sql/AVD-GCP-0014/Terraform.md
index f366b5742..b0c055164 100644
--- a/avd_docs/google/sql/AVD-GCP-0014/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0014/Terraform.md
@@ -2,19 +2,20 @@
 Enable temporary file logging for all files
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "log_temp_files"
-      value = "0"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 	    database_flags {
+ 		    name  = "log_temp_files"
+ 		    value = "0"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0015/Terraform.md b/avd_docs/google/sql/AVD-GCP-0015/Terraform.md
index f8cb0e8f0..74819cc4b 100644
--- a/avd_docs/google/sql/AVD-GCP-0015/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0015/Terraform.md
@@ -2,25 +2,26 @@
 Enforce SSL for all connections
 
 ```hcl
-resource "google_sql_database_instance" "postgres" {
-  name             = "postgres-instance-a"
-  database_version = "POSTGRES_11"
-  
-  settings {
-    tier = "db-f1-micro"
-    
-    ip_configuration {
-      ipv4_enabled = false
-      authorized_networks {
-        value           = "108.12.12.0/24"
-        name            = "internal"
-      }
-      require_ssl = true
-    }
-  }
-}
+ resource "google_sql_database_instance" "postgres" {
+ 	name             = "postgres-instance-a"
+ 	database_version = "POSTGRES_11"
+ 	
+ 	settings {
+ 		tier = "db-f1-micro"
+ 	
+ 		ip_configuration {
+ 			ipv4_enabled = false
+ 			authorized_networks {
+ 				value           = "108.12.12.0/24"
+ 				name            = "internal"
+ 			}
+ 			require_ssl = true
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0016/Terraform.md b/avd_docs/google/sql/AVD-GCP-0016/Terraform.md
index 50c9f5a07..43352d2b5 100644
--- a/avd_docs/google/sql/AVD-GCP-0016/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0016/Terraform.md
@@ -2,19 +2,20 @@
 Enable connection logging.
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "log_connections"
-      value = "on"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 		database_flags {
+ 			name  = "log_connections"
+ 			value = "on"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0017/Terraform.md b/avd_docs/google/sql/AVD-GCP-0017/Terraform.md
index 02dcf6392..d798390b2 100644
--- a/avd_docs/google/sql/AVD-GCP-0017/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0017/Terraform.md
@@ -2,24 +2,25 @@
 Remove public access from database instances
 
 ```hcl
-resource "google_sql_database_instance" "postgres" {
-  name             = "postgres-instance-a"
-  database_version = "POSTGRES_11"
-  
-  settings {
-    tier = "db-f1-micro"
-    
-    ip_configuration {
-      ipv4_enabled = false
-      authorized_networks {
-        value           = "108.12.12.0/24"
-        name            = "internal"
-      }
-    }
-  }
-}
+ resource "google_sql_database_instance" "postgres" {
+ 	name             = "postgres-instance-a"
+ 	database_version = "POSTGRES_11"
+ 	
+ 	settings {
+ 		tier = "db-f1-micro"
+ 	
+ 		ip_configuration {
+ 			ipv4_enabled = false
+ 			authorized_networks {
+ 				value           = "10.0.0.1/24"
+ 				name            = "internal"
+ 			}
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0018/Terraform.md b/avd_docs/google/sql/AVD-GCP-0018/Terraform.md
index 04e8e1714..27f5f871f 100644
--- a/avd_docs/google/sql/AVD-GCP-0018/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0018/Terraform.md
@@ -2,19 +2,20 @@
 Set the minimum log severity to at least ERROR
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "log_min_messages"
-      value = "WARNING"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 		database_flags {
+ 			name  = "log_min_messages"
+ 			value = "WARNING"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0019/Terraform.md b/avd_docs/google/sql/AVD-GCP-0019/Terraform.md
index c56c91515..d04338a9b 100644
--- a/avd_docs/google/sql/AVD-GCP-0019/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0019/Terraform.md
@@ -2,19 +2,20 @@
 Disable cross database ownership chaining
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "SQLSERVER_2017_STANDARD"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "cross db ownership chaining"
-      value = "off"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "SQLSERVER_2017_STANDARD"
+ 	region           = "us-central1"
+ 	settings {
+ 	    database_flags {
+ 		    name  = "cross db ownership chaining"
+ 		    value = "off"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0020/Terraform.md b/avd_docs/google/sql/AVD-GCP-0020/Terraform.md
index 39bc587c2..d50a8eeae 100644
--- a/avd_docs/google/sql/AVD-GCP-0020/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0020/Terraform.md
@@ -2,19 +2,20 @@
 Enable lock wait logging.
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "log_lock_waits"
-      value = "on"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 		database_flags {
+ 			name  = "log_lock_waits"
+ 			value = "on"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0021/Terraform.md b/avd_docs/google/sql/AVD-GCP-0021/Terraform.md
index 562ab6343..99dae56a7 100644
--- a/avd_docs/google/sql/AVD-GCP-0021/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0021/Terraform.md
@@ -2,19 +2,20 @@
 Disable minimum duration statement logging completely
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "log_min_duration_statement"
-      value = "-1"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 		database_flags {
+ 			name  = "log_min_duration_statement"
+ 			value = "-1"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0022/Terraform.md b/avd_docs/google/sql/AVD-GCP-0022/Terraform.md
index 6b127a051..d10cd5238 100644
--- a/avd_docs/google/sql/AVD-GCP-0022/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0022/Terraform.md
@@ -2,19 +2,20 @@
 Enable disconnection logging.
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "log_disconnections"
-      value = "on"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 		database_flags {
+ 			name  = "log_disconnections"
+ 			value = "on"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0023/Terraform.md b/avd_docs/google/sql/AVD-GCP-0023/Terraform.md
index 99ff3093f..c8c3593b2 100644
--- a/avd_docs/google/sql/AVD-GCP-0023/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0023/Terraform.md
@@ -2,19 +2,20 @@
 Disable contained database authentication
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "SQLSERVER_2017_STANDARD"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "contained database authentication"
-      value = "off"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "SQLSERVER_2017_STANDARD"
+ 	region           = "us-central1"
+ 	settings {
+ 	    database_flags {
+ 		    name  = "contained database authentication"
+ 		    value = "off"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0024/Terraform.md b/avd_docs/google/sql/AVD-GCP-0024/Terraform.md
index feb226335..920ab13a3 100644
--- a/avd_docs/google/sql/AVD-GCP-0024/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0024/Terraform.md
@@ -2,18 +2,35 @@
 Enable automated backups
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    backup_configuration {
-      enabled = true
-    }
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 		backup_configuration {
+ 			enabled = true
+ 		}
+ 	}
+ }
+ 			
+```
+```hcl
+resource "google_sql_database_instance" "new_instance_sql_replica" {
+  name                 = "replica"
+  region               = "europe-west3"
+  database_version     = "POSTGRES_14"
+  master_instance_name = google_sql_database_instance.instance[0].name
+  deletion_protection  = terraform.workspace == "prod" ? true : false
+
+  replica_configuration {
+    connect_retry_interval  = 0
+    failover_target         = false
+    master_heartbeat_period = 0
   }
 }
+
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance#settings.backup_configuration.enabled=true
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0025/Terraform.md b/avd_docs/google/sql/AVD-GCP-0025/Terraform.md
index 31bdc4dc5..b7392c99b 100644
--- a/avd_docs/google/sql/AVD-GCP-0025/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0025/Terraform.md
@@ -2,19 +2,20 @@
 Enable checkpoints logging.
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "POSTGRES_12"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "log_checkpoints"
-      value = "on"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "POSTGRES_12"
+ 	region           = "us-central1"
+ 	settings {
+ 		database_flags {
+ 			name  = "log_checkpoints"
+ 			value = "on"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/sql/AVD-GCP-0026/Terraform.md b/avd_docs/google/sql/AVD-GCP-0026/Terraform.md
index 7a8ffbb8a..7cf38a2ae 100644
--- a/avd_docs/google/sql/AVD-GCP-0026/Terraform.md
+++ b/avd_docs/google/sql/AVD-GCP-0026/Terraform.md
@@ -2,20 +2,22 @@
 Disable the local infile setting
 
 ```hcl
-resource "google_sql_database_instance" "db" {
-  name             = "db"
-  database_version = "MYSQL_5_6"
-  region           = "us-central1"
-  settings {
-    database_flags {
-      name  = "local_infile"
-      value = "off"
-    }
-  }
-}
+ resource "google_sql_database_instance" "db" {
+ 	name             = "db"
+ 	database_version = "MYSQL_5_6"
+ 	region           = "us-central1"
+ 	settings {
+ 		database_flags {
+ 			name  = "local_infile"
+ 			value = "off"
+ 		}
+ 	}
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
+
  - https://dev.mysql.com/doc/refman/8.0/en/load-data-local-security.html
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/storage/AVD-GCP-0001/Terraform.md b/avd_docs/google/storage/AVD-GCP-0001/Terraform.md
index 928c641bc..2e6ec1e63 100644
--- a/avd_docs/google/storage/AVD-GCP-0001/Terraform.md
+++ b/avd_docs/google/storage/AVD-GCP-0001/Terraform.md
@@ -2,15 +2,16 @@
 Restrict public access to the bucket.
 
 ```hcl
-resource "google_storage_bucket_iam_binding" "binding" {
-  bucket = google_storage_bucket.default.name
-  role = "roles/storage.admin"
-  members = [
-  "user:jane@example.com",
-  ]
-}
+ resource "google_storage_bucket_iam_binding" "binding" {
+ 	bucket = google_storage_bucket.default.name
+ 	role = "roles/storage.admin"
+ 	members = [
+ 		"user:jane@example.com",
+ 	]
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam#member/members
-        
\ No newline at end of file
+
diff --git a/avd_docs/google/storage/AVD-GCP-0002/Terraform.md b/avd_docs/google/storage/AVD-GCP-0002/Terraform.md
index 2ce48afcd..7e590ca8d 100644
--- a/avd_docs/google/storage/AVD-GCP-0002/Terraform.md
+++ b/avd_docs/google/storage/AVD-GCP-0002/Terraform.md
@@ -2,26 +2,27 @@
 Enable uniform bucket level access to provide a uniform permissioning system.
 
 ```hcl
-resource "google_storage_bucket" "static-site" {
-  name          = "image-store.com"
-  location      = "EU"
-  force_destroy = true
-  
-  uniform_bucket_level_access = true
-  
-  website {
-    main_page_suffix = "index.html"
-    not_found_page   = "404.html"
-  }
-  cors {
-    origin          = ["http://image-store.com"]
-    method          = ["GET", "HEAD", "PUT", "POST", "DELETE"]
-    response_header = ["*"]
-    max_age_seconds = 3600
-  }
-}
+ resource "google_storage_bucket" "static-site" {
+ 	name          = "image-store.com"
+ 	location      = "EU"
+ 	force_destroy = true
+ 	
+ 	uniform_bucket_level_access = true
+ 	
+ 	website {
+ 		main_page_suffix = "index.html"
+ 		not_found_page   = "404.html"
+ 	}
+ 	cors {
+ 		origin          = ["http://image-store.com"]
+ 		method          = ["GET", "HEAD", "PUT", "POST", "DELETE"]
+ 		response_header = ["*"]
+ 		max_age_seconds = 3600
+ 	}
+ }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#uniform_bucket_level_access
-        
\ No newline at end of file
+
diff --git a/avd_docs/kubernetes/network/AVD-KUBE-0001/Terraform.md b/avd_docs/kubernetes/network/AVD-KUBE-0001/Terraform.md
new file mode 100644
index 000000000..475ca5aaa
--- /dev/null
+++ b/avd_docs/kubernetes/network/AVD-KUBE-0001/Terraform.md
@@ -0,0 +1,70 @@
+
+Remove public access except where explicitly required
+
+```hcl
+ resource "kubernetes_network_policy" "good_example" {
+   metadata {
+     name      = "terraform-example-network-policy"
+     namespace = "default"
+   }
+ 
+   spec {
+     pod_selector {
+       match_expressions {
+         key      = "name"
+         operator = "In"
+         values   = ["webfront", "api"]
+       }
+     }
+ 
+     ingress {
+       ports {
+         port     = "http"
+         protocol = "TCP"
+       }
+       ports {
+         port     = "8125"
+         protocol = "UDP"
+       }
+ 
+       from {
+         ip_block {
+           cidr = "10.0.0.0/16"
+           except = [
+             "10.0.0.0/24",
+             "10.0.1.0/24",
+           ]
+         }
+       }
+     }
+ 
+     egress {
+       ports {
+         port     = "http"
+         protocol = "TCP"
+       }
+       ports {
+         port     = "8125"
+         protocol = "UDP"
+       }
+ 
+       to {
+         ip_block {
+           cidr = "0.0.0.0/0"
+           except = [
+             "10.0.0.0/24",
+             "10.0.1.0/24",
+           ]
+         }
+       }
+     }
+ 
+     policy_types = ["Ingress", "Egress"]
+   }
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy#spec.ingress.from.ip_block.cidr
+
diff --git a/avd_docs/kubernetes/network/AVD-KUBE-0002/Terraform.md b/avd_docs/kubernetes/network/AVD-KUBE-0002/Terraform.md
new file mode 100644
index 000000000..5d4db9e6f
--- /dev/null
+++ b/avd_docs/kubernetes/network/AVD-KUBE-0002/Terraform.md
@@ -0,0 +1,70 @@
+
+Remove public access except where explicitly required
+
+```hcl
+ resource "kubernetes_network_policy" "good_example" {
+   metadata {
+     name      = "terraform-example-network-policy"
+     namespace = "default"
+   }
+ 
+   spec {
+     pod_selector {
+       match_expressions {
+         key      = "name"
+         operator = "In"
+         values   = ["webfront", "api"]
+       }
+     }
+ 
+     egress {
+       ports {
+         port     = "http"
+         protocol = "TCP"
+       }
+       ports {
+         port     = "8125"
+         protocol = "UDP"
+       }
+ 
+       to {
+         ip_block {
+           cidr = "10.0.0.0/16"
+           except = [
+             "10.0.0.0/24",
+             "10.0.1.0/24",
+           ]
+         }
+       }
+     }
+ 
+     ingress {
+       ports {
+         port     = "http"
+         protocol = "TCP"
+       }
+       ports {
+         port     = "8125"
+         protocol = "UDP"
+       }
+ 
+       from {
+         ip_block {
+           cidr = "10.0.0.0/16"
+           except = [
+             "10.0.0.0/24",
+             "10.0.1.0/24",
+           ]
+         }
+       }
+     }
+ 
+     policy_types = ["Ingress", "Egress"]
+   }
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy#spec.ingress.from.ip_block.cidr
+
diff --git a/avd_docs/openstack/compute/AVD-OPNSTK-0001/Terraform.md b/avd_docs/openstack/compute/AVD-OPNSTK-0001/Terraform.md
index f410e78b8..b0b1a6438 100644
--- a/avd_docs/openstack/compute/AVD-OPNSTK-0001/Terraform.md
+++ b/avd_docs/openstack/compute/AVD-OPNSTK-0001/Terraform.md
@@ -2,20 +2,20 @@
 Do not use plaintext passwords in terraform files
 
 ```hcl
-resource "openstack_compute_instance_v2" "good_example" {
-  name            = "basic"
-  image_id        = "ad091b52-742f-469e-8f3c-fd81cadf0743"
-  flavor_id       = "3"
-  key_pair        = "my_key_pair_name"
-  security_groups = ["default"]
-  user_data       = "#cloud-config\nhostname: instance_1.example.com\nfqdn: instance_1.example.com"
-  
-  network {
-    name = "my_network"
-  }
-}
+ resource "openstack_compute_instance_v2" "good_example" {
+   name            = "basic"
+   image_id        = "ad091b52-742f-469e-8f3c-fd81cadf0743"
+   flavor_id       = "3"
+   key_pair        = "my_key_pair_name"
+   security_groups = ["default"]
+   user_data       = "#cloud-config\nhostname: instance_1.example.com\nfqdn: instance_1.example.com"
+ 
+   network {
+     name = "my_network"
+   }
+ }
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/compute_instance_v2#admin_pass
-        
\ No newline at end of file
+
diff --git a/avd_docs/openstack/compute/AVD-OPNSTK-0002/Terraform.md b/avd_docs/openstack/compute/AVD-OPNSTK-0002/Terraform.md
index a4402310e..a5904f3a0 100644
--- a/avd_docs/openstack/compute/AVD-OPNSTK-0002/Terraform.md
+++ b/avd_docs/openstack/compute/AVD-OPNSTK-0002/Terraform.md
@@ -2,18 +2,19 @@
 Employ more restrictive firewall rules
 
 ```hcl
-resource "openstack_fw_rule_v1" "rule_1" {
-  name                   = "my_rule"
-  description            = "don't let just anyone in"
-  action                 = "allow"
-  protocol               = "tcp"
-  destination_ip_address = "10.10.10.1"
-  source_ip_address      = "10.10.10.2"
-  destination_port       = "22"
-  enabled                = "true"
-}
+ resource "openstack_fw_rule_v1" "rule_1" {
+ 	name                   = "my_rule"
+ 	description            = "don't let just anyone in"
+ 	action                 = "allow"
+ 	protocol               = "tcp"
+ 	destination_ip_address = "10.10.10.1"
+ 	source_ip_address      = "10.10.10.2"
+ 	destination_port       = "22"
+ 	enabled                = "true"
+ }
+ 			
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/fw_rule_v1
-        
\ No newline at end of file
+
diff --git a/avd_docs/openstack/networking/AVD-OPNSTK-0003/Terraform.md b/avd_docs/openstack/networking/AVD-OPNSTK-0003/Terraform.md
new file mode 100644
index 000000000..387a6eded
--- /dev/null
+++ b/avd_docs/openstack/networking/AVD-OPNSTK-0003/Terraform.md
@@ -0,0 +1,18 @@
+
+Employ more restrictive security group rules
+
+```hcl
+ resource "openstack_networking_secgroup_rule_v2" "rule_1" {
+	direction         = "ingress"
+	ethertype         = "IPv4"
+	protocol          = "tcp"
+	port_range_min    = 22
+	port_range_max    = 22
+	remote_ip_prefix  = "1.2.3.4/32"
+ }
+ 			
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/fw_rule_v1
+
diff --git a/avd_docs/openstack/networking/AVD-OPNSTK-0004/Terraform.md b/avd_docs/openstack/networking/AVD-OPNSTK-0004/Terraform.md
new file mode 100644
index 000000000..3bd7dd621
--- /dev/null
+++ b/avd_docs/openstack/networking/AVD-OPNSTK-0004/Terraform.md
@@ -0,0 +1,18 @@
+
+Employ more restrictive security group rules
+
+```hcl
+resource "openstack_networking_secgroup_rule_v2" "rule_1" {
+	direction         = "egress"
+	ethertype         = "IPv4"
+	protocol          = "tcp"
+	port_range_min    = 22
+	port_range_max    = 22
+	remote_ip_prefix  = "1.2.3.4/32"
+}
+
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_secgroup_rule_v2
+
diff --git a/avd_docs/openstack/networking/AVD-OPNSTK-0005/Terraform.md b/avd_docs/openstack/networking/AVD-OPNSTK-0005/Terraform.md
new file mode 100644
index 000000000..9bfe44d8b
--- /dev/null
+++ b/avd_docs/openstack/networking/AVD-OPNSTK-0005/Terraform.md
@@ -0,0 +1,11 @@
+
+Add descriptions for all security groups
+
+```hcl
+ resource "openstack_networking_secgroup_v2" "group_1" {
+ 	description            = "don't let just anyone in"
+ }
+ 			
+```
+
+
diff --git a/avd_docs/oracle/compute/AVD-OCI-0001/Terraform.md b/avd_docs/oracle/compute/AVD-OCI-0001/Terraform.md
index 4c0a54cf0..51f21d4e9 100644
--- a/avd_docs/oracle/compute/AVD-OCI-0001/Terraform.md
+++ b/avd_docs/oracle/compute/AVD-OCI-0001/Terraform.md
@@ -2,13 +2,15 @@
 Reconsider the use of an public IP
 
 ```hcl
-resource "opc_compute_ip_address_reservation" "good_example" {
-  name            = "my-ip-address"
-  ip_address_pool = "cloud-ippool"
-}
+ resource "opc_compute_ip_address_reservation" "good_example" {
+ 	name            = "my-ip-address"
+ 	ip_address_pool = "cloud-ippool"
+   }
+ 
 ```
 
 #### Remediation Links
  - https://registry.terraform.io/providers/hashicorp/opc/latest/docs/resources/opc_compute_ip_address_reservation
+
  - https://registry.terraform.io/providers/hashicorp/opc/latest/docs/resources/opc_compute_instance
-        
\ No newline at end of file
+
diff --git a/cmd/avd_generator/main.go b/cmd/avd_generator/main.go
index 058a123cc..538722d2d 100644
--- a/cmd/avd_generator/main.go
+++ b/cmd/avd_generator/main.go
@@ -44,13 +44,45 @@ func writeDocsFile(meta rules.RegisteredRule) {
 
 	file, err := os.Create(filepath.Join(docpath, "docs.md"))
 	if err != nil {
-		fail("error occurred creating the file for %s", docpath)
+		fail("error occurred creating the docs file for %s", docpath)
 	}
 
 	if err := tmpl.Execute(file, meta.Rule()); err != nil {
 		fail("error occurred generating the document %v", err)
 	}
-	fmt.Printf("Generating file for policy %s\n", meta.Rule().AVDID)
+	fmt.Printf("Generating docs file for policy %s\n", meta.Rule().AVDID)
+
+	if meta.Rule().Terraform != nil {
+		tmpl, err := template.New("terraform").Parse(terraformMarkdownTemplate)
+		if err != nil {
+			fail("error occurred creating the template %v\n", err)
+		}
+		file, err := os.Create(filepath.Join(docpath, "Terraform.md"))
+		if err != nil {
+			fail("error occurred creating the Terraform file for %s", docpath)
+		}
+
+		if err := tmpl.Execute(file, meta.Rule()); err != nil {
+			fail("error occurred generating the document %v", err)
+		}
+		fmt.Printf("Generating Terraform file for policy %s\n", meta.Rule().AVDID)
+	}
+
+	if meta.Rule().CloudFormation != nil {
+		tmpl, err := template.New("cloudformation").Parse(cloudformationMarkdownTemplate)
+		if err != nil {
+			fail("error occurred creating the template %v\n", err)
+		}
+		file, err := os.Create(filepath.Join(docpath, "CloudFormation.md"))
+		if err != nil {
+			fail("error occurred creating the CloudFormation file for %s", docpath)
+		}
+
+		if err := tmpl.Execute(file, meta.Rule()); err != nil {
+			fail("error occurred generating the document %v", err)
+		}
+		fmt.Printf("Generating CloudFormation file for policy %s\n", meta.Rule().AVDID)
+	}
 }
 
 func fail(msg string, args ...interface{}) {
@@ -72,3 +104,25 @@ var docsMarkdownTemplate = `
 {{ end}}
 {{ end }}
 `
+
+var terraformMarkdownTemplate = `
+{{ .Resolution }}
+
+{{ if .Terraform.GoodExamples }}{{ range .Terraform.GoodExamples }}` + "```hcl" + `{{ . }}
+` + "```" + `
+{{ end}}{{ end }}
+{{ if .Terraform.Links }}#### Remediation Links{{ range .Terraform.Links }}
+ - {{ . }}
+{{ end}}{{ end }}
+`
+
+var cloudformationMarkdownTemplate = `
+{{ .Resolution }}
+
+{{ if .CloudFormation.GoodExamples }}{{ range .CloudFormation.GoodExamples }}` + "```yaml" + `{{ . }}
+` + "```" + `
+{{ end}}{{ end }}
+{{ if .CloudFormation.Links }}#### Remediation Links{{ range .CloudFormation.Links }}
+ - {{ . }}
+{{ end}}{{ end }}
+`