diff --git a/iam-cloud-admin.unfinished/README.md b/iam-cloud-admin.unfinished/README.md
index bf5d988..9a015fa 100644
--- a/iam-cloud-admin.unfinished/README.md
+++ b/iam-cloud-admin.unfinished/README.md
@@ -1,13 +1,13 @@
 # aws-inf-setup :: s3-flow-logs
 
-This set up the needed components for S3 VPC flow log bucket.  Only one flow log bucket is  
+This set up the needed components for S3 VPC flow log bucket.  Only one flow log bucket is
 needed
 
 * S3 bucket
 * S3 bucket objects (key prefixes, aka "directories")
 * S3 bucket policy
 
-# Usage  
+# Usage
 Here is a simple example, the one most commonly expected to be used.
 
 ```hcl
@@ -16,8 +16,8 @@ module "flowlogs" {
 }
 ```
 
-This one can be used if you need to customize stuff, though really, the defaults are all built  
-for a reason, and deployment code (i.e., Ansible) will expect these defaults to be used in  
+This one can be used if you need to customize stuff, though really, the defaults are all built
+for a reason, and deployment code (i.e., Ansible) will expect these defaults to be used in
 variable file generation.
 
 ```hcl
@@ -46,41 +46,48 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| test-role | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git |  |
+| <a name="module_test-role"></a> [test-role](#module\_test-role) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | n/a |
 
 ## Resources
 
-| Name |
-|------|
-| [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) |
-| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) |
-| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) |
-| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
-| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
-| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
+| Name | Type |
+|------|------|
+| [aws_iam_policy.deny_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.inf-manage-access-keys](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.inf-manage-credentials](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role.inf-cloud-admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.deny_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.ec2_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.inf-manage-access-keys](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.inf-manage-credentials](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.inf_kms_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_regions.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| account\_alias | AWS Account Alias | `string` | `""` | no |
-| account\_id | AWS Account ID (default will pull from current user) | `string` | `""` | no |
-| bucket\_name | VPC Flow Logs S3 bucket name | `string` | `""` | no |
-| bucket\_name\_prefix | VPC Flow Logs S3 bucket prefix, prepended to the AWS account ID to make the bucket name. | `string` | `"inf-flowlogs"` | no |
-| component\_tags | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
-| override\_prefixes | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
-| tags | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | VPC Flow Logs S3 bucket name | `string` | `""` | no |
+| <a name="input_bucket_name_prefix"></a> [bucket\_name\_prefix](#input\_bucket\_name\_prefix) | VPC Flow Logs S3 bucket prefix, prepended to the AWS account ID to make the bucket name. | `string` | `"inf-flowlogs"` | no |
+| <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| flowlogs\_bucket\_arn | VPC Flow Logs S3 bucket ARN |
-| flowlogs\_bucket\_id | VPC Flow Logs S3 bucket ID |
-| policy\_assume\_ec2 | Policy for assume for ec2 |
+| <a name="output_flowlogs_bucket_arn"></a> [flowlogs\_bucket\_arn](#output\_flowlogs\_bucket\_arn) | VPC Flow Logs S3 bucket ARN |
+| <a name="output_flowlogs_bucket_id"></a> [flowlogs\_bucket\_id](#output\_flowlogs\_bucket\_id) | VPC Flow Logs S3 bucket ID |
+| <a name="output_policy_assume_ec2"></a> [policy\_assume\_ec2](#output\_policy\_assume\_ec2) | Policy for assume for ec2 |
diff --git a/iam-cloud-admin.unfinished/main.tf b/iam-cloud-admin.unfinished/main.tf
index 2b0a8b7..07621a0 100644
--- a/iam-cloud-admin.unfinished/main.tf
+++ b/iam-cloud-admin.unfinished/main.tf
@@ -70,6 +70,6 @@ module "test-role" {
   #  enable_instance_role  = false
   #  ec2_assume_policy_document = "X"
   #  ec2_attached_policies = []
-  #  ldap_host             = "ldap.e.tco.census.gov"
+  #  ldap_host             = "ldap2.e.tco.census.gov"
   #  ldap_port             = 389
 }