diff --git a/.docs/powervs-poc.md b/.docs/powervs-poc.md
index 6fc7de43..c0297c9b 100644
--- a/.docs/powervs-poc.md
+++ b/.docs/powervs-poc.md
@@ -47,12 +47,10 @@ To set the public SSH key value for the VPC VSI, click on the red `VPC Deploymen
 To set the public SSH key value for the Power VS VSIs, click on the red `Power VS` item on the left navigation bar, then click on the key icon. Click on the key icon, expand the SSH Keys section, fill in the public key value, and click the Save button.
 
 ### On-premises network CIDRS and Peer Address
-To set network CIDRs that are being used by the on-prem environment the VPN Gateway and a routing table must be updated.
+To set network CIDRs that are being used by the on-prem environment the VPN Gateway must be updated.
 
 To update the VPN Gateway, click on `VPC Deployments` on the left navigation bar. Scroll down and click on the gateway icon in the `vpn-zone-1` network. Expand the connection section and update the network CIDR in the `Additional Address Prefixes` and `Peer CIDRs` fields. Set VPN connection Peer Address, the address for the on-prem connection, in the `Peer Address` field. Click on both blue Save buttons when finished.
 
-To update the VPN Gateway, click on `VPC Deployments` on the left navigation bar then click on the `poweringress` routing table icon. Change the on-prem CIDR in the `Destination` field and click the blue Save button.
-
 #### On-premises network CIDR outside of 10.0.0.0/8
 If you are using an on-premises network CIDR outside of the `10.0.0.0/8` range in addition to the changes above you will need to add inbound and outbound rules to the `transit-vsi` and `transit-vpe` security groups. These security groups can be found by clicking on `VPC Deployments` on the left navigation bar and then clicking on each security group icon.
 
@@ -135,23 +133,6 @@ IBM Cloud Schematics provides a cost estimation for the project resources after
 
 ## Post-deployment configuration
 
-### Update Power VS route to VPN Gateway
-After deploying the PoC resources the routing table for traffic from Power VS to the VPN Gateway for on-premises must be updated.
-
-First, find the VPN Gateway for VPC's active private address.
-> * You can find this address from [IBM cloud console](https://cloud.ibm.com/).
-> * From left menu click on `VPC Infrastructures > VPNs`. 
-> * Select the region where VPN has been deployed and all VPNs in that region will be listed. 
-> * Select the VPN that was deployed.
-> * Copy or write down the Private IP of the active gateway member
-
-Update the routing table:
-> * From left menu click on `VPC Infrastructures > Routing Tables`. 
-> * Select the VPC that was deployed.
-> * Select the routing table with `poweringress` in its name.
-> Modify the route by clicking the 3 vertical dot icon and choosing Edit.
-> Set the Next hop IP address to the private IP address of the active VPN gateway member
-
 ### Virtual server configuration
 After deploying the PoC resources additional configuration in the VSI operating systems is usually required. IBM i VSIs deployed using the stock images have [required post-deployment configuration](https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-configuring-ibmi).
 
diff --git a/.gitignore b/.gitignore
index 11817f49..f18d8ac0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,4 @@ tfxjs.tfvars
 tf-test/
 dev/
 
+vars.yml
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a532488e..a47d8bc7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,30 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.12.2
+
+### Upgrade Notes
+
+- IBM Cloud Terraform provider version updated to `1.63.0` to add support for Power VS IBM i Licenses
+
+### Features
+
+- A new file `outputs.tf` is now added to each CRAIG Terraform template
+- VPC names, IDs, and CRNs are exported as outputs
+- Subnet names, IDs, and CRNS are exported as outputs
+- VPC Security Group names, and IDs are exported as outputs
+- VPC Virtual Server primary IPs and floating IPs are exported as outputs
+- When bringing your own certificate for VPN Servers, two separate certificates are now imported. Additional variables have been added to support the new imported certificate
+- Users can now create, update, and delete Classic Security Groups and their rules from the Classic Security Groups page `/forms/classicSecurityGroups`
+- Users can now add IBM i licenses to Power VS instances with IBM i images
+- Users can now import existing VPC security groups for existing VPCs
+
+### Fixes
+
+- Fixed an issue causing certificates imported into an existing Secrets Manager instance to have incorrect references within Terraform
+- Fixed an issue causing nested forms to not be shown by default when invalid
+- Fixed issues causing imported SLZ JSON files to crash the application on import
+
 ## 1.12.1
 
 ### Upgrade Notes
diff --git a/ansible/template-test/main.yml b/ansible/template-test/main.yml
new file mode 100644
index 00000000..18405485
--- /dev/null
+++ b/ansible/template-test/main.yml
@@ -0,0 +1,138 @@
+---
+# To setup this directory to run locally, copy /vars/vars.template.yml to /vars/vars.yml and fill in needed
+# values
+# To run the playbook locally, run `ansible-playbook main.yml` in this directory.
+# This playbook creates a schematics workspace, uploads a craig .tar file for a specific template to 
+# that workspace, generates a plan, applies the plan to create the resources in the template, and destroys 
+# the newly created resources.
+# If any step fails, the playbook will stop and print the error to the terminal.
+
+- name: Upload CRAIG template to schematics workspace
+  hosts: localhost
+  vars_files: ./vars/vars.yml
+- name: Get IAM token
+  hosts: localhost
+  vars_files: ./vars/vars.yml # variables declared in variables file are added to role automatically
+  roles:
+    - role: get_iam_token
+- name: "Download Template Tarball"
+  hosts: localhost
+  vars_files: ./vars/vars.yml
+  tasks:
+    - name: Download {{template}}.tar to current directory
+      get_url:
+        url: "{{craig_url}}/{{template}}"
+        dest: "{{playbook_dir}}/{{template}}.tar"
+      async: 120
+      retries: 10
+- name: Create Schematics Workspace
+  hosts: localhost
+  vars_files: ./vars/vars.yml # variables declared in variables file are added to role automatically
+  roles:
+    - role: create_schematics_workspace
+      vars:
+        description: Automated CRAIG Testing Workspace
+        tags: ["craig"]
+- name: TODO - convert to roles
+  hosts: localhost
+  vars_files: ./vars/vars.yml
+  tasks: 
+    - name: Upload {{template}}.tar to Schematics Workspace
+      command: "curl -s --request PUT \
+                --url 'https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/template_data/{{ workspace.json.template_data[0].id }}/template_repo_upload' \
+                -H 'Authorization: Bearer {{ token.json.access_token }}' \
+                -H 'Content-Type: multipart/form-data' \
+                --form 'file=@{{playbook_dir}}/{{template}}.tar'"
+      async: 120
+    - name: Wait until {{template}}.tar has been successfully uploaded
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: workspace_status
+      until: workspace_status.json.status == "INACTIVE"
+      delay: 10
+      retries: 50
+    - name: Update variablestore
+      set_fact:
+        variablestore: "{{ variablestore +  [{'name': item, 'secure': true, 'use_default': false,  'value': ssh_key}] }}"
+      loop: "{{template_map[template]}}"
+    - name: Update vars in workspace
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/template_data/{{ workspace.json.template_data[0].id }}/values
+        method: PUT
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+          Content-Type: application/json
+        body_format: json
+        body: 
+          variablestore: "{{ variablestore }}"
+    - name: Start generate plan action
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/plan
+        method: POST
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+        status_code: 202
+      register: job
+    - name: Ensure generate plan finishes
+      uri:
+        url: https://schematics.cloud.ibm.com/v2/jobs/{{job.json.activityid}}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: plan
+      until: plan.json.status.workspace_job_status.status_code == "job_finished" or plan.json.status.workspace_job_status.status_code == "job_failed"
+      failed_when: plan.json.status.workspace_job_status.status_code == "job_failed"
+      delay: 90
+      retries: 50
+    - name: Start apply plan action
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{workspace.json.id}}/apply
+        method: PUT
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+        status_code: 202
+      register: apply
+    - name: Ensure apply plan finishes
+      uri:
+        url: https://schematics.cloud.ibm.com/v2/jobs/{{apply.json.activityid}}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: apply_plan
+      until: apply_plan.json.status.workspace_job_status.status_code == "job_finished" or apply_plan.json.status.workspace_job_status.status_code == "job_failed"
+      failed_when: apply_plan.json.status.workspace_job_status.status_code == "job_failed"
+      delay: 120
+      retries: 50
+    - name: Start destroy action
+      uri:
+        url: https://schematics.cloud.ibm.com/v1/workspaces/{{workspace.json.id}}/destroy
+        method: PUT
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+        status_code: 202
+      register: destroy
+    - name: Ensure destory finishes
+      uri:
+        url: https://schematics.cloud.ibm.com/v2/jobs/{{destroy.json.activityid}}
+        method: GET
+        body_format: json
+        headers:
+          Authorization: Bearer {{token.json.access_token}}
+      register: destroy_plan
+      until: destroy_plan.json.status.workspace_job_status.status_code == "job_finished" or destroy_plan.json.status.workspace_job_status.status_code == "job_failed"
+      failed_when: destroy_plan.json.status.workspace_job_status.status_code == "job_failed"
+      delay: 120
+      retries: 50
+    - name: Delete local {{template}}.tar file
+      file:
+        state: absent
+        path: /{{playbook_dir}}/{{template}}.tar
\ No newline at end of file
diff --git a/ansible/template-test/roles/create_schematics_workspace/README.md b/ansible/template-test/roles/create_schematics_workspace/README.md
new file mode 100644
index 00000000..225dd44b
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/ansible/template-test/roles/create_schematics_workspace/defaults/main.yml b/ansible/template-test/roles/create_schematics_workspace/defaults/main.yml
new file mode 100644
index 00000000..071eaa77
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for create_schematics_workspace
diff --git a/ansible/template-test/roles/create_schematics_workspace/handlers/main.yml b/ansible/template-test/roles/create_schematics_workspace/handlers/main.yml
new file mode 100644
index 00000000..85971811
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for create_schematics_workspace
diff --git a/ansible/template-test/roles/create_schematics_workspace/meta/main.yml b/ansible/template-test/roles/create_schematics_workspace/meta/main.yml
new file mode 100644
index 00000000..c572acc9
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/ansible/template-test/roles/create_schematics_workspace/tasks/main.yml b/ansible/template-test/roles/create_schematics_workspace/tasks/main.yml
new file mode 100644
index 00000000..6f9e9b49
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+# tasks file for create_schematics_workspace 
+- name: Create Schematics Workspace
+  uri:
+    url: https://schematics.cloud.ibm.com/v1/workspaces
+    method: POST
+    headers:
+      Authorization: Bearer {{token.json.access_token}}
+    body_format: json
+    body:
+      "name": "{{ workspace_name }}"
+      "resource_group": "{{ resource_group }}"
+      "type": ["terraform_v1.5"]
+      "location": "{{ region }}"
+      "description": "{{ description }}"
+      "tags": "{{ tags }}"
+      "template_data": [{ "type": "terraform_v1.5"}]
+    status_code: 201
+  register: workspace
\ No newline at end of file
diff --git a/ansible/template-test/roles/create_schematics_workspace/tests/inventory b/ansible/template-test/roles/create_schematics_workspace/tests/inventory
new file mode 100644
index 00000000..878877b0
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/ansible/template-test/roles/create_schematics_workspace/tests/test.yml b/ansible/template-test/roles/create_schematics_workspace/tests/test.yml
new file mode 100644
index 00000000..65321e4a
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - create_schematics_workspace
diff --git a/ansible/template-test/roles/create_schematics_workspace/vars/main.yml b/ansible/template-test/roles/create_schematics_workspace/vars/main.yml
new file mode 100644
index 00000000..07fabc4d
--- /dev/null
+++ b/ansible/template-test/roles/create_schematics_workspace/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for create_schematics_workspace
diff --git a/ansible/template-test/roles/get_iam_token/README.md b/ansible/template-test/roles/get_iam_token/README.md
new file mode 100644
index 00000000..225dd44b
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/ansible/template-test/roles/get_iam_token/defaults/main.yml b/ansible/template-test/roles/get_iam_token/defaults/main.yml
new file mode 100644
index 00000000..825a03fa
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for get_iam_token
diff --git a/ansible/template-test/roles/get_iam_token/handlers/main.yml b/ansible/template-test/roles/get_iam_token/handlers/main.yml
new file mode 100644
index 00000000..2d9c4fcb
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for get_iam_token
diff --git a/ansible/template-test/roles/get_iam_token/meta/main.yml b/ansible/template-test/roles/get_iam_token/meta/main.yml
new file mode 100644
index 00000000..c572acc9
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/ansible/template-test/roles/get_iam_token/tasks/main.yml b/ansible/template-test/roles/get_iam_token/tasks/main.yml
new file mode 100644
index 00000000..2e1c2090
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+# tasks file for get_iam_token
+- name: Get IAM Access Token
+  uri:
+    url: https://iam.cloud.ibm.com/identity/token
+    method: POST
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={{api_key}}"
+  register: token
diff --git a/ansible/template-test/roles/get_iam_token/tests/inventory b/ansible/template-test/roles/get_iam_token/tests/inventory
new file mode 100644
index 00000000..878877b0
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/ansible/template-test/roles/get_iam_token/tests/test.yml b/ansible/template-test/roles/get_iam_token/tests/test.yml
new file mode 100644
index 00000000..3f3ff059
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - get_iam_token
diff --git a/ansible/template-test/roles/get_iam_token/vars/main.yml b/ansible/template-test/roles/get_iam_token/vars/main.yml
new file mode 100644
index 00000000..702d2c68
--- /dev/null
+++ b/ansible/template-test/roles/get_iam_token/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for get_iam_token
diff --git a/ansible/template-test/vars/vars.template.yml b/ansible/template-test/vars/vars.template.yml
new file mode 100644
index 00000000..bc4626c0
--- /dev/null
+++ b/ansible/template-test/vars/vars.template.yml
@@ -0,0 +1,36 @@
+---
+# Copy this file to `vars.yml` and fill in your data
+
+api_key: <api-key>
+ssh_key: <ssh-key>
+prefix: <unique-prefix>
+template: <template>
+workspace_name: <workspace-name>
+
+craig_url: https://craig.119gqgw56ti1.us-south.codeengine.appdomain.cloud/api/craig/template-tar
+region: us-south
+resource_group: craig-rg
+variablestore: [
+            {
+              "name": "ibmcloud_api_key", 
+              "secure": true,
+              "use_default": false,
+              "value": "{{api_key}}"
+            },
+            {
+              "name": "prefix",
+              "use_default": false,
+              "value": "{{prefix}}"
+            }
+          ]
+template_map:
+  from-scratch: []
+  mixed: ["ssh_key_public_key"]
+  vsi: ["slz_ssh_key_public_key"]
+  vsi-edge: ["slz_ssh_key_public_key"]
+  power-vs-sap-hana: ["ssh_key_public_key", "power_secure_powervs_power_ssh_key_key"]
+  oracle-rac: ["power_oracle_template_power_ssh_key"]
+  oracle-si: ["power_oracle_template_power_ssh_key"]
+  power-vs-poc: ["vsi_ssh_key_public_key", "dal10gw_on_prem_connection_preshared_key", "power_dal10_powervs_ssh_key_key"]
+  quick-start-power: ["vsi_ssh_key_public_key"]
+  vpnaas: []
diff --git a/client/src/app.scss b/client/src/app.scss
index e6ac11a4..7c8ad67d 100644
--- a/client/src/app.scss
+++ b/client/src/app.scss
@@ -1479,6 +1479,7 @@ div .sgFormTopMargin {
   top: 10rem;
   height: 75%;
   padding-bottom: 4rem;
+  margin-left: 1rem;
 }
 
 .marginRightThreeQuarterRem {
diff --git a/client/src/components/forms/duplicate-rules/CopyRuleObject.js b/client/src/components/forms/duplicate-rules/CopyRuleObject.js
index f6d9f87d..0360611f 100644
--- a/client/src/components/forms/duplicate-rules/CopyRuleObject.js
+++ b/client/src/components/forms/duplicate-rules/CopyRuleObject.js
@@ -44,8 +44,18 @@ const CopyRuleObject = (props) => {
             className: "fieldWidthSmaller",
             groups: (props.source ? [""] : []).concat(
               props.isSecurityGroup
-                ? splat(props.craig.store.json.security_groups, "name")
-                : splat(props.data.acls, "name")
+                ? splat(
+                    props.craig.store.json.security_groups.filter((sg) => {
+                      if (!sg.use_data) return sg;
+                    }),
+                    "name"
+                  )
+                : splat(
+                    props.data.acls.filter((acl) => {
+                      if (!acl.use_data) return acl;
+                    }),
+                    "name"
+                  )
             ),
             disabled: (stateData) => {
               return stateData.v2;
diff --git a/client/src/components/forms/network-rules-order-card/NetworkingRuleOrderCard.js b/client/src/components/forms/network-rules-order-card/NetworkingRuleOrderCard.js
index c8d211ca..049e7c47 100644
--- a/client/src/components/forms/network-rules-order-card/NetworkingRuleOrderCard.js
+++ b/client/src/components/forms/network-rules-order-card/NetworkingRuleOrderCard.js
@@ -71,7 +71,9 @@ class NetworkingRuleOrderCard extends React.Component {
       direction === "down" ? index + 1 : index - 1
     );
     let component =
-      this.props.parentProps.form.jsonField === "security_groups"
+      this.props.parentProps.form.jsonField === "classic_security_groups"
+        ? this.props.parentProps.craig.classis_security_groups
+        : this.props.parentProps.form.jsonField === "security_groups"
         ? this.props.parentProps.craig.security_groups
         : this.props.parentProps.craig.vpcs.acls;
 
@@ -101,9 +103,30 @@ class NetworkingRuleOrderCard extends React.Component {
     let form =
       (!this.props.parentProps.isModal &&
         (this.props.parentProps.form.jsonField === "acls" ||
-          this.props.parentProps.form.jsonField === "security_groups")) ===
-      false
+          this.props.parentProps.form.jsonField === "security_groups" ||
+          this.props.parentProps.form.jsonField ===
+            "classic_security_groups")) === false
         ? {}
+        : this.props.parentProps.form.jsonField === "classic_security_groups"
+        ? {
+            groups: [
+              {
+                name: craig.classic_security_groups.classic_sg_rules.name,
+                direction:
+                  craig.classic_security_groups.classic_sg_rules.direction,
+              },
+              {
+                ruleProtocol:
+                  craig.classic_security_groups.classic_sg_rules.ruleProtocol,
+              },
+              {
+                port_range_min:
+                  craig.classic_security_groups.classic_sg_rules.port_range_min,
+                port_range_max:
+                  craig.classic_security_groups.classic_sg_rules.port_range_max,
+              },
+            ],
+          }
         : isSecurityGroup
         ? {
             groups: [
@@ -151,34 +174,53 @@ class NetworkingRuleOrderCard extends React.Component {
               },
             ],
           };
+    let rulesField =
+      this.props.parentProps.form.jsonField === "classic_security_groups"
+        ? "classic_sg_rules"
+        : "rules";
+    let isClassicSg =
+      this.props.parentProps.form.jsonField === "classic_security_groups";
     return !this.props.parentProps.isModal &&
       (this.props.parentProps.form.jsonField === "acls" ||
-        this.props.parentProps.form.jsonField === "security_groups") &&
+        this.props.parentProps.form.jsonField === "security_groups" ||
+        this.props.parentProps.form.jsonField === "classic_security_groups") &&
       this.props.parentState.use_data !== true ? (
       <>
         <DynamicFormModal
           name={
-            isSecurityGroup
+            isSecurityGroup || isClassicSg
               ? "Create a Security Group Rule"
               : "Create an ACL Rule"
           }
           show={this.state.showModal}
           beginDisabled
-          submissionFieldName={isSecurityGroup ? "sg_rules" : "acl_rules"}
+          submissionFieldName={
+            isClassicSg
+              ? "classic_sg_rules"
+              : isSecurityGroup
+              ? "sg_rules"
+              : "acl_rules"
+          }
           onRequestClose={this.handleModalToggle}
           onRequestSubmit={(stateData) => {
-            let resource = isSecurityGroup
+            let resource = isClassicSg
+              ? craig.classic_security_groups
+              : isSecurityGroup
               ? craig.security_groups
               : craig.vpcs.acls;
-            resource.rules.create(stateData, {
+            resource[rulesField].create(stateData, {
               parent_name: this.props.parentProps.data.name,
               vpc_name: this.props.parentProps.data.vpc,
+              innerFormProps: {
+                arrayParentName: this.props.parentProps.data.name,
+              },
             });
             this.handleModalToggle();
           }}
         >
           {RenderForm(DynamicForm, {
             craig: craig,
+            arrayParentName: this.props.parentProps.data.name,
             data: {
               ruleProtocol: "",
               source: "",
@@ -187,7 +229,11 @@ class NetworkingRuleOrderCard extends React.Component {
             shouldDisableSubmit: function () {
               if (
                 disableSave(
-                  isSecurityGroup ? "sg_rules" : "acl_rules",
+                  isClassicSg
+                    ? "classic_sg_rules"
+                    : isSecurityGroup
+                    ? "sg_rules"
+                    : "acl_rules",
                   this.state,
                   this.props
                 ) === false
@@ -220,7 +266,7 @@ class NetworkingRuleOrderCard extends React.Component {
                 customIcon={this.state.showTable ? Edit : DataView}
                 hoverText={this.state.showTable ? "Edit" : "Manage Rules"}
                 className="edit-view-btn"
-                hide={this.props.parentProps.data.rules.length < 0} // do not show edit if no rules
+                hide={this.props.parentProps.data[rulesField].length < 0} // do not show edit if no rules
               />
               <PrimaryButton
                 type="add"
@@ -233,66 +279,81 @@ class NetworkingRuleOrderCard extends React.Component {
         />
         {this.state.displayMode ? (
           <OrderCardDataTable
-            key={JSON.stringify(this.props.parentProps.data.rules)}
-            rules={this.props.parentProps.data.rules}
+            key={JSON.stringify(this.props.parentProps.data[rulesField])}
+            rules={this.props.parentProps.data[rulesField]}
             vpc_name={this.props.parentProps.data.vpc}
             isSecurityGroup={isSecurityGroup}
+            isClassicSg={isClassicSg}
           />
         ) : (
-          [...this.props.parentProps.data.rules].map((rule, ruleIndex) => {
-            if (!rule.ruleProtocol) {
-              rule.ruleProtocol = getRuleProtocol(rule);
+          [...this.props.parentProps.data[rulesField]].map(
+            (rule, ruleIndex) => {
+              if (!rule.ruleProtocol) {
+                rule.ruleProtocol = getRuleProtocol(rule);
+              }
+              return (
+                <CraigToggleForm
+                  key={JSON.stringify(rule)}
+                  onDelete={
+                    isClassicSg
+                      ? craig.classic_security_groups.classic_sg_rules.delete
+                      : isSecurityGroup
+                      ? craig.security_groups.rules.delete
+                      : craig.vpcs.acls.rules.delete
+                  }
+                  onSave={
+                    isClassicSg
+                      ? craig.classic_security_groups.classic_sg_rules.save
+                      : isSecurityGroup
+                      ? craig.security_groups.rules.save
+                      : craig.vpcs.acls.rules.save
+                  }
+                  onShowToggle={() => {
+                    this.openForm(ruleIndex);
+                  }}
+                  craig={craig}
+                  hide={!contains(this.state.openForms, ruleIndex)}
+                  hideName
+                  submissionFieldName={
+                    isClassicSg
+                      ? "classic_sg_rules"
+                      : isSecurityGroup
+                      ? "sg_rules"
+                      : "acl_rules"
+                  }
+                  tabPanel={{
+                    hideAbout: true,
+                  }}
+                  disableUp={ruleIndex === 0}
+                  handleUp={() => {
+                    this.saveRuleOrder("up", ruleIndex);
+                  }}
+                  disableDown={
+                    ruleIndex ===
+                    this.props.parentProps.data[rulesField].length - 1
+                  }
+                  handleDown={() => {
+                    this.saveRuleOrder("down", ruleIndex);
+                  }}
+                  name={rule.name}
+                  type={
+                    this.props.parentProps.classicCraig
+                      ? "subForm"
+                      : "formInSubForm"
+                  }
+                  aclClassicCraig={this.props.parentProps.classicCraig}
+                  innerFormProps={{
+                    craig: craig,
+                    data: rule,
+                    parent_name: this.props.parentProps.data.name,
+                    form: form,
+                    rules: this.props.parentProps.data.rules,
+                    arrayParentName: this.props.parentProps.data.name,
+                  }}
+                />
+              );
             }
-            return (
-              <CraigToggleForm
-                key={JSON.stringify(rule)}
-                onDelete={
-                  isSecurityGroup
-                    ? craig.security_groups.rules.delete
-                    : craig.vpcs.acls.rules.delete
-                }
-                onSave={
-                  isSecurityGroup
-                    ? craig.security_groups.rules.save
-                    : craig.vpcs.acls.rules.save
-                }
-                onShowToggle={() => {
-                  this.openForm(ruleIndex);
-                }}
-                craig={craig}
-                hide={!contains(this.state.openForms, ruleIndex)}
-                hideName
-                submissionFieldName={isSecurityGroup ? "sg_rules" : "acl_rules"}
-                tabPanel={{
-                  hideAbout: true,
-                }}
-                disableUp={ruleIndex === 0}
-                handleUp={() => {
-                  this.saveRuleOrder("up", ruleIndex);
-                }}
-                disableDown={
-                  ruleIndex === this.props.parentProps.data.rules.length - 1
-                }
-                handleDown={() => {
-                  this.saveRuleOrder("down", ruleIndex);
-                }}
-                name={rule.name}
-                type={
-                  this.props.parentProps.classicCraig
-                    ? "subForm"
-                    : "formInSubForm"
-                }
-                aclClassicCraig={this.props.parentProps.classicCraig}
-                innerFormProps={{
-                  craig: craig,
-                  data: rule,
-                  parent_name: this.props.parentProps.data.name,
-                  form: form,
-                  rules: this.props.parentProps.data.rules,
-                }}
-              />
-            );
-          })
+          )
         )}
       </>
     ) : (
diff --git a/client/src/components/forms/network-rules-order-card/OrderCardDataTable.js b/client/src/components/forms/network-rules-order-card/OrderCardDataTable.js
index 8d89fd32..560ef2a2 100644
--- a/client/src/components/forms/network-rules-order-card/OrderCardDataTable.js
+++ b/client/src/components/forms/network-rules-order-card/OrderCardDataTable.js
@@ -9,7 +9,7 @@ import {
   TableContainer,
 } from "@carbon/react";
 import React, { Component } from "react";
-import { contains, allFieldsNull, transpose } from "lazy-z";
+import { contains, allFieldsNull, carve } from "lazy-z";
 import PropTypes from "prop-types";
 
 /**
@@ -22,7 +22,7 @@ function getRuleProtocol(rule) {
   // for each possible protocol
   ["icmp", "tcp", "udp"].forEach((field) => {
     // set protocol to that field if not all fields are null
-    if (allFieldsNull(rule[field]) === false) {
+    if (rule[field] && allFieldsNull(rule[field]) === false) {
       protocol = field;
     }
   });
@@ -37,7 +37,7 @@ function getRuleProtocol(rule) {
  * @returns {object} rows, headers for data table
  */
 function setupRowsAndHeaders(componentProps) {
-  const { rules, isSecurityGroup } = { ...componentProps };
+  const { rules, isSecurityGroup, isClassicSg } = { ...componentProps };
 
   const headers = [
     {
@@ -57,10 +57,14 @@ function setupRowsAndHeaders(componentProps) {
 
   // set up required data for each row
   rows.forEach((row) => {
-    row.protocol = getRuleProtocol(row);
+    row.protocol = isClassicSg ? row.ruleProtocol : getRuleProtocol(row);
     row.id = row.name;
     row.port =
-      row.protocol === "all"
+      isClassicSg && row.ruleProtocol === "all"
+        ? "ALL"
+        : isClassicSg
+        ? `${row.port_range_min}-${row.port_range_max}`
+        : row.protocol === "all"
         ? "ALL"
         : row.protocol === "icmp"
         ? row.icmp.code
@@ -74,7 +78,7 @@ function setupRowsAndHeaders(componentProps) {
   });
 
   // add in action and destination if not security group
-  if (!isSecurityGroup) {
+  if (!isSecurityGroup && !isClassicSg) {
     headers.splice(1, 0, {
       // add extra fields if not security group
       key: "action",
@@ -83,6 +87,10 @@ function setupRowsAndHeaders(componentProps) {
     headers.splice(4, 0, { key: "destination", header: "Destination" });
   }
 
+  if (isClassicSg) {
+    carve(headers, "key", "source");
+  }
+
   return { rows: rows, headers: headers };
 }
 
@@ -120,27 +128,34 @@ class OrderCardDataTable extends Component {
                 </TableRow>
               </TableHead>
               <TableBody>
-                {rows.map((row, index) => (
-                  <TableRow
-                    key={row.name + "-" + index}
-                    {...getRowProps({ row })}
-                  >
-                    {row.cells.map((cell) => (
-                      <TableCell
-                        key={JSON.stringify(cell)}
-                        className={
-                          this.props.isSecurityGroup ? "dt-security-group" : ""
-                        }
-                      >
-                        <div key={JSON.stringify(cell) + "-port"}>
-                          {contains(["tcp", "udp", "all", "icmp"], cell.value)
-                            ? cell.value.toUpperCase()
-                            : cell.value}
-                        </div>
-                      </TableCell>
-                    ))}
-                  </TableRow>
-                ))}
+                {rows.map((row, index) => {
+                  return (
+                    <TableRow
+                      key={row.name + "-" + index}
+                      {...getRowProps({ row })}
+                    >
+                      {row.cells.map((cell) => (
+                        <TableCell
+                          key={JSON.stringify(cell)}
+                          className={
+                            this.props.isSecurityGroup || this.props.isClassicSg
+                              ? "dt-security-group"
+                              : ""
+                          }
+                        >
+                          <div key={JSON.stringify(cell) + "-port"}>
+                            {contains(
+                              ["tcp", "udp", "all", "icmp"],
+                              cell.value
+                            ) && !contains(cell.id, ":name") // prevent name from being transformed into ALL CAPS
+                              ? cell.value.toUpperCase()
+                              : cell.value}
+                          </div>
+                        </TableCell>
+                      ))}
+                    </TableRow>
+                  );
+                })}
               </TableBody>
             </Table>
           </TableContainer>
@@ -150,7 +165,7 @@ class OrderCardDataTable extends Component {
   }
 }
 
-OrderCardDataTable.defaultPRops = {
+OrderCardDataTable.defaultProps = {
   isSecurityGroup: false,
 };
 
diff --git a/client/src/components/forms/utils/FormTemplate.js b/client/src/components/forms/utils/FormTemplate.js
index b95cc8c1..549193be 100644
--- a/client/src/components/forms/utils/FormTemplate.js
+++ b/client/src/components/forms/utils/FormTemplate.js
@@ -125,8 +125,9 @@ class FormTemplate extends React.Component {
     if (this.props.defaultModalValues) {
       formModalProps.data = { ...this.props.defaultModalValues };
     }
+    // or templating like this is to allow for imported slz
     let arrayIsEmpty =
-      this.props.arrayData.length === 0 && this.props.overrideTile;
+      (this.props.arrayData || []).length === 0 && this.props.overrideTile;
     let tabPanelClassName = this.props.subHeading
       ? "subHeading marginBottomSmall"
       : "";
@@ -140,7 +141,9 @@ class FormTemplate extends React.Component {
           headingType={this.props.subHeading ? "subHeading" : ""}
           hideButtons={this.props.hideFormTitleButton}
           className={
-            this.props.arrayData.length === 0 ? "subHeading" : tabPanelClassName
+            (this.props.arrayData || []).length === 0
+              ? "subHeading"
+              : tabPanelClassName
           }
           tooltip={this.props.tooltip}
           about={this.props.docs ? this.props.docs() : false}
@@ -152,13 +155,13 @@ class FormTemplate extends React.Component {
               ) : (
                 <CraigEmptyResourceTile
                   name={this.props.name}
-                  show={this.props.arrayData.length === 0}
+                  show={(this.props.arrayData || []).length === 0}
                   className="marginTop1Rem"
                 />
               )}
 
               {/* for each props passed into the array */}
-              {this.props.arrayData.map((data, index) => {
+              {(this.props.arrayData || []).map((data, index) => {
                 // return a form with the index and props
                 return (
                   <CraigToggleForm
diff --git a/client/src/components/forms/utils/ToggleForm.js b/client/src/components/forms/utils/ToggleForm.js
index aa596bca..ffbccf32 100644
--- a/client/src/components/forms/utils/ToggleForm.js
+++ b/client/src/components/forms/utils/ToggleForm.js
@@ -1,6 +1,6 @@
 import React from "react";
 import PropTypes from "prop-types";
-import { disableSave, propsMatchState } from "../../../lib";
+import { disableSave, forceShowForm, propsMatchState } from "../../../lib";
 import StatefulTabs from "./StatefulTabs";
 import { StatelessFormWrapper } from "./StatelessFormWrapper";
 import DynamicForm from "../DynamicForm";
@@ -192,7 +192,7 @@ class CraigToggleForm extends React.Component {
   }
 
   shouldShow() {
-    return this.props.forceOpen(this.state, this.props);
+    return forceShowForm(this.state, this.props);
   }
 
   networkRuleOrderDidChange(didNotChange) {
@@ -247,7 +247,7 @@ class CraigToggleForm extends React.Component {
               >
                 <StatelessFormWrapper
                   hideTitle={this.props.hideTitle}
-                  hide={this.state.hide}
+                  hide={this.shouldShow() ? false : this.state.hide}
                   iconType={this.props.useAddButton ? "add" : "edit"}
                   onIconClick={this.toggleChildren}
                   toggleFormTitle
@@ -347,7 +347,10 @@ class CraigToggleForm extends React.Component {
                         <span>
                           By selecting this option, data for your existing VPC{" "}
                           <code style={{ padding: "0.33rem", color: "blue" }}>
-                            {this.props.name.replace(/\sVPC/g, "")}
+                            {(
+                              this.props.name || // override for imported slz
+                              ""
+                            ).replace(/\sVPC/g, "")}
                           </code>{" "}
                           will be dynamically retrieved by Terraform at run
                           time.
diff --git a/client/src/components/page-template/PageTemplate.js b/client/src/components/page-template/PageTemplate.js
index bceca789..18aa8669 100644
--- a/client/src/components/page-template/PageTemplate.js
+++ b/client/src/components/page-template/PageTemplate.js
@@ -44,6 +44,7 @@ import {
   LoadBalancerPool,
   AppConnectivity,
   ChartLine,
+  SecurityServices,
 } from "@carbon/icons-react";
 import f5 from "../../images/f5.png";
 import {
@@ -110,6 +111,7 @@ const navIcons = {
     IbmCloudSecurityComplianceCenterWorkloadProtection,
   LoadBalancerPool: LoadBalancerPool,
   AppConnectivity: AppConnectivity,
+  SecurityServices: SecurityServices,
 };
 
 let pageOrder = [
diff --git a/client/src/components/pages/CraigForms.js b/client/src/components/pages/CraigForms.js
index c98ef3c5..f02b8b70 100644
--- a/client/src/components/pages/CraigForms.js
+++ b/client/src/components/pages/CraigForms.js
@@ -387,6 +387,17 @@ function craigForms(craig) {
         },
       ],
     },
+    classic_security_groups: {
+      jsonField: "classic_security_groups",
+      groups: [
+        {
+          name: craig.classic_security_groups.name,
+        },
+        {
+          description: craig.classic_security_groups.description,
+        },
+      ],
+    },
     classic_gateways: {
       jsonField: "classic_gateways",
       groups: [
@@ -1026,6 +1037,11 @@ function craigForms(craig) {
           pi_storage_pool_affinity:
             craig.power_instances.pi_storage_pool_affinity,
         },
+        {
+          pi_ibmi_css: craig.power_instances.pi_ibmi_css,
+          pi_ibmi_pha: craig.power_instances.pi_ibmi_pha,
+          pi_ibmi_rds_users: craig.power_instances.pi_ibmi_rds_users,
+        },
         {
           heading: {
             name: "Boot Volume",
@@ -1245,6 +1261,9 @@ function craigForms(craig) {
           vpc_connections: craig.transit_gateways.vpc_connections,
           power_connections: craig.transit_gateways.power_connections,
         },
+        {
+          classic: craig.transit_gateways.classic,
+        },
         // the patterns where existing infrastructure exists are more likely
         // to import a transit gateway than a vpc CRN. JSON-to-IaC for CRNs
         // is still supported, but will not be displayed. If we have a request
@@ -1576,6 +1595,9 @@ function craigForms(craig) {
     security_groups: {
       jsonField: "security_groups",
       groups: [
+        {
+          use_data: craig.security_groups.use_data,
+        },
         {
           name: craig.security_groups.name,
           resource_group: craig.security_groups.resource_group,
diff --git a/client/src/components/pages/FormPages.js b/client/src/components/pages/FormPages.js
index d6825d07..0d6bb8ee 100644
--- a/client/src/components/pages/FormPages.js
+++ b/client/src/components/pages/FormPages.js
@@ -262,6 +262,15 @@ const CisGlbs = (craig) => {
   });
 };
 
+const ClassicSecurityGroups = (craig) => {
+  return formPageTemplate(craig, {
+    name: "Classic Security Groups",
+    addText: "Create a Security Group",
+    formName: "classic-security-groups",
+    jsonField: "classic_security_groups",
+  });
+};
+
 const ClassicGateways = (craig) => {
   return formPageTemplate(craig, {
     name: "Classic Gateways",
@@ -1330,6 +1339,8 @@ export const NewFormPage = (props) => {
     return Cis(craig);
   } else if (form === "cisGlbs") {
     return CisGlbs(craig);
+  } else if (form === "classicSecurityGroups") {
+    return ClassicSecurityGroups(craig);
   } else if (form === "classicGateways") {
     return ClassicGateways(craig);
   } else if (form === "classicSshKeys") {
diff --git a/client/src/components/pages/classic/Classic.js b/client/src/components/pages/classic/Classic.js
index 5720c5d0..4b47ed88 100644
--- a/client/src/components/pages/classic/Classic.js
+++ b/client/src/components/pages/classic/Classic.js
@@ -1,11 +1,18 @@
 import React from "react";
 import { craigForms } from "../CraigForms";
-import { ClassicMap, ClassicSubnets, SshKeys, docTabs } from "../diagrams";
+import {
+  ClassicMap,
+  ClassicSecurityGroups,
+  ClassicSubnets,
+  SshKeys,
+  docTabs,
+} from "../diagrams";
 import { distinct, isNullOrEmptyString, snakeCase, titleCase } from "lazy-z";
 import {
   FirewallClassic,
   InfrastructureClassic,
   Password,
+  SecurityServices,
   VlanIbm,
 } from "@carbon/icons-react";
 import {
@@ -16,7 +23,12 @@ import {
   DynamicFormModal,
   RenderForm,
 } from "../../forms/utils";
-import { classicInfraTf, disableSave, propsMatchState } from "../../../lib";
+import {
+  classicInfraTf,
+  classicSecurityGroupTf,
+  disableSave,
+  propsMatchState,
+} from "../../../lib";
 import { ClassicGateways } from "../diagrams/ClassicGateways";
 import DynamicForm from "../../forms/DynamicForm";
 import HoverClassNameWrapper from "../diagrams/HoverClassNameWrapper";
@@ -38,6 +50,7 @@ class ClassicDiagram extends React.Component {
     this.onKeyClick = this.onKeyClick.bind(this);
     this.resetSelection = this.resetSelection.bind(this);
     this.onVlanClick = this.onVlanClick.bind(this);
+    this.onSgClick = this.onSgClick.bind(this);
     this.getIcon = this.getIcon.bind(this);
     this.onGwClick = this.onGwClick.bind(this);
     this.handleInputChange = this.handleInputChange.bind(this);
@@ -71,7 +84,9 @@ class ClassicDiagram extends React.Component {
   }
 
   getIcon() {
-    return this.state.selectedItem === "classic_ssh_keys"
+    return this.state.selectedItem === "classic_security_groups"
+      ? SecurityServices
+      : this.state.selectedItem === "classic_ssh_keys"
       ? Password
       : this.state.selectedItem === "classic_vlans"
       ? VlanIbm
@@ -131,6 +146,26 @@ class ClassicDiagram extends React.Component {
     }
   }
 
+  /**
+   * on vlan click
+   * @param {number} sgIndex
+   */
+  onSgClick(sgIndex) {
+    if (
+      this.state.editing &&
+      this.state.selectedItem === "classic_security_groups" &&
+      sgIndex === this.state.selectedIndex
+    ) {
+      this.resetSelection();
+    } else {
+      this.setState({
+        editing: true,
+        selectedIndex: sgIndex,
+        selectedItem: "classic_security_groups",
+      });
+    }
+  }
+
   /**
    * on ssh key click
    * @param {number} keyIndex
@@ -188,7 +223,12 @@ class ClassicDiagram extends React.Component {
             value={this.state.modalService}
             field={{
               labelText: "Resource Type",
-              groups: ["Classic SSH Keys", "Classic VLANs", "Classic Gateways"],
+              groups: [
+                "Classic SSH Keys",
+                "Classic VLANs",
+                "Classic Gateways",
+                "Classic Security Groups",
+              ],
               disabled: (stateData) => {
                 return false;
               },
@@ -272,7 +312,12 @@ class ClassicDiagram extends React.Component {
             name="Classic Network"
             formName="Manage Classic Network"
             nestedDocs={docTabs(
-              ["Classic SSH Keys", "Classic VLANs", "Classic Gateways"],
+              [
+                "Classic SSH Keys",
+                "Classic VLANs",
+                "Classic Gateways",
+                "Classic Security Groups",
+              ],
               craig
             )}
             tfTabs={[
@@ -284,6 +329,10 @@ class ClassicDiagram extends React.Component {
                 name: "Classic Gateways",
                 tf: classicGatewayTf(craig.store.json) || "",
               },
+              {
+                name: "Classic Security Groups",
+                tf: classicSecurityGroupTf(craig.store.json) || "",
+              },
             ]}
             form={
               <>
@@ -319,6 +368,17 @@ class ClassicDiagram extends React.Component {
                         onKeyClick={this.onKeyClick}
                       />
                     </HoverClassNameWrapper>
+                    <ClassicSecurityGroups
+                      craig={craig}
+                      isSelected={(sgIndex) => {
+                        return (
+                          this.state.selectedItem ===
+                            "classic_security_groups" &&
+                          this.state.selectedIndex === sgIndex
+                        );
+                      }}
+                      onClick={this.onSgClick}
+                    />
                     {craig.store.json.classic_vlans.length === 0 ? (
                       <CraigEmptyResourceTile
                         name="Classic VLANS"
@@ -380,7 +440,10 @@ class ClassicDiagram extends React.Component {
                             })}
                             noMarginBottom
                             name={`Editing ${
-                              this.state.selectedItem === "classic_ssh_keys"
+                              this.state.selectedItem ===
+                              "classic_security_groups"
+                                ? "Classic Security Group"
+                                : this.state.selectedItem === "classic_ssh_keys"
                                 ? "Classic SSH Key"
                                 : this.state.selectedItem === "classic_vlans"
                                 ? "VLAN"
diff --git a/client/src/components/pages/diagrams/ClassicSecurityGroups.js b/client/src/components/pages/diagrams/ClassicSecurityGroups.js
new file mode 100644
index 00000000..70781bb5
--- /dev/null
+++ b/client/src/components/pages/diagrams/ClassicSecurityGroups.js
@@ -0,0 +1,73 @@
+import React from "react";
+import { CraigFormHeading } from "../../forms/utils";
+import { SecurityServices } from "@carbon/icons-react";
+import { DeploymentIcon } from "./DeploymentIcon";
+import PropTypes from "prop-types";
+import "./diagrams.css";
+import HoverClassNameWrapper from "./HoverClassNameWrapper";
+
+export const ClassicSecurityGroups = (props) => {
+  let craig = props.craig;
+  return (
+    <HoverClassNameWrapper
+      className={
+        "subForm marginBottomSmall" +
+        (props.width ? " securityGroupsBoxWidth" : "")
+      }
+      hoverClassName="diagramBoxSelected"
+      static={props.static}
+    >
+      <CraigFormHeading
+        icon={<SecurityServices className="diagramTitleIcon" />}
+        name="Classic Security Groups"
+        type="subHeading"
+        noMarginBottom
+      />
+      <div className={"marginBottomSmall"} />
+      <div
+        className={
+          "formInSubForm displayFlex alignItemsCenter powerSubnetChildren" +
+          (props.width ? " securityGroupsBoxWidth" : "")
+        }
+      >
+        {craig.store.json.classic_security_groups.length === 0
+          ? "No Classic Security Groups"
+          : craig.store.json.classic_security_groups.map((sg, sgIndex) => {
+              return (
+                <HoverClassNameWrapper
+                  key={"sg-" + sgIndex}
+                  className="fieldWidthSmaller sgDeploymentBox"
+                  static={props.static}
+                  hoverClassName="diagramIconBoxSelected"
+                >
+                  <DeploymentIcon
+                    craig={craig}
+                    icon={SecurityServices}
+                    item={sg}
+                    itemIndex={sgIndex}
+                    itemName="security_groups"
+                    isSelected={props.isSelected}
+                    onClick={
+                      props.onClick
+                        ? () => {
+                            props.onClick(sgIndex);
+                          }
+                        : undefined
+                    }
+                  />
+                </HoverClassNameWrapper>
+              );
+            })}
+      </div>
+    </HoverClassNameWrapper>
+  );
+};
+
+ClassicSecurityGroups.propTypes = {
+  craig: PropTypes.shape({}).isRequired,
+  vpc: PropTypes.shape({}),
+  width: PropTypes.string,
+  buttons: PropTypes.node,
+  isSelected: PropTypes.func,
+  onClick: PropTypes.func,
+};
diff --git a/client/src/components/pages/diagrams/TransitGatewaysMap.js b/client/src/components/pages/diagrams/TransitGatewaysMap.js
index 5ab6d0fc..e5682f21 100644
--- a/client/src/components/pages/diagrams/TransitGatewaysMap.js
+++ b/client/src/components/pages/diagrams/TransitGatewaysMap.js
@@ -10,6 +10,7 @@ import {
   IbmCloudTransitGateway,
   IbmPowerVs,
   VirtualPrivateCloud,
+  InfrastructureClassic,
 } from "@carbon/icons-react";
 import { CraigFormHeading } from "../../forms/utils";
 import { tagColors } from "../../forms/dynamic-form/components";
@@ -89,10 +90,16 @@ export const TransitGatewaysMap = (props) => {
                         ? connection.vpc
                         : connection.power
                         ? connection.power
-                        : "",
+                        : "Classic Network",
                     }}
                     itemName="connection"
-                    icon={connection.vpc ? VirtualPrivateCloud : IbmPowerVs}
+                    icon={
+                      connection.vpc
+                        ? VirtualPrivateCloud
+                        : connection.classic
+                        ? InfrastructureClassic
+                        : IbmPowerVs
+                    }
                     size="30"
                   />
                 ))}
diff --git a/client/src/components/pages/diagrams/index.js b/client/src/components/pages/diagrams/index.js
index 35858861..20315d2c 100644
--- a/client/src/components/pages/diagrams/index.js
+++ b/client/src/components/pages/diagrams/index.js
@@ -16,3 +16,4 @@ export { PowerSubnet } from "./PowerSubnet";
 export { PowerSubnetInnerBox } from "./PowerSubnetInnerBox";
 export { TransitGatewaysMap } from "./TransitGatewaysMap";
 export { ScrollFormWrapper } from "./ScrollFormWrapper";
+export { ClassicSecurityGroups } from "./ClassicSecurityGroups";
diff --git a/client/src/components/pages/vpc/Vpc.js b/client/src/components/pages/vpc/Vpc.js
index 13a7d4d3..f4e3f538 100644
--- a/client/src/components/pages/vpc/Vpc.js
+++ b/client/src/components/pages/vpc/Vpc.js
@@ -224,8 +224,7 @@ class VpcDiagramPage extends React.Component {
         ? craig.store.json.vpcs[this.state.vpcIndex].name
         : "";
     let vpcFormData = craigForms(craig).vpcs;
-    // need to
-    // - add function to open import subnet form in scroll form on click
+
     return (
       <>
         {this.state.showSubnetModal ? (
diff --git a/client/src/components/pages/vpc/VpcDeployments.js b/client/src/components/pages/vpc/VpcDeployments.js
index 7fca7481..8ae320dc 100644
--- a/client/src/components/pages/vpc/VpcDeployments.js
+++ b/client/src/components/pages/vpc/VpcDeployments.js
@@ -662,7 +662,10 @@ class VpcDeploymentsDiagramPage extends React.Component {
                               vpc_name: this.vpcName(),
                             }}
                           />
-                          {this.state.selectedItem === "security_groups" ? (
+                          {this.state.selectedItem === "security_groups" &&
+                          !craig.store.json[this.state.selectedItem][
+                            this.state.selectedIndex
+                          ].use_data ? (
                             <CopyRuleForm
                               craig={this.props.craig}
                               sourceSg={this.getServiceData().name}
diff --git a/client/src/lib/docs/docs.json b/client/src/lib/docs/docs.json
index 79ab4f0f..4b7442ec 100644
--- a/client/src/lib/docs/docs.json
+++ b/client/src/lib/docs/docs.json
@@ -2306,5 +2306,13 @@
       }
     ],
     "relatedLinks": []
+  },
+  "classic_security_groups": {
+    "content": [
+      {
+        "text": "NYI"
+      }
+    ],
+    "relatedLinks": []
   }
 }
diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json
index 735721bf..10e70fa2 100644
--- a/client/src/lib/docs/release-notes.json
+++ b/client/src/lib/docs/release-notes.json
@@ -1,4 +1,26 @@
 [
+  {
+    "version": "1.12.2",
+    "features": [
+      "A new file `outputs.tf` is now added to each CRAIG Terraform template",
+      "VPC names, IDs, and CRNs are exported as outputs",
+      "Subnet names, IDs, and CRNS are exported as outputs",
+      "VPC Security Group names, and IDs are exported as outputs",
+      "VPC Virtual Server primary IPs and floating IPs are exported as outputs",
+      "When bringing your own certificate for VPN Servers, two separate certificates are now imported. Additional variables have been added to support the new imported certificate",
+      "Users can now create, update, and delete Classic Security Groups and their rules from the Classic Security Groups page `/forms/classicSecurityGroups`",
+      "Users can now add IBM i licenses to Power VS instances with IBM i images",
+      "Users can now import existing VPC security groups for existing VPCs"
+    ],
+    "fixes": [
+      "Fixed an issue causing certificates imported into an existing Secrets Manager instance to have incorrect references within Terraform",
+      "Fixed an issue causing nested forms to not be shown by default when invalid",
+      "Fixed issues causing imported SLZ JSON files to crash the application on import"
+    ],
+    "upgrade_notes": [
+      "IBM Cloud Terraform provider version updated to `1.63.0` to add support for Power VS IBM i Licenses"
+    ]
+  },
   {
     "version": "1.12.1",
     "features": [
diff --git a/client/src/lib/docs/templates/power-poc-quick-start.json b/client/src/lib/docs/templates/power-poc-quick-start.json
index d50d75b0..02d39fa2 100644
--- a/client/src/lib/docs/templates/power-poc-quick-start.json
+++ b/client/src/lib/docs/templates/power-poc-quick-start.json
@@ -10,11 +10,10 @@
     "enable_power_vs": true,
     "enable_classic": false,
     "power_vs_zones": ["dal10"],
-    "craig_version": "1.12.0",
+    "craig_version": "1.12.2",
     "power_vs_high_availability": false,
     "template": "Power VS POC",
-    "fs_cloud": false,
-    "no_vpn_secrets_manager_auth": false
+    "fs_cloud": false
   },
   "access_groups": [],
   "appid": [],
@@ -537,17 +536,7 @@
   ],
   "routing_tables": [
     {
-      "routes": [
-        {
-          "name": "on-prem",
-          "zone": "1",
-          "destination": "10.40.0.0/16",
-          "action": "deliver",
-          "next_hop": "10.250.0.1",
-          "routing_table": "poweringress",
-          "vpc": "transit"
-        }
-      ],
+      "routes": [],
       "name": "poweringress",
       "vpc": "transit",
       "internet_ingress": false,
@@ -556,7 +545,7 @@
       "direct_link_ingress": false,
       "route_direct_link_ingress": false,
       "route_vpc_zone_ingress": false,
-      "accept_routes_from_resource_type": []
+      "accept_routes_from_resource_type": ["vpn_gateway", "vpn_server"]
     }
   ],
   "scc": {
@@ -939,7 +928,8 @@
               "source_port_min": null,
               "source_port_max": null
             }
-          ]
+          ],
+          "use_data": false
         }
       ],
       "subnetTiers": [
@@ -955,7 +945,8 @@
           "name": "vpn",
           "zones": 1
         }
-      ]
+      ],
+      "use_data": false
     }
   ],
   "vpn_gateways": [
diff --git a/client/src/lib/forms/diagrams/subnet-tier-map.js b/client/src/lib/forms/diagrams/subnet-tier-map.js
index 86d191f0..2d5dd80a 100644
--- a/client/src/lib/forms/diagrams/subnet-tier-map.js
+++ b/client/src/lib/forms/diagrams/subnet-tier-map.js
@@ -33,7 +33,7 @@ function getDisplaySubnetTiers(props) {
 
   let subnetTiers = vpc.subnetTiers
     ? vpc.subnetTiers
-    : craig.store.subnetTiers[vpc.name];
+    : craig.store.subnetTiers[vpc.name] || [];
 
   if (emptySubnetResources && !props.foundSubnetsOnly) {
     subnetTiers = subnetTiers.concat("NO_SUBNETS");
diff --git a/client/src/lib/forms/disable-save.js b/client/src/lib/forms/disable-save.js
index 1d242c6e..96a4ea2d 100644
--- a/client/src/lib/forms/disable-save.js
+++ b/client/src/lib/forms/disable-save.js
@@ -94,6 +94,8 @@ function disableSave(field, stateData, componentProps, craig) {
     "health_checks",
     "connections",
     "fortigate_vnf",
+    "classic_security_groups",
+    "classic_sg_rules",
   ];
   let isPowerSshKey = field === "ssh_keys" && componentProps.arrayParentName;
   if (contains(stateDisableSaveComponents, field) || isPowerSshKey) {
@@ -158,6 +160,8 @@ function disableSave(field, stateData, componentProps, craig) {
         ? componentProps.craig.cis_glbs[field]
         : field === "connections"
         ? componentProps.craig.vpn_gateways.connections
+        : field === "classic_sg_rules"
+        ? componentProps.craig.classic_security_groups.classic_sg_rules
         : componentProps.craig[field]
     ).shouldDisableSave(stateData, componentProps);
   } else return false;
diff --git a/client/src/lib/index.js b/client/src/lib/index.js
index 47aa8cc1..922443fa 100644
--- a/client/src/lib/index.js
+++ b/client/src/lib/index.js
@@ -106,6 +106,10 @@ const {
   formatClassicSshKey,
   formatClassicNetworkVlan,
   classicInfraTf,
+  outputsTf,
+  formatClassicSgRule,
+  formatClassicSg,
+  classicSecurityGroupTf,
 } = require("./json-to-iac");
 const releaseNotes = require("./docs/release-notes.json");
 const docs = require("./docs/docs.json");
@@ -114,6 +118,10 @@ const { invalidForms } = require("./invalid-forms");
 const { allDocText, filterDocs } = require("./docs");
 
 module.exports = {
+  classicSecurityGroupTf,
+  formatClassicSgRule,
+  formatClassicSg,
+  outputsTf,
   allDocText,
   filterDocs,
   shouldDisplayService,
diff --git a/client/src/lib/json-to-iac/classic-security-group.js b/client/src/lib/json-to-iac/classic-security-group.js
new file mode 100644
index 00000000..ea02d9ce
--- /dev/null
+++ b/client/src/lib/json-to-iac/classic-security-group.js
@@ -0,0 +1,91 @@
+const { snakeCase } = require("lazy-z");
+const { jsonToTfPrint, tfBlock, kebabName } = require("./utils");
+
+/**
+ * format classic security group rule
+ * @param {*} rule
+ * @param {string} rule.classic_sg
+ * @param {string} rule.name
+ * @param {string} rule.direction
+ * @param {string} rule.ruleProtocol
+ * @param {string} rule.port_range_max
+ * @param {string} rule.port_range_min
+ * @returns {string} terraform formatted rule
+ */
+function formatClassicSgRule(rule) {
+  return jsonToTfPrint(
+    "resource",
+    "ibm_security_group_rule",
+    `classic security group ${rule.classic_sg} rule ${rule.name}`,
+    {
+      security_group_id: `\${ibm_security_group.classic_security_group_${snakeCase(
+        rule.classic_sg
+      )}.id}`,
+      direction: rule.direction === "inbound" ? "ingress" : "egress",
+      port_range_min:
+        rule.port_range_min && rule.ruleProtocol !== "all"
+          ? Number(rule.port_range_min)
+          : undefined,
+      port_range_max:
+        rule.port_range_max && rule.ruleProtocol !== "all"
+          ? Number(rule.port_range_max)
+          : undefined,
+      protocol:
+        rule.ruleProtocol && rule.ruleProtocol !== "all"
+          ? rule.ruleProtocol
+          : undefined,
+    }
+  );
+}
+
+/**
+ * format classic security group
+ * @param {*} group
+ * @param {string} group.name
+ * @param {string} group.description
+ * @param {Array} group.rules
+ * @returns {string} terraform formatted data
+ */
+function formatClassicSg(group) {
+  let ruleTf = "";
+  group.classic_sg_rules.forEach((rule) => {
+    ruleTf += formatClassicSgRule(rule);
+  });
+
+  return tfBlock(
+    `${group.name} classic security group`,
+    jsonToTfPrint(
+      "resource",
+      "ibm_security_group",
+      "classic_security_group_" + group.name,
+      {
+        name: kebabName([group.name]),
+        description: group.description,
+      }
+    ) + ruleTf
+  );
+}
+
+/**
+ * create classic security group terraform
+ * @param {*} config
+ * @returns {string} terraform string
+ */
+function classicSecurityGroupTf(config) {
+  let tf = "";
+  if (config.classic_security_groups) {
+    config.classic_security_groups.forEach((sg, sgIndex) => {
+      tf += formatClassicSg(sg);
+      if (sgIndex + 1 < config.classic_security_groups.length) {
+        tf += "\n";
+      }
+    });
+  }
+  return tf.length === 0 ? null : tf;
+}
+
+module.exports = {
+  formatClassicSg,
+  formatClassicSgRule,
+  classicSecurityGroupTf,
+};
diff --git a/client/src/lib/json-to-iac/config-to-files-json.js b/client/src/lib/json-to-iac/config-to-files-json.js
index 92d6eae9..fa0d6f7e 100644
--- a/client/src/lib/json-to-iac/config-to-files-json.js
+++ b/client/src/lib/json-to-iac/config-to-files-json.js
@@ -34,6 +34,8 @@ const { cisTf } = require("./cis");
 const { cisGlbTf } = require("./cis-glb");
 const { scc2Tf } = require("./scc-v2");
 const { fortigateTf } = require("./fortigate");
+const { outputsTf } = require("./outputs");
+const { classicSecurityGroupTf } = require("./classic-security-group");
 const apacheLicense = `                                 Apache License
 Version 2.0, January 2004
 http://www.apache.org/licenses/
@@ -258,7 +260,9 @@ function configToFilesJson(config, apiMode, templateTarMode) {
       "clusters.tf": clusterTf(config),
       "vpn_gateways.tf": config.vpn_gateways.length > 0 ? vpnTf(config) : null,
       "vpn_servers.tf":
-        config.vpn_servers.length > 0 ? vpnServerTf(config) : null,
+        config.vpn_servers && config.vpn_servers.length > 0
+          ? vpnServerTf(config)
+          : null,
       "variables.tf": variablesDotTf(config, useF5, templateTarMode),
       "key_management.tf": kmsTf(config) + "\n",
       "object_storage.tf": cosTf(config) + "\n",
@@ -292,14 +296,17 @@ function configToFilesJson(config, apiMode, templateTarMode) {
       "f5_big_ip.tf": useF5 ? f5Tf(config) : null,
       "f5_user_data.yaml": useF5 ? f5CloudInitYaml() : null,
       "cbr.tf":
-        config.cbr_zones.length > 0 && config.cbr_rules.length > 0
+        config.cbr_zones &&
+        config.cbr_zones.length > 0 &&
+        config.cbr_rules &&
+        config.cbr_rules.length > 0
           ? cbrTf(config)
           : null,
       "dns.tf": config.dns && config.dns.length > 0 ? dnsTf(config) : null,
       "observability.tf": loggingMonitoringTf(config),
-      "icd.tf": config.icd.length > 0 ? icdTf(config) : null,
+      "icd.tf": config.icd && config.icd.length > 0 ? icdTf(config) : null,
       "power_infrastructure.tf":
-        config.power.length > 0 ? powerVsTf(config) : null,
+        config.power && config.power.length > 0 ? powerVsTf(config) : null,
       "power_instances.tf": powerInstanceTf(config),
       "power_volumes.tf": powerVsVolumeTf(config),
       "iam.tf": iamTf(config),
@@ -310,6 +317,8 @@ function configToFilesJson(config, apiMode, templateTarMode) {
       "cis_global_load_balancers.tf": cisGlbTf(config),
       "scc_v2.tf": scc2Tf(config),
       "fortigate_vnf.tf": fortigateTf(config),
+      "outputs.tf": outputsTf(config),
+      "classic_security_groups.tf": classicSecurityGroupTf(config),
     };
     vpcModuleTf(files, config);
     return files;
diff --git a/client/src/lib/json-to-iac/constants.js b/client/src/lib/json-to-iac/constants.js
index 7208ea3d..a872faa0 100644
--- a/client/src/lib/json-to-iac/constants.js
+++ b/client/src/lib/json-to-iac/constants.js
@@ -12,7 +12,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "~>1.61.0"
+      version = "~>1.63.0"
     }
 $ADDITIONAL_PROVIDERS
   }
diff --git a/client/src/lib/json-to-iac/index.js b/client/src/lib/json-to-iac/index.js
index 1b11114c..e8c792c0 100644
--- a/client/src/lib/json-to-iac/index.js
+++ b/client/src/lib/json-to-iac/index.js
@@ -21,9 +21,9 @@ const {
 const {
   f5Tf,
   f5CloudInitYaml,
-  f5TemplateFile,
   f5Locals,
   f5ImageLocals,
+  f5TemplateFile,
   f5Images,
 } = require("./f5");
 const {
@@ -186,7 +186,18 @@ const {
   formatClassicNetworkVlan,
   classicInfraTf,
 } = require("./classic");
+const { outputsTf } = require("./outputs");
+const {
+  formatClassicSg,
+  formatClassicSgRule,
+  classicSecurityGroupTf,
+} = require("./classic-security-group");
+
 module.exports = {
+  classicSecurityGroupTf,
+  formatClassicSgRule,
+  formatClassicSg,
+  outputsTf,
   formatClassicSshKey,
   formatClassicNetworkVlan,
   classicInfraTf,
diff --git a/client/src/lib/json-to-iac/outputs.js b/client/src/lib/json-to-iac/outputs.js
new file mode 100644
index 00000000..4c2c2cda
--- /dev/null
+++ b/client/src/lib/json-to-iac/outputs.js
@@ -0,0 +1,143 @@
+const { jsonToTf } = require("json-to-tf");
+const { tfBlock } = require("./utils");
+const { snakeCase, azsort } = require("lazy-z");
+
+/**
+ * outputs
+ * @param {*} config
+ * @returns {string} terraform output file
+ */
+function outputsTf(config) {
+  let tf = "";
+
+  config.vpcs.forEach((vpc, index) => {
+    let outputs = {};
+
+    // vpc outputs
+    ["name", "id", "crn"].forEach((field) => {
+      outputs[snakeCase(vpc.name) + "_vpc_" + field] = {
+        value: `\${module.${snakeCase(vpc.name + " vpc")}.${field}}`,
+      };
+    });
+
+    // subnet outputs
+    vpc.subnets.forEach((subnet) => {
+      ["name", "id", "crn"].forEach((field) => {
+        outputs[
+          snakeCase(vpc.name + " vpc subnet " + subnet.name + " " + field)
+        ] = {
+          value: `\${module.${snakeCase(vpc.name + " vpc")}.${snakeCase(
+            subnet.name + " " + field
+          )}}`,
+        };
+      });
+    });
+
+    config.security_groups.forEach((sg) => {
+      ["name", "id"].forEach((field) => {
+        if (sg.vpc === vpc.name) {
+          outputs[
+            snakeCase(vpc.name + " vpc security group " + sg.name + " " + field)
+          ] = {
+            value: `\${module.${snakeCase(vpc.name + " vpc")}.${snakeCase(
+              sg.name
+            )}_${field}}`,
+          };
+        }
+      });
+    });
+
+    tf +=
+      tfBlock(
+        vpc.name + " VPC outputs",
+        "\n" +
+          jsonToTf(
+            JSON.stringify({
+              output: outputs,
+            })
+          ) +
+          "\n"
+      ) + (config.vpcs[index + 1] ? "\n" : "");
+  });
+  config.vsi.forEach((deployment) => {
+    let deploymentOutputs = {};
+    deployment.subnets.sort(azsort).forEach((subnet, subnetIndex) => {
+      for (let i = 0; i < deployment.vsi_per_subnet; i++) {
+        deploymentOutputs[
+          snakeCase(
+            `${deployment.vpc} vpc ${deployment.name} vsi ${subnetIndex + 1} ${
+              i + 1
+            } primary ip address`
+          )
+        ] = {
+          value: `\${ibm_is_instance.${snakeCase(
+            `${deployment.vpc} vpc ${deployment.name} vsi ${subnetIndex + 1} ${
+              i + 1
+            }`
+          )}.primary_network_interface[0].primary_ipv4_address}`,
+        };
+        if (deployment.enable_floating_ip) {
+          deploymentOutputs[
+            snakeCase(
+              `${deployment.vpc} vpc ${deployment.name} vsi ${
+                subnetIndex + 1
+              } ${i + 1} floating ip address`
+            )
+          ] = {
+            value: `\${ibm_is_floating_ip.${snakeCase(
+              `${deployment.vpc} vpc ${deployment.name} vsi ${
+                subnetIndex + 1
+              } ${i + 1} fip`
+            )}.address}`,
+          };
+        }
+      }
+    });
+    tf +=
+      "\n" +
+      tfBlock(
+        `${deployment.vpc} vpc ${deployment.name} deployment outputs`,
+        "\n" +
+          jsonToTf(
+            JSON.stringify({
+              output: deploymentOutputs,
+            })
+          ) +
+          "\n"
+      );
+  });
+  config.power.forEach((workspace, index) => {
+    let outputs = {};
+
+    // power workspace outputs
+    ["name", "guid", "crn"].forEach((field) => {
+      outputs["power_vs_workspace_" + snakeCase(workspace.name) + "_" + field] =
+        {
+          value: `\${${
+            workspace.use_data ? "data." : ""
+          }ibm_resource_instance.power_vs_workspace_${snakeCase(
+            workspace.name
+          )}.${field}}`,
+        };
+    });
+
+    tf +=
+      (tf.length > 0 && index < 1 ? "\n" : "") +
+      tfBlock(
+        workspace.name + " Power Workspace outputs",
+        "\n" +
+          jsonToTf(
+            JSON.stringify({
+              output: outputs,
+            })
+          ) +
+          "\n"
+      ) +
+      (config.power[index + 1] ? "\n" : "");
+  });
+  return tf;
+}
+
+module.exports = {
+  outputsTf,
+};
diff --git a/client/src/lib/json-to-iac/power-vs-instances.js b/client/src/lib/json-to-iac/power-vs-instances.js
index 27ab05b1..3c6916eb 100644
--- a/client/src/lib/json-to-iac/power-vs-instances.js
+++ b/client/src/lib/json-to-iac/power-vs-instances.js
@@ -66,6 +66,18 @@ function powerVsInstanceData(instance, config) {
   };
   transpose(instance, data);
   delete data.index;
+  if (data.pi_ibmi_css === false) {
+    delete data.pi_ibmi_css;
+  }
+
+  if (data.pi_ibmi_pha === false) {
+    delete data.pi_ibmi_pha;
+  }
+
+  if (isNullOrEmptyString(data.pi_ibmi_rds_users)) {
+    delete data.pi_ibmi_rds_users;
+  }
+
   // add pi network here to have the items at the bottom of the terraform code
   data.pi_network = [];
   instance.network.forEach((nw) => {
diff --git a/client/src/lib/json-to-iac/security-groups.js b/client/src/lib/json-to-iac/security-groups.js
index 9fe10b41..c5c96e83 100644
--- a/client/src/lib/json-to-iac/security-groups.js
+++ b/client/src/lib/json-to-iac/security-groups.js
@@ -101,7 +101,7 @@ function ibmIsSecurityGroupRule(rule, config) {
     direction: rule.direction,
   };
   ["icmp", "tcp", "udp"].forEach((protocol) => {
-    let ruleHasProtocolData = !allFieldsNull(rule[protocol]);
+    let ruleHasProtocolData = rule[protocol] && !allFieldsNull(rule[protocol]);
     if (ruleHasProtocolData && protocol === "icmp") {
       sgRule.icmp = [
         {
diff --git a/client/src/lib/json-to-iac/transit-gateway.js b/client/src/lib/json-to-iac/transit-gateway.js
index 70c565c3..ca0806b0 100644
--- a/client/src/lib/json-to-iac/transit-gateway.js
+++ b/client/src/lib/json-to-iac/transit-gateway.js
@@ -77,6 +77,8 @@ function ibmTgConnection(connection, tgw) {
     ? connection.gateway + " unbound gre"
     : connection.crn
     ? connection.crn.replace(/.+vpc:/g, "")
+    : connection.classic
+    ? "classic"
     : connection.vpc;
   let connectionResourceName = kebabName(
     [connection.tgw]
@@ -105,6 +107,8 @@ function ibmTgConnection(connection, tgw) {
         ? "unbound_gre_tunnel"
         : connection.power
         ? "power_virtual_server"
+        : connection.classic
+        ? "classic"
         : "vpc",
       name: connectionResourceName,
       network_id: networkId,
diff --git a/client/src/lib/json-to-iac/variables.js b/client/src/lib/json-to-iac/variables.js
index 12bd02ba..b987261a 100644
--- a/client/src/lib/json-to-iac/variables.js
+++ b/client/src/lib/json-to-iac/variables.js
@@ -6,7 +6,6 @@ const {
   isNullOrEmptyString,
   capitalize,
 } = require("lazy-z");
-const { RegexButWithWords } = require("regex-but-with-words");
 
 /**
  * create variables dot tf
@@ -51,11 +50,12 @@ function variablesDotTf(config, useF5, templateTarMode) {
   let useAccountId = false;
   // only add account id when in use
   ["virtual_private_endpoints", "cbr_zones"].forEach((field) => {
-    config[field].forEach((item) => {
-      if (item.account_id && !isNullOrEmptyString(item.account_id)) {
-        useAccountId = true;
-      }
-    });
+    if (config[field])
+      config[field].forEach((item) => {
+        if (item.account_id && !isNullOrEmptyString(item.account_id)) {
+          useAccountId = true;
+        }
+      });
   });
   if (useAccountId)
     variables.account_id = {
@@ -153,20 +153,21 @@ function variablesDotTf(config, useF5, templateTarMode) {
     }
   });
 
-  config.power.forEach((workspace) => {
-    workspace.ssh_keys.forEach((key) => {
-      if (!key.use_data)
-        variables[snakeCase(`power ${workspace.name} ${key.name} key`)] = {
-          description: capitalize(
-            titleCase(
-              `${workspace.name} ${key.name} public key value`
-            ).toLowerCase()
-          ),
-          type: "${string}",
-          default: templateTarMode ? undefined : key.public_key,
-        };
+  if (config.power)
+    config.power.forEach((workspace) => {
+      workspace.ssh_keys.forEach((key) => {
+        if (!key.use_data)
+          variables[snakeCase(`power ${workspace.name} ${key.name} key`)] = {
+            description: capitalize(
+              titleCase(
+                `${workspace.name} ${key.name} public key value`
+              ).toLowerCase()
+            ),
+            type: "${string}",
+            default: templateTarMode ? undefined : key.public_key,
+          };
+      });
     });
-  });
 
   (config.classic_ssh_keys || []).forEach((sshKey) => {
     variables[snakeCase(`classic ${sshKey.name} public key`)] = {
@@ -179,27 +180,34 @@ function variablesDotTf(config, useF5, templateTarMode) {
     };
   });
 
-  config.vpn_servers.forEach((server) => {
-    if (server.bring_your_own_cert) {
-      ["cert_pem", "private_key_pem", "intermediate_pem"].forEach((certVar) => {
-        variables[
-          snakeCase(`${server.vpc} vpn_server ${server.name} ${certVar}`)
-        ] = {
-          description:
-            "Imported certificate " +
-            titleCase(certVar)
-              .toLowerCase()
-              .replace("pem", "PEM")
-              .replace("cert PEM", "PEM") +
-            " for " +
-            titleCase(`${server.vpc} vpn server ${server.name}.`) +
-            " Certificate will be stored in Secrets Manager",
-          type: "${string}",
-          sensitive: "${true}",
-        };
-      });
-    }
-  });
+  if (config.vpn_servers)
+    config.vpn_servers.forEach((server) => {
+      if (server.bring_your_own_cert || server.method === "byo") {
+        [
+          "cert_pem",
+          "private_key_pem",
+          "intermediate_pem",
+          "client_ca_cert_pem",
+          "client_ca_private_key_pem",
+        ].forEach((certVar) => {
+          variables[
+            snakeCase(`${server.vpc} vpn_server ${server.name} ${certVar}`)
+          ] = {
+            description:
+              "Imported certificate " +
+              titleCase(certVar)
+                .toLowerCase()
+                .replace("pem", "PEM")
+                .replace("cert PEM", "PEM") +
+              " for " +
+              titleCase(`${server.vpc} vpn server ${server.name}.`) +
+              " Certificate will be stored in Secrets Manager",
+            type: "${string}",
+            sensitive: "${true}",
+          };
+        });
+      }
+    });
 
   return tfBlock(
     "variables",
diff --git a/client/src/lib/json-to-iac/vpc.js b/client/src/lib/json-to-iac/vpc.js
index 19d31ad6..4bde2a9f 100644
--- a/client/src/lib/json-to-iac/vpc.js
+++ b/client/src/lib/json-to-iac/vpc.js
@@ -285,7 +285,8 @@ function ibmIsNetworkAcl(acl, config, useRules) {
         source: rule.source,
       };
       ["icmp", "tcp", "udp"].forEach((protocol) => {
-        let ruleHasProtocolData = !allFieldsNull(rule[protocol]);
+        let ruleHasProtocolData =
+          rule[protocol] && !allFieldsNull(rule[protocol]);
         if (ruleHasProtocolData && protocol === "icmp") {
           ruleValues.icmp = [
             {
@@ -534,7 +535,7 @@ function vpcModuleJson(vpc, rgs, config) {
  */
 function vpcModuleOutputs(vpc, securityGroups) {
   let outputs = {};
-  ["id", "crn"].forEach((field) => {
+  ["name", "id", "crn"].forEach((field) => {
     outputs[field] = {
       value: `\${${vpc.use_data ? "data." : ""}ibm_is_vpc.${snakeCase(
         vpc.name + "-vpc"
@@ -542,6 +543,11 @@ function vpcModuleOutputs(vpc, securityGroups) {
     };
   });
   vpc.subnets.forEach((subnet) => {
+    outputs[snakeCase(subnet.name) + `_name`] = {
+      value: `\${${subnet.use_data ? "data." : ""}ibm_is_subnet.${snakeCase(
+        `${subnet.vpc}-${subnet.name}`
+      )}.name}`,
+    };
     outputs[snakeCase(subnet.name) + `_id`] = {
       value: `\${${subnet.use_data ? "data." : ""}ibm_is_subnet.${snakeCase(
         `${subnet.vpc}-${subnet.name}`
@@ -555,6 +561,13 @@ function vpcModuleOutputs(vpc, securityGroups) {
   });
   securityGroups.forEach((sg) => {
     if (sg.vpc === vpc.name) {
+      outputs[snakeCase(`${sg.name}_name`)] = {
+        value: `\${${
+          sg.use_data ? "data." : ""
+        }ibm_is_security_group.${snakeCase(
+          `${sg.vpc} vpc ${sg.name} sg`
+        )}.name}`,
+      };
       outputs[snakeCase(`${sg.name}_id`)] = {
         value: `\${${
           sg.use_data ? "data." : ""
diff --git a/client/src/lib/json-to-iac/vpn-server.js b/client/src/lib/json-to-iac/vpn-server.js
index 484c9e0f..71ba2c1b 100644
--- a/client/src/lib/json-to-iac/vpn-server.js
+++ b/client/src/lib/json-to-iac/vpn-server.js
@@ -4,6 +4,8 @@ const {
   isNullOrEmptyString,
   titleCase,
   contains,
+  splatContains,
+  revision,
 } = require("lazy-z");
 const { rgIdRef, tfBlock, jsonToTfPrint, kebabName } = require("./utils");
 const { formatAddressPrefix } = require("./vpc");
@@ -84,7 +86,11 @@ function ibmIsVpnServer(server, craig) {
     contains(["byo", "INSECURE"], server.method)
   ) {
     serverData.client_authentication[0].client_ca_crn =
-      overrideCert || server.client_ca_crn;
+      overrideCert && server.method === "certificate"
+        ? overrideCert.replace(/imported(?=\w+\.crn)/, "client_ca_imported")
+        : overrideCert
+        ? overrideCert.replace(/imported(?=\w+\.crn)/, "client_ca_imported")
+        : server.client_ca_crn;
   } else {
     serverData.client_authentication[0].identity_provider = "iam";
   }
@@ -128,7 +134,7 @@ function ibmIsVpnServerRoute(server, route) {
  * @param {*} server
  * @returns {string} Terraform code
  */
-function DANGER_formatDevRsaCertificate(server) {
+function DANGER_formatDevRsaCertificate(server, config) {
   let dangerCertTf = "";
   ["ca_key", "client_key", "server_key"].forEach((key) => {
     dangerCertTf += jsonToTfPrint(
@@ -209,7 +215,13 @@ function DANGER_formatDevRsaCertificate(server) {
     "ibm_sm_imported_certificate",
     `danger ${server.vpc} vpn server ${server.name} dev cert`,
     {
-      instance_id: `\${ibm_resource_instance.${snakeCase(
+      instance_id: `\${${
+        splatContains(config.secrets_manager, "name", server.secrets_manager) &&
+        new revision(config).child("secrets_manager", server.secrets_manager)
+          .data.use_data
+          ? "data."
+          : ""
+      }ibm_resource_instance.${snakeCase(
         server.secrets_manager
       )}_secrets_manager.guid}`,
       region: varDotRegion,
@@ -254,9 +266,21 @@ function formatVpnServer(server, config) {
       ? jsonToTfPrint(
           "resource",
           "ibm_sm_imported_certificate",
-          data.name + "_imported_certificate",
+          snakeCase(data.name) + "_imported_certificate",
           {
-            instance_id: `\${ibm_resource_instance.${snakeCase(
+            instance_id: `\${${
+              splatContains(
+                config.secrets_manager,
+                "name",
+                server.secrets_manager
+              ) &&
+              new revision(config).child(
+                "secrets_manager",
+                server.secrets_manager
+              ).data.use_data
+                ? "data."
+                : ""
+            }ibm_resource_instance.${snakeCase(
               server.secrets_manager
             )}_secrets_manager.guid}`,
             region: varDotRegion,
@@ -268,9 +292,45 @@ function formatVpnServer(server, config) {
             private_key: `\${var.${data.name}_private_key_pem}`,
             intermediate: `\${var.${data.name}_intermediate_pem}`,
           }
+        ) +
+        jsonToTfPrint(
+          "resource",
+          "ibm_sm_imported_certificate",
+          snakeCase(data.name) + "_client_ca_imported_certificate",
+          {
+            instance_id: `\${${
+              splatContains(
+                config.secrets_manager,
+                "name",
+                server.secrets_manager
+              ) &&
+              new revision(config).child(
+                "secrets_manager",
+                server.secrets_manager
+              ).data.use_data
+                ? "data."
+                : ""
+            }ibm_resource_instance.${snakeCase(
+              server.secrets_manager
+            )}_secrets_manager.guid}`,
+            region: varDotRegion,
+            name: kebabName([
+              server.vpc,
+              server.name,
+              "server",
+              "client-ca",
+              "cert",
+            ]),
+            description: `Secret for \${var.prefix} ${titleCase(
+              server.vpc + " " + server.name
+            )} Server Client CA authentication`,
+            certificate: `\${var.${data.name}_client_ca_cert_pem}`,
+            private_key: `\${var.${data.name}_client_ca_private_key_pem}`,
+            intermediate: `\${var.${data.name}_intermediate_pem}`,
+          }
         )
       : server.DANGER_developer_certificate || server.method === "INSECURE"
-      ? DANGER_formatDevRsaCertificate(server)
+      ? DANGER_formatDevRsaCertificate(server, config)
       : "";
 
   return (
diff --git a/client/src/lib/json-to-iac/vsi.js b/client/src/lib/json-to-iac/vsi.js
index bd246644..acd07c6c 100644
--- a/client/src/lib/json-to-iac/vsi.js
+++ b/client/src/lib/json-to-iac/vsi.js
@@ -475,7 +475,7 @@ function vsiTf(config) {
         blockData
       ) + "\n";
   });
-  fipTf === "" ? "" : (tf += tfBlock("optionally add floating IPs", fipTf));
+  fipTf === "" ? "" : (tf += tfBlock("floating IPs", fipTf));
   return tfDone(tf);
 }
 
diff --git a/client/src/lib/nav-catagories.js b/client/src/lib/nav-catagories.js
index eeb953dd..20d14086 100644
--- a/client/src/lib/nav-catagories.js
+++ b/client/src/lib/nav-catagories.js
@@ -29,6 +29,7 @@ const {
   powerVsTf,
   powerVsVolumeTf,
   classicInfraTf,
+  classicSecurityGroupTf,
 } = require("./json-to-iac");
 const { cisTf } = require("./json-to-iac/cis");
 const { classicGatewayTf } = require("./json-to-iac/classic-gateway");
@@ -290,6 +291,15 @@ const navCatagories = [
         },
         jsonField: "classic_gateways",
       },
+      {
+        title: "Classic Security Groups",
+        path: "/form/classicSecurityGroups",
+        react_icon: "SecurityServices",
+        toTf: (config) => {
+          return classicSecurityGroupTf(config) || "";
+        },
+        jsonField: "classic_security_groups",
+      },
     ],
   },
   {
diff --git a/client/src/lib/state/classic-security-groups.js b/client/src/lib/state/classic-security-groups.js
new file mode 100644
index 00000000..3433a4ea
--- /dev/null
+++ b/client/src/lib/state/classic-security-groups.js
@@ -0,0 +1,191 @@
+/**
+ * init class sg
+ * @param {*} store
+ */
+
+const { isNullOrEmptyString, contains, validPortRange } = require("lazy-z");
+const { invalidDescription } = require("../forms/invalid-callbacks");
+const {
+  nameField,
+  unconditionalInvalidText,
+  fieldIsNullOrEmptyString,
+  selectInvalidText,
+} = require("./reusable-fields");
+const {
+  updateSubChild,
+  deleteSubChild,
+  pushToChildFieldModal,
+} = require("./store.utils");
+const {
+  shouldDisableComponentSave,
+  titleCaseRender,
+  kebabCaseInput,
+} = require("./utils");
+
+/**
+ * port range field
+ * @param {boolean} max
+ * @returns {Object} object field
+ */
+function portRangeField(max) {
+  return {
+    default: "",
+    hideWhen: function (stateData) {
+      return !contains(["icmp", "udp", "tcp"], stateData.ruleProtocol);
+    },
+    invalid: function (stateData, componentProps) {
+      let dataRef = stateData[max ? "port_range_max" : "port_range_min"];
+      return isNullOrEmptyString(stateData?.ruleProtocol, true) ||
+        stateData.ruleProtocol === "all" ||
+        (stateData.ruleProtocol === "icmp" && dataRef === "0") // 0 is falsy
+        ? false
+        : isNullOrEmptyString(dataRef, true) || !Number(dataRef) // NaN results are falsy
+        ? true
+        : stateData.ruleProtocol === "icmp"
+        ? !validPortRange(max ? "code" : "type", Number(dataRef))
+        : !validPortRange("port_min", Number(dataRef));
+    },
+    invalidText: function (stateData) {
+      return isNullOrEmptyString(stateData.ruleProtocol, true) ||
+        stateData.ruleProtocol === "all"
+        ? ""
+        : stateData.ruleProtocol === "icmp"
+        ? `Enter a whole number between 0 and ${max ? "255" : "254"}`
+        : "Enter a whole number between 1 and 65535";
+    },
+  };
+}
+
+/**
+ * init store
+ * @param {*} store
+ */
+function initClassicSecurityGroups(store) {
+  store.newField("classic_security_groups", {
+    init: function (config) {
+      config.store.json.classic_security_groups = [];
+    },
+    onStoreUpdate: function (config) {
+      if (config.store.json.classic_security_groups) {
+        config.store.json.classic_security_groups.forEach((sg) => {
+          sg.classic_sg_rules.forEach((rule) => {
+            rule.classic_sg = sg.name;
+          });
+        });
+      } else {
+        config.store.json.classic_security_groups = [];
+      }
+    },
+    create: function (config, stateData, componentProps) {
+      stateData.classic_sg_rules = [];
+      config.push(["json", "classic_security_groups"], stateData);
+    },
+    save: function (config, stateData, componentProps) {
+      config.updateChild(
+        ["json", "classic_security_groups"],
+        componentProps.data.name,
+        stateData
+      );
+    },
+    delete: function (config, stateData, componentProps) {
+      config.carve(
+        ["json", "classic_security_groups"],
+        componentProps.data.name
+      );
+    },
+    shouldDisableSave: shouldDisableComponentSave(
+      ["name", "description"],
+      "classic_security_groups"
+    ),
+    schema: {
+      name: nameField("classic_security_groups"),
+      description: {
+        size: "wide",
+        default: "",
+        optional: true,
+        invalid: function (stateData) {
+          return invalidDescription(stateData.description);
+        },
+        invalidText: unconditionalInvalidText(
+          "Invalid description. Must match the regex expression /^[a-zA-Z0-9]+$/."
+        ),
+        placeholder: "(Optional) Description",
+      },
+    },
+    subComponents: {
+      classic_sg_rules: {
+        create: function (config, stateData, componentProps) {
+          pushToChildFieldModal(
+            config,
+            "classic_security_groups",
+            "classic_sg_rules",
+            stateData,
+            componentProps
+          );
+        },
+        save: function (config, stateData, componentProps) {
+          updateSubChild(
+            config,
+            "classic_security_groups",
+            "classic_sg_rules",
+            stateData,
+            componentProps
+          );
+        },
+        delete: function (config, stateData, componentProps) {
+          deleteSubChild(
+            config,
+            "classic_security_groups",
+            "classic_sg_rules",
+            componentProps
+          );
+        },
+        shouldDisableSave: shouldDisableComponentSave(
+          [
+            "name",
+            "direction",
+            "ruleProtocol",
+            "port_range_min",
+            "port_range_max",
+          ],
+          "classic_security_groups",
+          "classic_sg_rules"
+        ),
+        schema: {
+          name: nameField("classic_sg_rules"),
+          direction: {
+            type: "select",
+            groups: ["Inbound", "Outbound"],
+            onRender: titleCaseRender("direction"),
+            onInputChange: kebabCaseInput("direction"),
+            invalid: fieldIsNullOrEmptyString("direction"),
+            invalidText: selectInvalidText("direction"),
+          },
+          ruleProtocol: {
+            type: "select",
+            default: "all",
+            groups: ["All", "ICMP", "TCP", "UDP"],
+            onInputChange: function (stateData) {
+              stateData.port_range_min = null;
+              stateData.port_range_max = null;
+              return (stateData.ruleProtocol || "").toLowerCase();
+            },
+            onRender: function (stateData) {
+              return isNullOrEmptyString(stateData.ruleProtocol, true)
+                ? ""
+                : stateData.ruleProtocol === "all"
+                ? "All"
+                : stateData.ruleProtocol.toUpperCase();
+            },
+          },
+          port_range_min: portRangeField(),
+          port_range_max: portRangeField(true),
+        },
+      },
+    },
+  });
+}
+
+module.exports = {
+  initClassicSecurityGroups,
+};
diff --git a/client/src/lib/state/power-vs-instances/power-instances-schema.js b/client/src/lib/state/power-vs-instances/power-instances-schema.js
index 9b81c4f3..0fa8d2fd 100644
--- a/client/src/lib/state/power-vs-instances/power-instances-schema.js
+++ b/client/src/lib/state/power-vs-instances/power-instances-schema.js
@@ -135,6 +135,15 @@ function powerVsInstanceInvalidText(text) {
   };
 }
 
+/**
+ * hide field when not ibm i
+ * @param {*} stateData
+ * @returns {boolean} true when should be hidden
+ */
+function hideWhenNotIbmi(stateData) {
+  return !contains(stateData.image || "", "IBMi");
+}
+
 /**
  * create power vs instance schema
  * @param {bool} vtl true when vtl
@@ -398,6 +407,35 @@ function powerVsInstanceSchema(vtl) {
       },
       invalidText: unconditionalInvalidText("Enter a whole number"),
     },
+    pi_ibmi_css: {
+      size: "small",
+      type: "toggle",
+      default: false,
+      hideWhen: hideWhenNotIbmi,
+      labelText: "IBM i Cloud Storage Solution License",
+    },
+    pi_ibmi_pha: {
+      size: "small",
+      type: "toggle",
+      default: false,
+      hideWhen: hideWhenNotIbmi,
+      labelText: "IBM i Power High Availability",
+    },
+    pi_ibmi_rds_users: {
+      size: "small",
+      labelText: "IBM i Rational Dev Studio Number of User Licenses",
+      optional: true,
+      invalid: function (stateData) {
+        if (isNullOrEmptyString(stateData?.pi_ibmi_rds_users, true)) {
+          return false;
+        } else return !isInRange(Number(stateData.pi_ibmi_rds_users), 1, 500);
+      },
+      invalidText: unconditionalInvalidText(
+        "Enter a whole number between 1 and 500"
+      ),
+      placeholder: "1",
+      hideWhen: hideWhenNotIbmi,
+    },
     pi_user_data: {
       type: "textArea",
       optional: "true",
diff --git a/client/src/lib/state/power-vs-instances/power-vs-instances.js b/client/src/lib/state/power-vs-instances/power-vs-instances.js
index 9f44b477..595761be 100644
--- a/client/src/lib/state/power-vs-instances/power-vs-instances.js
+++ b/client/src/lib/state/power-vs-instances/power-vs-instances.js
@@ -324,6 +324,7 @@ function initPowerVsInstance(store) {
         "pi_anti_affinity_instance",
         "pi_anti_affinity_volume",
         "storage_option",
+        "pi_ibmi_rds_users",
       ],
       "power_instances"
     ),
diff --git a/client/src/lib/state/power-vs/power-vs.js b/client/src/lib/state/power-vs/power-vs.js
index 84dc85af..5b27ddb3 100644
--- a/client/src/lib/state/power-vs/power-vs.js
+++ b/client/src/lib/state/power-vs/power-vs.js
@@ -35,55 +35,60 @@ function powerVsOnStoreUpdate(config) {
   if (!config.store.json.power) {
     config.store.json.power = [];
     config.store.json._options.power_vs_zones = [];
-  }
-  config.store.json.power.forEach((workspace) => {
-    setUnfoundResourceGroup(config, workspace);
-    if (!contains(config.store.json._options.power_vs_zones, workspace.zone)) {
-      workspace.zone = null;
-    }
+  } else
+    config.store.json.power.forEach((workspace) => {
+      setUnfoundResourceGroup(config, workspace);
+      if (
+        !contains(
+          config.store.json._options.power_vs_zones || "",
+          workspace.zone
+        )
+      ) {
+        workspace.zone = null;
+      }
 
-    [
-      "ssh_keys",
-      "cloud_connections",
-      "network",
-      "images",
-      "attachments",
-    ].forEach((field) => {
-      workspace[field].forEach((item) => {
-        item.workspace = workspace.name;
-        item.zone = workspace.zone;
-        item.workspace_use_data = workspace.use_data || false;
+      [
+        "ssh_keys",
+        "cloud_connections",
+        "network",
+        "images",
+        "attachments",
+      ].forEach((field) => {
+        workspace[field].forEach((item) => {
+          item.workspace = workspace.name;
+          item.zone = workspace.zone;
+          item.workspace_use_data = workspace.use_data || false;
+        });
       });
-    });
 
-    let selectedImages = [];
-    workspace.images.forEach((image) => {
-      if (contains(workspace.imageNames, image.name)) {
-        selectedImages.push(image);
-      }
-    });
-    workspace.images = selectedImages;
-    // add unfound networks to attachments
-    workspace.network.forEach((nw) => {
-      if (nw.pi_network_jumbo && !nw.pi_network_mtu) {
-        nw.pi_network_mtu = "9000";
-      } else if (!nw.pi_network_mtu && nw.pi_network_jumbo === false) {
-        nw.pi_network_mtu = "1500";
-      } else if (!nw.pi_network_mtu) nw.pi_network_mtu = "";
-      if (!splatContains(workspace.attachments, "network", nw.name)) {
-        workspace.attachments.push({
-          network: nw.name,
-          workspace: workspace.name,
-          zone: workspace.zone,
-          connections: [],
-        });
+      let selectedImages = [];
+      workspace.images.forEach((image) => {
+        if (contains(workspace.imageNames, image.name)) {
+          selectedImages.push(image);
+        }
+      });
+      workspace.images = selectedImages;
+      // add unfound networks to attachments
+      workspace.network.forEach((nw) => {
+        if (nw.pi_network_jumbo && !nw.pi_network_mtu) {
+          nw.pi_network_mtu = "9000";
+        } else if (!nw.pi_network_mtu && nw.pi_network_jumbo === false) {
+          nw.pi_network_mtu = "1500";
+        } else if (!nw.pi_network_mtu) nw.pi_network_mtu = "";
+        if (!splatContains(workspace.attachments, "network", nw.name)) {
+          workspace.attachments.push({
+            network: nw.name,
+            workspace: workspace.name,
+            zone: workspace.zone,
+            connections: [],
+          });
+        }
+      });
+      if (contains(edgeRouterEnabledZones, workspace.zone)) {
+        workspace.cloud_connections = [];
+        workspace.attachments = [];
       }
     });
-    if (contains(edgeRouterEnabledZones, workspace.zone)) {
-      workspace.cloud_connections = [];
-      workspace.attachments = [];
-    }
-  });
 }
 
 /**
diff --git a/client/src/lib/state/reusable-fields.js b/client/src/lib/state/reusable-fields.js
index d5e3f1cb..3bae32d9 100644
--- a/client/src/lib/state/reusable-fields.js
+++ b/client/src/lib/state/reusable-fields.js
@@ -307,12 +307,21 @@ function hasDuplicateName(field, stateData, componentProps, overrideField) {
       "cloud_connections",
       "name"
     );
+  } else if (field === "classic_sg_rules") {
+    allOtherNames = splat(
+      new revision(componentProps.craig.store.json).child(
+        "classic_security_groups",
+        componentProps.arrayParentName
+      ).data.classic_sg_rules,
+      "name"
+    );
   } else if (componentProps) {
     allOtherNames = splat(
       componentProps.craig.store.json[field === "vpc_name" ? "vpcs" : field],
       "name"
     );
   }
+
   if (stateData && componentProps) {
     if (
       // component props.data is not available on load, this line
@@ -724,7 +733,7 @@ function networkingRuleTypeField() {
     default: "",
     invalid: invalidIcmpCodeOrType,
     invalidText: unconditionalInvalidText(
-      "Enter a while number between 0 and 254"
+      "Enter a whole number between 0 and 254"
     ),
     hideWhen: hideWhenTcpOrUdp,
     onInputChange: onRuleFieldInputChange("type"),
@@ -747,7 +756,7 @@ function networkingRuleCodeField() {
     default: "",
     invalid: invalidIcmpCodeOrType,
     invalidText: unconditionalInvalidText(
-      "Enter a while number between 0 and 255"
+      "Enter a whole number between 0 and 255"
     ),
     hideWhen: hideWhenTcpOrUdp,
     onInputChange: onRuleFieldInputChange("code"),
diff --git a/client/src/lib/state/security-groups.js b/client/src/lib/state/security-groups.js
index dcb71e8f..d145db49 100644
--- a/client/src/lib/state/security-groups.js
+++ b/client/src/lib/state/security-groups.js
@@ -7,6 +7,7 @@ const {
   getObjectFromArray,
   contains,
   isIpv4CidrOrAddress,
+  isNullOrEmptyString,
 } = require("lazy-z");
 const { lazyZstate } = require("lazy-z/lib/store");
 const { newDefaultVpeSecurityGroups } = require("./defaults");
@@ -61,6 +62,7 @@ function securityGroupOnStoreUpdate(config) {
     setUnfoundResourceGroup(config, sg);
     if (!splatContains(config.store.json.vpcs, "name", sg.vpc)) {
       sg.vpc = null;
+      sg.use_data = false;
       sg.rules.forEach((rule) => {
         rule.vpc = null;
         rule.sg = sg.name;
@@ -256,6 +258,20 @@ function initSecurityGroupStore(store) {
       "security_groups"
     ),
     schema: {
+      use_data: {
+        type: "toggle",
+        default: false,
+        labelText: "Use Existing Security Group",
+        hideWhen: function (stateData, componentProps) {
+          return (
+            getObjectFromArray(
+              componentProps.craig.store.json.vpcs,
+              "name",
+              stateData.vpc || "" // modal
+            )?.use_data !== true
+          );
+        },
+      },
       name: nameField("security_groups", { size: "small" }),
       resource_group: resourceGroupsField(true),
       vpc: {
@@ -266,6 +282,9 @@ function initSecurityGroupStore(store) {
         invalidText: selectInvalidText("vpc"),
         size: "small",
         groups: vpcGroups,
+        disabled: function (stateData) {
+          return stateData.use_data && !isNullOrEmptyString(stateData.vpc);
+        },
       },
     },
     subComponents: {
diff --git a/client/src/lib/state/state.js b/client/src/lib/state/state.js
index a9cfbf2b..ef30d4f5 100644
--- a/client/src/lib/state/state.js
+++ b/client/src/lib/state/state.js
@@ -50,6 +50,7 @@ const { initVtlStore } = require("./vtl.js");
 const { initSccV2 } = require("./scc-v2.js");
 const { initCisGlbStore } = require("./cis-glb.js");
 const { initFortigateStore } = require("./fortigate.js");
+const { initClassicSecurityGroups } = require("./classic-security-groups.js");
 
 /**
  * get state for craig
@@ -166,6 +167,7 @@ const state = function (legacy) {
   initSccV2(store);
   initCisGlbStore(store);
   initFortigateStore(store);
+  initClassicSecurityGroups(store);
 
   /**
    * hard set config dot json in state store
diff --git a/client/src/lib/state/transit-gateways/transit-gateways.js b/client/src/lib/state/transit-gateways/transit-gateways.js
index 73788d20..ea037ec7 100644
--- a/client/src/lib/state/transit-gateways/transit-gateways.js
+++ b/client/src/lib/state/transit-gateways/transit-gateways.js
@@ -400,6 +400,24 @@ function initTransitGateway(store) {
           return String(stateData.global);
         },
       },
+      classic: {
+        default: false,
+        type: "toggle",
+        labelText: "Enable Classic Connections",
+        onStateChange: function (stateData) {
+          stateData.classic = !stateData.classic;
+          let newConnections = [];
+          stateData.connections.forEach((connection) => {
+            if (!connection.classic) {
+              newConnections.push(connection);
+            }
+          });
+          if (stateData.classic) {
+            newConnections.push({ tgw: stateData.name, classic: true });
+          }
+          stateData.connections = newConnections;
+        },
+      },
     },
     subComponents: {
       gre_tunnels: {
diff --git a/client/src/lib/state/utils.js b/client/src/lib/state/utils.js
index 7f11f8d3..c97e0f45 100644
--- a/client/src/lib/state/utils.js
+++ b/client/src/lib/state/utils.js
@@ -961,12 +961,12 @@ function powerVsStorageType(isVolume) {
     size: "small",
     default: null,
     type: "fetchSelect",
-    labelText: "Storage Type",
+    labelText: "Storage Tiers",
     groups: [],
     invalid: function (stateData) {
       return isNullOrEmptyString(stateData[storageField]);
     },
-    invalidText: selectInvalidText("Storage Type"),
+    invalidText: selectInvalidText("Storage Tier"),
     onRender: function (stateData) {
       return isNullOrEmptyString(stateData[storageField])
         ? ""
diff --git a/client/src/lib/state/vsi.js b/client/src/lib/state/vsi.js
index 8e35d6a1..a35c30d7 100644
--- a/client/src/lib/state/vsi.js
+++ b/client/src/lib/state/vsi.js
@@ -406,6 +406,12 @@ function initVsiStore(store) {
         apiEndpoint: function (stateData, componentProps) {
           return `/api/vsi/${componentProps.craig.store.json._options.region}/images`;
         },
+        tooltip: {
+          content:
+            "When using a Red Had Enterprise Linux Image, additional networking rules must be added to successfully provision your VSI. Ensure outbound traffic is allowed in Security Groups at CIDR range 161.26.0.0/16 for TCP ports 80, 443, and 8443, and for UDP port 53.",
+          align: "top-left",
+          alignModal: "top-left",
+        },
       },
       profile: {
         size: "small",
diff --git a/deploy/power_vs_workspaces/versions.tf b/deploy/power_vs_workspaces/versions.tf
index 5f61f326..d45583b1 100644
--- a/deploy/power_vs_workspaces/versions.tf
+++ b/deploy/power_vs_workspaces/versions.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "~>1.61.0"
+      version = "~>1.63.0"
     }
   }
   required_version = ">=1.4"
diff --git a/unit-tests/api/craig-api.test.js b/unit-tests/api/craig-api.test.js
index 6222f7c9..c3ad4d6f 100644
--- a/unit-tests/api/craig-api.test.js
+++ b/unit-tests/api/craig-api.test.js
@@ -83,7 +83,7 @@ describe("craig api", () => {
         },
         {
           name: "craig/versions.tf",
-          data: '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.61.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
+          data: '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.63.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
         },
         {
           name: "craig/ssh_keys.tf",
@@ -101,6 +101,10 @@ describe("craig api", () => {
           data: '                                 Apache License\nVersion 2.0, January 2004\nhttp://www.apache.org/licenses/\n\nTERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n1. Definitions.\n\n"License" shall mean the terms and conditions for use, reproduction,\nand distribution as defined by Sections 1 through 9 of this document.\n\n"Licensor" shall mean the copyright owner or entity authorized by\nthe copyright owner that is granting the License.\n\n"Legal Entity" shall mean the union of the acting entity and all\nother entities that control, are controlled by, or are under common\ncontrol with that entity. For the purposes of this definition,\n"control" means (i) the power, direct or indirect, to cause the\ndirection or management of such entity, whether by contract or\notherwise, or (ii) ownership of fifty percent (50%) or more of the\noutstanding shares, or (iii) beneficial ownership of such entity.\n\n"You" (or "Your") shall mean an individual or Legal Entity\nexercising permissions granted by this License.\n\n"Source" form shall mean the preferred form for making modifications,\nincluding but not limited to software source code, documentation\nsource, and configuration files.\n\n"Object" form shall mean any form resulting from mechanical\ntransformation or translation of a Source form, including but\nnot limited to compiled object code, generated documentation,\nand conversions to other media types.\n\n"Work" shall mean the work of authorship, whether in Source or\nObject form, made available under the License, as indicated by a\ncopyright notice that is included in or attached to the work\n(an example is provided in the Appendix below).\n\n"Derivative Works" shall mean any work, whether in Source or Object\nform, that is based on (or derived from) the Work and for which the\neditorial revisions, annotations, elaborations, or other modifications\nrepresent, as a whole, an original work of authorship. For the purposes\nof this License, Derivative Works shall not include works that remain\nseparable from, or merely link (or bind by name) to the interfaces of,\nthe Work and Derivative Works thereof.\n\n"Contribution" shall mean any work of authorship, including\nthe original version of the Work and any modifications or additions\nto that Work or Derivative Works thereof, that is intentionally\nsubmitted to Licensor for inclusion in the Work by the copyright owner\nor by an individual or Legal Entity authorized to submit on behalf of\nthe copyright owner. For the purposes of this definition, "submitted"\nmeans any form of electronic, verbal, or written communication sent\nto the Licensor or its representatives, including but not limited to\ncommunication on electronic mailing lists, source code control systems,\nand issue tracking systems that are managed by, or on behalf of, the\nLicensor for the purpose of discussing and improving the Work, but\nexcluding communication that is conspicuously marked or otherwise\ndesignated in writing by the copyright owner as "Not a Contribution."\n\n"Contributor" shall mean Licensor and any individual or Legal Entity\non behalf of whom a Contribution has been received by Licensor and\nsubsequently incorporated within the Work.\n\n2. Grant of Copyright License. Subject to the terms and conditions of\nthis License, each Contributor hereby grants to You a perpetual,\nworldwide, non-exclusive, no-charge, royalty-free, irrevocable\ncopyright license to reproduce, prepare Derivative Works of,\npublicly display, publicly perform, sublicense, and distribute the\nWork and such Derivative Works in Source or Object form.\n\n3. Grant of Patent License. Subject to the terms and conditions of\nthis License, each Contributor hereby grants to You a perpetual,\nworldwide, non-exclusive, no-charge, royalty-free, irrevocable\n(except as stated in this section) patent license to make, have made,\nuse, offer to sell, sell, import, and otherwise transfer the Work,\nwhere such license applies only to those patent claims licensable\nby such Contributor that are necessarily infringed by their\nContribution(s) alone or by combination of their Contribution(s)\nwith the Work to which such Contribution(s) was submitted. If You\ninstitute patent litigation against any entity (including a\ncross-claim or counterclaim in a lawsuit) alleging that the Work\nor a Contribution incorporated within the Work constitutes direct\nor contributory patent infringement, then any patent licenses\ngranted to You under this License for that Work shall terminate\nas of the date such litigation is filed.\n\n4. Redistribution. You may reproduce and distribute copies of the\nWork or Derivative Works thereof in any medium, with or without\nmodifications, and in Source or Object form, provided that You\nmeet the following conditions:\n\n(a) You must give any other recipients of the Work or\nDerivative Works a copy of this License; and\n\n(b) You must cause any modified files to carry prominent notices\nstating that You changed the files; and\n\n(c) You must retain, in the Source form of any Derivative Works\nthat You distribute, all copyright, patent, trademark, and\nattribution notices from the Source form of the Work,\nexcluding those notices that do not pertain to any part of\nthe Derivative Works; and\n\n(d) If the Work includes a "NOTICE" text file as part of its\ndistribution, then any Derivative Works that You distribute must\ninclude a readable copy of the attribution notices contained\nwithin such NOTICE file, excluding those notices that do not\npertain to any part of the Derivative Works, in at least one\nof the following places: within a NOTICE text file distributed\nas part of the Derivative Works; within the Source form or\ndocumentation, if provided along with the Derivative Works; or,\nwithin a display generated by the Derivative Works, if and\nwherever such third-party notices normally appear. The contents\nof the NOTICE file are for informational purposes only and\ndo not modify the License. You may add Your own attribution\nnotices within Derivative Works that You distribute, alongside\nor as an addendum to the NOTICE text from the Work, provided\nthat such additional attribution notices cannot be construed\nas modifying the License.\n\nYou may add Your own copyright statement to Your modifications and\nmay provide additional or different license terms and conditions\nfor use, reproduction, or distribution of Your modifications, or\nfor any such Derivative Works as a whole, provided Your use,\nreproduction, and distribution of the Work otherwise complies with\nthe conditions stated in this License.\n\n5. Submission of Contributions. Unless You explicitly state otherwise,\nany Contribution intentionally submitted for inclusion in the Work\nby You to the Licensor shall be under the terms and conditions of\nthis License, without any additional terms or conditions.\nNotwithstanding the above, nothing herein shall supersede or modify\nthe terms of any separate license agreement you may have executed\nwith Licensor regarding such Contributions.\n\n6. Trademarks. This License does not grant permission to use the trade\nnames, trademarks, service marks, or product names of the Licensor,\nexcept as required for reasonable and customary use in describing the\norigin of the Work and reproducing the content of the NOTICE file.\n\n7. Disclaimer of Warranty. Unless required by applicable law or\nagreed to in writing, Licensor provides the Work (and each\nContributor provides its Contributions) on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\nimplied, including, without limitation, any warranties or conditions\nof TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\nPARTICULAR PURPOSE. You are solely responsible for determining the\nappropriateness of using or redistributing the Work and assume any\nrisks associated with Your exercise of permissions under this License.\n\n8. Limitation of Liability. In no event and under no legal theory,\nwhether in tort (including negligence), contract, or otherwise,\nunless required by applicable law (such as deliberate and grossly\nnegligent acts) or agreed to in writing, shall any Contributor be\nliable to You for damages, including any direct, indirect, special,\nincidental, or consequential damages of any character arising as a\nresult of this License or out of the use or inability to use the\nWork (including but not limited to damages for loss of goodwill,\nwork stoppage, computer failure or malfunction, or any and all\nother commercial damages or losses), even if such Contributor\nhas been advised of the possibility of such damages.\n\n9. Accepting Warranty or Additional Liability. While redistributing\nthe Work or Derivative Works thereof, You may choose to offer,\nand charge a fee for, acceptance of support, warranty, indemnity,\nor other liability obligations and/or rights consistent with this\nLicense. However, in accepting such obligations, You may act only\non Your own behalf and on Your sole responsibility, not on behalf\nof any other Contributor, and only if You agree to indemnify,\ndefend, and hold each Contributor harmless for any liability\nincurred by, or claims asserted against, such Contributor by reason\nof your accepting any such warranty or additional liability.\n\nEND OF TERMS AND CONDITIONS\n\nAPPENDIX: How to apply the Apache License to your work.\n\nTo apply the Apache License to your work, attach the following\nboilerplate notice, with the fields enclosed by brackets "[]"\nreplaced with your own identifying information. (Don\'t include\nthe brackets!)  The text should be enclosed in the appropriate\ncomment syntax for the file format. We also recommend that a\nfile or class name and description of purpose be included on the\nsame "printed page" as the copyright notice for easier\nidentification within third-party archives.\n\nCopyright [yyyy] [name of copyright owner]\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n',
           name: "craig/LICENSE",
         },
+        {
+          name: "craig/outputs.tf",
+          data: '##############################################################################\n# Management VPC Outputs\n##############################################################################\n\noutput "management_vpc_name" {\n  value = module.management_vpc.name\n}\n\noutput "management_vpc_id" {\n  value = module.management_vpc.id\n}\n\noutput "management_vpc_crn" {\n  value = module.management_vpc.crn\n}\n\noutput "management_vpc_subnet_vsi_zone_1_name" {\n  value = module.management_vpc.vsi_zone_1_name\n}\n\noutput "management_vpc_subnet_vsi_zone_1_id" {\n  value = module.management_vpc.vsi_zone_1_id\n}\n\noutput "management_vpc_subnet_vsi_zone_1_crn" {\n  value = module.management_vpc.vsi_zone_1_crn\n}\n\noutput "management_vpc_subnet_vpn_zone_1_name" {\n  value = module.management_vpc.vpn_zone_1_name\n}\n\noutput "management_vpc_subnet_vpn_zone_1_id" {\n  value = module.management_vpc.vpn_zone_1_id\n}\n\noutput "management_vpc_subnet_vpn_zone_1_crn" {\n  value = module.management_vpc.vpn_zone_1_crn\n}\n\noutput "management_vpc_subnet_vsi_zone_2_name" {\n  value = module.management_vpc.vsi_zone_2_name\n}\n\noutput "management_vpc_subnet_vsi_zone_2_id" {\n  value = module.management_vpc.vsi_zone_2_id\n}\n\noutput "management_vpc_subnet_vsi_zone_2_crn" {\n  value = module.management_vpc.vsi_zone_2_crn\n}\n\noutput "management_vpc_subnet_vsi_zone_3_name" {\n  value = module.management_vpc.vsi_zone_3_name\n}\n\noutput "management_vpc_subnet_vsi_zone_3_id" {\n  value = module.management_vpc.vsi_zone_3_id\n}\n\noutput "management_vpc_subnet_vsi_zone_3_crn" {\n  value = module.management_vpc.vsi_zone_3_crn\n}\n\noutput "management_vpc_subnet_vpe_zone_1_name" {\n  value = module.management_vpc.vpe_zone_1_name\n}\n\noutput "management_vpc_subnet_vpe_zone_1_id" {\n  value = module.management_vpc.vpe_zone_1_id\n}\n\noutput "management_vpc_subnet_vpe_zone_1_crn" {\n  value = module.management_vpc.vpe_zone_1_crn\n}\n\noutput "management_vpc_subnet_vpe_zone_2_name" {\n  value = module.management_vpc.vpe_zone_2_name\n}\n\noutput "management_vpc_subnet_vpe_zone_2_id" {\n  value = module.management_vpc.vpe_zone_2_id\n}\n\noutput "management_vpc_subnet_vpe_zone_2_crn" {\n  value = module.management_vpc.vpe_zone_2_crn\n}\n\noutput "management_vpc_subnet_vpe_zone_3_name" {\n  value = module.management_vpc.vpe_zone_3_name\n}\n\noutput "management_vpc_subnet_vpe_zone_3_id" {\n  value = module.management_vpc.vpe_zone_3_id\n}\n\noutput "management_vpc_subnet_vpe_zone_3_crn" {\n  value = module.management_vpc.vpe_zone_3_crn\n}\n\noutput "management_vpc_security_group_management_vpe_name" {\n  value = module.management_vpc.management_vpe_name\n}\n\noutput "management_vpc_security_group_management_vpe_id" {\n  value = module.management_vpc.management_vpe_id\n}\n\noutput "management_vpc_security_group_management_vsi_name" {\n  value = module.management_vpc.management_vsi_name\n}\n\noutput "management_vpc_security_group_management_vsi_id" {\n  value = module.management_vpc.management_vsi_id\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPC Outputs\n##############################################################################\n\noutput "workload_vpc_name" {\n  value = module.workload_vpc.name\n}\n\noutput "workload_vpc_id" {\n  value = module.workload_vpc.id\n}\n\noutput "workload_vpc_crn" {\n  value = module.workload_vpc.crn\n}\n\noutput "workload_vpc_subnet_vsi_zone_1_name" {\n  value = module.workload_vpc.vsi_zone_1_name\n}\n\noutput "workload_vpc_subnet_vsi_zone_1_id" {\n  value = module.workload_vpc.vsi_zone_1_id\n}\n\noutput "workload_vpc_subnet_vsi_zone_1_crn" {\n  value = module.workload_vpc.vsi_zone_1_crn\n}\n\noutput "workload_vpc_subnet_vsi_zone_2_name" {\n  value = module.workload_vpc.vsi_zone_2_name\n}\n\noutput "workload_vpc_subnet_vsi_zone_2_id" {\n  value = module.workload_vpc.vsi_zone_2_id\n}\n\noutput "workload_vpc_subnet_vsi_zone_2_crn" {\n  value = module.workload_vpc.vsi_zone_2_crn\n}\n\noutput "workload_vpc_subnet_vsi_zone_3_name" {\n  value = module.workload_vpc.vsi_zone_3_name\n}\n\noutput "workload_vpc_subnet_vsi_zone_3_id" {\n  value = module.workload_vpc.vsi_zone_3_id\n}\n\noutput "workload_vpc_subnet_vsi_zone_3_crn" {\n  value = module.workload_vpc.vsi_zone_3_crn\n}\n\noutput "workload_vpc_subnet_vpe_zone_1_name" {\n  value = module.workload_vpc.vpe_zone_1_name\n}\n\noutput "workload_vpc_subnet_vpe_zone_1_id" {\n  value = module.workload_vpc.vpe_zone_1_id\n}\n\noutput "workload_vpc_subnet_vpe_zone_1_crn" {\n  value = module.workload_vpc.vpe_zone_1_crn\n}\n\noutput "workload_vpc_subnet_vpe_zone_2_name" {\n  value = module.workload_vpc.vpe_zone_2_name\n}\n\noutput "workload_vpc_subnet_vpe_zone_2_id" {\n  value = module.workload_vpc.vpe_zone_2_id\n}\n\noutput "workload_vpc_subnet_vpe_zone_2_crn" {\n  value = module.workload_vpc.vpe_zone_2_crn\n}\n\noutput "workload_vpc_subnet_vpe_zone_3_name" {\n  value = module.workload_vpc.vpe_zone_3_name\n}\n\noutput "workload_vpc_subnet_vpe_zone_3_id" {\n  value = module.workload_vpc.vpe_zone_3_id\n}\n\noutput "workload_vpc_subnet_vpe_zone_3_crn" {\n  value = module.workload_vpc.vpe_zone_3_crn\n}\n\noutput "workload_vpc_security_group_workload_vpe_name" {\n  value = module.workload_vpc.workload_vpe_name\n}\n\noutput "workload_vpc_security_group_workload_vpe_id" {\n  value = module.workload_vpc.workload_vpe_id\n}\n\n##############################################################################\n\n##############################################################################\n# Management Vpc Management Server Deployment Outputs\n##############################################################################\n\noutput "management_vpc_management_server_vsi_1_1_primary_ip_address" {\n  value = ibm_is_instance.management_vpc_management_server_vsi_1_1.primary_network_interface[0].primary_ipv4_address\n}\n\noutput "management_vpc_management_server_vsi_1_2_primary_ip_address" {\n  value = ibm_is_instance.management_vpc_management_server_vsi_1_2.primary_network_interface[0].primary_ipv4_address\n}\n\noutput "management_vpc_management_server_vsi_2_1_primary_ip_address" {\n  value = ibm_is_instance.management_vpc_management_server_vsi_2_1.primary_network_interface[0].primary_ipv4_address\n}\n\noutput "management_vpc_management_server_vsi_2_2_primary_ip_address" {\n  value = ibm_is_instance.management_vpc_management_server_vsi_2_2.primary_network_interface[0].primary_ipv4_address\n}\n\noutput "management_vpc_management_server_vsi_3_1_primary_ip_address" {\n  value = ibm_is_instance.management_vpc_management_server_vsi_3_1.primary_network_interface[0].primary_ipv4_address\n}\n\noutput "management_vpc_management_server_vsi_3_2_primary_ip_address" {\n  value = ibm_is_instance.management_vpc_management_server_vsi_3_2.primary_network_interface[0].primary_ipv4_address\n}\n\n##############################################################################\n',
+        },
         { name: "craig/management_vpc", data: "" },
         { name: "craig/management_vpc", data: "" },
         {
@@ -109,7 +113,7 @@ describe("craig api", () => {
         },
         {
           name: "craig/management_vpc/versions.tf",
-          data: '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.61.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
+          data: '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.63.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
         },
         {
           name: "craig/management_vpc/variables.tf",
@@ -129,7 +133,7 @@ describe("craig api", () => {
         },
         {
           name: "craig/management_vpc/outputs.tf",
-          data: '##############################################################################\n# Management VPC Outputs\n##############################################################################\n\noutput "id" {\n  value = ibm_is_vpc.management_vpc.id\n}\n\noutput "crn" {\n  value = ibm_is_vpc.management_vpc.crn\n}\n\noutput "vsi_zone_1_id" {\n  value = ibm_is_subnet.management_vsi_zone_1.id\n}\n\noutput "vsi_zone_1_crn" {\n  value = ibm_is_subnet.management_vsi_zone_1.crn\n}\n\noutput "vpn_zone_1_id" {\n  value = ibm_is_subnet.management_vpn_zone_1.id\n}\n\noutput "vpn_zone_1_crn" {\n  value = ibm_is_subnet.management_vpn_zone_1.crn\n}\n\noutput "vsi_zone_2_id" {\n  value = ibm_is_subnet.management_vsi_zone_2.id\n}\n\noutput "vsi_zone_2_crn" {\n  value = ibm_is_subnet.management_vsi_zone_2.crn\n}\n\noutput "vsi_zone_3_id" {\n  value = ibm_is_subnet.management_vsi_zone_3.id\n}\n\noutput "vsi_zone_3_crn" {\n  value = ibm_is_subnet.management_vsi_zone_3.crn\n}\n\noutput "vpe_zone_1_id" {\n  value = ibm_is_subnet.management_vpe_zone_1.id\n}\n\noutput "vpe_zone_1_crn" {\n  value = ibm_is_subnet.management_vpe_zone_1.crn\n}\n\noutput "vpe_zone_2_id" {\n  value = ibm_is_subnet.management_vpe_zone_2.id\n}\n\noutput "vpe_zone_2_crn" {\n  value = ibm_is_subnet.management_vpe_zone_2.crn\n}\n\noutput "vpe_zone_3_id" {\n  value = ibm_is_subnet.management_vpe_zone_3.id\n}\n\noutput "vpe_zone_3_crn" {\n  value = ibm_is_subnet.management_vpe_zone_3.crn\n}\n\noutput "management_vpe_id" {\n  value = ibm_is_security_group.management_vpc_management_vpe_sg.id\n}\n\noutput "management_vsi_id" {\n  value = ibm_is_security_group.management_vpc_management_vsi_sg.id\n}\n\n##############################################################################\n',
+          data: '##############################################################################\n# Management VPC Outputs\n##############################################################################\n\noutput "name" {\n  value = ibm_is_vpc.management_vpc.name\n}\n\noutput "id" {\n  value = ibm_is_vpc.management_vpc.id\n}\n\noutput "crn" {\n  value = ibm_is_vpc.management_vpc.crn\n}\n\noutput "vsi_zone_1_name" {\n  value = ibm_is_subnet.management_vsi_zone_1.name\n}\n\noutput "vsi_zone_1_id" {\n  value = ibm_is_subnet.management_vsi_zone_1.id\n}\n\noutput "vsi_zone_1_crn" {\n  value = ibm_is_subnet.management_vsi_zone_1.crn\n}\n\noutput "vpn_zone_1_name" {\n  value = ibm_is_subnet.management_vpn_zone_1.name\n}\n\noutput "vpn_zone_1_id" {\n  value = ibm_is_subnet.management_vpn_zone_1.id\n}\n\noutput "vpn_zone_1_crn" {\n  value = ibm_is_subnet.management_vpn_zone_1.crn\n}\n\noutput "vsi_zone_2_name" {\n  value = ibm_is_subnet.management_vsi_zone_2.name\n}\n\noutput "vsi_zone_2_id" {\n  value = ibm_is_subnet.management_vsi_zone_2.id\n}\n\noutput "vsi_zone_2_crn" {\n  value = ibm_is_subnet.management_vsi_zone_2.crn\n}\n\noutput "vsi_zone_3_name" {\n  value = ibm_is_subnet.management_vsi_zone_3.name\n}\n\noutput "vsi_zone_3_id" {\n  value = ibm_is_subnet.management_vsi_zone_3.id\n}\n\noutput "vsi_zone_3_crn" {\n  value = ibm_is_subnet.management_vsi_zone_3.crn\n}\n\noutput "vpe_zone_1_name" {\n  value = ibm_is_subnet.management_vpe_zone_1.name\n}\n\noutput "vpe_zone_1_id" {\n  value = ibm_is_subnet.management_vpe_zone_1.id\n}\n\noutput "vpe_zone_1_crn" {\n  value = ibm_is_subnet.management_vpe_zone_1.crn\n}\n\noutput "vpe_zone_2_name" {\n  value = ibm_is_subnet.management_vpe_zone_2.name\n}\n\noutput "vpe_zone_2_id" {\n  value = ibm_is_subnet.management_vpe_zone_2.id\n}\n\noutput "vpe_zone_2_crn" {\n  value = ibm_is_subnet.management_vpe_zone_2.crn\n}\n\noutput "vpe_zone_3_name" {\n  value = ibm_is_subnet.management_vpe_zone_3.name\n}\n\noutput "vpe_zone_3_id" {\n  value = ibm_is_subnet.management_vpe_zone_3.id\n}\n\noutput "vpe_zone_3_crn" {\n  value = ibm_is_subnet.management_vpe_zone_3.crn\n}\n\noutput "management_vpe_name" {\n  value = ibm_is_security_group.management_vpc_management_vpe_sg.name\n}\n\noutput "management_vpe_id" {\n  value = ibm_is_security_group.management_vpc_management_vpe_sg.id\n}\n\noutput "management_vsi_name" {\n  value = ibm_is_security_group.management_vpc_management_vsi_sg.name\n}\n\noutput "management_vsi_id" {\n  value = ibm_is_security_group.management_vpc_management_vsi_sg.id\n}\n\n##############################################################################\n',
         },
         { name: "craig/workload_vpc", data: "" },
         { name: "craig/workload_vpc", data: "" },
@@ -139,7 +143,7 @@ describe("craig api", () => {
         },
         {
           name: "craig/workload_vpc/versions.tf",
-          data: '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.61.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
+          data: '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.63.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
         },
         {
           name: "craig/workload_vpc/variables.tf",
@@ -155,7 +159,7 @@ describe("craig api", () => {
         },
         {
           name: "craig/workload_vpc/outputs.tf",
-          data: '##############################################################################\n# Workload VPC Outputs\n##############################################################################\n\noutput "id" {\n  value = ibm_is_vpc.workload_vpc.id\n}\n\noutput "crn" {\n  value = ibm_is_vpc.workload_vpc.crn\n}\n\noutput "vsi_zone_1_id" {\n  value = ibm_is_subnet.workload_vsi_zone_1.id\n}\n\noutput "vsi_zone_1_crn" {\n  value = ibm_is_subnet.workload_vsi_zone_1.crn\n}\n\noutput "vsi_zone_2_id" {\n  value = ibm_is_subnet.workload_vsi_zone_2.id\n}\n\noutput "vsi_zone_2_crn" {\n  value = ibm_is_subnet.workload_vsi_zone_2.crn\n}\n\noutput "vsi_zone_3_id" {\n  value = ibm_is_subnet.workload_vsi_zone_3.id\n}\n\noutput "vsi_zone_3_crn" {\n  value = ibm_is_subnet.workload_vsi_zone_3.crn\n}\n\noutput "vpe_zone_1_id" {\n  value = ibm_is_subnet.workload_vpe_zone_1.id\n}\n\noutput "vpe_zone_1_crn" {\n  value = ibm_is_subnet.workload_vpe_zone_1.crn\n}\n\noutput "vpe_zone_2_id" {\n  value = ibm_is_subnet.workload_vpe_zone_2.id\n}\n\noutput "vpe_zone_2_crn" {\n  value = ibm_is_subnet.workload_vpe_zone_2.crn\n}\n\noutput "vpe_zone_3_id" {\n  value = ibm_is_subnet.workload_vpe_zone_3.id\n}\n\noutput "vpe_zone_3_crn" {\n  value = ibm_is_subnet.workload_vpe_zone_3.crn\n}\n\noutput "workload_vpe_id" {\n  value = ibm_is_security_group.workload_vpc_workload_vpe_sg.id\n}\n\n##############################################################################\n',
+          data: '##############################################################################\n# Workload VPC Outputs\n##############################################################################\n\noutput "name" {\n  value = ibm_is_vpc.workload_vpc.name\n}\n\noutput "id" {\n  value = ibm_is_vpc.workload_vpc.id\n}\n\noutput "crn" {\n  value = ibm_is_vpc.workload_vpc.crn\n}\n\noutput "vsi_zone_1_name" {\n  value = ibm_is_subnet.workload_vsi_zone_1.name\n}\n\noutput "vsi_zone_1_id" {\n  value = ibm_is_subnet.workload_vsi_zone_1.id\n}\n\noutput "vsi_zone_1_crn" {\n  value = ibm_is_subnet.workload_vsi_zone_1.crn\n}\n\noutput "vsi_zone_2_name" {\n  value = ibm_is_subnet.workload_vsi_zone_2.name\n}\n\noutput "vsi_zone_2_id" {\n  value = ibm_is_subnet.workload_vsi_zone_2.id\n}\n\noutput "vsi_zone_2_crn" {\n  value = ibm_is_subnet.workload_vsi_zone_2.crn\n}\n\noutput "vsi_zone_3_name" {\n  value = ibm_is_subnet.workload_vsi_zone_3.name\n}\n\noutput "vsi_zone_3_id" {\n  value = ibm_is_subnet.workload_vsi_zone_3.id\n}\n\noutput "vsi_zone_3_crn" {\n  value = ibm_is_subnet.workload_vsi_zone_3.crn\n}\n\noutput "vpe_zone_1_name" {\n  value = ibm_is_subnet.workload_vpe_zone_1.name\n}\n\noutput "vpe_zone_1_id" {\n  value = ibm_is_subnet.workload_vpe_zone_1.id\n}\n\noutput "vpe_zone_1_crn" {\n  value = ibm_is_subnet.workload_vpe_zone_1.crn\n}\n\noutput "vpe_zone_2_name" {\n  value = ibm_is_subnet.workload_vpe_zone_2.name\n}\n\noutput "vpe_zone_2_id" {\n  value = ibm_is_subnet.workload_vpe_zone_2.id\n}\n\noutput "vpe_zone_2_crn" {\n  value = ibm_is_subnet.workload_vpe_zone_2.crn\n}\n\noutput "vpe_zone_3_name" {\n  value = ibm_is_subnet.workload_vpe_zone_3.name\n}\n\noutput "vpe_zone_3_id" {\n  value = ibm_is_subnet.workload_vpe_zone_3.id\n}\n\noutput "vpe_zone_3_crn" {\n  value = ibm_is_subnet.workload_vpe_zone_3.crn\n}\n\noutput "workload_vpe_name" {\n  value = ibm_is_security_group.workload_vpc_workload_vpe_sg.name\n}\n\noutput "workload_vpe_id" {\n  value = ibm_is_security_group.workload_vpc_workload_vpe_sg.id\n}\n\n##############################################################################\n',
         },
       ];
       let mockController = {
@@ -262,7 +266,7 @@ describe("craig api", () => {
             "  required_providers {\n" +
             "    ibm = {\n" +
             '      source  = "IBM-Cloud/ibm"\n' +
-            '      version = "~>1.61.0"\n' +
+            '      version = "~>1.63.0"\n' +
             "    }\n" +
             "  }\n" +
             '  required_version = ">=1.5"\n' +
diff --git a/unit-tests/api/stats-api.test.js b/unit-tests/api/stats-api.test.js
new file mode 100644
index 00000000..36bc62c6
--- /dev/null
+++ b/unit-tests/api/stats-api.test.js
@@ -0,0 +1,149 @@
+const { assert } = require("chai");
+const controller = require("../../express-controllers/controller");
+const res = require("../mocks/response.mock");
+const { initMockAxios } = require("lazy-z");
+
+describe("getStats", () => {
+  it("should respond with the an error", () => {
+    let { axios } = initMockAxios({}, true);
+    let testController = new controller(axios);
+    testController.getStats({}, res).catch(() => {
+      assert.isTrue(res.send.calledOnce);
+    });
+  });
+  it("should respond with the correct reference stats", () => {
+    let { axios } = initMockAxios(
+      {
+        tree: [
+          {
+            path: "2024-01-10-traffic-stats/2024-01-10-20h-36m-clone-stats.csv",
+          },
+        ],
+      },
+      false
+    );
+    axios.get = () => {
+      return {
+        data:
+          "repository_name,site,views,unique_visitors/cloners" +
+          "CRAIG,github.com,416,7" +
+          "CRAIG,ibm.webex.com,57,16" +
+          "CRAIG,ibm.seismic.com,43,5",
+      };
+    };
+    let testController = new controller(axios);
+    return testController.getStats({}, res).then(() => {
+      assert.deepEqual(res.send.lastCall.args, [
+        {
+          views: {},
+          clones: {},
+          refs: {
+            "github.com": 416,
+            "ibm.webex.com": 57,
+            "ibm.seismic.com": 43,
+          },
+        },
+      ]);
+    });
+  });
+  it("should respond with the correct clone stats", () => {
+    let { axios } = initMockAxios(
+      {
+        tree: [
+          {
+            path: "2024-01-10-traffic-stats/2024-01-10-20h-36m-clone-stats.csv",
+          },
+        ],
+      },
+      false
+    );
+    axios.get = () => {
+      return {
+        data:
+          "repository_name,date,clones,unique_visitors/cloners\r\n" +
+          "CRAIG,2024-02-02,7,5\r\n" +
+          "CRAIG,2024-02-03,3,3\r\n" +
+          "CRAIG,2024-02-04,2,2\r\n" +
+          "CRAIG,2024-02-05,4,4\r\n" +
+          "CRAIG,2024-02-06,15,12\r\n",
+      };
+    };
+    let testController = new controller(axios);
+    return testController.getStats({}, res).then(() => {
+      assert.deepEqual(res.send.lastCall.args, [
+        {
+          views: {},
+          clones: {
+            "2024-02-02": "7",
+            "2024-02-03": "3",
+            "2024-02-04": "2",
+            "2024-02-05": "4",
+            "2024-02-06": "15",
+          },
+          refs: {},
+        },
+      ]);
+    });
+  });
+  it("should respond with the correct view stats", () => {
+    let { axios } = initMockAxios(
+      {
+        tree: [
+          {
+            path: "2024-01-10-traffic-stats/2024-01-10-20h-36m-clone-stats.csv",
+          },
+        ],
+      },
+      false
+    );
+    axios.get = () => {
+      return {
+        data:
+          "repository_name,date,views,unique_visitors/cloners\r\n" +
+          "CRAIG,2024-02-02,7,5\r\n" +
+          "CRAIG,2024-02-03,3,3\r\n" +
+          "CRAIG,2024-02-04,2,2\r\n" +
+          "CRAIG,2024-02-05,4,4\r\n" +
+          "CRAIG,2024-02-06,15,12\r\n",
+      };
+    };
+    let testController = new controller(axios);
+    return testController.getStats({}, res).then(() => {
+      assert.deepEqual(res.send.lastCall.args, [
+        {
+          views: {
+            "2024-02-02": "7",
+            "2024-02-03": "3",
+            "2024-02-04": "2",
+            "2024-02-05": "4",
+            "2024-02-06": "15",
+          },
+          clones: {},
+          refs: {},
+        },
+      ]);
+    });
+  });
+  it("should ignore non stats paths", () => {
+    let { axios } = initMockAxios(
+      {
+        tree: [
+          {
+            path: "ignore/this/path",
+          },
+        ],
+      },
+      false
+    );
+    let testController = new controller(axios);
+    return testController.getStats({}, res).then(() => {
+      assert.deepEqual(res.send.lastCall.args, [
+        {
+          views: {},
+          clones: {},
+          refs: {},
+        },
+      ]);
+    });
+  });
+});
diff --git a/unit-tests/craig-to-cdktf.test.js b/unit-tests/craig-to-cdktf.test.js
index 998458eb..b3a5a2fb 100644
--- a/unit-tests/craig-to-cdktf.test.js
+++ b/unit-tests/craig-to-cdktf.test.js
@@ -1883,19 +1883,53 @@ describe("craigToCdktf", () => {
           },
         },
         output: {
-          id: { value: "${ibm_is_vpc.management_vpc.id}" },
-          crn: { value: "${ibm_is_vpc.management_vpc.crn}" },
+          name: {
+            value: "${ibm_is_vpc.management_vpc.name}",
+          },
+          id: {
+            value: "${ibm_is_vpc.management_vpc.id}",
+          },
+          crn: {
+            value: "${ibm_is_vpc.management_vpc.crn}",
+          },
+          vpe_zone_1_name: {
+            value: "${ibm_is_subnet.management_vpe_zone_1.name}",
+          },
+          vpe_zone_1_id: {
+            value: "${ibm_is_subnet.management_vpe_zone_1.id}",
+          },
+          vpe_zone_1_crn: {
+            value: "${ibm_is_subnet.management_vpe_zone_1.crn}",
+          },
+          vpe_zone_2_name: {
+            value: "${ibm_is_subnet.management_vpe_zone_2.name}",
+          },
+          vpe_zone_2_id: {
+            value: "${ibm_is_subnet.management_vpe_zone_2.id}",
+          },
+          vpe_zone_2_crn: {
+            value: "${ibm_is_subnet.management_vpe_zone_2.crn}",
+          },
+          vpe_zone_3_name: {
+            value: "${ibm_is_subnet.management_vpe_zone_3.name}",
+          },
+          vpe_zone_3_id: {
+            value: "${ibm_is_subnet.management_vpe_zone_3.id}",
+          },
+          vpe_zone_3_crn: {
+            value: "${ibm_is_subnet.management_vpe_zone_3.crn}",
+          },
+          vsi_zone_1_name: {
+            value: "${ibm_is_subnet.management_vsi_zone_1.name}",
+          },
           vsi_zone_1_id: {
             value: "${ibm_is_subnet.management_vsi_zone_1.id}",
           },
           vsi_zone_1_crn: {
             value: "${ibm_is_subnet.management_vsi_zone_1.crn}",
           },
-          vpn_zone_1_id: {
-            value: "${ibm_is_subnet.management_vpn_zone_1.id}",
-          },
-          vpn_zone_1_crn: {
-            value: "${ibm_is_subnet.management_vpn_zone_1.crn}",
+          vsi_zone_2_name: {
+            value: "${ibm_is_subnet.management_vsi_zone_2.name}",
           },
           vsi_zone_2_id: {
             value: "${ibm_is_subnet.management_vsi_zone_2.id}",
@@ -1903,29 +1937,27 @@ describe("craigToCdktf", () => {
           vsi_zone_2_crn: {
             value: "${ibm_is_subnet.management_vsi_zone_2.crn}",
           },
+          vsi_zone_3_name: {
+            value: "${ibm_is_subnet.management_vsi_zone_3.name}",
+          },
           vsi_zone_3_id: {
             value: "${ibm_is_subnet.management_vsi_zone_3.id}",
           },
           vsi_zone_3_crn: {
             value: "${ibm_is_subnet.management_vsi_zone_3.crn}",
           },
-          vpe_zone_1_id: {
-            value: "${ibm_is_subnet.management_vpe_zone_1.id}",
-          },
-          vpe_zone_1_crn: {
-            value: "${ibm_is_subnet.management_vpe_zone_1.crn}",
+          vpn_zone_1_name: {
+            value: "${ibm_is_subnet.management_vpn_zone_1.name}",
           },
-          vpe_zone_2_id: {
-            value: "${ibm_is_subnet.management_vpe_zone_2.id}",
-          },
-          vpe_zone_2_crn: {
-            value: "${ibm_is_subnet.management_vpe_zone_2.crn}",
+          vpn_zone_1_id: {
+            value: "${ibm_is_subnet.management_vpn_zone_1.id}",
           },
-          vpe_zone_3_id: {
-            value: "${ibm_is_subnet.management_vpe_zone_3.id}",
+          vpn_zone_1_crn: {
+            value: "${ibm_is_subnet.management_vpn_zone_1.crn}",
           },
-          vpe_zone_3_crn: {
-            value: "${ibm_is_subnet.management_vpe_zone_3.crn}",
+          management_vpe_sg_name: {
+            value:
+              "${ibm_is_security_group.management_vpc_management_vpe_sg_sg.name}",
           },
           management_vpe_sg_id: {
             value:
diff --git a/unit-tests/data-files/config-to-files/modules-power-config-to-files.json b/unit-tests/data-files/config-to-files/modules-power-config-to-files.json
index b944c20d..5365b2ba 100644
--- a/unit-tests/data-files/config-to-files/modules-power-config-to-files.json
+++ b/unit-tests/data-files/config-to-files/modules-power-config-to-files.json
@@ -6,14 +6,14 @@
       "rt_routing_table.tf": "##############################################################################\n# Routing Table Routing Table\n##############################################################################\n\nresource \"ibm_is_vpc_routing_table\" \"management_vpc_routing_table_table\" {\n  name                          = \"${var.prefix}-management-vpc-routing-table-table\"\n  vpc                           = ibm_is_vpc.management_vpc.id\n  route_direct_link_ingress     = true\n  route_transit_gateway_ingress = true\n  route_vpc_zone_ingress        = true\n}\n\nresource \"ibm_is_vpc_routing_table_route\" \"management_vpc_routing_table_table_test_route_route\" {\n  vpc           = ibm_is_vpc.management_vpc.id\n  routing_table = ibm_is_vpc_routing_table.management_vpc_routing_table_table.routing_table\n  zone          = \"${var.region}-1\"\n  name          = \"${var.prefix}-management-routing-table-test-route-route\"\n  destination   = \"1.2.3.4/5\"\n  action        = \"delegate\"\n  next_hop      = \"0.0.0.0\"\n}\n\n##############################################################################\n",
       "sg_management_vpe_sg.tf": "##############################################################################\n# Security Group Management VPE Sg\n##############################################################################\n\nresource \"ibm_is_security_group\" \"management_vpc_management_vpe_sg_sg\" {\n  name           = \"${var.prefix}-management-management-vpe-sg-sg\"\n  vpc            = ibm_is_vpc.management_vpc.id\n  resource_group = var.slz_management_rg_id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_inbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"inbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_vpc_inbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"10.0.0.0/8\"\n  direction = \"inbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_vpc_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"10.0.0.0/8\"\n  direction = \"outbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_53_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"outbound\"\n  tcp {\n    port_min = 53\n    port_max = 53\n  }\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_80_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"outbound\"\n  tcp {\n    port_min = 80\n    port_max = 80\n  }\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_443_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"outbound\"\n  tcp {\n    port_min = 443\n    port_max = 443\n  }\n}\n\n##############################################################################\n",
       "variables.tf": "##############################################################################\n# Management VPC Variables\n##############################################################################\n\nvariable \"tags\" {\n  description = \"List of tags\"\n  type        = list(string)\n}\n\nvariable \"region\" {\n  description = \"IBM Cloud Region where resources will be provisioned\"\n  type        = string\n  validation {\n    error_message = \"Region must be in a supported IBM VPC region.\"\n    condition     = contains([\"us-south\", \"us-east\", \"br-sao\", \"ca-tor\", \"eu-gb\", \"eu-de\", \"eu-es\", \"jp-tok\", \"jp-osa\", \"au-syd\"], var.region)\n  }\n}\n\nvariable \"prefix\" {\n  description = \"Name prefix that will be prepended to named resources\"\n  type        = string\n  validation {\n    error_message = \"Prefix must begin with a lowercase letter and contain only lowercase letters, numbers, and - characters. Prefixes must end with a lowercase letter or number and be 16 or fewer characters.\"\n    condition     = can(regex(\"^([a-z]|[a-z][-a-z0-9]*[a-z0-9])\", var.prefix)) && length(var.prefix) <= 16\n  }\n}\n\nvariable \"slz_management_rg_id\" {\n  description = \"ID for the resource group slz-management-rg\"\n  type        = string\n}\n\n##############################################################################\n",
-      "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.61.0\"\n    }\n  }\n  required_version = \">=1.3\"\n}\n\n##############################################################################\n"
+      "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.63.0\"\n    }\n  }\n  required_version = \">=1.3\"\n}\n\n##############################################################################\n"
     },
     "main.tf": "##############################################################################\n# IBM Cloud Provider\n##############################################################################\n\nprovider \"ibm\" {\n  ibmcloud_api_key = var.ibmcloud_api_key\n  region           = var.region\n  ibmcloud_timeout = 60\n}\n\n##############################################################################\n\n##############################################################################\n# Management VPC Module\n##############################################################################\n\nmodule \"management_vpc\" {\n  source               = \"./management_vpc\"\n  region               = var.region\n  prefix               = var.prefix\n  slz_management_rg_id = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPC Module\n##############################################################################\n\nmodule \"workload_vpc\" {\n  source             = \"./workload_vpc\"\n  region             = var.region\n  prefix             = var.prefix\n  slz_workload_rg_id = ibm_resource_group.slz_workload_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n}\n\n##############################################################################\n",
     "flow_logs.tf": "##############################################################################\n# Flow Logs Resources\n##############################################################################\n\nresource \"ibm_iam_authorization_policy\" \"flow_logs_to_cos_object_storage_policy\" {\n  source_service_name         = \"is\"\n  source_resource_type        = \"flow-log-collector\"\n  description                 = \"Allow flow logs write access cloud object storage instance\"\n  target_service_name         = \"cloud-object-storage\"\n  target_resource_instance_id = ibm_resource_instance.cos_object_storage.guid\n  roles = [\n    \"Writer\"\n  ]\n}\n\nresource \"ibm_is_flow_log\" \"management_flow_log_collector\" {\n  name           = \"${var.prefix}-management-vpc-logs\"\n  target         = module.management_vpc.id\n  active         = true\n  storage_bucket = ibm_cos_bucket.cos_object_storage_management_bucket_bucket.bucket_name\n  resource_group = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  depends_on = [\n    ibm_iam_authorization_policy.flow_logs_to_cos_object_storage_policy\n  ]\n}\n\nresource \"ibm_is_flow_log\" \"workload_flow_log_collector\" {\n  name           = \"${var.prefix}-workload-vpc-logs\"\n  target         = module.workload_vpc.id\n  active         = true\n  storage_bucket = ibm_cos_bucket.cos_object_storage_management_bucket_bucket.bucket_name\n  resource_group = ibm_resource_group.slz_workload_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  depends_on = [\n    ibm_iam_authorization_policy.flow_logs_to_cos_object_storage_policy\n  ]\n}\n\n##############################################################################\n",
     "transit_gateways.tf": "##############################################################################\n# Transit Gateway Transit Gateway\n##############################################################################\n\nresource \"ibm_tg_gateway\" \"transit_gateway\" {\n  name           = \"${var.prefix}-transit-gateway\"\n  location       = var.region\n  global         = false\n  resource_group = ibm_resource_group.slz_service_rg.id\n  timeouts {\n    create = \"30m\"\n    delete = \"30m\"\n  }\n}\n\nresource \"ibm_tg_connection\" \"transit_gateway_to_management_connection\" {\n  gateway      = ibm_tg_gateway.transit_gateway.id\n  network_type = \"vpc\"\n  name         = \"${var.prefix}-transit-gateway-management-hub-connection\"\n  network_id   = module.management_vpc.crn\n  timeouts {\n    create = \"30m\"\n    delete = \"30m\"\n  }\n}\n\nresource \"ibm_tg_connection\" \"transit_gateway_to_workload_connection\" {\n  gateway      = ibm_tg_gateway.transit_gateway.id\n  network_type = \"vpc\"\n  name         = \"${var.prefix}-transit-gateway-workload-hub-connection\"\n  network_id   = module.workload_vpc.crn\n  timeouts {\n    create = \"30m\"\n    delete = \"30m\"\n  }\n}\n\n##############################################################################\n",
     "virtual_private_endpoints.tf": "##############################################################################\n# Management VPE Resources\n##############################################################################\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_1_subnet_vpe_ip\" {\n  subnet = module.management_vpc.vpe_zone_1_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_2_subnet_vpe_ip\" {\n  subnet = module.management_vpc.vpe_zone_2_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_3_subnet_vpe_ip\" {\n  subnet = module.management_vpc.vpe_zone_3_id\n}\n\nresource \"ibm_is_virtual_endpoint_gateway\" \"management_vpc_cos_vpe_gateway\" {\n  name           = \"${var.prefix}-management-cos-vpe-gw\"\n  vpc            = module.management_vpc.id\n  resource_group = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  security_groups = [\n    module.management_vpc.management_vpe_sg_id\n  ]\n  target {\n    crn           = \"crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud\"\n    resource_type = \"provider_cloud_service\"\n  }\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_1_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_1_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_2_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_2_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_3_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_3_subnet_vpe_ip.reserved_ip\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPE Resources\n##############################################################################\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_1_subnet_vpe_ip\" {\n  subnet = module.workload_vpc.vpe_zone_1_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_2_subnet_vpe_ip\" {\n  subnet = module.workload_vpc.vpe_zone_2_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_3_subnet_vpe_ip\" {\n  subnet = module.workload_vpc.vpe_zone_3_id\n}\n\nresource \"ibm_is_virtual_endpoint_gateway\" \"workload_vpc_cos_vpe_gateway\" {\n  name           = \"${var.prefix}-workload-cos-vpe-gw\"\n  vpc            = module.workload_vpc.id\n  resource_group = ibm_resource_group.slz_workload_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  security_groups = [\n    module.workload_vpc.workload_vpe_sg_id\n  ]\n  target {\n    crn           = \"crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud\"\n    resource_type = \"provider_cloud_service\"\n  }\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_1_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_1_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_2_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_2_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_3_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_3_subnet_vpe_ip.reserved_ip\n}\n\n##############################################################################\n",
     "vpn_gateways.tf": "##############################################################################\n# VPN Gateways\n##############################################################################\n\nresource \"ibm_is_vpn_gateway\" \"management_management_gateway_vpn_gw\" {\n  name           = \"${var.prefix}-management-management-gateway-vpn-gw\"\n  subnet         = module.management_vpc.vpn_zone_1_id\n  resource_group = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  timeouts {\n    delete = \"1h\"\n  }\n}\n\n##############################################################################\n",
-    "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.61.0\"\n    }\n  }\n  required_version = \">=1.3\"\n}\n\n##############################################################################\n",
+    "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.63.0\"\n    }\n  }\n  required_version = \">=1.3\"\n}\n\n##############################################################################\n",
     "vpn_servers.tf": "##############################################################################\n# VPN Servers\n##############################################################################\n\nresource \"ibm_iam_authorization_policy\" \"vpn_to_secrets_manager_policy\" {\n  source_service_name  = \"is\"\n  source_resource_type = \"vpn-server\"\n  description          = \"Allow VPN Server instance to read from Secrets Manager\"\n  target_service_name  = \"secrets-manager\"\n  roles = [\n    \"SecretsReader\"\n  ]\n}\n\nresource \"ibm_is_vpn_server\" \"management_vpn_server_vpn_server\" {\n  certificate_crn        = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  client_idle_timeout    = 2000\n  client_ip_pool         = \"10.5.0.0/21\"\n  enable_split_tunneling = true\n  name                   = \"slz-management-vpn-server-server\"\n  port                   = 255\n  protocol               = \"udp\"\n  resource_group         = ibm_resource_group.slz_management_rg.id\n  client_authentication {\n    method        = \"certificate\"\n    client_ca_crn = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  }\n  client_dns_server_ips = [\n    \"192.168.3.4\"\n  ]\n  subnets = [\n    module.management_vpc.vsi_zone_1_id,\n    module.management_vpc.vsi_zone_2_id,\n    module.management_vpc.vsi_zone_3_id\n  ]\n  security_groups = [\n    module.management_vpc.management_vpe_sg_id\n  ]\n}\n\nresource \"ibm_is_vpn_server_route\" \"management_vpn_server_route_vpn_route\" {\n  name        = \"slz-management-vpn-route-route\"\n  action      = \"translate\"\n  destination = \"172.16.0.0/16\"\n  vpn_server  = ibm_is_vpn_server.management_vpn_server_vpn_server.id\n}\n\n##############################################################################\n",
     "vpn_servers_no_route.tf": "##############################################################################\n# VPN Servers\n##############################################################################\n\nresource \"ibm_iam_authorization_policy\" \"vpn_to_secrets_manager_policy\" {\n  source_service_name  = \"is\"\n  source_resource_type = \"vpn-server\"\n  description          = \"Allow VPN Server instance to read from Secrets Manager\"\n  target_service_name  = \"secrets-manager\"\n  roles = [\n    \"SecretsReader\"\n  ]\n}\n\nresource \"ibm_is_vpn_server\" \"management_vpn_server_vpn_server\" {\n  certificate_crn        = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  client_idle_timeout    = 2000\n  client_ip_pool         = \"10.5.0.0/21\"\n  enable_split_tunneling = true\n  name                   = \"slz-management-vpn-server-server\"\n  port                   = 255\n  protocol               = \"udp\"\n  resource_group         = ibm_resource_group.slz_management_rg.id\n  client_authentication {\n    method        = \"certificate\"\n    client_ca_crn = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  }\n  client_dns_server_ips = [\n    \"192.168.3.4\"\n  ]\n  subnets = [\n    module.management_vpc.vsi_zone_1_id,\n    module.management_vpc.vsi_zone_2_id,\n    module.management_vpc.vsi_zone_3_id\n  ]\n  security_groups = [\n    module.management_vpc.management_vpe_sg_id\n  ]\n}\n\n##############################################################################\n",
     "variables.tf": "##############################################################################\n# Variables\n##############################################################################\n\nvariable \"ibmcloud_api_key\" {\n  description = \"The IBM Cloud platform API key needed to deploy IAM enabled resources.\"\n  type        = string\n  sensitive   = true\n}\n\nvariable \"region\" {\n  description = \"IBM Cloud Region where resources will be provisioned\"\n  type        = string\n  default     = \"us-south\"\n  validation {\n    error_message = \"Region must be in a supported IBM VPC region.\"\n    condition     = contains([\"us-south\", \"us-east\", \"br-sao\", \"ca-tor\", \"eu-gb\", \"eu-de\", \"eu-es\", \"jp-tok\", \"jp-osa\", \"au-syd\"], var.region)\n  }\n}\n\nvariable \"prefix\" {\n  description = \"Name prefix that will be prepended to named resources\"\n  type        = string\n  default     = \"slz\"\n  validation {\n    error_message = \"Prefix must begin with a lowercase letter and contain only lowercase letters, numbers, and - characters. Prefixes must end with a lowercase letter or number and be 16 or fewer characters.\"\n    condition     = can(regex(\"^([a-z]|[a-z][-a-z0-9]*[a-z0-9])\", var.prefix)) && length(var.prefix) <= 16\n  }\n}\n\nvariable \"account_id\" {\n  description = \"IBM Account ID where resources will be provisioned\"\n  type        = string\n  default     = \"1234\"\n}\n\n##############################################################################\n",
diff --git a/unit-tests/data-files/config-to-files/modules-slz-network-files.json b/unit-tests/data-files/config-to-files/modules-slz-network-files.json
index 04727966..ed64f0c6 100644
--- a/unit-tests/data-files/config-to-files/modules-slz-network-files.json
+++ b/unit-tests/data-files/config-to-files/modules-slz-network-files.json
@@ -2,18 +2,18 @@
   "management_vpc": {
     "acl_management_management.tf": "##############################################################################\n# Management Management ACL\n##############################################################################\n\nresource \"ibm_is_network_acl\" \"management_management_acl\" {\n  name           = \"${var.prefix}-management-management-acl\"\n  vpc            = ibm_is_vpc.management_vpc.id\n  resource_group = var.slz_management_rg_id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  rules {\n    source      = \"161.26.0.0/16\"\n    action      = \"allow\"\n    destination = \"10.0.0.0/8\"\n    direction   = \"inbound\"\n    name        = \"allow-ibm-inbound\"\n  }\n  rules {\n    source      = \"10.0.0.0/8\"\n    action      = \"allow\"\n    destination = \"10.0.0.0/8\"\n    direction   = \"inbound\"\n    name        = \"allow-all-network-inbound\"\n  }\n  rules {\n    source      = \"0.0.0.0/0\"\n    action      = \"allow\"\n    destination = \"0.0.0.0/0\"\n    direction   = \"outbound\"\n    name        = \"allow-all-outbound\"\n  }\n}\n\n##############################################################################\n",
     "main.tf": "##############################################################################\n# Management VPC\n##############################################################################\n\nresource \"ibm_is_vpc\" \"management_vpc\" {\n  name                        = \"${var.prefix}-management-vpc\"\n  resource_group              = var.slz_management_rg_id\n  tags                        = var.tags\n  no_sg_acl_rules             = true\n  address_prefix_management   = \"manual\"\n  default_network_acl_name    = null\n  default_security_group_name = null\n  default_routing_table_name  = null\n}\n\nresource \"ibm_is_vpc_address_prefix\" \"management_vsi_zone_1_prefix\" {\n  name = \"${var.prefix}-management-vsi-zone-1\"\n  vpc  = ibm_is_vpc.management_vpc.id\n  zone = \"${var.region}-1\"\n  cidr = \"10.10.10.0/24\"\n}\n\nresource \"ibm_is_vpc_address_prefix\" \"management_vsi_zone_2_prefix\" {\n  name = \"${var.prefix}-management-vsi-zone-2\"\n  vpc  = ibm_is_vpc.management_vpc.id\n  zone = \"${var.region}-2\"\n  cidr = \"10.10.20.0/24\"\n}\n\nresource \"ibm_is_vpc_address_prefix\" \"management_vsi_zone_3_prefix\" {\n  name = \"${var.prefix}-management-vsi-zone-3\"\n  vpc  = ibm_is_vpc.management_vpc.id\n  zone = \"${var.region}-3\"\n  cidr = \"10.10.30.0/24\"\n}\n\nresource \"ibm_is_vpc_address_prefix\" \"management_vpe_zone_1_prefix\" {\n  name = \"${var.prefix}-management-vpe-zone-1\"\n  vpc  = ibm_is_vpc.management_vpc.id\n  zone = \"${var.region}-1\"\n  cidr = \"10.20.10.0/24\"\n}\n\nresource \"ibm_is_vpc_address_prefix\" \"management_vpe_zone_2_prefix\" {\n  name = \"${var.prefix}-management-vpe-zone-2\"\n  vpc  = ibm_is_vpc.management_vpc.id\n  zone = \"${var.region}-2\"\n  cidr = \"10.20.20.0/24\"\n}\n\nresource \"ibm_is_vpc_address_prefix\" \"management_vpe_zone_3_prefix\" {\n  name = \"${var.prefix}-management-vpe-zone-3\"\n  vpc  = ibm_is_vpc.management_vpc.id\n  zone = \"${var.region}-3\"\n  cidr = \"10.20.30.0/24\"\n}\n\nresource \"ibm_is_vpc_address_prefix\" \"management_vpn_zone_1_prefix\" {\n  name = \"${var.prefix}-management-vpn-zone-1\"\n  vpc  = ibm_is_vpc.management_vpc.id\n  zone = \"${var.region}-1\"\n  cidr = \"10.30.10.0/24\"\n}\n\nresource \"ibm_is_subnet\" \"management_vsi_zone_1\" {\n  vpc             = ibm_is_vpc.management_vpc.id\n  name            = \"${var.prefix}-management-vsi-zone-1\"\n  zone            = \"${var.region}-1\"\n  resource_group  = var.slz_management_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.management_management_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.management_vsi_zone_1_prefix.cidr\n}\n\nresource \"ibm_is_subnet\" \"management_vpn_zone_1\" {\n  vpc             = ibm_is_vpc.management_vpc.id\n  name            = \"${var.prefix}-management-vpn-zone-1\"\n  zone            = \"${var.region}-1\"\n  resource_group  = var.slz_management_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.management_management_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.management_vpn_zone_1_prefix.cidr\n}\n\nresource \"ibm_is_subnet\" \"management_vsi_zone_2\" {\n  vpc             = ibm_is_vpc.management_vpc.id\n  name            = \"${var.prefix}-management-vsi-zone-2\"\n  zone            = \"${var.region}-2\"\n  resource_group  = var.slz_management_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.management_management_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.management_vsi_zone_2_prefix.cidr\n}\n\nresource \"ibm_is_subnet\" \"management_vsi_zone_3\" {\n  vpc             = ibm_is_vpc.management_vpc.id\n  name            = \"${var.prefix}-management-vsi-zone-3\"\n  zone            = \"${var.region}-3\"\n  resource_group  = var.slz_management_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.management_management_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.management_vsi_zone_3_prefix.cidr\n}\n\nresource \"ibm_is_subnet\" \"management_vpe_zone_1\" {\n  vpc             = ibm_is_vpc.management_vpc.id\n  name            = \"${var.prefix}-management-vpe-zone-1\"\n  zone            = \"${var.region}-1\"\n  resource_group  = var.slz_management_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.management_management_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.management_vpe_zone_1_prefix.cidr\n}\n\nresource \"ibm_is_subnet\" \"management_vpe_zone_2\" {\n  vpc             = ibm_is_vpc.management_vpc.id\n  name            = \"${var.prefix}-management-vpe-zone-2\"\n  zone            = \"${var.region}-2\"\n  resource_group  = var.slz_management_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.management_management_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.management_vpe_zone_2_prefix.cidr\n}\n\nresource \"ibm_is_subnet\" \"management_vpe_zone_3\" {\n  vpc             = ibm_is_vpc.management_vpc.id\n  name            = \"${var.prefix}-management-vpe-zone-3\"\n  zone            = \"${var.region}-3\"\n  resource_group  = var.slz_management_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.management_management_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.management_vpe_zone_3_prefix.cidr\n}\n\n##############################################################################\n",
-    "outputs.tf": "##############################################################################\n# Management VPC Outputs\n##############################################################################\n\noutput \"id\" {\n  value = ibm_is_vpc.management_vpc.id\n}\n\noutput \"crn\" {\n  value = ibm_is_vpc.management_vpc.crn\n}\n\noutput \"vsi_zone_1_id\" {\n  value = ibm_is_subnet.management_vsi_zone_1.id\n}\n\noutput \"vsi_zone_1_crn\" {\n  value = ibm_is_subnet.management_vsi_zone_1.crn\n}\n\noutput \"vpn_zone_1_id\" {\n  value = ibm_is_subnet.management_vpn_zone_1.id\n}\n\noutput \"vpn_zone_1_crn\" {\n  value = ibm_is_subnet.management_vpn_zone_1.crn\n}\n\noutput \"vsi_zone_2_id\" {\n  value = ibm_is_subnet.management_vsi_zone_2.id\n}\n\noutput \"vsi_zone_2_crn\" {\n  value = ibm_is_subnet.management_vsi_zone_2.crn\n}\n\noutput \"vsi_zone_3_id\" {\n  value = ibm_is_subnet.management_vsi_zone_3.id\n}\n\noutput \"vsi_zone_3_crn\" {\n  value = ibm_is_subnet.management_vsi_zone_3.crn\n}\n\noutput \"vpe_zone_1_id\" {\n  value = ibm_is_subnet.management_vpe_zone_1.id\n}\n\noutput \"vpe_zone_1_crn\" {\n  value = ibm_is_subnet.management_vpe_zone_1.crn\n}\n\noutput \"vpe_zone_2_id\" {\n  value = ibm_is_subnet.management_vpe_zone_2.id\n}\n\noutput \"vpe_zone_2_crn\" {\n  value = ibm_is_subnet.management_vpe_zone_2.crn\n}\n\noutput \"vpe_zone_3_id\" {\n  value = ibm_is_subnet.management_vpe_zone_3.id\n}\n\noutput \"vpe_zone_3_crn\" {\n  value = ibm_is_subnet.management_vpe_zone_3.crn\n}\n\noutput \"management_vpe_sg_id\" {\n  value = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n}\n\n##############################################################################\n",
+    "outputs.tf": "##############################################################################\n# Management VPC Outputs\n##############################################################################\n\noutput \"name\" {\n  value = ibm_is_vpc.management_vpc.name\n}\n\noutput \"id\" {\n  value = ibm_is_vpc.management_vpc.id\n}\n\noutput \"crn\" {\n  value = ibm_is_vpc.management_vpc.crn\n}\n\noutput \"vsi_zone_1_name\" {\n  value = ibm_is_subnet.management_vsi_zone_1.name\n}\n\noutput \"vsi_zone_1_id\" {\n  value = ibm_is_subnet.management_vsi_zone_1.id\n}\n\noutput \"vsi_zone_1_crn\" {\n  value = ibm_is_subnet.management_vsi_zone_1.crn\n}\n\noutput \"vpn_zone_1_name\" {\n  value = ibm_is_subnet.management_vpn_zone_1.name\n}\n\noutput \"vpn_zone_1_id\" {\n  value = ibm_is_subnet.management_vpn_zone_1.id\n}\n\noutput \"vpn_zone_1_crn\" {\n  value = ibm_is_subnet.management_vpn_zone_1.crn\n}\n\noutput \"vsi_zone_2_name\" {\n  value = ibm_is_subnet.management_vsi_zone_2.name\n}\n\noutput \"vsi_zone_2_id\" {\n  value = ibm_is_subnet.management_vsi_zone_2.id\n}\n\noutput \"vsi_zone_2_crn\" {\n  value = ibm_is_subnet.management_vsi_zone_2.crn\n}\n\noutput \"vsi_zone_3_name\" {\n  value = ibm_is_subnet.management_vsi_zone_3.name\n}\n\noutput \"vsi_zone_3_id\" {\n  value = ibm_is_subnet.management_vsi_zone_3.id\n}\n\noutput \"vsi_zone_3_crn\" {\n  value = ibm_is_subnet.management_vsi_zone_3.crn\n}\n\noutput \"vpe_zone_1_name\" {\n  value = ibm_is_subnet.management_vpe_zone_1.name\n}\n\noutput \"vpe_zone_1_id\" {\n  value = ibm_is_subnet.management_vpe_zone_1.id\n}\n\noutput \"vpe_zone_1_crn\" {\n  value = ibm_is_subnet.management_vpe_zone_1.crn\n}\n\noutput \"vpe_zone_2_name\" {\n  value = ibm_is_subnet.management_vpe_zone_2.name\n}\n\noutput \"vpe_zone_2_id\" {\n  value = ibm_is_subnet.management_vpe_zone_2.id\n}\n\noutput \"vpe_zone_2_crn\" {\n  value = ibm_is_subnet.management_vpe_zone_2.crn\n}\n\noutput \"vpe_zone_3_name\" {\n  value = ibm_is_subnet.management_vpe_zone_3.name\n}\n\noutput \"vpe_zone_3_id\" {\n  value = ibm_is_subnet.management_vpe_zone_3.id\n}\n\noutput \"vpe_zone_3_crn\" {\n  value = ibm_is_subnet.management_vpe_zone_3.crn\n}\n\noutput \"management_vpe_sg_name\" {\n  value = ibm_is_security_group.management_vpc_management_vpe_sg_sg.name\n}\n\noutput \"management_vpe_sg_id\" {\n  value = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n}\n\n##############################################################################\n",
     "rt_routing_table.tf": "##############################################################################\n# Routing Table Routing Table\n##############################################################################\n\nresource \"ibm_is_vpc_routing_table\" \"management_vpc_routing_table_table\" {\n  name                          = \"${var.prefix}-management-vpc-routing-table-table\"\n  vpc                           = ibm_is_vpc.management_vpc.id\n  route_direct_link_ingress     = true\n  route_transit_gateway_ingress = true\n  route_vpc_zone_ingress        = true\n}\n\nresource \"ibm_is_vpc_routing_table_route\" \"management_vpc_routing_table_table_test_route_route\" {\n  vpc           = ibm_is_vpc.management_vpc.id\n  routing_table = ibm_is_vpc_routing_table.management_vpc_routing_table_table.routing_table\n  zone          = \"${var.region}-1\"\n  name          = \"${var.prefix}-management-routing-table-test-route-route\"\n  destination   = \"1.2.3.4/5\"\n  action        = \"delegate\"\n  next_hop      = \"0.0.0.0\"\n}\n\n##############################################################################\n",
     "sg_management_vpe_sg.tf": "##############################################################################\n# Security Group Management VPE Sg\n##############################################################################\n\nresource \"ibm_is_security_group\" \"management_vpc_management_vpe_sg_sg\" {\n  name           = \"${var.prefix}-management-management-vpe-sg-sg\"\n  vpc            = ibm_is_vpc.management_vpc.id\n  resource_group = var.slz_management_rg_id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_inbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"inbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_vpc_inbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"10.0.0.0/8\"\n  direction = \"inbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_vpc_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"10.0.0.0/8\"\n  direction = \"outbound\"\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_53_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"outbound\"\n  tcp {\n    port_min = 53\n    port_max = 53\n  }\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_80_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"outbound\"\n  tcp {\n    port_min = 80\n    port_max = 80\n  }\n}\n\nresource \"ibm_is_security_group_rule\" \"management_vpc_management_vpe_sg_sg_rule_allow_ibm_tcp_443_outbound\" {\n  group     = ibm_is_security_group.management_vpc_management_vpe_sg_sg.id\n  remote    = \"161.26.0.0/16\"\n  direction = \"outbound\"\n  tcp {\n    port_min = 443\n    port_max = 443\n  }\n}\n\n##############################################################################\n",
     "variables.tf": "##############################################################################\n# Management VPC Variables\n##############################################################################\n\nvariable \"tags\" {\n  description = \"List of tags\"\n  type        = list(string)\n}\n\nvariable \"region\" {\n  description = \"IBM Cloud Region where resources will be provisioned\"\n  type        = string\n}\n\nvariable \"prefix\" {\n  description = \"Name prefix that will be prepended to named resources\"\n  type        = string\n}\n\nvariable \"slz_management_rg_id\" {\n  description = \"ID for the resource group slz-management-rg\"\n  type        = string\n}\n\n##############################################################################\n",
-    "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.61.0\"\n    }\n  }\n  required_version = \">=1.5\"\n}\n\n##############################################################################\n"
+    "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.63.0\"\n    }\n  }\n  required_version = \">=1.5\"\n}\n\n##############################################################################\n"
   },
   "main.tf": "##############################################################################\n# IBM Cloud Provider\n##############################################################################\n\nprovider \"ibm\" {\n  ibmcloud_api_key = var.ibmcloud_api_key\n  region           = var.region\n  ibmcloud_timeout = 60\n}\n\n##############################################################################\n\n##############################################################################\n# Management VPC Module\n##############################################################################\n\nmodule \"management_vpc\" {\n  source               = \"./management_vpc\"\n  region               = var.region\n  prefix               = var.prefix\n  slz_management_rg_id = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPC Module\n##############################################################################\n\nmodule \"workload_vpc\" {\n  source             = \"./workload_vpc\"\n  region             = var.region\n  prefix             = var.prefix\n  slz_workload_rg_id = ibm_resource_group.slz_workload_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n}\n\n##############################################################################\n",
   "flow_logs.tf": "##############################################################################\n# Flow Logs Resources\n##############################################################################\n\nresource \"ibm_iam_authorization_policy\" \"flow_logs_to_cos_object_storage_policy\" {\n  source_service_name         = \"is\"\n  source_resource_type        = \"flow-log-collector\"\n  description                 = \"Allow flow logs write access cloud object storage instance\"\n  target_service_name         = \"cloud-object-storage\"\n  target_resource_instance_id = ibm_resource_instance.cos_object_storage.guid\n  roles = [\n    \"Writer\"\n  ]\n}\n\nresource \"ibm_is_flow_log\" \"management_flow_log_collector\" {\n  name           = \"${var.prefix}-management-vpc-logs\"\n  target         = module.management_vpc.id\n  active         = true\n  storage_bucket = ibm_cos_bucket.cos_object_storage_management_bucket_bucket.bucket_name\n  resource_group = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  depends_on = [\n    ibm_iam_authorization_policy.flow_logs_to_cos_object_storage_policy\n  ]\n}\n\nresource \"ibm_is_flow_log\" \"workload_flow_log_collector\" {\n  name           = \"${var.prefix}-workload-vpc-logs\"\n  target         = module.workload_vpc.id\n  active         = true\n  storage_bucket = ibm_cos_bucket.cos_object_storage_management_bucket_bucket.bucket_name\n  resource_group = ibm_resource_group.slz_workload_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  depends_on = [\n    ibm_iam_authorization_policy.flow_logs_to_cos_object_storage_policy\n  ]\n}\n\n##############################################################################\n",
   "transit_gateways.tf": "##############################################################################\n# Transit Gateway Transit Gateway\n##############################################################################\n\nresource \"ibm_tg_gateway\" \"transit_gateway\" {\n  name           = \"${var.prefix}-transit-gateway\"\n  location       = var.region\n  global         = false\n  resource_group = ibm_resource_group.slz_service_rg.id\n  timeouts {\n    create = \"30m\"\n    delete = \"30m\"\n  }\n}\n\nresource \"ibm_tg_connection\" \"transit_gateway_to_management_connection\" {\n  gateway      = ibm_tg_gateway.transit_gateway.id\n  network_type = \"vpc\"\n  name         = \"${var.prefix}-transit-gateway-management-hub-connection\"\n  network_id   = module.management_vpc.crn\n  timeouts {\n    create = \"30m\"\n    delete = \"30m\"\n  }\n}\n\nresource \"ibm_tg_connection\" \"transit_gateway_to_workload_connection\" {\n  gateway      = ibm_tg_gateway.transit_gateway.id\n  network_type = \"vpc\"\n  name         = \"${var.prefix}-transit-gateway-workload-hub-connection\"\n  network_id   = module.workload_vpc.crn\n  timeouts {\n    create = \"30m\"\n    delete = \"30m\"\n  }\n}\n\n##############################################################################\n",
   "virtual_private_endpoints.tf": "##############################################################################\n# Management VPE Resources\n##############################################################################\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_1_subnet_vpe_ip\" {\n  subnet = module.management_vpc.vpe_zone_1_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_2_subnet_vpe_ip\" {\n  subnet = module.management_vpc.vpe_zone_2_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"management_vpc_vpe_zone_3_subnet_vpe_ip\" {\n  subnet = module.management_vpc.vpe_zone_3_id\n}\n\nresource \"ibm_is_virtual_endpoint_gateway\" \"management_vpc_cos_vpe_gateway\" {\n  name           = \"${var.prefix}-management-cos-vpe-gw\"\n  vpc            = module.management_vpc.id\n  resource_group = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  security_groups = [\n    module.management_vpc.management_vpe_sg_id\n  ]\n  target {\n    crn           = \"crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud\"\n    resource_type = \"provider_cloud_service\"\n  }\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_1_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_1_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_2_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_2_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"management_vpc_cos_gw_vpe_zone_3_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.management_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.management_vpc_vpe_zone_3_subnet_vpe_ip.reserved_ip\n}\n\n##############################################################################\n\n##############################################################################\n# Workload VPE Resources\n##############################################################################\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_1_subnet_vpe_ip\" {\n  subnet = module.workload_vpc.vpe_zone_1_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_2_subnet_vpe_ip\" {\n  subnet = module.workload_vpc.vpe_zone_2_id\n}\n\nresource \"ibm_is_subnet_reserved_ip\" \"workload_vpc_vpe_zone_3_subnet_vpe_ip\" {\n  subnet = module.workload_vpc.vpe_zone_3_id\n}\n\nresource \"ibm_is_virtual_endpoint_gateway\" \"workload_vpc_cos_vpe_gateway\" {\n  name           = \"${var.prefix}-workload-cos-vpe-gw\"\n  vpc            = module.workload_vpc.id\n  resource_group = ibm_resource_group.slz_workload_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  security_groups = [\n    module.workload_vpc.workload_vpe_sg_id\n  ]\n  target {\n    crn           = \"crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.${var.region}.cloud-object-storage.appdomain.cloud\"\n    resource_type = \"provider_cloud_service\"\n  }\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_1_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_1_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_2_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_2_subnet_vpe_ip.reserved_ip\n}\n\nresource \"ibm_is_virtual_endpoint_gateway_ip\" \"workload_vpc_cos_gw_vpe_zone_3_gateway_ip\" {\n  gateway     = ibm_is_virtual_endpoint_gateway.workload_vpc_cos_vpe_gateway.id\n  reserved_ip = ibm_is_subnet_reserved_ip.workload_vpc_vpe_zone_3_subnet_vpe_ip.reserved_ip\n}\n\n##############################################################################\n",
   "vpn_gateways.tf": "##############################################################################\n# VPN Gateways\n##############################################################################\n\nresource \"ibm_is_vpn_gateway\" \"management_management_gateway_vpn_gw\" {\n  name           = \"${var.prefix}-management-management-gateway-vpn-gw\"\n  subnet         = module.management_vpc.vpn_zone_1_id\n  resource_group = ibm_resource_group.slz_management_rg.id\n  tags = [\n    \"slz\",\n    \"landing-zone\"\n  ]\n  timeouts {\n    delete = \"1h\"\n  }\n}\n\n##############################################################################\n",
-  "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.61.0\"\n    }\n  }\n  required_version = \">=1.5\"\n}\n\n##############################################################################\n",
+  "versions.tf": "##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = \"IBM-Cloud/ibm\"\n      version = \"~>1.63.0\"\n    }\n  }\n  required_version = \">=1.5\"\n}\n\n##############################################################################\n",
   "vpn_servers.tf": "##############################################################################\n# VPN Servers\n##############################################################################\n\nresource \"ibm_iam_authorization_policy\" \"vpn_to_secrets_manager_policy\" {\n  source_service_name  = \"is\"\n  source_resource_type = \"vpn-server\"\n  description          = \"Allow VPN Server instance to read from Secrets Manager\"\n  target_service_name  = \"secrets-manager\"\n  roles = [\n    \"SecretsReader\"\n  ]\n}\n\nresource \"ibm_is_vpn_server\" \"management_vpn_server_vpn_server\" {\n  certificate_crn        = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  client_idle_timeout    = 2000\n  client_ip_pool         = \"10.5.0.0/21\"\n  enable_split_tunneling = true\n  name                   = \"${var.prefix}-management-vpn-server-server\"\n  port                   = 255\n  protocol               = \"udp\"\n  resource_group         = ibm_resource_group.slz_management_rg.id\n  client_authentication {\n    method        = \"certificate\"\n    client_ca_crn = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  }\n  client_dns_server_ips = [\n    \"192.168.3.4\"\n  ]\n  subnets = [\n    module.management_vpc.vsi_zone_1_id,\n    module.management_vpc.vsi_zone_2_id,\n    module.management_vpc.vsi_zone_3_id\n  ]\n  security_groups = [\n    module.management_vpc.management_vpe_sg_id\n  ]\n}\n\nresource \"ibm_is_vpn_server_route\" \"management_vpn_server_route_vpn_route\" {\n  name        = \"${var.prefix}-management-vpn-route-route\"\n  action      = \"translate\"\n  destination = \"172.16.0.0/16\"\n  vpn_server  = ibm_is_vpn_server.management_vpn_server_vpn_server.id\n}\n\n##############################################################################\n",
   "vpn_servers_no_route.tf": "##############################################################################\n# VPN Servers\n##############################################################################\n\nresource \"ibm_iam_authorization_policy\" \"vpn_to_secrets_manager_policy\" {\n  source_service_name  = \"is\"\n  source_resource_type = \"vpn-server\"\n  description          = \"Allow VPN Server instance to read from Secrets Manager\"\n  target_service_name  = \"secrets-manager\"\n  roles = [\n    \"SecretsReader\"\n  ]\n}\n\nresource \"ibm_is_vpn_server\" \"management_vpn_server_vpn_server\" {\n  certificate_crn        = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  client_idle_timeout    = 2000\n  client_ip_pool         = \"10.5.0.0/21\"\n  enable_split_tunneling = true\n  name                   = \"${var.prefix}-management-vpn-server-server\"\n  port                   = 255\n  protocol               = \"udp\"\n  resource_group         = ibm_resource_group.slz_management_rg.id\n  client_authentication {\n    method        = \"certificate\"\n    client_ca_crn = \"crn:v1:bluemix:public:cloudcerts:us-south:a/efe5afc483594adaa8325e2b4d1290df:86f62739-f3a8-42ac-abea-f23255965983:certificate:00406b5615f95dba9bf7c2ab52bb3083\"\n  }\n  client_dns_server_ips = [\n    \"192.168.3.4\"\n  ]\n  subnets = [\n    module.management_vpc.vsi_zone_1_id,\n    module.management_vpc.vsi_zone_2_id,\n    module.management_vpc.vsi_zone_3_id\n  ]\n  security_groups = [\n    module.management_vpc.management_vpe_sg_id\n  ]\n}\n\n##############################################################################\n",
   "variables.tf": "##############################################################################\n# Variables\n##############################################################################\n\nvariable \"ibmcloud_api_key\" {\n  description = \"The IBM Cloud platform API key needed to deploy IAM enabled resources.\"\n  type        = string\n  sensitive   = true\n}\n\nvariable \"region\" {\n  description = \"IBM Cloud Region where resources will be provisioned\"\n  type        = string\n  default     = \"us-south\"\n}\n\nvariable \"prefix\" {\n  description = \"Name prefix that will be prepended to named resources\"\n  type        = string\n  default     = \"slz\"\n}\n\n##############################################################################\n",
diff --git a/unit-tests/data-files/craig-json.json b/unit-tests/data-files/craig-json.json
index 97f1ea13..46a0aa2d 100644
--- a/unit-tests/data-files/craig-json.json
+++ b/unit-tests/data-files/craig-json.json
@@ -954,5 +954,6 @@
     "resource_group": ""
   },
   "cis_glbs": [],
-  "fortigate_vnf": []
+  "fortigate_vnf": [],
+  "classic_security_groups": []
 }
\ No newline at end of file
diff --git a/unit-tests/data-files/expected-hard-set.json b/unit-tests/data-files/expected-hard-set.json
index 782a10cd..8877efa3 100644
--- a/unit-tests/data-files/expected-hard-set.json
+++ b/unit-tests/data-files/expected-hard-set.json
@@ -1102,5 +1102,6 @@
     "region": "",
     "resource_group": null
   },"cis_glbs": [],
-  "fortigate_vnf": []
+  "fortigate_vnf": [],
+  "classic_security_groups": []
 }
\ No newline at end of file
diff --git a/unit-tests/data-files/slz.md b/unit-tests/data-files/slz.md
index f1df6b35..96fb5322 100644
--- a/unit-tests/data-files/slz.md
+++ b/unit-tests/data-files/slz.md
@@ -939,4 +939,13 @@ NYI
 ### Related Links
 
 
+-----
+
+## Classic Security Groups
+
+NYI
+
+### Related Links
+
+
 -----
diff --git a/unit-tests/forms/diagrams/subnet-tier-map.test.js b/unit-tests/forms/diagrams/subnet-tier-map.test.js
index 73524826..3ed66dfe 100644
--- a/unit-tests/forms/diagrams/subnet-tier-map.test.js
+++ b/unit-tests/forms/diagrams/subnet-tier-map.test.js
@@ -2,6 +2,40 @@ const { assert } = require("chai");
 const { getDisplaySubnetTiers } = require("../../../client/src/lib");
 
 describe("subnet tier map functions", () => {
+  it("should return correct data when no tier object present", () => {
+    let actualData = getDisplaySubnetTiers({
+      vpc: {},
+      craig: {
+        store: {
+          subnetTiers: {
+            test: undefined,
+          },
+          json: {
+            virtual_private_endpoints: [],
+            vsi: [
+              {
+                vpc: "test",
+                subnets: [],
+              },
+              {
+                vpc: "test",
+                subnets: ["hello"],
+              },
+            ],
+            vpn_servers: [],
+            clusters: [],
+            vpn_gateways: [],
+          },
+        },
+      },
+    });
+    let expectedData = { emptySubnetResources: false, subnetTiers: [] };
+    assert.deepEqual(
+      actualData,
+      expectedData,
+      "it should return correct subnet tiers"
+    );
+  });
   it("should return empty subnet resources as true when a vsi has a matching vpc and no subnets", () => {
     let data = getDisplaySubnetTiers({
       vpc: {
diff --git a/unit-tests/forms/wizard.test.js b/unit-tests/forms/wizard.test.js
index c6d23bf1..b622555e 100644
--- a/unit-tests/forms/wizard.test.js
+++ b/unit-tests/forms/wizard.test.js
@@ -57,7 +57,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -907,6 +907,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -972,7 +973,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -1822,6 +1823,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -1886,7 +1888,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -2330,6 +2332,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -2394,7 +2397,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -2829,6 +2832,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -2893,7 +2897,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -3404,6 +3408,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -3469,7 +3474,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         no_vpn_secrets_manager_auth: false,
       },
       resource_groups: [
@@ -3572,6 +3577,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -3636,7 +3642,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -4140,6 +4146,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -4204,7 +4211,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -4683,6 +4690,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -4746,7 +4754,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -5229,6 +5237,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -5293,7 +5302,7 @@ describe("setup wizard", () => {
         enable_classic: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         no_vpn_secrets_manager_auth: false,
       },
       resource_groups: [
@@ -5719,6 +5728,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -5782,7 +5792,7 @@ describe("setup wizard", () => {
         enable_power_vs: true,
         enable_classic: false,
         power_vs_zones: ["dal10"],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -6209,6 +6219,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
@@ -6281,7 +6292,7 @@ describe("setup wizard", () => {
         enable_power_vs: true,
         enable_classic: false,
         power_vs_zones: ["dal10"],
-        craig_version: "1.12.1",
+        craig_version: "1.12.2",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -7522,6 +7533,7 @@ describe("setup wizard", () => {
       power_volumes: [],
       classic_ssh_keys: [],
       classic_vlans: [],
+      classic_security_groups: [],
       classic_gateways: [],
       cis: [],
       vtl: [],
diff --git a/unit-tests/json-to-iac/classic-security-group.test.js b/unit-tests/json-to-iac/classic-security-group.test.js
new file mode 100644
index 00000000..ad14377a
--- /dev/null
+++ b/unit-tests/json-to-iac/classic-security-group.test.js
@@ -0,0 +1,229 @@
+const { assert } = require("chai");
+const {
+  formatClassicSg,
+  formatClassicSgRule,
+  classicSecurityGroupTf,
+} = require("../../client/src/lib");
+
+describe("classic security group", () => {
+  describe("formatClassicSgRule", () => {
+    it("should return the correct data for a classic security group rule", () => {
+      let actualData = formatClassicSgRule({
+        ruleProtocol: "icmp",
+        direction: "inbound",
+        port_range_min: "8080",
+        port_range_max: "8080",
+        classic_sg: "classic-sg",
+        name: "allow-8080",
+      });
+      let expectedData = `
+resource "ibm_security_group_rule" "classic_security_group_classic_sg_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg.id
+  direction         = "ingress"
+  port_range_min    = 8080
+  port_range_max    = 8080
+  protocol          = "icmp"
+}
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct terraform"
+      );
+    });
+    it("should return the correct data for a classic security group rule with all protocol", () => {
+      let actualData = formatClassicSgRule({
+        ruleProtocol: "all",
+        direction: "inbound",
+        port_range_min: "8080",
+        port_range_max: "8080",
+        classic_sg: "classic-sg",
+        name: "allow-8080",
+      });
+      let expectedData = `
+resource "ibm_security_group_rule" "classic_security_group_classic_sg_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg.id
+  direction         = "ingress"
+}
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct terraform"
+      );
+    });
+    it("should return the correct data for a classic security group rule with no port range or rule protocol", () => {
+      let actualData = formatClassicSgRule({
+        ruleProtocol: null,
+        direction: "outbound",
+        port_range_min: null,
+        port_range_max: null,
+        classic_sg: "classic-sg",
+        name: "allow-8080",
+      });
+      let expectedData = `
+resource "ibm_security_group_rule" "classic_security_group_classic_sg_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg.id
+  direction         = "egress"
+}
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct terraform"
+      );
+    });
+  });
+  describe("formatClassicSg", () => {
+    it("should return the correct security group", () => {
+      let actualData = formatClassicSg({
+        name: "classic-sg",
+        description: "optional",
+        classic_sg_rules: [
+          {
+            ruleProtocol: null,
+            direction: "outbound",
+            port_range_min: null,
+            port_range_max: null,
+            classic_sg: "classic-sg",
+            name: "allow-8080",
+          },
+          {
+            ruleProtocol: "icmp",
+            direction: "inbound",
+            port_range_min: "8080",
+            port_range_max: "8080",
+            classic_sg: "classic-sg",
+            name: "allow-8080",
+          },
+        ],
+      });
+      let expectedData = `##############################################################################
+# Classic Sg Classic Security Group
+##############################################################################
+
+resource "ibm_security_group" "classic_security_group_classic_sg" {
+  name        = "\${var.prefix}-classic-sg"
+  description = "optional"
+}
+
+resource "ibm_security_group_rule" "classic_security_group_classic_sg_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg.id
+  direction         = "egress"
+}
+
+resource "ibm_security_group_rule" "classic_security_group_classic_sg_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg.id
+  direction         = "ingress"
+  port_range_min    = 8080
+  port_range_max    = 8080
+  protocol          = "icmp"
+}
+
+##############################################################################
+`;
+      assert.deepEqual(actualData, expectedData, "it should return correct tf");
+    });
+  });
+  describe("classicSecurityGroupTf", () => {
+    it("should return the correct terraform file", () => {
+      let actualData = classicSecurityGroupTf({
+        classic_security_groups: [
+          {
+            name: "classic-sg",
+            description: "optional",
+            classic_sg_rules: [
+              {
+                ruleProtocol: null,
+                direction: "outbound",
+                port_range_min: null,
+                port_range_max: null,
+                classic_sg: "classic-sg",
+                name: "allow-8080",
+              },
+              {
+                ruleProtocol: "icmp",
+                direction: "inbound",
+                port_range_min: "8080",
+                port_range_max: "8080",
+                classic_sg: "classic-sg",
+                name: "allow-8080",
+              },
+            ],
+          },
+          {
+            name: "classic-sg2",
+            description: "optional",
+            classic_sg_rules: [
+              {
+                ruleProtocol: null,
+                direction: "outbound",
+                port_range_min: null,
+                port_range_max: null,
+                classic_sg: "classic-sg2",
+                name: "allow-8080",
+              },
+              {
+                ruleProtocol: "icmp",
+                direction: "inbound",
+                port_range_min: "8080",
+                port_range_max: "8080",
+                classic_sg: "classic-sg2",
+                name: "allow-8080",
+              },
+            ],
+          },
+        ],
+      });
+      let expectedData = `##############################################################################
+# Classic Sg Classic Security Group
+##############################################################################
+
+resource "ibm_security_group" "classic_security_group_classic_sg" {
+  name        = "\${var.prefix}-classic-sg"
+  description = "optional"
+}
+
+resource "ibm_security_group_rule" "classic_security_group_classic_sg_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg.id
+  direction         = "egress"
+}
+
+resource "ibm_security_group_rule" "classic_security_group_classic_sg_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg.id
+  direction         = "ingress"
+  port_range_min    = 8080
+  port_range_max    = 8080
+  protocol          = "icmp"
+}
+
+##############################################################################
+
+##############################################################################
+# Classic Sg 2 Classic Security Group
+##############################################################################
+
+resource "ibm_security_group" "classic_security_group_classic_sg2" {
+  name        = "\${var.prefix}-classic-sg2"
+  description = "optional"
+}
+
+resource "ibm_security_group_rule" "classic_security_group_classic_sg2_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg2.id
+  direction         = "egress"
+}
+
+resource "ibm_security_group_rule" "classic_security_group_classic_sg2_rule_allow_8080" {
+  security_group_id = ibm_security_group.classic_security_group_classic_sg2.id
+  direction         = "ingress"
+  port_range_min    = 8080
+  port_range_max    = 8080
+  protocol          = "icmp"
+}
+
+##############################################################################
+`;
+      assert.deepEqual(actualData, expectedData, "it should return correct tf");
+    });
+  });
+});
diff --git a/unit-tests/json-to-iac/config-to-files-json.test.js b/unit-tests/json-to-iac/config-to-files-json.test.js
index 685ac8ff..a2bf61b5 100644
--- a/unit-tests/json-to-iac/config-to-files-json.test.js
+++ b/unit-tests/json-to-iac/config-to-files-json.test.js
@@ -538,7 +538,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "~>1.61.0"
+      version = "~>1.63.0"
     }
     logdna = {
       source                = "logdna/logdna"
@@ -601,7 +601,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "~>1.61.0"
+      version = "~>1.63.0"
     }
     logdna = {
       source                = "logdna/logdna"
diff --git a/unit-tests/json-to-iac/outputs.test.js b/unit-tests/json-to-iac/outputs.test.js
new file mode 100644
index 00000000..f04756e8
--- /dev/null
+++ b/unit-tests/json-to-iac/outputs.test.js
@@ -0,0 +1,2372 @@
+const { assert } = require("chai");
+const { outputsTf } = require("../../client/src/lib");
+
+describe("outputs", () => {
+  describe("outputsTf", () => {
+    it("should return correct outputs file", () => {
+      let config = {
+        _options: {
+          craig_version: "1.12.1",
+          prefix: "jv-dev",
+          region: "eu-de",
+          tags: ["hello", "world"],
+          dynamic_subnets: false,
+          power_vs_zones: [],
+          zones: "1",
+          endpoints: "private",
+          account_id: null,
+          power_vs_high_availability: false,
+          fs_cloud: false,
+          enable_power_vs: false,
+          template: "VSI",
+          enable_classic: false,
+        },
+        access_groups: [],
+        appid: [],
+        atracker: {
+          add_route: true,
+          bucket: null,
+          locations: ["global"],
+          enabled: false,
+          type: "cos",
+          name: "atracker",
+          cos_key: null,
+          target_name: "atracker-cos",
+          instance: false,
+          plan: "lite",
+          resource_group: null,
+        },
+        cbr_rules: [],
+        cbr_zones: [],
+        clusters: [],
+        dns: [],
+        event_streams: [],
+        f5_vsi: [],
+        iam_account_settings: {
+          enable: false,
+          mfa: null,
+          allowed_ip_addresses: null,
+          include_history: false,
+          if_match: null,
+          max_sessions_per_identity: null,
+          restrict_create_service_id: null,
+          restrict_create_platform_apikey: null,
+          session_expiration_in_seconds: null,
+          session_invalidation_in_seconds: null,
+        },
+        icd: [],
+        key_management: [
+          {
+            keys: [
+              {
+                dual_auth_delete: false,
+                name: "slz-atracker-key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+              {
+                dual_auth_delete: false,
+                name: "key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+              {
+                dual_auth_delete: false,
+                name: "slz-vsi-volume-key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+            ],
+            authorize_vpc_reader_role: true,
+            name: "kms",
+            resource_group: "service-rg",
+            use_data: false,
+            use_hs_crypto: false,
+          },
+        ],
+        load_balancers: [],
+        logdna: {
+          enabled: false,
+          plan: "lite",
+          endpoints: "private",
+          platform_logs: false,
+          resource_group: "service-rg",
+          cos: null,
+          bucket: null,
+        },
+        object_storage: [
+          {
+            kms: "kms",
+            name: "cos",
+            plan: "standard",
+            resource_group: "service-rg",
+            use_random_suffix: true,
+            use_data: false,
+            buckets: [
+              {
+                endpoint: "public",
+                force_delete: true,
+                kms_key: "key",
+                name: "management-bucket",
+                storage_class: "standard",
+                use_random_suffix: true,
+              },
+              {
+                endpoint: "public",
+                force_delete: true,
+                kms_key: "key",
+                name: "workload-bucket",
+                storage_class: "standard",
+                use_random_suffix: true,
+              },
+            ],
+            keys: [],
+          },
+        ],
+        power: [],
+        power_instances: [],
+        power_volumes: [],
+        resource_groups: [
+          {
+            name: "service-rg",
+            use_data: false,
+            use_prefix: true,
+          },
+          {
+            name: "asset-development",
+            use_data: true,
+            use_prefix: true,
+          },
+          {
+            name: "workload-rg",
+            use_data: false,
+            use_prefix: true,
+          },
+        ],
+        routing_tables: [],
+        scc: {
+          credential_description: null,
+          id: null,
+          passphrase: null,
+          name: "",
+          location: "us",
+          collector_description: null,
+          is_public: false,
+          scope_description: null,
+          enable: false,
+        },
+        secrets_manager: [],
+        security_groups: [
+          {
+            vpc: "workload",
+          },
+          {
+            vpc: "management",
+            name: "management-vsi",
+            resource_group: "asset-development",
+            rules: [
+              {
+                direction: "outbound",
+                name: "allow-vpc-outbound",
+                source: "0.0.0.0/0",
+                tcp: {
+                  port_min: 443,
+                  port_max: 443,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "443",
+                port_max: "443",
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-53-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_min: 343,
+                  port_max: null,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "343",
+                port_max: null,
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-80-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_max: 80,
+                  port_min: 80,
+                },
+                icmp: {
+                  code: null,
+                  type: null,
+                },
+                udp: {
+                  port_max: null,
+                  port_min: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: null,
+                port_max: null,
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-443-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_min: 443,
+                  port_max: 443,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "443",
+                port_max: "443",
+                type: null,
+                code: null,
+              },
+            ],
+          },
+        ],
+        ssh_keys: [
+          {
+            name: "jv-dev",
+            use_data: false,
+            resource_group: "asset-development",
+            public_key: "",
+          },
+        ],
+        sysdig: {
+          enabled: false,
+          plan: "graduated-tier",
+          resource_group: "service-rg",
+          name: "sysdig",
+          platform_logs: false,
+        },
+        teleport_vsi: [],
+        transit_gateways: [
+          {
+            global: false,
+            name: "transit-gateway",
+            resource_group: "service-rg",
+            connections: [
+              {
+                tgw: "transit-gateway",
+                vpc: "management",
+              },
+            ],
+            use_data: false,
+            prefix_filters: [],
+            gre_tunnels: [],
+          },
+        ],
+        virtual_private_endpoints: [],
+        vpcs: [
+          {
+            name: "management",
+            public_gateways: [],
+            acls: [
+              {
+                resource_group: "asset-development",
+                name: "management",
+                vpc: "management",
+                rules: [
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-ibm-inbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-all-network-inbound",
+                    source: "10.0.0.0/8",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "0.0.0.0/0",
+                    direction: "outbound",
+                    name: "allow-all-outbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    name: "frog",
+                    action: "allow",
+                    direction: "inbound",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    source: "161.26.0.0/16",
+                    destination: "0.0.0.0",
+                    acl: "management",
+                    vpc: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                ],
+                use_data: false,
+              },
+            ],
+            subnets: [
+              {
+                name: "vsi-zone-1",
+                network_acl: "management",
+                cidr: "10.10.10.0/24",
+                has_prefix: true,
+                vpc: "management",
+                zone: 1,
+                public_gateway: false,
+                resource_group: "asset-development",
+              },
+            ],
+            address_prefixes: [
+              {
+                name: "vsi-zone-1",
+                cidr: "10.10.10.0/24",
+                zone: 1,
+                vpc: "management",
+              },
+            ],
+            bucket: "management-bucket",
+            manual_address_prefix_management: true,
+            cos: "cos",
+            classic_access: false,
+            default_network_acl_name: null,
+            default_routing_table_name: null,
+            default_security_group_name: null,
+            resource_group: "asset-development",
+            publicGateways: [],
+            subnetTiers: [
+              {
+                name: "vsi",
+                zones: 1,
+              },
+            ],
+            use_data: false,
+          },
+        ],
+        vpn_gateways: [],
+        vpn_servers: [],
+        vsi: [
+          {
+            kms: "kms",
+            encryption_key: "slz-vsi-volume-key",
+            image: "ibm-ubuntu-20-04-6-minimal-amd64-3",
+            profile: "cx2-4x8",
+            name: "jv-dev-server",
+            security_groups: ["management-vsi"],
+            ssh_keys: ["jv-dev"],
+            subnets: ["vsi-zone-1"],
+            vpc: "management",
+            vsi_per_subnet: 1,
+            resource_group: "asset-development",
+            override_vsi_name: null,
+            user_data: null,
+            network_interfaces: [],
+            volumes: [],
+            image_name:
+              "Ubuntu Linux 20.04 LTS Focal Fossa Minimal Install (amd64) [ibm-ubuntu-20-04-6-minimal-amd64-3]",
+            enable_floating_ip: true,
+            primary_interface_ip_spoofing: false,
+          },
+        ],
+        classic_ssh_keys: [],
+        classic_vlans: [],
+        vtl: [],
+        classic_gateways: [],
+        cis: [],
+        scc_v2: {
+          enable: false,
+          resource_group: null,
+          region: "",
+          account_id: "${var.account_id}",
+          profile_attachments: [],
+        },
+        cis_glbs: [],
+        fortigate_vnf: [],
+        _schematics: {
+          workspace_name: "jv-dev",
+          workspace_url:
+            "https://cloud.ibm.com/schematics/workspaces/us-south.workspace.jv-dev.81837d43",
+        },
+      };
+      let actualData = outputsTf(config);
+      let expectedData = `##############################################################################
+# Management VPC Outputs
+##############################################################################
+
+output "management_vpc_name" {
+  value = module.management_vpc.name
+}
+
+output "management_vpc_id" {
+  value = module.management_vpc.id
+}
+
+output "management_vpc_crn" {
+  value = module.management_vpc.crn
+}
+
+output "management_vpc_subnet_vsi_zone_1_name" {
+  value = module.management_vpc.vsi_zone_1_name
+}
+
+output "management_vpc_subnet_vsi_zone_1_id" {
+  value = module.management_vpc.vsi_zone_1_id
+}
+
+output "management_vpc_subnet_vsi_zone_1_crn" {
+  value = module.management_vpc.vsi_zone_1_crn
+}
+
+output "management_vpc_security_group_management_vsi_name" {
+  value = module.management_vpc.management_vsi_name
+}
+
+output "management_vpc_security_group_management_vsi_id" {
+  value = module.management_vpc.management_vsi_id
+}
+
+##############################################################################
+
+##############################################################################
+# Management Vpc Jv Dev Server Deployment Outputs
+##############################################################################
+
+output "management_vpc_jv_dev_server_vsi_1_1_primary_ip_address" {
+  value = ibm_is_instance.management_vpc_jv_dev_server_vsi_1_1.primary_network_interface[0].primary_ipv4_address
+}
+
+output "management_vpc_jv_dev_server_vsi_1_1_floating_ip_address" {
+  value = ibm_is_floating_ip.management_vpc_jv_dev_server_vsi_1_1_fip.address
+}
+
+##############################################################################
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct outputs"
+      );
+    });
+    it("should return correct outputs file with multiple deployments", () => {
+      let config = {
+        _options: {
+          craig_version: "1.12.1",
+          prefix: "jv-dev",
+          region: "eu-de",
+          tags: ["hello", "world"],
+          dynamic_subnets: false,
+          power_vs_zones: [],
+          zones: "1",
+          endpoints: "private",
+          account_id: null,
+          power_vs_high_availability: false,
+          fs_cloud: false,
+          enable_power_vs: false,
+          template: "VSI",
+          enable_classic: false,
+        },
+        access_groups: [],
+        appid: [],
+        atracker: {
+          add_route: true,
+          bucket: null,
+          locations: ["global"],
+          enabled: false,
+          type: "cos",
+          name: "atracker",
+          cos_key: null,
+          target_name: "atracker-cos",
+          instance: false,
+          plan: "lite",
+          resource_group: null,
+        },
+        cbr_rules: [],
+        cbr_zones: [],
+        clusters: [],
+        dns: [],
+        event_streams: [],
+        f5_vsi: [],
+        iam_account_settings: {
+          enable: false,
+          mfa: null,
+          allowed_ip_addresses: null,
+          include_history: false,
+          if_match: null,
+          max_sessions_per_identity: null,
+          restrict_create_service_id: null,
+          restrict_create_platform_apikey: null,
+          session_expiration_in_seconds: null,
+          session_invalidation_in_seconds: null,
+        },
+        icd: [],
+        key_management: [
+          {
+            keys: [
+              {
+                dual_auth_delete: false,
+                name: "slz-atracker-key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+              {
+                dual_auth_delete: false,
+                name: "key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+              {
+                dual_auth_delete: false,
+                name: "slz-vsi-volume-key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+            ],
+            authorize_vpc_reader_role: true,
+            name: "kms",
+            resource_group: "service-rg",
+            use_data: false,
+            use_hs_crypto: false,
+          },
+        ],
+        load_balancers: [],
+        logdna: {
+          enabled: false,
+          plan: "lite",
+          endpoints: "private",
+          platform_logs: false,
+          resource_group: "service-rg",
+          cos: null,
+          bucket: null,
+        },
+        object_storage: [
+          {
+            kms: "kms",
+            name: "cos",
+            plan: "standard",
+            resource_group: "service-rg",
+            use_random_suffix: true,
+            use_data: false,
+            buckets: [
+              {
+                endpoint: "public",
+                force_delete: true,
+                kms_key: "key",
+                name: "management-bucket",
+                storage_class: "standard",
+                use_random_suffix: true,
+              },
+              {
+                endpoint: "public",
+                force_delete: true,
+                kms_key: "key",
+                name: "workload-bucket",
+                storage_class: "standard",
+                use_random_suffix: true,
+              },
+            ],
+            keys: [],
+          },
+        ],
+        power: [],
+        power_instances: [],
+        power_volumes: [],
+        resource_groups: [
+          {
+            name: "service-rg",
+            use_data: false,
+            use_prefix: true,
+          },
+          {
+            name: "asset-development",
+            use_data: true,
+            use_prefix: true,
+          },
+          {
+            name: "workload-rg",
+            use_data: false,
+            use_prefix: true,
+          },
+        ],
+        routing_tables: [],
+        scc: {
+          credential_description: null,
+          id: null,
+          passphrase: null,
+          name: "",
+          location: "us",
+          collector_description: null,
+          is_public: false,
+          scope_description: null,
+          enable: false,
+        },
+        secrets_manager: [],
+        security_groups: [
+          {
+            vpc: "workload",
+          },
+          {
+            vpc: "management",
+            name: "management-vsi",
+            resource_group: "asset-development",
+            rules: [
+              {
+                direction: "outbound",
+                name: "allow-vpc-outbound",
+                source: "0.0.0.0/0",
+                tcp: {
+                  port_min: 443,
+                  port_max: 443,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "443",
+                port_max: "443",
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-53-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_min: 343,
+                  port_max: null,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "343",
+                port_max: null,
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-80-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_max: 80,
+                  port_min: 80,
+                },
+                icmp: {
+                  code: null,
+                  type: null,
+                },
+                udp: {
+                  port_max: null,
+                  port_min: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: null,
+                port_max: null,
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-443-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_min: 443,
+                  port_max: 443,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "443",
+                port_max: "443",
+                type: null,
+                code: null,
+              },
+            ],
+          },
+        ],
+        ssh_keys: [
+          {
+            name: "jv-dev",
+            use_data: false,
+            resource_group: "asset-development",
+            public_key: "",
+          },
+        ],
+        sysdig: {
+          enabled: false,
+          plan: "graduated-tier",
+          resource_group: "service-rg",
+          name: "sysdig",
+          platform_logs: false,
+        },
+        teleport_vsi: [],
+        transit_gateways: [
+          {
+            global: false,
+            name: "transit-gateway",
+            resource_group: "service-rg",
+            connections: [
+              {
+                tgw: "transit-gateway",
+                vpc: "management",
+              },
+            ],
+            use_data: false,
+            prefix_filters: [],
+            gre_tunnels: [],
+          },
+        ],
+        virtual_private_endpoints: [],
+        vpcs: [
+          {
+            name: "management",
+            public_gateways: [],
+            acls: [
+              {
+                resource_group: "asset-development",
+                name: "management",
+                vpc: "management",
+                rules: [
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-ibm-inbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-all-network-inbound",
+                    source: "10.0.0.0/8",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "0.0.0.0/0",
+                    direction: "outbound",
+                    name: "allow-all-outbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    name: "frog",
+                    action: "allow",
+                    direction: "inbound",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    source: "161.26.0.0/16",
+                    destination: "0.0.0.0",
+                    acl: "management",
+                    vpc: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                ],
+                use_data: false,
+              },
+            ],
+            subnets: [
+              {
+                name: "vsi-zone-1",
+                network_acl: "management",
+                cidr: "10.10.10.0/24",
+                has_prefix: true,
+                vpc: "management",
+                zone: 1,
+                public_gateway: false,
+                resource_group: "asset-development",
+              },
+            ],
+            address_prefixes: [
+              {
+                name: "vsi-zone-1",
+                cidr: "10.10.10.0/24",
+                zone: 1,
+                vpc: "management",
+              },
+            ],
+            bucket: "management-bucket",
+            manual_address_prefix_management: true,
+            cos: "cos",
+            classic_access: false,
+            default_network_acl_name: null,
+            default_routing_table_name: null,
+            default_security_group_name: null,
+            resource_group: "asset-development",
+            publicGateways: [],
+            subnetTiers: [
+              {
+                name: "vsi",
+                zones: 1,
+              },
+            ],
+            use_data: false,
+          },
+        ],
+        vpn_gateways: [],
+        vpn_servers: [],
+        vsi: [
+          {
+            kms: "kms",
+            encryption_key: "slz-vsi-volume-key",
+            image: "ibm-ubuntu-20-04-6-minimal-amd64-3",
+            profile: "cx2-4x8",
+            name: "jv-dev-server",
+            security_groups: ["management-vsi"],
+            ssh_keys: ["jv-dev"],
+            subnets: ["vsi-zone-1"],
+            vpc: "management",
+            vsi_per_subnet: 1,
+            resource_group: "asset-development",
+            override_vsi_name: null,
+            user_data: null,
+            network_interfaces: [],
+            volumes: [],
+            image_name:
+              "Ubuntu Linux 20.04 LTS Focal Fossa Minimal Install (amd64) [ibm-ubuntu-20-04-6-minimal-amd64-3]",
+            enable_floating_ip: true,
+            primary_interface_ip_spoofing: false,
+          },
+          {
+            kms: "kms",
+            encryption_key: "slz-vsi-volume-key",
+            image: "ibm-ubuntu-20-04-6-minimal-amd64-3",
+            profile: "cx2-4x8",
+            name: "jv-dev-server2",
+            security_groups: ["management-vsi"],
+            ssh_keys: ["jv-dev"],
+            subnets: ["vsi-zone-1"],
+            vpc: "management",
+            vsi_per_subnet: 1,
+            resource_group: "asset-development",
+            override_vsi_name: null,
+            user_data: null,
+            network_interfaces: [],
+            volumes: [],
+            image_name:
+              "Ubuntu Linux 20.04 LTS Focal Fossa Minimal Install (amd64) [ibm-ubuntu-20-04-6-minimal-amd64-3]",
+            enable_floating_ip: true,
+            primary_interface_ip_spoofing: false,
+          },
+        ],
+        classic_ssh_keys: [],
+        classic_vlans: [],
+        vtl: [],
+        classic_gateways: [],
+        cis: [],
+        scc_v2: {
+          enable: false,
+          resource_group: null,
+          region: "",
+          account_id: "${var.account_id}",
+          profile_attachments: [],
+        },
+        cis_glbs: [],
+        fortigate_vnf: [],
+        _schematics: {
+          workspace_name: "jv-dev",
+          workspace_url:
+            "https://cloud.ibm.com/schematics/workspaces/us-south.workspace.jv-dev.81837d43",
+        },
+      };
+      let actualData = outputsTf(config);
+      let expectedData = `##############################################################################
+# Management VPC Outputs
+##############################################################################
+
+output "management_vpc_name" {
+  value = module.management_vpc.name
+}
+
+output "management_vpc_id" {
+  value = module.management_vpc.id
+}
+
+output "management_vpc_crn" {
+  value = module.management_vpc.crn
+}
+
+output "management_vpc_subnet_vsi_zone_1_name" {
+  value = module.management_vpc.vsi_zone_1_name
+}
+
+output "management_vpc_subnet_vsi_zone_1_id" {
+  value = module.management_vpc.vsi_zone_1_id
+}
+
+output "management_vpc_subnet_vsi_zone_1_crn" {
+  value = module.management_vpc.vsi_zone_1_crn
+}
+
+output "management_vpc_security_group_management_vsi_name" {
+  value = module.management_vpc.management_vsi_name
+}
+
+output "management_vpc_security_group_management_vsi_id" {
+  value = module.management_vpc.management_vsi_id
+}
+
+##############################################################################
+
+##############################################################################
+# Management Vpc Jv Dev Server Deployment Outputs
+##############################################################################
+
+output "management_vpc_jv_dev_server_vsi_1_1_primary_ip_address" {
+  value = ibm_is_instance.management_vpc_jv_dev_server_vsi_1_1.primary_network_interface[0].primary_ipv4_address
+}
+
+output "management_vpc_jv_dev_server_vsi_1_1_floating_ip_address" {
+  value = ibm_is_floating_ip.management_vpc_jv_dev_server_vsi_1_1_fip.address
+}
+
+##############################################################################
+
+##############################################################################
+# Management Vpc Jv Dev Server 2 Deployment Outputs
+##############################################################################
+
+output "management_vpc_jv_dev_server2_vsi_1_1_primary_ip_address" {
+  value = ibm_is_instance.management_vpc_jv_dev_server2_vsi_1_1.primary_network_interface[0].primary_ipv4_address
+}
+
+output "management_vpc_jv_dev_server2_vsi_1_1_floating_ip_address" {
+  value = ibm_is_floating_ip.management_vpc_jv_dev_server2_vsi_1_1_fip.address
+}
+
+##############################################################################
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct outputs"
+      );
+    });
+    it("should return correct outputs for power vs workspaces", () => {
+      let config = {
+        _options: {
+          prefix: "iac",
+          region: "us-south",
+          tags: ["hello", "world"],
+          zones: 3,
+          endpoints: "private",
+          account_id: null,
+          fs_cloud: false,
+          enable_classic: false,
+          dynamic_subnets: true,
+          enable_power_vs: true,
+          craig_version: "1.12.2",
+          power_vs_zones: ["us-south", "dal10", "dal12"],
+          power_vs_high_availability: false,
+          no_vpn_secrets_manager_auth: false,
+          template: "Empty Project",
+        },
+        access_groups: [],
+        appid: [],
+        atracker: {
+          enabled: false,
+          type: "cos",
+          name: "atracker",
+          target_name: "atracker-cos",
+          bucket: null,
+          add_route: true,
+          cos_key: null,
+          locations: ["global", "us-south"],
+          instance: false,
+          plan: "lite",
+          resource_group: null,
+        },
+        cbr_rules: [],
+        cbr_zones: [],
+        clusters: [],
+        dns: [],
+        event_streams: [],
+        f5_vsi: [],
+        iam_account_settings: {
+          enable: false,
+          mfa: null,
+          allowed_ip_addresses: null,
+          include_history: false,
+          if_match: null,
+          max_sessions_per_identity: null,
+          restrict_create_service_id: null,
+          restrict_create_platform_apikey: null,
+          session_expiration_in_seconds: null,
+          session_invalidation_in_seconds: null,
+        },
+        icd: [],
+        key_management: [],
+        load_balancers: [],
+        logdna: {
+          name: "logdna",
+          archive: false,
+          enabled: false,
+          plan: "lite",
+          endpoints: "private",
+          platform_logs: false,
+          resource_group: null,
+          cos: null,
+          bucket: null,
+        },
+        object_storage: [],
+        power: [
+          {
+            use_data: false,
+            name: "test-output",
+            zone: "us-south",
+            resource_group: "output-test-rg",
+            imageNames: ["7200-05-03"],
+            images: [
+              {
+                creationDate: "2022-03-04T16:13:44.000Z",
+                description: "",
+                href: "/pcloud/v1/cloud-instances/804b4619410344388ac946fcdc2fc3a7/stock-images/b4f8e80d-08ac-4f38-b949-d215b34aa3bf",
+                imageID: "b4f8e80d-08ac-4f38-b949-d215b34aa3bf",
+                lastUpdateDate: "2022-03-04T18:10:58.000Z",
+                name: "7200-05-03",
+                specifications: {
+                  architecture: "ppc64",
+                  containerFormat: "bare",
+                  diskFormat: "raw",
+                  endianness: "big-endian",
+                  hypervisorType: "phyp",
+                  operatingSystem: "aix",
+                },
+                state: "active",
+                storagePool: "Tier3-Flash-1",
+                storageType: "tier3",
+                workspace: "test-output",
+                zone: "us-south",
+                workspace_use_data: false,
+              },
+            ],
+            ssh_keys: [],
+            network: [],
+            cloud_connections: [],
+            attachments: [],
+          },
+          {
+            use_data: true,
+            name: "iac-power-workspace-test-output",
+            zone: "us-south",
+            resource_group: null,
+            imageNames: ["7100-05-09"],
+            images: [
+              {
+                creationDate: "2022-03-04T16:28:23.000Z",
+                description: "",
+                href: "/pcloud/v1/cloud-instances/0675080bfc244a32ae13770cd424a26c/stock-images/2eee95bf-9d27-4166-a9ba-17835f8ae821",
+                imageID: "2eee95bf-9d27-4166-a9ba-17835f8ae821",
+                lastUpdateDate: "2022-03-04T18:10:58.000Z",
+                name: "7100-05-09",
+                specifications: {
+                  architecture: "ppc64",
+                  containerFormat: "bare",
+                  diskFormat: "raw",
+                  endianness: "big-endian",
+                  hypervisorType: "phyp",
+                  operatingSystem: "aix",
+                },
+                state: "active",
+                storagePool: "Tier3-Flash-1",
+                storageType: "tier3",
+                workspace: "iac-power-workspace-test-output",
+                zone: "us-south",
+                workspace_use_data: true,
+              },
+            ],
+            ssh_keys: [],
+            network: [],
+            cloud_connections: [],
+            attachments: [],
+          },
+        ],
+        power_instances: [],
+        power_volumes: [],
+        resource_groups: [
+          {
+            use_prefix: true,
+            name: "output-test-rg",
+            use_data: false,
+          },
+        ],
+        routing_tables: [],
+        scc: {
+          credential_description: null,
+          id: null,
+          passphrase: null,
+          name: "",
+          location: "us",
+          collector_description: null,
+          is_public: false,
+          scope_description: null,
+          enable: false,
+        },
+        secrets_manager: [],
+        security_groups: [],
+        ssh_keys: [],
+        sysdig: {
+          enabled: false,
+          plan: "graduated-tier",
+          resource_group: null,
+          name: "sysdig",
+          platform_logs: false,
+        },
+        teleport_vsi: [],
+        transit_gateways: [],
+        virtual_private_endpoints: [],
+        vpcs: [],
+        vpn_gateways: [],
+        vpn_servers: [],
+        vsi: [],
+        classic_ssh_keys: [],
+        classic_vlans: [],
+        vtl: [],
+        classic_gateways: [],
+        cis: [],
+        scc_v2: {
+          enable: false,
+          resource_group: null,
+          region: "",
+          account_id: "${var.account_id}",
+          profile_attachments: [],
+        },
+        cis_glbs: [],
+        fortigate_vnf: [],
+        classic_security_groups: [],
+      };
+      let actualData = outputsTf(config);
+      let expectedData = `##############################################################################
+# Test Output Power Workspace Outputs
+##############################################################################
+
+output "power_vs_workspace_test_output_name" {
+  value = ibm_resource_instance.power_vs_workspace_test_output.name
+}
+
+output "power_vs_workspace_test_output_guid" {
+  value = ibm_resource_instance.power_vs_workspace_test_output.guid
+}
+
+output "power_vs_workspace_test_output_crn" {
+  value = ibm_resource_instance.power_vs_workspace_test_output.crn
+}
+
+##############################################################################
+
+##############################################################################
+# Iac Power Workspace Test Output Power Workspace Outputs
+##############################################################################
+
+output "power_vs_workspace_iac_power_workspace_test_output_name" {
+  value = data.ibm_resource_instance.power_vs_workspace_iac_power_workspace_test_output.name
+}
+
+output "power_vs_workspace_iac_power_workspace_test_output_guid" {
+  value = data.ibm_resource_instance.power_vs_workspace_iac_power_workspace_test_output.guid
+}
+
+output "power_vs_workspace_iac_power_workspace_test_output_crn" {
+  value = data.ibm_resource_instance.power_vs_workspace_iac_power_workspace_test_output.crn
+}
+
+##############################################################################
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct outputs"
+      );
+    });
+    it("should return correct outputs for power vs workspaces and vpc", () => {
+      let config = {
+        _options: {
+          craig_version: "1.12.1",
+          prefix: "jv-dev",
+          region: "eu-de",
+          tags: ["hello", "world"],
+          dynamic_subnets: false,
+          power_vs_zones: [],
+          zones: "1",
+          endpoints: "private",
+          account_id: null,
+          power_vs_high_availability: false,
+          fs_cloud: false,
+          enable_power_vs: false,
+          template: "VSI",
+          enable_classic: false,
+        },
+        access_groups: [],
+        appid: [],
+        atracker: {
+          add_route: true,
+          bucket: null,
+          locations: ["global"],
+          enabled: false,
+          type: "cos",
+          name: "atracker",
+          cos_key: null,
+          target_name: "atracker-cos",
+          instance: false,
+          plan: "lite",
+          resource_group: null,
+        },
+        cbr_rules: [],
+        cbr_zones: [],
+        clusters: [],
+        dns: [],
+        event_streams: [],
+        f5_vsi: [],
+        iam_account_settings: {
+          enable: false,
+          mfa: null,
+          allowed_ip_addresses: null,
+          include_history: false,
+          if_match: null,
+          max_sessions_per_identity: null,
+          restrict_create_service_id: null,
+          restrict_create_platform_apikey: null,
+          session_expiration_in_seconds: null,
+          session_invalidation_in_seconds: null,
+        },
+        icd: [],
+        key_management: [
+          {
+            keys: [
+              {
+                dual_auth_delete: false,
+                name: "slz-atracker-key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+              {
+                dual_auth_delete: false,
+                name: "key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+              {
+                dual_auth_delete: false,
+                name: "slz-vsi-volume-key",
+                endpoint: "private",
+                force_delete: false,
+                root_key: true,
+                key_ring: "ring",
+                rotation: 12,
+              },
+            ],
+            authorize_vpc_reader_role: true,
+            name: "kms",
+            resource_group: "service-rg",
+            use_data: false,
+            use_hs_crypto: false,
+          },
+        ],
+        load_balancers: [],
+        logdna: {
+          enabled: false,
+          plan: "lite",
+          endpoints: "private",
+          platform_logs: false,
+          resource_group: "service-rg",
+          cos: null,
+          bucket: null,
+        },
+        object_storage: [
+          {
+            kms: "kms",
+            name: "cos",
+            plan: "standard",
+            resource_group: "service-rg",
+            use_random_suffix: true,
+            use_data: false,
+            buckets: [
+              {
+                endpoint: "public",
+                force_delete: true,
+                kms_key: "key",
+                name: "management-bucket",
+                storage_class: "standard",
+                use_random_suffix: true,
+              },
+              {
+                endpoint: "public",
+                force_delete: true,
+                kms_key: "key",
+                name: "workload-bucket",
+                storage_class: "standard",
+                use_random_suffix: true,
+              },
+            ],
+            keys: [],
+          },
+        ],
+        power: [
+          {
+            use_data: false,
+            name: "test-output",
+            zone: "us-south",
+            resource_group: "output-test-rg",
+            imageNames: ["7200-05-03"],
+            images: [
+              {
+                creationDate: "2022-03-04T16:13:44.000Z",
+                description: "",
+                href: "/pcloud/v1/cloud-instances/804b4619410344388ac946fcdc2fc3a7/stock-images/b4f8e80d-08ac-4f38-b949-d215b34aa3bf",
+                imageID: "b4f8e80d-08ac-4f38-b949-d215b34aa3bf",
+                lastUpdateDate: "2022-03-04T18:10:58.000Z",
+                name: "7200-05-03",
+                specifications: {
+                  architecture: "ppc64",
+                  containerFormat: "bare",
+                  diskFormat: "raw",
+                  endianness: "big-endian",
+                  hypervisorType: "phyp",
+                  operatingSystem: "aix",
+                },
+                state: "active",
+                storagePool: "Tier3-Flash-1",
+                storageType: "tier3",
+                workspace: "test-output",
+                zone: "us-south",
+                workspace_use_data: false,
+              },
+            ],
+            ssh_keys: [],
+            network: [],
+            cloud_connections: [],
+            attachments: [],
+          },
+          {
+            use_data: true,
+            name: "iac-power-workspace-test-output",
+            zone: "us-south",
+            resource_group: null,
+            imageNames: ["7100-05-09"],
+            images: [
+              {
+                creationDate: "2022-03-04T16:28:23.000Z",
+                description: "",
+                href: "/pcloud/v1/cloud-instances/0675080bfc244a32ae13770cd424a26c/stock-images/2eee95bf-9d27-4166-a9ba-17835f8ae821",
+                imageID: "2eee95bf-9d27-4166-a9ba-17835f8ae821",
+                lastUpdateDate: "2022-03-04T18:10:58.000Z",
+                name: "7100-05-09",
+                specifications: {
+                  architecture: "ppc64",
+                  containerFormat: "bare",
+                  diskFormat: "raw",
+                  endianness: "big-endian",
+                  hypervisorType: "phyp",
+                  operatingSystem: "aix",
+                },
+                state: "active",
+                storagePool: "Tier3-Flash-1",
+                storageType: "tier3",
+                workspace: "iac-power-workspace-test-output",
+                zone: "us-south",
+                workspace_use_data: true,
+              },
+            ],
+            ssh_keys: [],
+            network: [],
+            cloud_connections: [],
+            attachments: [],
+          },
+        ],
+        power_instances: [],
+        power_volumes: [],
+        resource_groups: [
+          {
+            name: "service-rg",
+            use_data: false,
+            use_prefix: true,
+          },
+          {
+            name: "asset-development",
+            use_data: true,
+            use_prefix: true,
+          },
+          {
+            name: "workload-rg",
+            use_data: false,
+            use_prefix: true,
+          },
+        ],
+        routing_tables: [],
+        scc: {
+          credential_description: null,
+          id: null,
+          passphrase: null,
+          name: "",
+          location: "us",
+          collector_description: null,
+          is_public: false,
+          scope_description: null,
+          enable: false,
+        },
+        secrets_manager: [],
+        security_groups: [
+          {
+            vpc: "workload",
+          },
+          {
+            vpc: "management",
+            name: "management-vsi",
+            resource_group: "asset-development",
+            rules: [
+              {
+                direction: "outbound",
+                name: "allow-vpc-outbound",
+                source: "0.0.0.0/0",
+                tcp: {
+                  port_min: 443,
+                  port_max: 443,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "443",
+                port_max: "443",
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-53-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_min: 343,
+                  port_max: null,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "343",
+                port_max: null,
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-80-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_max: 80,
+                  port_min: 80,
+                },
+                icmp: {
+                  code: null,
+                  type: null,
+                },
+                udp: {
+                  port_max: null,
+                  port_min: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: null,
+                port_max: null,
+                type: null,
+                code: null,
+              },
+              {
+                direction: "outbound",
+                name: "allow-ibm-tcp-443-outbound",
+                source: "161.26.0.0/16",
+                tcp: {
+                  port_min: 443,
+                  port_max: 443,
+                  source_port_max: null,
+                  source_port_min: null,
+                },
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                },
+                sg: "management-vsi",
+                vpc: "management",
+                ruleProtocol: "tcp",
+                port_min: "443",
+                port_max: "443",
+                type: null,
+                code: null,
+              },
+            ],
+          },
+        ],
+        ssh_keys: [
+          {
+            name: "jv-dev",
+            use_data: false,
+            resource_group: "asset-development",
+            public_key: "",
+          },
+        ],
+        sysdig: {
+          enabled: false,
+          plan: "graduated-tier",
+          resource_group: "service-rg",
+          name: "sysdig",
+          platform_logs: false,
+        },
+        teleport_vsi: [],
+        transit_gateways: [
+          {
+            global: false,
+            name: "transit-gateway",
+            resource_group: "service-rg",
+            connections: [
+              {
+                tgw: "transit-gateway",
+                vpc: "management",
+              },
+            ],
+            use_data: false,
+            prefix_filters: [],
+            gre_tunnels: [],
+          },
+        ],
+        virtual_private_endpoints: [],
+        vpcs: [
+          {
+            name: "management",
+            public_gateways: [],
+            acls: [
+              {
+                resource_group: "asset-development",
+                name: "management",
+                vpc: "management",
+                rules: [
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-ibm-inbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-all-network-inbound",
+                    source: "10.0.0.0/8",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "0.0.0.0/0",
+                    direction: "outbound",
+                    name: "allow-all-outbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management",
+                    acl: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    name: "frog",
+                    action: "allow",
+                    direction: "inbound",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    source: "161.26.0.0/16",
+                    destination: "0.0.0.0",
+                    acl: "management",
+                    vpc: "management",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                ],
+                use_data: false,
+              },
+            ],
+            subnets: [
+              {
+                name: "vsi-zone-1",
+                network_acl: "management",
+                cidr: "10.10.10.0/24",
+                has_prefix: true,
+                vpc: "management",
+                zone: 1,
+                public_gateway: false,
+                resource_group: "asset-development",
+              },
+            ],
+            address_prefixes: [
+              {
+                name: "vsi-zone-1",
+                cidr: "10.10.10.0/24",
+                zone: 1,
+                vpc: "management",
+              },
+            ],
+            bucket: "management-bucket",
+            manual_address_prefix_management: true,
+            cos: "cos",
+            classic_access: false,
+            default_network_acl_name: null,
+            default_routing_table_name: null,
+            default_security_group_name: null,
+            resource_group: "asset-development",
+            publicGateways: [],
+            subnetTiers: [
+              {
+                name: "vsi",
+                zones: 1,
+              },
+            ],
+            use_data: false,
+          },
+          {
+            name: "management2",
+            public_gateways: [],
+            acls: [
+              {
+                resource_group: "asset-development",
+                name: "management2",
+                vpc: "management2",
+                rules: [
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-ibm-inbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management2",
+                    acl: "management2",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "10.0.0.0/8",
+                    direction: "inbound",
+                    name: "allow-all-network-inbound",
+                    source: "10.0.0.0/8",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management2",
+                    acl: "management2",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    action: "allow",
+                    destination: "0.0.0.0/0",
+                    direction: "outbound",
+                    name: "allow-all-outbound",
+                    source: "0.0.0.0/0",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    vpc: "management2",
+                    acl: "management2",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  {
+                    name: "frog",
+                    action: "allow",
+                    direction: "inbound",
+                    icmp: {
+                      type: null,
+                      code: null,
+                    },
+                    tcp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    udp: {
+                      port_min: null,
+                      port_max: null,
+                      source_port_min: null,
+                      source_port_max: null,
+                    },
+                    source: "161.26.0.0/16",
+                    destination: "0.0.0.0",
+                    acl: "management2",
+                    vpc: "management2",
+                    ruleProtocol: "all",
+                    port_min: null,
+                    port_max: null,
+                    type: null,
+                    code: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                ],
+                use_data: false,
+              },
+            ],
+            subnets: [
+              {
+                name: "vsi-zone-1",
+                network_acl: "management2",
+                cidr: "10.10.10.0/24",
+                has_prefix: true,
+                vpc: "management2",
+                zone: 1,
+                public_gateway: false,
+                resource_group: "asset-development",
+              },
+            ],
+            address_prefixes: [
+              {
+                name: "vsi-zone-1",
+                cidr: "10.10.10.0/24",
+                zone: 1,
+                vpc: "management2",
+              },
+            ],
+            bucket: "management-bucket",
+            manual_address_prefix_management: true,
+            cos: "cos",
+            classic_access: false,
+            default_network_acl_name: null,
+            default_routing_table_name: null,
+            default_security_group_name: null,
+            resource_group: "asset-development",
+            publicGateways: [],
+            subnetTiers: [
+              {
+                name: "vsi",
+                zones: 1,
+              },
+            ],
+            use_data: false,
+          },
+        ],
+        vpn_gateways: [],
+        vpn_servers: [],
+        vsi: [
+          {
+            kms: "kms",
+            encryption_key: "slz-vsi-volume-key",
+            image: "ibm-ubuntu-20-04-6-minimal-amd64-3",
+            profile: "cx2-4x8",
+            name: "jv-dev-server2",
+            security_groups: ["management-vsi"],
+            ssh_keys: ["jv-dev"],
+            subnets: ["vsi-zone-1"],
+            vpc: "management2",
+            vsi_per_subnet: 1,
+            resource_group: "asset-development",
+            override_vsi_name: null,
+            user_data: null,
+            network_interfaces: [],
+            volumes: [],
+            image_name:
+              "Ubuntu Linux 20.04 LTS Focal Fossa Minimal Install (amd64) [ibm-ubuntu-20-04-6-minimal-amd64-3]",
+            enable_floating_ip: true,
+            primary_interface_ip_spoofing: false,
+          },
+        ],
+        classic_ssh_keys: [],
+        classic_vlans: [],
+        vtl: [],
+        classic_gateways: [],
+        cis: [],
+        scc_v2: {
+          enable: false,
+          resource_group: null,
+          region: "",
+          account_id: "${var.account_id}",
+          profile_attachments: [],
+        },
+        cis_glbs: [],
+        fortigate_vnf: [],
+        _schematics: {
+          workspace_name: "jv-dev",
+          workspace_url:
+            "https://cloud.ibm.com/schematics/workspaces/us-south.workspace.jv-dev.81837d43",
+        },
+      };
+      let actualData = outputsTf(config);
+      let expectedData = `##############################################################################
+# Management VPC Outputs
+##############################################################################
+
+output "management_vpc_name" {
+  value = module.management_vpc.name
+}
+
+output "management_vpc_id" {
+  value = module.management_vpc.id
+}
+
+output "management_vpc_crn" {
+  value = module.management_vpc.crn
+}
+
+output "management_vpc_subnet_vsi_zone_1_name" {
+  value = module.management_vpc.vsi_zone_1_name
+}
+
+output "management_vpc_subnet_vsi_zone_1_id" {
+  value = module.management_vpc.vsi_zone_1_id
+}
+
+output "management_vpc_subnet_vsi_zone_1_crn" {
+  value = module.management_vpc.vsi_zone_1_crn
+}
+
+output "management_vpc_security_group_management_vsi_name" {
+  value = module.management_vpc.management_vsi_name
+}
+
+output "management_vpc_security_group_management_vsi_id" {
+  value = module.management_vpc.management_vsi_id
+}
+
+##############################################################################
+
+##############################################################################
+# Management 2 VPC Outputs
+##############################################################################
+
+output "management2_vpc_name" {
+  value = module.management2_vpc.name
+}
+
+output "management2_vpc_id" {
+  value = module.management2_vpc.id
+}
+
+output "management2_vpc_crn" {
+  value = module.management2_vpc.crn
+}
+
+output "management2_vpc_subnet_vsi_zone_1_name" {
+  value = module.management2_vpc.vsi_zone_1_name
+}
+
+output "management2_vpc_subnet_vsi_zone_1_id" {
+  value = module.management2_vpc.vsi_zone_1_id
+}
+
+output "management2_vpc_subnet_vsi_zone_1_crn" {
+  value = module.management2_vpc.vsi_zone_1_crn
+}
+
+##############################################################################
+
+##############################################################################
+# Management 2 Vpc Jv Dev Server 2 Deployment Outputs
+##############################################################################
+
+output "management2_vpc_jv_dev_server2_vsi_1_1_primary_ip_address" {
+  value = ibm_is_instance.management2_vpc_jv_dev_server2_vsi_1_1.primary_network_interface[0].primary_ipv4_address
+}
+
+output "management2_vpc_jv_dev_server2_vsi_1_1_floating_ip_address" {
+  value = ibm_is_floating_ip.management2_vpc_jv_dev_server2_vsi_1_1_fip.address
+}
+
+##############################################################################
+
+##############################################################################
+# Test Output Power Workspace Outputs
+##############################################################################
+
+output "power_vs_workspace_test_output_name" {
+  value = ibm_resource_instance.power_vs_workspace_test_output.name
+}
+
+output "power_vs_workspace_test_output_guid" {
+  value = ibm_resource_instance.power_vs_workspace_test_output.guid
+}
+
+output "power_vs_workspace_test_output_crn" {
+  value = ibm_resource_instance.power_vs_workspace_test_output.crn
+}
+
+##############################################################################
+
+##############################################################################
+# Iac Power Workspace Test Output Power Workspace Outputs
+##############################################################################
+
+output "power_vs_workspace_iac_power_workspace_test_output_name" {
+  value = data.ibm_resource_instance.power_vs_workspace_iac_power_workspace_test_output.name
+}
+
+output "power_vs_workspace_iac_power_workspace_test_output_guid" {
+  value = data.ibm_resource_instance.power_vs_workspace_iac_power_workspace_test_output.guid
+}
+
+output "power_vs_workspace_iac_power_workspace_test_output_crn" {
+  value = data.ibm_resource_instance.power_vs_workspace_iac_power_workspace_test_output.crn
+}
+
+##############################################################################
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct outputs"
+      );
+    });
+  });
+});
diff --git a/unit-tests/json-to-iac/power-vs-instances.test.js b/unit-tests/json-to-iac/power-vs-instances.test.js
index 1b74f36f..edadab2d 100644
--- a/unit-tests/json-to-iac/power-vs-instances.test.js
+++ b/unit-tests/json-to-iac/power-vs-instances.test.js
@@ -47,6 +47,109 @@ resource "ibm_pi_instance" "example_workspace_instance_test" {
     network_id = ibm_pi_network.power_network_example_dev_nw.network_id
   }
 }
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct instance data"
+      );
+    });
+    it("should correctly return power vs instance data with ibm i licenses", () => {
+      let actualData = formatPowerVsInstance({
+        zone: "dal12",
+        workspace: "example",
+        name: "test",
+        image: "SLES15-SP3-SAP",
+        ssh_key: "keyname",
+        network: [
+          {
+            name: "dev-nw",
+          },
+        ],
+        primary_subnet: "dev-nw",
+        pi_memory: "4",
+        pi_processors: "2",
+        pi_proc_type: "shared",
+        pi_sys_type: "s922",
+        pi_pin_policy: "none",
+        pi_health_status: "WARNING",
+        pi_storage_type: "tier1",
+        pi_user_data: "",
+        pi_ibmi_css: true,
+        pi_ibmi_pha: true,
+        pi_ibmi_rds_users: 1,
+      });
+      let expectedData = `
+resource "ibm_pi_instance" "example_workspace_instance_test" {
+  provider             = ibm.power_vs_dal12
+  pi_image_id          = ibm_pi_image.power_image_example_sles15_sp3_sap.image_id
+  pi_key_pair_name     = ibm_pi_key.power_vs_ssh_key_keyname.pi_key_name
+  pi_cloud_instance_id = ibm_resource_instance.power_vs_workspace_example.guid
+  pi_instance_name     = "\${var.prefix}-test"
+  pi_memory            = "4"
+  pi_processors        = "2"
+  pi_proc_type         = "shared"
+  pi_sys_type          = "s922"
+  pi_pin_policy        = "none"
+  pi_health_status     = "WARNING"
+  pi_storage_type      = "tier1"
+  pi_ibmi_css          = true
+  pi_ibmi_pha          = true
+  pi_ibmi_rds_users    = 1
+  pi_network {
+    network_id = ibm_pi_network.power_network_example_dev_nw.network_id
+  }
+}
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct instance data"
+      );
+    });
+    it("should correctly return power vs instance data with ibm i licenses", () => {
+      let actualData = formatPowerVsInstance({
+        zone: "dal12",
+        workspace: "example",
+        name: "test",
+        image: "SLES15-SP3-SAP",
+        ssh_key: "keyname",
+        network: [
+          {
+            name: "dev-nw",
+          },
+        ],
+        primary_subnet: "dev-nw",
+        pi_memory: "4",
+        pi_processors: "2",
+        pi_proc_type: "shared",
+        pi_sys_type: "s922",
+        pi_pin_policy: "none",
+        pi_health_status: "WARNING",
+        pi_storage_type: "tier1",
+        pi_user_data: "",
+        pi_ibmi_css: false,
+        pi_ibmi_pha: false,
+        pi_ibmi_rds_users: "",
+      });
+      let expectedData = `
+resource "ibm_pi_instance" "example_workspace_instance_test" {
+  provider             = ibm.power_vs_dal12
+  pi_image_id          = ibm_pi_image.power_image_example_sles15_sp3_sap.image_id
+  pi_key_pair_name     = ibm_pi_key.power_vs_ssh_key_keyname.pi_key_name
+  pi_cloud_instance_id = ibm_resource_instance.power_vs_workspace_example.guid
+  pi_instance_name     = "\${var.prefix}-test"
+  pi_memory            = "4"
+  pi_processors        = "2"
+  pi_proc_type         = "shared"
+  pi_sys_type          = "s922"
+  pi_pin_policy        = "none"
+  pi_health_status     = "WARNING"
+  pi_storage_type      = "tier1"
+  pi_network {
+    network_id = ibm_pi_network.power_network_example_dev_nw.network_id
+  }
+}
 `;
       assert.deepEqual(
         actualData,
diff --git a/unit-tests/json-to-iac/transit-gateway.test.js b/unit-tests/json-to-iac/transit-gateway.test.js
index 0c0feda9..6d5fe09d 100644
--- a/unit-tests/json-to-iac/transit-gateway.test.js
+++ b/unit-tests/json-to-iac/transit-gateway.test.js
@@ -289,6 +289,35 @@ resource "ibm_tg_connection" "transit_gateway_to_gw_unbound_gre_connection" {
       );
     });
   });
+  it("should return correctly formatted transit gateway classic connection", () => {
+    let actualData = formatTgwConnection(
+      {
+        name: "transit-gateway",
+        resource_group: "slz-service-rg",
+        global: false,
+        classic: true,
+        connections: [
+          {
+            tgw: "transit-gateway",
+            classic: true,
+          },
+        ],
+      }.connections[0],
+      slzNetwork
+    );
+    let expectedData = `
+resource "ibm_tg_connection" "transit_gateway_to_classic_connection" {
+  gateway      = ibm_tg_gateway.transit_gateway.id
+  network_type = "classic"
+  name         = "\${var.prefix}-transit-gateway-classic-hub-connection"
+  timeouts {
+    create = "30m"
+    delete = "30m"
+  }
+}
+`;
+    assert.deepEqual(actualData, expectedData, "it should return correct data");
+  });
   describe("formatTgwPrefixFilter", () => {
     it("should return a vpc prefix filter", () => {
       let actualData = formatTgwPrefixFilter(
diff --git a/unit-tests/json-to-iac/variables.test.js b/unit-tests/json-to-iac/variables.test.js
index 3f0f0a27..6b2b6a70 100644
--- a/unit-tests/json-to-iac/variables.test.js
+++ b/unit-tests/json-to-iac/variables.test.js
@@ -756,6 +756,18 @@ variable "management_vpn_server_abc_intermediate_pem" {
   sensitive   = true
 }
 
+variable "management_vpn_server_abc_client_ca_cert_pem" {
+  description = "Imported certificate client ca PEM for Management Vpn Server Abc. Certificate will be stored in Secrets Manager"
+  type        = string
+  sensitive   = true
+}
+
+variable "management_vpn_server_abc_client_ca_private_key_pem" {
+  description = "Imported certificate client ca private key PEM for Management Vpn Server Abc. Certificate will be stored in Secrets Manager"
+  type        = string
+  sensitive   = true
+}
+
 ##############################################################################
 `;
     assert.deepEqual(
@@ -903,4 +915,690 @@ variable "secrets_manager_example_secret_password" {
       "it should return correct variables"
     );
   });
+  it("should return correct variables for byo cert in vpn server", () => {
+    let actualData = variablesDotTf({
+      _options: {
+        prefix: "c2s",
+        region: "us-south",
+        tags: ["poc"],
+        zones: 1,
+        endpoints: "public",
+        account_id: null,
+        dynamic_subnets: false,
+        enable_power_vs: true,
+        enable_classic: false,
+        power_vs_zones: ["dal10"],
+        craig_version: "1.12.2",
+        power_vs_high_availability: false,
+        template: "Empty Project",
+        fs_cloud: false,
+      },
+      access_groups: [],
+      appid: [],
+      atracker: {
+        enabled: false,
+        type: "cos",
+        name: "atracker",
+        target_name: "a-tracker",
+        bucket: null,
+        add_route: true,
+        cos_key: null,
+        locations: ["global", "us-south"],
+        instance: false,
+        plan: "lite",
+        resource_group: "service-rg",
+      },
+      cbr_rules: [],
+      cbr_zones: [],
+      cis: [],
+      cis_glbs: [],
+      classic_gateways: [],
+      classic_ssh_keys: [],
+      classic_vlans: [],
+      clusters: [],
+      dns: [],
+      event_streams: [],
+      f5_vsi: [],
+      fortigate_vnf: [],
+      iam_account_settings: {
+        enable: false,
+        mfa: null,
+        allowed_ip_addresses: null,
+        include_history: false,
+        if_match: null,
+        max_sessions_per_identity: null,
+        restrict_create_service_id: null,
+        restrict_create_platform_apikey: null,
+        session_expiration_in_seconds: null,
+        session_invalidation_in_seconds: null,
+      },
+      icd: [],
+      key_management: [
+        {
+          name: "kms",
+          resource_group: "service-rg",
+          use_hs_crypto: false,
+          authorize_vpc_reader_role: true,
+          use_data: false,
+          keys: [
+            {
+              key_ring: "ring",
+              name: "key",
+              root_key: true,
+              force_delete: true,
+              endpoint: "public",
+              rotation: 1,
+              dual_auth_delete: false,
+            },
+          ],
+        },
+      ],
+      load_balancers: [],
+      logdna: {
+        enabled: false,
+        plan: "7-day",
+        endpoints: "private",
+        platform_logs: false,
+        resource_group: "service-rg",
+        cos: null,
+        bucket: null,
+        name: "logdna",
+        archive: false,
+      },
+      object_storage: [],
+      power: [],
+      power_instances: [],
+      power_volumes: [],
+      resource_groups: [
+        {
+          use_prefix: true,
+          name: "service-rg",
+          use_data: false,
+        },
+        {
+          use_prefix: true,
+          name: "transit-rg",
+          use_data: false,
+        },
+      ],
+      routing_tables: [
+        {
+          routes: [
+            {
+              name: "on-prem",
+              zone: "1",
+              destination: "10.40.0.0/16",
+              action: "deliver",
+              next_hop: "10.250.0.1",
+              routing_table: "poweringress",
+              vpc: "transit",
+            },
+          ],
+          name: "poweringress",
+          vpc: "transit",
+          internet_ingress: false,
+          transit_gateway_ingress: true,
+          vpc_zone_ingress: true,
+          direct_link_ingress: false,
+          route_direct_link_ingress: false,
+          route_vpc_zone_ingress: false,
+          accept_routes_from_resource_type: [],
+        },
+      ],
+      scc: {
+        credential_description: null,
+        id: null,
+        passphrase: null,
+        name: "",
+        location: "us",
+        collector_description: null,
+        is_public: false,
+        scope_description: null,
+        enable: false,
+      },
+      scc_v2: {
+        enable: false,
+        resource_group: null,
+        region: "",
+        account_id: "${var.account_id}",
+        profile_attachments: [],
+      },
+      secrets_manager: [
+        {
+          resource_group: "service-rg",
+          use_data: true,
+          name: "Secrets Manager-vidhi",
+          plan: "standard",
+          encryption_key: null,
+          kms: null,
+          secrets: [],
+        },
+      ],
+      security_groups: [
+        {
+          vpc: "transit",
+          name: "transit-vpe",
+          resource_group: "transit-rg",
+          rules: [
+            {
+              name: "general-inbound",
+              direction: "inbound",
+              icmp: {
+                type: null,
+                code: null,
+              },
+              tcp: {
+                port_min: null,
+                port_max: null,
+              },
+              udp: {
+                port_min: null,
+                port_max: null,
+              },
+              source: "10.0.0.0/8",
+              vpc: "transit",
+              sg: "transit-vpe",
+              ruleProtocol: "all",
+              port_min: null,
+              port_max: null,
+              type: null,
+              code: null,
+            },
+            {
+              name: "powervs-inbound",
+              direction: "inbound",
+              icmp: {
+                type: null,
+                code: null,
+              },
+              tcp: {
+                port_min: null,
+                port_max: null,
+              },
+              udp: {
+                port_min: null,
+                port_max: null,
+              },
+              source: "192.168.0.0/24",
+              vpc: "transit",
+              sg: "transit-vpe",
+              ruleProtocol: "all",
+              port_min: null,
+              port_max: null,
+              type: null,
+              code: null,
+            },
+            {
+              name: "general-outbound",
+              direction: "outbound",
+              icmp: {
+                type: null,
+                code: null,
+              },
+              tcp: {
+                port_min: null,
+                port_max: null,
+              },
+              udp: {
+                port_min: null,
+                port_max: null,
+              },
+              source: "10.0.0.0/8",
+              vpc: "transit",
+              sg: "transit-vpe",
+              ruleProtocol: "all",
+              port_min: null,
+              port_max: null,
+              type: null,
+              code: null,
+            },
+          ],
+        },
+        {
+          vpc: "transit",
+          name: "transit-vsi",
+          resource_group: "transit-rg",
+          rules: [
+            {
+              name: "general-inbound",
+              direction: "inbound",
+              icmp: {
+                type: null,
+                code: null,
+              },
+              tcp: {
+                port_min: null,
+                port_max: null,
+              },
+              udp: {
+                port_min: null,
+                port_max: null,
+              },
+              source: "10.0.0.0/8",
+              vpc: "transit",
+              sg: "transit-vsi",
+              ruleProtocol: "all",
+              port_min: null,
+              port_max: null,
+              type: null,
+              code: null,
+            },
+            {
+              name: "ibm-inbound",
+              direction: "inbound",
+              icmp: {
+                type: null,
+                code: null,
+              },
+              tcp: {
+                port_min: null,
+                port_max: null,
+              },
+              udp: {
+                port_min: null,
+                port_max: null,
+              },
+              source: "161.26.0.0/16",
+              vpc: "transit",
+              sg: "transit-vsi",
+              ruleProtocol: "all",
+              port_min: null,
+              port_max: null,
+              type: null,
+              code: null,
+            },
+            {
+              name: "powervs-inbound",
+              direction: "inbound",
+              icmp: {
+                type: null,
+                code: null,
+              },
+              tcp: {
+                port_min: null,
+                port_max: null,
+              },
+              udp: {
+                port_min: null,
+                port_max: null,
+              },
+              source: "192.168.0.0/24",
+              vpc: "transit",
+              sg: "transit-vsi",
+              ruleProtocol: "all",
+              port_min: null,
+              port_max: null,
+              type: null,
+              code: null,
+            },
+            {
+              name: "all-outbound",
+              direction: "outbound",
+              icmp: {
+                type: null,
+                code: null,
+              },
+              tcp: {
+                port_min: null,
+                port_max: null,
+              },
+              udp: {
+                port_min: null,
+                port_max: null,
+              },
+              source: "0.0.0.0/0",
+              vpc: "transit",
+              sg: "transit-vsi",
+              ruleProtocol: "all",
+              port_min: null,
+              port_max: null,
+              type: null,
+              code: null,
+            },
+          ],
+        },
+      ],
+      ssh_keys: [
+        {
+          name: "vsi-ssh-key",
+          public_key: "NONE",
+          use_data: false,
+          resource_group: "transit-rg",
+        },
+      ],
+      sysdig: {
+        enabled: false,
+        plan: "graduated-tier",
+        resource_group: "service-rg",
+        name: "sysdig",
+        platform_logs: false,
+      },
+      teleport_vsi: [],
+      transit_gateways: [
+        {
+          name: "transit-gateway",
+          resource_group: "service-rg",
+          global: false,
+          connections: [
+            {
+              tgw: "transit-gateway",
+              vpc: "transit",
+            },
+          ],
+          use_data: false,
+          gre_tunnels: [],
+          prefix_filters: [],
+        },
+      ],
+      virtual_private_endpoints: [
+        {
+          name: "transit-cos",
+          service: "cos",
+          vpc: "transit",
+          resource_group: "transit-rg",
+          security_groups: ["transit-vpe"],
+          subnets: ["vpe-zone-1"],
+          instance: null,
+        },
+      ],
+      vpcs: [
+        {
+          cos: null,
+          bucket: "$disabled",
+          name: "transit",
+          resource_group: "transit-rg",
+          classic_access: false,
+          manual_address_prefix_management: true,
+          default_network_acl_name: null,
+          default_security_group_name: null,
+          default_routing_table_name: null,
+          publicGateways: [1],
+          address_prefixes: [
+            {
+              vpc: "transit",
+              zone: 1,
+              name: "transit-zone-1",
+              cidr: "10.10.0.0/22",
+            },
+          ],
+          subnets: [
+            {
+              vpc: "transit",
+              zone: 1,
+              cidr: "10.10.0.0/26",
+              name: "vsi-zone-1",
+              network_acl: "transit",
+              resource_group: "transit-rg",
+              public_gateway: true,
+              has_prefix: false,
+            },
+            {
+              vpc: "transit",
+              zone: 1,
+              cidr: "10.10.0.128/29",
+              name: "vpe-zone-1",
+              resource_group: "transit-rg",
+              network_acl: "transit",
+              public_gateway: false,
+              has_prefix: false,
+            },
+            {
+              vpc: "transit",
+              zone: 1,
+              cidr: "10.10.0.144/28",
+              name: "vpn-zone-1",
+              networkAcl: "transit",
+              resource_group: "transit-rg",
+              has_prefix: false,
+              network_acl: "transit",
+              public_gateway: false,
+            },
+          ],
+          public_gateways: [
+            {
+              vpc: "transit",
+              zone: 1,
+              resource_group: "transit-rg",
+            },
+          ],
+          acls: [
+            {
+              resource_group: "transit-rg",
+              name: "transit",
+              vpc: "transit",
+              rules: [
+                {
+                  name: "all-inbound",
+                  action: "allow",
+                  direction: "inbound",
+                  icmp: {
+                    type: null,
+                    code: null,
+                  },
+                  tcp: {
+                    port_min: null,
+                    port_max: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  udp: {
+                    port_min: null,
+                    port_max: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  source: "0.0.0.0/0",
+                  destination: "10.0.0.0/8",
+                  acl: "transit",
+                  vpc: "transit",
+                  ruleProtocol: "all",
+                  port_min: null,
+                  port_max: null,
+                  type: null,
+                  code: null,
+                  source_port_min: null,
+                  source_port_max: null,
+                },
+                {
+                  name: "all-outbound",
+                  action: "allow",
+                  direction: "outbound",
+                  icmp: {
+                    type: null,
+                    code: null,
+                  },
+                  tcp: {
+                    port_min: null,
+                    port_max: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  udp: {
+                    port_min: null,
+                    port_max: null,
+                    source_port_min: null,
+                    source_port_max: null,
+                  },
+                  source: "10.0.0.0/8",
+                  destination: "0.0.0.0/0",
+                  acl: "transit",
+                  vpc: "transit",
+                  ruleProtocol: "all",
+                  port_min: null,
+                  port_max: null,
+                  type: null,
+                  code: null,
+                  source_port_min: null,
+                  source_port_max: null,
+                },
+              ],
+              use_data: false,
+            },
+          ],
+          subnetTiers: [
+            {
+              name: "vsi",
+              zones: 1,
+            },
+            {
+              name: "vpe",
+              zones: 1,
+            },
+            {
+              name: "vpn",
+              zones: 1,
+            },
+          ],
+          use_data: false,
+        },
+      ],
+      vpn_gateways: [
+        {
+          name: "dal10gw",
+          resource_group: "transit-rg",
+          vpc: "transit",
+          subnet: "vpn-zone-1",
+          policy_mode: true,
+          connections: [
+            {
+              name: "on-prem-connection",
+              peer_cidrs: ["10.40.0.0/16"],
+              local_cidrs: [
+                "192.168.0.0/24",
+                "10.10.0.0/26",
+                "10.10.0.128/29",
+                "10.10.0.144/28",
+              ],
+              vpn: "dal10gw",
+              peer_address: "10.40.0.0",
+            },
+          ],
+          additional_prefixes: ["10.40.0.0/16"],
+        },
+      ],
+      vpn_servers: [
+        {
+          vpc: "transit",
+          subnets: ["vpn-zone-1"],
+          security_groups: ["transit-vsi"],
+          ssh_keys: [],
+          name: "test-c2s",
+          resource_group: "transit-rg",
+          method: "byo",
+          certificate_crn:
+            "crn:v1:bluemix:public:secrets-manager:us-south:a/cdefe6d99f7ea459aacb25775fb88a33:3e99268e-ea59-4893-a095-f0934c33346a:secret:aa8ebb11-bc2b-1012-1289-1516aae031e1",
+          secrets_manager: "Secrets Manager-vidhi",
+          client_ca_crn:
+            "crn:v1:bluemix:public:secrets-manager:us-south:a/cdefe6d99f7ea459aacb25775fb88a33:3e99268e-ea59-4893-a095-f0934c33346a:secret:9f132030-b6a6-78e8-dcf1-4e124befc360",
+          client_ip_pool: "192.168.0.0/16",
+          port: "443",
+          protocol: "udp",
+          enable_split_tunneling: false,
+          client_idle_timeout: null,
+          client_dns_server_ips: null,
+          zone: null,
+          additional_prefixes: [],
+          routes: [],
+        },
+      ],
+      vsi: [
+        {
+          kms: "kms",
+          encryption_key: "key",
+          image: "ibm-redhat-9-2-minimal-amd64-3",
+          image_name:
+            "Red Hat Enterprise Linux 9.x - Minimal Install (amd64) [ibm-redhat-9-2-minimal-amd64-3]",
+          profile: "cx2-2x4",
+          name: "example-deployment",
+          security_groups: ["transit-vsi"],
+          ssh_keys: ["vsi-ssh-key"],
+          vpc: "transit",
+          vsi_per_subnet: "1",
+          resource_group: "transit-rg",
+          override_vsi_name: null,
+          user_data: null,
+          network_interfaces: [],
+          subnets: ["vsi-zone-1"],
+          volumes: [],
+          subnet: "",
+          enable_floating_ip: false,
+          primary_interface_ip_spoofing: false,
+        },
+      ],
+      vtl: [],
+    });
+    let expectedData = `##############################################################################
+# Variables
+##############################################################################
+
+variable "ibmcloud_api_key" {
+  description = "The IBM Cloud platform API key needed to deploy IAM enabled resources."
+  type        = string
+  sensitive   = true
+}
+
+variable "region" {
+  description = "IBM Cloud Region where resources will be provisioned"
+  type        = string
+  default     = "us-south"
+}
+
+variable "prefix" {
+  description = "Name prefix that will be prepended to named resources"
+  type        = string
+  default     = "c2s"
+}
+
+variable "vsi_ssh_key_public_key" {
+  description = "Public SSH Key Value for Vsi SSH Key"
+  type        = string
+  sensitive   = true
+  default     = "NONE"
+}
+
+variable "dal10gw_on_prem_connection_preshared_key" {
+  description = "Preshared key for VPN Gateway dal10gw connection on-prem-connection"
+  type        = string
+  sensitive   = true
+}
+
+variable "transit_vpn_server_test_c2s_cert_pem" {
+  description = "Imported certificate PEM for Transit Vpn Server Test C 2s. Certificate will be stored in Secrets Manager"
+  type        = string
+  sensitive   = true
+}
+
+variable "transit_vpn_server_test_c2s_private_key_pem" {
+  description = "Imported certificate private key PEM for Transit Vpn Server Test C 2s. Certificate will be stored in Secrets Manager"
+  type        = string
+  sensitive   = true
+}
+
+variable "transit_vpn_server_test_c2s_intermediate_pem" {
+  description = "Imported certificate intermediate PEM for Transit Vpn Server Test C 2s. Certificate will be stored in Secrets Manager"
+  type        = string
+  sensitive   = true
+}
+
+variable "transit_vpn_server_test_c2s_client_ca_cert_pem" {
+  description = "Imported certificate client ca PEM for Transit Vpn Server Test C 2s. Certificate will be stored in Secrets Manager"
+  type        = string
+  sensitive   = true
+}
+
+variable "transit_vpn_server_test_c2s_client_ca_private_key_pem" {
+  description = "Imported certificate client ca private key PEM for Transit Vpn Server Test C 2s. Certificate will be stored in Secrets Manager"
+  type        = string
+  sensitive   = true
+}
+
+##############################################################################
+`;
+
+    assert.deepEqual(
+      actualData,
+      expectedData,
+      "it should return correct variables"
+    );
+  });
 });
diff --git a/unit-tests/json-to-iac/vpc.test.js b/unit-tests/json-to-iac/vpc.test.js
index 763e183c..ad1c6b8f 100644
--- a/unit-tests/json-to-iac/vpc.test.js
+++ b/unit-tests/json-to-iac/vpc.test.js
@@ -9,10 +9,107 @@ const {
   vpcTf,
   vpcModuleJson,
   vpcModuleTf,
+  ibmIsNetworkAcl,
 } = require("../../client/src/lib/json-to-iac/vpc");
 const f5Nw = require("../data-files/f5-nw.json");
 
 describe("vpc", () => {
+  describe("ibmIsNetworkAcl", () => {
+    it("should be fine when rule does not have protocol object", () => {
+      let task = () =>
+        ibmIsNetworkAcl(
+          {
+            name: "management",
+            resource_group: "slz-management-rg",
+            vpc: "management",
+            rules: [
+              {
+                acl: "management",
+                vpc: "management",
+                action: "allow",
+                destination: "10.0.0.0/8",
+                direction: "inbound",
+                name: "allow-ibm-inbound",
+                source: "161.26.0.0/16",
+              },
+              {
+                acl: "management",
+                vpc: "management",
+                action: "allow",
+                destination: "10.0.0.0/8",
+                direction: "inbound",
+                name: "allow-ibm-inbound-8080",
+                source: "161.26.0.0/16",
+              },
+              {
+                acl: "management",
+                vpc: "management",
+                action: "allow",
+                destination: "10.0.0.0/8",
+                direction: "inbound",
+                name: "allow-ibm-inbound-8080",
+                source: "161.26.0.0/16",
+                icmp: {
+                  type: null,
+                  code: null,
+                },
+                udp: {
+                  port_min: 8080,
+                  port_max: null,
+                  source_port_min: null,
+                  source_port_max: null,
+                },
+                tcp: null,
+              },
+              {
+                acl: "management",
+                vpc: "management",
+                action: "allow",
+                destination: "10.0.0.0/8",
+                direction: "inbound",
+                name: "allow-ibm-inbound-8080",
+                source: "161.26.0.0/16",
+                icmp: {
+                  type: 1,
+                  code: 2,
+                },
+                udp: {
+                  port_min: null,
+                  port_max: null,
+                  source_port_min: null,
+                  source_port_max: null,
+                },
+                tcp: {
+                  port_min: null,
+                  port_max: null,
+                  source_port_min: null,
+                  source_port_max: null,
+                },
+              },
+            ],
+          },
+          {
+            _options: {
+              region: "us-south",
+              prefix: "iac",
+              tags: ["hello", "world"],
+            },
+            resource_groups: [
+              {
+                use_data: false,
+                name: "slz-management-rg",
+              },
+            ],
+            vpcs: [
+              {
+                name: "managment",
+              },
+            ],
+          }
+        );
+      assert.doesNotThrow(task, "it should not throw an error");
+    });
+  });
   describe("formatVpc", () => {
     it("should create vpc terraform", () => {
       let actualData = formatVpc(
@@ -4269,7 +4366,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "main.tf":
             '##############################################################################\n# Customer AVPC\n##############################################################################\n\nresource "ibm_is_vpc" "customer_a_vpc" {\n  name                        = "${var.prefix}-customer-a-vpc"\n  resource_group              = var.craig_rg_id\n  tags                        = var.tags\n  no_sg_acl_rules             = true\n  default_network_acl_name    = null\n  default_security_group_name = null\n  default_routing_table_name  = null\n}\n\nresource "ibm_is_vpc_address_prefix" "customer_a_subnet_tier_zone_1_prefix" {\n  name = "${var.prefix}-customer-a-subnet-tier-zone-1"\n  vpc  = ibm_is_vpc.customer_a_vpc.id\n  zone = "${var.region}-1"\n  cidr = "10.10.10.0/24"\n}\n\nresource "ibm_is_vpc_address_prefix" "customer_a_subnet_tier_zone_2_prefix" {\n  name = "${var.prefix}-customer-a-subnet-tier-zone-2"\n  vpc  = ibm_is_vpc.customer_a_vpc.id\n  zone = "${var.region}-2"\n  cidr = "10.20.10.0/24"\n}\n\nresource "ibm_is_public_gateway" "customer_a_gateway_zone_2" {\n  name           = "${var.prefix}-customer-a-gateway-zone-2"\n  vpc            = ibm_is_vpc.customer_a_vpc.id\n  resource_group = var.craig_rg_id\n  zone           = "${var.region}-2"\n  tags           = var.tags\n}\n\nresource "ibm_is_subnet" "customer_a_subnet_tier_zone_1" {\n  vpc             = ibm_is_vpc.customer_a_vpc.id\n  name            = "${var.prefix}-customer-a-subnet-tier-zone-1"\n  zone            = "${var.region}-1"\n  resource_group  = var.craig_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.customer_a_subnet_acl_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.customer_a_subnet_tier_zone_1_prefix.cidr\n}\n\nresource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {\n  vpc             = ibm_is_vpc.customer_a_vpc.id\n  name            = "${var.prefix}-customer-a-subnet-tier-zone-2"\n  zone            = "${var.region}-2"\n  resource_group  = var.craig_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.customer_a_subnet_acl_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.customer_a_subnet_tier_zone_2_prefix.cidr\n  public_gateway  = ibm_is_public_gateway.customer_a_gateway_zone_2.id\n}\n\n##############################################################################\n',
           "versions.tf":
-            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.61.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.63.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
           "variables.tf":
             '##############################################################################\n# Customer AVPC Variables\n##############################################################################\n\nvariable "tags" {\n  description = "List of tags"\n  type        = list(string)\n}\n\nvariable "region" {\n  description = "IBM Cloud Region where resources will be provisioned"\n  type        = string\n}\n\nvariable "prefix" {\n  description = "Name prefix that will be prepended to named resources"\n  type        = string\n}\n\nvariable "craig_rg_id" {\n  description = "ID for the resource group craig-rg"\n  type        = string\n}\n\n##############################################################################\n',
           "acl_customer_a_subnet_acl.tf":
@@ -4277,7 +4374,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "sg_vsi_sg.tf":
             '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\nresource "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n  name           = "${var.prefix}-customer-a-vsi-sg-sg"\n  vpc            = ibm_is_vpc.customer_a_vpc.id\n  resource_group = var.craig_rg_id\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  tcp {\n    port_min = 22\n    port_max = 22\n  }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  icmp {\n    type = 8\n    code = 8\n  }\n}\n\n##############################################################################\n',
           "outputs.tf":
-            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "id" {\n  value = ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_id" {\n  value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "name" {\n  value = ibm_is_vpc.customer_a_vpc.name\n}\n\noutput "id" {\n  value = ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_name" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.name\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_name" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.name\n}\n\noutput "subnet_tier_zone_2_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_name" {\n  value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.name\n}\n\noutput "vsi_sg_id" {\n  value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
         },
         "main.tf":
           '##############################################################################\n# Customer AVPC Module\n##############################################################################\n\nmodule "customer_a_vpc" {\n  source      = "./customer_a_vpc"\n  region      = var.region\n  prefix      = var.prefix\n  craig_rg_id = ibm_resource_group.craig_rg.id\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\n##############################################################################\n',
@@ -4688,7 +4785,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "main.tf":
             '##############################################################################\n# Customer AVPC\n##############################################################################\n\ndata "ibm_is_vpc" "customer_a_vpc" {\n  name = "customer-a"\n}\n\nresource "ibm_is_vpc_address_prefix" "customer_a_subnet_tier_zone_1_prefix" {\n  name = "${var.prefix}-customer-a-subnet-tier-zone-1"\n  vpc  = data.ibm_is_vpc.customer_a_vpc.id\n  zone = "${var.region}-1"\n  cidr = "10.10.10.0/24"\n}\n\nresource "ibm_is_vpc_address_prefix" "customer_a_subnet_tier_zone_2_prefix" {\n  name = "${var.prefix}-customer-a-subnet-tier-zone-2"\n  vpc  = data.ibm_is_vpc.customer_a_vpc.id\n  zone = "${var.region}-2"\n  cidr = "10.20.10.0/24"\n}\n\nresource "ibm_is_public_gateway" "customer_a_gateway_zone_2" {\n  name           = "${var.prefix}-customer-a-gateway-zone-2"\n  vpc            = ibm_is_vpc.customer_a_vpc.id\n  resource_group = var.craig_rg_id\n  zone           = "${var.region}-2"\n  tags           = var.tags\n}\n\nresource "ibm_is_subnet" "customer_a_subnet_tier_zone_1" {\n  vpc             = data.ibm_is_vpc.customer_a_vpc.id\n  name            = "${var.prefix}-customer-a-subnet-tier-zone-1"\n  zone            = "${var.region}-1"\n  resource_group  = var.craig_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.customer_a_subnet_acl_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.customer_a_subnet_tier_zone_1_prefix.cidr\n}\n\nresource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {\n  vpc             = data.ibm_is_vpc.customer_a_vpc.id\n  name            = "${var.prefix}-customer-a-subnet-tier-zone-2"\n  zone            = "${var.region}-2"\n  resource_group  = var.craig_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.customer_a_subnet_acl_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.customer_a_subnet_tier_zone_2_prefix.cidr\n  public_gateway  = ibm_is_public_gateway.customer_a_gateway_zone_2.id\n}\n\n##############################################################################\n',
           "versions.tf":
-            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.61.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.63.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
           "variables.tf":
             '##############################################################################\n# Customer AVPC Variables\n##############################################################################\n\nvariable "tags" {\n  description = "List of tags"\n  type        = list(string)\n}\n\nvariable "region" {\n  description = "IBM Cloud Region where resources will be provisioned"\n  type        = string\n}\n\nvariable "prefix" {\n  description = "Name prefix that will be prepended to named resources"\n  type        = string\n}\n\nvariable "craig_rg_id" {\n  description = "ID for the resource group craig-rg"\n  type        = string\n}\n\n##############################################################################\n',
           "acl_customer_a_subnet_acl.tf":
@@ -4696,7 +4793,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "sg_vsi_sg.tf":
             '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\nresource "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n  name           = "${var.prefix}-customer-a-vsi-sg-sg"\n  vpc            = ibm_is_vpc.customer_a_vpc.id\n  resource_group = var.craig_rg_id\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  tcp {\n    port_min = 22\n    port_max = 22\n  }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  icmp {\n    type = 8\n    code = 8\n  }\n}\n\n##############################################################################\n',
           "outputs.tf":
-            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "id" {\n  value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_id" {\n  value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "name" {\n  value = data.ibm_is_vpc.customer_a_vpc.name\n}\n\noutput "id" {\n  value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_name" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.name\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_name" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.name\n}\n\noutput "subnet_tier_zone_2_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_name" {\n  value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.name\n}\n\noutput "vsi_sg_id" {\n  value = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
         },
         "main.tf":
           '##############################################################################\n# Customer AVPC Module\n##############################################################################\n\nmodule "customer_a_vpc" {\n  source      = "./customer_a_vpc"\n  region      = var.region\n  prefix      = var.prefix\n  craig_rg_id = ibm_resource_group.craig_rg.id\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\n##############################################################################\n',
@@ -5108,7 +5205,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "main.tf":
             '##############################################################################\n# Customer AVPC\n##############################################################################\n\ndata "ibm_is_vpc" "customer_a_vpc" {\n  name = "customer-a"\n}\n\nresource "ibm_is_vpc_address_prefix" "customer_a_subnet_tier_zone_1_prefix" {\n  name = "${var.prefix}-customer-a-subnet-tier-zone-1"\n  vpc  = data.ibm_is_vpc.customer_a_vpc.id\n  zone = "${var.region}-1"\n  cidr = "10.10.10.0/24"\n}\n\nresource "ibm_is_vpc_address_prefix" "customer_a_subnet_tier_zone_2_prefix" {\n  name = "${var.prefix}-customer-a-subnet-tier-zone-2"\n  vpc  = data.ibm_is_vpc.customer_a_vpc.id\n  zone = "${var.region}-2"\n  cidr = "10.20.10.0/24"\n}\n\nresource "ibm_is_public_gateway" "customer_a_gateway_zone_2" {\n  name           = "${var.prefix}-customer-a-gateway-zone-2"\n  vpc            = ibm_is_vpc.customer_a_vpc.id\n  resource_group = var.craig_rg_id\n  zone           = "${var.region}-2"\n  tags           = var.tags\n}\n\nresource "ibm_is_subnet" "customer_a_subnet_tier_zone_1" {\n  vpc             = data.ibm_is_vpc.customer_a_vpc.id\n  name            = "${var.prefix}-customer-a-subnet-tier-zone-1"\n  zone            = "${var.region}-1"\n  resource_group  = var.craig_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.customer_a_subnet_acl_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.customer_a_subnet_tier_zone_1_prefix.cidr\n}\n\nresource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {\n  vpc             = data.ibm_is_vpc.customer_a_vpc.id\n  name            = "${var.prefix}-customer-a-subnet-tier-zone-2"\n  zone            = "${var.region}-2"\n  resource_group  = var.craig_rg_id\n  tags            = var.tags\n  network_acl     = ibm_is_network_acl.customer_a_subnet_acl_acl.id\n  ipv4_cidr_block = ibm_is_vpc_address_prefix.customer_a_subnet_tier_zone_2_prefix.cidr\n  public_gateway  = ibm_is_public_gateway.customer_a_gateway_zone_2.id\n}\n\n##############################################################################\n',
           "versions.tf":
-            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.61.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.63.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
           "variables.tf":
             '##############################################################################\n# Customer AVPC Variables\n##############################################################################\n\nvariable "tags" {\n  description = "List of tags"\n  type        = list(string)\n}\n\nvariable "region" {\n  description = "IBM Cloud Region where resources will be provisioned"\n  type        = string\n}\n\nvariable "prefix" {\n  description = "Name prefix that will be prepended to named resources"\n  type        = string\n}\n\nvariable "craig_rg_id" {\n  description = "ID for the resource group craig-rg"\n  type        = string\n}\n\n##############################################################################\n',
           "acl_customer_a_subnet_acl.tf":
@@ -5116,7 +5213,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "sg_vsi_sg.tf":
             '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\ndata "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n  name = "vsi-sg"\n  vpc  = data.ibm_is_vpc.customer_a_vpc.id\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  tcp {\n    port_min = 22\n    port_max = 22\n  }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  icmp {\n    type = 8\n    code = 8\n  }\n}\n\n##############################################################################\n',
           "outputs.tf":
-            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "id" {\n  value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_id" {\n  value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "name" {\n  value = data.ibm_is_vpc.customer_a_vpc.name\n}\n\noutput "id" {\n  value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_name" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.name\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "subnet_tier_zone_2_name" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.name\n}\n\noutput "subnet_tier_zone_2_id" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.id\n}\n\noutput "subnet_tier_zone_2_crn" {\n  value = ibm_is_subnet.customer_a_subnet_tier_zone_2.crn\n}\n\noutput "vsi_sg_name" {\n  value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.name\n}\n\noutput "vsi_sg_id" {\n  value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
         },
         "main.tf":
           '##############################################################################\n# Customer AVPC Module\n##############################################################################\n\nmodule "customer_a_vpc" {\n  source      = "./customer_a_vpc"\n  region      = var.region\n  prefix      = var.prefix\n  craig_rg_id = ibm_resource_group.craig_rg.id\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\n##############################################################################\n',
@@ -5492,7 +5589,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "main.tf":
             '##############################################################################\n# Customer AVPC\n##############################################################################\n\ndata "ibm_is_vpc" "customer_a_vpc" {\n  name = "customer-a"\n}\n\nresource "ibm_is_public_gateway" "customer_a_gateway_zone_2" {\n  name           = "${var.prefix}-customer-a-gateway-zone-2"\n  vpc            = ibm_is_vpc.customer_a_vpc.id\n  resource_group = var.craig_rg_id\n  zone           = "${var.region}-2"\n  tags           = var.tags\n}\n\ndata "ibm_is_subnet" "customer_a_subnet_tier_zone_1" {\n  name = "subnet-tier-zone-1"\n}\n\n##############################################################################\n',
           "versions.tf":
-            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.61.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Terraform Providers\n##############################################################################\n\nterraform {\n  required_providers {\n    ibm = {\n      source  = "IBM-Cloud/ibm"\n      version = "~>1.63.0"\n    }\n  }\n  required_version = ">=1.5"\n}\n\n##############################################################################\n',
           "variables.tf":
             '##############################################################################\n# Customer AVPC Variables\n##############################################################################\n\nvariable "tags" {\n  description = "List of tags"\n  type        = list(string)\n}\n\nvariable "region" {\n  description = "IBM Cloud Region where resources will be provisioned"\n  type        = string\n}\n\nvariable "prefix" {\n  description = "Name prefix that will be prepended to named resources"\n  type        = string\n}\n\nvariable "craig_rg_id" {\n  description = "ID for the resource group craig-rg"\n  type        = string\n}\n\n##############################################################################\n',
           "acl_customer_a_subnet_acl.tf":
@@ -5500,7 +5597,7 @@ resource "ibm_is_subnet" "customer_a_subnet_tier_zone_2" {
           "sg_vsi_sg.tf":
             '##############################################################################\n# Security Group VSI Sg\n##############################################################################\n\ndata "ibm_is_security_group" "customer_a_vpc_vsi_sg_sg" {\n  name = "vsi-sg"\n  vpc  = data.ibm_is_vpc.customer_a_vpc.id\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ssh" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  tcp {\n    port_min = 22\n    port_max = 22\n  }\n}\n\nresource "ibm_is_security_group_rule" "customer_a_vpc_vsi_sg_sg_rule_ping" {\n  group     = ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n  remote    = "0.0.0.0"\n  direction = "inbound"\n  icmp {\n    type = 8\n    code = 8\n  }\n}\n\n##############################################################################\n',
           "outputs.tf":
-            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "id" {\n  value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "vsi_sg_id" {\n  value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
+            '##############################################################################\n# Customer AVPC Outputs\n##############################################################################\n\noutput "name" {\n  value = data.ibm_is_vpc.customer_a_vpc.name\n}\n\noutput "id" {\n  value = data.ibm_is_vpc.customer_a_vpc.id\n}\n\noutput "crn" {\n  value = data.ibm_is_vpc.customer_a_vpc.crn\n}\n\noutput "subnet_tier_zone_1_name" {\n  value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.name\n}\n\noutput "subnet_tier_zone_1_id" {\n  value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.id\n}\n\noutput "subnet_tier_zone_1_crn" {\n  value = data.ibm_is_subnet.customer_a_subnet_tier_zone_1.crn\n}\n\noutput "vsi_sg_name" {\n  value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.name\n}\n\noutput "vsi_sg_id" {\n  value = data.ibm_is_security_group.customer_a_vpc_vsi_sg_sg.id\n}\n\n##############################################################################\n',
         },
         "main.tf":
           '##############################################################################\n# Customer AVPC Module\n##############################################################################\n\nmodule "customer_a_vpc" {\n  source      = "./customer_a_vpc"\n  region      = var.region\n  prefix      = var.prefix\n  craig_rg_id = ibm_resource_group.craig_rg.id\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\n##############################################################################\n',
diff --git a/unit-tests/json-to-iac/vpn-server.test.js b/unit-tests/json-to-iac/vpn-server.test.js
index 10a19030..31c12bf7 100644
--- a/unit-tests/json-to-iac/vpn-server.test.js
+++ b/unit-tests/json-to-iac/vpn-server.test.js
@@ -281,6 +281,16 @@ resource "ibm_sm_imported_certificate" "management_vpn_server_abc_imported_certi
   intermediate = var.management_vpn_server_abc_intermediate_pem
 }
 
+resource "ibm_sm_imported_certificate" "management_vpn_server_abc_client_ca_imported_certificate" {
+  instance_id  = ibm_resource_instance.secrets_manager_secrets_manager.guid
+  region       = var.region
+  name         = "\${var.prefix}-management-abc-server-client-ca-cert"
+  description  = "Secret for \${var.prefix} Management Abc Server Client CA authentication"
+  certificate  = var.management_vpn_server_abc_client_ca_cert_pem
+  private_key  = var.management_vpn_server_abc_client_ca_private_key_pem
+  intermediate = var.management_vpn_server_abc_intermediate_pem
+}
+
 resource "ibm_is_vpn_server" "management_vpn_server_abc" {
   certificate_crn        = ibm_sm_imported_certificate.management_vpn_server_abc_imported_certificate.crn
   client_idle_timeout    = 2000
@@ -292,7 +302,81 @@ resource "ibm_is_vpn_server" "management_vpn_server_abc" {
   resource_group         = ibm_resource_group.slz_management_rg.id
   client_authentication {
     method        = "certificate"
-    client_ca_crn = ibm_sm_imported_certificate.management_vpn_server_abc_imported_certificate.crn
+    client_ca_crn = ibm_sm_imported_certificate.management_vpn_server_abc_client_ca_imported_certificate.crn
+  }
+  client_dns_server_ips = [
+    "optional"
+  ]
+  subnets = [
+    module.management_vpc.vsi_zone_1_id
+  ]
+  security_groups = [
+    module.management_vpc.management_vpe_sg_id
+  ]
+}
+`;
+      assert.deepEqual(actualData, expectedData, "should return correct data");
+    });
+    it("should return correct tf for vpn server using bring your own certificate and secrets manager from data", () => {
+      slzNetwork.secrets_manager.push({
+        use_data: true,
+        name: "secrets-manager",
+      });
+      let actualData = formatVpnServer(
+        {
+          name: "abc",
+          certificate_crn: "xyz",
+          method: "certificate",
+          client_ca_crn: "hij",
+          client_ip_pool: "xyz",
+          client_dns_server_ips: "optional",
+          client_idle_timeout: 2000,
+          enable_split_tunneling: true,
+          port: 255,
+          protocol: "udp",
+          resource_group: "slz-management-rg",
+          security_groups: ["management-vpe-sg"],
+          subnets: ["vsi-zone-1"],
+          vpc: "management",
+          routes: [],
+          bring_your_own_cert: true,
+          secrets_manager: "secrets-manager",
+        },
+        slzNetwork
+      );
+      let expectedData = `
+resource "ibm_sm_imported_certificate" "management_vpn_server_abc_imported_certificate" {
+  instance_id  = data.ibm_resource_instance.secrets_manager_secrets_manager.guid
+  region       = var.region
+  name         = "\${var.prefix}-management-abc-server-cert"
+  description  = "Secret for \${var.prefix} Management Abc Server authentication"
+  certificate  = var.management_vpn_server_abc_cert_pem
+  private_key  = var.management_vpn_server_abc_private_key_pem
+  intermediate = var.management_vpn_server_abc_intermediate_pem
+}
+
+resource "ibm_sm_imported_certificate" "management_vpn_server_abc_client_ca_imported_certificate" {
+  instance_id  = data.ibm_resource_instance.secrets_manager_secrets_manager.guid
+  region       = var.region
+  name         = "\${var.prefix}-management-abc-server-client-ca-cert"
+  description  = "Secret for \${var.prefix} Management Abc Server Client CA authentication"
+  certificate  = var.management_vpn_server_abc_client_ca_cert_pem
+  private_key  = var.management_vpn_server_abc_client_ca_private_key_pem
+  intermediate = var.management_vpn_server_abc_intermediate_pem
+}
+
+resource "ibm_is_vpn_server" "management_vpn_server_abc" {
+  certificate_crn        = ibm_sm_imported_certificate.management_vpn_server_abc_imported_certificate.crn
+  client_idle_timeout    = 2000
+  client_ip_pool         = "xyz"
+  enable_split_tunneling = true
+  name                   = "\${var.prefix}-management-abc-server"
+  port                   = 255
+  protocol               = "udp"
+  resource_group         = ibm_resource_group.slz_management_rg.id
+  client_authentication {
+    method        = "certificate"
+    client_ca_crn = ibm_sm_imported_certificate.management_vpn_server_abc_client_ca_imported_certificate.crn
   }
   client_dns_server_ips = [
     "optional"
@@ -308,6 +392,12 @@ resource "ibm_is_vpn_server" "management_vpn_server_abc" {
       assert.deepEqual(actualData, expectedData, "should return correct data");
     });
     it("should return correct tf for vpn server using bring your own certificate from method", () => {
+      slzNetwork.secrets_manager = [
+        {
+          name: "secrets-manager",
+          use_data: false,
+        },
+      ];
       let actualData = formatVpnServer(
         {
           name: "abc",
@@ -340,6 +430,16 @@ resource "ibm_sm_imported_certificate" "management_vpn_server_abc_imported_certi
   intermediate = var.management_vpn_server_abc_intermediate_pem
 }
 
+resource "ibm_sm_imported_certificate" "management_vpn_server_abc_client_ca_imported_certificate" {
+  instance_id  = ibm_resource_instance.secrets_manager_secrets_manager.guid
+  region       = var.region
+  name         = "\${var.prefix}-management-abc-server-client-ca-cert"
+  description  = "Secret for \${var.prefix} Management Abc Server Client CA authentication"
+  certificate  = var.management_vpn_server_abc_client_ca_cert_pem
+  private_key  = var.management_vpn_server_abc_client_ca_private_key_pem
+  intermediate = var.management_vpn_server_abc_intermediate_pem
+}
+
 resource "ibm_is_vpn_server" "management_vpn_server_abc" {
   certificate_crn        = ibm_sm_imported_certificate.management_vpn_server_abc_imported_certificate.crn
   client_idle_timeout    = 2000
@@ -351,7 +451,7 @@ resource "ibm_is_vpn_server" "management_vpn_server_abc" {
   resource_group         = ibm_resource_group.slz_management_rg.id
   client_authentication {
     method        = "certificate"
-    client_ca_crn = ibm_sm_imported_certificate.management_vpn_server_abc_imported_certificate.crn
+    client_ca_crn = ibm_sm_imported_certificate.management_vpn_server_abc_client_ca_imported_certificate.crn
   }
   client_dns_server_ips = [
     "optional"
@@ -471,6 +571,280 @@ resource "ibm_sm_imported_certificate" "DANGER_management_vpn_server_abc_dev_cer
 
 ##############################################################################
 
+resource "ibm_is_vpn_server" "management_vpn_server_abc" {
+  certificate_crn        = ibm_sm_imported_certificate.DANGER_management_vpn_server_abc_dev_cert.crn
+  client_idle_timeout    = 2000
+  client_ip_pool         = "xyz"
+  enable_split_tunneling = true
+  name                   = "\${var.prefix}-management-abc-server"
+  port                   = 255
+  protocol               = "udp"
+  resource_group         = ibm_resource_group.slz_management_rg.id
+  client_authentication {
+    method        = "certificate"
+    client_ca_crn = ibm_sm_imported_certificate.DANGER_management_vpn_server_abc_dev_cert.crn
+  }
+  client_dns_server_ips = [
+    "optional"
+  ]
+  subnets = [
+    module.management_vpc.vsi_zone_1_id
+  ]
+  security_groups = [
+    module.management_vpc.management_vpe_sg_id
+  ]
+}
+`;
+      assert.deepEqual(actualData, expectedData, "should return correct data");
+    });
+    it("should return correct tf for vpn server using developer certificate", () => {
+      slzNetwork.secrets_manager = [
+        {
+          name: "secrets-manager",
+          use_data: false,
+        },
+      ];
+      let actualData = formatVpnServer(
+        {
+          name: "abc",
+          certificate_crn: "xyz",
+          method: "certificate",
+          client_ca_crn: "hij",
+          client_ip_pool: "xyz",
+          client_dns_server_ips: "optional",
+          client_idle_timeout: 2000,
+          enable_split_tunneling: true,
+          port: 255,
+          protocol: "udp",
+          resource_group: "slz-management-rg",
+          security_groups: ["management-vpe-sg"],
+          subnets: ["vsi-zone-1"],
+          vpc: "management",
+          routes: [],
+          DANGER_developer_certificate: true,
+          secrets_manager: "secrets-manager",
+        },
+        slzNetwork
+      );
+      let expectedData = `##############################################################################
+# DANGER ZONE - DEVELOPMENT ONLY - DO NOT USE IN PRODUCTION
+##############################################################################
+
+resource "tls_private_key" "DANGER_management_vpn_abc_ca_key" {
+  algorithm = "RSA"
+}
+
+resource "tls_private_key" "DANGER_management_vpn_abc_client_key" {
+  algorithm = "RSA"
+}
+
+resource "tls_private_key" "DANGER_management_vpn_abc_server_key" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "DANGER_management_vpn_abc_ca_cert" {
+  is_ca_certificate     = true
+  private_key_pem       = tls_private_key.DANGER_management_vpn_abc_ca_key.private_key_pem
+  validity_period_hours = 3 * 365 * 24
+  subject {
+    common_name  = "My Cert Authority"
+    organization = "My, Inc"
+  }
+  allowed_uses = [
+    "cert_signing",
+    "crl_signing"
+  ]
+}
+
+resource "tls_cert_request" "DANGER_management_vpn_abc_client_request" {
+  private_key_pem = tls_private_key.DANGER_management_vpn_abc_client_key.private_key_pem
+  subject {
+    common_name  = "my.vpn.client"
+    organization = "My, Inc"
+  }
+}
+
+resource "tls_cert_request" "DANGER_management_vpn_abc_server_request" {
+  private_key_pem = tls_private_key.DANGER_management_vpn_abc_server_key.private_key_pem
+  subject {
+    common_name  = "my.vpn.server"
+    organization = "My, Inc"
+  }
+}
+
+resource "tls_locally_signed_cert" "DANGER_management_vpn_abc_client_cert" {
+  cert_request_pem      = tls_cert_request.DANGER_management_vpn_abc_client_request.cert_request_pem
+  ca_private_key_pem    = tls_private_key.DANGER_management_vpn_abc_ca_key.private_key_pem
+  ca_cert_pem           = tls_self_signed_cert.DANGER_management_vpn_abc_ca_cert.cert_pem
+  validity_period_hours = 3 * 365 * 24
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "client_auth"
+  ]
+}
+
+resource "tls_locally_signed_cert" "DANGER_management_vpn_abc_server_cert" {
+  cert_request_pem      = tls_cert_request.DANGER_management_vpn_abc_server_request.cert_request_pem
+  ca_private_key_pem    = tls_private_key.DANGER_management_vpn_abc_ca_key.private_key_pem
+  ca_cert_pem           = tls_self_signed_cert.DANGER_management_vpn_abc_ca_cert.cert_pem
+  validity_period_hours = 3 * 365 * 24
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth"
+  ]
+}
+
+resource "ibm_sm_imported_certificate" "DANGER_management_vpn_server_abc_dev_cert" {
+  instance_id  = ibm_resource_instance.secrets_manager_secrets_manager.guid
+  region       = var.region
+  name         = "\${var.prefix}-management-abc-server-dev-cert"
+  description  = "DANGER - INSECURE - FOR DEVELOPMENT USE ONLY - Secret for \${var.prefix} Management Abc Server authentication"
+  certificate  = tls_locally_signed_cert.DANGER_management_vpn_abc_server_cert.cert_pem
+  private_key  = tls_private_key.DANGER_management_vpn_abc_server_key.private_key_pem
+  intermediate = tls_self_signed_cert.DANGER_management_vpn_abc_ca_cert.cert_pem
+}
+
+##############################################################################
+
+resource "ibm_is_vpn_server" "management_vpn_server_abc" {
+  certificate_crn        = ibm_sm_imported_certificate.DANGER_management_vpn_server_abc_dev_cert.crn
+  client_idle_timeout    = 2000
+  client_ip_pool         = "xyz"
+  enable_split_tunneling = true
+  name                   = "\${var.prefix}-management-abc-server"
+  port                   = 255
+  protocol               = "udp"
+  resource_group         = ibm_resource_group.slz_management_rg.id
+  client_authentication {
+    method        = "certificate"
+    client_ca_crn = ibm_sm_imported_certificate.DANGER_management_vpn_server_abc_dev_cert.crn
+  }
+  client_dns_server_ips = [
+    "optional"
+  ]
+  subnets = [
+    module.management_vpc.vsi_zone_1_id
+  ]
+  security_groups = [
+    module.management_vpc.management_vpe_sg_id
+  ]
+}
+`;
+      assert.deepEqual(actualData, expectedData, "should return correct data");
+    });
+    it("should return correct tf for vpn server using developer certificate with secrets manager from data", () => {
+      slzNetwork.secrets_manager = [
+        {
+          name: "secrets-manager",
+          use_data: true,
+        },
+      ];
+      let actualData = formatVpnServer(
+        {
+          name: "abc",
+          certificate_crn: "xyz",
+          method: "certificate",
+          client_ca_crn: "hij",
+          client_ip_pool: "xyz",
+          client_dns_server_ips: "optional",
+          client_idle_timeout: 2000,
+          enable_split_tunneling: true,
+          port: 255,
+          protocol: "udp",
+          resource_group: "slz-management-rg",
+          security_groups: ["management-vpe-sg"],
+          subnets: ["vsi-zone-1"],
+          vpc: "management",
+          routes: [],
+          DANGER_developer_certificate: true,
+          secrets_manager: "secrets-manager",
+        },
+        slzNetwork
+      );
+      let expectedData = `##############################################################################
+# DANGER ZONE - DEVELOPMENT ONLY - DO NOT USE IN PRODUCTION
+##############################################################################
+
+resource "tls_private_key" "DANGER_management_vpn_abc_ca_key" {
+  algorithm = "RSA"
+}
+
+resource "tls_private_key" "DANGER_management_vpn_abc_client_key" {
+  algorithm = "RSA"
+}
+
+resource "tls_private_key" "DANGER_management_vpn_abc_server_key" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "DANGER_management_vpn_abc_ca_cert" {
+  is_ca_certificate     = true
+  private_key_pem       = tls_private_key.DANGER_management_vpn_abc_ca_key.private_key_pem
+  validity_period_hours = 3 * 365 * 24
+  subject {
+    common_name  = "My Cert Authority"
+    organization = "My, Inc"
+  }
+  allowed_uses = [
+    "cert_signing",
+    "crl_signing"
+  ]
+}
+
+resource "tls_cert_request" "DANGER_management_vpn_abc_client_request" {
+  private_key_pem = tls_private_key.DANGER_management_vpn_abc_client_key.private_key_pem
+  subject {
+    common_name  = "my.vpn.client"
+    organization = "My, Inc"
+  }
+}
+
+resource "tls_cert_request" "DANGER_management_vpn_abc_server_request" {
+  private_key_pem = tls_private_key.DANGER_management_vpn_abc_server_key.private_key_pem
+  subject {
+    common_name  = "my.vpn.server"
+    organization = "My, Inc"
+  }
+}
+
+resource "tls_locally_signed_cert" "DANGER_management_vpn_abc_client_cert" {
+  cert_request_pem      = tls_cert_request.DANGER_management_vpn_abc_client_request.cert_request_pem
+  ca_private_key_pem    = tls_private_key.DANGER_management_vpn_abc_ca_key.private_key_pem
+  ca_cert_pem           = tls_self_signed_cert.DANGER_management_vpn_abc_ca_cert.cert_pem
+  validity_period_hours = 3 * 365 * 24
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "client_auth"
+  ]
+}
+
+resource "tls_locally_signed_cert" "DANGER_management_vpn_abc_server_cert" {
+  cert_request_pem      = tls_cert_request.DANGER_management_vpn_abc_server_request.cert_request_pem
+  ca_private_key_pem    = tls_private_key.DANGER_management_vpn_abc_ca_key.private_key_pem
+  ca_cert_pem           = tls_self_signed_cert.DANGER_management_vpn_abc_ca_cert.cert_pem
+  validity_period_hours = 3 * 365 * 24
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth"
+  ]
+}
+
+resource "ibm_sm_imported_certificate" "DANGER_management_vpn_server_abc_dev_cert" {
+  instance_id  = data.ibm_resource_instance.secrets_manager_secrets_manager.guid
+  region       = var.region
+  name         = "\${var.prefix}-management-abc-server-dev-cert"
+  description  = "DANGER - INSECURE - FOR DEVELOPMENT USE ONLY - Secret for \${var.prefix} Management Abc Server authentication"
+  certificate  = tls_locally_signed_cert.DANGER_management_vpn_abc_server_cert.cert_pem
+  private_key  = tls_private_key.DANGER_management_vpn_abc_server_key.private_key_pem
+  intermediate = tls_self_signed_cert.DANGER_management_vpn_abc_ca_cert.cert_pem
+}
+
+##############################################################################
+
 resource "ibm_is_vpn_server" "management_vpn_server_abc" {
   certificate_crn        = ibm_sm_imported_certificate.DANGER_management_vpn_server_abc_dev_cert.crn
   client_idle_timeout    = 2000
@@ -498,6 +872,7 @@ resource "ibm_is_vpn_server" "management_vpn_server_abc" {
       assert.deepEqual(actualData, expectedData, "should return correct data");
     });
     it("should return correct tf for vpn server using developer certificate from method", () => {
+      slzNetwork.secrets_manager = [];
       let actualData = formatVpnServer(
         {
           name: "abc",
diff --git a/unit-tests/json-to-iac/vsi.test.js b/unit-tests/json-to-iac/vsi.test.js
index 42300c4b..f440cb90 100644
--- a/unit-tests/json-to-iac/vsi.test.js
+++ b/unit-tests/json-to-iac/vsi.test.js
@@ -1563,7 +1563,7 @@ resource "ibm_is_instance" "management_vpc_management_server_vsi_1_1" {
 ##############################################################################
 
 ##############################################################################
-# Optionally Add Floating IPs
+# Floating IPs
 ##############################################################################
 
 resource "ibm_is_floating_ip" "management_vpc_management_server_vsi_1_1_fip" {
diff --git a/unit-tests/slz-to-craig.test.js b/unit-tests/slz-to-craig.test.js
index 8877b97c..abeac48e 100644
--- a/unit-tests/slz-to-craig.test.js
+++ b/unit-tests/slz-to-craig.test.js
@@ -4,6 +4,7 @@ const { transpose } = require("lazy-z");
 const slz = require("./data-files/slz-convert.json");
 const slzMin = require("./data-files/slz-minimum-valid-json.json");
 const craigFromMin = require("./data-files/craig-from-slz-minimum-json.json");
+const { configToFilesJson } = require("../client/src/lib");
 let slzDupe = {}; // use duplicate here to prevent editing slz during run for edge cases
 transpose(slz, slzDupe);
 
@@ -2228,5 +2229,9 @@ describe("slzToCraig", () => {
       craigFromMin,
       "it should return correct options"
     );
+    let task = () => {
+      return configToFilesJson(slzToCraig(slzDupe, "slz"));
+    };
+    assert.doesNotThrow(task, "it should not throw");
   });
 });
diff --git a/unit-tests/state/classic-security-groups.test.js b/unit-tests/state/classic-security-groups.test.js
new file mode 100644
index 00000000..5ff266a6
--- /dev/null
+++ b/unit-tests/state/classic-security-groups.test.js
@@ -0,0 +1,431 @@
+const { assert } = require("chai");
+const { state } = require("../../client/src/lib/state");
+const { disableSave } = require("../../client/src/lib");
+
+/**
+ * initialize store
+ * @returns {lazyZState} state store
+ */
+function newState() {
+  let store = new state();
+  store.setUpdateCallback(() => {});
+  return store;
+}
+
+describe("classic security groups state", () => {
+  let craig;
+  beforeEach(() => {
+    craig = newState();
+  });
+  describe("classic_security_groups.init", () => {
+    it("should initialize classic security groups", () => {
+      assert.deepEqual(
+        craig.store.json.classic_security_groups,
+        [],
+        "it should initialize data"
+      );
+    });
+  });
+  describe("classic_security_groups.create", () => {
+    it("should create a security group", () => {
+      craig.classic_security_groups.create({ name: "test", description: "" });
+      assert.deepEqual(
+        craig.store.json.classic_security_groups,
+        [
+          {
+            name: "test",
+            description: "",
+            classic_sg_rules: [],
+          },
+        ],
+        "it should return correct data"
+      );
+    });
+  });
+  describe("classic_security_groups.save", () => {
+    it("should update a security group", () => {
+      craig.classic_security_groups.create({ name: "test", description: "" });
+      craig.classic_security_groups.save(
+        { name: "test2", description: "" },
+        {
+          craig: craig,
+          data: {
+            name: "test",
+          },
+        }
+      );
+      assert.deepEqual(
+        craig.store.json.classic_security_groups,
+        [
+          {
+            name: "test2",
+            description: "",
+            classic_sg_rules: [],
+          },
+        ],
+        "it should return correct data"
+      );
+    });
+    it("should update a security group and rules", () => {
+      craig.classic_security_groups.create({ name: "test", description: "" });
+      craig.classic_security_groups.save(
+        {
+          name: "test2",
+          description: "",
+          classic_sg_rules: [
+            {
+              classic_sg: "test",
+            },
+          ],
+        },
+        {
+          craig: craig,
+          data: {
+            name: "test",
+          },
+        }
+      );
+      assert.deepEqual(
+        craig.store.json.classic_security_groups,
+        [
+          {
+            name: "test2",
+            description: "",
+            classic_sg_rules: [
+              {
+                classic_sg: "test2",
+              },
+            ],
+          },
+        ],
+        "it should return correct data"
+      );
+    });
+  });
+  describe("classic_security_groups.delete", () => {
+    it("should delete a security group", () => {
+      craig.classic_security_groups.create({ name: "test", description: "" });
+      craig.classic_security_groups.delete(
+        {},
+        { data: { name: "test", description: "" } }
+      );
+      assert.deepEqual(
+        craig.store.json.classic_security_groups,
+        [],
+        "it should return correct data"
+      );
+    });
+  });
+  describe("classic_security_groups.schema", () => {
+    it("should return return false if description is valid", () => {
+      assert.isFalse(
+        craig.classic_security_groups.description.invalid({
+          description: "toad",
+        }),
+        "it should return false"
+      );
+    });
+  });
+  describe("classic_security_groups.classic_sg_rules", () => {
+    beforeEach(() => {
+      craig.classic_security_groups.create({ name: "test", description: "" });
+    });
+    describe("create", () => {
+      it("should create a security group rule", () => {
+        craig.classic_security_groups.classic_sg_rules.create(
+          { name: "example", direction: "inbound" },
+          {
+            craig: craig,
+            innerFormProps: {
+              arrayParentName: "test",
+            },
+          }
+        );
+        assert.deepEqual(
+          craig.store.json.classic_security_groups[0].classic_sg_rules,
+          [
+            {
+              name: "example",
+              direction: "inbound",
+              classic_sg: "test",
+            },
+          ]
+        );
+      });
+    });
+    describe("save", () => {
+      it("should create a security group rule", () => {
+        craig.classic_security_groups.classic_sg_rules.create(
+          { name: "example", direction: "inbound" },
+          {
+            craig: craig,
+            innerFormProps: {
+              arrayParentName: "test",
+            },
+          }
+        );
+        craig.classic_security_groups.classic_sg_rules.save(
+          { name: "example2", direction: "inbound" },
+          {
+            craig: craig,
+            arrayParentName: "test",
+            data: { name: "example", direction: "inbound" },
+          }
+        );
+        assert.deepEqual(
+          craig.store.json.classic_security_groups[0].classic_sg_rules,
+          [
+            {
+              name: "example2",
+              direction: "inbound",
+              classic_sg: "test",
+            },
+          ]
+        );
+      });
+    });
+    describe("delete", () => {
+      it("should delete a security group rule", () => {
+        craig.classic_security_groups.classic_sg_rules.create(
+          { name: "example", direction: "inbound" },
+          {
+            craig: craig,
+            innerFormProps: {
+              arrayParentName: "test",
+            },
+          }
+        );
+        craig.classic_security_groups.classic_sg_rules.delete(
+          { name: "example2", direction: "inbound" },
+          {
+            craig: craig,
+            arrayParentName: "test",
+            data: { name: "example", direction: "inbound" },
+          }
+        );
+        assert.deepEqual(
+          craig.store.json.classic_security_groups[0].classic_sg_rules,
+          []
+        );
+      });
+    });
+    it("should disable save for rule", () => {
+      assert.isTrue(
+        disableSave("classic_sg_rules", {}, { craig: craig }),
+        "it should be disabled"
+      );
+    });
+    describe("schema", () => {
+      it("should have an invalid name when the parent sg has a rule with the same name", () => {
+        craig.classic_security_groups.classic_sg_rules.create(
+          { name: "example", direction: "inbound" },
+          {
+            craig: craig,
+            innerFormProps: {
+              arrayParentName: "test",
+            },
+          }
+        );
+        assert.isTrue(
+          craig.classic_security_groups.classic_sg_rules.name.invalid(
+            {
+              name: "example",
+            },
+            { craig: craig, arrayParentName: "test" }
+          )
+        );
+      });
+      it("should return correct protocol on input change", () => {
+        assert.deepEqual(
+          craig.classic_security_groups.classic_sg_rules.ruleProtocol.onInputChange(
+            {}
+          ),
+          "",
+          "it should return correct data"
+        );
+        assert.deepEqual(
+          craig.classic_security_groups.classic_sg_rules.ruleProtocol.onInputChange(
+            {
+              ruleProtocol: "All",
+            }
+          ),
+          "all",
+          "it should return correct data"
+        );
+      });
+      it("should return correct provol on render", () => {
+        assert.deepEqual(
+          craig.classic_security_groups.classic_sg_rules.ruleProtocol.onRender(
+            {}
+          ),
+          "",
+          "it should return correct data"
+        );
+        assert.deepEqual(
+          craig.classic_security_groups.classic_sg_rules.ruleProtocol.onRender({
+            ruleProtocol: "all",
+          }),
+          "All",
+          "it should return correct data"
+        );
+        assert.deepEqual(
+          craig.classic_security_groups.classic_sg_rules.ruleProtocol.onRender({
+            ruleProtocol: "icmp",
+          }),
+          "ICMP",
+          "it should return correct data"
+        );
+      });
+      describe("port_range_min", () => {
+        it("should hide when rule protcol is not icmp, tcp, or udp", () => {
+          assert.isTrue(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.hideWhen(
+              {}
+            ),
+            "it should be hidden"
+          );
+        });
+        it("should return correct invalid value", () => {
+          assert.isFalse(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalid(
+              {}
+            ),
+            "it should be false"
+          );
+          assert.isFalse(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalid(
+              {
+                ruleProtocol: "all",
+              }
+            ),
+            "it should be false"
+          );
+          assert.isTrue(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalid(
+              {
+                ruleProtocol: "icmp",
+                port_range_min: "9999999",
+              }
+            ),
+            "it should be true"
+          );
+          assert.isFalse(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalid(
+              {
+                ruleProtocol: "icmp",
+                port_range_min: "1",
+              }
+            ),
+            "it should be true"
+          );
+          assert.isTrue(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalid(
+              {
+                ruleProtocol: "udp",
+                port_range_min: "aaaa",
+              }
+            ),
+            "it should be true"
+          );
+          assert.isTrue(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalid(
+              {
+                ruleProtocol: "udp",
+                port_range_min: "9999999999",
+              }
+            ),
+            "it should be true"
+          );
+        });
+        it("should return correct invalid text value", () => {
+          assert.deepEqual(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalidText(
+              {}
+            ),
+            "",
+            "it should return correct value"
+          );
+          assert.deepEqual(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalidText(
+              {
+                ruleProtocol: "all",
+              }
+            ),
+            "",
+            "it should return correct value"
+          );
+          assert.deepEqual(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalidText(
+              {
+                ruleProtocol: "icmp",
+                port_range_min: "aaaa",
+              }
+            ),
+            "Enter a whole number between 0 and 254",
+            "it should be true"
+          );
+          assert.deepEqual(
+            craig.classic_security_groups.classic_sg_rules.port_range_min.invalidText(
+              {
+                ruleProtocol: "udp",
+                port_range_min: "aaaa",
+              }
+            ),
+            "Enter a whole number between 1 and 65535",
+            "it should be true"
+          );
+        });
+      });
+      describe("port_range_max", () => {
+        it("should return values for type rather than code", () => {
+          assert.isTrue(
+            craig.classic_security_groups.classic_sg_rules.port_range_max.invalid(
+              {
+                ruleProtocol: "icmp",
+                port_range_min: "aaaa",
+              }
+            ),
+            "it should be true"
+          );
+          assert.isFalse(
+            craig.classic_security_groups.classic_sg_rules.port_range_max.invalid(
+              {
+                ruleProtocol: "icmp",
+                port_range_max: "1",
+              }
+            ),
+            "it should be true"
+          );
+          assert.isFalse(
+            craig.classic_security_groups.classic_sg_rules.port_range_max.invalid(
+              {
+                ruleProtocol: "icmp",
+                port_range_max: "0",
+              }
+            ),
+            "it should be true"
+          );
+          assert.isTrue(
+            craig.classic_security_groups.classic_sg_rules.port_range_max.invalid(
+              {
+                ruleProtocol: "tcp",
+                port_range_max: "0",
+              }
+            ),
+            "it should be true"
+          );
+          assert.deepEqual(
+            craig.classic_security_groups.classic_sg_rules.port_range_max.invalidText(
+              {
+                ruleProtocol: "icmp",
+                port_range_min: "aaaa",
+              }
+            ),
+            "Enter a whole number between 0 and 255",
+            "it should be true"
+          );
+        });
+      });
+    });
+  });
+});
diff --git a/unit-tests/state/power-vs-instances.test.js b/unit-tests/state/power-vs-instances.test.js
index b8453b31..8983c1eb 100644
--- a/unit-tests/state/power-vs-instances.test.js
+++ b/unit-tests/state/power-vs-instances.test.js
@@ -3352,5 +3352,37 @@ describe("power_instances", () => {
         });
       });
     });
+    describe("power_instances ibmi license fields", () => {
+      it("should hide toggle when image is not ibmi", () => {
+        assert.isTrue(
+          craig.power_instances.pi_ibmi_css.hideWhen({}),
+          "it should be hidden"
+        );
+        assert.isTrue(
+          craig.power_instances.pi_ibmi_css.hideWhen({
+            image: "other",
+          }),
+          "it should be hidden"
+        );
+      });
+      it("should return invalid for pi_ibmi_rds_users", () => {
+        assert.isFalse(
+          craig.power_instances.pi_ibmi_rds_users.invalid({}),
+          "it should be false when no state object"
+        );
+        assert.isTrue(
+          craig.power_instances.pi_ibmi_rds_users.invalid({
+            pi_ibmi_rds_users: "aaa",
+          }),
+          "it should be true when not a number"
+        );
+        assert.isTrue(
+          craig.power_instances.pi_ibmi_rds_users.invalid({
+            pi_ibmi_rds_users: "-1",
+          }),
+          "it should be true when not in range"
+        );
+      });
+    });
   });
 });
diff --git a/unit-tests/state/power-vs.test.js b/unit-tests/state/power-vs.test.js
index edf3fdc9..7fa314ed 100644
--- a/unit-tests/state/power-vs.test.js
+++ b/unit-tests/state/power-vs.test.js
@@ -23,6 +23,16 @@ describe("power-vs", () => {
     });
   });
   describe("power.onStoreUpdate", () => {
+    it("should be able to update power vs when no power vs zones", () => {
+      let state = newState();
+      state.power.create({
+        name: "toad",
+        zone: "us-south",
+      });
+      state.store.json._options.power_vs_zones = undefined;
+      let task = () => state.update();
+      assert.doesNotThrow(task, "it should not throw");
+    });
     it("should update images to only contain the selected image names", () => {
       let state = new newState();
       state.store.json._options.power_vs_zones = ["dal10", "us-south"];
diff --git a/unit-tests/state/security-groups.test.js b/unit-tests/state/security-groups.test.js
index 0cd80c08..ff88f4a0 100644
--- a/unit-tests/state/security-groups.test.js
+++ b/unit-tests/state/security-groups.test.js
@@ -619,6 +619,46 @@ describe("security groups", () => {
       );
     });
   });
+  describe("security_groups.schema", () => {
+    let craig;
+    beforeEach(() => {
+      craig = newState();
+    });
+    it("should hide use_data", () => {
+      assert.isTrue(
+        craig.security_groups.use_data.hideWhen({}, { craig: craig }),
+        "it should hide when in modal"
+      );
+      assert.isTrue(
+        craig.security_groups.use_data.hideWhen(
+          { vpc: "management" },
+          { craig: craig }
+        ),
+        "it should hide when vpc does not use data"
+      );
+      craig.store.json.vpcs.push({
+        name: "data",
+        use_data: true,
+      });
+      assert.isFalse(
+        craig.security_groups.use_data.hideWhen(
+          { vpc: "data" },
+          { craig: craig }
+        ),
+        "it should be shown"
+      );
+    });
+    it("should disable vpc when using data for security group", () => {
+      assert.isFalse(
+        craig.security_groups.vpc.disabled({ use_data: true, vpc: "" }),
+        "it should not be disabled"
+      );
+      assert.isTrue(
+        craig.security_groups.vpc.disabled({ use_data: true, vpc: "frog" }),
+        "it should be disabled"
+      );
+    });
+  });
   describe("security_group.rules", () => {
     describe("security_groups.rules.create", () => {
       it("should add a new rule", () => {
diff --git a/unit-tests/state/transit-gateways.test.js b/unit-tests/state/transit-gateways.test.js
index 979f9b9b..d2c94ea2 100644
--- a/unit-tests/state/transit-gateways.test.js
+++ b/unit-tests/state/transit-gateways.test.js
@@ -448,6 +448,48 @@ describe("transit_gateways", () => {
             "it should set data"
           );
         });
+        it("should set connections when enabling classic connections", () => {
+          let craig = newState();
+          let data = {
+            classic: false,
+            connections: [{ tgw: "transit-gateway", vpc: "vpc" }],
+            name: "transit-gateway",
+          };
+          craig.transit_gateways.classic.onStateChange(data);
+          assert.deepEqual(
+            data,
+            {
+              classic: true,
+              connections: [
+                { tgw: "transit-gateway", vpc: "vpc" },
+                { tgw: "transit-gateway", classic: true },
+              ],
+              name: "transit-gateway",
+            },
+            "it should add a classic connection"
+          );
+        });
+        it("should set connections when disabling classic connections", () => {
+          let craig = newState();
+          let data = {
+            classic: true,
+            connections: [
+              { tgw: "transit-gateway", vpc: "vpc" },
+              { tgw: "transit-gateway", classic: true },
+            ],
+            name: "transit-gateway",
+          };
+          craig.transit_gateways.classic.onStateChange(data);
+          assert.deepEqual(
+            data,
+            {
+              classic: false,
+              connections: [{ tgw: "transit-gateway", vpc: "vpc" }],
+              name: "transit-gateway",
+            },
+            "it should remove a classic connection"
+          );
+        });
         it("should have force update key for connections", () => {
           let craig = newState();
           assert.deepEqual(