diff --git a/README.md b/README.md
index 5c9153f..f53a3c5 100644
--- a/README.md
+++ b/README.md
@@ -113,7 +113,7 @@ efs-csi-controller    0         5m
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_cloudwatch_observability_irsa_role"></a> [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a |
-| <a name="module_cluster"></a> [cluster](#module\_cluster) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/ | v21.3.2 |
+| <a name="module_cluster"></a> [cluster](#module\_cluster) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/ | v21.4.0 |
 | <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_efs_csi_irsa_role"></a> [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_vpc_cni_irsa_role"></a> [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-iam//modules/iam-role-for-service-accounts-eks | n/a |
diff --git a/main.tf b/main.tf
index 9392b05..5aaf7c1 100644
--- a/main.tf
+++ b/main.tf
@@ -19,7 +19,7 @@ resource "terraform_data" "subnet_validation" {
 }
 
 module "cluster" {
-  source = "git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/?ref=v21.3.2"
+  source = "git::https://github.e.it.census.gov/SCT-Engineering/terraform-aws-eks/?ref=v21.4.0"
 
   access_entries                           = local.access_entries
   cloudwatch_log_group_retention_in_days   = var.cloudwatch_retention_days
diff --git a/securitygroups.tf b/securitygroups.tf
index 9712bda..a30f716 100644
--- a/securitygroups.tf
+++ b/securitygroups.tf
@@ -5,15 +5,9 @@ locals {
 }
 
 resource "aws_security_group" "additional_eks_cluster_sg" {
-  name = local.additional_eks_cluster_sg_name
-
-  tags = merge(
-    local.base_tags,
-    var.tags,
-    { "Name" = local.additional_eks_cluster_sg_name },
-  )
-
-  vpc_id = data.aws_vpc.eks_vpc.id
+  name        = local.additional_eks_cluster_sg_name
+  description = format("Security group for additional access for EKS cluster %v", var.cluster_name)
+  vpc_id      = data.aws_vpc.eks_vpc.id
 
   ingress {
     from_port = 0
@@ -46,15 +40,9 @@ resource "aws_security_group" "additional_eks_cluster_sg" {
 
 # once setup, you cannot change any ports here
 resource "aws_security_group" "all_worker_mgmt" {
-  name = local.all_worker_mgmt_name
-
-  tags = merge(
-    local.base_tags,
-    var.tags,
-    { "Name" = local.all_worker_mgmt_name },
-  )
-
-  vpc_id = local.vpc_id
+  name        = local.all_worker_mgmt_name
+  description = format("Security group for all worker management access for EKS cluster %v", var.cluster_name)
+  vpc_id      = local.vpc_id
 
   ingress {
     from_port   = 0
@@ -79,14 +67,7 @@ resource "aws_security_group" "all_worker_mgmt" {
 resource "aws_security_group" "extra_cluster_sg" {
   name        = format("%v%v-extra", local.prefixes["eks-security-group"], var.cluster_name)
   description = format("Security group for additional access for EKS cluster %v", var.cluster_name)
-
-  tags = merge(
-    local.base_tags,
-    var.tags,
-    { "Name" = format("%v%v-extra", local.prefixes["eks-security-group"], var.cluster_name) },
-  )
-
-  vpc_id = data.aws_vpc.eks_vpc.id
+  vpc_id      = data.aws_vpc.eks_vpc.id
 
   ingress {
     from_port = 0