From a6ba4fe37e70b2d8998c719a2b63f30a6a5158ef Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Thu, 18 Jul 2024 11:26:48 -0400
Subject: [PATCH 01/86] initial copy of velocloud module

---
 modules/aws/vendor/velocloud/README.md    | 226 ++++++++++++++++++++++
 modules/aws/vendor/velocloud/main.tf      | 221 +++++++++++++++++++++
 modules/aws/vendor/velocloud/outputs.tf   |  23 +++
 modules/aws/vendor/velocloud/variables.tf | 196 +++++++++++++++++++
 4 files changed, 666 insertions(+)
 create mode 100755 modules/aws/vendor/velocloud/README.md
 create mode 100644 modules/aws/vendor/velocloud/main.tf
 create mode 100644 modules/aws/vendor/velocloud/outputs.tf
 create mode 100644 modules/aws/vendor/velocloud/variables.tf

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
new file mode 100755
index 00000000..0fc79796
--- /dev/null
+++ b/modules/aws/vendor/velocloud/README.md
@@ -0,0 +1,226 @@
+<!-- Blank module readme template: Do a search and replace with your text editor for the following: `module_name`, `module_description` -->
+<!-- Improved compatibility of back to top link: See: https://github.com/othneildrew/Best-README-Template/pull/73 -->
+<a name="readme-top"></a>
+
+
+<!-- PROJECT SHIELDS -->
+<!--
+*** I'm using markdown "reference style" links for readability.
+*** Reference links are enclosed in brackets [ ] instead of parentheses ( ).
+*** See the bottom of this document for the declaration of the reference variables
+*** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use.
+*** https://www.markdownguide.org/basic-syntax/#reference-style-links
+-->
+[![Contributors][contributors-shield]][contributors-url]
+[![Forks][forks-shield]][forks-url]
+[![Stargazers][stars-shield]][stars-url]
+[![Issues][issues-shield]][issues-url]
+[![MIT License][license-shield]][license-url]
+[![LinkedIn][linkedin-shield]][linkedin-url]
+
+
+<!-- PROJECT LOGO -->
+<br />
+<div align="center">
+  <a href="https://github.com/zachreborn/terraform-modules">
+    <img src="/images/terraform_modules_logo.webp" alt="Logo" width="300" height="300">
+  </a>
+
+<h3 align="center">Cato SDWAN Module</h3>
+  <p align="center">
+    This module deploys a Cato SDWAN into your environment.
+    <br />
+    <a href="https://github.com/zachreborn/terraform-modules"><strong>Explore the docs »</strong></a>
+    <br />
+    <br />
+    <a href="https://zacharyhill.co">Zachary Hill</a>
+    ·
+    <a href="https://github.com/zachreborn/terraform-modules/issues">Report Bug</a>
+    ·
+    <a href="https://github.com/zachreborn/terraform-modules/issues">Request Feature</a>
+  </p>
+</div>
+
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#usage">Usage</a></li>
+    <li><a href="#requirements">Requirements</a></li>
+    <li><a href="#providers">Providers</a></li>
+    <li><a href="#modules">Modules</a></li>
+    <li><a href="#Resources">Resources</a></li>
+    <li><a href="#inputs">Inputs</a></li>
+    <li><a href="#outputs">Outputs</a></li>
+    <li><a href="#license">License</a></li>
+    <li><a href="#contact">Contact</a></li>
+    <li><a href="#acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+
+<!-- USAGE EXAMPLES -->
+## Usage
+
+```
+module "aws_prod_cato" {
+    source               = "github.com/zachreborn/terraform-modules//modules/aws/cato_sdwan"
+
+    ami                  = "ami-0xx6edxxaf4xxdf1e"
+    availability_zone    = [module.vpc.availability_zone[0]]
+    cato_lan_cidr_blocks = ["10.11.0.0/16"]
+    key_name             = module.keypair.key_name
+    instance_type        = "c5.large"
+    mgmt_subnet_id       = module.vpc.mgmt_subnet_ids
+    public_subnet_id     = module.vpc.public_subnet_ids
+    private_subnet_id    = module.vpc.private_subnet_ids
+    mgmt_ips             = ["10.200.61.12"]
+    public_ips           = ["10.200.201.12"]
+    private_ips          = ["10.200.1.12"]
+    vpc_id               = module.vpc.vpc_id
+    user_data            = file("./global/user_data/cato_sdwan_serial.txt")
+
+    tags                 = {
+        terraform   = "true"
+        created_by  = "Zachary Hill"
+        environment = "prod"
+        project     = "aws_poc"
+        backup      = "true"
+        role        = "cato_sdwan"
+    }
+}
+```
+
+_For more examples, please refer to the [Documentation](https://github.com/zachreborn/terraform-modules)_
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+<!-- terraform-docs output will be input automatically below-->
+<!-- terraform-docs markdown table --output-file README.md --output-mode inject .-->
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_metric_alarm.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_eip.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
+| [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
+| [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
+| [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
+| [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
+| [aws_security_group.cato_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.cato_wan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_ami"></a> [ami](#input\_ami) | (Required) AMI to use for the instance. Required unless launch\_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template. | `string` | n/a | yes |
+| <a name="input_cato_lan_cidr_blocks"></a> [cato\_lan\_cidr\_blocks](#input\_cato\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the Cato instance for SDWAN communication. | `list(string)` | `null` | no |
+| <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information. | `bool` | `true` | no |
+| <a name="input_http_endpoint"></a> [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no |
+| <a name="input_http_tokens"></a> [http\_tokens](#input\_http\_tokens) | (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"required"` | no |
+| <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | (Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole. | `string` | `null` | no |
+| <a name="input_instance_name_prefix"></a> [instance\_name\_prefix](#input\_instance\_name\_prefix) | (Optional) Used to populate the Name tag. | `string` | `"aws_prod_cato"` | no |
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no |
+| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Required) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | n/a | yes |
+| <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_lan_sg"` | no |
+| <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.61.12",<br>  "10.11.62.12",<br>  "10.11.63.12"<br>]</pre> | no |
+| <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato mgmt nic"` | no |
+| <a name="input_mgmt_subnet_id"></a> [mgmt\_subnet\_id](#input\_mgmt\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
+| <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no |
+| <a name="input_number"></a> [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no |
+| <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.1.12",<br>  "10.11.2.12",<br>  "10.11.3.12"<br>]</pre> | no |
+| <a name="input_private_nic_description"></a> [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato private nic"` | no |
+| <a name="input_private_subnet_id"></a> [private\_subnet\_id](#input\_private\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
+| <a name="input_public_ips"></a> [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br>  "10.11.201.12",<br>  "10.11.202.12",<br>  "10.11.203.12"<br>]</pre> | no |
+| <a name="input_public_nic_description"></a> [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato public nic"` | no |
+| <a name="input_public_subnet_id"></a> [public\_subnet\_id](#input\_public\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
+| <a name="input_root_ebs_volume_encrypted"></a> [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no |
+| <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `16` | no |
+| <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no |
+| <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "cato_sdwan",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes |
+| <a name="input_wan_mgmt_sg_name"></a> [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_wan_mgmt_sg"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_ec2_instance_id"></a> [ec2\_instance\_id](#output\_ec2\_instance\_id) | n/a |
+| <a name="output_eip_id"></a> [eip\_id](#output\_eip\_id) | n/a |
+| <a name="output_eip_public_ip"></a> [eip\_public\_ip](#output\_eip\_public\_ip) | n/a |
+| <a name="output_mgmt_network_interface_id"></a> [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a |
+| <a name="output_private_network_interface_id"></a> [private\_network\_interface\_id](#output\_private\_network\_interface\_id) | n/a |
+| <a name="output_public_network_interface_id"></a> [public\_network\_interface\_id](#output\_public\_network\_interface\_id) | n/a |
+<!-- END_TF_DOCS -->
+
+<!-- LICENSE -->
+## License
+
+Distributed under the MIT License. See `LICENSE.txt` for more information.
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+
+
+<!-- CONTACT -->
+## Contact
+
+Zachary Hill - [![LinkedIn][linkedin-shield]][linkedin-url] - zhill@zacharyhill.co
+
+Project Link: [https://github.com/zachreborn/terraform-modules](https://github.com/zachreborn/terraform-modules)
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Zachary Hill](https://zacharyhill.co)
+* [Jake Jones](https://github.com/jakeasarus)
+
+<p align="right">(<a href="#readme-top">back to top</a>)</p>
+
+
+<!-- MARKDOWN LINKS & IMAGES -->
+<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->
+[contributors-shield]: https://img.shields.io/github/contributors/zachreborn/terraform-modules.svg?style=for-the-badge
+[contributors-url]: https://github.com/zachreborn/terraform-modules/graphs/contributors
+[forks-shield]: https://img.shields.io/github/forks/zachreborn/terraform-modules.svg?style=for-the-badge
+[forks-url]: https://github.com/zachreborn/terraform-modules/network/members
+[stars-shield]: https://img.shields.io/github/stars/zachreborn/terraform-modules.svg?style=for-the-badge
+[stars-url]: https://github.com/zachreborn/terraform-modules/stargazers
+[issues-shield]: https://img.shields.io/github/issues/zachreborn/terraform-modules.svg?style=for-the-badge
+[issues-url]: https://github.com/zachreborn/terraform-modules/issues
+[license-shield]: https://img.shields.io/github/license/zachreborn/terraform-modules.svg?style=for-the-badge
+[license-url]: https://github.com/zachreborn/terraform-modules/blob/master/LICENSE.txt
+[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=for-the-badge&logo=linkedin&colorB=555
+[linkedin-url]: https://www.linkedin.com/in/zachary-hill-5524257a/
+[product-screenshot]: /images/screenshot.webp
+[Terraform.io]: https://img.shields.io/badge/Terraform-7B42BC?style=for-the-badge&logo=terraform
+[Terraform-url]: https://terraform.io
\ No newline at end of file
diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
new file mode 100644
index 00000000..a1a70e3c
--- /dev/null
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -0,0 +1,221 @@
+terraform {
+  required_version = ">= 1.0.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0.0"
+    }
+  }
+}
+
+############################################
+# Data Sources
+############################################
+# data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+############################################
+# Security Groups
+############################################
+
+resource "aws_security_group" "velocloud_wan_mgmt_sg" {
+  name        = var.wan_mgmt_sg_name
+  description = "Security group applied to the VeloCloud SDWAN instance WAN and MGMT NICs for VeloCloud communication"
+  vpc_id      = var.vpc_id
+
+  egress {
+    description = "HTTPS Tunnel"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "TCP"
+    # CATO Cloud requires this port to be open to the internet
+    #tfsec:ignore:aws-ec2-no-public-egress-sgr
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    description = "HTTPS Tunnel"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "UDP"
+    # CATO Cloud requires this port to be open to the internet
+    #tfsec:ignore:aws-ec2-no-public-egress-sgr
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = merge(var.tags, ({ "Name" = format("%s", var.wan_mgmt_sg_name) }))
+}
+
+resource "aws_security_group" "velocloud_lan_sg" {
+  name        = var.lan_sg_name
+  description = "Security group applied to VeloCloud SDWAN instance LAN NICs for SDWAN communication"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    description = "All traffic"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = var.cato_lan_cidr_blocks
+  }
+
+  egress {
+    description = "All traffic"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    # VeloCloud requires this port to be open to the internet
+    #tfsec:ignore:aws-ec2-no-public-egress-sgr
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = merge(var.tags, ({ "Name" = format("%s", var.lan_sg_name) }))
+}
+
+############################################
+# EIP
+############################################
+
+resource "aws_eip" "wan_external_ip" {
+  count  = var.number
+  domain = "vpc"
+}
+
+resource "aws_eip_association" "wan_external_ip" {
+  count                = var.number
+  allocation_id        = element(aws_eip.wan_external_ip[*].id, count.index)
+  network_interface_id = element(aws_network_interface.public_nic[*].id, count.index)
+}
+
+############################################
+# ENI
+############################################
+
+resource "aws_network_interface" "mgmt_nic" {
+  count           = var.number
+  description     = var.mgmt_nic_description
+  private_ips     = var.mgmt_ips
+  security_groups = [aws_security_group.cato_wan_mgmt_sg.id]
+  subnet_id       = element(var.mgmt_subnet_id, count.index)
+  tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
+}
+
+resource "aws_network_interface" "public_nic" {
+  count           = var.number
+  description     = var.public_nic_description
+  private_ips     = [element(var.public_ips, count.index)]
+  security_groups = [aws_security_group.cato_wan_mgmt_sg.id]
+  subnet_id       = element(var.public_subnet_id, count.index)
+  tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
+
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 1
+  }
+}
+
+resource "aws_network_interface" "private_nic" {
+  count             = var.number
+  description       = var.private_nic_description
+  private_ips       = [element(var.private_ips, count.index)]
+  security_groups   = [aws_security_group.cato_lan_sg.id]
+  source_dest_check = var.source_dest_check
+  subnet_id         = element(var.private_subnet_id, count.index)
+  tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
+
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 2
+  }
+}
+
+############################################
+# EC2 Instance
+############################################
+
+resource "aws_instance" "ec2_instance" {
+  ami                  = var.ami
+  count                = var.number
+  ebs_optimized        = var.ebs_optimized
+  iam_instance_profile = var.iam_instance_profile
+  instance_type        = var.instance_type
+  key_name             = var.key_name
+  monitoring           = var.monitoring
+  volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
+  tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
+  user_data            = var.user_data
+
+  metadata_options {
+    http_endpoint = var.http_endpoint
+    http_tokens   = var.http_tokens
+  }
+
+  network_interface {
+    network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
+    device_index         = 0
+  }
+
+  root_block_device {
+    volume_type = var.root_volume_type
+    volume_size = var.root_volume_size
+    encrypted   = var.root_ebs_volume_encrypted
+  }
+}
+
+###################################################
+# CloudWatch Alarms
+###################################################
+
+#####################
+# Status Check Failed Instance Metric
+#####################
+
+resource "aws_cloudwatch_metric_alarm" "instance" {
+  actions_enabled     = true
+  alarm_actions       = []
+  alarm_description   = "EC2 instance StatusCheckFailed_Instance alarm"
+  alarm_name          = format("%s-instance-alarm", element(aws_instance.ec2_instance[*].id, count.index))
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  count               = var.number
+  datapoints_to_alarm = 2
+  dimensions = {
+    InstanceId = element(aws_instance.ec2_instance[*].id, count.index)
+  }
+  evaluation_periods        = "2"
+  insufficient_data_actions = []
+  metric_name               = "StatusCheckFailed_Instance"
+  namespace                 = "AWS/EC2"
+  ok_actions                = []
+  period                    = "60"
+  statistic                 = "Maximum"
+  threshold                 = "1"
+  treat_missing_data        = "missing"
+  #unit                      = var.unit
+}
+
+#####################
+# Status Check Failed System Metric
+#####################
+
+resource "aws_cloudwatch_metric_alarm" "system" {
+  actions_enabled     = true
+  alarm_actions       = ["arn:aws:automate:${data.aws_region.current.name}:ec2:recover"]
+  alarm_description   = "EC2 instance StatusCheckFailed_System alarm"
+  alarm_name          = format("%s-system-alarm", element(aws_instance.ec2_instance[*].id, count.index))
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  count               = var.number
+  datapoints_to_alarm = 2
+  dimensions = {
+    InstanceId = element(aws_instance.ec2_instance[*].id, count.index)
+  }
+  evaluation_periods        = "2"
+  insufficient_data_actions = []
+  metric_name               = "StatusCheckFailed_System"
+  namespace                 = "AWS/EC2"
+  ok_actions                = []
+  period                    = "60"
+  statistic                 = "Maximum"
+  threshold                 = "1"
+  treat_missing_data        = "missing"
+  #unit                      = var.unit
+}
diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
new file mode 100644
index 00000000..da9f9dab
--- /dev/null
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -0,0 +1,23 @@
+output "eip_id" {
+  value = aws_eip.wan_external_ip[*].id
+}
+
+output "eip_public_ip" {
+  value = aws_eip.wan_external_ip[*].public_ip
+}
+
+output "ec2_instance_id" {
+  value = aws_instance.ec2_instance[*].id
+}
+
+output "public_network_interface_id" {
+  value = aws_network_interface.public_nic[*].id
+}
+
+output "private_network_interface_id" {
+  value = aws_network_interface.private_nic[*].id
+}
+
+output "mgmt_network_interface_id" {
+  value = aws_network_interface.mgmt_nic[*].id
+}
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
new file mode 100644
index 00000000..6f073f48
--- /dev/null
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -0,0 +1,196 @@
+############################################
+# Security Groups
+############################################
+
+variable "wan_mgmt_sg_name" {
+  description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name."
+  default     = "cato_wan_mgmt_sg"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "(Required, Forces new resource) VPC ID. Defaults to the region's default VPC."
+  type        = string
+}
+
+variable "lan_sg_name" {
+  description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name."
+  default     = "cato_lan_sg"
+  type        = string
+}
+
+variable "cato_lan_cidr_blocks" {
+  type        = list(string)
+  description = "(Optional) List of CIDR blocks allowed to utilize the Cato instance for SDWAN communication."
+  default     = null
+}
+
+############################################
+# ENI
+############################################
+
+variable "mgmt_nic_description" {
+  description = "(Optional) Description for the network interface."
+  default     = "Cato mgmt nic"
+  type        = string
+}
+
+variable "mgmt_ips" {
+  description = "(Optional) List of private IPs to assign to the ENI."
+  default     = ["10.11.61.12", "10.11.62.12", "10.11.63.12"]
+  type        = list(string)
+}
+
+variable "mgmt_subnet_id" {
+  description = "(Required) Subnet ID to create the ENI in."
+  type        = list(string)
+}
+
+variable "public_nic_description" {
+  description = "(Optional) Description for the network interface."
+  default     = "Cato public nic"
+  type        = string
+}
+
+variable "public_subnet_id" {
+  description = "(Required) Subnet ID to create the ENI in."
+  type        = list(string)
+}
+
+variable "public_ips" {
+  description = "(Optional) Private IP addresses to associate with the instance in a VPC."
+  default     = ["10.11.201.12", "10.11.202.12", "10.11.203.12"]
+  type        = list(string)
+}
+
+variable "private_subnet_id" {
+  description = "(Required) Subnet ID to create the ENI in."
+  type        = list(string)
+}
+
+variable "private_nic_description" {
+  description = "(Optional) Description for the network interface."
+  default     = "Cato private nic"
+  type        = string
+}
+
+variable "private_ips" {
+  description = "(Optional) List of private IPs to assign to the ENI."
+  default     = ["10.11.1.12", "10.11.2.12", "10.11.3.12"]
+  type        = list(string)
+}
+
+variable "source_dest_check" {
+  description = "(Optional) Whether to enable source destination checking for the ENI. Default false."
+  default     = false
+  type        = bool
+}
+
+############################################
+# EC2 Instance
+############################################
+
+variable "ebs_optimized" {
+  description = "(Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information."
+  default     = true
+  type        = bool
+}
+
+variable "monitoring" {
+  description = "(Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)"
+  default     = true
+  type        = bool
+}
+
+variable "ami" {
+  description = "(Required) AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template."
+  type        = string
+}
+
+variable "instance_type" {
+  description = "(Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance."
+  default     = "c5.xlarge"
+  type        = string
+}
+
+variable "key_name" {
+  description = "(Required) Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource."
+  type        = string
+}
+
+variable "iam_instance_profile" {
+  description = "(Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole."
+  default     = null
+  type        = string
+}
+
+variable "instance_name_prefix" {
+  description = "(Optional) Used to populate the Name tag."
+  default     = "aws_prod_cato"
+  type        = string
+}
+
+variable "root_volume_type" {
+  description = "(Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3"
+  default     = "gp3"
+  type        = string
+}
+
+variable "root_volume_size" {
+  description = "(Optional) Size of the root volume in gibibytes (GiB)."
+  default     = 16
+  type        = number
+}
+
+variable "root_ebs_volume_encrypted" {
+  description = "(Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection."
+  default     = true
+  type        = bool
+}
+
+variable "user_data" {
+  type        = string
+  description = "(Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate."
+  default     = null
+}
+
+variable "http_endpoint" {
+  type        = string
+  description = "(Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled."
+  default     = "enabled"
+  validation {
+    condition     = can(regex("^(enabled|disabled)$", var.http_endpoint))
+    error_message = "The value must be either enabled or disabled."
+  }
+}
+
+variable "http_tokens" {
+  type        = string
+  description = "(Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional."
+  default     = "required"
+  validation {
+    condition     = can(regex("^(optional|required)$", var.http_tokens))
+    error_message = "The value must be either optional or required."
+  }
+}
+
+###############################################################
+# General Use Variables
+###############################################################
+
+variable "tags" {
+  description = "(Optional) Map of tags to assign to the device."
+  default = {
+    created_by  = "terraform"
+    terraform   = "true"
+    environment = "prod"
+    role        = "cato_sdwan"
+  }
+  type = map(any)
+}
+
+variable "number" {
+  description = "(Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1"
+  default     = 1
+  type        = number
+}
\ No newline at end of file

From 8bc7bee16959e6722f325d9eec3f860b51d4f65c Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 10:52:34 -0400
Subject: [PATCH 02/86] updates for velocloud

---
 modules/aws/vendor/velocloud/main.tf      |  7 +++++--
 modules/aws/vendor/velocloud/variables.tf | 14 +++++++-------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index a1a70e3c..94964e39 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -18,7 +18,7 @@ data "aws_region" "current" {}
 # Security Groups
 ############################################
 
-resource "aws_security_group" "velocloud_wan_mgmt_sg" {
+resource "aws_security_group" "velocloud_sdwan_mgmt_sg" {
   name        = var.wan_mgmt_sg_name
   description = "Security group applied to the VeloCloud SDWAN instance WAN and MGMT NICs for VeloCloud communication"
   vpc_id      = var.vpc_id
@@ -56,7 +56,7 @@ resource "aws_security_group" "velocloud_lan_sg" {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    cidr_blocks = var.cato_lan_cidr_blocks
+    cidr_blocks = var.velocloud_lan_cidr_blocks
   }
 
   egress {
@@ -92,6 +92,7 @@ resource "aws_eip_association" "wan_external_ip" {
 ############################################
 
 resource "aws_network_interface" "mgmt_nic" {
+  # Ge1 is the management interface in VeloCloud and attached at eth0
   count           = var.number
   description     = var.mgmt_nic_description
   private_ips     = var.mgmt_ips
@@ -101,6 +102,7 @@ resource "aws_network_interface" "mgmt_nic" {
 }
 
 resource "aws_network_interface" "public_nic" {
+  # Ge2 is the public interface in VeloCloud and attached at eth1
   count           = var.number
   description     = var.public_nic_description
   private_ips     = [element(var.public_ips, count.index)]
@@ -115,6 +117,7 @@ resource "aws_network_interface" "public_nic" {
 }
 
 resource "aws_network_interface" "private_nic" {
+  # Ge3 is the private interface in VeloCloud and attached at eth2
   count             = var.number
   description       = var.private_nic_description
   private_ips       = [element(var.private_ips, count.index)]
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 6f073f48..d7a1e0bb 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -4,7 +4,7 @@
 
 variable "wan_mgmt_sg_name" {
   description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name."
-  default     = "cato_wan_mgmt_sg"
+  default     = "velocloud_wan_mgmt_sg"
   type        = string
 }
 
@@ -15,11 +15,11 @@ variable "vpc_id" {
 
 variable "lan_sg_name" {
   description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name."
-  default     = "cato_lan_sg"
+  default     = "velocloud_lan_sg"
   type        = string
 }
 
-variable "cato_lan_cidr_blocks" {
+variable "velocloud_lan_cidr_blocks" {
   type        = list(string)
   description = "(Optional) List of CIDR blocks allowed to utilize the Cato instance for SDWAN communication."
   default     = null
@@ -31,7 +31,7 @@ variable "cato_lan_cidr_blocks" {
 
 variable "mgmt_nic_description" {
   description = "(Optional) Description for the network interface."
-  default     = "Cato mgmt nic"
+  default     = "SDWAN mgmt nic"
   type        = string
 }
 
@@ -48,7 +48,7 @@ variable "mgmt_subnet_id" {
 
 variable "public_nic_description" {
   description = "(Optional) Description for the network interface."
-  default     = "Cato public nic"
+  default     = "SDWAN public nic"
   type        = string
 }
 
@@ -70,7 +70,7 @@ variable "private_subnet_id" {
 
 variable "private_nic_description" {
   description = "(Optional) Description for the network interface."
-  default     = "Cato private nic"
+  default     = "SDWAN private nic"
   type        = string
 }
 
@@ -184,7 +184,7 @@ variable "tags" {
     created_by  = "terraform"
     terraform   = "true"
     environment = "prod"
-    role        = "cato_sdwan"
+    role        = "sdwan"
   }
   type = map(any)
 }

From d81df550158cae20700eca1a6b385b52a866aea2 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Sun, 21 Jul 2024 14:53:48 +0000
Subject: [PATCH 03/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 0fc79796..8aecaa14 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -128,8 +128,8 @@ No modules.
 | [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
-| [aws_security_group.cato_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
-| [aws_security_group.cato_wan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.velocloud_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.velocloud_sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
@@ -137,7 +137,6 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami"></a> [ami](#input\_ami) | (Required) AMI to use for the instance. Required unless launch\_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template. | `string` | n/a | yes |
-| <a name="input_cato_lan_cidr_blocks"></a> [cato\_lan\_cidr\_blocks](#input\_cato\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the Cato instance for SDWAN communication. | `list(string)` | `null` | no |
 | <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information. | `bool` | `true` | no |
 | <a name="input_http_endpoint"></a> [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no |
 | <a name="input_http_tokens"></a> [http\_tokens](#input\_http\_tokens) | (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"required"` | no |
@@ -145,26 +144,27 @@ No modules.
 | <a name="input_instance_name_prefix"></a> [instance\_name\_prefix](#input\_instance\_name\_prefix) | (Optional) Used to populate the Name tag. | `string` | `"aws_prod_cato"` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Required) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | n/a | yes |
-| <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_lan_sg"` | no |
+| <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_lan_sg"` | no |
 | <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.61.12",<br>  "10.11.62.12",<br>  "10.11.63.12"<br>]</pre> | no |
-| <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato mgmt nic"` | no |
+| <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN mgmt nic"` | no |
 | <a name="input_mgmt_subnet_id"></a> [mgmt\_subnet\_id](#input\_mgmt\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no |
 | <a name="input_number"></a> [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no |
 | <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.1.12",<br>  "10.11.2.12",<br>  "10.11.3.12"<br>]</pre> | no |
-| <a name="input_private_nic_description"></a> [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato private nic"` | no |
+| <a name="input_private_nic_description"></a> [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN private nic"` | no |
 | <a name="input_private_subnet_id"></a> [private\_subnet\_id](#input\_private\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_public_ips"></a> [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br>  "10.11.201.12",<br>  "10.11.202.12",<br>  "10.11.203.12"<br>]</pre> | no |
-| <a name="input_public_nic_description"></a> [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato public nic"` | no |
+| <a name="input_public_nic_description"></a> [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN public nic"` | no |
 | <a name="input_public_subnet_id"></a> [public\_subnet\_id](#input\_public\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_root_ebs_volume_encrypted"></a> [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no |
 | <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `16` | no |
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "cato_sdwan",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "sdwan",<br>  "terraform": "true"<br>}</pre> | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
+| <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the Cato instance for SDWAN communication. | `list(string)` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes |
-| <a name="input_wan_mgmt_sg_name"></a> [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_wan_mgmt_sg"` | no |
+| <a name="input_wan_mgmt_sg_name"></a> [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_wan_mgmt_sg"` | no |
 
 ## Outputs
 

From 3af9bc961a7cc1e5a76520b5abf448a67510e505 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 10:56:03 -0400
Subject: [PATCH 04/86] updated readme with link

---
 modules/aws/vendor/velocloud/README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 0fc79796..a9379078 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -26,9 +26,9 @@
     <img src="/images/terraform_modules_logo.webp" alt="Logo" width="300" height="300">
   </a>
 
-<h3 align="center">Cato SDWAN Module</h3>
+<h3 align="center">VeloCloud SDWAN Module</h3>
   <p align="center">
-    This module deploys a Cato SDWAN into your environment.
+    This module deploys a VeloCloud SDWAN into your environment. Please see the <a href=https://docs.vmware.com/en/VMware-SD-WAN/index.html> VeloCloud documentation </a> for more information.
     <br />
     <a href="https://github.com/zachreborn/terraform-modules"><strong>Explore the docs »</strong></a>
     <br />
@@ -64,8 +64,8 @@
 ## Usage
 
 ```
-module "aws_prod_cato" {
-    source               = "github.com/zachreborn/terraform-modules//modules/aws/cato_sdwan"
+module "aws_prod_sdwan" {
+    source               = "github.com/zachreborn/terraform-modules//modules/aws/velocloud"
 
     ami                  = "ami-0xx6edxxaf4xxdf1e"
     availability_zone    = [module.vpc.availability_zone[0]]
@@ -79,7 +79,7 @@ module "aws_prod_cato" {
     public_ips           = ["10.200.201.12"]
     private_ips          = ["10.200.1.12"]
     vpc_id               = module.vpc.vpc_id
-    user_data            = file("./global/user_data/cato_sdwan_serial.txt")
+    user_data            = file("./global/user_data/velocloud_sdwan_license.txt")
 
     tags                 = {
         terraform   = "true"

From df97b230d1312313bfe295641e8c74bc233ac761 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 11:21:54 -0400
Subject: [PATCH 05/86] renaming cato to velo

---
 modules/aws/vendor/velocloud/variables.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index d7a1e0bb..63d953b3 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -21,7 +21,7 @@ variable "lan_sg_name" {
 
 variable "velocloud_lan_cidr_blocks" {
   type        = list(string)
-  description = "(Optional) List of CIDR blocks allowed to utilize the Cato instance for SDWAN communication."
+  description = "(Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication."
   default     = null
 }
 
@@ -126,7 +126,7 @@ variable "iam_instance_profile" {
 
 variable "instance_name_prefix" {
   description = "(Optional) Used to populate the Name tag."
-  default     = "aws_prod_cato"
+  default     = "aws_prod_sdwan"
   type        = string
 }
 

From f71837ed9b7975fd012f560bed1f0cbd06c54230 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Sun, 21 Jul 2024 15:22:23 +0000
Subject: [PATCH 06/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index a7ef7f37..ced3d6e5 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -141,7 +141,7 @@ No modules.
 | <a name="input_http_endpoint"></a> [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no |
 | <a name="input_http_tokens"></a> [http\_tokens](#input\_http\_tokens) | (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"required"` | no |
 | <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | (Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole. | `string` | `null` | no |
-| <a name="input_instance_name_prefix"></a> [instance\_name\_prefix](#input\_instance\_name\_prefix) | (Optional) Used to populate the Name tag. | `string` | `"aws_prod_cato"` | no |
+| <a name="input_instance_name_prefix"></a> [instance\_name\_prefix](#input\_instance\_name\_prefix) | (Optional) Used to populate the Name tag. | `string` | `"aws_prod_sdwan"` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Required) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | n/a | yes |
 | <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_lan_sg"` | no |
@@ -162,7 +162,7 @@ No modules.
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "sdwan",<br>  "terraform": "true"<br>}</pre> | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
-| <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the Cato instance for SDWAN communication. | `list(string)` | `null` | no |
+| <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes |
 | <a name="input_wan_mgmt_sg_name"></a> [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_wan_mgmt_sg"` | no |
 

From 71658560670411485f956abb5670950726656af6 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 12:22:51 -0400
Subject: [PATCH 07/86] added new variables to ssh and snmp security groups

---
 modules/aws/vendor/velocloud/main.tf      | 42 +++++++++++++++--------
 modules/aws/vendor/velocloud/variables.tf | 26 ++++++++++----
 2 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 94964e39..072d9ab8 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -18,27 +18,41 @@ data "aws_region" "current" {}
 # Security Groups
 ############################################
 
-resource "aws_security_group" "velocloud_sdwan_mgmt_sg" {
+resource "aws_security_group" "sdwan_mgmt_sg" {
   name        = var.wan_mgmt_sg_name
   description = "Security group applied to the VeloCloud SDWAN instance WAN and MGMT NICs for VeloCloud communication"
   vpc_id      = var.vpc_id
 
-  egress {
-    description = "HTTPS Tunnel"
-    from_port   = 443
-    to_port     = 443
+  ingress {
+    description = "SSH access for support"
+    from_port   = 22
+    to_port     = 22
     protocol    = "TCP"
-    # CATO Cloud requires this port to be open to the internet
-    #tfsec:ignore:aws-ec2-no-public-egress-sgr
+    cidr_blocks = var.ssh_mgmt_access_cidr_blocks
+  }
+
+  ingress {
+    description = "SNMP access for management"
+    from_port   = 161
+    to_port     = 161
+    protocol    = "UDP"
+    cidr_blocks = var.snmp_mgmt_access_cidr_blocks
+  }
+
+  ingress {
+    description = "VMware Multipath Protocol"
+    from_port = 2426
+    to_port = 2426
+    protocol = "UDP"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   egress {
-    description = "HTTPS Tunnel"
-    from_port   = 443
-    to_port     = 443
-    protocol    = "UDP"
-    # CATO Cloud requires this port to be open to the internet
+    description = "All traffic"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    # VeloCloud SDWAN requires this port to be open to the internet
     #tfsec:ignore:aws-ec2-no-public-egress-sgr
     cidr_blocks = ["0.0.0.0/0"]
   }
@@ -96,7 +110,7 @@ resource "aws_network_interface" "mgmt_nic" {
   count           = var.number
   description     = var.mgmt_nic_description
   private_ips     = var.mgmt_ips
-  security_groups = [aws_security_group.cato_wan_mgmt_sg.id]
+  security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.mgmt_subnet_id, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
 }
@@ -106,7 +120,7 @@ resource "aws_network_interface" "public_nic" {
   count           = var.number
   description     = var.public_nic_description
   private_ips     = [element(var.public_ips, count.index)]
-  security_groups = [aws_security_group.cato_wan_mgmt_sg.id]
+  security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.public_subnet_id, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
 
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 63d953b3..dc6df118 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -2,20 +2,27 @@
 # Security Groups
 ############################################
 
-variable "wan_mgmt_sg_name" {
+variable "lan_sg_name" {
   description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name."
-  default     = "velocloud_wan_mgmt_sg"
+  default     = "velocloud_lan_sg"
   type        = string
 }
 
-variable "vpc_id" {
-  description = "(Required, Forces new resource) VPC ID. Defaults to the region's default VPC."
-  type        = string
+variable "snmp_mgmt_access_cidr_blocks" {
+  description = "(Optional) List of CIDR blocks allowed to SNMP into the VeloCloud instance."
+  default     = []
+  type        = list(string)
 }
 
-variable "lan_sg_name" {
+variable "ssh_mgmt_access_cidr_blocks" {
+  description = "(Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance."
+  default     = []
+  type        = list(string)
+}
+
+variable "wan_mgmt_sg_name" {
   description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name."
-  default     = "velocloud_lan_sg"
+  default     = "velocloud_wan_mgmt_sg"
   type        = string
 }
 
@@ -25,6 +32,11 @@ variable "velocloud_lan_cidr_blocks" {
   default     = null
 }
 
+variable "vpc_id" {
+  description = "(Required, Forces new resource) VPC ID. Defaults to the region's default VPC."
+  type        = string
+}
+
 ############################################
 # ENI
 ############################################

From d1a475f4dbbe1d87390428cc03ceaab004c1b505 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Sun, 21 Jul 2024 16:23:29 +0000
Subject: [PATCH 08/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 4 +++-
 modules/aws/vendor/velocloud/main.tf   | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index ced3d6e5..598c6966 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -128,8 +128,8 @@ No modules.
 | [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
+| [aws_security_group.sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group.velocloud_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
-| [aws_security_group.velocloud_sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
@@ -159,7 +159,9 @@ No modules.
 | <a name="input_root_ebs_volume_encrypted"></a> [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no |
 | <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `16` | no |
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no |
+| <a name="input_snmp_mgmt_access_cidr_blocks"></a> [snmp\_mgmt\_access\_cidr\_blocks](#input\_snmp\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SNMP into the VeloCloud instance. | `list(string)` | `[]` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
+| <a name="input_ssh_mgmt_access_cidr_blocks"></a> [ssh\_mgmt\_access\_cidr\_blocks](#input\_ssh\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance. | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "sdwan",<br>  "terraform": "true"<br>}</pre> | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
 | <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no |
diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 072d9ab8..aa6dc471 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -41,9 +41,9 @@ resource "aws_security_group" "sdwan_mgmt_sg" {
 
   ingress {
     description = "VMware Multipath Protocol"
-    from_port = 2426
-    to_port = 2426
-    protocol = "UDP"
+    from_port   = 2426
+    to_port     = 2426
+    protocol    = "UDP"
     cidr_blocks = ["0.0.0.0/0"]
   }
 

From 08015b9abc5980dc2f810cec2ace8a0df5f3c5d0 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 20:27:00 -0400
Subject: [PATCH 09/86] removed searching for the AMI in favor of data source

---
 modules/aws/vendor/velocloud/main.tf      | 12 +++++++++++-
 modules/aws/vendor/velocloud/variables.tf | 15 ++++++++++-----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index aa6dc471..e5450944 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -14,6 +14,16 @@ terraform {
 # data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 
+data "aws_ami" "velocloud" {
+  executable_users = ["self"]
+  most_recent = true
+  owners = ["679593333241"]
+  filter {
+    name   = "name"
+    values = ["VeloCloud VCE ${var.velocloud_version}*"]
+  }
+}
+
 ############################################
 # Security Groups
 ############################################
@@ -151,7 +161,7 @@ resource "aws_network_interface" "private_nic" {
 ############################################
 
 resource "aws_instance" "ec2_instance" {
-  ami                  = var.ami
+  ami                  = data.aws_ami.velocloud.id
   count                = var.number
   ebs_optimized        = var.ebs_optimized
   iam_instance_profile = var.iam_instance_profile
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index dc6df118..e2f5e1b4 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -1,3 +1,13 @@
+############################################
+# Data Sources
+############################################
+
+variable "velocloud_version" {
+  description = "(Optional) The version ID of the VeloCloud VCE AMI to use. Defaults to the latest version. Use semantic versioning to specify a version. Example: 4.5"
+  default     = "4.5"
+  type        = string
+}
+
 ############################################
 # Security Groups
 ############################################
@@ -114,11 +124,6 @@ variable "monitoring" {
   type        = bool
 }
 
-variable "ami" {
-  description = "(Required) AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template."
-  type        = string
-}
-
 variable "instance_type" {
   description = "(Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance."
   default     = "c5.xlarge"

From 870a9b17781d0e09601aa7082234b18dec22e0d8 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Mon, 22 Jul 2024 00:27:45 +0000
Subject: [PATCH 10/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 3 ++-
 modules/aws/vendor/velocloud/main.tf   | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 598c6966..27685b94 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -130,13 +130,13 @@ No modules.
 | [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_security_group.sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group.velocloud_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_ami.velocloud](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami"></a> [ami](#input\_ami) | (Required) AMI to use for the instance. Required unless launch\_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template. | `string` | n/a | yes |
 | <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information. | `bool` | `true` | no |
 | <a name="input_http_endpoint"></a> [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no |
 | <a name="input_http_tokens"></a> [http\_tokens](#input\_http\_tokens) | (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"required"` | no |
@@ -165,6 +165,7 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "sdwan",<br>  "terraform": "true"<br>}</pre> | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
 | <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no |
+| <a name="input_velocloud_version"></a> [velocloud\_version](#input\_velocloud\_version) | (Optional) The version ID of the VeloCloud VCE AMI to use. Defaults to the latest version. Use semantic versioning to specify a version. Example: 4.5 | `string` | `"4.5"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes |
 | <a name="input_wan_mgmt_sg_name"></a> [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_wan_mgmt_sg"` | no |
 
diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index e5450944..606b1328 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -16,8 +16,8 @@ data "aws_region" "current" {}
 
 data "aws_ami" "velocloud" {
   executable_users = ["self"]
-  most_recent = true
-  owners = ["679593333241"]
+  most_recent      = true
+  owners           = ["679593333241"]
   filter {
     name   = "name"
     values = ["VeloCloud VCE ${var.velocloud_version}*"]

From c12170eada257dc37e02798c19e99be0b7e5c499 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 21:03:14 -0400
Subject: [PATCH 11/86] added new user_data script and license variables

---
 modules/aws/vendor/velocloud/main.tf      |  6 +++++-
 modules/aws/vendor/velocloud/user_data.sh |  6 ++++++
 modules/aws/vendor/velocloud/variables.tf | 20 +++++++++++++++++---
 3 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 modules/aws/vendor/velocloud/user_data.sh

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index e5450944..68168dc9 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -170,7 +170,11 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data            = var.user_data
+  user_data            = templatefile("${path.module}/user_data.sh", {
+    velocloud_activation_key = var.velocloud_activation_key
+    velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
+    velocloud_orchestrator = var.velocloud_orchestrator
+  })
 
   metadata_options {
     http_endpoint = var.http_endpoint
diff --git a/modules/aws/vendor/velocloud/user_data.sh b/modules/aws/vendor/velocloud/user_data.sh
new file mode 100644
index 00000000..7ee7109d
--- /dev/null
+++ b/modules/aws/vendor/velocloud/user_data.sh
@@ -0,0 +1,6 @@
+#cloud-config
+velocloud:
+  vce:
+    vco: ${velocloud_orchestrator}
+    activation_code: ${velocloud_activation_key}
+    vco_ignore_cert_errors: ${velocloud_ignore_cert_errors}
\ No newline at end of file
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index e2f5e1b4..153e986b 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -165,10 +165,24 @@ variable "root_ebs_volume_encrypted" {
   type        = bool
 }
 
-variable "user_data" {
+variable "velocloud_activation_key" {
+  description = "(Required) The activation key for the VeloCloud instance(s)."
+  type        = string
+  validation {
+    condition     = can(regex("^[A-Z0-9-]+{16}$", var.velocloud_activation_key))
+    error_message = "The activation key must be 16 characters long and contain only uppercase alphanumeric characters and hyphens."
+  }
+}
+
+variable "velocloud_ignore_cert_errors" {
+  description = "(Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false."
+  default     = false
+  type        = bool
+}
+
+variable "velocloud_orchestrator" {
+  description = "(Required) The IP address or FQDN of the VeloCloud orchestrator. Example: vco.example.com"
   type        = string
-  description = "(Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user_data_replace_on_change is set then updates to this field will trigger a destroy and recreate."
-  default     = null
 }
 
 variable "http_endpoint" {

From 502e35909af4303afa93ff932ac49cf92ec5c4da Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 21:04:17 -0400
Subject: [PATCH 12/86] terraform fmt

---
 modules/aws/vendor/velocloud/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index f551bfd5..188ea40a 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -170,10 +170,10 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data            = templatefile("${path.module}/user_data.sh", {
-    velocloud_activation_key = var.velocloud_activation_key
+  user_data = templatefile("${path.module}/user_data.sh", {
+    velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
-    velocloud_orchestrator = var.velocloud_orchestrator
+    velocloud_orchestrator       = var.velocloud_orchestrator
   })
 
   metadata_options {

From 78c2fd0526e39f96bd05b25a34b9567504b20322 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Mon, 22 Jul 2024 01:04:47 +0000
Subject: [PATCH 13/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 27685b94..758b3f1f 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -163,8 +163,10 @@ No modules.
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
 | <a name="input_ssh_mgmt_access_cidr_blocks"></a> [ssh\_mgmt\_access\_cidr\_blocks](#input\_ssh\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance. | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "sdwan",<br>  "terraform": "true"<br>}</pre> | no |
-| <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
+| <a name="input_velocloud_activation_key"></a> [velocloud\_activation\_key](#input\_velocloud\_activation\_key) | (Required) The activation key for the VeloCloud instance(s). | `string` | n/a | yes |
+| <a name="input_velocloud_ignore_cert_errors"></a> [velocloud\_ignore\_cert\_errors](#input\_velocloud\_ignore\_cert\_errors) | (Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false. | `bool` | `false` | no |
 | <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no |
+| <a name="input_velocloud_orchestrator"></a> [velocloud\_orchestrator](#input\_velocloud\_orchestrator) | (Required) The IP address or FQDN of the VeloCloud orchestrator. Example: vco.example.com | `string` | n/a | yes |
 | <a name="input_velocloud_version"></a> [velocloud\_version](#input\_velocloud\_version) | (Optional) The version ID of the VeloCloud VCE AMI to use. Defaults to the latest version. Use semantic versioning to specify a version. Example: 4.5 | `string` | `"4.5"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes |
 | <a name="input_wan_mgmt_sg_name"></a> [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_wan_mgmt_sg"` | no |

From c3dc20f424c9b44eac864bcca7a4ab104af5d109 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Sun, 21 Jul 2024 21:36:22 -0400
Subject: [PATCH 14/86] updated readme with proper example

---
 modules/aws/vendor/velocloud/README.md | 35 +++++++++++++-------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 758b3f1f..1199b4f0 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -65,29 +65,28 @@
 
 ```
 module "aws_prod_sdwan" {
-    source               = "github.com/zachreborn/terraform-modules//modules/aws/velocloud"
-
-    ami                  = "ami-0xx6edxxaf4xxdf1e"
-    availability_zone    = [module.vpc.availability_zone[0]]
-    cato_lan_cidr_blocks = ["10.11.0.0/16"]
-    key_name             = module.keypair.key_name
-    instance_type        = "c5.large"
-    mgmt_subnet_id       = module.vpc.mgmt_subnet_ids
-    public_subnet_id     = module.vpc.public_subnet_ids
-    private_subnet_id    = module.vpc.private_subnet_ids
-    mgmt_ips             = ["10.200.61.12"]
-    public_ips           = ["10.200.201.12"]
-    private_ips          = ["10.200.1.12"]
-    vpc_id               = module.vpc.vpc_id
-    user_data            = file("./global/user_data/velocloud_sdwan_license.txt")
-
-    tags                 = {
+    source = "github.com/zachreborn/terraform-modules//modules/aws/velocloud"
+
+    availability_zone         = [module.vpc.availability_zone[0]]
+    velocloud_lan_cidr_blocks = ["10.11.0.0/16"]
+    key_name                  = module.keypair.key_name
+    instance_type             = "c5.xlarge"
+    mgmt_subnet_id            = module.vpc.mgmt_subnet_ids
+    public_subnet_id          = module.vpc.public_subnet_ids
+    private_subnet_id         = module.vpc.private_subnet_ids
+    mgmt_ips                  = ["10.200.61.12"]
+    public_ips                = ["10.200.201.12"]
+    private_ips               = ["10.200.1.12"]
+    vpc_id                    = module.vpc.vpc_id
+    velocloud_activation_key  = "1234-5678-90AB-CDEF"
+    velocloud_orchestrator    = "vco.example.com"
+    tags                      = {
         terraform   = "true"
         created_by  = "Zachary Hill"
         environment = "prod"
         project     = "aws_poc"
         backup      = "true"
-        role        = "cato_sdwan"
+        role        = "sdwan"
     }
 }
 ```

From ed7f6fcc1ec264b783d92e85a0a6318e26eb73ff Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 07:25:44 -0400
Subject: [PATCH 15/86] added comment and tfsec exclusion

---
 modules/aws/vendor/velocloud/main.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 188ea40a..76af4e61 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -80,6 +80,8 @@ resource "aws_security_group" "velocloud_lan_sg" {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
+    # VeloCloud requires this port to be open in order to pass traffic from sources to the SDWAN.
+    #tfsec:ignore:aws-ec2-no-public-egress-sgr
     cidr_blocks = var.velocloud_lan_cidr_blocks
   }
 
@@ -88,7 +90,7 @@ resource "aws_security_group" "velocloud_lan_sg" {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    # VeloCloud requires this port to be open to the internet
+    # VeloCloud requires this port to be open in order to pass traffic to the SDWAN.
     #tfsec:ignore:aws-ec2-no-public-egress-sgr
     cidr_blocks = ["0.0.0.0/0"]
   }

From af460e0709c4a812c996cab09b4a5bbb32734e10 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 07:57:53 -0400
Subject: [PATCH 16/86] renaming the subnet id to subnet ids

---
 modules/aws/vendor/velocloud/README.md    |  8 ++++----
 modules/aws/vendor/velocloud/main.tf      |  6 +++---
 modules/aws/vendor/velocloud/variables.tf | 12 ++++++------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 1199b4f0..5ef47c97 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -65,15 +65,15 @@
 
 ```
 module "aws_prod_sdwan" {
-    source = "github.com/zachreborn/terraform-modules//modules/aws/velocloud"
+    source = "github.com/zachreborn/terraform-modules//modules/aws/vendor/velocloud"
 
     availability_zone         = [module.vpc.availability_zone[0]]
     velocloud_lan_cidr_blocks = ["10.11.0.0/16"]
     key_name                  = module.keypair.key_name
     instance_type             = "c5.xlarge"
-    mgmt_subnet_id            = module.vpc.mgmt_subnet_ids
-    public_subnet_id          = module.vpc.public_subnet_ids
-    private_subnet_id         = module.vpc.private_subnet_ids
+    mgmt_subnet_ids           = module.vpc.mgmt_subnet_ids
+    public_subnet_ids         = module.vpc.public_subnet_ids
+    private_subnet_ids        = module.vpc.private_subnet_ids
     mgmt_ips                  = ["10.200.61.12"]
     public_ips                = ["10.200.201.12"]
     private_ips               = ["10.200.1.12"]
diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 76af4e61..093820d1 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -123,7 +123,7 @@ resource "aws_network_interface" "mgmt_nic" {
   description     = var.mgmt_nic_description
   private_ips     = var.mgmt_ips
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
-  subnet_id       = element(var.mgmt_subnet_id, count.index)
+  subnet_id       = element(var.mgmt_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
 }
 
@@ -133,7 +133,7 @@ resource "aws_network_interface" "public_nic" {
   description     = var.public_nic_description
   private_ips     = [element(var.public_ips, count.index)]
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
-  subnet_id       = element(var.public_subnet_id, count.index)
+  subnet_id       = element(var.public_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
 
   attachment {
@@ -149,7 +149,7 @@ resource "aws_network_interface" "private_nic" {
   private_ips       = [element(var.private_ips, count.index)]
   security_groups   = [aws_security_group.cato_lan_sg.id]
   source_dest_check = var.source_dest_check
-  subnet_id         = element(var.private_subnet_id, count.index)
+  subnet_id         = element(var.private_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
 
   attachment {
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 153e986b..051b4a52 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -63,8 +63,8 @@ variable "mgmt_ips" {
   type        = list(string)
 }
 
-variable "mgmt_subnet_id" {
-  description = "(Required) Subnet ID to create the ENI in."
+variable "mgmt_subnet_ids" {
+  description = "(Required) Subnet IDs to create the ENI in."
   type        = list(string)
 }
 
@@ -74,8 +74,8 @@ variable "public_nic_description" {
   type        = string
 }
 
-variable "public_subnet_id" {
-  description = "(Required) Subnet ID to create the ENI in."
+variable "public_subnet_ids" {
+  description = "(Required) Subnet IDs to create the ENI in."
   type        = list(string)
 }
 
@@ -85,8 +85,8 @@ variable "public_ips" {
   type        = list(string)
 }
 
-variable "private_subnet_id" {
-  description = "(Required) Subnet ID to create the ENI in."
+variable "private_subnet_ids" {
+  description = "(Required) Subnet IDs to create the ENI in."
   type        = list(string)
 }
 

From dc1875f79b70503757780bc7d6a31cbad44739b3 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 11:58:28 +0000
Subject: [PATCH 17/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 5ef47c97..c648b886 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -146,15 +146,15 @@ No modules.
 | <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_lan_sg"` | no |
 | <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.61.12",<br>  "10.11.62.12",<br>  "10.11.63.12"<br>]</pre> | no |
 | <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN mgmt nic"` | no |
-| <a name="input_mgmt_subnet_id"></a> [mgmt\_subnet\_id](#input\_mgmt\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
+| <a name="input_mgmt_subnet_ids"></a> [mgmt\_subnet\_ids](#input\_mgmt\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no |
 | <a name="input_number"></a> [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no |
 | <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.1.12",<br>  "10.11.2.12",<br>  "10.11.3.12"<br>]</pre> | no |
 | <a name="input_private_nic_description"></a> [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN private nic"` | no |
-| <a name="input_private_subnet_id"></a> [private\_subnet\_id](#input\_private\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
+| <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_public_ips"></a> [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br>  "10.11.201.12",<br>  "10.11.202.12",<br>  "10.11.203.12"<br>]</pre> | no |
 | <a name="input_public_nic_description"></a> [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN public nic"` | no |
-| <a name="input_public_subnet_id"></a> [public\_subnet\_id](#input\_public\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
+| <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_root_ebs_volume_encrypted"></a> [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no |
 | <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `16` | no |
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no |

From 3fab535cf8cde4f90025fd109176fb81ad1ca25b Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 09:55:38 -0400
Subject: [PATCH 18/86] changed the default to not include IP addresses

---
 modules/aws/vendor/velocloud/main.tf      | 6 +++---
 modules/aws/vendor/velocloud/variables.tf | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 093820d1..a48c880d 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -121,7 +121,7 @@ resource "aws_network_interface" "mgmt_nic" {
   # Ge1 is the management interface in VeloCloud and attached at eth0
   count           = var.number
   description     = var.mgmt_nic_description
-  private_ips     = var.mgmt_ips
+  private_ips     = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.mgmt_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
@@ -131,7 +131,7 @@ resource "aws_network_interface" "public_nic" {
   # Ge2 is the public interface in VeloCloud and attached at eth1
   count           = var.number
   description     = var.public_nic_description
-  private_ips     = [element(var.public_ips, count.index)]
+  private_ips     = var.public_ips == null ? null : [element(var.public_ips, count.index)]
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.public_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
@@ -146,7 +146,7 @@ resource "aws_network_interface" "private_nic" {
   # Ge3 is the private interface in VeloCloud and attached at eth2
   count             = var.number
   description       = var.private_nic_description
-  private_ips       = [element(var.private_ips, count.index)]
+  private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
   security_groups   = [aws_security_group.cato_lan_sg.id]
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.private_subnet_ids, count.index)
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 051b4a52..081b6c90 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -59,7 +59,7 @@ variable "mgmt_nic_description" {
 
 variable "mgmt_ips" {
   description = "(Optional) List of private IPs to assign to the ENI."
-  default     = ["10.11.61.12", "10.11.62.12", "10.11.63.12"]
+  default     = null
   type        = list(string)
 }
 
@@ -81,7 +81,7 @@ variable "public_subnet_ids" {
 
 variable "public_ips" {
   description = "(Optional) Private IP addresses to associate with the instance in a VPC."
-  default     = ["10.11.201.12", "10.11.202.12", "10.11.203.12"]
+  default     = null
   type        = list(string)
 }
 
@@ -98,7 +98,7 @@ variable "private_nic_description" {
 
 variable "private_ips" {
   description = "(Optional) List of private IPs to assign to the ENI."
-  default     = ["10.11.1.12", "10.11.2.12", "10.11.3.12"]
+  default     = null
   type        = list(string)
 }
 

From e416da410ee5756dc899a65e4941ad9747173a3c Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 13:56:17 +0000
Subject: [PATCH 19/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index c648b886..13ad8bae 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -144,15 +144,15 @@ No modules.
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Required) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | n/a | yes |
 | <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_lan_sg"` | no |
-| <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.61.12",<br>  "10.11.62.12",<br>  "10.11.63.12"<br>]</pre> | no |
+| <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no |
 | <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN mgmt nic"` | no |
 | <a name="input_mgmt_subnet_ids"></a> [mgmt\_subnet\_ids](#input\_mgmt\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no |
 | <a name="input_number"></a> [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no |
-| <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.1.12",<br>  "10.11.2.12",<br>  "10.11.3.12"<br>]</pre> | no |
+| <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no |
 | <a name="input_private_nic_description"></a> [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN private nic"` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
-| <a name="input_public_ips"></a> [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br>  "10.11.201.12",<br>  "10.11.202.12",<br>  "10.11.203.12"<br>]</pre> | no |
+| <a name="input_public_ips"></a> [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | `null` | no |
 | <a name="input_public_nic_description"></a> [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN public nic"` | no |
 | <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_root_ebs_volume_encrypted"></a> [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no |

From e501f00b7b70c7f806334118004af80e0d7df75c Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 10:35:08 -0400
Subject: [PATCH 20/86] changing key_name to optional

---
 modules/aws/vendor/velocloud/variables.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 081b6c90..7846c7fc 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -131,8 +131,9 @@ variable "instance_type" {
 }
 
 variable "key_name" {
-  description = "(Required) Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource."
+  description = "(Optional) Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource."
   type        = string
+  default     = null
 }
 
 variable "iam_instance_profile" {

From a409da4b0b6a04a80dfa2b8f8c4b52784a328d04 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 10:35:29 -0400
Subject: [PATCH 21/86] changed description for key_name to include default

---
 modules/aws/vendor/velocloud/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 7846c7fc..661a282e 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -131,7 +131,7 @@ variable "instance_type" {
 }
 
 variable "key_name" {
-  description = "(Optional) Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource."
+  description = "(Optional) Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource. Defaults to null."
   type        = string
   default     = null
 }

From 34fe04c80c7ec098f38c442bad80589286cf519d Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 14:36:09 +0000
Subject: [PATCH 22/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 13ad8bae..c9516754 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -142,7 +142,7 @@ No modules.
 | <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | (Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole. | `string` | `null` | no |
 | <a name="input_instance_name_prefix"></a> [instance\_name\_prefix](#input\_instance\_name\_prefix) | (Optional) Used to populate the Name tag. | `string` | `"aws_prod_sdwan"` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no |
-| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Required) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | n/a | yes |
+| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Optional) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. Defaults to null. | `string` | `null` | no |
 | <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_lan_sg"` | no |
 | <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no |
 | <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN mgmt nic"` | no |

From cb913f8f7f06dab1c083eebb6da18be9277e7a01 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 10:48:18 -0400
Subject: [PATCH 23/86] expanded validation to 19 characters

---
 modules/aws/vendor/velocloud/variables.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 661a282e..159e06da 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -170,8 +170,8 @@ variable "velocloud_activation_key" {
   description = "(Required) The activation key for the VeloCloud instance(s)."
   type        = string
   validation {
-    condition     = can(regex("^[A-Z0-9-]+{16}$", var.velocloud_activation_key))
-    error_message = "The activation key must be 16 characters long and contain only uppercase alphanumeric characters and hyphens."
+    condition     = can(regex("^[A-Z0-9-]+{19}$", var.velocloud_activation_key))
+    error_message = "The activation key must be 16 characters long with hyphens every 4 characters and contain only uppercase alphanumeric characters and hyphens. Example (AAA1-2BBB-3C3C-44D4)"
   }
 }
 

From 7c1a0e8aba1163d1feea1fe544322773f3d1def5 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 10:58:23 -0400
Subject: [PATCH 24/86] corrected the activation key validation

---
 modules/aws/vendor/velocloud/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 159e06da..5655dc19 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -170,7 +170,7 @@ variable "velocloud_activation_key" {
   description = "(Required) The activation key for the VeloCloud instance(s)."
   type        = string
   validation {
-    condition     = can(regex("^[A-Z0-9-]+{19}$", var.velocloud_activation_key))
+    condition     = can(regex("^[A-Z0-9-]{19}$", var.velocloud_activation_key))
     error_message = "The activation key must be 16 characters long with hyphens every 4 characters and contain only uppercase alphanumeric characters and hyphens. Example (AAA1-2BBB-3C3C-44D4)"
   }
 }

From b893ea3cd61de91b14d16fd95ec1a0452211c45c Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 11:04:32 -0400
Subject: [PATCH 25/86] fixed cato named sg

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index a48c880d..56bbdbad 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -147,7 +147,7 @@ resource "aws_network_interface" "private_nic" {
   count             = var.number
   description       = var.private_nic_description
   private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
-  security_groups   = [aws_security_group.cato_lan_sg.id]
+  security_groups   = [aws_security_group.velocloud_lan_sg.id]
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.private_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))

From 3bd0103772d45bd08c14f87989ade6aa356f9330 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 12:03:56 -0400
Subject: [PATCH 26/86] fixing ami lookup

---
 modules/aws/vendor/velocloud/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 56bbdbad..cf081595 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -17,6 +17,7 @@ data "aws_region" "current" {}
 data "aws_ami" "velocloud" {
   executable_users = ["self"]
   most_recent      = true
+  name_regex       = "VeloCloud VCE ${var.velocloud_version}*"
   owners           = ["679593333241"]
   filter {
     name   = "name"

From 8cbcfe70272948a18d1180398309c67a86cb6f81 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 12:09:37 -0400
Subject: [PATCH 27/86] changing the ami filter

---
 modules/aws/vendor/velocloud/main.tf | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index cf081595..02095b03 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -15,13 +15,14 @@ terraform {
 data "aws_region" "current" {}
 
 data "aws_ami" "velocloud" {
-  executable_users = ["self"]
+  # executable_users = ["self"]
   most_recent      = true
   name_regex       = "VeloCloud VCE ${var.velocloud_version}*"
-  owners           = ["679593333241"]
+  # owners           = ["679593333241"]
+
   filter {
-    name   = "name"
-    values = ["VeloCloud VCE ${var.velocloud_version}*"]
+    name   = "state"
+    values = ["available"]
   }
 }
 

From 1edc6f2a2f289cef625bc73ad7a6665d24c33922 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 16:10:11 +0000
Subject: [PATCH 28/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 02095b03..a2187dbe 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -16,8 +16,8 @@ data "aws_region" "current" {}
 
 data "aws_ami" "velocloud" {
   # executable_users = ["self"]
-  most_recent      = true
-  name_regex       = "VeloCloud VCE ${var.velocloud_version}*"
+  most_recent = true
+  name_regex  = "VeloCloud VCE ${var.velocloud_version}*"
   # owners           = ["679593333241"]
 
   filter {

From 2331aeac6f02b0054a0401dc825cb0928bbf7c5a Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 12:11:09 -0400
Subject: [PATCH 29/86] adding the owner filter

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 02095b03..0c481939 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -18,7 +18,7 @@ data "aws_ami" "velocloud" {
   # executable_users = ["self"]
   most_recent      = true
   name_regex       = "VeloCloud VCE ${var.velocloud_version}*"
-  # owners           = ["679593333241"]
+  owners           = ["679593333241"]
 
   filter {
     name   = "state"

From e92d7038393e34ca6abf09308262cacb5678ad36 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 16:12:55 +0000
Subject: [PATCH 30/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 0c481939..6433e76f 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -16,9 +16,9 @@ data "aws_region" "current" {}
 
 data "aws_ami" "velocloud" {
   # executable_users = ["self"]
-  most_recent      = true
-  name_regex       = "VeloCloud VCE ${var.velocloud_version}*"
-  owners           = ["679593333241"]
+  most_recent = true
+  name_regex  = "VeloCloud VCE ${var.velocloud_version}*"
+  owners      = ["679593333241"]
 
   filter {
     name   = "state"

From 466f4acff9d1c7f50e8f6a44d56c1958400174a9 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 12:16:37 -0400
Subject: [PATCH 31/86] removed an unused argument in the data ami source

---
 modules/aws/vendor/velocloud/main.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 6433e76f..7ff2fc98 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -15,7 +15,6 @@ terraform {
 data "aws_region" "current" {}
 
 data "aws_ami" "velocloud" {
-  # executable_users = ["self"]
   most_recent = true
   name_regex  = "VeloCloud VCE ${var.velocloud_version}*"
   owners      = ["679593333241"]

From fdbdda67bf3082379c8e7a39e7f69ad2120caf9b Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 14:53:08 -0400
Subject: [PATCH 32/86] reordering the nics

---
 modules/aws/vendor/velocloud/main.tf | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 7ff2fc98..2b21da56 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -126,6 +126,10 @@ resource "aws_network_interface" "mgmt_nic" {
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.mgmt_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 2
+  }
 }
 
 resource "aws_network_interface" "public_nic" {
@@ -136,11 +140,6 @@ resource "aws_network_interface" "public_nic" {
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.public_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
-
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 1
-  }
 }
 
 resource "aws_network_interface" "private_nic" {
@@ -155,7 +154,7 @@ resource "aws_network_interface" "private_nic" {
 
   attachment {
     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 2
+    device_index = 1
   }
 }
 
@@ -185,7 +184,7 @@ resource "aws_instance" "ec2_instance" {
   }
 
   network_interface {
-    network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
+    network_interface_id = element(aws_network_interface.public_nic[*].id, count.index)
     device_index         = 0
   }
 

From d13ea88b82447eb120586ccc613388febf6d708d Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 15:04:44 -0400
Subject: [PATCH 33/86] reordering the nic order for velocloud

---
 modules/aws/vendor/velocloud/main.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 2b21da56..737d55fe 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -126,10 +126,6 @@ resource "aws_network_interface" "mgmt_nic" {
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.mgmt_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 2
-  }
 }
 
 resource "aws_network_interface" "public_nic" {
@@ -140,6 +136,10 @@ resource "aws_network_interface" "public_nic" {
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
   subnet_id       = element(var.public_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 1
+  }
 }
 
 resource "aws_network_interface" "private_nic" {
@@ -154,7 +154,7 @@ resource "aws_network_interface" "private_nic" {
 
   attachment {
     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 1
+    device_index = 2
   }
 }
 

From c430d547092e710d513bd343939ecd5942c40866 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 15:08:21 -0400
Subject: [PATCH 34/86] switching the mgmt subnet to the public subnet

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 737d55fe..dc2bac38 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -124,7 +124,7 @@ resource "aws_network_interface" "mgmt_nic" {
   description     = var.mgmt_nic_description
   private_ips     = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
-  subnet_id       = element(var.mgmt_subnet_ids, count.index)
+  subnet_id       = element(var.public_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
 }
 

From cd1f234ea1eacdc63ca128b0b43910c105e64315 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 15:09:45 -0400
Subject: [PATCH 35/86] moving mgmt nic

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index dc2bac38..ca1336f3 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -184,7 +184,7 @@ resource "aws_instance" "ec2_instance" {
   }
 
   network_interface {
-    network_interface_id = element(aws_network_interface.public_nic[*].id, count.index)
+    network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
     device_index         = 0
   }
 

From 5862b3ffacb1b90e3e093abac9005d44d78d4fe2 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 15:23:35 -0400
Subject: [PATCH 36/86] going down to a single nic

---
 modules/aws/vendor/velocloud/main.tf | 58 ++++++++++++++--------------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index ca1336f3..159b60ed 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -128,35 +128,35 @@ resource "aws_network_interface" "mgmt_nic" {
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
 }
 
-resource "aws_network_interface" "public_nic" {
-  # Ge2 is the public interface in VeloCloud and attached at eth1
-  count           = var.number
-  description     = var.public_nic_description
-  private_ips     = var.public_ips == null ? null : [element(var.public_ips, count.index)]
-  security_groups = [aws_security_group.sdwan_mgmt_sg.id]
-  subnet_id       = element(var.public_subnet_ids, count.index)
-  tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 1
-  }
-}
-
-resource "aws_network_interface" "private_nic" {
-  # Ge3 is the private interface in VeloCloud and attached at eth2
-  count             = var.number
-  description       = var.private_nic_description
-  private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
-  security_groups   = [aws_security_group.velocloud_lan_sg.id]
-  source_dest_check = var.source_dest_check
-  subnet_id         = element(var.private_subnet_ids, count.index)
-  tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
-
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 2
-  }
-}
+# resource "aws_network_interface" "public_nic" {
+#   # Ge2 is the public interface in VeloCloud and attached at eth1
+#   count           = var.number
+#   description     = var.public_nic_description
+#   private_ips     = var.public_ips == null ? null : [element(var.public_ips, count.index)]
+#   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
+#   subnet_id       = element(var.public_subnet_ids, count.index)
+#   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
+#   attachment {
+#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
+#     device_index = 1
+#   }
+# }
+
+# resource "aws_network_interface" "private_nic" {
+#   # Ge3 is the private interface in VeloCloud and attached at eth2
+#   count             = var.number
+#   description       = var.private_nic_description
+#   private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
+#   security_groups   = [aws_security_group.velocloud_lan_sg.id]
+#   source_dest_check = var.source_dest_check
+#   subnet_id         = element(var.private_subnet_ids, count.index)
+#   tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
+
+#   attachment {
+#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
+#     device_index = 2
+#   }
+# }
 
 ############################################
 # EC2 Instance

From 8e330cc50b6061907695ccedd7dbc382cb916314 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 15:30:38 -0400
Subject: [PATCH 37/86] added a second EIP for the mgmt nic

---
 modules/aws/vendor/velocloud/main.tf | 69 ++++++++++++++++------------
 1 file changed, 40 insertions(+), 29 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 159b60ed..b6384a9a 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -103,6 +103,17 @@ resource "aws_security_group" "velocloud_lan_sg" {
 # EIP
 ############################################
 
+resource "aws_eip" "mgmt_external_ip" {
+  count  = var.number
+  domain = "vpc"
+}
+
+resource "aws_eip_association" "mgmt_external_ip" {
+  count                = var.number
+  allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
+  network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
+}
+
 resource "aws_eip" "wan_external_ip" {
   count  = var.number
   domain = "vpc"
@@ -128,35 +139,35 @@ resource "aws_network_interface" "mgmt_nic" {
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
 }
 
-# resource "aws_network_interface" "public_nic" {
-#   # Ge2 is the public interface in VeloCloud and attached at eth1
-#   count           = var.number
-#   description     = var.public_nic_description
-#   private_ips     = var.public_ips == null ? null : [element(var.public_ips, count.index)]
-#   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
-#   subnet_id       = element(var.public_subnet_ids, count.index)
-#   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
-#   attachment {
-#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-#     device_index = 1
-#   }
-# }
-
-# resource "aws_network_interface" "private_nic" {
-#   # Ge3 is the private interface in VeloCloud and attached at eth2
-#   count             = var.number
-#   description       = var.private_nic_description
-#   private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
-#   security_groups   = [aws_security_group.velocloud_lan_sg.id]
-#   source_dest_check = var.source_dest_check
-#   subnet_id         = element(var.private_subnet_ids, count.index)
-#   tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
-
-#   attachment {
-#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-#     device_index = 2
-#   }
-# }
+resource "aws_network_interface" "public_nic" {
+  # Ge2 is the public interface in VeloCloud and attached at eth1
+  count           = var.number
+  description     = var.public_nic_description
+  private_ips     = var.public_ips == null ? null : [element(var.public_ips, count.index)]
+  security_groups = [aws_security_group.sdwan_mgmt_sg.id]
+  subnet_id       = element(var.public_subnet_ids, count.index)
+  tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 1
+  }
+}
+
+resource "aws_network_interface" "private_nic" {
+  # Ge3 is the private interface in VeloCloud and attached at eth2
+  count             = var.number
+  description       = var.private_nic_description
+  private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
+  security_groups   = [aws_security_group.velocloud_lan_sg.id]
+  source_dest_check = var.source_dest_check
+  subnet_id         = element(var.private_subnet_ids, count.index)
+  tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
+
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 2
+  }
+}
 
 ############################################
 # EC2 Instance

From d3d74a49143cac8b21e1a5fbd345133aca156fb0 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 19:31:10 +0000
Subject: [PATCH 38/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index c9516754..79bf3529 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -121,7 +121,9 @@ No modules.
 |------|------|
 | [aws_cloudwatch_metric_alarm.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
 | [aws_cloudwatch_metric_alarm.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_eip.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_eip.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_eip_association.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
 | [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |

From 5687b1d95dfdb17c4e8f6ff07679216ccfd6a95b Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 16:18:00 -0400
Subject: [PATCH 39/86] removed unused variable and testing without private nic

---
 modules/aws/vendor/velocloud/main.tf      | 30 +++++++++++------------
 modules/aws/vendor/velocloud/variables.tf |  5 ----
 2 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index b6384a9a..8de119c8 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -153,21 +153,21 @@ resource "aws_network_interface" "public_nic" {
   }
 }
 
-resource "aws_network_interface" "private_nic" {
-  # Ge3 is the private interface in VeloCloud and attached at eth2
-  count             = var.number
-  description       = var.private_nic_description
-  private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
-  security_groups   = [aws_security_group.velocloud_lan_sg.id]
-  source_dest_check = var.source_dest_check
-  subnet_id         = element(var.private_subnet_ids, count.index)
-  tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
-
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 2
-  }
-}
+# resource "aws_network_interface" "private_nic" {
+#   # Ge3 is the private interface in VeloCloud and attached at eth2
+#   count             = var.number
+#   description       = var.private_nic_description
+#   private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
+#   security_groups   = [aws_security_group.velocloud_lan_sg.id]
+#   source_dest_check = var.source_dest_check
+#   subnet_id         = element(var.private_subnet_ids, count.index)
+#   tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
+
+#   attachment {
+#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
+#     device_index = 2
+#   }
+# }
 
 ############################################
 # EC2 Instance
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 5655dc19..2815a8cb 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -63,11 +63,6 @@ variable "mgmt_ips" {
   type        = list(string)
 }
 
-variable "mgmt_subnet_ids" {
-  description = "(Required) Subnet IDs to create the ENI in."
-  type        = list(string)
-}
-
 variable "public_nic_description" {
   description = "(Optional) Description for the network interface."
   default     = "SDWAN public nic"

From 587b2c83dc39aa8acd0e473432dc48182ee64bcc Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 20:18:43 +0000
Subject: [PATCH 40/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 79bf3529..2bb45b7e 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -127,7 +127,6 @@ No modules.
 | [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
 | [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
-| [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_security_group.sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group.velocloud_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
@@ -148,7 +147,6 @@ No modules.
 | <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_lan_sg"` | no |
 | <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no |
 | <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN mgmt nic"` | no |
-| <a name="input_mgmt_subnet_ids"></a> [mgmt\_subnet\_ids](#input\_mgmt\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no |
 | <a name="input_number"></a> [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no |
 | <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no |

From 0193551293942f10cfd164d39fa8223b77b3278e Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 16:21:00 -0400
Subject: [PATCH 41/86] commented out private output

---
 modules/aws/vendor/velocloud/outputs.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
index da9f9dab..68ed6b2e 100644
--- a/modules/aws/vendor/velocloud/outputs.tf
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -14,9 +14,9 @@ output "public_network_interface_id" {
   value = aws_network_interface.public_nic[*].id
 }
 
-output "private_network_interface_id" {
-  value = aws_network_interface.private_nic[*].id
-}
+# output "private_network_interface_id" {
+#   value = aws_network_interface.private_nic[*].id
+# }
 
 output "mgmt_network_interface_id" {
   value = aws_network_interface.mgmt_nic[*].id

From 5669fef3d0ca9655837695f4f58f20bbff3ac736 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 20:21:42 +0000
Subject: [PATCH 42/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 2bb45b7e..0ac4ea33 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -178,7 +178,6 @@ No modules.
 | <a name="output_eip_id"></a> [eip\_id](#output\_eip\_id) | n/a |
 | <a name="output_eip_public_ip"></a> [eip\_public\_ip](#output\_eip\_public\_ip) | n/a |
 | <a name="output_mgmt_network_interface_id"></a> [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a |
-| <a name="output_private_network_interface_id"></a> [private\_network\_interface\_id](#output\_private\_network\_interface\_id) | n/a |
 | <a name="output_public_network_interface_id"></a> [public\_network\_interface\_id](#output\_public\_network\_interface\_id) | n/a |
 <!-- END_TF_DOCS -->
 

From 560c54d50e172a1451d09827e174819a314f3dd1 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 16:26:10 -0400
Subject: [PATCH 43/86] updated outputs with correct order and new mgmt

---
 modules/aws/vendor/velocloud/outputs.tf | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
index 68ed6b2e..0e238f52 100644
--- a/modules/aws/vendor/velocloud/outputs.tf
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -1,13 +1,25 @@
-output "eip_id" {
+output "ec2_instance_id" {
+  value = aws_instance.ec2_instance[*].id
+}
+
+output "mgmt_eip_id" {
+  value = aws_eip.mgmt_external_ip[*].id
+}
+
+output "mgmt_eip_ip" {
+  value = aws_eip.mgmt_external_ip[*].public_ip
+}
+
+output "public_eip_id" {
   value = aws_eip.wan_external_ip[*].id
 }
 
-output "eip_public_ip" {
+output "public_eip_ip" {
   value = aws_eip.wan_external_ip[*].public_ip
 }
 
-output "ec2_instance_id" {
-  value = aws_instance.ec2_instance[*].id
+output "mgmt_network_interface_id" {
+  value = aws_network_interface.mgmt_nic[*].id
 }
 
 output "public_network_interface_id" {
@@ -17,7 +29,3 @@ output "public_network_interface_id" {
 # output "private_network_interface_id" {
 #   value = aws_network_interface.private_nic[*].id
 # }
-
-output "mgmt_network_interface_id" {
-  value = aws_network_interface.mgmt_nic[*].id
-}

From b45397aedc37eb68186fd717af5c5b88646cc3bf Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 20:26:46 +0000
Subject: [PATCH 44/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 0ac4ea33..e4e5eec5 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -175,9 +175,11 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_ec2_instance_id"></a> [ec2\_instance\_id](#output\_ec2\_instance\_id) | n/a |
-| <a name="output_eip_id"></a> [eip\_id](#output\_eip\_id) | n/a |
-| <a name="output_eip_public_ip"></a> [eip\_public\_ip](#output\_eip\_public\_ip) | n/a |
+| <a name="output_mgmt_eip_id"></a> [mgmt\_eip\_id](#output\_mgmt\_eip\_id) | n/a |
+| <a name="output_mgmt_eip_ip"></a> [mgmt\_eip\_ip](#output\_mgmt\_eip\_ip) | n/a |
 | <a name="output_mgmt_network_interface_id"></a> [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a |
+| <a name="output_public_eip_id"></a> [public\_eip\_id](#output\_public\_eip\_id) | n/a |
+| <a name="output_public_eip_ip"></a> [public\_eip\_ip](#output\_public\_eip\_ip) | n/a |
 | <a name="output_public_network_interface_id"></a> [public\_network\_interface\_id](#output\_public\_network\_interface\_id) | n/a |
 <!-- END_TF_DOCS -->
 

From cbb8656b294efad8aa1193ef30258833434262d6 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 16:36:20 -0400
Subject: [PATCH 45/86] fixes to user_data script

---
 modules/aws/vendor/velocloud/user_data.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/user_data.sh b/modules/aws/vendor/velocloud/user_data.sh
index 7ee7109d..9d19b667 100644
--- a/modules/aws/vendor/velocloud/user_data.sh
+++ b/modules/aws/vendor/velocloud/user_data.sh
@@ -1,4 +1,4 @@
-#cloud-config
+#cloud-config 
 velocloud:
   vce:
     vco: ${velocloud_orchestrator}

From 689c3ef960a5ce06ca155d0a936213e760df8034 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 16:49:39 -0400
Subject: [PATCH 46/86] testing base64 encoding

---
 modules/aws/vendor/velocloud/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 8de119c8..8accae7f 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -183,11 +183,11 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data = templatefile("${path.module}/user_data.sh", {
+  user_data_base64 = base64encode(templatefile("${path.module}/user_data.sh", {
     velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
     velocloud_orchestrator       = var.velocloud_orchestrator
-  })
+  }))
 
   metadata_options {
     http_endpoint = var.http_endpoint

From 80d0a086567d3daf242ad87e9f77c500e56df775 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Wed, 7 Aug 2024 16:57:10 -0400
Subject: [PATCH 47/86] matching with the AWS Marketplace

---
 modules/aws/vendor/velocloud/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index 2815a8cb..e3c0283e 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -151,7 +151,7 @@ variable "root_volume_type" {
 
 variable "root_volume_size" {
   description = "(Optional) Size of the root volume in gibibytes (GiB)."
-  default     = 16
+  default     = 8
   type        = number
 }
 

From 048c650066c7cd3a5597236cf286863e339bc349 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Wed, 7 Aug 2024 20:57:41 +0000
Subject: [PATCH 48/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index e4e5eec5..8ce92509 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -156,7 +156,7 @@ No modules.
 | <a name="input_public_nic_description"></a> [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN public nic"` | no |
 | <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_root_ebs_volume_encrypted"></a> [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no |
-| <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `16` | no |
+| <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `8` | no |
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no |
 | <a name="input_snmp_mgmt_access_cidr_blocks"></a> [snmp\_mgmt\_access\_cidr\_blocks](#input\_snmp\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SNMP into the VeloCloud instance. | `list(string)` | `[]` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |

From 642cb621120bb4bf3997fe0f3b8710c4dc06c79e Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:10:22 -0400
Subject: [PATCH 49/86] updated pr request template

---
 .github/pull_request_template.md | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index d6ed64d7..72c15310 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,12 +1,20 @@
 # Description
+<!-- Description of the changes introduced by this Pull Request (PR). Link to an issue or ticket where possible for more context.-->
+A brief description of the changes introduced by this Pull Request.
 
-<!-- Description of the changes introduced by this PR. -->
-<!-- Example:
-Fixes #123
-This module improves route53 scalability. -->
+## Issue or Ticket
+<!-- Link to the issue or ticket this PR addresses.-->
+Fixes #000
 
-# TODOs
+## Type of change
+<!-- What type of change does your code introduce? -->
+- [ ] Bugfix
+- [ ] New feature
+- [ ] Version update
 
+## TODOs
+<!-- Complete these tasks prior to requesting a review.-->
+- [ ] Validate your code matches the style of the project.
 - [ ] Update the docs.
-- [ ] All tests run successfull, including pre-commit checks.
-- [ ] Include release notes and description.
+- [ ] Validate all tests run successfull, including pre-commit checks.
+- [ ] Include release notes and description. This should include both a summary of the changes and any necessary context.

From 53e09a1ef0bc7ce7b1c36b933d14be7bbdb1934a Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:11:24 -0400
Subject: [PATCH 50/86] tweaks to improve and match the cloudformation template

---
 modules/aws/vendor/velocloud/main.tf    | 50 +++++++++++++------------
 modules/aws/vendor/velocloud/outputs.tf | 18 ++++-----
 2 files changed, 35 insertions(+), 33 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 8accae7f..5914a9c5 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -103,16 +103,16 @@ resource "aws_security_group" "velocloud_lan_sg" {
 # EIP
 ############################################
 
-resource "aws_eip" "mgmt_external_ip" {
-  count  = var.number
-  domain = "vpc"
-}
+# resource "aws_eip" "mgmt_external_ip" {
+#   count  = var.number
+#   domain = "vpc"
+# }
 
-resource "aws_eip_association" "mgmt_external_ip" {
-  count                = var.number
-  allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
-  network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
-}
+# resource "aws_eip_association" "mgmt_external_ip" {
+#   count                = var.number
+#   allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
+#   network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
+# }
 
 resource "aws_eip" "wan_external_ip" {
   count  = var.number
@@ -135,6 +135,7 @@ resource "aws_network_interface" "mgmt_nic" {
   description     = var.mgmt_nic_description
   private_ips     = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
+  source_dest_check = var.source_dest_check
   subnet_id       = element(var.public_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
 }
@@ -145,6 +146,7 @@ resource "aws_network_interface" "public_nic" {
   description     = var.public_nic_description
   private_ips     = var.public_ips == null ? null : [element(var.public_ips, count.index)]
   security_groups = [aws_security_group.sdwan_mgmt_sg.id]
+  source_dest_check = var.source_dest_check
   subnet_id       = element(var.public_subnet_ids, count.index)
   tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
   attachment {
@@ -153,21 +155,21 @@ resource "aws_network_interface" "public_nic" {
   }
 }
 
-# resource "aws_network_interface" "private_nic" {
-#   # Ge3 is the private interface in VeloCloud and attached at eth2
-#   count             = var.number
-#   description       = var.private_nic_description
-#   private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
-#   security_groups   = [aws_security_group.velocloud_lan_sg.id]
-#   source_dest_check = var.source_dest_check
-#   subnet_id         = element(var.private_subnet_ids, count.index)
-#   tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
-
-#   attachment {
-#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-#     device_index = 2
-#   }
-# }
+resource "aws_network_interface" "private_nic" {
+  # Ge3 is the private interface in VeloCloud and attached at eth2
+  count             = var.number
+  description       = var.private_nic_description
+  private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
+  security_groups   = [aws_security_group.velocloud_lan_sg.id]
+  source_dest_check = var.source_dest_check
+  subnet_id         = element(var.private_subnet_ids, count.index)
+  tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
+
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 2
+  }
+}
 
 ############################################
 # EC2 Instance
diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
index 0e238f52..32c13f03 100644
--- a/modules/aws/vendor/velocloud/outputs.tf
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -2,13 +2,13 @@ output "ec2_instance_id" {
   value = aws_instance.ec2_instance[*].id
 }
 
-output "mgmt_eip_id" {
-  value = aws_eip.mgmt_external_ip[*].id
-}
+# output "mgmt_eip_id" {
+#   value = aws_eip.mgmt_external_ip[*].id
+# }
 
-output "mgmt_eip_ip" {
-  value = aws_eip.mgmt_external_ip[*].public_ip
-}
+# output "mgmt_eip_ip" {
+#   value = aws_eip.mgmt_external_ip[*].public_ip
+# }
 
 output "public_eip_id" {
   value = aws_eip.wan_external_ip[*].id
@@ -26,6 +26,6 @@ output "public_network_interface_id" {
   value = aws_network_interface.public_nic[*].id
 }
 
-# output "private_network_interface_id" {
-#   value = aws_network_interface.private_nic[*].id
-# }
+output "private_network_interface_id" {
+  value = aws_network_interface.private_nic[*].id
+}

From 8af4e23527a9543f0e5895bb4d8b75748603e4f2 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Fri, 16 Aug 2024 15:12:13 +0000
Subject: [PATCH 51/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md |  6 ++----
 modules/aws/vendor/velocloud/main.tf   | 24 ++++++++++++------------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 8ce92509..1b2192b3 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -121,12 +121,11 @@ No modules.
 |------|------|
 | [aws_cloudwatch_metric_alarm.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
 | [aws_cloudwatch_metric_alarm.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
-| [aws_eip.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_eip.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
-| [aws_eip_association.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
 | [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
+| [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_security_group.sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group.velocloud_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
@@ -175,9 +174,8 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_ec2_instance_id"></a> [ec2\_instance\_id](#output\_ec2\_instance\_id) | n/a |
-| <a name="output_mgmt_eip_id"></a> [mgmt\_eip\_id](#output\_mgmt\_eip\_id) | n/a |
-| <a name="output_mgmt_eip_ip"></a> [mgmt\_eip\_ip](#output\_mgmt\_eip\_ip) | n/a |
 | <a name="output_mgmt_network_interface_id"></a> [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a |
+| <a name="output_private_network_interface_id"></a> [private\_network\_interface\_id](#output\_private\_network\_interface\_id) | n/a |
 | <a name="output_public_eip_id"></a> [public\_eip\_id](#output\_public\_eip\_id) | n/a |
 | <a name="output_public_eip_ip"></a> [public\_eip\_ip](#output\_public\_eip\_ip) | n/a |
 | <a name="output_public_network_interface_id"></a> [public\_network\_interface\_id](#output\_public\_network\_interface\_id) | n/a |
diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 5914a9c5..16cb8a03 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -131,24 +131,24 @@ resource "aws_eip_association" "wan_external_ip" {
 
 resource "aws_network_interface" "mgmt_nic" {
   # Ge1 is the management interface in VeloCloud and attached at eth0
-  count           = var.number
-  description     = var.mgmt_nic_description
-  private_ips     = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
-  security_groups = [aws_security_group.sdwan_mgmt_sg.id]
+  count             = var.number
+  description       = var.mgmt_nic_description
+  private_ips       = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
+  security_groups   = [aws_security_group.sdwan_mgmt_sg.id]
   source_dest_check = var.source_dest_check
-  subnet_id       = element(var.public_subnet_ids, count.index)
-  tags            = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
+  subnet_id         = element(var.public_subnet_ids, count.index)
+  tags              = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
 }
 
 resource "aws_network_interface" "public_nic" {
   # Ge2 is the public interface in VeloCloud and attached at eth1
-  count           = var.number
-  description     = var.public_nic_description
-  private_ips     = var.public_ips == null ? null : [element(var.public_ips, count.index)]
-  security_groups = [aws_security_group.sdwan_mgmt_sg.id]
+  count             = var.number
+  description       = var.public_nic_description
+  private_ips       = var.public_ips == null ? null : [element(var.public_ips, count.index)]
+  security_groups   = [aws_security_group.sdwan_mgmt_sg.id]
   source_dest_check = var.source_dest_check
-  subnet_id       = element(var.public_subnet_ids, count.index)
-  tags            = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
+  subnet_id         = element(var.public_subnet_ids, count.index)
+  tags              = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
   attachment {
     instance     = element(aws_instance.ec2_instance[*].id, count.index)
     device_index = 1

From 7d932a52b85d21fbf3e3fe2724975902f7890185 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:13:32 -0400
Subject: [PATCH 52/86] modified to no longer encode user_data

---
 modules/aws/vendor/velocloud/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 16cb8a03..f1568f6d 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -185,11 +185,11 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data_base64 = base64encode(templatefile("${path.module}/user_data.sh", {
+  user_data_base64 = templatefile("${path.module}/user_data.sh", {
     velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
     velocloud_orchestrator       = var.velocloud_orchestrator
-  }))
+  })
 
   metadata_options {
     http_endpoint = var.http_endpoint

From 8f3d15754b8de000616ee2c03099a9244f2daac1 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:20:36 -0400
Subject: [PATCH 53/86] fixed user_data argument

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index f1568f6d..1aa07cb9 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -185,7 +185,7 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data_base64 = templatefile("${path.module}/user_data.sh", {
+  user_data = templatefile("${path.module}/user_data.sh", {
     velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
     velocloud_orchestrator       = var.velocloud_orchestrator

From b074a000ecf88a760a7340c57c76875bdb8bfe32 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:31:15 -0400
Subject: [PATCH 54/86] added hibernation argument

---
 modules/aws/vendor/velocloud/main.tf      | 1 +
 modules/aws/vendor/velocloud/variables.tf | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 1aa07cb9..81725d4f 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -179,6 +179,7 @@ resource "aws_instance" "ec2_instance" {
   ami                  = data.aws_ami.velocloud.id
   count                = var.number
   ebs_optimized        = var.ebs_optimized
+  hibernation          = var.hibernation
   iam_instance_profile = var.iam_instance_profile
   instance_type        = var.instance_type
   key_name             = var.key_name
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index e3c0283e..a1277f73 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -119,6 +119,12 @@ variable "monitoring" {
   type        = bool
 }
 
+variable "hibernation" {
+  description = "(Optional) If true, the launched EC2 instance will support hibernation. (Available since v0.6.0)"
+  type        = bool
+  default     = null
+}
+
 variable "instance_type" {
   description = "(Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance."
   default     = "c5.xlarge"

From ec4179d38a6dfb34b33f330ca58f01e308544f41 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Fri, 16 Aug 2024 15:31:45 +0000
Subject: [PATCH 55/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 1b2192b3..b3124161 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -137,6 +137,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information. | `bool` | `true` | no |
+| <a name="input_hibernation"></a> [hibernation](#input\_hibernation) | (Optional) If true, the launched EC2 instance will support hibernation. (Available since v0.6.0) | `bool` | `null` | no |
 | <a name="input_http_endpoint"></a> [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no |
 | <a name="input_http_tokens"></a> [http\_tokens](#input\_http\_tokens) | (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"required"` | no |
 | <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | (Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole. | `string` | `null` | no |

From 5f33bac01f26ea03e832b914e109a5b58e922f4b Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:39:49 -0400
Subject: [PATCH 56/86] added source_dest_check argument to the instance

---
 modules/aws/vendor/velocloud/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 81725d4f..75b1cf2c 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -184,6 +184,7 @@ resource "aws_instance" "ec2_instance" {
   instance_type        = var.instance_type
   key_name             = var.key_name
   monitoring           = var.monitoring
+  source_dest_check    = var.source_dest_check
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   user_data = templatefile("${path.module}/user_data.sh", {

From 2a417e4acc4a46bdbfe2014319d3666ed340a227 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:43:39 -0400
Subject: [PATCH 57/86] removed source_dest_check from the instance

---
 modules/aws/vendor/velocloud/main.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 75b1cf2c..81725d4f 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -184,7 +184,6 @@ resource "aws_instance" "ec2_instance" {
   instance_type        = var.instance_type
   key_name             = var.key_name
   monitoring           = var.monitoring
-  source_dest_check    = var.source_dest_check
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   user_data = templatefile("${path.module}/user_data.sh", {

From 8a16dbee996195b9ab6e2546a0d29f4cffd6dfbb Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:54:06 -0400
Subject: [PATCH 58/86] transitioning to attachment of the nic

---
 modules/aws/vendor/velocloud/main.tf | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 81725d4f..49951593 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -138,6 +138,10 @@ resource "aws_network_interface" "mgmt_nic" {
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.public_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 0
+  }
 }
 
 resource "aws_network_interface" "public_nic" {
@@ -197,10 +201,10 @@ resource "aws_instance" "ec2_instance" {
     http_tokens   = var.http_tokens
   }
 
-  network_interface {
-    network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
-    device_index         = 0
-  }
+  # network_interface {
+  #   network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
+  #   device_index         = 0
+  # }
 
   root_block_device {
     volume_type = var.root_volume_type

From 9ab08208a2ca28d61be15845bd4aa50f510568dd Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:56:28 -0400
Subject: [PATCH 59/86] cleanup

---
 modules/aws/vendor/velocloud/main.tf | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 49951593..2c20c010 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -201,11 +201,6 @@ resource "aws_instance" "ec2_instance" {
     http_tokens   = var.http_tokens
   }
 
-  # network_interface {
-  #   network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
-  #   device_index         = 0
-  # }
-
   root_block_device {
     volume_type = var.root_volume_type
     volume_size = var.root_volume_size

From 4bfab40423f6ddece8088cc2d6eaa54f8d211954 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 16 Aug 2024 11:58:52 -0400
Subject: [PATCH 60/86] added name to the eip

---
 modules/aws/vendor/velocloud/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 2c20c010..7716f150 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -117,6 +117,7 @@ resource "aws_security_group" "velocloud_lan_sg" {
 resource "aws_eip" "wan_external_ip" {
   count  = var.number
   domain = "vpc"
+  tags = merge(var.tags, ({ "Name" = format("%s%d_wan", var.instance_name_prefix, count.index + 1) }))
 }
 
 resource "aws_eip_association" "wan_external_ip" {

From 9dd384900228e005e88d30c17ed22d02f94f668d Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Fri, 16 Aug 2024 15:59:29 +0000
Subject: [PATCH 61/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 7716f150..999c7059 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -117,7 +117,7 @@ resource "aws_security_group" "velocloud_lan_sg" {
 resource "aws_eip" "wan_external_ip" {
   count  = var.number
   domain = "vpc"
-  tags = merge(var.tags, ({ "Name" = format("%s%d_wan", var.instance_name_prefix, count.index + 1) }))
+  tags   = merge(var.tags, ({ "Name" = format("%s%d_wan", var.instance_name_prefix, count.index + 1) }))
 }
 
 resource "aws_eip_association" "wan_external_ip" {

From 945660ba5d48d23dbec00c2c5a82c4d658c9a939 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Thu, 26 Sep 2024 14:11:46 -0400
Subject: [PATCH 62/86] reconfiguring the nic order to match mettel

---
 modules/aws/vendor/velocloud/main.tf | 37 ++++++++++++++--------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 999c7059..f20062c7 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -130,23 +130,24 @@ resource "aws_eip_association" "wan_external_ip" {
 # ENI
 ############################################
 
-resource "aws_network_interface" "mgmt_nic" {
-  # Ge1 is the management interface in VeloCloud and attached at eth0
-  count             = var.number
-  description       = var.mgmt_nic_description
-  private_ips       = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
-  security_groups   = [aws_security_group.sdwan_mgmt_sg.id]
-  source_dest_check = var.source_dest_check
-  subnet_id         = element(var.public_subnet_ids, count.index)
-  tags              = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 0
-  }
-}
+# Removed during testing period to match the Mettel Velocloud template
+# resource "aws_network_interface" "mgmt_nic" {
+#   # Ge1 is the management interface in VeloCloud and attached at eth0
+#   count             = var.number
+#   description       = var.mgmt_nic_description
+#   private_ips       = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
+#   security_groups   = [aws_security_group.sdwan_mgmt_sg.id]
+#   source_dest_check = var.source_dest_check
+#   subnet_id         = element(var.public_subnet_ids, count.index)
+#   tags              = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
+#   attachment {
+#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
+#     device_index = 0
+#   }
+# }
 
 resource "aws_network_interface" "public_nic" {
-  # Ge2 is the public interface in VeloCloud and attached at eth1
+  # Ge1 is the public interface in VeloCloud and attached at eth0
   count             = var.number
   description       = var.public_nic_description
   private_ips       = var.public_ips == null ? null : [element(var.public_ips, count.index)]
@@ -156,12 +157,12 @@ resource "aws_network_interface" "public_nic" {
   tags              = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
   attachment {
     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 1
+    device_index = 0
   }
 }
 
 resource "aws_network_interface" "private_nic" {
-  # Ge3 is the private interface in VeloCloud and attached at eth2
+  # Ge2 is the private interface in VeloCloud and attached at eth1
   count             = var.number
   description       = var.private_nic_description
   private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
@@ -172,7 +173,7 @@ resource "aws_network_interface" "private_nic" {
 
   attachment {
     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 2
+    device_index = 1
   }
 }
 

From e3670e3549770342b3175470207551e48c918f11 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Thu, 26 Sep 2024 18:13:30 +0000
Subject: [PATCH 63/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/ebs_volume/README.md               |  2 +-
 modules/aws/ec2_domain_controller/README.md    |  2 +-
 modules/aws/flow_logs/README.md                |  2 +-
 modules/aws/fsx/README.md                      |  4 ++--
 modules/aws/iam/group/README.md                |  2 +-
 modules/aws/iam/policy/README.md               |  2 +-
 modules/aws/iam/role/README.md                 |  2 +-
 modules/aws/iam/saml_provider/README.md        |  2 +-
 modules/aws/identity_center/group/README.md    |  2 +-
 modules/aws/identity_center/user/README.md     |  2 +-
 modules/aws/keypair/README.md                  |  2 +-
 modules/aws/kinesis_firehose/README.md         |  2 +-
 modules/aws/kms/README.md                      |  2 +-
 modules/aws/lambda/README.md                   |  2 +-
 modules/aws/launch_template/README.md          | 18 +++++++++---------
 .../aws/organizations/organization/README.md   |  2 +-
 modules/aws/organizations/ou/README.md         |  2 +-
 modules/aws/rds/cluster_instance/README.md     |  2 +-
 modules/aws/route53/dnssec/README.md           |  2 +-
 .../aws/route53/registered_domain/README.md    | 10 +++++-----
 modules/aws/route53/zone/README.md             |  4 ++--
 modules/aws/s3/bucket/README.md                |  2 +-
 modules/aws/transfer_family/README.md          |  6 +++---
 modules/aws/transit_gateway/README.md          |  2 +-
 .../aws/transit_gateway_attachment/README.md   |  2 +-
 modules/aws/transit_gateway_connect/README.md  |  2 +-
 .../aws/transit_gateway_connect_peer/README.md |  2 +-
 modules/aws/vendor/cato_sdwan/README.md        |  8 ++++----
 modules/aws/vendor/corelight/README.md         |  2 +-
 .../aws/vendor/fortigate_firewall/README.md    |  8 ++++----
 modules/aws/vendor/silverpeak/README.md        |  2 +-
 modules/aws/vendor/velocloud/README.md         |  3 +--
 modules/aws/vpc/README.md                      | 16 ++++++++--------
 .../vpc_peering_connection_accepter/README.md  |  2 +-
 modules/aws/vpn/README.md                      | 16 ++++++++--------
 .../named_location/README.md                   |  4 ++--
 modules/azuread/group/README.md                |  2 +-
 modules/bootstrapping/aws/README.md            |  2 +-
 modules/services/aws_backup/README.md          |  2 +-
 modules/services/siem/README.md                |  8 ++++----
 modules/vsphere/datacenter/README.md           |  2 +-
 modules/vsphere/folder/README.md               |  2 +-
 42 files changed, 82 insertions(+), 83 deletions(-)

diff --git a/modules/aws/ebs_volume/README.md b/modules/aws/ebs_volume/README.md
index b1e2a2ba..b5d792e4 100644
--- a/modules/aws/ebs_volume/README.md
+++ b/modules/aws/ebs_volume/README.md
@@ -133,7 +133,7 @@ No modules.
 | <a name="input_skip_destroy"></a> [skip\_destroy](#input\_skip\_destroy) | (Optional, Boolean) Set this to true if you do not wish to detach the volume from the instance to which it is attached at destroy time, and instead just remove the attachment from Terraform state. This is useful when destroying an instance which has volumes created by some other means attached. | `bool` | `false` | no |
 | <a name="input_snapshot_id"></a> [snapshot\_id](#input\_snapshot\_id) | (Optional) A snapshot to base the EBS volume off of. | `string` | `null` | no |
 | <a name="input_stop_instance_before_detaching"></a> [stop\_instance\_before\_detaching](#input\_stop\_instance\_before\_detaching) | (Optional, Boolean) Set this to true to ensure that the target instance is stopped before trying to detach the volume. Stops the instance, if it is not already stopped. | `bool` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_throughput"></a> [throughput](#input\_throughput) | (Optional) The throughput that the volume supports, in MiB/s. Only valid for type of gp3. | `number` | `null` | no |
 | <a name="input_type"></a> [type](#input\_type) | (Optional) The type of EBS volume. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp3). | `string` | `"gp3"` | no |
 
diff --git a/modules/aws/ec2_domain_controller/README.md b/modules/aws/ec2_domain_controller/README.md
index d286adf9..43cf90ab 100644
--- a/modules/aws/ec2_domain_controller/README.md
+++ b/modules/aws/ec2_domain_controller/README.md
@@ -209,7 +209,7 @@ No modules.
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) The type of volume. Can be standard, gp2, gp3 or io1. (Default: standard) | `string` | `"gp3"` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true. | `bool` | `true` | no |
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | (Required) The VPC subnet(s) the instance(s) will be assigned and launched in. | `list(string)` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_tenancy"></a> [tenancy](#input\_tenancy) | (Optional) Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. Valid values are default, dedicated, and host. | `string` | `"default"` | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required) The ID of the VPC to which we would like to associate a DHCP Options Set. | `string` | n/a | yes |
diff --git a/modules/aws/flow_logs/README.md b/modules/aws/flow_logs/README.md
index 99cd7047..cd7d9d01 100644
--- a/modules/aws/flow_logs/README.md
+++ b/modules/aws/flow_logs/README.md
@@ -135,7 +135,7 @@ No modules.
 | <a name="input_key_is_enabled"></a> [key\_is\_enabled](#input\_key\_is\_enabled) | (Optional) Specifies whether the key is enabled. Defaults to true. | `string` | `true` | no |
 | <a name="input_key_name_prefix"></a> [key\_name\_prefix](#input\_key\_name\_prefix) | (Optional) Creates an unique alias beginning with the specified prefix. The name must start with the word alias followed by a forward slash (alias/). | `string` | `"alias/flow_logs_key_"` | no |
 | <a name="input_key_usage"></a> [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | <pre>{<br>  "created_by": "<YOUR_NAME>",<br>  "environment": "prod",<br>  "priority": "high",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | <pre>{<br/>  "created_by": "<YOUR_NAME>",<br/>  "environment": "prod",<br/>  "priority": "high",<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/fsx/README.md b/modules/aws/fsx/README.md
index 6e510a4d..d33fe48c 100644
--- a/modules/aws/fsx/README.md
+++ b/modules/aws/fsx/README.md
@@ -121,7 +121,7 @@ No modules.
 | <a name="input_daily_automatic_backup_start_time"></a> [daily\_automatic\_backup\_start\_time](#input\_daily\_automatic\_backup\_start\_time) | (Optional) The preferred time (in HH:MM format) to take daily automatic backups, in the UTC time zone. | `string` | `"23:59"` | no |
 | <a name="input_deletion_window_in_days"></a> [deletion\_window\_in\_days](#input\_deletion\_window\_in\_days) | (Optional) Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. | `number` | `30` | no |
 | <a name="input_deployment_type"></a> [deployment\_type](#input\_deployment\_type) | (Optional) Specifies the file system deployment type, valid values are MULTI\_AZ\_1, SINGLE\_AZ\_1 and SINGLE\_AZ\_2. Default value is SINGLE\_AZ\_1. | `string` | `"SINGLE_AZ_1"` | no |
-| <a name="input_dns_ips"></a> [dns\_ips](#input\_dns\_ips) | (Required) A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in RFC 1918. | `list(string)` | <pre>[<br>  "10.11.1.100",<br>  "10.11.2.100"<br>]</pre> | no |
+| <a name="input_dns_ips"></a> [dns\_ips](#input\_dns\_ips) | (Required) A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in RFC 1918. | `list(string)` | <pre>[<br/>  "10.11.1.100",<br/>  "10.11.2.100"<br/>]</pre> | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | (Required) The fully qualified domain name of the self-managed AD directory. For example, corp.example.com. | `string` | n/a | yes |
 | <a name="input_enable_audit_logs"></a> [enable\_audit\_logs](#input\_enable\_audit\_logs) | Determines count for cloudwatch log group, IAM policy, and IAM role. Defaults to true and enters a count of 1 to create resources. | `bool` | `true` | no |
 | <a name="input_enable_key_rotation"></a> [enable\_key\_rotation](#input\_enable\_key\_rotation) | (Optional) Specifies whether key rotation is enabled. Defaults to false. | `bool` | `true` | no |
@@ -143,7 +143,7 @@ No modules.
 | <a name="input_storage_capacity"></a> [storage\_capacity](#input\_storage\_capacity) | (Optional) Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536. If the storage type is set to HDD the minimum value is 2000. Required when not creating filesystem for a backup. | `number` | `2000` | no |
 | <a name="input_storage_type"></a> [storage\_type](#input\_storage\_type) | (Optional) Specifies the storage type, Valid values are SSD and HDD. HDD is supported on SINGLE\_AZ\_2 and MULTI\_AZ\_1 Windows file system deployment types. Default value is SSD. | `string` | `"SSD"` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | (Required) A list of IDs for the subnets that the file system will be accessible from. To specify more than a single subnet set deployment\_type to MULTI\_AZ\_1. | `list(any)` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(string)` | <pre>{<br>  "created_by": "<YOUR_NAME>",<br>  "environment": "prod",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(string)` | <pre>{<br/>  "created_by": "<YOUR_NAME>",<br/>  "environment": "prod",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_throughput_capacity"></a> [throughput\_capacity](#input\_throughput\_capacity) | (Required) Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of 8 and maximum of 2048. | `number` | `64` | no |
 | <a name="input_username"></a> [username](#input\_username) | (Required) The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. | `string` | n/a | yes |
 | <a name="input_weekly_maintenance_start_time"></a> [weekly\_maintenance\_start\_time](#input\_weekly\_maintenance\_start\_time) | (Optional) The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone. | `string` | `"1:01:00"` | no |
diff --git a/modules/aws/iam/group/README.md b/modules/aws/iam/group/README.md
index 430fad3f..41b49e20 100644
--- a/modules/aws/iam/group/README.md
+++ b/modules/aws/iam/group/README.md
@@ -113,7 +113,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_groups"></a> [groups](#input\_groups) | (Required) - A map of groups to create. The key is the name of the group, and the value is a map of the group configuration. | <pre>map(object({<br>    policy_arns = set(string)<br>  }))</pre> | n/a | yes |
+| <a name="input_groups"></a> [groups](#input\_groups) | (Required) - A map of groups to create. The key is the name of the group, and the value is a map of the group configuration. | <pre>map(object({<br/>    policy_arns = set(string)<br/>  }))</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/aws/iam/policy/README.md b/modules/aws/iam/policy/README.md
index 8d04eb69..fb3b1a48 100644
--- a/modules/aws/iam/policy/README.md
+++ b/modules/aws/iam/policy/README.md
@@ -111,7 +111,7 @@ No modules.
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | (Required) The prefix used to generate a unique name of the policy. If omitted, Terraform will assign a random, unique name. Changes to the name will force the creation of a new resource. | `string` | n/a | yes |
 | <a name="input_path"></a> [path](#input\_path) | (Optional) Path in which to create the policy. See IAM Identifiers for more information. Defaults to `/`. | `string` | `"/"` | no |
 | <a name="input_policy"></a> [policy](#input\_policy) | (Required) The policy document. This is a JSON formatted string. The heredoc syntax, file function, or the aws\_iam\_policy\_document data source are all helpful here. | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM policy. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM policy. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/iam/role/README.md b/modules/aws/iam/role/README.md
index ebf7ba89..49c15652 100644
--- a/modules/aws/iam/role/README.md
+++ b/modules/aws/iam/role/README.md
@@ -120,7 +120,7 @@ No modules.
 | <a name="input_path"></a> [path](#input\_path) | (Optional) The path to the role. | `string` | `"/"` | no |
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | (Optional) The ARN of the policy that is used to set the permissions boundary for the role. | `string` | `null` | no |
 | <a name="input_policy_arns"></a> [policy\_arns](#input\_policy\_arns) | (Required) - A list of ARNs of the policies which you want attached to the role. | `list(string)` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM role. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM role. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/iam/saml_provider/README.md b/modules/aws/iam/saml_provider/README.md
index 678af7cb..595c7f2e 100644
--- a/modules/aws/iam/saml_provider/README.md
+++ b/modules/aws/iam/saml_provider/README.md
@@ -108,7 +108,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) The name of the provider to create. | `string` | n/a | yes |
 | <a name="input_saml_metadata_document"></a> [saml\_metadata\_document](#input\_saml\_metadata\_document) | (Required) An XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM SAML provider. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM SAML provider. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/identity_center/group/README.md b/modules/aws/identity_center/group/README.md
index 9e98760c..c1359276 100755
--- a/modules/aws/identity_center/group/README.md
+++ b/modules/aws/identity_center/group/README.md
@@ -115,7 +115,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_groups"></a> [groups](#input\_groups) | (Required) The list of groups to create. | <pre>map(object({<br>    display_name = string # (Required) The friendly name to identify the group.<br>    description  = string # (Optional) The description of the group.<br>  }))</pre> | n/a | yes |
+| <a name="input_groups"></a> [groups](#input\_groups) | (Required) The list of groups to create. | <pre>map(object({<br/>    display_name = string # (Required) The friendly name to identify the group.<br/>    description  = string # (Optional) The description of the group.<br/>  }))</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/aws/identity_center/user/README.md b/modules/aws/identity_center/user/README.md
index eef614e0..20a5f975 100755
--- a/modules/aws/identity_center/user/README.md
+++ b/modules/aws/identity_center/user/README.md
@@ -117,7 +117,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_users"></a> [users](#input\_users) | (Required) The list of users to create. | <pre>map(object({<br>    display_name = string # (Required) The friendly name to identify the user.<br>    given_name   = string # (Required) The given name of the user.<br>    family_name  = string # (Required) The family name of the user.<br>    user_name    = string # (Required) The username of the user.<br><br>    honorific_prefix = optional(string) # (Optional) The honorific prefix of the user.<br>    honorific_suffix = optional(string) # (Optional) The honorific suffix of the user.<br>    middle_name      = optional(string) # (Optional) The middle name of the user.<br>    nickname         = optional(string) # (Optional) The nickname of the user.<br><br>    email                   = optional(string) # (Optional) The email address of the user.<br>    email_is_primary        = optional(bool)   # (Optional) Indicates whether the email address is the primary email address of the user.<br>    email_type              = optional(string) # (Optional) The type of the email address of the user.<br>    phone_number            = optional(string) # (Optional) The phone number of the user.<br>    phone_number_is_primary = optional(bool)   # (Optional) Indicates whether the phone number is the primary phone number of the user.<br>    phone_number_type       = optional(string) # (Optional) The type of the phone number of the user.<br><br>    preferred_language = optional(string) # (Optional) The user's preferred language.<br>    timezone           = optional(string) # (Optional) The user's time zone.<br>    title              = optional(string) # (Optional) The user's title.<br>    user_type          = optional(string) # (Optional) The type of the user.<br>  }))</pre> | n/a | yes |
+| <a name="input_users"></a> [users](#input\_users) | (Required) The list of users to create. | <pre>map(object({<br/>    display_name = string # (Required) The friendly name to identify the user.<br/>    given_name   = string # (Required) The given name of the user.<br/>    family_name  = string # (Required) The family name of the user.<br/>    user_name    = string # (Required) The username of the user.<br/><br/>    honorific_prefix = optional(string) # (Optional) The honorific prefix of the user.<br/>    honorific_suffix = optional(string) # (Optional) The honorific suffix of the user.<br/>    middle_name      = optional(string) # (Optional) The middle name of the user.<br/>    nickname         = optional(string) # (Optional) The nickname of the user.<br/><br/>    email                   = optional(string) # (Optional) The email address of the user.<br/>    email_is_primary        = optional(bool)   # (Optional) Indicates whether the email address is the primary email address of the user.<br/>    email_type              = optional(string) # (Optional) The type of the email address of the user.<br/>    phone_number            = optional(string) # (Optional) The phone number of the user.<br/>    phone_number_is_primary = optional(bool)   # (Optional) Indicates whether the phone number is the primary phone number of the user.<br/>    phone_number_type       = optional(string) # (Optional) The type of the phone number of the user.<br/><br/>    preferred_language = optional(string) # (Optional) The user's preferred language.<br/>    timezone           = optional(string) # (Optional) The user's time zone.<br/>    title              = optional(string) # (Optional) The user's title.<br/>    user_type          = optional(string) # (Optional) The type of the user.<br/>  }))</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/aws/keypair/README.md b/modules/aws/keypair/README.md
index 9542dc21..ef8310d7 100644
--- a/modules/aws/keypair/README.md
+++ b/modules/aws/keypair/README.md
@@ -120,7 +120,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_key_name_prefix"></a> [key\_name\_prefix](#input\_key\_name\_prefix) | (Required) Name prefix, used to generate unique keypair name used with AWS services | `string` | n/a | yes |
 | <a name="input_public_key"></a> [public\_key](#input\_public\_key) | (Required) The public key material. | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/kinesis_firehose/README.md b/modules/aws/kinesis_firehose/README.md
index 9bcd5265..c92de970 100644
--- a/modules/aws/kinesis_firehose/README.md
+++ b/modules/aws/kinesis_firehose/README.md
@@ -140,7 +140,7 @@ No modules.
 | <a name="input_s3_lifecycle_id"></a> [s3\_lifecycle\_id](#input\_s3\_lifecycle\_id) | (Optional) Unique identifier for the rule. Must be less than or equal to 255 characters in length. | `string` | `"delete_after_7_days"` | no |
 | <a name="input_s3_lifecycle_prefix"></a> [s3\_lifecycle\_prefix](#input\_s3\_lifecycle\_prefix) | (Optional) Object key prefix identifying one or more objects to which the rule applies. | `string` | `""` | no |
 | <a name="input_s3_policy"></a> [s3\_policy](#input\_s3\_policy) | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | `string` | `""` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | <pre>{<br>  "created_by": "<YOUR_NAME>",<br>  "environment": "prod",<br>  "priority": "low",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | <pre>{<br/>  "created_by": "<YOUR_NAME>",<br/>  "environment": "prod",<br/>  "priority": "low",<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/kms/README.md b/modules/aws/kms/README.md
index ff24caa9..3cc0046f 100644
--- a/modules/aws/kms/README.md
+++ b/modules/aws/kms/README.md
@@ -114,7 +114,7 @@ No modules.
 | <a name="input_key_usage"></a> [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Optional) The display name of the alias. The name must start with the word 'alias' followed by a forward slash | `string` | n/a | yes |
 | <a name="input_policy"></a> [policy](#input\_policy) | (Optional) A valid policy JSON document. | `string` | `null` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | <pre>{<br>  "created_by": "terraform",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | <pre>{<br/>  "created_by": "terraform",<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/lambda/README.md b/modules/aws/lambda/README.md
index 9ae9a336..253c4d8b 100644
--- a/modules/aws/lambda/README.md
+++ b/modules/aws/lambda/README.md
@@ -122,7 +122,7 @@ No modules.
 | <a name="input_runtime"></a> [runtime](#input\_runtime) | (Required) See Runtimes for valid values. | `string` | `"python3.6"` | no |
 | <a name="input_source_code_hash"></a> [source\_code\_hash](#input\_source\_code\_hash) | (Optional) Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3\_key | `any` | n/a | yes |
 | <a name="input_timeout"></a> [timeout](#input\_timeout) | (Optional) The amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits | `number` | `180` | no |
-| <a name="input_variables"></a> [variables](#input\_variables) | (Optional) A map that defines environment variables for the Lambda function. | `map` | <pre>{<br>  "lambda": "true"<br>}</pre> | no |
+| <a name="input_variables"></a> [variables](#input\_variables) | (Optional) A map that defines environment variables for the Lambda function. | `map` | <pre>{<br/>  "lambda": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/launch_template/README.md b/modules/aws/launch_template/README.md
index 9099a578..49b84b5e 100755
--- a/modules/aws/launch_template/README.md
+++ b/modules/aws/launch_template/README.md
@@ -133,11 +133,11 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_auto_recovery"></a> [auto\_recovery](#input\_auto\_recovery) | (Optional) Disables the automatic recovery behavior of your instance or sets it to default. Can be 'default' or 'disabled'. See Recover your instance for more details. | `string` | `"default"` | no |
-| <a name="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings) | (Optional) Customize EBS volumes attached to the instance. | <pre>list(object({<br>    device_name = string<br>    ebs = object({<br>      delete_on_termination = bool<br>      encrypted             = bool<br>      iops                  = number<br>      kms_key_id            = string<br>      snapshot_id           = string<br>      throughput            = number<br>      volume_size           = number<br>      volume_type           = string<br>    })<br>  }))</pre> | `[]` | no |
-| <a name="input_credit_specification"></a> [credit\_specification](#input\_credit\_specification) | (Optional) Customize the credit specification of the instance. See Credit Specification below for more details. | <pre>object({<br>    cpu_credits = string<br>  })</pre> | <pre>{<br>  "cpu_credits": "standard"<br>}</pre> | no |
+| <a name="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings) | (Optional) Customize EBS volumes attached to the instance. | <pre>list(object({<br/>    device_name = string<br/>    ebs = object({<br/>      delete_on_termination = bool<br/>      encrypted             = bool<br/>      iops                  = number<br/>      kms_key_id            = string<br/>      snapshot_id           = string<br/>      throughput            = number<br/>      volume_size           = number<br/>      volume_type           = string<br/>    })<br/>  }))</pre> | `[]` | no |
+| <a name="input_credit_specification"></a> [credit\_specification](#input\_credit\_specification) | (Optional) Customize the credit specification of the instance. See Credit Specification below for more details. | <pre>object({<br/>    cpu_credits = string<br/>  })</pre> | <pre>{<br/>  "cpu_credits": "standard"<br/>}</pre> | no |
 | <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. Default is true | `bool` | `true` | no |
-| <a name="input_enclave_options"></a> [enclave\_options](#input\_enclave\_options) | (Optional) Customize the Enclave Options of the instance. See Enclave Options below for more details. | <pre>object({<br>    enabled = bool<br>  })</pre> | `null` | no |
-| <a name="input_hibernation_options"></a> [hibernation\_options](#input\_hibernation\_options) | (Optional) Customize the Hibernation Options of the instance. See Hibernation Options below for more details. | <pre>object({<br>    configured = bool<br>  })</pre> | `null` | no |
+| <a name="input_enclave_options"></a> [enclave\_options](#input\_enclave\_options) | (Optional) Customize the Enclave Options of the instance. See Enclave Options below for more details. | <pre>object({<br/>    enabled = bool<br/>  })</pre> | `null` | no |
+| <a name="input_hibernation_options"></a> [hibernation\_options](#input\_hibernation\_options) | (Optional) Customize the Hibernation Options of the instance. See Hibernation Options below for more details. | <pre>object({<br/>    configured = bool<br/>  })</pre> | `null` | no |
 | <a name="input_http_endpoint"></a> [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Can be 'enabled' or 'disabled'. Default is 'enabled'. | `string` | `"enabled"` | no |
 | <a name="input_http_protocol_ipv6"></a> [http\_protocol\_ipv6](#input\_http\_protocol\_ipv6) | (Optional) Enables or disables the IPv6 endpoint for the instance metadata service. Default is disable. | `string` | `"disabled"` | no |
 | <a name="input_http_put_response_hop_limit"></a> [http\_put\_response\_hop\_limit](#input\_http\_put\_response\_hop\_limit) | (Optional) The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Can be an integer from 1 to 64. (Default: 1). | `number` | `1` | no |
@@ -149,13 +149,13 @@ No modules.
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | (Required) The type of the instance. If present then instance\_requirements cannot be present. | `string` | n/a | yes |
 | <a name="input_kernel_id"></a> [kernel\_id](#input\_kernel\_id) | (Optional) The ID of the kernel. | `string` | `null` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Optional) The key name that should be used for the instance. | `string` | `null` | no |
-| <a name="input_license_specification"></a> [license\_specification](#input\_license\_specification) | (Optional) Customize the License Specification of the instance. See License Specification below for more details. | <pre>list(object({<br>    license_configuration_arn = string<br>  }))</pre> | `null` | no |
+| <a name="input_license_specification"></a> [license\_specification](#input\_license\_specification) | (Optional) Customize the License Specification of the instance. See License Specification below for more details. | <pre>list(object({<br/>    license_configuration_arn = string<br/>  }))</pre> | `null` | no |
 | <a name="input_monitoring_enabled"></a> [monitoring\_enabled](#input\_monitoring\_enabled) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. Default is true. | `bool` | `true` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | (Required) Creates a unique name for the launch template beginning with the specified prefix. Conflicts with name. | `string` | n/a | yes |
-| <a name="input_network_interfaces"></a> [network\_interfaces](#input\_network\_interfaces) | (Optional) Customize the Network Interfaces of the instance. See Network Interfaces below for more details. | <pre>list(object({<br>    associate_carrier_ip_address = bool<br>    associate_public_ip_address  = bool<br>    delete_on_termination        = bool<br>    description                  = string<br>    device_index                 = number<br>    ipv6_address_count           = number<br>    ipv6_addresses               = list(string)<br>    network_interface_id         = string<br>    private_ip_address           = string<br>    security_groups              = list(string)<br>    subnet_id                    = string<br>  }))</pre> | `null` | no |
-| <a name="input_placement"></a> [placement](#input\_placement) | (Optional) Customize the Placement of the instance. See Placement below for more details. | <pre>object({<br>    affinity          = string<br>    availability_zone = string<br>    group_name        = string<br>    host_id           = string<br>    spread_domain     = string<br>    tenancy           = string<br>  })</pre> | `null` | no |
-| <a name="input_tag_specifications"></a> [tag\_specifications](#input\_tag\_specifications) | (Optional) Customize the Tag Specifications of the instance. See Tag Specifications below for more details. | <pre>list(object({<br>    resource_type = string<br>    tags          = map(string)<br>  }))</pre> | <pre>[<br>  {<br>    "resource_type": "instance",<br>    "tags": {<br>      "environment": "prod",<br>      "launch_template": "true",<br>      "terraform": "true"<br>    }<br>  },<br>  {<br>    "resource_type": "volume",<br>    "tags": {<br>      "environment": "prod",<br>      "launch_template": "true",<br>      "terraform": "true"<br>    }<br>  }<br>]</pre> | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the launch template. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_network_interfaces"></a> [network\_interfaces](#input\_network\_interfaces) | (Optional) Customize the Network Interfaces of the instance. See Network Interfaces below for more details. | <pre>list(object({<br/>    associate_carrier_ip_address = bool<br/>    associate_public_ip_address  = bool<br/>    delete_on_termination        = bool<br/>    description                  = string<br/>    device_index                 = number<br/>    ipv6_address_count           = number<br/>    ipv6_addresses               = list(string)<br/>    network_interface_id         = string<br/>    private_ip_address           = string<br/>    security_groups              = list(string)<br/>    subnet_id                    = string<br/>  }))</pre> | `null` | no |
+| <a name="input_placement"></a> [placement](#input\_placement) | (Optional) Customize the Placement of the instance. See Placement below for more details. | <pre>object({<br/>    affinity          = string<br/>    availability_zone = string<br/>    group_name        = string<br/>    host_id           = string<br/>    spread_domain     = string<br/>    tenancy           = string<br/>  })</pre> | `null` | no |
+| <a name="input_tag_specifications"></a> [tag\_specifications](#input\_tag\_specifications) | (Optional) Customize the Tag Specifications of the instance. See Tag Specifications below for more details. | <pre>list(object({<br/>    resource_type = string<br/>    tags          = map(string)<br/>  }))</pre> | <pre>[<br/>  {<br/>    "resource_type": "instance",<br/>    "tags": {<br/>      "environment": "prod",<br/>      "launch_template": "true",<br/>      "terraform": "true"<br/>    }<br/>  },<br/>  {<br/>    "resource_type": "volume",<br/>    "tags": {<br/>      "environment": "prod",<br/>      "launch_template": "true",<br/>      "terraform": "true"<br/>    }<br/>  }<br/>]</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the launch template. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_update_default_version"></a> [update\_default\_version](#input\_update\_default\_version) | (Optional) Whether to update Default Version each update. Conflicts with default\_version. Default is false. | `bool` | `true` | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) The Base64-encoded user data to provide when launching the instance. | `string` | `null` | no |
 | <a name="input_vpc_security_group_ids"></a> [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | (Optional) A list of security group IDs to associate with. Conflicts with network\_interfaces.security\_groups | `list(string)` | `[]` | no |
diff --git a/modules/aws/organizations/organization/README.md b/modules/aws/organizations/organization/README.md
index 00fad968..72de195e 100644
--- a/modules/aws/organizations/organization/README.md
+++ b/modules/aws/organizations/organization/README.md
@@ -111,7 +111,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_aws_service_access_principals"></a> [aws\_service\_access\_principals](#input\_aws\_service\_access\_principals) | (Optional) List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature\_set set to ALL. For additional information, see the AWS Organizations User Guide. | `list(string)` | <pre>[<br>  "account.amazonaws.com",<br>  "aws-artifact-account-sync.amazonaws.com",<br>  "backup.amazonaws.com",<br>  "cloudtrail.amazonaws.com",<br>  "health.amazonaws.com",<br>  "sso.amazonaws.com"<br>]</pre> | no |
+| <a name="input_aws_service_access_principals"></a> [aws\_service\_access\_principals](#input\_aws\_service\_access\_principals) | (Optional) List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature\_set set to ALL. For additional information, see the AWS Organizations User Guide. | `list(string)` | <pre>[<br/>  "account.amazonaws.com",<br/>  "aws-artifact-account-sync.amazonaws.com",<br/>  "backup.amazonaws.com",<br/>  "cloudtrail.amazonaws.com",<br/>  "health.amazonaws.com",<br/>  "sso.amazonaws.com"<br/>]</pre> | no |
 | <a name="input_enabled_policy_types"></a> [enabled\_policy\_types](#input\_enabled\_policy\_types) | (Optional) List of Organizations policy types to enable in the Organization Root. Organization must have feature\_set set to ALL. For additional information about valid policy types (e.g., AISERVICES\_OPT\_OUT\_POLICY, BACKUP\_POLICY, SERVICE\_CONTROL\_POLICY, and TAG\_POLICY), see the AWS Organizations API Reference. | `list(string)` | `null` | no |
 | <a name="input_feature_set"></a> [feature\_set](#input\_feature\_set) | (Optional) Specify 'ALL' (default) or 'CONSOLIDATED\_BILLING'. | `string` | `"ALL"` | no |
 
diff --git a/modules/aws/organizations/ou/README.md b/modules/aws/organizations/ou/README.md
index feb49904..99d8c026 100755
--- a/modules/aws/organizations/ou/README.md
+++ b/modules/aws/organizations/ou/README.md
@@ -108,7 +108,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) The name of the Organizational Unit. | `string` | n/a | yes |
 | <a name="input_parent_id"></a> [parent\_id](#input\_parent\_id) | (Required) The unique identifier (ID) of the parent root or organizational unit (OU) that you want to create the OU in. | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/rds/cluster_instance/README.md b/modules/aws/rds/cluster_instance/README.md
index a79363d6..90869296 100644
--- a/modules/aws/rds/cluster_instance/README.md
+++ b/modules/aws/rds/cluster_instance/README.md
@@ -136,7 +136,7 @@ No modules.
 | <a name="input_performance_insights_kms_key_id"></a> [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | (Optional) The ARN for the KMS key to encrypt Performance Insights data. When specifying performance\_insights\_kms\_key\_id, performance\_insights\_enabled needs to be set to true. | `string` | `null` | no |
 | <a name="input_promotion_tier"></a> [promotion\_tier](#input\_promotion\_tier) | (Optional) Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer. | `number` | `0` | no |
 | <a name="input_publicly_accessible"></a> [publicly\_accessible](#input\_publicly\_accessible) | (Optional) Bool to control if instance is publicly accessible. Default false. See the documentation on Creating DB Instances for more details on controlling this property. | `string` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the instance. | `map(any)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the instance. | `map(any)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/route53/dnssec/README.md b/modules/aws/route53/dnssec/README.md
index 23d18892..b9da8350 100644
--- a/modules/aws/route53/dnssec/README.md
+++ b/modules/aws/route53/dnssec/README.md
@@ -143,7 +143,7 @@ No modules.
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | (Optional) Creates an unique alias beginning with the specified prefix. The name must start with the word alias followed by a forward slash (alias/). | `string` | `"alias/dnssec_"` | no |
 | <a name="input_signing_status"></a> [signing\_status](#input\_signing\_status) | (Optional) Hosted Zone signing status. Valid values: SIGNING, NOT\_SIGNING. Defaults to SIGNING. | `string` | `"SIGNING"` | no |
 | <a name="input_status"></a> [status](#input\_status) | (Optional) Status of the key-signing key (KSK). Valid values: ACTIVE, INACTIVE. Defaults to ACTIVE. | `string` | `"ACTIVE"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the object. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the object. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/route53/registered_domain/README.md b/modules/aws/route53/registered_domain/README.md
index 6c04436d..9ebc2684 100755
--- a/modules/aws/route53/registered_domain/README.md
+++ b/modules/aws/route53/registered_domain/README.md
@@ -151,13 +151,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_admin_contact"></a> [admin\_contact](#input\_admin\_contact) | The admin contact information for the domain. | <pre>object({<br>    address_line_1    = string<br>    address_line_2    = string<br>    city              = string<br>    contact_type      = string<br>    country_code      = string<br>    email             = string<br>    extra_params      = map(any)<br>    fax               = string<br>    first_name        = string<br>    last_name         = string<br>    organization_name = string<br>    phone_number      = string<br>    state             = string<br>    zip_code          = string<br>  })</pre> | n/a | yes |
+| <a name="input_admin_contact"></a> [admin\_contact](#input\_admin\_contact) | The admin contact information for the domain. | <pre>object({<br/>    address_line_1    = string<br/>    address_line_2    = string<br/>    city              = string<br/>    contact_type      = string<br/>    country_code      = string<br/>    email             = string<br/>    extra_params      = map(any)<br/>    fax               = string<br/>    first_name        = string<br/>    last_name         = string<br/>    organization_name = string<br/>    phone_number      = string<br/>    state             = string<br/>    zip_code          = string<br/>  })</pre> | n/a | yes |
 | <a name="input_admin_privacy"></a> [admin\_privacy](#input\_admin\_privacy) | Whether to enable admin privacy protection. Default is true. | `bool` | `true` | no |
-| <a name="input_domains"></a> [domains](#input\_domains) | A map of domains to register with Route53. | <pre>map(object({<br>    auto_renew    = bool<br>    name_servers  = list(string)<br>    transfer_lock = bool<br>  }))</pre> | n/a | yes |
-| <a name="input_registrant_contact"></a> [registrant\_contact](#input\_registrant\_contact) | The registrant contact information for the domain. | <pre>object({<br>    address_line_1    = string<br>    address_line_2    = string<br>    city              = string<br>    contact_type      = string<br>    country_code      = string<br>    email             = string<br>    extra_params      = map(any)<br>    fax               = string<br>    first_name        = string<br>    last_name         = string<br>    organization_name = string<br>    phone_number      = string<br>    state             = string<br>    zip_code          = string<br>  })</pre> | n/a | yes |
+| <a name="input_domains"></a> [domains](#input\_domains) | A map of domains to register with Route53. | <pre>map(object({<br/>    auto_renew    = bool<br/>    name_servers  = list(string)<br/>    transfer_lock = bool<br/>  }))</pre> | n/a | yes |
+| <a name="input_registrant_contact"></a> [registrant\_contact](#input\_registrant\_contact) | The registrant contact information for the domain. | <pre>object({<br/>    address_line_1    = string<br/>    address_line_2    = string<br/>    city              = string<br/>    contact_type      = string<br/>    country_code      = string<br/>    email             = string<br/>    extra_params      = map(any)<br/>    fax               = string<br/>    first_name        = string<br/>    last_name         = string<br/>    organization_name = string<br/>    phone_number      = string<br/>    state             = string<br/>    zip_code          = string<br/>  })</pre> | n/a | yes |
 | <a name="input_registrant_privacy"></a> [registrant\_privacy](#input\_registrant\_privacy) | Whether to enable registrant privacy protection. Default is true. | `bool` | `true` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
-| <a name="input_tech_contact"></a> [tech\_contact](#input\_tech\_contact) | The tech contact information for the domain. | <pre>object({<br>    address_line_1    = string<br>    address_line_2    = string<br>    city              = string<br>    contact_type      = string<br>    country_code      = string<br>    email             = string<br>    extra_params      = map(any)<br>    fax               = string<br>    first_name        = string<br>    last_name         = string<br>    organization_name = string<br>    phone_number      = string<br>    state             = string<br>    zip_code          = string<br>  })</pre> | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
+| <a name="input_tech_contact"></a> [tech\_contact](#input\_tech\_contact) | The tech contact information for the domain. | <pre>object({<br/>    address_line_1    = string<br/>    address_line_2    = string<br/>    city              = string<br/>    contact_type      = string<br/>    country_code      = string<br/>    email             = string<br/>    extra_params      = map(any)<br/>    fax               = string<br/>    first_name        = string<br/>    last_name         = string<br/>    organization_name = string<br/>    phone_number      = string<br/>    state             = string<br/>    zip_code          = string<br/>  })</pre> | n/a | yes |
 | <a name="input_tech_privacy"></a> [tech\_privacy](#input\_tech\_privacy) | Whether to enable tech privacy protection. Default is true. | `bool` | `true` | no |
 
 ## Outputs
diff --git a/modules/aws/route53/zone/README.md b/modules/aws/route53/zone/README.md
index d3643f3d..d19aac23 100644
--- a/modules/aws/route53/zone/README.md
+++ b/modules/aws/route53/zone/README.md
@@ -149,8 +149,8 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the zone. | `map(any)` | <pre>{<br>  "terraform": true<br>}</pre> | no |
-| <a name="input_zones"></a> [zones](#input\_zones) | (Required) A map of hosted zone objects. The key is the name of the hosted zone. Values are the zone configuration settings. | <pre>map(object({<br>    comment           = optional(string) # (Optional) A comment for the hosted zone. Defaults to 'Managed by Terraform'.<br>    delegation_set_id = optional(string) # (Optional) The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with vpc as delegation sets can only be used for public zones.<br>  }))</pre> | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the zone. | `map(any)` | <pre>{<br/>  "terraform": true<br/>}</pre> | no |
+| <a name="input_zones"></a> [zones](#input\_zones) | (Required) A map of hosted zone objects. The key is the name of the hosted zone. Values are the zone configuration settings. | <pre>map(object({<br/>    comment           = optional(string) # (Optional) A comment for the hosted zone. Defaults to 'Managed by Terraform'.<br/>    delegation_set_id = optional(string) # (Optional) The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with vpc as delegation sets can only be used for public zones.<br/>  }))</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/aws/s3/bucket/README.md b/modules/aws/s3/bucket/README.md
index fbc34824..73729373 100644
--- a/modules/aws/s3/bucket/README.md
+++ b/modules/aws/s3/bucket/README.md
@@ -389,7 +389,7 @@ No modules.
 | <a name="input_restrict_public_buckets"></a> [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | (Optional) Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. | `bool` | `true` | no |
 | <a name="input_routing_rules"></a> [routing\_rules](#input\_routing\_rules) | (Optional) A list of routing rules that can redirect requests to different directories or buckets. These rules are applied in the order that you specify them. For more information about routing rules, see Configuring advanced conditional redirects in the Amazon Simple Storage Service Developer Guide. | `any` | `null` | no |
 | <a name="input_sse_algorithm"></a> [sse\_algorithm](#input\_sse\_algorithm) | (Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | `string` | `"aws:kms"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(any)` | <pre>{<br>  "created_by": "<YOUR NAME>",<br>  "environment": "prod",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(any)` | <pre>{<br/>  "created_by": "<YOUR NAME>",<br/>  "environment": "prod",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_versioning_status"></a> [versioning\_status](#input\_versioning\_status) | (Optional) Versioning state of the bucket. Valid values: Enabled, Suspended, or Disabled. Disabled should only be used when creating or importing resources that correspond to unversioned S3 buckets. | `string` | `"Disabled"` | no |
 
 ## Outputs
diff --git a/modules/aws/transfer_family/README.md b/modules/aws/transfer_family/README.md
index 646ef3f3..47f8784f 100755
--- a/modules/aws/transfer_family/README.md
+++ b/modules/aws/transfer_family/README.md
@@ -141,16 +141,16 @@ _For more examples, please refer to the [Documentation](https://github.com/zachr
 | <a name="input_passive_ip"></a> [passive\_ip](#input\_passive\_ip) | (Optional) Sets passive mode for FTP and FTPS protocols and the associated IPv4 address to associate. | `string` | `null` | no |
 | <a name="input_post_authentication_login_banner"></a> [post\_authentication\_login\_banner](#input\_post\_authentication\_login\_banner) | (Optional) The banner message which is displayed to users after they authenticate to the server. | `string` | `null` | no |
 | <a name="input_pre_authentication_login_banner"></a> [pre\_authentication\_login\_banner](#input\_pre\_authentication\_login\_banner) | (Optional) The banner message which is displayed to users before they authenticate to the server. | `string` | `null` | no |
-| <a name="input_protocols"></a> [protocols](#input\_protocols) | (Optional) The list of protocol settings that are configured for your server. Valid values are AS2, SFTP, FTP, and FTPS. | `list(string)` | <pre>[<br>  "SFTP"<br>]</pre> | no |
+| <a name="input_protocols"></a> [protocols](#input\_protocols) | (Optional) The list of protocol settings that are configured for your server. Valid values are AS2, SFTP, FTP, and FTPS. | `list(string)` | <pre>[<br/>  "SFTP"<br/>]</pre> | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | (Optional) A list of security group IDs that are attached to the server's endpoint. (Optional) A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no |
 | <a name="input_security_policy_name"></a> [security\_policy\_name](#input\_security\_policy\_name) | (Optional) Specifies the name of the security policy that is attached to the server.  Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06, TransferSecurityPolicy-FIPS-2023-05, TransferSecurityPolicy-2022-03, TransferSecurityPolicy-2023-05, TransferSecurityPolicy-PQ-SSH-Experimental-2023-04, TransferSecurityPolicy-2024-01, and TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04. Default value is: TransferSecurityPolicy-2024-01. | `string` | `"TransferSecurityPolicy-2024-01"` | no |
 | <a name="input_set_stat_option"></a> [set\_stat\_option](#input\_set\_stat\_option) | (Optional) Specifies the behavior of your server endpoint when you use the STAT command. Valid values are: DEFAULT and ENABLE\_NO\_OP. | `string` | `null` | no |
 | <a name="input_storage_location"></a> [storage\_location](#input\_storage\_location) | (Optional) The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default is S3. | `string` | `"S3"` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | (Optional) A list of subnet IDs that are required to host your server endpoint in your VPC. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Key-value mapping of resource tags | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Key-value mapping of resource tags | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_tls_session_resumption_mode"></a> [tls\_session\_resumption\_mode](#input\_tls\_session\_resumption\_mode) | (Optional) Specifies the mode of the TLS session resumption. Valid values are: DISABLED, ENABLED, and ENFORCED. | `string` | `null` | no |
 | <a name="input_url"></a> [url](#input\_url) | (Optional) The URL of the file transfer protocol endpoint that is used to authentication users through an API\_GATEWAY. | `string` | `null` | no |
-| <a name="input_users"></a> [users](#input\_users) | (Optional) A map of user names and their configuration | <pre>map(object({<br>    home_directory      = optional(string)            # Cannot be set if home_directory_type is set to "LOGICAL".<br>    home_directory_type = optional(string, "LOGICAL") # Default is "LOGICAL"<br>    policy              = optional(string)            # Set for a custom session policy see https://docs.aws.amazon.com/transfer/latest/userguide/requirements-roles.html#session-policy for more information<br>    public_key          = optional(string)            # The public key portion of an SSH key pair<br>    username            = string<br>  }))</pre> | `{}` | no |
+| <a name="input_users"></a> [users](#input\_users) | (Optional) A map of user names and their configuration | <pre>map(object({<br/>    home_directory      = optional(string)            # Cannot be set if home_directory_type is set to "LOGICAL".<br/>    home_directory_type = optional(string, "LOGICAL") # Default is "LOGICAL"<br/>    policy              = optional(string)            # Set for a custom session policy see https://docs.aws.amazon.com/transfer/latest/userguide/requirements-roles.html#session-policy for more information<br/>    public_key          = optional(string)            # The public key portion of an SSH key pair<br/>    username            = string<br/>  }))</pre> | `{}` | no |
 | <a name="input_vpc_endpoint_id"></a> [vpc\_endpoint\_id](#input\_vpc\_endpoint\_id) | (Optional) The ID of the VPC endpoint. This property can only be used when endpoint\_type is set to VPC. | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Optional) The ID of the VPC that is used for the transfer server. This property can only be used when endpoint\_type is set to VPC. | `string` | `null` | no |
 
diff --git a/modules/aws/transit_gateway/README.md b/modules/aws/transit_gateway/README.md
index 7a77e525..fddd1281 100644
--- a/modules/aws/transit_gateway/README.md
+++ b/modules/aws/transit_gateway/README.md
@@ -112,7 +112,7 @@ No modules.
 | <a name="input_description"></a> [description](#input\_description) | (Optional) Description of the EC2 Transit Gateway. | `string` | `"Transit gateway to allow access across VPCs or accounts."` | no |
 | <a name="input_dns_support"></a> [dns\_support](#input\_dns\_support) | (Optional) Whether DNS support is enabled. | `string` | `"enable"` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Required) The name of the transit gateway | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | <pre>{<br>  "environment": "prod",<br>  "project": "core_infrastructure",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | <pre>{<br/>  "environment": "prod",<br/>  "project": "core_infrastructure",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_transit_gateway_cidr_blocks"></a> [transit\_gateway\_cidr\_blocks](#input\_transit\_gateway\_cidr\_blocks) | (Optional) One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6. | `list(string)` | `null` | no |
 | <a name="input_vpn_ecmp_support"></a> [vpn\_ecmp\_support](#input\_vpn\_ecmp\_support) | (Optional) Whether VPN Equal Cost Multipath Protocol support is enabled. | `string` | `"enable"` | no |
 
diff --git a/modules/aws/transit_gateway_attachment/README.md b/modules/aws/transit_gateway_attachment/README.md
index 8946ca0a..0b4e9fca 100644
--- a/modules/aws/transit_gateway_attachment/README.md
+++ b/modules/aws/transit_gateway_attachment/README.md
@@ -113,7 +113,7 @@ No modules.
 | <a name="input_ipv6_support"></a> [ipv6\_support](#input\_ipv6\_support) | (Optional) Whether IPv6 support is enabled. Valid values: disable, enable. Default value: disable. | `string` | `"disable"` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Required) The name of the transit gateway attachment | `string` | n/a | yes |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | (Required) Identifiers of EC2 Subnets. | `list(any)` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | <pre>{<br>  "environment": "prod",<br>  "project": "core_infrastructure",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | <pre>{<br/>  "environment": "prod",<br/>  "project": "core_infrastructure",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_transit_gateway_default_route_table_association"></a> [transit\_gateway\_default\_route\_table\_association](#input\_transit\_gateway\_default\_route\_table\_association) | (Optional) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no |
 | <a name="input_transit_gateway_default_route_table_propagation"></a> [transit\_gateway\_default\_route\_table\_propagation](#input\_transit\_gateway\_default\_route\_table\_propagation) | (Optional) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Required) Identifier of EC2 Transit Gateway. | `string` | n/a | yes |
diff --git a/modules/aws/transit_gateway_connect/README.md b/modules/aws/transit_gateway_connect/README.md
index c10dd1a1..7f90c7c0 100644
--- a/modules/aws/transit_gateway_connect/README.md
+++ b/modules/aws/transit_gateway_connect/README.md
@@ -109,7 +109,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) The name of the transit gateway | `string` | n/a | yes |
 | <a name="input_protocol"></a> [protocol](#input\_protocol) | (Optional) The tunnel protocol. Valida values: gre. Default is gre. | `string` | `"gre"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br>  "environment": "prod",<br>  "project": "core_infrastructure",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br/>  "environment": "prod",<br/>  "project": "core_infrastructure",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_transit_gateway_default_route_table_association"></a> [transit\_gateway\_default\_route\_table\_association](#input\_transit\_gateway\_default\_route\_table\_association) | (Optional) Boolean whether the Connect should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no |
 | <a name="input_transit_gateway_default_route_table_propagation"></a> [transit\_gateway\_default\_route\_table\_propagation](#input\_transit\_gateway\_default\_route\_table\_propagation) | (Optional) Boolean whether the Connect should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Required) Identifier of EC2 Transit Gateway. | `string` | n/a | yes |
diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md
index 4062589b..ff584669 100644
--- a/modules/aws/transit_gateway_connect_peer/README.md
+++ b/modules/aws/transit_gateway_connect_peer/README.md
@@ -114,7 +114,7 @@ No modules.
 | <a name="input_inside_cidr_blocks"></a> [inside\_cidr\_blocks](#input\_inside\_cidr\_blocks) | (Required) The CIDR block that will be used for addressing within the tunnel. It must contain exactly one IPv4 CIDR block and up to one IPv6 CIDR block. The IPv4 CIDR block must be /29 size and must be within 169.254.0.0/16 range, with exception of: 169.254.0.0/29, 169.254.1.0/29, 169.254.2.0/29, 169.254.3.0/29, 169.254.4.0/29, 169.254.5.0/29, 169.254.169.248/29. The IPv6 CIDR block must be /125 size and must be within fd00::/8. The first IP from each CIDR block is assigned for customer gateway, the second and third is for Transit Gateway (An example: from range 169.254.100.0/29, .1 is assigned to customer gateway and .2 and .3 are assigned to Transit Gateway) | `list(string)` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | (Required) The name of the transit gateway | `string` | n/a | yes |
 | <a name="input_peer_address"></a> [peer\_address](#input\_peer\_address) | (Required) The IP addressed assigned to customer device, which will be used as tunnel endpoint. It can be IPv4 or IPv6 address, but must be the same address family as transit\_gateway\_address | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br>  "environment": "prod",<br>  "project": "core_infrastructure",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br/>  "environment": "prod",<br/>  "project": "core_infrastructure",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_transit_gateway_address"></a> [transit\_gateway\_address](#input\_transit\_gateway\_address) | (Required) The IP address assigned to Transit Gateway, which will be used as tunnel endpoint. This address must be from associated Transit Gateway CIDR block. The address must be from the same address family as peer\_address. If not set explicitly, it will be selected from associated Transit Gateway CIDR blocks | `string` | n/a | yes |
 | <a name="input_transit_gateway_attachment_id"></a> [transit\_gateway\_attachment\_id](#input\_transit\_gateway\_attachment\_id) | (Required) The Transit Gateway Connect | `string` | n/a | yes |
 
diff --git a/modules/aws/vendor/cato_sdwan/README.md b/modules/aws/vendor/cato_sdwan/README.md
index 0fc79796..aa7f4bf1 100755
--- a/modules/aws/vendor/cato_sdwan/README.md
+++ b/modules/aws/vendor/cato_sdwan/README.md
@@ -146,22 +146,22 @@ No modules.
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | (Required) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | n/a | yes |
 | <a name="input_lan_sg_name"></a> [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_lan_sg"` | no |
-| <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.61.12",<br>  "10.11.62.12",<br>  "10.11.63.12"<br>]</pre> | no |
+| <a name="input_mgmt_ips"></a> [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br/>  "10.11.61.12",<br/>  "10.11.62.12",<br/>  "10.11.63.12"<br/>]</pre> | no |
 | <a name="input_mgmt_nic_description"></a> [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato mgmt nic"` | no |
 | <a name="input_mgmt_subnet_id"></a> [mgmt\_subnet\_id](#input\_mgmt\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no |
 | <a name="input_number"></a> [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no |
-| <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.1.12",<br>  "10.11.2.12",<br>  "10.11.3.12"<br>]</pre> | no |
+| <a name="input_private_ips"></a> [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br/>  "10.11.1.12",<br/>  "10.11.2.12",<br/>  "10.11.3.12"<br/>]</pre> | no |
 | <a name="input_private_nic_description"></a> [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato private nic"` | no |
 | <a name="input_private_subnet_id"></a> [private\_subnet\_id](#input\_private\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
-| <a name="input_public_ips"></a> [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br>  "10.11.201.12",<br>  "10.11.202.12",<br>  "10.11.203.12"<br>]</pre> | no |
+| <a name="input_public_ips"></a> [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br/>  "10.11.201.12",<br/>  "10.11.202.12",<br/>  "10.11.203.12"<br/>]</pre> | no |
 | <a name="input_public_nic_description"></a> [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato public nic"` | no |
 | <a name="input_public_subnet_id"></a> [public\_subnet\_id](#input\_public\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes |
 | <a name="input_root_ebs_volume_encrypted"></a> [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no |
 | <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `16` | no |
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "cato_sdwan",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br/>  "created_by": "terraform",<br/>  "environment": "prod",<br/>  "role": "cato_sdwan",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes |
 | <a name="input_wan_mgmt_sg_name"></a> [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_wan_mgmt_sg"` | no |
diff --git a/modules/aws/vendor/corelight/README.md b/modules/aws/vendor/corelight/README.md
index 5c4ae0e3..210ec3c3 100644
--- a/modules/aws/vendor/corelight/README.md
+++ b/modules/aws/vendor/corelight/README.md
@@ -161,7 +161,7 @@ No modules.
 | <a name="input_sg_description"></a> [sg\_description](#input\_sg\_description) | (Optional, Forces new resource) The security group description. Defaults to 'Managed by Terraform'. Cannot be ''. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. | `string` | `"Corelight security group"` | no |
 | <a name="input_sg_name"></a> [sg\_name](#input\_sg\_name) | (Optional, Forces new resource) The name of the security group. If omitted, Terraform will assign a random, unique name | `string` | `"corelight_sg"` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | <pre>{<br>  "backup": "true",<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "corelight network monitor",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | <pre>{<br/>  "backup": "true",<br/>  "created_by": "terraform",<br/>  "environment": "prod",<br/>  "role": "corelight network monitor",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_tenancy"></a> [tenancy](#input\_tenancy) | (Optional) The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Required) Input the Customer ID from Corelight. Example: '57ee000-1214-999e-hfij-1827417d7421' | `string` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) The VPC ID. | `string` | n/a | yes |
diff --git a/modules/aws/vendor/fortigate_firewall/README.md b/modules/aws/vendor/fortigate_firewall/README.md
index 74475e3b..76ecc174 100755
--- a/modules/aws/vendor/fortigate_firewall/README.md
+++ b/modules/aws/vendor/fortigate_firewall/README.md
@@ -134,7 +134,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami_id"></a> [ami\_id](#input\_ami\_id) | The AMI to use | `string` | n/a | yes |
 | <a name="input_dmz_nic_description"></a> [dmz\_nic\_description](#input\_dmz\_nic\_description) | Description of the dmz network interface | `string` | `"Fortigate FW DMZ nic"` | no |
-| <a name="input_dmz_private_ips"></a> [dmz\_private\_ips](#input\_dmz\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.101.10",<br>  "10.11.102.10"<br>]</pre> | no |
+| <a name="input_dmz_private_ips"></a> [dmz\_private\_ips](#input\_dmz\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br/>  "10.11.101.10",<br/>  "10.11.102.10"<br/>]</pre> | no |
 | <a name="input_dmz_subnet_id"></a> [dmz\_subnet\_id](#input\_dmz\_subnet\_id) | The VPC subnet the instance(s) will be assigned. Set in main.tf | `list(any)` | n/a | yes |
 | <a name="input_ebs_device_name"></a> [ebs\_device\_name](#input\_ebs\_device\_name) | ebs volume mount name | `string` | `"/dev/sdb"` | no |
 | <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `false` | no |
@@ -149,7 +149,7 @@ No modules.
 | <a name="input_instance_name_prefix"></a> [instance\_name\_prefix](#input\_instance\_name\_prefix) | Used to populate the Name tag. Set in main.tf | `string` | `"aws_fw"` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Select the instance type. Set in main.tf | `string` | `"c5.large"` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | keypair name to use for ec2 instance deployment. Keypairs are used to obtain the username/password | `string` | n/a | yes |
-| <a name="input_lan_private_ips"></a> [lan\_private\_ips](#input\_lan\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br>  "10.11.1.10",<br>  "10.11.2.10"<br>]</pre> | no |
+| <a name="input_lan_private_ips"></a> [lan\_private\_ips](#input\_lan\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | <pre>[<br/>  "10.11.1.10",<br/>  "10.11.2.10"<br/>]</pre> | no |
 | <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `true` | no |
 | <a name="input_number"></a> [number](#input\_number) | number of resources to make | `number` | `2` | no |
 | <a name="input_private_nic_description"></a> [private\_nic\_description](#input\_private\_nic\_description) | Description of the private network interface | `string` | `"Fortigate FW private nic"` | no |
@@ -162,9 +162,9 @@ No modules.
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3. | `string` | `"gp3"` | no |
 | <a name="input_sg_name"></a> [sg\_name](#input\_sg\_name) | Name of the security group | `string` | `"fortigate_fw_sg"` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | Boolean for source and destination checking on the nics | `bool` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "dev",<br>  "role": "fortigate_firewall",<br>  "terraform": "yes"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/>  "created_by": "terraform",<br/>  "environment": "dev",<br/>  "role": "fortigate_firewall",<br/>  "terraform": "yes"<br/>}</pre> | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC id to add the security group | `string` | n/a | yes |
-| <a name="input_wan_private_ips"></a> [wan\_private\_ips](#input\_wan\_private\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br>  "10.11.201.10",<br>  "10.11.202.10"<br>]</pre> | no |
+| <a name="input_wan_private_ips"></a> [wan\_private\_ips](#input\_wan\_private\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | <pre>[<br/>  "10.11.201.10",<br/>  "10.11.202.10"<br/>]</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/vendor/silverpeak/README.md b/modules/aws/vendor/silverpeak/README.md
index e4e4425c..7003c46e 100644
--- a/modules/aws/vendor/silverpeak/README.md
+++ b/modules/aws/vendor/silverpeak/README.md
@@ -165,7 +165,7 @@ No modules.
 | <a name="input_sg_description"></a> [sg\_description](#input\_sg\_description) | (Optional, Forces new resource) The security group description. Defaults to 'Managed by Terraform'. Cannot be ''. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. | `string` | `"Silverpeak SDWAN security group"` | no |
 | <a name="input_sg_name"></a> [sg\_name](#input\_sg\_name) | (Optional, Forces new resource) The name of the security group. If omitted, Terraform will assign a random, unique name | `string` | `"silverpeak_sg"` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default true. | `string` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map` | <pre>{<br>  "backup": "true",<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "silverpeak_sdwan",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map` | <pre>{<br/>  "backup": "true",<br/>  "created_by": "terraform",<br/>  "environment": "prod",<br/>  "role": "silverpeak_sdwan",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_tenancy"></a> [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no |
 | <a name="input_user_data"></a> [user\_data](#input\_user\_data) | The user data to provide when launching the instance | `string` | `""` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Optional, Forces new resource) The VPC ID. | `any` | n/a | yes |
diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index b3124161..4f5b209c 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -124,7 +124,6 @@ No modules.
 | [aws_eip.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
-| [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_security_group.sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
@@ -161,7 +160,7 @@ No modules.
 | <a name="input_snmp_mgmt_access_cidr_blocks"></a> [snmp\_mgmt\_access\_cidr\_blocks](#input\_snmp\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SNMP into the VeloCloud instance. | `list(string)` | `[]` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
 | <a name="input_ssh_mgmt_access_cidr_blocks"></a> [ssh\_mgmt\_access\_cidr\_blocks](#input\_ssh\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance. | `list(string)` | `[]` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br>  "created_by": "terraform",<br>  "environment": "prod",<br>  "role": "sdwan",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br/>  "created_by": "terraform",<br/>  "environment": "prod",<br/>  "role": "sdwan",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_velocloud_activation_key"></a> [velocloud\_activation\_key](#input\_velocloud\_activation\_key) | (Required) The activation key for the VeloCloud instance(s). | `string` | n/a | yes |
 | <a name="input_velocloud_ignore_cert_errors"></a> [velocloud\_ignore\_cert\_errors](#input\_velocloud\_ignore\_cert\_errors) | (Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false. | `bool` | `false` | no |
 | <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no |
diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md
index a7149e66..4609740d 100755
--- a/modules/aws/vpc/README.md
+++ b/modules/aws/vpc/README.md
@@ -208,13 +208,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_azs"></a> [azs](#input\_azs) | A list of Availability zones in the region | `list` | <pre>[<br>  "us-east-2a",<br>  "us-east-2b",<br>  "us-east-2c"<br>]</pre> | no |
+| <a name="input_azs"></a> [azs](#input\_azs) | A list of Availability zones in the region | `list` | <pre>[<br/>  "us-east-2a",<br/>  "us-east-2b",<br/>  "us-east-2c"<br/>]</pre> | no |
 | <a name="input_cloudwatch_name_prefix"></a> [cloudwatch\_name\_prefix](#input\_cloudwatch\_name\_prefix) | (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. | `string` | `"flow_logs_"` | no |
 | <a name="input_cloudwatch_retention_in_days"></a> [cloudwatch\_retention\_in\_days](#input\_cloudwatch\_retention\_in\_days) | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. | `number` | `90` | no |
 | <a name="input_db_propagating_vgws"></a> [db\_propagating\_vgws](#input\_db\_propagating\_vgws) | A list of VGWs the db route table should propagate. | `list` | `[]` | no |
-| <a name="input_db_subnets_list"></a> [db\_subnets\_list](#input\_db\_subnets\_list) | A list of database subnets inside the VPC. | `list` | <pre>[<br>  "10.11.11.0/24",<br>  "10.11.12.0/24",<br>  "10.11.13.0/24"<br>]</pre> | no |
+| <a name="input_db_subnets_list"></a> [db\_subnets\_list](#input\_db\_subnets\_list) | A list of database subnets inside the VPC. | `list` | <pre>[<br/>  "10.11.11.0/24",<br/>  "10.11.12.0/24",<br/>  "10.11.13.0/24"<br/>]</pre> | no |
 | <a name="input_dmz_propagating_vgws"></a> [dmz\_propagating\_vgws](#input\_dmz\_propagating\_vgws) | A list of VGWs the DMZ route table should propagate. | `list` | `[]` | no |
-| <a name="input_dmz_subnets_list"></a> [dmz\_subnets\_list](#input\_dmz\_subnets\_list) | A list of DMZ subnets inside the VPC. | `list` | <pre>[<br>  "10.11.101.0/24",<br>  "10.11.102.0/24",<br>  "10.11.103.0/24"<br>]</pre> | no |
+| <a name="input_dmz_subnets_list"></a> [dmz\_subnets\_list](#input\_dmz\_subnets\_list) | A list of DMZ subnets inside the VPC. | `list` | <pre>[<br/>  "10.11.101.0/24",<br/>  "10.11.102.0/24",<br/>  "10.11.103.0/24"<br/>]</pre> | no |
 | <a name="input_enable_dns_hostnames"></a> [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | (Optional) A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false. | `bool` | `true` | no |
 | <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | (Optional) A boolean flag to enable/disable DNS support in the VPC. Defaults true. | `bool` | `true` | no |
 | <a name="input_enable_firewall"></a> [enable\_firewall](#input\_enable\_firewall) | (Optional) A boolean flag to enable/disable the use of a firewall instance within the VPC. Defaults False. | `bool` | `false` | no |
@@ -246,17 +246,17 @@ No modules.
 | <a name="input_key_usage"></a> [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no |
 | <a name="input_map_public_ip_on_launch"></a> [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | (Optional) Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false. | `bool` | `true` | no |
 | <a name="input_mgmt_propagating_vgws"></a> [mgmt\_propagating\_vgws](#input\_mgmt\_propagating\_vgws) | A list of VGWs the mgmt route table should propagate. | `list` | `[]` | no |
-| <a name="input_mgmt_subnets_list"></a> [mgmt\_subnets\_list](#input\_mgmt\_subnets\_list) | A list of mgmt subnets inside the VPC. | `list` | <pre>[<br>  "10.11.61.0/24",<br>  "10.11.62.0/24",<br>  "10.11.63.0/24"<br>]</pre> | no |
+| <a name="input_mgmt_subnets_list"></a> [mgmt\_subnets\_list](#input\_mgmt\_subnets\_list) | A list of mgmt subnets inside the VPC. | `list` | <pre>[<br/>  "10.11.61.0/24",<br/>  "10.11.62.0/24",<br/>  "10.11.63.0/24"<br/>]</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | (Required) Name to be tagged on all of the resources as an identifier | `string` | n/a | yes |
 | <a name="input_private_propagating_vgws"></a> [private\_propagating\_vgws](#input\_private\_propagating\_vgws) | A list of VGWs the private route table should propagate. | `list` | `[]` | no |
-| <a name="input_private_subnets_list"></a> [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list` | <pre>[<br>  "10.11.1.0/24",<br>  "10.11.2.0/24",<br>  "10.11.3.0/24"<br>]</pre> | no |
+| <a name="input_private_subnets_list"></a> [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list` | <pre>[<br/>  "10.11.1.0/24",<br/>  "10.11.2.0/24",<br/>  "10.11.3.0/24"<br/>]</pre> | no |
 | <a name="input_public_propagating_vgws"></a> [public\_propagating\_vgws](#input\_public\_propagating\_vgws) | A list of VGWs the public route table should propagate. | `list` | `[]` | no |
-| <a name="input_public_subnets_list"></a> [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list` | <pre>[<br>  "10.11.201.0/24",<br>  "10.11.202.0/24",<br>  "10.11.203.0/24"<br>]</pre> | no |
+| <a name="input_public_subnets_list"></a> [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list` | <pre>[<br/>  "10.11.201.0/24",<br/>  "10.11.202.0/24",<br/>  "10.11.203.0/24"<br/>]</pre> | no |
 | <a name="input_single_nat_gateway"></a> [single\_nat\_gateway](#input\_single\_nat\_gateway) | (Optional) A boolean flag to enable/disable use of only a single shared NAT Gateway across all of your private networks. Defaults False. | `bool` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | <pre>{<br>  "created_by": "<YOUR_NAME>",<br>  "environment": "prod",<br>  "priority": "high",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | <pre>{<br/>  "created_by": "<YOUR_NAME>",<br/>  "environment": "prod",<br/>  "priority": "high",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block for the VPC | `string` | `"10.11.0.0/16"` | no |
 | <a name="input_workspaces_propagating_vgws"></a> [workspaces\_propagating\_vgws](#input\_workspaces\_propagating\_vgws) | A list of VGWs the workspaces route table should propagate. | `list` | `[]` | no |
-| <a name="input_workspaces_subnets_list"></a> [workspaces\_subnets\_list](#input\_workspaces\_subnets\_list) | A list of workspaces subnets inside the VPC. | `list` | <pre>[<br>  "10.11.21.0/24",<br>  "10.11.22.0/24",<br>  "10.11.23.0/24"<br>]</pre> | no |
+| <a name="input_workspaces_subnets_list"></a> [workspaces\_subnets\_list](#input\_workspaces\_subnets\_list) | A list of workspaces subnets inside the VPC. | `list` | <pre>[<br/>  "10.11.21.0/24",<br/>  "10.11.22.0/24",<br/>  "10.11.23.0/24"<br/>]</pre> | no |
 
 ## Outputs
 
diff --git a/modules/aws/vpc_peering_connection_accepter/README.md b/modules/aws/vpc_peering_connection_accepter/README.md
index 19059b58..3b3356df 100644
--- a/modules/aws/vpc_peering_connection_accepter/README.md
+++ b/modules/aws/vpc_peering_connection_accepter/README.md
@@ -114,7 +114,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_auto_accept"></a> [auto\_accept](#input\_auto\_accept) | (Optional) Whether or not to accept the peering request. Defaults to false. | `string` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | <pre>{<br>  "created_by": "Jake Jones",<br>  "environment": "prod",<br>  "role": "vpc_peering_connection_accepter",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | <pre>{<br/>  "created_by": "Jake Jones",<br/>  "environment": "prod",<br/>  "role": "vpc_peering_connection_accepter",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_vpc_peering_connection_id"></a> [vpc\_peering\_connection\_id](#input\_vpc\_peering\_connection\_id) | (Required) The VPC Peering Connection ID to manage. | `string` | n/a | yes |
 
 ## Outputs
diff --git a/modules/aws/vpn/README.md b/modules/aws/vpn/README.md
index d2fbb41b..5fd79d40 100644
--- a/modules/aws/vpn/README.md
+++ b/modules/aws/vpn/README.md
@@ -136,15 +136,15 @@ No modules.
 | <a name="input_ip_address"></a> [ip\_address](#input\_ip\_address) | (Required) The IPv4 address for the customer gateway device's outside interface. | `list(string)` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | (Required) Name to be used on all the resources as identifier | `string` | n/a | yes |
 | <a name="input_static_routes_only"></a> [static\_routes\_only](#input\_static\_routes\_only) | (Optional, Default true) Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP. | `bool` | `true` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Optional) The ID of the EC2 Transit Gateway. | `string` | `null` | no |
-| <a name="input_tunnel_ike_versions"></a> [tunnel\_ike\_versions](#input\_tunnel\_ike\_versions) | (Optional) The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 \| ikev2. | `list(string)` | <pre>[<br>  "ikev2"<br>]</pre> | no |
-| <a name="input_tunnel_phase1_dh_group_numbers"></a> [tunnel\_phase1\_dh\_group\_numbers](#input\_tunnel\_phase1\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | <pre>[<br>  "14",<br>  "15",<br>  "16",<br>  "17",<br>  "18",<br>  "19",<br>  "20",<br>  "21",<br>  "22",<br>  "23",<br>  "24"<br>]</pre> | no |
-| <a name="input_tunnel_phase1_encryption_algorithms"></a> [tunnel\_phase1\_encryption\_algorithms](#input\_tunnel\_phase1\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | <pre>[<br>  "AES256",<br>  "AES256-GCM-16"<br>]</pre> | no |
-| <a name="input_tunnel_phase1_integrity_algorithms"></a> [tunnel\_phase1\_integrity\_algorithms](#input\_tunnel\_phase1\_integrity\_algorithms) | (Optional) One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | <pre>[<br>  "SHA2-256",<br>  "SHA2-384",<br>  "SHA2-512"<br>]</pre> | no |
-| <a name="input_tunnel_phase2_dh_group_numbers"></a> [tunnel\_phase2\_dh\_group\_numbers](#input\_tunnel\_phase2\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 \| 5 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | <pre>[<br>  "14",<br>  "15",<br>  "16",<br>  "17",<br>  "18",<br>  "19",<br>  "20",<br>  "21",<br>  "22",<br>  "23",<br>  "24"<br>]</pre> | no |
-| <a name="input_tunnel_phase2_encryption_algorithms"></a> [tunnel\_phase2\_encryption\_algorithms](#input\_tunnel\_phase2\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | <pre>[<br>  "AES256",<br>  "AES256-GCM-16"<br>]</pre> | no |
-| <a name="input_tunnel_phase2_integrity_algorithms"></a> [tunnel\_phase2\_integrity\_algorithms](#input\_tunnel\_phase2\_integrity\_algorithms) | (Optional) List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | <pre>[<br>  "SHA2-256",<br>  "SHA2-384",<br>  "SHA2-512"<br>]</pre> | no |
+| <a name="input_tunnel_ike_versions"></a> [tunnel\_ike\_versions](#input\_tunnel\_ike\_versions) | (Optional) The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 \| ikev2. | `list(string)` | <pre>[<br/>  "ikev2"<br/>]</pre> | no |
+| <a name="input_tunnel_phase1_dh_group_numbers"></a> [tunnel\_phase1\_dh\_group\_numbers](#input\_tunnel\_phase1\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | <pre>[<br/>  "14",<br/>  "15",<br/>  "16",<br/>  "17",<br/>  "18",<br/>  "19",<br/>  "20",<br/>  "21",<br/>  "22",<br/>  "23",<br/>  "24"<br/>]</pre> | no |
+| <a name="input_tunnel_phase1_encryption_algorithms"></a> [tunnel\_phase1\_encryption\_algorithms](#input\_tunnel\_phase1\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | <pre>[<br/>  "AES256",<br/>  "AES256-GCM-16"<br/>]</pre> | no |
+| <a name="input_tunnel_phase1_integrity_algorithms"></a> [tunnel\_phase1\_integrity\_algorithms](#input\_tunnel\_phase1\_integrity\_algorithms) | (Optional) One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | <pre>[<br/>  "SHA2-256",<br/>  "SHA2-384",<br/>  "SHA2-512"<br/>]</pre> | no |
+| <a name="input_tunnel_phase2_dh_group_numbers"></a> [tunnel\_phase2\_dh\_group\_numbers](#input\_tunnel\_phase2\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 \| 5 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | <pre>[<br/>  "14",<br/>  "15",<br/>  "16",<br/>  "17",<br/>  "18",<br/>  "19",<br/>  "20",<br/>  "21",<br/>  "22",<br/>  "23",<br/>  "24"<br/>]</pre> | no |
+| <a name="input_tunnel_phase2_encryption_algorithms"></a> [tunnel\_phase2\_encryption\_algorithms](#input\_tunnel\_phase2\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | <pre>[<br/>  "AES256",<br/>  "AES256-GCM-16"<br/>]</pre> | no |
+| <a name="input_tunnel_phase2_integrity_algorithms"></a> [tunnel\_phase2\_integrity\_algorithms](#input\_tunnel\_phase2\_integrity\_algorithms) | (Optional) List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | <pre>[<br/>  "SHA2-256",<br/>  "SHA2-384",<br/>  "SHA2-512"<br/>]</pre> | no |
 | <a name="input_tunnel_startup_action"></a> [tunnel\_startup\_action](#input\_tunnel\_startup\_action) | (Optional, Default add) The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add \| start. | `string` | `"add"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required) The VPC ID to create in. | `string` | n/a | yes |
 | <a name="input_vpn_type"></a> [vpn\_type](#input\_vpn\_type) | (Required) The type of customer gateway. The only type AWS supports at this time is ipsec.1 | `string` | `"ipsec.1"` | no |
diff --git a/modules/azuread/conditional_access/named_location/README.md b/modules/azuread/conditional_access/named_location/README.md
index 272c3261..27d364c4 100644
--- a/modules/azuread/conditional_access/named_location/README.md
+++ b/modules/azuread/conditional_access/named_location/README.md
@@ -132,9 +132,9 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_country"></a> [country](#input\_country) | (Optional) A list of countries and regions to include in the named location. | <pre>list(object({<br>    countries_and_regions                 = list(string)<br>    include_unknown_countries_and_regions = bool<br>  }))</pre> | `null` | no |
+| <a name="input_country"></a> [country](#input\_country) | (Optional) A list of countries and regions to include in the named location. | <pre>list(object({<br/>    countries_and_regions                 = list(string)<br/>    include_unknown_countries_and_regions = bool<br/>  }))</pre> | `null` | no |
 | <a name="input_display_name"></a> [display\_name](#input\_display\_name) | (Required) The friendly name for this named location. | `string` | n/a | yes |
-| <a name="input_ip"></a> [ip](#input\_ip) | (Optional) A list of IP ranges to include in the named location. | <pre>list(object({<br>    ip_ranges = list(string)<br>    trusted   = bool<br>  }))</pre> | `null` | no |
+| <a name="input_ip"></a> [ip](#input\_ip) | (Optional) A list of IP ranges to include in the named location. | <pre>list(object({<br/>    ip_ranges = list(string)<br/>    trusted   = bool<br/>  }))</pre> | `null` | no |
 
 ## Outputs
 
diff --git a/modules/azuread/group/README.md b/modules/azuread/group/README.md
index 3db57e7c..b8c7aa7e 100755
--- a/modules/azuread/group/README.md
+++ b/modules/azuread/group/README.md
@@ -137,7 +137,7 @@ No modules.
 | <a name="input_auto_subscribe_new_members"></a> [auto\_subscribe\_new\_members](#input\_auto\_subscribe\_new\_members) | (Optional) Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. | `bool` | `null` | no |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) A description for the group. | `string` | `null` | no |
 | <a name="input_display_name"></a> [display\_name](#input\_display\_name) | (Required) The display name for the group. | `string` | n/a | yes |
-| <a name="input_dynamic_membership"></a> [dynamic\_membership](#input\_dynamic\_membership) | (Optional) A dynamic membership block. Cannot be used with the members property. | <pre>object({<br>    enabled = bool<br>    rule    = string<br>  })</pre> | `null` | no |
+| <a name="input_dynamic_membership"></a> [dynamic\_membership](#input\_dynamic\_membership) | (Optional) A dynamic membership block. Cannot be used with the members property. | <pre>object({<br/>    enabled = bool<br/>    rule    = string<br/>  })</pre> | `null` | no |
 | <a name="input_external_senders_allowed"></a> [external\_senders\_allowed](#input\_external\_senders\_allowed) | (Optional) Indicates whether external senders can send messages to the group. Can only be set for Unified groups. | `bool` | `null` | no |
 | <a name="input_hide_from_address_lists"></a> [hide\_from\_address\_lists](#input\_hide\_from\_address\_lists) | (Optional) Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. | `bool` | `null` | no |
 | <a name="input_hide_from_outlook_clients"></a> [hide\_from\_outlook\_clients](#input\_hide\_from\_outlook\_clients) | (Optional) Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. | `bool` | `null` | no |
diff --git a/modules/bootstrapping/aws/README.md b/modules/bootstrapping/aws/README.md
index 3eecf9f4..e1d70549 100644
--- a/modules/bootstrapping/aws/README.md
+++ b/modules/bootstrapping/aws/README.md
@@ -165,7 +165,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | (Optional) The name of the IAM role to assume when generating dynamic credentials for this workspace. | `string` | `"terraform_cloud"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the workspace. | `map(string)` | <pre>{<br>  "environment": "prod",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to assign to the workspace. | `map(string)` | <pre>{<br/>  "environment": "prod",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_terraform_cloud_aws_audience"></a> [terraform\_cloud\_aws\_audience](#input\_terraform\_cloud\_aws\_audience) | (Optional) The audience value to use in the terraform run identity tokens | `string` | `"aws.workload.identity"` | no |
 | <a name="input_terraform_cloud_hostname"></a> [terraform\_cloud\_hostname](#input\_terraform\_cloud\_hostname) | The hostname of the Terraform Cloud or Terraform Enterprise environment you'd like to use with the identity provider | `string` | `"app.terraform.io"` | no |
 | <a name="input_terraform_cloud_organization"></a> [terraform\_cloud\_organization](#input\_terraform\_cloud\_organization) | (Required) The name of the Terraform Cloud organization which the workspace is in. | `string` | n/a | yes |
diff --git a/modules/services/aws_backup/README.md b/modules/services/aws_backup/README.md
index b53f5914..4a5b8db7 100644
--- a/modules/services/aws_backup/README.md
+++ b/modules/services/aws_backup/README.md
@@ -147,7 +147,7 @@ No modules.
 | <a name="input_key_policy"></a> [key\_policy](#input\_key\_policy) | (Optional) A valid policy JSON document. Although this is a key policy, not an IAM policy, an aws\_iam\_policy\_document, in the form that designates a principal, can be used. For more information about building policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no |
 | <a name="input_key_usage"></a> [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no |
 | <a name="input_monthly_backup_retention"></a> [monthly\_backup\_retention](#input\_monthly\_backup\_retention) | (Required) The daily backup plan retention in days. By default this is 365 days. | `number` | `365` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | <pre>{<br>  "aws_backup": "true",<br>  "created_by": "<YOUR_NAME>",<br>  "environment": "prod",<br>  "priority": "critical",<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | <pre>{<br/>  "aws_backup": "true",<br/>  "created_by": "<YOUR_NAME>",<br/>  "environment": "prod",<br/>  "priority": "critical",<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_vault_disaster_recovery_name"></a> [vault\_disaster\_recovery\_name](#input\_vault\_disaster\_recovery\_name) | value | `string` | `"vault_disaster_recovery"` | no |
 | <a name="input_vault_prod_daily_name"></a> [vault\_prod\_daily\_name](#input\_vault\_prod\_daily\_name) | value | `string` | `"vault_prod_daily"` | no |
 | <a name="input_vault_prod_hourly_name"></a> [vault\_prod\_hourly\_name](#input\_vault\_prod\_hourly\_name) | value | `string` | `"vault_prod_hourly"` | no |
diff --git a/modules/services/siem/README.md b/modules/services/siem/README.md
index cacece0c..e2bc3278 100644
--- a/modules/services/siem/README.md
+++ b/modules/services/siem/README.md
@@ -187,7 +187,7 @@ No modules.
 | <a name="input_ami"></a> [ami](#input\_ami) | ID of AMI to use for the instance | `string` | n/a | yes |
 | <a name="input_associate_public_ip_address"></a> [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | If true, the EC2 instance will have associated public IP address | `bool` | `false` | no |
 | <a name="input_auto_accept"></a> [auto\_accept](#input\_auto\_accept) | (Optional) Accept the peering (both VPCs need to be in the same AWS account). | `string` | `true` | no |
-| <a name="input_azs"></a> [azs](#input\_azs) | A list of availability zones in the region which will be utilized by this VPC | `list(string)` | <pre>[<br>  "us-east-1a",<br>  "us-east-1b"<br>]</pre> | no |
+| <a name="input_azs"></a> [azs](#input\_azs) | A list of availability zones in the region which will be utilized by this VPC | `list(string)` | <pre>[<br/>  "us-east-1a",<br/>  "us-east-1b"<br/>]</pre> | no |
 | <a name="input_bgp_asn"></a> [bgp\_asn](#input\_bgp\_asn) | BGP ASN used for dynamic routing between the customer gateway and AWS gateway | `number` | `65077` | no |
 | <a name="input_bucket_prefix"></a> [bucket\_prefix](#input\_bucket\_prefix) | (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length | `string` | `"siem-cloudtrail-"` | no |
 | <a name="input_cloudtrail_key_customer_master_key_spec"></a> [cloudtrail\_key\_customer\_master\_key\_spec](#input\_cloudtrail\_key\_customer\_master\_key\_spec) | (Optional) Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC\_DEFAULT, RSA\_2048, RSA\_3072, RSA\_4096, ECC\_NIST\_P256, ECC\_NIST\_P384, ECC\_NIST\_P521, or ECC\_SECG\_P256K1. Defaults to SYMMETRIC\_DEFAULT. For help with choosing a key spec, see the AWS KMS Developer Guide. | `string` | `"SYMMETRIC_DEFAULT"` | no |
@@ -252,9 +252,9 @@ No modules.
 | <a name="input_peer_vpc_subnet"></a> [peer\_vpc\_subnet](#input\_peer\_vpc\_subnet) | (Optional) The subnet cidr block of the VPC which will be a peer | `string` | `""` | no |
 | <a name="input_placement_group"></a> [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `""` | no |
 | <a name="input_private_ip"></a> [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `"10.77.1.70"` | no |
-| <a name="input_private_subnets_list"></a> [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list(string)` | <pre>[<br>  "10.77.1.64/26",<br>  "10.77.1.192/26"<br>]</pre> | no |
+| <a name="input_private_subnets_list"></a> [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list(string)` | <pre>[<br/>  "10.77.1.64/26",<br/>  "10.77.1.192/26"<br/>]</pre> | no |
 | <a name="input_public_key"></a> [public\_key](#input\_public\_key) | (Required) Public rsa key | `string` | n/a | yes |
-| <a name="input_public_subnets_list"></a> [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list(string)` | <pre>[<br>  "10.77.1.0/26",<br>  "10.77.1.128/26"<br>]</pre> | no |
+| <a name="input_public_subnets_list"></a> [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list(string)` | <pre>[<br/>  "10.77.1.0/26",<br/>  "10.77.1.128/26"<br/>]</pre> | no |
 | <a name="input_root_delete_on_termination"></a> [root\_delete\_on\_termination](#input\_root\_delete\_on\_termination) | (Optional) Whether the volume should be destroyed on instance termination (Default: true) | `string` | `true` | no |
 | <a name="input_root_volume_size"></a> [root\_volume\_size](#input\_root\_volume\_size) | (Optional) The size of the volume in gigabytes. | `string` | `"100"` | no |
 | <a name="input_root_volume_type"></a> [root\_volume\_type](#input\_root\_volume\_type) | (Optional) The type of volume. Can be standard, gp2, or io1. (Default: standard) | `string` | `"gp2"` | no |
@@ -264,7 +264,7 @@ No modules.
 | <a name="input_single_nat_gateway"></a> [single\_nat\_gateway](#input\_single\_nat\_gateway) | should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no |
 | <a name="input_static_routes_only"></a> [static\_routes\_only](#input\_static\_routes\_only) | Flag to determine whether or not dynamic or static routing is enabled | `bool` | `true` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | <pre>{<br>  "backup": "true",<br>  "created_by": "Your Name",<br>  "environment": "prod",<br>  "project": "SIEM Implementation",<br>  "service": "soc",<br>  "team": "Security Team",<br>  "terraform": "true",<br>  "used_by": "<YOUR_NAME>"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | <pre>{<br/>  "backup": "true",<br/>  "created_by": "Your Name",<br/>  "environment": "prod",<br/>  "project": "SIEM Implementation",<br/>  "service": "soc",<br/>  "team": "Security Team",<br/>  "terraform": "true",<br/>  "used_by": "<YOUR_NAME>"<br/>}</pre> | no |
 | <a name="input_tenancy"></a> [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Optional) Identifier of an EC2 Transit Gateway. | `string` | `null` | no |
 | <a name="input_transit_subnet_route_cidr_blocks"></a> [transit\_subnet\_route\_cidr\_blocks](#input\_transit\_subnet\_route\_cidr\_blocks) | (Optional) The destination CIDR blocks to send to the transit gateway. | `list(any)` | `null` | no |
diff --git a/modules/vsphere/datacenter/README.md b/modules/vsphere/datacenter/README.md
index 80552dcc..85c3877c 100755
--- a/modules/vsphere/datacenter/README.md
+++ b/modules/vsphere/datacenter/README.md
@@ -108,7 +108,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_folder"></a> [folder](#input\_folder) | The folder where the datacenter will be created. Forces a new resource if this is changed. | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | The name of the datacenter. The name needs to be unique within the folder. Forces a new resource if this is changed. | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the datacenter. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the datacenter. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 
 ## Outputs
 
diff --git a/modules/vsphere/folder/README.md b/modules/vsphere/folder/README.md
index 343fe12f..fd19e97d 100755
--- a/modules/vsphere/folder/README.md
+++ b/modules/vsphere/folder/README.md
@@ -110,7 +110,7 @@ No modules.
 | <a name="input_custom_attributes"></a> [custom\_attributes](#input\_custom\_attributes) | A list of custom attributes to apply to the folder. Unsupported on ESXi hosts, requires vCenter. | `map(string)` | `{}` | no |
 | <a name="input_datacenter_id"></a> [datacenter\_id](#input\_datacenter\_id) | The ID of the datacenter where the folder should be created. Forces a new resource if changed. | `any` | n/a | yes |
 | <a name="input_path"></a> [path](#input\_path) | The path of the folder. Must be unique within the datacenter. This is relative to the root of the folder for the resource type being created. | `any` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the folder. | `map(string)` | <pre>{<br>  "terraform": "true"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the folder. | `map(string)` | <pre>{<br/>  "terraform": "true"<br/>}</pre> | no |
 | <a name="input_type"></a> [type](#input\_type) | The type of the folder. Allowed options are: datacenter, host, vm, datastore, and network. If unset, the default is host. | `string` | `"host"` | no |
 
 ## Outputs

From a5d5ad560abbedeab3d59fa3d95f1550d3e6a616 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Thu, 26 Sep 2024 14:25:01 -0400
Subject: [PATCH 64/86] corrected the missing mgmt output

---
 modules/aws/vendor/velocloud/outputs.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
index 32c13f03..80d8530c 100644
--- a/modules/aws/vendor/velocloud/outputs.tf
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -18,9 +18,9 @@ output "public_eip_ip" {
   value = aws_eip.wan_external_ip[*].public_ip
 }
 
-output "mgmt_network_interface_id" {
-  value = aws_network_interface.mgmt_nic[*].id
-}
+# output "mgmt_network_interface_id" {
+#   value = aws_network_interface.mgmt_nic[*].id
+# }
 
 output "public_network_interface_id" {
   value = aws_network_interface.public_nic[*].id

From fd2e7888dd57a6f39edeca86a3ef4af2b8fc6ce9 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Thu, 26 Sep 2024 18:25:35 +0000
Subject: [PATCH 65/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 4f5b209c..8930a2f2 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -174,7 +174,6 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_ec2_instance_id"></a> [ec2\_instance\_id](#output\_ec2\_instance\_id) | n/a |
-| <a name="output_mgmt_network_interface_id"></a> [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a |
 | <a name="output_private_network_interface_id"></a> [private\_network\_interface\_id](#output\_private\_network\_interface\_id) | n/a |
 | <a name="output_public_eip_id"></a> [public\_eip\_id](#output\_public\_eip\_id) | n/a |
 | <a name="output_public_eip_ip"></a> [public\_eip\_ip](#output\_public\_eip\_ip) | n/a |

From a3a3f4324e4f0bc6a3526b5cbb4a0bb6bd63c050 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Thu, 26 Sep 2024 16:03:19 -0400
Subject: [PATCH 66/86] going back to the network_interface block

---
 modules/aws/vendor/velocloud/main.tf | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index f20062c7..76e8edfa 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -155,10 +155,6 @@ resource "aws_network_interface" "public_nic" {
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.public_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 0
-  }
 }
 
 resource "aws_network_interface" "private_nic" {
@@ -203,6 +199,11 @@ resource "aws_instance" "ec2_instance" {
     http_tokens   = var.http_tokens
   }
 
+  network_interface {
+    network_interface_id = aws_network_interface.public_nic.id
+    device_index         = 0
+  }
+
   root_block_device {
     volume_type = var.root_volume_type
     volume_size = var.root_volume_size

From 007067b965c2a7694ff7ad8f75e0f84bb81c1b13 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Thu, 26 Sep 2024 16:08:16 -0400
Subject: [PATCH 67/86] expanding splat

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 76e8edfa..2dbbcd8a 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -200,7 +200,7 @@ resource "aws_instance" "ec2_instance" {
   }
 
   network_interface {
-    network_interface_id = aws_network_interface.public_nic.id
+    network_interface_id = element(aws_network_interface.public_nic[*].id, count.index)
     device_index         = 0
   }
 

From fb5cb434a84a4e92bc49c5b5f26ea564bb91db1f Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 11:51:05 -0400
Subject: [PATCH 68/86] reverting back to the original cloudformation template

---
 modules/aws/vendor/velocloud/main.tf    | 58 +++++++++++++------------
 modules/aws/vendor/velocloud/outputs.tf | 18 ++++----
 2 files changed, 40 insertions(+), 36 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 2dbbcd8a..922f4ba6 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -103,16 +103,16 @@ resource "aws_security_group" "velocloud_lan_sg" {
 # EIP
 ############################################
 
-# resource "aws_eip" "mgmt_external_ip" {
-#   count  = var.number
-#   domain = "vpc"
-# }
+resource "aws_eip" "mgmt_external_ip" {
+  count  = var.number
+  domain = "vpc"
+}
 
-# resource "aws_eip_association" "mgmt_external_ip" {
-#   count                = var.number
-#   allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
-#   network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
-# }
+resource "aws_eip_association" "mgmt_external_ip" {
+  count                = var.number
+  allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
+  network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
+}
 
 resource "aws_eip" "wan_external_ip" {
   count  = var.number
@@ -131,23 +131,23 @@ resource "aws_eip_association" "wan_external_ip" {
 ############################################
 
 # Removed during testing period to match the Mettel Velocloud template
-# resource "aws_network_interface" "mgmt_nic" {
-#   # Ge1 is the management interface in VeloCloud and attached at eth0
-#   count             = var.number
-#   description       = var.mgmt_nic_description
-#   private_ips       = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
-#   security_groups   = [aws_security_group.sdwan_mgmt_sg.id]
-#   source_dest_check = var.source_dest_check
-#   subnet_id         = element(var.public_subnet_ids, count.index)
-#   tags              = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
-#   attachment {
-#     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-#     device_index = 0
-#   }
-# }
+resource "aws_network_interface" "mgmt_nic" {
+  # Ge1 is the management interface in VeloCloud and attached at eth0
+  count             = var.number
+  description       = var.mgmt_nic_description
+  private_ips       = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)]
+  security_groups   = [aws_security_group.sdwan_mgmt_sg.id]
+  source_dest_check = var.source_dest_check
+  subnet_id         = element(var.public_subnet_ids, count.index)
+  tags              = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 0
+  }
+}
 
 resource "aws_network_interface" "public_nic" {
-  # Ge1 is the public interface in VeloCloud and attached at eth0
+  # Ge2 is the public interface in VeloCloud and attached at eth1
   count             = var.number
   description       = var.public_nic_description
   private_ips       = var.public_ips == null ? null : [element(var.public_ips, count.index)]
@@ -155,10 +155,14 @@ resource "aws_network_interface" "public_nic" {
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.public_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
+  attachment {
+    instance     = element(aws_instance.ec2_instance[*].id, count.index)
+    device_index = 1
+  }
 }
 
 resource "aws_network_interface" "private_nic" {
-  # Ge2 is the private interface in VeloCloud and attached at eth1
+  # Ge3 is the private interface in VeloCloud and attached at eth2
   count             = var.number
   description       = var.private_nic_description
   private_ips       = var.private_ips == null ? null : [element(var.private_ips, count.index)]
@@ -169,7 +173,7 @@ resource "aws_network_interface" "private_nic" {
 
   attachment {
     instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 1
+    device_index = 2
   }
 }
 
@@ -200,7 +204,7 @@ resource "aws_instance" "ec2_instance" {
   }
 
   network_interface {
-    network_interface_id = element(aws_network_interface.public_nic[*].id, count.index)
+    network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
     device_index         = 0
   }
 
diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
index 80d8530c..b65868a7 100644
--- a/modules/aws/vendor/velocloud/outputs.tf
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -2,13 +2,13 @@ output "ec2_instance_id" {
   value = aws_instance.ec2_instance[*].id
 }
 
-# output "mgmt_eip_id" {
-#   value = aws_eip.mgmt_external_ip[*].id
-# }
+output "mgmt_eip_id" {
+  value = aws_eip.mgmt_external_ip[*].id
+}
 
-# output "mgmt_eip_ip" {
-#   value = aws_eip.mgmt_external_ip[*].public_ip
-# }
+output "mgmt_eip_ip" {
+  value = aws_eip.mgmt_external_ip[*].public_ip
+}
 
 output "public_eip_id" {
   value = aws_eip.wan_external_ip[*].id
@@ -18,9 +18,9 @@ output "public_eip_ip" {
   value = aws_eip.wan_external_ip[*].public_ip
 }
 
-# output "mgmt_network_interface_id" {
-#   value = aws_network_interface.mgmt_nic[*].id
-# }
+output "mgmt_network_interface_id" {
+  value = aws_network_interface.mgmt_nic[*].id
+}
 
 output "public_network_interface_id" {
   value = aws_network_interface.public_nic[*].id

From 4bfab961135ebe14bafc76ae6efa0258d31ba41c Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Tue, 8 Oct 2024 15:51:52 +0000
Subject: [PATCH 69/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 8930a2f2..eb5cfb17 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -121,9 +121,12 @@ No modules.
 |------|------|
 | [aws_cloudwatch_metric_alarm.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
 | [aws_cloudwatch_metric_alarm.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_eip.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_eip.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_eip_association.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
+| [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_security_group.sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
@@ -174,6 +177,9 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_ec2_instance_id"></a> [ec2\_instance\_id](#output\_ec2\_instance\_id) | n/a |
+| <a name="output_mgmt_eip_id"></a> [mgmt\_eip\_id](#output\_mgmt\_eip\_id) | n/a |
+| <a name="output_mgmt_eip_ip"></a> [mgmt\_eip\_ip](#output\_mgmt\_eip\_ip) | n/a |
+| <a name="output_mgmt_network_interface_id"></a> [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a |
 | <a name="output_private_network_interface_id"></a> [private\_network\_interface\_id](#output\_private\_network\_interface\_id) | n/a |
 | <a name="output_public_eip_id"></a> [public\_eip\_id](#output\_public\_eip\_id) | n/a |
 | <a name="output_public_eip_ip"></a> [public\_eip\_ip](#output\_public\_eip\_ip) | n/a |

From 1dbc99350397764af94dc0e66639cd403b626196 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 11:58:41 -0400
Subject: [PATCH 70/86] removed unused comment

---
 modules/aws/vendor/velocloud/main.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 922f4ba6..40cb9d7f 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -130,7 +130,6 @@ resource "aws_eip_association" "wan_external_ip" {
 # ENI
 ############################################
 
-# Removed during testing period to match the Mettel Velocloud template
 resource "aws_network_interface" "mgmt_nic" {
   # Ge1 is the management interface in VeloCloud and attached at eth0
   count             = var.number

From d86a8e0970ec42cc38bf35c19c043ecc9256f1af Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 12:09:50 -0400
Subject: [PATCH 71/86] removed incorrect device attachment on mgmt

---
 modules/aws/vendor/velocloud/main.tf | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 40cb9d7f..850306ec 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -139,10 +139,6 @@ resource "aws_network_interface" "mgmt_nic" {
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.public_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) }))
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 0
-  }
 }
 
 resource "aws_network_interface" "public_nic" {

From 7285ee9b246c2de441f6fa368915c721a27d2df3 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 12:26:44 -0400
Subject: [PATCH 72/86] removing mgmt ip address

---
 modules/aws/vendor/velocloud/main.tf | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 850306ec..2bad84d7 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -103,16 +103,17 @@ resource "aws_security_group" "velocloud_lan_sg" {
 # EIP
 ############################################
 
-resource "aws_eip" "mgmt_external_ip" {
-  count  = var.number
-  domain = "vpc"
-}
-
-resource "aws_eip_association" "mgmt_external_ip" {
-  count                = var.number
-  allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
-  network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
-}
+# Per the documentation, the MGMT interface does not require an EIP
+# resource "aws_eip" "mgmt_external_ip" {
+#   count  = var.number
+#   domain = "vpc"
+# }
+
+# resource "aws_eip_association" "mgmt_external_ip" {
+#   count                = var.number
+#   allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
+#   network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
+# }
 
 resource "aws_eip" "wan_external_ip" {
   count  = var.number

From db3f35d47fb5cf20c21f34fe6464b9622fabff9e Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Tue, 8 Oct 2024 16:27:17 +0000
Subject: [PATCH 73/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index eb5cfb17..b4743ed1 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -121,9 +121,7 @@ No modules.
 |------|------|
 | [aws_cloudwatch_metric_alarm.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
 | [aws_cloudwatch_metric_alarm.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
-| [aws_eip.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_eip.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
-| [aws_eip_association.mgmt_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource |
 | [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
 | [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |

From 1bcc69fa6faa2f61431d914c12b157060bf181ec Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 12:27:29 -0400
Subject: [PATCH 74/86] removed outputs for mgmt EIPs

---
 modules/aws/vendor/velocloud/outputs.tf | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
index b65868a7..cc05bb67 100644
--- a/modules/aws/vendor/velocloud/outputs.tf
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -2,13 +2,14 @@ output "ec2_instance_id" {
   value = aws_instance.ec2_instance[*].id
 }
 
-output "mgmt_eip_id" {
-  value = aws_eip.mgmt_external_ip[*].id
-}
+# Per the documentation, the MGMT interface does not require an EIP
+# output "mgmt_eip_id" {
+#   value = aws_eip.mgmt_external_ip[*].id
+# }
 
-output "mgmt_eip_ip" {
-  value = aws_eip.mgmt_external_ip[*].public_ip
-}
+# output "mgmt_eip_ip" {
+#   value = aws_eip.mgmt_external_ip[*].public_ip
+# }
 
 output "public_eip_id" {
   value = aws_eip.wan_external_ip[*].id

From f6335d26372ac4fa208fbd0c9c379420bfe97927 Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Tue, 8 Oct 2024 16:28:29 +0000
Subject: [PATCH 75/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index b4743ed1..174ad3f7 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -175,8 +175,6 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_ec2_instance_id"></a> [ec2\_instance\_id](#output\_ec2\_instance\_id) | n/a |
-| <a name="output_mgmt_eip_id"></a> [mgmt\_eip\_id](#output\_mgmt\_eip\_id) | n/a |
-| <a name="output_mgmt_eip_ip"></a> [mgmt\_eip\_ip](#output\_mgmt\_eip\_ip) | n/a |
 | <a name="output_mgmt_network_interface_id"></a> [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a |
 | <a name="output_private_network_interface_id"></a> [private\_network\_interface\_id](#output\_private\_network\_interface\_id) | n/a |
 | <a name="output_public_eip_id"></a> [public\_eip\_id](#output\_public\_eip\_id) | n/a |

From d3efc8a5bbc16ae52fcc557a349c181af8014f83 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 13:50:47 -0400
Subject: [PATCH 76/86] matching the network_interface attachment -
 Cloudformation has the network interfaces added at the time of the instance
 creation

---
 modules/aws/vendor/velocloud/main.tf    | 38 +++++++++++--------------
 modules/aws/vendor/velocloud/outputs.tf |  9 ------
 2 files changed, 17 insertions(+), 30 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 2bad84d7..9ad994f7 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -103,18 +103,6 @@ resource "aws_security_group" "velocloud_lan_sg" {
 # EIP
 ############################################
 
-# Per the documentation, the MGMT interface does not require an EIP
-# resource "aws_eip" "mgmt_external_ip" {
-#   count  = var.number
-#   domain = "vpc"
-# }
-
-# resource "aws_eip_association" "mgmt_external_ip" {
-#   count                = var.number
-#   allocation_id        = element(aws_eip.mgmt_external_ip[*].id, count.index)
-#   network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index)
-# }
-
 resource "aws_eip" "wan_external_ip" {
   count  = var.number
   domain = "vpc"
@@ -151,10 +139,6 @@ resource "aws_network_interface" "public_nic" {
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.public_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) }))
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 1
-  }
 }
 
 resource "aws_network_interface" "private_nic" {
@@ -166,11 +150,6 @@ resource "aws_network_interface" "private_nic" {
   source_dest_check = var.source_dest_check
   subnet_id         = element(var.private_subnet_ids, count.index)
   tags              = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) }))
-
-  attachment {
-    instance     = element(aws_instance.ec2_instance[*].id, count.index)
-    device_index = 2
-  }
 }
 
 ############################################
@@ -178,6 +157,7 @@ resource "aws_network_interface" "private_nic" {
 ############################################
 
 resource "aws_instance" "ec2_instance" {
+  
   ami                  = data.aws_ami.velocloud.id
   count                = var.number
   ebs_optimized        = var.ebs_optimized
@@ -204,11 +184,27 @@ resource "aws_instance" "ec2_instance" {
     device_index         = 0
   }
 
+  network_interface {
+    network_interface_id = element(aws_network_interface.public_nic[*].id, count.index)
+    device_index         = 1
+  }
+
+  network_interface {
+    network_interface_id = element(aws_network_interface.private_nic[*].id, count.index)
+    device_index         = 2
+  }
+
   root_block_device {
     volume_type = var.root_volume_type
     volume_size = var.root_volume_size
     encrypted   = var.root_ebs_volume_encrypted
   }
+
+  depends_on = [ 
+    aws_network_interface.mgmt_nic,
+    aws_network_interface.public_nic,
+    aws_network_interface.private_nic
+   ]
 }
 
 ###################################################
diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf
index cc05bb67..3a3e87b7 100644
--- a/modules/aws/vendor/velocloud/outputs.tf
+++ b/modules/aws/vendor/velocloud/outputs.tf
@@ -2,15 +2,6 @@ output "ec2_instance_id" {
   value = aws_instance.ec2_instance[*].id
 }
 
-# Per the documentation, the MGMT interface does not require an EIP
-# output "mgmt_eip_id" {
-#   value = aws_eip.mgmt_external_ip[*].id
-# }
-
-# output "mgmt_eip_ip" {
-#   value = aws_eip.mgmt_external_ip[*].public_ip
-# }
-
 output "public_eip_id" {
   value = aws_eip.wan_external_ip[*].id
 }

From 4a839814a9c76a434841772deca0107829d0ba1f Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Tue, 8 Oct 2024 17:51:40 +0000
Subject: [PATCH 77/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 9ad994f7..d238c934 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -157,7 +157,7 @@ resource "aws_network_interface" "private_nic" {
 ############################################
 
 resource "aws_instance" "ec2_instance" {
-  
+
   ami                  = data.aws_ami.velocloud.id
   count                = var.number
   ebs_optimized        = var.ebs_optimized
@@ -200,11 +200,11 @@ resource "aws_instance" "ec2_instance" {
     encrypted   = var.root_ebs_volume_encrypted
   }
 
-  depends_on = [ 
+  depends_on = [
     aws_network_interface.mgmt_nic,
     aws_network_interface.public_nic,
     aws_network_interface.private_nic
-   ]
+  ]
 }
 
 ###################################################

From 65dec90ed220093307c2c0e0441da53cd3c3d30b Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 15:07:10 -0400
Subject: [PATCH 78/86] updated user_data.sh and main.tf for velocloud module

---
 modules/aws/vendor/velocloud/main.tf      | 1 +
 modules/aws/vendor/velocloud/user_data.sh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index d238c934..f8de31ef 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -201,6 +201,7 @@ resource "aws_instance" "ec2_instance" {
   }
 
   depends_on = [
+    aws_eip.wan_external_ip,
     aws_network_interface.mgmt_nic,
     aws_network_interface.public_nic,
     aws_network_interface.private_nic
diff --git a/modules/aws/vendor/velocloud/user_data.sh b/modules/aws/vendor/velocloud/user_data.sh
index 9d19b667..c32a1872 100644
--- a/modules/aws/vendor/velocloud/user_data.sh
+++ b/modules/aws/vendor/velocloud/user_data.sh
@@ -3,4 +3,4 @@ velocloud:
   vce:
     vco: ${velocloud_orchestrator}
     activation_code: ${velocloud_activation_key}
-    vco_ignore_cert_errors: ${velocloud_ignore_cert_errors}
\ No newline at end of file
+    vco_ignore_cert_errors: ${velocloud_ignore_cert_errors}

From 1431a6446592316ddcc135ec1ce42f0433725ceb Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 18:32:21 -0400
Subject: [PATCH 79/86] removed extra space

---
 modules/aws/vendor/velocloud/user_data.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/user_data.sh b/modules/aws/vendor/velocloud/user_data.sh
index c32a1872..c797d631 100644
--- a/modules/aws/vendor/velocloud/user_data.sh
+++ b/modules/aws/vendor/velocloud/user_data.sh
@@ -1,4 +1,4 @@
-#cloud-config 
+#cloud-config
 velocloud:
   vce:
     vco: ${velocloud_orchestrator}

From c3ca19d9c6a41890813ee3a583b124858ecc4e3e Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Tue, 8 Oct 2024 18:42:27 -0400
Subject: [PATCH 80/86] changing the user_data file extension to .tftpl

---
 modules/aws/vendor/velocloud/main.tf                           | 2 +-
 modules/aws/vendor/velocloud/{user_data.sh => user_data.tftpl} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename modules/aws/vendor/velocloud/{user_data.sh => user_data.tftpl} (100%)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index f8de31ef..430f12ed 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -168,7 +168,7 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data = templatefile("${path.module}/user_data.sh", {
+  user_data = templatefile("${path.module}/user_data.tftpl", {
     velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
     velocloud_orchestrator       = var.velocloud_orchestrator
diff --git a/modules/aws/vendor/velocloud/user_data.sh b/modules/aws/vendor/velocloud/user_data.tftpl
similarity index 100%
rename from modules/aws/vendor/velocloud/user_data.sh
rename to modules/aws/vendor/velocloud/user_data.tftpl

From 7e906f447acad25b12fb1e337b09b640f3cfe68b Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 18 Oct 2024 15:31:20 -0400
Subject: [PATCH 81/86] added echo for validating whether the configuration
 worked

---
 modules/aws/vendor/velocloud/user_data_manual.tftpl | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 modules/aws/vendor/velocloud/user_data_manual.tftpl

diff --git a/modules/aws/vendor/velocloud/user_data_manual.tftpl b/modules/aws/vendor/velocloud/user_data_manual.tftpl
new file mode 100644
index 00000000..bacc28b4
--- /dev/null
+++ b/modules/aws/vendor/velocloud/user_data_manual.tftpl
@@ -0,0 +1,9 @@
+#cloud-config
+velocloud:
+  vce:
+    vco: ${velocloud_orchestrator}
+    activation_code: ${velocloud_activation_key}
+    vco_ignore_cert_errors: ${velocloud_ignore_cert_errors}
+
+runcmd:
+  - echo "Velocloud vEdge Successfully Configured"
\ No newline at end of file

From 9fc1756811e401f89ecb5b3b233d973b0057d29c Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 18 Oct 2024 15:32:23 -0400
Subject: [PATCH 82/86] added echo command to both user_data_manual.tftpl and
 user_data.tftpl

---
 modules/aws/vendor/velocloud/user_data.tftpl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/aws/vendor/velocloud/user_data.tftpl b/modules/aws/vendor/velocloud/user_data.tftpl
index c797d631..bacc28b4 100644
--- a/modules/aws/vendor/velocloud/user_data.tftpl
+++ b/modules/aws/vendor/velocloud/user_data.tftpl
@@ -4,3 +4,6 @@ velocloud:
     vco: ${velocloud_orchestrator}
     activation_code: ${velocloud_activation_key}
     vco_ignore_cert_errors: ${velocloud_ignore_cert_errors}
+
+runcmd:
+  - echo "Velocloud vEdge Successfully Configured"
\ No newline at end of file

From f88a4d113197ee1ea5e72d1636ca746ebb62b9b6 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 18 Oct 2024 16:04:13 -0400
Subject: [PATCH 83/86] removed user_data_manual.tftpl added var.user_data

---
 modules/aws/vendor/velocloud/main.tf          |  2 +-
 .../vendor/velocloud/user_data_manual.tftpl   |  9 -----
 modules/aws/vendor/velocloud/variables.tf     | 40 +++++++++++--------
 3 files changed, 24 insertions(+), 27 deletions(-)
 delete mode 100644 modules/aws/vendor/velocloud/user_data_manual.tftpl

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 430f12ed..49028539 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -168,7 +168,7 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data = templatefile("${path.module}/user_data.tftpl", {
+  user_data = var.user_data != null ? var.user_data : templatefile("${path.module}/user_data.tftpl", {
     velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
     velocloud_orchestrator       = var.velocloud_orchestrator
diff --git a/modules/aws/vendor/velocloud/user_data_manual.tftpl b/modules/aws/vendor/velocloud/user_data_manual.tftpl
deleted file mode 100644
index bacc28b4..00000000
--- a/modules/aws/vendor/velocloud/user_data_manual.tftpl
+++ /dev/null
@@ -1,9 +0,0 @@
-#cloud-config
-velocloud:
-  vce:
-    vco: ${velocloud_orchestrator}
-    activation_code: ${velocloud_activation_key}
-    vco_ignore_cert_errors: ${velocloud_ignore_cert_errors}
-
-runcmd:
-  - echo "Velocloud vEdge Successfully Configured"
\ No newline at end of file
diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf
index a1277f73..c4406996 100644
--- a/modules/aws/vendor/velocloud/variables.tf
+++ b/modules/aws/vendor/velocloud/variables.tf
@@ -125,6 +125,26 @@ variable "hibernation" {
   default     = null
 }
 
+variable "http_endpoint" {
+  type        = string
+  description = "(Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled."
+  default     = "enabled"
+  validation {
+    condition     = can(regex("^(enabled|disabled)$", var.http_endpoint))
+    error_message = "The value must be either enabled or disabled."
+  }
+}
+
+variable "http_tokens" {
+  type        = string
+  description = "(Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional."
+  default     = "required"
+  validation {
+    condition     = can(regex("^(optional|required)$", var.http_tokens))
+    error_message = "The value must be either optional or required."
+  }
+}
+
 variable "instance_type" {
   description = "(Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance."
   default     = "c5.xlarge"
@@ -187,24 +207,10 @@ variable "velocloud_orchestrator" {
   type        = string
 }
 
-variable "http_endpoint" {
+variable "user_data" {
+  description = "(Optional) The user data to provide when launching the instance. By default, the velocloud variables will generate a unique user_data cloud-init configuration for you. This allows specifying custom cloud-init scripting."
   type        = string
-  description = "(Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled."
-  default     = "enabled"
-  validation {
-    condition     = can(regex("^(enabled|disabled)$", var.http_endpoint))
-    error_message = "The value must be either enabled or disabled."
-  }
-}
-
-variable "http_tokens" {
-  type        = string
-  description = "(Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional."
-  default     = "required"
-  validation {
-    condition     = can(regex("^(optional|required)$", var.http_tokens))
-    error_message = "The value must be either optional or required."
-  }
+  default     = null
 }
 
 ###############################################################

From 52edeacf8a7093b58c02cbd18ae55f12839ebd4b Mon Sep 17 00:00:00 2001
From: zachreborn <zachreborn@users.noreply.github.com>
Date: Fri, 18 Oct 2024 20:05:01 +0000
Subject: [PATCH 84/86] Continuous Integration - terraform fmt and
 terraform-docs

---
 modules/aws/vendor/velocloud/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md
index 174ad3f7..876e434d 100755
--- a/modules/aws/vendor/velocloud/README.md
+++ b/modules/aws/vendor/velocloud/README.md
@@ -162,6 +162,7 @@ No modules.
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no |
 | <a name="input_ssh_mgmt_access_cidr_blocks"></a> [ssh\_mgmt\_access\_cidr\_blocks](#input\_ssh\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance. | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | <pre>{<br/>  "created_by": "terraform",<br/>  "environment": "prod",<br/>  "role": "sdwan",<br/>  "terraform": "true"<br/>}</pre> | no |
+| <a name="input_user_data"></a> [user\_data](#input\_user\_data) | (Optional) The user data to provide when launching the instance. By default, the velocloud variables will generate a unique user\_data cloud-init configuration for you. This allows specifying custom cloud-init scripting. | `string` | `null` | no |
 | <a name="input_velocloud_activation_key"></a> [velocloud\_activation\_key](#input\_velocloud\_activation\_key) | (Required) The activation key for the VeloCloud instance(s). | `string` | n/a | yes |
 | <a name="input_velocloud_ignore_cert_errors"></a> [velocloud\_ignore\_cert\_errors](#input\_velocloud\_ignore\_cert\_errors) | (Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false. | `bool` | `false` | no |
 | <a name="input_velocloud_lan_cidr_blocks"></a> [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no |

From daa00de49881ee2cc54b88edc0d2721036b9ff01 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 25 Oct 2024 10:22:17 -0400
Subject: [PATCH 85/86] converting user_data to base64 for velocloud module

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 49028539..45395b65 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -168,7 +168,7 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data = var.user_data != null ? var.user_data : templatefile("${path.module}/user_data.tftpl", {
+  user_data_base64 = var.user_data != null ? var.user_data : templatefile("${path.module}/user_data.tftpl", {
     velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
     velocloud_orchestrator       = var.velocloud_orchestrator

From 80b846b4e476bf0546af748ee58fdeb68b230aa6 Mon Sep 17 00:00:00 2001
From: Zachary Hill <zhill@octo.ventures>
Date: Fri, 25 Oct 2024 10:34:53 -0400
Subject: [PATCH 86/86] back to utf-8

---
 modules/aws/vendor/velocloud/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf
index 45395b65..49028539 100644
--- a/modules/aws/vendor/velocloud/main.tf
+++ b/modules/aws/vendor/velocloud/main.tf
@@ -168,7 +168,7 @@ resource "aws_instance" "ec2_instance" {
   monitoring           = var.monitoring
   volume_tags          = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
   tags                 = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) }))
-  user_data_base64 = var.user_data != null ? var.user_data : templatefile("${path.module}/user_data.tftpl", {
+  user_data = var.user_data != null ? var.user_data : templatefile("${path.module}/user_data.tftpl", {
     velocloud_activation_key     = var.velocloud_activation_key
     velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors
     velocloud_orchestrator       = var.velocloud_orchestrator