diff --git a/ois-scanner/main.tf b/ois-scanner/main.tf
index 1eaeb04..29ac197 100644
--- a/ois-scanner/main.tf
+++ b/ois-scanner/main.tf
@@ -30,14 +30,16 @@ locals {
     "172.18.33.211/32",
     "172.18.33.213/32",
   ]
+  description = "common: OIS scanners and OIS subnets full access for compliance scanning"
 }
 
 resource "aws_security_group" "this_security_group" {
   name = "${var.name}"
-  description = "common: allows OIS scanners and OIS subnets full access for compliance scanning"
+  description = "${local.description}"
   vpc_id = "${var.vpc_id}"
 
   ingress {
+    description = "ALL: ${local.description}"
     from_port = 0
     to_port   = 0
     protocol  = -1
@@ -45,6 +47,7 @@ resource "aws_security_group" "this_security_group" {
   }
 
   egress {
+    description = "ALL: ${local.description}"
     from_port = 0
     to_port   = 0
     protocol  = -1