diff --git a/examples/full-cluster/aws-auth/tf-run.data b/examples/full-cluster/aws-auth/tf-run.data
index 44f61ff..ce77f28 100644
--- a/examples/full-cluster/aws-auth/tf-run.data
+++ b/examples/full-cluster/aws-auth/tf-run.data
@@ -1,3 +1,4 @@
+REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
diff --git a/examples/full-cluster/cluster-roles/remote_state.yml b/examples/full-cluster/cluster-roles/remote_state.yml
deleted file mode 100644
index b1c5141..0000000
--- a/examples/full-cluster/cluster-roles/remote_state.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-directory:       "applications/apps-adsd-eks/vpc/east/vpc3/apps/eks-adsd-cumulus-qa/cluster-roles"
-profile:         "252960665057-ma6-gov"
-bucket:          "inf-tfstate-252960665057"
-bucket_region:   "us-gov-east-1"
-region:          "us-gov-east-1"
-regions:         ["us-gov-east-1"]
-account_id:      "252960665057"
-account_alias:   "ma6-gov"
-aws_environment: "gov"
diff --git a/examples/full-cluster/cluster-roles/tf-run.data b/examples/full-cluster/cluster-roles/tf-run.data
new file mode 100644
index 0000000..5d91871
--- /dev/null
+++ b/examples/full-cluster/cluster-roles/tf-run.data
@@ -0,0 +1,10 @@
+REMOTE-STATE
+STOP only run this after the cluster roles represented here have been setup in K8S
+COMMAND tf-directory-setup.py -l none -f
+COMMAND setup-new-directory.sh
+COMMAND tf-init -upgrade
+POLICY
+ALL
+COMMAND tf-directory-setup.py -l s3
+
+COMMENT cd ../ and continue
diff --git a/examples/full-cluster/common-services/tf-run.data b/examples/full-cluster/common-services/tf-run.data
index 63f8c73..25472df 100644
--- a/examples/full-cluster/common-services/tf-run.data
+++ b/examples/full-cluster/common-services/tf-run.data
@@ -1,3 +1,4 @@
+REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
diff --git a/examples/full-cluster/includes.d/README.md b/examples/full-cluster/includes.d/README.md
index b34ca3f..97c168f 100644
--- a/examples/full-cluster/includes.d/README.md
+++ b/examples/full-cluster/includes.d/README.md
@@ -1,10 +1,30 @@
-# Includes.d
+## Requirements
 
-## parent_rs.tf
+No requirements.
 
-Update this with the proper remote state path, as pulled from the application directory for the cluster in the
-main cluster directory.  This is used throughout the cluster components.
+## Providers
 
-```hcl
-  parent_rs            = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs
-```
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_null"></a> [null](#provider\_null) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [null_resource.kubeconfig](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
diff --git a/examples/full-cluster/includes.d/data.eks-main.tf b/examples/full-cluster/includes.d/data.eks-main.tf
index 9452be6..7ead28b 100644
--- a/examples/full-cluster/includes.d/data.eks-main.tf
+++ b/examples/full-cluster/includes.d/data.eks-main.tf
@@ -1,9 +1,9 @@
 locals {
   aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
-# for main.tf
+  # for main.tf
   aws_eks_cluster = aws_eks_cluster.eks_cluster
-# for all subdirectories
-##  aws_eks_cluster = data.aws_eks_cluster.cluster
+  # for all subdirectories
+  ##  aws_eks_cluster = data.aws_eks_cluster.cluster
 }
 
 data "aws_eks_cluster_auth" "cluster" {
diff --git a/examples/full-cluster/includes.d/parent_rs.tf b/examples/full-cluster/includes.d/parent_rs.tf
index 5ccae16..7d4b782 100644
--- a/examples/full-cluster/includes.d/parent_rs.tf
+++ b/examples/full-cluster/includes.d/parent_rs.tf
@@ -1,4 +1,4 @@
 # replace TF remote state accordingly in parent_rs with that from the parent directory, and be sure to make the link
 locals {
-  parent_rs            = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs
+  parent_rs = data.terraform_remote_state.vpc-state-path_application-state-path-eks-cluster-name.outputs
 }
diff --git a/examples/full-cluster/irsa-roles/README.md b/examples/full-cluster/irsa-roles/README.md
index 6915c05..5995413 100644
--- a/examples/full-cluster/irsa-roles/README.md
+++ b/examples/full-cluster/irsa-roles/README.md
@@ -1,64 +1,44 @@
-# irsa-roles
+## Requirements
 
-This is a directory under which actual IRSA role subdirectories exist.  No resources are created here.
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.31 |
 
-See the directories to follow the directions containd within:
+## Providers
 
-* cluster-autoscaler
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
-## Setup Steps
+## Modules
 
-First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory.
+No modules.
 
-## Terraform Automated
+## Resources
 
-A `tf-run.data` file exists here, so the simplest way to implemnt is with the `tf-run.sh` script.
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
 
-* copy the `remote_state.yml` from the parent and update `directory` to be the current directory
-* run the tf-run.sh
+## Inputs
 
-```console
-% tf-run.sh apply
-```
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no |
+| <a name="input_domain"></a> [domain](#input\_domain) | The DNS domain name of the cluster.  Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no |
+| <a name="input_eks_instance_disk_size"></a> [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no |
+| <a name="input_eks_instance_type"></a> [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no |
+| <a name="input_eks_ng_desire_size"></a> [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no |
+| <a name="input_eks_ng_max_size"></a> [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no |
+| <a name="input_eks_ng_min_size"></a> [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no |
+| <a name="input_eks_vpc_name"></a> [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no |
+| <a name="input_name"></a> [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes |
+| <a name="input_subnets_name"></a> [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no |
 
-* example of the `tf-run.sh` steps
+## Outputs
 
-This is part of a larger cluster configuration, so at the end of the run it indicates another directory
-to visit when done.
-
-```console
-% tf-run.sh list
-* running action=plan
-* START: tf-run.sh v1.1.2 start=1636562881 end= logfile=logs/run.plan.20211110.1636562881.log (not-created)
-* reading from tf-run.data
-* read 6 entries from tf-run.data
-> list
-** START: start=1636562881
-* 1 COMMAND> tf-directory-setup.py -l none -f
-* 2 COMMAND> setup-new-directory.sh
-* 3 COMMAND> tf-init -upgrade
-* 4 tf-plan 
-* 5 COMMAND> tf-directory-setup.py -l s3
-* 6 COMMENT> cd cluster-roles and tf-run.sh apply
-** END: start=1636562881 end=1636562881 elapsed=0 logfile=logs/run.plan.20211110.1636562881.log (not-created)
-```
-
-It is highly recommended to use the `tf-run.sh` approach.
-
-## Terraform Manual
-
-* setup
-
-```shell
-tf-directory-setup.py -l none
-setup-new-directory.sh
-tf-init
-````
-
-* Apply the rest
-
-```shell
-tf-plan
-tf-apply
-tf-directory-setup.py -l s3
-```
+No outputs.
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md
index bc949cb..bfe2fa5 100644
--- a/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md
+++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md
@@ -1,66 +1,53 @@
-# irsa-roles: cluster-autoscaler
-
-This sets up the needed IAM roles for service accounts for the cluster autoscaler.
-
-
-## Setup
-
-First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory.
-
-## Terraform Automated
-
-A `tf-run.data` file exists here, so the simplest way to implement is with the `tf-run.sh` script.
-
-```console
-% tf-run.sh apply
-```
-
-* example of the tf-run.sh`steps
-
-This is part of a larger cluster configuration, so at the end of the run it indicates another directory
-to visit when done.
-
-```console
-% tf-run.sh list
-* running action=plan
-* START: tf-run.sh v1.1.2 start=1636561755 end= logfile=logs/run.plan.20211110.1636561755.log (not-created)
-* reading from tf-run.data
-* read 6 entries from tf-run.data
-> list
-** START: start=1636561755
-* 1 COMMAND> tf-directory-setup.py -l none
-* 2 COMMAND> setup-new-directory.sh
-* 3 COMMAND> tf-init -upgrade
-* 4 POLICY> (*.tf) aws_iam_policy.app_policy1
-* 4 tf-plan -target=aws_iam_policy.app_policy1 
-* 5 tf-plan 
-* 6 COMMAND> tf-directory-setup.py -l s3
-** END: start=1636561755 end=1636561755 elapsed=0 logfile=logs/run.plan.20211110.1636561755.log (not-created)
-```
-
-It is highly recommended to use the `tf-run.sh` approach.
-
-## Terraform Manual
-
-```shell
-tf-directory-setup.py -l none
-setup-new-directory.sh
-tf-init
-````
-
-* Apply the the policies
-
-```shell
-tf-plan -target=aws_iam_policy.app_policy1
-tf-apply -target=aws_iam_policy.app_policy1
-```
-
-* Apply the rest
-
-```shell
-tf-plan
-tf-apply
-tf-directory-setup.py -l s3
-```
-
-## Post Setup Examination
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.31 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_app_role"></a> [app\_role](#module\_app\_role) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [kubernetes_service_account.app](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_iam_policy_document.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no |
+| <a name="input_domain"></a> [domain](#input\_domain) | The DNS domain name of the cluster.  Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no |
+| <a name="input_eks_instance_disk_size"></a> [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no |
+| <a name="input_eks_instance_type"></a> [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no |
+| <a name="input_eks_ng_desire_size"></a> [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no |
+| <a name="input_eks_ng_max_size"></a> [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no |
+| <a name="input_eks_ng_min_size"></a> [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no |
+| <a name="input_eks_vpc_name"></a> [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no |
+| <a name="input_name"></a> [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes |
+| <a name="input_subnets_name"></a> [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_app_role_arn"></a> [app\_role\_arn](#output\_app\_role\_arn) | ARN of IAM Role for Service account for cluster-autoscaler |
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/data.eks.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/data.eks.tf
deleted file mode 120000
index bc5a403..0000000
--- a/examples/full-cluster/irsa-roles/cluster-autoscaler/data.eks.tf
+++ /dev/null
@@ -1 +0,0 @@
-../data.eks.tf
\ No newline at end of file
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf
index 3042080..4b9ae5a 100644
--- a/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf
+++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf
@@ -12,6 +12,6 @@ locals {
   subnet_ids           = local.parent_rs.cluster_subnet_ids
   cluster_worker_sg_id = local.parent_rs.cluster_worker_sg_id
 
-  oidc_provider_url    = local.parent_rs.oidc_provider_url
-  oidc_provider_arn    = local.parent_rs.oidc_provider_arn
+  oidc_provider_url = local.parent_rs.oidc_provider_url
+  oidc_provider_arn = local.parent_rs.oidc_provider_arn
 }
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf
index f617506..b7b1696 100644
--- a/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf
+++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf
@@ -1,3 +1,4 @@
 locals {
   region = var.region
 }
+
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data b/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data
index 336f6a5..b7371bc 100644
--- a/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data
+++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data
@@ -1,3 +1,4 @@
+REMOTE-STATE
 COMMAND tf-directory-setup.py -l none
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
diff --git a/examples/full-cluster/locals.tf b/examples/full-cluster/irsa-roles/region.tf
similarity index 100%
rename from examples/full-cluster/locals.tf
rename to examples/full-cluster/irsa-roles/region.tf
diff --git a/examples/full-cluster/irsa-roles/tf-run.data b/examples/full-cluster/irsa-roles/tf-run.data
index 151331f..eecc8ab 100644
--- a/examples/full-cluster/irsa-roles/tf-run.data
+++ b/examples/full-cluster/irsa-roles/tf-run.data
@@ -1,3 +1,4 @@
+REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
diff --git a/examples/full-cluster/region.tf b/examples/full-cluster/region.tf
new file mode 100644
index 0000000..b7b1696
--- /dev/null
+++ b/examples/full-cluster/region.tf
@@ -0,0 +1,4 @@
+locals {
+  region = var.region
+}
+
diff --git a/examples/full-cluster/tf-run.data b/examples/full-cluster/tf-run.data
index 0f9370b..5df6416 100644
--- a/examples/full-cluster/tf-run.data
+++ b/examples/full-cluster/tf-run.data
@@ -1,3 +1,4 @@
+REMOTE-STATE
 COMMENT make sure the private-lb subnet and container subnets are tagged properly (see README.md)
 STOP then continue with at step 3
 COMMAND tf-directory-setup.py -l none -f