diff --git a/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml b/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml
index 6aad54d..76ee348 100644
--- a/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml
+++ b/.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml
@@ -22,7 +22,7 @@ env:
 
 permissions:
   contents: read 
-  issues: write # to create issues for alerts
+  #issues: write # to create issues for alerts
 
 jobs:
   zap_scan:
@@ -49,5 +49,14 @@ jobs:
         uses: zaproxy/action-full-scan@v0.12.0
         id: zap
         with:
-          allow_issue_writing: true
+          allow_issue_writing: false
           target: "${{ env.ZAP_TARGET }}"
+      # - name: ZAP Scan
+      #   uses: zaproxy/action-baseline@v0.4.0
+      #   with:
+      #     target: "${{ env.ZAP_TARGET }}"
+      - uses: SvanBoxel/zaproxy-to-ghas@main
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif
\ No newline at end of file
diff --git a/.github/workflows/IACS-AquaSecurity-tfsec.yml b/.github/workflows/IACS-AquaSecurity-tfsec.yml
new file mode 100644
index 0000000..7407311
--- /dev/null
+++ b/.github/workflows/IACS-AquaSecurity-tfsec.yml
@@ -0,0 +1,36 @@
+# https://github.com/aquasecurity/tfsec
+# https://github.com/aquasecurity/tfsec-sarif-action
+
+name: IaC Scanning (Terraform) with Aqua Security tfsec 
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '15 03 * * 5'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+jobs:
+  tfsec-scan:
+    name: Run tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run tfsec
+        uses: aquasecurity/tfsec-sarif-action@v0.1.0
+        with:
+          sarif_file: tfsec.sarif
+
+      - name: Upload SARIF file to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: tfsec.sarif
diff --git a/.github/workflows/IACS-Checkmarx-kics.yml b/.github/workflows/IACS-Checkmarx-kics.yml
new file mode 100644
index 0000000..037bb46
--- /dev/null
+++ b/.github/workflows/IACS-Checkmarx-kics.yml
@@ -0,0 +1,56 @@
+# https://github.com/Checkmarx/kics
+# https://github.com/Checkmarx/kics/blob/master/docs/integrations_ghactions.md
+# https://github.com/Checkmarx/kics-github-action
+
+name: IaC Scanning with Checkmarx KICS
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '15 03 * * 5'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+jobs:
+  kics-scan:
+    name: Run KICS scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Mkdir results-dir
+        # make sure results dir is created
+        run: mkdir -p results-dir
+
+      - name: Run kics Scan
+        uses: checkmarx/kics-github-action@v2.1.7
+        with:
+            path: 'terraform'
+            # when provided with a directory on output_path
+            # it will generate the specified reports file named 'results.{extension}'
+            # in this example it will generate:
+            # - results-dir/results.json
+            # - results-dir/results.sarif
+            ignore_on_exit: results
+            output_path: results-dir
+            platform_type: terraform
+            output_formats: 'json,sarif'
+            enable_comments: true
+      
+      - name: Show results
+        run: |
+          cat results-dir/results.sarif
+          cat results-dir/results.json
+
+      - name: Upload SARIF file to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-dir/results.sarif
diff --git a/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml b/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml
index dfcbdc0..5fa2e06 100644
--- a/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml
+++ b/.github/workflows/SCA-GitHubAdvancedSecurity-DependencyReview.yml
@@ -24,5 +24,5 @@ jobs:
         with:
           comment-summary-in-pr: always
           fail-on-severity: 'moderate'
-          allow-licenses: MIT, Apache-2.0
+          allow-licenses: MIT, Apache-2.0, GPL-3.0
         
\ No newline at end of file
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index d2e8c6b..af76ce3 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -75,7 +75,7 @@ jobs:
   container-build-publish:
     name: Build and Publish Container Image
     needs: []
-    uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.2.0
+    uses: githubabcs-devops/devsecops-reusable-workflows/.github/workflows/container.yml@v0.2.0
     with:
       # This is used for tagging the container image
       version: v1.0.0
diff --git a/terraform/azure/aks.tf b/terraform/azure/aks.tf
new file mode 100644
index 0000000..55c870a
--- /dev/null
+++ b/terraform/azure/aks.tf
@@ -0,0 +1,25 @@
+resource azurerm_kubernetes_cluster "k8s_cluster" {
+  dns_prefix          = "terragoat-${var.environment}"
+  location            = var.location
+  name                = "terragoat-aks-${var.environment}"
+  resource_group_name = azurerm_resource_group.example.name
+  identity {
+    type = "SystemAssigned"
+  }
+  default_node_pool {
+    name       = "default"
+    vm_size    = "Standard_D2_v2"
+    node_count = 2
+  }
+  addon_profile {
+    oms_agent {
+      enabled = false
+    }
+    kube_dashboard {
+      enabled = true
+    }
+  }
+  role_based_access_control {
+    enabled = false
+  }
+}
\ No newline at end of file
diff --git a/terraform/azure/app_service.tf b/terraform/azure/app_service.tf
new file mode 100644
index 0000000..45f01f1
--- /dev/null
+++ b/terraform/azure/app_service.tf
@@ -0,0 +1,34 @@
+resource azurerm_app_service_plan "example" {
+  name                = "terragoat-app-service-plan-${var.environment}"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  sku {
+    tier = "Dynamic"
+    size = "S1"
+  }
+}
+
+resource azurerm_app_service "app-service1" {
+  app_service_plan_id = azurerm_app_service_plan.example.id
+  location            = var.location
+  name                = "terragoat-app-service-${var.environment}${random_integer.rnd_int.result}"
+  resource_group_name = azurerm_resource_group.example.name
+  https_only          = false
+  site_config {
+    min_tls_version = "1.1"
+  }
+}
+
+resource azurerm_app_service "app-service2" {
+  app_service_plan_id = azurerm_app_service_plan.example.id
+  location            = var.location
+  name                = "terragoat-app-service-${var.environment}${random_integer.rnd_int.result}"
+  resource_group_name = azurerm_resource_group.example.name
+  https_only          = true
+
+  auth_settings {
+    enabled = false
+  }
+}
+
diff --git a/terraform/azure/instance.tf b/terraform/azure/instance.tf
new file mode 100644
index 0000000..30a2d77
--- /dev/null
+++ b/terraform/azure/instance.tf
@@ -0,0 +1,59 @@
+resource random_string "password" {
+  length      = 16
+  special     = false
+  min_lower   = 1
+  min_numeric = 1
+  min_upper   = 1
+}
+
+resource azurerm_linux_virtual_machine "linux_machine" {
+  admin_username                  = "terragoat-linux"
+  admin_password                  = random_string.password.result
+  location                        = var.location
+  name                            = "terragoat-linux"
+  network_interface_ids           = [azurerm_network_interface.ni_linux.id]
+  resource_group_name             = azurerm_resource_group.example.name
+  size                            = "Standard_F2"
+  disable_password_authentication = false
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "16.04-LTS"
+    version   = "latest"
+  }
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  tags = {
+    terragoat   = true
+    environment = var.environment
+  }
+}
+
+resource azurerm_windows_virtual_machine "windows_machine" {
+  admin_password        = random_string.password.result
+  admin_username        = "tg-${var.environment}"
+  location              = var.location
+  name                  = "tg-win"
+  network_interface_ids = [azurerm_network_interface.ni_win.id]
+  resource_group_name   = azurerm_resource_group.example.name
+  size                  = "Standard_F2"
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2016-Datacenter"
+    version   = "latest"
+  }
+
+  tags = {
+    terragoat   = true
+    environment = var.environment
+  }
+}
\ No newline at end of file
diff --git a/terraform/azure/key_vault.tf b/terraform/azure/key_vault.tf
new file mode 100644
index 0000000..878a3ec
--- /dev/null
+++ b/terraform/azure/key_vault.tf
@@ -0,0 +1,43 @@
+resource "azurerm_key_vault" "example" {
+  name                = "terragoat-key-${var.environment}${random_integer.rnd_int.result}"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "premium"
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+    key_permissions = [
+      "create",
+      "get",
+    ]
+    secret_permissions = [
+      "set",
+    ]
+  }
+  tags = {
+    environment = var.environment
+    terragoat   = true
+  }
+}
+
+resource "azurerm_key_vault_key" "generated" {
+  name         = "terragoat-generated-certificate-${var.environment}"
+  key_vault_id = azurerm_key_vault.example.id
+  key_type     = "RSA"
+  key_size     = 2048
+  key_opts = [
+    "decrypt",
+    "encrypt",
+    "sign",
+    "unwrapKey",
+    "verify",
+    "wrapKey",
+  ]
+}
+
+resource "azurerm_key_vault_secret" "secret" {
+  key_vault_id = azurerm_key_vault.example.id
+  name         = "terragoat-secret-${var.environment}"
+  value        = random_string.password.result
+}
\ No newline at end of file
diff --git a/terraform/azure/logging.tf b/terraform/azure/logging.tf
new file mode 100644
index 0000000..b7854fb
--- /dev/null
+++ b/terraform/azure/logging.tf
@@ -0,0 +1,10 @@
+resource azurerm_monitor_log_profile "logging_profile" {
+  storage_account_id = azurerm_storage_account.example.id
+  categories         = ["Action"]
+  locations          = [var.location]
+  name               = "terragoat-${var.environment}"
+  retention_policy {
+    enabled = true
+    days    = 30
+  }
+}
\ No newline at end of file
diff --git a/terraform/azure/networking.tf b/terraform/azure/networking.tf
new file mode 100644
index 0000000..da022a3
--- /dev/null
+++ b/terraform/azure/networking.tf
@@ -0,0 +1,85 @@
+resource "azurerm_virtual_network" "example" {
+  name                = "terragoat-vn-${var.environment}"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+resource "azurerm_subnet" "example" {
+  name                 = "terragoat-${var.environment}"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefixes     = ["10.0.0.0/24"]
+}
+
+resource "azurerm_network_interface" "ni_linux" {
+  name                = "terragoat-linux-${var.environment}"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.example.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_network_interface" "ni_win" {
+  name                = "terragoat-win-${var.environment}"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.example.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource azurerm_network_security_group "bad_sg" {
+  location            = var.location
+  name                = "terragoat-${var.environment}"
+  resource_group_name = azurerm_resource_group.example.name
+
+  security_rule {
+    access                 = "Allow"
+    direction              = "Inbound"
+    name                   = "AllowSSH"
+    priority               = 200
+    protocol               = "TCP"
+    source_address_prefix  = "*"
+    source_port_range      = "*"
+    destination_port_range = "22-22"
+    destination_address_prefix = "*"
+  }
+
+  security_rule {
+    access                 = "Allow"
+    direction              = "Inbound"
+    name                   = "AllowRDP"
+    priority               = 300
+    protocol               = "TCP"
+    source_address_prefix  = "*"
+    source_port_range      = "*"
+    destination_port_range = "3389-3389"
+    destination_address_prefix = "*"
+  }
+}
+
+resource azurerm_network_watcher "network_watcher" {
+  location            = var.location
+  name                = "terragoat-network-watcher-${var.environment}"
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+resource azurerm_network_watcher_flow_log "flow_log" {
+  enabled                   = false
+  network_security_group_id = azurerm_network_security_group.bad_sg.id
+  network_watcher_name      = azurerm_network_watcher.network_watcher.name
+  resource_group_name       = azurerm_resource_group.example.name
+  storage_account_id        = azurerm_storage_account.example.id
+  retention_policy {
+    enabled = false
+    days    = 10
+  }
+}
\ No newline at end of file
diff --git a/terraform/azure/policies.tf b/terraform/azure/policies.tf
new file mode 100644
index 0000000..76ffd9f
--- /dev/null
+++ b/terraform/azure/policies.tf
@@ -0,0 +1,51 @@
+resource "azurerm_policy_definition" "policy-res" {
+  name         = "terragoat-policy-${var.environment}"
+  policy_type  = "Custom"
+  mode         = "Indexed"
+  display_name = "acceptance test policy definition"
+  metadata     = <<METADATA
+    {
+    "category": "Security Center"
+    }
+METADATA
+  policy_rule  = <<POLICY_RULE
+    {
+    "if": {
+      "not": {
+        "field": "location",
+        "in": "[parameters('allowedLocations')]"
+      }
+    },
+    "then": {
+      "effect": "audit"
+    }
+  }
+POLICY_RULE
+  parameters   = <<PARAMETERS
+    {
+    "allowedLocations": {
+      "type": "Array",
+      "metadata": {
+        "description": "The list of allowed locations for resources.",
+        "displayName": "Allowed locations",
+        "strongType": "location"
+      }
+    }
+  }
+PARAMETERS
+}
+
+resource "azurerm_policy_assignment" "example" {
+  name                 = "terragoat-policy-assignment-${var.environment}"
+  scope                = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
+  policy_definition_id = azurerm_policy_definition.policy-res.id
+  description          = "Policy Assignment created via an Acceptance Test"
+  display_name         = "My Example Policy Assignment"
+  parameters           = <<PARAMETERS
+{
+  "allowedLocations": {
+    "value": [ "East US" ]
+  }
+}
+PARAMETERS
+}
diff --git a/terraform/azure/provider.tf b/terraform/azure/provider.tf
new file mode 100644
index 0000000..645c045
--- /dev/null
+++ b/terraform/azure/provider.tf
@@ -0,0 +1,13 @@
+provider "azurerm" {
+  subscription_id = var.subscription_id
+  version = ">= 2.0.0"
+  features {}
+}
+
+data "azurerm_client_config" "current" {}
+
+terraform {
+  required_version = ">=0.12.0"
+  backend "azurerm" {
+  }
+}
diff --git a/terraform/azure/random.tf b/terraform/azure/random.tf
new file mode 100644
index 0000000..73ac4bb
--- /dev/null
+++ b/terraform/azure/random.tf
@@ -0,0 +1,4 @@
+resource "random_integer" "rnd_int" {
+  min     = 1
+  max     = 10000
+}
\ No newline at end of file
diff --git a/terraform/azure/resource_group.tf b/terraform/azure/resource_group.tf
new file mode 100644
index 0000000..040281a
--- /dev/null
+++ b/terraform/azure/resource_group.tf
@@ -0,0 +1,4 @@
+resource "azurerm_resource_group" "example" {
+  name     = "terragoat-${var.environment}"
+  location = var.location
+}
\ No newline at end of file
diff --git a/terraform/azure/roles.tf b/terraform/azure/roles.tf
new file mode 100644
index 0000000..736fc13
--- /dev/null
+++ b/terraform/azure/roles.tf
@@ -0,0 +1,16 @@
+data azurerm_subscription current_subscription {}
+
+resource "azurerm_role_definition" "example" {
+  name        = "my-custom-role"
+  scope       = data.azurerm_subscription.current_subscription.id
+  description = "This is a custom role created via Terraform"
+
+  permissions {
+    actions     = ["*"]
+    not_actions = []
+  }
+
+  assignable_scopes = [
+    data.azurerm_subscription.current_subscription.id
+  ]
+}
\ No newline at end of file
diff --git a/terraform/azure/security_center.tf b/terraform/azure/security_center.tf
new file mode 100644
index 0000000..e5927c7
--- /dev/null
+++ b/terraform/azure/security_center.tf
@@ -0,0 +1,9 @@
+resource azurerm_security_center_subscription_pricing "pricing" {
+  tier = "Free"
+}
+
+resource azurerm_security_center_contact "contact" {
+  alert_notifications = false
+  alerts_to_admins    = false
+  email               = "some@email.com"
+}
\ No newline at end of file
diff --git a/terraform/azure/sql.tf b/terraform/azure/sql.tf
new file mode 100644
index 0000000..86ef07c
--- /dev/null
+++ b/terraform/azure/sql.tf
@@ -0,0 +1,81 @@
+resource "azurerm_sql_firewall_rule" "example" {
+  name                = "terragoat-firewall-rule-${var.environment}"
+  resource_group_name = azurerm_resource_group.example.name
+  server_name         = azurerm_sql_server.example.name
+  start_ip_address    = "10.0.17.62"
+  end_ip_address      = "10.0.17.62"
+}
+
+resource "azurerm_sql_server" "example" {
+  name                         = "terragoat-sqlserver-${var.environment}${random_integer.rnd_int.result}"
+  resource_group_name          = azurerm_resource_group.example.name
+  location                     = azurerm_resource_group.example.location
+  version                      = "12.0"
+  administrator_login          = "ariel"
+  administrator_login_password = "Aa12345678"
+  tags = {
+    environment = var.environment
+    terragoat   = "true"
+  }
+}
+
+resource "azurerm_mssql_server_security_alert_policy" "example" {
+  resource_group_name        = azurerm_resource_group.example.name
+  server_name                = azurerm_sql_server.example.name
+  state                      = "Enabled"
+  storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
+  storage_account_access_key = azurerm_storage_account.example.primary_access_key
+  disabled_alerts = [
+    "Sql_Injection",
+    "Data_Exfiltration"
+  ]
+  retention_days = 20
+}
+
+resource "azurerm_mysql_server" "example" {
+  name                = "terragoat-mysql-${var.environment}${random_integer.rnd_int.result}"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  administrator_login          = "terragoat-${var.environment}"
+  administrator_login_password = random_string.password.result
+
+  sku_name   = "B_Gen5_2"
+  storage_mb = 5120
+  version    = "5.7"
+
+  auto_grow_enabled                 = true
+  backup_retention_days             = 7
+  infrastructure_encryption_enabled = true
+  public_network_access_enabled     = true
+  ssl_enforcement_enabled           = false
+}
+
+resource "azurerm_postgresql_server" "example" {
+  name                         = "terragoat-postgresql-${var.environment}${random_integer.rnd_int.result}"
+  location                     = azurerm_resource_group.example.location
+  resource_group_name          = azurerm_resource_group.example.name
+  sku_name                     = "B_Gen5_2"
+  storage_mb                   = 5120
+  backup_retention_days        = 7
+  geo_redundant_backup_enabled = false
+  auto_grow_enabled            = true
+  administrator_login          = "terragoat"
+  administrator_login_password = "Aa12345678"
+  version                      = "9.5"
+  ssl_enforcement_enabled      = false
+}
+
+resource "azurerm_postgresql_configuration" "thrtottling_config" {
+  name                = "connection_throttling"
+  resource_group_name = azurerm_resource_group.example.name
+  server_name         = azurerm_postgresql_server.example.name
+  value               = "off"
+}
+
+resource "azurerm_postgresql_configuration" "example" {
+  name                = "log_checkpoints"
+  resource_group_name = azurerm_resource_group.example.name
+  server_name         = azurerm_postgresql_server.example.name
+  value               = "off"
+}
\ No newline at end of file
diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf
new file mode 100644
index 0000000..7ddcbd8
--- /dev/null
+++ b/terraform/azure/storage.tf
@@ -0,0 +1,49 @@
+resource "azurerm_managed_disk" "example" {
+  name                 = "terragoat-disk-${var.environment}"
+  location             = var.location
+  resource_group_name  = azurerm_resource_group.example.name
+  storage_account_type = "Standard_LRS"
+  create_option        = "Empty"
+  disk_size_gb         = 1
+  encryption_settings {
+    enabled = false
+  }
+}
+
+resource "azurerm_storage_account" "example" {
+  name                     = "tgsa${var.environment}${random_integer.rnd_int.result}"
+  resource_group_name      = azurerm_resource_group.example.name
+  location                 = azurerm_resource_group.example.location
+  account_tier             = "Standard"
+  account_replication_type = "GRS"
+  queue_properties {
+    logging {
+      delete                = false
+      read                  = false
+      write                 = true
+      version               = "1.0"
+      retention_policy_days = 10
+    }
+    hour_metrics {
+      enabled               = true
+      include_apis          = true
+      version               = "1.0"
+      retention_policy_days = 10
+    }
+    minute_metrics {
+      enabled               = true
+      include_apis          = true
+      version               = "1.0"
+      retention_policy_days = 10
+    }
+  }
+}
+
+resource "azurerm_storage_account_network_rules" "test" {
+  resource_group_name  = azurerm_resource_group.example.name
+  storage_account_name = azurerm_storage_account.example.name
+
+  default_action = "Deny"
+  ip_rules       = ["127.0.0.1"]
+  bypass         = ["Metrics"]
+}
diff --git a/terraform/azure/variables.tf b/terraform/azure/variables.tf
new file mode 100644
index 0000000..0f779c5
--- /dev/null
+++ b/terraform/azure/variables.tf
@@ -0,0 +1,15 @@
+variable "subscription_id" {
+  type        = string
+  description = "The subscription ID to be scanned"
+  default     = null
+}
+
+variable "location" {
+  type    = string
+  default = "East US"
+}
+
+variable "environment" {
+  default     = "dev"
+  description = "Must be all lowercase letters or numbers"
+}
\ No newline at end of file