diff --git a/CHANGELOG.md b/CHANGELOG.md
index 21e51526..73f86011 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,36 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.15.0
+
+### Upgrade Notes
+
+- Updated to the latest version of `lazy-z` to fix an issue with some CIDR ranges and IP addresses being incorrectly flagged as invalid
+
+### Features
+
+- VPC Routing Tables can now be advertised to Transit Gateway, and Direct Link
+- VPC Routing Table routes can now be assigned a Priority value and can advertise to the parent table's sources by using the `Advertise` toggle
+- Cloud Object Storage buckets now support Metrics Monitoring and Activity Tracking
+- Local CIDRs and Peer CIDRs are no longer required when creating a connection for a route-based VPN Gateway
+- F5 Templates with an invalid TMOS Admin Password are now shown as invalid from `/v2/vpcDeployments`
+- Image validation is now performed before a CRAIG configuration can be uploaded to Schematics
+- Users can now reserve specific IPs for VPC VSI Deployments by toggling the `Configure VSI IP Addresses` toggle
+- Domain Fields for Classic Gateways can now have `-` characters
+- Invalid VPC deployments are now shown in `/v2/vpcDeployments` even when there are no VPCs in the current configuration
+- F5 Templates with an invalid TMOS Admin Password are now shown as invalid from `/v2/vpcDeployments`
+- When updating to the latest CRAIG version in a project using Manual VPC Address Management, VPC Subnet Address Prefixes will automatically be updated to match custom subnet CIDRs
+- Updated resource helper text fields to more accurately display resource names at time of provision
+
+### Fixes
+
+- Fixed an issue causing encryption keys with no Key Ring value to populate with a `null` key ring
+- Fixed an issue where VPC address prefixes were not being updated when advanced subnets were created with Manual Address Management enabled
+- Fixed an issue preventing Terraform from being created when using an existing VPC
+- Fixed an issue causing Routing Tables to not have correct reference to an imported VPC
+- Clusters with names longer than 32 characters are now correctly shown as invalid
+- Fixed an issue where the VPN as a service template had an incorrect VPC address prefix
+
 ## 1.14.1
 
 ### Upgrade Notes
diff --git a/ansible/template-test/main.yml b/ansible/template-test/main.yml
index 7d55d038..e4012723 100644
--- a/ansible/template-test/main.yml
+++ b/ansible/template-test/main.yml
@@ -12,8 +12,14 @@
     - ./vars/template_override_vars/{{template}}.yml
   roles:
     - role: get_iam_token
+    - role: pause
+      vars:
+        pause_time: 1
     - role: download_tar
+    - role: get_workspace_data
+      when: use_existing_workspace == "true"
     - role: create_schematics_workspace
+      when: use_existing_workspace == "false"
       vars:
         description: Automated CRAIG Testing Workspace
     - role: upload_tar
@@ -22,6 +28,9 @@
   vars_files: ./vars/vars.template.yml
   roles:
     - role: update_variablestore
+    - role: pause
+      vars:
+        pause_time: 1
     - role: update_workspace_variables
 - name: Deploy CRAIG terraform template
   hosts: localhost
@@ -78,4 +87,6 @@
   roles:
     - role: get_iam_token
     - role: delete_schematics_workspace
-      when: job_status != "job_failed"
\ No newline at end of file
+      when: 
+        - job_status != "job_failed"
+        - use_existing_workspace == "false"
\ No newline at end of file
diff --git a/ansible/template-test/roles/action/tasks/main.yml b/ansible/template-test/roles/action/tasks/main.yml
index 661382e8..d846f271 100644
--- a/ansible/template-test/roles/action/tasks/main.yml
+++ b/ansible/template-test/roles/action/tasks/main.yml
@@ -2,7 +2,7 @@
 # tasks file for action
 - name: Start {{ action_type }} action
   uri:
-    url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/{{ action_type }}
+    url: "https://schematics.cloud.ibm.com/v1/workspaces/{{ existing_workspace_id if use_existing_workspace == 'true' else new_workspace_id }}/{{ action_type }}"
     method: "{{ 'POST' if action_type == 'plan' else 'PUT' }}"
     body_format: json
     headers:
diff --git a/ansible/template-test/roles/create_schematics_workspace/tasks/main.yml b/ansible/template-test/roles/create_schematics_workspace/tasks/main.yml
index 3e286dca..dc22315a 100644
--- a/ansible/template-test/roles/create_schematics_workspace/tasks/main.yml
+++ b/ansible/template-test/roles/create_schematics_workspace/tasks/main.yml
@@ -16,4 +16,8 @@
       "tags": ["craig"]
       "template_data": [{ "type": "terraform_v1.5"}]
     status_code: 201
-  register: workspace
\ No newline at end of file
+  register: workspace
+- name: Store Workspace IDs
+  set_fact:
+    new_workspace_id: "{{ workspace.json.id }}"
+    template_id: "{{ workspace.json.template_data[0].id }}"
\ No newline at end of file
diff --git a/ansible/template-test/roles/delete_schematics_workspace/tasks/main.yml b/ansible/template-test/roles/delete_schematics_workspace/tasks/main.yml
index 33db1ffd..95ba5547 100644
--- a/ansible/template-test/roles/delete_schematics_workspace/tasks/main.yml
+++ b/ansible/template-test/roles/delete_schematics_workspace/tasks/main.yml
@@ -2,7 +2,7 @@
 # tasks file for delete_schematics_workspace
 - name: Delete Schematics Workspace
   uri:
-    url: https://schematics.cloud.ibm.com/v1/workspaces/{{workspace.json.id}}
+    url: https://schematics.cloud.ibm.com/v1/workspaces/{{ new_workspace_id }}
     method: DELETE
     headers:
       Authorization: Bearer {{token.json.access_token}}
diff --git a/ansible/template-test/roles/get_workspace_data/README.md b/ansible/template-test/roles/get_workspace_data/README.md
new file mode 100644
index 00000000..225dd44b
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/ansible/template-test/roles/get_workspace_data/defaults/main.yml b/ansible/template-test/roles/get_workspace_data/defaults/main.yml
new file mode 100644
index 00000000..a6fd895e
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for get_workspace_data
diff --git a/ansible/template-test/roles/get_workspace_data/handlers/main.yml b/ansible/template-test/roles/get_workspace_data/handlers/main.yml
new file mode 100644
index 00000000..d8cdb732
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for get_workspace_data
diff --git a/ansible/template-test/roles/get_workspace_data/meta/main.yml b/ansible/template-test/roles/get_workspace_data/meta/main.yml
new file mode 100644
index 00000000..c572acc9
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/ansible/template-test/roles/get_workspace_data/tasks/main.yml b/ansible/template-test/roles/get_workspace_data/tasks/main.yml
new file mode 100644
index 00000000..05dd1337
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# tasks file for get_workspace_data 
+- name: Get workspace data
+  uri:
+    url: "https://schematics.cloud.ibm.com/v1/workspaces/{{existing_workspace_id}}"
+    method: GET
+    headers:
+      Authorization: Bearer {{token.json.access_token}}
+  register: workspace_data
+- name: Store template_id from workspace
+  set_fact:
+    template_id: "{{workspace_data.json.template_data[0].id}}"
diff --git a/ansible/template-test/roles/get_workspace_data/tests/inventory b/ansible/template-test/roles/get_workspace_data/tests/inventory
new file mode 100644
index 00000000..878877b0
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/ansible/template-test/roles/get_workspace_data/tests/test.yml b/ansible/template-test/roles/get_workspace_data/tests/test.yml
new file mode 100644
index 00000000..54820e40
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - get_workspace_data
diff --git a/ansible/template-test/roles/get_workspace_data/vars/main.yml b/ansible/template-test/roles/get_workspace_data/vars/main.yml
new file mode 100644
index 00000000..c5cd5670
--- /dev/null
+++ b/ansible/template-test/roles/get_workspace_data/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for get_workspace_data
diff --git a/ansible/template-test/roles/pause/tasks/main.yml b/ansible/template-test/roles/pause/tasks/main.yml
index ce695ae1..9d45c93d 100644
--- a/ansible/template-test/roles/pause/tasks/main.yml
+++ b/ansible/template-test/roles/pause/tasks/main.yml
@@ -1,4 +1,4 @@
 ---
-- name: Pause playbook for 5 minutes
+- name: Pause playbook for "{{ pause_time }}" minute(s)
   ansible.builtin.pause:
-    minutes: "{{ pause_time }}"
+    minutes: "{{ pause_time }}"
\ No newline at end of file
diff --git a/ansible/template-test/roles/update_workspace_variables/tasks/main.yml b/ansible/template-test/roles/update_workspace_variables/tasks/main.yml
index 24620002..77cf18ff 100644
--- a/ansible/template-test/roles/update_workspace_variables/tasks/main.yml
+++ b/ansible/template-test/roles/update_workspace_variables/tasks/main.yml
@@ -2,7 +2,7 @@
 # tasks file for update_workspace_variables
 - name: Update Workspace Variables
   uri:
-        url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/template_data/{{ workspace.json.template_data[0].id }}/values
+        url: "https://schematics.cloud.ibm.com/v1/workspaces/{{ existing_workspace_id if use_existing_workspace == 'true' else new_workspace_id }}/template_data/{{ template_id }}/values"
         method: PUT
         headers:
           Authorization: Bearer {{token.json.access_token}}
diff --git a/ansible/template-test/roles/upload_tar/tasks/main.yml b/ansible/template-test/roles/upload_tar/tasks/main.yml
index dc25fd1a..21dc9ac3 100644
--- a/ansible/template-test/roles/upload_tar/tasks/main.yml
+++ b/ansible/template-test/roles/upload_tar/tasks/main.yml
@@ -2,13 +2,13 @@
 # tasks file for upload_tar
 - name: Upload {{template}}.tar to Schematics Workspace
   ansible.builtin.shell: "curl -s --request PUT \
-            --url 'https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}/template_data/{{ workspace.json.template_data[0].id }}/template_repo_upload' \
+            --url 'https://schematics.cloud.ibm.com/v1/workspaces/{{ existing_workspace_id if use_existing_workspace == 'true' else new_workspace_id }}/template_data/{{ template_id }}/template_repo_upload' \
             -H 'Authorization: Bearer {{ token.json.access_token }}' \
             -H 'Content-Type: multipart/form-data' \
             --form 'file=@{{playbook_dir}}/{{template}}.tar'"
 - name: Wait until {{template}}.tar has been successfully uploaded
   uri:
-    url: https://schematics.cloud.ibm.com/v1/workspaces/{{ workspace.json.id }}
+    url: "https://schematics.cloud.ibm.com/v1/workspaces/{{ existing_workspace_id if use_existing_workspace == 'true' else new_workspace_id }}"
     method: GET
     body_format: json
     headers:
diff --git a/ansible/template-test/test-inside-action.yml b/ansible/template-test/test-inside-action.yml
index 467a5299..afcee45f 100644
--- a/ansible/template-test/test-inside-action.yml
+++ b/ansible/template-test/test-inside-action.yml
@@ -34,5 +34,9 @@
             metadata:
               secure: true
           - name: tf_var_ssh_key
-            value: "{{ tf_var_ssh_key }}"                                   
+            value: "{{ tf_var_ssh_key }}"
+          - name: use_existing_workspace
+            value: "{{ use_existing_workspace }}"
+          - name: existing_workspace_id
+            value: "{{ existing_workspace_id }}"
     - role: run_schematics_action
\ No newline at end of file
diff --git a/ansible/template-test/vars/template_override_vars/from-scratch.yml b/ansible/template-test/vars/template_override_vars/from-scratch.yml
new file mode 100644
index 00000000..e69de29b
diff --git a/ansible/template-test/vars/template_override_vars/power-vs-poc.yml b/ansible/template-test/vars/template_override_vars/power-vs-poc.yml
index f982ae31..ac6c2405 100644
--- a/ansible/template-test/vars/template_override_vars/power-vs-poc.yml
+++ b/ansible/template-test/vars/template_override_vars/power-vs-poc.yml
@@ -85,7 +85,7 @@ override_craig:
         - name: "pvm"
           ip_address: ""
       ssh_key: "powervs-ssh-key"
-      image: "IBMi-75-01-2924-2"
+      image: "IBMi-75-03-2984-1"
       pi_sys_type: "s922"
       pi_proc_type: "shared"
       pi_processors: "0.25"
diff --git a/ansible/template-test/vars/vars.template.yml b/ansible/template-test/vars/vars.template.yml
index dfcc7c79..2aa767a9 100644
--- a/ansible/template-test/vars/vars.template.yml
+++ b/ansible/template-test/vars/vars.template.yml
@@ -2,14 +2,19 @@
 # To run this playbook , copy this file to `vars.yml` and fill in your data
 # tf_var_preshared_key is only needed for the POC template
 
+# Terrafrom variabes
 tf_var_api_key: "<api-key>"
 tf_var_ssh_key: "<public-ssh-key>"
 tf_var_prefix: "<unique-prefix>"
 tf_var_preshared_key: "<preshared-key>" # 6-128 characters
 
-workspace_name: "<schematics-workspace-name>"
-template: "<template>"
+#Schematics variables
+use_existing_workspace: "<boolean>"
+workspace_name: "<new-schematics-workspace-name>"  # Only needed when use_existing_workspace is false
+existing_workspace_id: "<existing-schematics-workspace-id>" # Only needed when use_existing_workspace is true
 action_name: "<schematics-action-name>"
+
+template: "<craig-template-name>"
 git_branch: "<branch-of-playbook>"
 
 craig_url: https://craig.119gqgw56ti1.us-south.codeengine.appdomain.cloud/api/craig/template-tar
diff --git a/client/package-lock.json b/client/package-lock.json
index 932fd484..c6619bce 100644
--- a/client/package-lock.json
+++ b/client/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "craig",
-  "version": "1.14.1",
+  "version": "1.15.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "craig",
-      "version": "1.14.1",
+      "version": "1.15.0",
       "license": "Apache-2.0",
       "dependencies": {
         "@apollo/client": "^3.4.10",
@@ -20,7 +20,7 @@
         "html-to-image": "^1.11.11",
         "json-to-tf": "^0.3.1",
         "jszip": "^3.10.1",
-        "lazy-z": "^1.11.17",
+        "lazy-z": "^1.11.18",
         "react": "^18.0.0",
         "react-chartjs-2": "^5.2.0",
         "react-dom": "^18.0.0",
@@ -19221,9 +19221,9 @@
       }
     },
     "node_modules/lazy-z": {
-      "version": "1.11.17",
-      "resolved": "https://registry.npmjs.org/lazy-z/-/lazy-z-1.11.17.tgz",
-      "integrity": "sha512-Cxn7zXtnGsH5wVk2M6T99Lg5pcLik4t+OmugmGdYOn8AAbQYU+zA9Sz87H7ANYWX9AGZFz5/4JZ4mNapcRDQ5A==",
+      "version": "1.11.18",
+      "resolved": "https://registry.npmjs.org/lazy-z/-/lazy-z-1.11.18.tgz",
+      "integrity": "sha512-sqJJldfPDPF8lZb+4CrPISJSOVZKsgI4ASFVySE/LqG4Jc4RCk8ACgRrkF4PEvfXXANscHgWoms2WZdJbuW/uw==",
       "dependencies": {
         "regex-but-with-words": "^1.5.0"
       }
diff --git a/client/package.json b/client/package.json
index 394830f6..165a17ad 100644
--- a/client/package.json
+++ b/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "craig",
-  "version": "1.14.1",
+  "version": "1.15.0",
   "private": true,
   "license": "Apache-2.0",
   "scripts": {
@@ -26,7 +26,7 @@
     "html-to-image": "^1.11.11",
     "json-to-tf": "^0.3.1",
     "jszip": "^3.10.1",
-    "lazy-z": "^1.11.17",
+    "lazy-z": "^1.11.18",
     "react": "^18.0.0",
     "react-chartjs-2": "^5.2.0",
     "react-dom": "^18.0.0",
diff --git a/client/src/components/forms/DynamicForm.js b/client/src/components/forms/DynamicForm.js
index ab204220..f387ad30 100644
--- a/client/src/components/forms/DynamicForm.js
+++ b/client/src/components/forms/DynamicForm.js
@@ -84,6 +84,7 @@ const doNotRenderFields = [
   "pgw_zone_2",
   "pgw_zone_3",
   "ip_address",
+  "vsi_static_ips",
 ];
 
 class DynamicForm extends React.Component {
@@ -146,6 +147,9 @@ class DynamicForm extends React.Component {
     this.handleOverrideInputChange = this.handleOverrideInputChange.bind(this);
     this.getAllVsi = this.getAllVsi.bind(this);
     this.onPowerImageLoad = this.onPowerImageLoad.bind(this);
+    this.getVsiFromState = this.getVsiFromState.bind(this);
+    this.handleReservedIpInputChange =
+      this.handleReservedIpInputChange.bind(this);
   }
 
   /**
@@ -181,6 +185,14 @@ class DynamicForm extends React.Component {
     return madeChanges;
   }
 
+  handleReservedIpInputChange(subnetIndex, vsiIndex) {
+    return (event) => {
+      let reserved_ips = [...this.state.reserved_ips];
+      reserved_ips[subnetIndex][vsiIndex] = event.target.value;
+      this.setState({ reserved_ips });
+    };
+  }
+
   /**
    * handle input change
    * @param {*} event
@@ -218,6 +230,35 @@ class DynamicForm extends React.Component {
     } else this.setState({ [toggleName]: !this.state[toggleName] });
   }
 
+  /**
+   * get dynamic list of vsi for rendering static reserved ips
+   * @returns {Array<object>} vsi
+   */
+  getVsiFromState() {
+    let allVsi = [];
+    let nextRow = [];
+    // for each subnet vsi
+    for (let subnet = 0; subnet < this.state.subnets.length; subnet++) {
+      // for each vsi per subnet
+      for (let count = 0; count < this.state.vsi_per_subnet; count++) {
+        nextRow.push({
+          name: this.state.name + "-" + (count + 1),
+          subnet: this.state.subnets[subnet] + "-" + (count + 1),
+          subnetIndex: subnet,
+          vsiIndex: count,
+        });
+        if (nextRow.length === 3) {
+          allVsi.push(nextRow);
+          nextRow = [];
+        }
+      }
+    }
+    if (nextRow.length > 0) {
+      allVsi.push(nextRow);
+    }
+    return allVsi;
+  }
+
   /**
    * get dynamic list of vsi for lb page
    * @returns {Array<string>} list of vsi
@@ -238,6 +279,8 @@ class DynamicForm extends React.Component {
           nextRow.push({
             name: deployment + "-" + (count + 1),
             subnet: vsi.subnets[subnet],
+            subnetIndex: subnet,
+            vsiIndex: count,
           });
           if (nextRow.length === 3) {
             allVsi.push(nextRow);
@@ -288,6 +331,37 @@ class DynamicForm extends React.Component {
                 ))}
               </CraigFormGroup>
             ))
+          ) : group.vsi_static_ips ? (
+            (this.state.enable_static_ips ? this.getVsiFromState() : []).map(
+              (row, index) => {
+                return (
+                  <CraigFormGroup key={"vsi-row-" + index}>
+                    {row.map((vsi, vsiIndex) => {
+                      let propsCopy = { ...this.props };
+                      propsCopy.subnet = vsi.subnetIndex;
+                      propsCopy.vsi = vsi.vsiIndex;
+                      return (
+                        <div className="fieldWidthSmaller">
+                          <h4 style={{ fontWeight: "bold" }}>{vsi.subnet}</h4>
+                          {RenderForm(DynamicFormTextInput, {
+                            name: "reserved_ips",
+                            subnet: vsi.subnetIndex,
+                            vsi: vsi.vsiIndex,
+                            field: this.props.craig.vsi.reserved_ips,
+                            parentState: this.state,
+                            parentProps: propsCopy,
+                            handleInputChange: this.handleReservedIpInputChange(
+                              vsi.subnetIndex,
+                              vsi.vsiIndex
+                            ),
+                          })}
+                        </div>
+                      );
+                    })}
+                  </CraigFormGroup>
+                );
+              }
+            )
           ) : (
             <CraigFormGroup
               {...dynamicCraigFormGroupsProps(this.props, index, this.state)}
@@ -300,7 +374,8 @@ class DynamicForm extends React.Component {
                   : field.type;
                 return (field.hideWhen &&
                   field.hideWhen(this.state, this.props)) ||
-                  key === "hideWhen" ? (
+                  key === "hideWhen" ||
+                  key === "className" ? (
                   ""
                 ) : (
                   <DynamicToolTipWrapper
diff --git a/client/src/components/forms/ObservabilityForm.js b/client/src/components/forms/ObservabilityForm.js
index 8fb4998e..287e5421 100644
--- a/client/src/components/forms/ObservabilityForm.js
+++ b/client/src/components/forms/ObservabilityForm.js
@@ -24,7 +24,7 @@ const ObservabilityForm = (props) => {
               name="LogDNA"
               submissionFieldName="logdna"
               hideName
-              wrapperClassName="marginBottomNone"
+              wrapperClassName="marginBottomXs"
               noDeleteButton
               useAddButton={craig.store.json.logdna.enabled === false}
               onShowToggle={none}
diff --git a/client/src/components/pages/CraigForms.js b/client/src/components/pages/CraigForms.js
index d268e7ae..5f2e5fd7 100644
--- a/client/src/components/pages/CraigForms.js
+++ b/client/src/components/pages/CraigForms.js
@@ -945,11 +945,52 @@ function craigForms(craig) {
               {
                 name: craig.object_storage.buckets.name,
                 storage_class: craig.object_storage.buckets.storage_class,
+                kms_key: craig.object_storage.buckets.kms_key,
               },
               {
-                kms_key: craig.object_storage.buckets.kms_key,
                 force_delete: craig.object_storage.buckets.force_delete,
               },
+              {
+                activity_tracking:
+                  craig.object_storage.buckets.activity_tracking,
+                metrics_monitoring:
+                  craig.object_storage.buckets.metrics_monitoring,
+              },
+              {
+                heading: {
+                  type: "subHeading",
+                  name: "Activity Tracking",
+                  className: "marginBottomSmall",
+                },
+                hideWhen:
+                  craig.object_storage.buckets.read_data_events.hideWhen,
+              },
+              {
+                read_data_events: craig.object_storage.buckets.read_data_events,
+                write_data_events:
+                  craig.object_storage.buckets.write_data_events,
+                activity_tracking_crn:
+                  craig.object_storage.buckets.activity_tracking_crn,
+                className: "subForm",
+              },
+              {
+                heading: {
+                  type: "subHeading",
+                  name: "Metrics Monitoring",
+                  className: "marginBottomSmall",
+                },
+                hideWhen:
+                  craig.object_storage.buckets.request_metrics_enabled.hideWhen,
+              },
+              {
+                request_metrics_enabled:
+                  craig.object_storage.buckets.request_metrics_enabled,
+                usage_metrics_enabled:
+                  craig.object_storage.buckets.usage_metrics_enabled,
+                metrics_monitoring_crn:
+                  craig.object_storage.buckets.metrics_monitoring_crn,
+                className: "subForm",
+              },
             ],
           },
         },
@@ -1197,6 +1238,7 @@ function craigForms(craig) {
         {
           accept_routes_from_resource_type:
             craig.routing_tables.accept_routes_from_resource_type,
+          advertise_routes_to: craig.routing_tables.advertise_routes_to,
         },
       ],
       subForms: [
@@ -1214,6 +1256,10 @@ function craigForms(craig) {
               {
                 action: craig.routing_tables.routes.action,
                 next_hop: craig.routing_tables.routes.next_hop,
+                priority: craig.routing_tables.routes.priority,
+              },
+              {
+                advertise: craig.routing_tables.routes.advertise,
               },
             ],
           },
@@ -1585,13 +1631,24 @@ function craigForms(craig) {
           snapshot: craig.vsi.snapshot,
           profile: craig.vsi.profile,
         },
+        {
+          user_data: craig.vsi.user_data,
+        },
+        {
+          heading: {
+            type: "subHeading",
+            name: "Address Options",
+            className: "marginBottomSmall",
+          },
+        },
         {
           enable_floating_ip: craig.vsi.enable_floating_ip,
           primary_interface_ip_spoofing:
             craig.vsi.primary_interface_ip_spoofing,
+          enable_static_ips: craig.vsi.enable_static_ips,
         },
         {
-          user_data: craig.vsi.user_data,
+          vsi_static_ips: true,
         },
       ],
       subForms: [
diff --git a/client/src/components/pages/diagrams/DeploymentIcon.js b/client/src/components/pages/diagrams/DeploymentIcon.js
index 2714d6a2..620af5cc 100644
--- a/client/src/components/pages/diagrams/DeploymentIcon.js
+++ b/client/src/components/pages/diagrams/DeploymentIcon.js
@@ -49,6 +49,11 @@ function deploymentIconBoxClassName(props) {
         addBoxClassName = " diagramIconBoxInvalid";
     });
     boxClassName += addBoxClassName;
+  } else if (
+    props.itemName === "f5_vsi" &&
+    isNullOrEmptyString(props.item.template.tmos_admin_password)
+  ) {
+    boxClassName += " diagramIconBoxInvalid";
   }
   return boxClassName;
 }
diff --git a/client/src/components/pages/diagrams/VpcMap.js b/client/src/components/pages/diagrams/VpcMap.js
index ac6de51f..f22addc2 100644
--- a/client/src/components/pages/diagrams/VpcMap.js
+++ b/client/src/components/pages/diagrams/VpcMap.js
@@ -41,7 +41,9 @@ export const VpcMap = (props) => {
       nullVpcResources = true;
     }
   });
-  return craig.store.json.vpcs.length === 0 && !props.static ? (
+  return craig.store.json.vpcs.length === 0 &&
+    !nullVpcResources &&
+    !props.static ? (
     <CraigEmptyResourceTile
       name="VPCs"
       className="width580 marginTopHalfRem"
diff --git a/client/src/components/pages/projects/Projects.js b/client/src/components/pages/projects/Projects.js
index 099e24d6..cca40550 100644
--- a/client/src/components/pages/projects/Projects.js
+++ b/client/src/components/pages/projects/Projects.js
@@ -2,7 +2,7 @@ import React from "react";
 import { Button } from "@carbon/react";
 import { ProjectFormModal } from "./ProjectFormModal";
 import { JSONModal } from "./JSONModal";
-import { azsort, contains, eachKey, splatContains } from "lazy-z";
+import { azsort, contains, eachKey, isEmpty, splatContains } from "lazy-z";
 import {
   Add,
   DocumentImport,
@@ -264,8 +264,9 @@ class Projects extends React.Component {
   /**
    * on validation modal done
    * @param {*} invalidItems
+   * @param {*} callback
    */
-  afterValidation(invalidItems) {
+  afterValidation(invalidItems, callback) {
     let noItemsInvalid = true;
     // if any arrays in the map of invalid items have a name contained within
     // set to false
@@ -277,7 +278,9 @@ class Projects extends React.Component {
     // if no items are invalid, hide modal. otherwise save invalid items to state
     if (noItemsInvalid)
       setTimeout(() => {
-        this.setState({ showValidationModal: false });
+        this.setState({ showValidationModal: false }, () => {
+          if (callback) callback();
+        });
       }, 1000);
     else this.setState({ invalidItems });
   }
@@ -333,68 +336,89 @@ class Projects extends React.Component {
    */
   onSchematicsUploadClick(keyName) {
     return () => {
-      this.setState(
-        {
-          clickedProject: this.props.projects[keyName].name,
-          clickedWorkspace: this.props.projects[keyName].workspace_name,
-          // fix data before retry
-          loadingModalOpen: false,
-          loadingDone: false,
-          schematicsFailed: false,
-        },
-        () => {
-          this.toggleLoadingModal();
-          let notification = {
-            title: "Success",
-            kind: "success",
-            text: `Starting upload to ${this.props.projects[keyName].workspace_name}`,
-            timeout: 3000,
-          };
-          this.props.notify(notification);
+      this.setState({ loadingModalOpen: true }, () => {
+        this.props.onProjectSelect(
+          this.props.projects[keyName].project_name,
+          "",
+          (invalidItems) => {
+            let hasInvalidItems = false;
+            eachKey(invalidItems, (key) => {
+              if (!isEmpty(invalidItems[key])) hasInvalidItems = true;
+            });
 
-          return fetch(
-            `/api/schematics/tar/${this.props.projects[keyName].workspace_name}/${this.props.projects[keyName].workspace_region}`,
-            {
-              method: "PUT",
-              headers: { "Content-Type": "application/json" },
-              body: JSON.stringify(this.props.projects[keyName].json),
-            }
-          )
-            .then((res) => res.json())
-            .then((data) => {
-              if (data.error) {
-                throw data.error;
-              } else {
-                let notification = {
-                  title: "Success",
-                  kind: "success",
-                  text: `Successfully uploaded to Schematics`,
-                  timeout: 3000,
-                };
-                this.setState({
-                  loadingDone: true,
-                  clickedWorkspaceUrl:
-                    this.props.projects[keyName].workspace_url,
-                });
-                this.props.notify(notification);
-              }
-            })
-            .catch((err) => {
-              console.error(err);
-              let notification = {
-                title: "Error",
-                kind: "error",
-                text: "Upload failed with error: " + err || err.message,
-                timeout: 3000,
-              };
+            if (hasInvalidItems) {
               this.setState({
-                loadingDone: true,
-                schematicsFailed: true,
+                showValidationModal: true,
+                invalidItems: invalidItems,
+                loadingModalOpen: false,
               });
-              this.props.notify(notification);
-            });
-        }
-      );
+            } else {
+              this.setState(
+                {
+                  clickedProject: this.props.projects[keyName].name,
+                  clickedWorkspace: this.props.projects[keyName].workspace_name,
+                  // fix data before retry
+                  loadingModalOpen: false,
+                  loadingDone: false,
+                  schematicsFailed: false,
+                },
+                () => {
+                  this.toggleLoadingModal();
+                  let notification = {
+                    title: "Success",
+                    kind: "success",
+                    text: `Starting upload to ${this.props.projects[keyName].workspace_name}`,
+                    timeout: 3000,
+                  };
+                  this.props.notify(notification);
+
+                  return fetch(
+                    `/api/schematics/tar/${this.props.projects[keyName].workspace_name}/${this.props.projects[keyName].workspace_region}`,
+                    {
+                      method: "PUT",
+                      headers: { "Content-Type": "application/json" },
+                      body: JSON.stringify(this.props.projects[keyName].json),
+                    }
+                  )
+                    .then((res) => res.json())
+                    .then((data) => {
+                      if (data.error) {
+                        throw data.error;
+                      } else {
+                        let notification = {
+                          title: "Success",
+                          kind: "success",
+                          text: `Successfully uploaded to Schematics`,
+                          timeout: 3000,
+                        };
+                        this.setState({
+                          loadingDone: true,
+                          clickedWorkspaceUrl:
+                            this.props.projects[keyName].workspace_url,
+                        });
+                        this.props.notify(notification);
+                      }
+                    })
+                    .catch((err) => {
+                      console.error(err);
+                      let notification = {
+                        title: "Error",
+                        kind: "error",
+                        text: "Upload failed with error: " + err || err.message,
+                        timeout: 3000,
+                      };
+                      this.setState({
+                        loadingDone: true,
+                        schematicsFailed: true,
+                      });
+                      this.props.notify(notification);
+                    });
+                }
+              );
+            }
+          }
+        );
+      });
     };
   }
 
diff --git a/client/src/lib/docs/release-notes.json b/client/src/lib/docs/release-notes.json
index 3fbe82ba..37ed59a4 100644
--- a/client/src/lib/docs/release-notes.json
+++ b/client/src/lib/docs/release-notes.json
@@ -1,4 +1,32 @@
 [
+  {
+    "version": "1.15.0",
+    "features": [
+      "VPC Routing Tables can now be advertised to Transit Gateway, and Direct Link",
+      "VPC Routing Table routes can now be assigned a Priority value and can advertise to the parent table's sources by using the `Advertise` toggle",
+      "Cloud Object Storage buckets now support Metrics Monitoring and Activity Tracking",
+      "Local CIDRs and Peer CIDRs are no longer required when creating a connection for a route-based VPN Gateway",
+      "F5 Templates with an invalid TMOS Admin Password are now shown as invalid from `/v2/vpcDeployments`",
+      "Image validation is now performed before a CRAIG configuration can be uploaded to Schematics",
+      "Users can now reserve specific IPs for VPC VSI Deployments by toggling the `Configure VSI IP Addresses` toggle",
+      "Domain Fields for Classic Gateways can now have `-` characters",
+      "Invalid VPC deployments are now shown in `/v2/vpcDeployments` even when there are no VPCs in the current configuration",
+      "F5 Templates with an invalid TMOS Admin Password are now shown as invalid from `/v2/vpcDeployments`",
+      "When updating to the latest CRAIG version in a project using Manual VPC Address Management, VPC Subnet Address Prefixes will automatically be updated to match custom subnet CIDRs",
+      "Updated resource helper text fields to more accurately display resource names at time of provision"
+    ],
+    "fixes": [
+      "Fixed an issue causing encryption keys with no Key Ring value to populate with a `null` key ring",
+      "Fixed an issue where VPC address prefixes were not being updated when advanced subnets were created with Manual Address Management enabled",
+      "Fixed an issue preventing Terraform from being created when using an existing VPC",
+      "Fixed an issue causing Routing Tables to not have correct reference to an imported VPC",
+      "Clusters with names longer than 32 characters are now correctly shown as invalid",
+      "Fixed an issue where the VPN as a service template had an incorrect VPC address prefix"
+    ],
+    "upgrade_notes": [
+      "Updated to the latest version of `lazy-z` to fix an issue with some CIDR ranges and IP addresses being incorrectly flagged as invalid"
+    ]
+  },
   {
     "version": "1.14.1",
     "features": [
diff --git a/client/src/lib/docs/templates/oracle-rac.json b/client/src/lib/docs/templates/oracle-rac.json
index 2691f0e3..5abb0a2a 100644
--- a/client/src/lib/docs/templates/oracle-rac.json
+++ b/client/src/lib/docs/templates/oracle-rac.json
@@ -94,7 +94,7 @@
           "key_ring": "ring",
           "name": "roks-key",
           "root_key": true,
-          "force_delete": null,
+          "force_delete": false,
           "endpoint": null,
           "rotation": 1,
           "dual_auth_delete": false
@@ -123,7 +123,15 @@
           "kms_key": "atracker-key",
           "name": "atracker-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -149,7 +157,15 @@
           "kms_key": "key",
           "name": "management-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "endpoint": "public",
@@ -157,7 +173,15 @@
           "kms_key": "key",
           "name": "workload-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "use_random_suffix": true,
@@ -177,7 +201,7 @@
       "ssh_keys": [
         {
           "name": "power-ssh",
-          "public_key": "",
+          "public_key": null,
           "use_data": false,
           "resource_group": "management-rg",
           "workspace": "oracle-template",
@@ -195,7 +219,8 @@
           "workspace": "oracle-template",
           "zone": "dal12",
           "workspace_use_data": false,
-          "pi_network_mtu": "1500"
+          "pi_network_mtu": "1500",
+          "use_data": false
         },
         {
           "name": "oracle-private-1",
@@ -206,7 +231,8 @@
           "workspace": "oracle-template",
           "zone": "dal12",
           "workspace_use_data": false,
-          "pi_network_mtu": "1500"
+          "pi_network_mtu": "1500",
+          "use_data": false
         },
         {
           "name": "oracle-private-2",
@@ -217,7 +243,8 @@
           "workspace": "oracle-template",
           "zone": "dal12",
           "workspace_use_data": false,
-          "pi_network_mtu": "1500"
+          "pi_network_mtu": "1500",
+          "use_data": false
         }
       ],
       "cloud_connections": [],
@@ -1130,46 +1157,46 @@
       "publicGateways": [],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.10.0.0/29",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vsi-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpn-zone-1",
           "cidr": "10.10.0.16/28",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpn-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.20.0.0/29",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vsi-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.30.0.0/29",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vsi-zone-3",
+          "vpc": "management",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.10.0.48/29",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpe-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.20.0.16/29",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vpe-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.30.0.16/29",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vpe-zone-3",
+          "vpc": "management",
+          "zone": 3
         }
       ],
       "subnets": [
@@ -1386,15 +1413,24 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1412,40 +1448,40 @@
       "publicGateways": [],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.40.0.0/29",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vsi-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.50.0.0/29",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vsi-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.60.0.0/29",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vsi-zone-3",
+          "vpc": "workload",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.40.0.16/29",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vpe-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.50.0.16/29",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vpe-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.60.0.16/29",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vpe-zone-3",
+          "vpc": "workload",
+          "zone": 3
         }
       ],
       "subnets": [
@@ -1652,11 +1688,17 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1696,7 +1738,13 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [
+        ["", ""],
+        ["", ""],
+        ["", ""]
+      ],
+      "enable_static_ips": false
     },
     {
       "kms": "kms",
@@ -1720,7 +1768,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""], [""], [""]],
+      "enable_static_ips": false
     }
   ]
 }
diff --git a/client/src/lib/docs/templates/oracle-si.json b/client/src/lib/docs/templates/oracle-si.json
index f2793d4c..3cbf46d8 100644
--- a/client/src/lib/docs/templates/oracle-si.json
+++ b/client/src/lib/docs/templates/oracle-si.json
@@ -94,7 +94,7 @@
           "key_ring": "ring",
           "name": "roks-key",
           "root_key": true,
-          "force_delete": null,
+          "force_delete": false,
           "endpoint": null,
           "rotation": 1,
           "dual_auth_delete": false
@@ -123,7 +123,15 @@
           "kms_key": "atracker-key",
           "name": "atracker-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -149,7 +157,15 @@
           "kms_key": "key",
           "name": "management-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "endpoint": "public",
@@ -157,7 +173,15 @@
           "kms_key": "key",
           "name": "workload-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "use_random_suffix": true,
@@ -177,7 +201,7 @@
       "ssh_keys": [
         {
           "name": "power-ssh",
-          "public_key": "",
+          "public_key": null,
           "use_data": false,
           "resource_group": "management-rg",
           "workspace": "oracle-template",
@@ -195,7 +219,8 @@
           "workspace": "oracle-template",
           "zone": "dal12",
           "workspace_use_data": false,
-          "pi_network_mtu": "1500"
+          "pi_network_mtu": "1500",
+          "use_data": false
         }
       ],
       "cloud_connections": [],
@@ -859,46 +884,46 @@
       "publicGateways": [],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.10.0.0/29",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vsi-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpn-zone-1",
           "cidr": "10.10.0.16/28",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpn-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.20.0.0/29",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vsi-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.30.0.0/29",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vsi-zone-3",
+          "vpc": "management",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.10.0.48/29",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpe-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.20.0.16/29",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vpe-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.30.0.16/29",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vpe-zone-3",
+          "vpc": "management",
+          "zone": 3
         }
       ],
       "subnets": [
@@ -1115,15 +1140,24 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1141,40 +1175,40 @@
       "publicGateways": [],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.40.0.0/29",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vsi-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.50.0.0/29",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vsi-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.60.0.0/29",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vsi-zone-3",
+          "vpc": "workload",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.40.0.16/29",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vpe-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.50.0.16/29",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vpe-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.60.0.16/29",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vpe-zone-3",
+          "vpc": "workload",
+          "zone": 3
         }
       ],
       "subnets": [
@@ -1381,11 +1415,17 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1425,7 +1465,13 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [
+        ["", ""],
+        ["", ""],
+        ["", ""]
+      ],
+      "enable_static_ips": false
     },
     {
       "kms": "kms",
@@ -1449,7 +1495,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""], [""], [""]],
+      "enable_static_ips": false
     }
   ]
 }
diff --git a/client/src/lib/docs/templates/power-poc-quick-start.json b/client/src/lib/docs/templates/power-poc-quick-start.json
index 6841cf09..802e2baf 100644
--- a/client/src/lib/docs/templates/power-poc-quick-start.json
+++ b/client/src/lib/docs/templates/power-poc-quick-start.json
@@ -119,7 +119,15 @@
           "storage_class": "smart",
           "kms_key": null,
           "endpoint": "public",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "force_delete": false,
@@ -127,7 +135,15 @@
           "storage_class": "smart",
           "kms_key": null,
           "endpoint": "public",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -153,7 +169,15 @@
           "kms_key": "atracker-key",
           "force_delete": false,
           "use_random_suffix": false,
-          "endpoint": null
+          "endpoint": null,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -174,7 +198,7 @@
       "ssh_keys": [
         {
           "name": "powervs-ssh-key",
-          "public_key": "",
+          "public_key": null,
           "use_data": false,
           "resource_group": "power-rg",
           "workspace": "dal10",
@@ -192,7 +216,8 @@
           "zone": "dal10",
           "workspace_use_data": false,
           "use_data": false,
-          "pi_network_mtu": "9000"
+          "pi_network_mtu": "9000",
+          "pi_network_jumbo": false
         }
       ],
       "cloud_connections": [],
@@ -568,7 +593,8 @@
       "direct_link_ingress": false,
       "route_direct_link_ingress": false,
       "route_vpc_zone_ingress": false,
-      "accept_routes_from_resource_type": ["vpn_gateway", "vpn_server"]
+      "accept_routes_from_resource_type": ["vpn_gateway", "vpn_server"],
+      "advertise_routes_to": []
     }
   ],
   "scc": {
@@ -840,10 +866,22 @@
       "publicGateways": [1],
       "address_prefixes": [
         {
+          "cidr": "10.10.0.0/26",
+          "name": "vsi-zone-1",
           "vpc": "transit",
-          "zone": 1,
-          "name": "transit-zone-1",
-          "cidr": "10.10.0.0/22"
+          "zone": 1
+        },
+        {
+          "cidr": "10.10.0.128/29",
+          "name": "vpe-zone-1",
+          "vpc": "transit",
+          "zone": 1
+        },
+        {
+          "cidr": "10.10.0.144/28",
+          "name": "vpn-zone-1",
+          "vpc": "transit",
+          "zone": 1
         }
       ],
       "subnets": [
@@ -963,15 +1001,24 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -995,7 +1042,7 @@
             "10.10.0.144/28"
           ],
           "vpn": "dal10gw",
-          "peer_address": "",
+          "peer_address": null,
           "admin_state_up": true
         }
       ],
@@ -1026,7 +1073,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [["", ""]],
+      "enable_static_ips": false
     }
   ],
   "vtl": []
diff --git a/client/src/lib/docs/templates/power-sap-hana.json b/client/src/lib/docs/templates/power-sap-hana.json
index 76617bf4..6dcd86b8 100644
--- a/client/src/lib/docs/templates/power-sap-hana.json
+++ b/client/src/lib/docs/templates/power-sap-hana.json
@@ -132,7 +132,15 @@
           "kms_key": "atracker-key",
           "name": "atracker-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -158,7 +166,15 @@
           "kms_key": "key",
           "name": "management-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "endpoint": "public",
@@ -166,7 +182,15 @@
           "kms_key": "key",
           "name": "workload-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "name": "transit-bucket",
@@ -174,7 +198,15 @@
           "kms_key": "key",
           "force_delete": true,
           "use_random_suffix": true,
-          "endpoint": null
+          "endpoint": null,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "use_random_suffix": true,
@@ -194,7 +226,7 @@
       "ssh_keys": [
         {
           "name": "power-ssh-key",
-          "public_key": "",
+          "public_key": null,
           "use_data": false,
           "resource_group": "powervs-rg",
           "workspace": "secure-powervs",
@@ -501,210 +533,6 @@
             "${ibm_pi_image.power_image_secure_powervs_rhel8_sp6_sap_netweaver}"
           ]
         },
-        {
-          "creationDate": "2023-12-05T21:08:16.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/9fce83ea-7a5f-4f26-a14a-d14cc471b1e5",
-          "imageID": "9fce83ea-7a5f-4f26-a14a-d14cc471b1e5",
-          "lastUpdateDate": "2023-12-05T21:29:53.000Z",
-          "name": "RHEL8-SP8",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock-fls",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "Tier3-Flash-1",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": [
-            "${ibm_pi_image.power_image_secure_powervs_rhel8_sp6_sap_netweaver_byol}"
-          ]
-        },
-        {
-          "creationDate": "2024-01-30T21:33:02.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/3be1bd33-55b8-482e-a400-ef27f9fd9352",
-          "imageID": "3be1bd33-55b8-482e-a400-ef27f9fd9352",
-          "lastUpdateDate": "2024-01-30T21:36:20.000Z",
-          "name": "RHEL8-SP8-BYOL",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "General-Flash-50",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": ["${ibm_pi_image.power_image_secure_powervs_rhel8_sp8}"]
-        },
-        {
-          "creationDate": "2023-12-05T22:48:44.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/0acf14cc-1638-4755-80e0-cf305a830cdc",
-          "imageID": "0acf14cc-1638-4755-80e0-cf305a830cdc",
-          "lastUpdateDate": "2023-12-05T23:02:42.000Z",
-          "name": "RHEL8-SP8-SAP",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock-sap-fls",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "Tier3-Flash-1",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": [
-            "${ibm_pi_image.power_image_secure_powervs_rhel8_sp8_byol}"
-          ]
-        },
-        {
-          "creationDate": "2023-12-06T00:29:23.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/6d180e6b-f6a2-4cc8-a99e-6bbaac5caf90",
-          "imageID": "6d180e6b-f6a2-4cc8-a99e-6bbaac5caf90",
-          "lastUpdateDate": "2023-12-06T04:26:13.000Z",
-          "name": "RHEL8-SP8-SAP-NETWEAVER",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock-sap-netweaver-fls",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "Tier3-Flash-1",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": [
-            "${ibm_pi_image.power_image_secure_powervs_rhel8_sp8_sap}"
-          ]
-        },
-        {
-          "creationDate": "2023-09-20T15:49:34.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/2dee28bc-417b-4979-b3da-3a28919151e1",
-          "imageID": "2dee28bc-417b-4979-b3da-3a28919151e1",
-          "lastUpdateDate": "2023-09-20T17:18:09.000Z",
-          "name": "RHEL9-SP2",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock-fls",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "Tier3-Flash-1",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": [
-            "${ibm_pi_image.power_image_secure_powervs_rhel8_sp8_sap_netweaver}"
-          ]
-        },
-        {
-          "creationDate": "2024-01-30T23:18:25.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/bd66e44a-c8ba-48e2-a1c5-22a41f825240",
-          "imageID": "bd66e44a-c8ba-48e2-a1c5-22a41f825240",
-          "lastUpdateDate": "2024-01-31T02:14:12.000Z",
-          "name": "RHEL9-SP2-BYOL",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "General-Flash-50",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": ["${ibm_pi_image.power_image_secure_powervs_rhel9_sp2}"]
-        },
-        {
-          "creationDate": "2023-12-06T02:09:55.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/f623bd8e-4a64-4661-8463-6f469e8b395a",
-          "imageID": "f623bd8e-4a64-4661-8463-6f469e8b395a",
-          "lastUpdateDate": "2023-12-06T04:26:13.000Z",
-          "name": "RHEL9-SP2-SAP",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock-sap-fls",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "Tier3-Flash-1",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": [
-            "${ibm_pi_image.power_image_secure_powervs_rhel9_sp2_byol}"
-          ]
-        },
-        {
-          "creationDate": "2023-12-06T03:49:59.000Z",
-          "description": "",
-          "href": "/pcloud/v1/cloud-instances/d839ff9f75e2465a81707aa69ee9a9b7/stock-images/b4512246-e2e7-4f67-ba51-0cdab141cd04",
-          "imageID": "b4512246-e2e7-4f67-ba51-0cdab141cd04",
-          "lastUpdateDate": "2023-12-06T04:26:13.000Z",
-          "name": "RHEL9-SP2-SAP-NETWEAVER",
-          "specifications": {
-            "architecture": "ppc64",
-            "containerFormat": "bare",
-            "diskFormat": "raw",
-            "endianness": "little-endian",
-            "hypervisorType": "phyp",
-            "imageType": "stock-sap-netweaver-fls",
-            "operatingSystem": "rhel"
-          },
-          "state": "active",
-          "storagePool": "Tier3-Flash-1",
-          "storageType": "tier3",
-          "workspace": "secure-powervs",
-          "zone": "dal10",
-          "workspace_use_data": false,
-          "depends_on": [
-            "${ibm_pi_image.power_image_secure_powervs_rhel9_sp2_sap}"
-          ]
-        },
         {
           "creationDate": "2023-02-15T06:41:24.000Z",
           "description": "",
@@ -1108,14 +936,6 @@
         "RHEL8-SP6-SAP-BYOL",
         "RHEL8-SP6-SAP-NETWEAVER",
         "RHEL8-SP6-SAP-NETWEAVER-BYOL",
-        "RHEL8-SP8-BYOL",
-        "RHEL8-SP8",
-        "RHEL8-SP8-SAP",
-        "RHEL8-SP8-SAP-NETWEAVER",
-        "RHEL9-SP2",
-        "RHEL9-SP2-BYOL",
-        "RHEL9-SP2-SAP",
-        "RHEL9-SP2-SAP-NETWEAVER",
         "SLES15-SP2-SAP",
         "SLES15-SP2-SAP-BYOL",
         "SLES15-SP2-SAP-NETWEAVER",
@@ -2439,22 +2259,22 @@
       "publicGateways": [],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.10.0.0/29",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vsi-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpn-zone-1",
           "cidr": "10.10.0.16/28",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpn-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.10.0.48/29",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpe-zone-1",
+          "vpc": "management",
+          "zone": 1
         }
       ],
       "subnets": [
@@ -4368,7 +4188,10 @@
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
@@ -4395,16 +4218,16 @@
       "publicGateways": [],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.40.0.0/28",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vsi-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.40.0.32/29",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vpe-zone-1",
+          "vpc": "workload",
+          "zone": 1
         }
       ],
       "subnets": [
@@ -4856,16 +4679,16 @@
       "default_routing_table_name": null,
       "address_prefixes": [
         {
-          "vpc": "transit",
-          "zone": 1,
           "cidr": "10.70.10.0/24",
-          "name": "vsi-zone-1"
+          "name": "vsi-zone-1",
+          "vpc": "transit",
+          "zone": 1
         },
         {
-          "vpc": "transit",
-          "zone": 1,
           "cidr": "10.70.20.0/24",
-          "name": "vpe-zone-1"
+          "name": "vpe-zone-1",
+          "vpc": "transit",
+          "zone": 1
         }
       ],
       "subnets": [
@@ -5543,7 +5366,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""]],
+      "enable_static_ips": false
     },
     {
       "kms": "kms",
@@ -5566,7 +5391,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""]],
+      "enable_static_ips": false
     },
     {
       "kms": "kms",
@@ -5589,7 +5416,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""]],
+      "enable_static_ips": false
     }
   ],
   "vtl": []
diff --git a/client/src/lib/docs/templates/quick-start-power.json b/client/src/lib/docs/templates/quick-start-power.json
index 3055d117..4b6f3f55 100644
--- a/client/src/lib/docs/templates/quick-start-power.json
+++ b/client/src/lib/docs/templates/quick-start-power.json
@@ -105,7 +105,15 @@
           "kms_key": "atracker-key",
           "name": "atracker-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -131,7 +139,15 @@
           "kms_key": "key",
           "name": "management-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "use_random_suffix": true,
@@ -750,15 +766,24 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -789,7 +814,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""]],
+      "enable_static_ips": false
     }
   ]
 }
diff --git a/client/src/lib/docs/templates/slz-mixed.json b/client/src/lib/docs/templates/slz-mixed.json
index f81cb956..4d4efad3 100644
--- a/client/src/lib/docs/templates/slz-mixed.json
+++ b/client/src/lib/docs/templates/slz-mixed.json
@@ -124,7 +124,7 @@
           "key_ring": "ring",
           "name": "roks-key",
           "root_key": true,
-          "force_delete": null,
+          "force_delete": false,
           "endpoint": null,
           "rotation": 1,
           "dual_auth_delete": false
@@ -153,7 +153,15 @@
           "kms_key": "atracker-key",
           "name": "atracker-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -179,7 +187,15 @@
           "kms_key": "key",
           "name": "management-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "endpoint": "public",
@@ -187,7 +203,15 @@
           "kms_key": "key",
           "name": "workload-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "use_random_suffix": true,
@@ -994,15 +1018,24 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1242,11 +1275,17 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1286,7 +1325,13 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [
+        ["", ""],
+        ["", ""],
+        ["", ""]
+      ],
+      "enable_static_ips": false
     }
   ]
 }
diff --git a/client/src/lib/docs/templates/slz-vsi-edge.json b/client/src/lib/docs/templates/slz-vsi-edge.json
index a83dc4fc..8a373043 100644
--- a/client/src/lib/docs/templates/slz-vsi-edge.json
+++ b/client/src/lib/docs/templates/slz-vsi-edge.json
@@ -120,7 +120,15 @@
           "kms_key": "slz-atracker-key",
           "name": "atracker-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -146,7 +154,15 @@
           "kms_key": "key",
           "name": "management-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "endpoint": "public",
@@ -154,7 +170,15 @@
           "kms_key": "key",
           "name": "workload-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "endpoint": "public",
@@ -162,7 +186,15 @@
           "kms_key": "key",
           "name": "edge-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": []
@@ -2148,31 +2180,52 @@
       "subnetTiers": [
         {
           "name": "vpn-2",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn-1",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "f5-workload",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "f5-management",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "f5-external",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "f5-bastion",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -2360,46 +2413,46 @@
       ],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.10.10.0/24",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vsi-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.10.20.0/24",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpe-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpn-zone-1",
           "cidr": "10.10.30.0/24",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpn-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.20.10.0/24",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vsi-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.20.20.0/24",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vpe-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.30.10.0/24",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vsi-zone-3",
+          "vpc": "management",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.30.20.0/24",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vpe-zone-3",
+          "vpc": "management",
+          "zone": 3
         }
       ],
       "bucket": "management-bucket",
@@ -2414,15 +2467,24 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -2600,40 +2662,40 @@
       ],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.40.10.0/24",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vsi-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.40.20.0/24",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vpe-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.50.10.0/24",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vsi-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.50.20.0/24",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vpe-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.60.10.0/24",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vsi-zone-3",
+          "vpc": "workload",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.60.20.0/24",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vpe-zone-3",
+          "vpc": "workload",
+          "zone": 3
         }
       ],
       "bucket": "workload-bucket",
@@ -2648,11 +2710,17 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -2692,7 +2760,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""], [""], [""]],
+      "enable_static_ips": false
     },
     {
       "kms": "kms",
@@ -2716,7 +2786,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""], [""], [""]],
+      "enable_static_ips": false
     }
   ]
 }
diff --git a/client/src/lib/docs/templates/slz-vsi.json b/client/src/lib/docs/templates/slz-vsi.json
index c07ee883..08afc4af 100644
--- a/client/src/lib/docs/templates/slz-vsi.json
+++ b/client/src/lib/docs/templates/slz-vsi.json
@@ -120,7 +120,15 @@
           "kms_key": "slz-atracker-key",
           "name": "atracker-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": [
@@ -146,7 +154,15 @@
           "kms_key": "key",
           "name": "management-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         },
         {
           "endpoint": "public",
@@ -154,7 +170,15 @@
           "kms_key": "key",
           "name": "workload-bucket",
           "storage_class": "standard",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": []
@@ -1045,46 +1069,46 @@
       ],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.10.10.0/24",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vsi-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.10.20.0/24",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpe-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vpn-zone-1",
           "cidr": "10.10.30.0/24",
-          "zone": 1,
-          "vpc": "management"
+          "name": "vpn-zone-1",
+          "vpc": "management",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.20.10.0/24",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vsi-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.20.20.0/24",
-          "zone": 2,
-          "vpc": "management"
+          "name": "vpe-zone-2",
+          "vpc": "management",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.30.10.0/24",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vsi-zone-3",
+          "vpc": "management",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.30.20.0/24",
-          "zone": 3,
-          "vpc": "management"
+          "name": "vpe-zone-3",
+          "vpc": "management",
+          "zone": 3
         }
       ],
       "bucket": "management-bucket",
@@ -1099,15 +1123,24 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1285,40 +1318,40 @@
       ],
       "address_prefixes": [
         {
-          "name": "vsi-zone-1",
           "cidr": "10.40.10.0/24",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vsi-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vpe-zone-1",
           "cidr": "10.40.20.0/24",
-          "zone": 1,
-          "vpc": "workload"
+          "name": "vpe-zone-1",
+          "vpc": "workload",
+          "zone": 1
         },
         {
-          "name": "vsi-zone-2",
           "cidr": "10.50.10.0/24",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vsi-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vpe-zone-2",
           "cidr": "10.50.20.0/24",
-          "zone": 2,
-          "vpc": "workload"
+          "name": "vpe-zone-2",
+          "vpc": "workload",
+          "zone": 2
         },
         {
-          "name": "vsi-zone-3",
           "cidr": "10.60.10.0/24",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vsi-zone-3",
+          "vpc": "workload",
+          "zone": 3
         },
         {
-          "name": "vpe-zone-3",
           "cidr": "10.60.20.0/24",
-          "zone": 3,
-          "vpc": "workload"
+          "name": "vpe-zone-3",
+          "vpc": "workload",
+          "zone": 3
         }
       ],
       "bucket": "workload-bucket",
@@ -1333,11 +1366,17 @@
       "subnetTiers": [
         {
           "name": "vsi",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpe",
-          "zones": 3
+          "zones": 3,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
@@ -1377,7 +1416,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""], [""], [""]],
+      "enable_static_ips": false
     },
     {
       "kms": "kms",
@@ -1401,7 +1442,9 @@
       "primary_interface_ip_spoofing": false,
       "use_variable_names": false,
       "snapshot": null,
-      "use_snapshot": false
+      "use_snapshot": false,
+      "reserved_ips": [[""], [""], [""]],
+      "enable_static_ips": false
     }
   ]
 }
diff --git a/client/src/lib/docs/templates/vpn-as-a-service.json b/client/src/lib/docs/templates/vpn-as-a-service.json
index 788cd3dd..60a2e598 100644
--- a/client/src/lib/docs/templates/vpn-as-a-service.json
+++ b/client/src/lib/docs/templates/vpn-as-a-service.json
@@ -67,7 +67,7 @@
         {
           "name": "encryption-key",
           "root_key": false,
-          "key_ring": "",
+          "key_ring": null,
           "force_delete": false,
           "endpoint": null,
           "rotation": 1,
@@ -103,7 +103,15 @@
           "storage_class": "standard",
           "kms_key": "encryption-key",
           "endpoint": "public",
-          "use_random_suffix": true
+          "use_random_suffix": true,
+          "activity_tracking": false,
+          "read_data_events": false,
+          "write_data_events": false,
+          "activity_tracking_crn": null,
+          "metrics_monitoring": false,
+          "usage_metrics_enabled": false,
+          "request_metrics_enabled": false,
+          "metrics_monitoring_crn": null
         }
       ],
       "keys": []
@@ -151,7 +159,8 @@
       "direct_link_ingress": false,
       "accept_routes_from_resource_type": ["vpn_gateway", "vpn_server"],
       "route_direct_link_ingress": false,
-      "route_vpc_zone_ingress": false
+      "route_vpc_zone_ingress": false,
+      "advertise_routes_to": []
     },
     {
       "routes": [],
@@ -163,7 +172,8 @@
       "direct_link_ingress": false,
       "accept_routes_from_resource_type": ["vpn_server"],
       "route_direct_link_ingress": false,
-      "route_vpc_zone_ingress": false
+      "route_vpc_zone_ingress": false,
+      "advertise_routes_to": []
     }
   ],
   "scc": {
@@ -286,16 +296,16 @@
       "default_routing_table_name": null,
       "address_prefixes": [
         {
-          "name": "vpn-zone-1",
           "cidr": "10.10.0.0/28",
-          "zone": 1,
-          "vpc": "vpc"
+          "name": "vpn-zone-1",
+          "vpc": "vpc",
+          "zone": 1
         },
         {
+          "cidr": "10.134.0.0/28",
           "name": "vpn-server-zone-1",
-          "cidr": "10.10.0.32/29",
-          "zone": 1,
-          "vpc": "vpc"
+          "vpc": "vpc",
+          "zone": 1
         }
       ],
       "subnets": [
@@ -467,13 +477,19 @@
       "subnetTiers": [
         {
           "name": "vpn",
-          "zones": 1
+          "zones": 1,
+          "advanced": false,
+          "networkAcl": null,
+          "addPublicGateway": false
         },
         {
           "name": "vpn-server",
           "select_zones": [1],
           "advanced": true,
-          "subnets": ["vpn-server-zone-1"]
+          "subnets": ["vpn-server-zone-1"],
+          "zones": "3",
+          "networkAcl": null,
+          "addPublicGateway": false
         }
       ],
       "use_data": false
diff --git a/client/src/lib/forms/dynamic-form-fields/craig-form-group.js b/client/src/lib/forms/dynamic-form-fields/craig-form-group.js
index 72fb7069..b9f5b852 100644
--- a/client/src/lib/forms/dynamic-form-fields/craig-form-group.js
+++ b/client/src/lib/forms/dynamic-form-fields/craig-form-group.js
@@ -1,4 +1,4 @@
-const { eachKey } = require("lazy-z");
+const { eachKey, containsKeys, contains } = require("lazy-z");
 
 /**
  * create dynamic props for form group
@@ -38,7 +38,19 @@ function dynamicCraigFormGroupsProps(componentProps, index, stateData) {
         componentProps
       ),
   };
-  if (componentProps.formName === "subnet") {
+
+  if (
+    containsKeys(componentProps.form.groups[index], "className") &&
+    !allGroupItemsHidden(
+      componentProps.form.groups[index],
+      stateData,
+      componentProps
+    )
+  ) {
+    formGroupData.className =
+      componentProps.form.groups[index].className +
+      (allNextGroupsHidden || isLast ? " marginBottomNone" : "");
+  } else if (componentProps.formName === "subnet") {
     // add margin for subnet subform groups
     formGroupData.className = "marginBottomSmall";
   }
@@ -57,7 +69,7 @@ function allGroupItemsHidden(group, stateData, componentProps) {
   let areAllHidden = true;
   eachKey(group, (key) => {
     if (
-      key !== "hideWhen" &&
+      !contains(["hideWhen", "heading", "className"], key) &&
       (!group[key].hideWhen || !group[key].hideWhen(stateData, componentProps))
     ) {
       areAllHidden = false;
diff --git a/client/src/lib/forms/wizard.js b/client/src/lib/forms/wizard.js
index 4656c7f1..39349cbc 100644
--- a/client/src/lib/forms/wizard.js
+++ b/client/src/lib/forms/wizard.js
@@ -155,6 +155,7 @@ function wizard(wizardJson, json) {
       wizardJson.zones,
       true
     );
+    json.vpcs[0].is_edge_vpc = true;
   }
 
   return json;
diff --git a/client/src/lib/json-to-iac/key-management.js b/client/src/lib/json-to-iac/key-management.js
index 62f5dff0..112608cd 100644
--- a/client/src/lib/json-to-iac/key-management.js
+++ b/client/src/lib/json-to-iac/key-management.js
@@ -160,11 +160,13 @@ function ibmKmsKey(key, kms, config) {
     instance_id: composedKmsId(kms),
     key_name: kebabName([kms.name, key.name]),
     standard_key: !key.root_key,
-    key_ring_id: tfRef(
-      "ibm_kms_key_rings",
-      `${kms.name} ${key.key_ring} ring`,
-      "key_ring_id"
-    ),
+    key_ring_id: key.key_ring
+      ? tfRef(
+          "ibm_kms_key_rings",
+          `${kms.name} ${key.key_ring} ring`,
+          "key_ring_id"
+        )
+      : undefined,
     force_delete: key.force_delete,
     endpoint_type: key.endpoint ? key.endpoint : config._options.endpoints,
   };
@@ -278,7 +280,7 @@ function kmsInstanceTf(kms, config) {
     instanceTf += formatKmsAuthPolicy(kms) + formatKmsAuthPolicy(kms, true);
   }
   keyRings.forEach((ring) => {
-    instanceTf += formatKeyRing(ring, kms, config);
+    if (ring) instanceTf += formatKeyRing(ring, kms, config);
   });
   kms.keys.forEach((key) => {
     instanceTf +=
diff --git a/client/src/lib/json-to-iac/object-storage.js b/client/src/lib/json-to-iac/object-storage.js
index 54a07810..9a297244 100644
--- a/client/src/lib/json-to-iac/object-storage.js
+++ b/client/src/lib/json-to-iac/object-storage.js
@@ -1,4 +1,10 @@
-const { snakeCase, splat, eachKey, containsKeys } = require("lazy-z");
+const {
+  snakeCase,
+  splat,
+  eachKey,
+  containsKeys,
+  isNullOrEmptyString,
+} = require("lazy-z");
 const {
   rgIdRef,
   getCosId,
@@ -199,19 +205,29 @@ function ibmCosBucket(bucket, cos, config) {
       '"'
     );
   }
-  if (bucket.atracker) {
+  if (bucket.activity_tracking) {
     bucketValues.activity_tracking = [
       {
         read_data_events: bucket.read_data_events,
         write_data_events: bucket.write_data_events,
-        activity_tracker_crn: bucket.atracker, // need logic to implement atracker, probably from data?
+        activity_tracker_crn: !isNullOrEmptyString(
+          bucket.activity_tracking_crn,
+          true
+        )
+          ? bucket.activity_tracking_crn
+          : "${ibm_resource_instance.atracker.crn}",
       },
     ];
   }
   if (bucket.metrics_monitoring) {
     bucketValues.metrics_monitoring = [
       {
-        metrics_monitoring_crn: bucket.metrics_monitoring, // need logic to implement crn ref
+        metrics_monitoring_crn: !isNullOrEmptyString(
+          bucket.metrics_monitoring_crn,
+          true
+        )
+          ? bucket.metrics_monitoring_crn
+          : "${ibm_resource_instance.sysdig.crn}",
         usage_metrics_enabled: bucket.usage_metrics_enabled,
         request_metrics_enabled: bucket.request_metrics_enabled,
       },
diff --git a/client/src/lib/json-to-iac/routing-tables.js b/client/src/lib/json-to-iac/routing-tables.js
index bdf9ecef..4e7836b6 100644
--- a/client/src/lib/json-to-iac/routing-tables.js
+++ b/client/src/lib/json-to-iac/routing-tables.js
@@ -12,12 +12,20 @@ const { kebabName, vpcRef, jsonToTfPrint, tfRef, tfBlock } = require("./utils");
  * @param {*} config
  * @returns {object} terraform
  */
-function ibmIsVpcRoutingTable(table) {
+function ibmIsVpcRoutingTable(table, config) {
+  let vpcIdRef = vpcRef(table.vpc);
+  if (config?.vpcs) {
+    config.vpcs.forEach((vpc) => {
+      if (vpc.use_data && table.vpc === vpc.name) {
+        vpcIdRef = vpcIdRef.replace("ibm_is_vpc", "data.ibm_is_vpc");
+      }
+    });
+  }
   return {
     name: `${table.vpc}-vpc-${table.name}-table`,
     data: {
       name: kebabName([table.vpc, "vpc", table.name, "table"]),
-      vpc: vpcRef(table.vpc),
+      vpc: vpcIdRef,
       route_direct_link_ingress: table.route_direct_link_ingress,
       route_transit_gateway_ingress: table.transit_gateway_ingress,
       route_vpc_zone_ingress: table.route_vpc_zone_ingress,
@@ -40,6 +48,9 @@ function ibmIsVpcRoutingTable(table) {
  */
 function formatRoutingTable(table, config) {
   let data = ibmIsVpcRoutingTable(table, config);
+  if (table.advertise_routes_to) {
+    data.data.advertise_routes_to = table.advertise_routes_to;
+  }
   return jsonToTfPrint(
     "resource",
     "ibm_is_vpc_routing_table",
@@ -99,6 +110,11 @@ function ibmIsVpcRoutingTableRoute(route, config) {
  */
 function formatRoutingTableRoute(route, config) {
   let data = ibmIsVpcRoutingTableRoute(route, config);
+  ["advertise", "priority"].forEach((item) => {
+    if (route[item]) {
+      data.data[item] = route[item];
+    }
+  });
   return jsonToTfPrint(
     "resource",
     "ibm_is_vpc_routing_table_route",
diff --git a/client/src/lib/json-to-iac/vsi.js b/client/src/lib/json-to-iac/vsi.js
index 9c236da7..70b0dd69 100644
--- a/client/src/lib/json-to-iac/vsi.js
+++ b/client/src/lib/json-to-iac/vsi.js
@@ -491,7 +491,14 @@ function vsiTf(config) {
         transpose(deployment, instance);
         instance.subnet = subnet;
         instance.index = i + 1;
-        if (deployment.reserved_ips) {
+        if (
+          deployment.reserved_ips &&
+          deployment.enable_static_ips &&
+          !isNullOrEmptyString(
+            deployment.reserved_ips[deployment.subnets.indexOf(subnet)][i],
+            true
+          )
+        ) {
           instance.reserved_ip = // get address at same index as subnet followed by index of vsi
             deployment.reserved_ips[deployment.subnets.indexOf(subnet)][i];
         }
diff --git a/client/src/lib/state/atracker.js b/client/src/lib/state/atracker.js
index 81c55c2c..38ade0bb 100644
--- a/client/src/lib/state/atracker.js
+++ b/client/src/lib/state/atracker.js
@@ -104,7 +104,7 @@ function initAtracker(store) {
         readOnly: true,
         hideWhen: hideWhenDisabled,
         onRender: function (stateData, componentProps) {
-          return `${componentProps.craig.store.json._options.prefix}-atracker`;
+          return `${componentProps.craig.store.json._options.prefix}-${componentProps.craig.store.json._options.region}-atracker`;
         },
       },
       resource_group: {
diff --git a/client/src/lib/state/classic-bare-metal.js b/client/src/lib/state/classic-bare-metal.js
index 2348df3a..68a66ba5 100644
--- a/client/src/lib/state/classic-bare-metal.js
+++ b/client/src/lib/state/classic-bare-metal.js
@@ -8,6 +8,7 @@ const {
   classicPrivateNetworkOnly,
   classicPrivateVlan,
   classicPublicVlan,
+  hideWhenFieldFalse,
 } = require("./reusable-fields");
 const { shouldDisableComponentSave, onArrayInputChange } = require("./utils");
 
@@ -146,9 +147,7 @@ function initClassicBareMetalStore(store) {
         placeholder: "500",
         size: "small",
         labelText: "Public Bandwidth (GB/month)",
-        hideWhen: function (stateData) {
-          return stateData.private_network_only;
-        },
+        hideWhen: hideWhenFieldFalse("private_network_only", true),
         invalid: (stateData) => {
           return (
             !stateData.private_network_only &&
diff --git a/client/src/lib/state/classic-vsi.js b/client/src/lib/state/classic-vsi.js
index 2a23c126..89be8d59 100644
--- a/client/src/lib/state/classic-vsi.js
+++ b/client/src/lib/state/classic-vsi.js
@@ -12,6 +12,7 @@ const {
   fieldIsNullOrEmptyString,
   unconditionalInvalidText,
   classicPrivateNetworkOnly,
+  hideWhenFieldFalse,
 } = require("./reusable-fields");
 
 /**
@@ -191,9 +192,7 @@ function initClassicVsi(store) {
             "name"
           );
         },
-        hideWhen: function (stateData) {
-          return stateData.private_network_only;
-        },
+        hideWhen: hideWhenFieldFalse("private_network_only", true),
       },
     },
   });
diff --git a/client/src/lib/state/clusters.js b/client/src/lib/state/clusters.js
index d4145ff8..e610d03f 100644
--- a/client/src/lib/state/clusters.js
+++ b/client/src/lib/state/clusters.js
@@ -615,7 +615,7 @@ function initClusterStore(store) {
             type: "date",
             default: null,
             invalid: function (stateData) {
-              return !stateData.expiration_date;
+              return isNullOrEmptyString(stateData.expiration_date, true);
             },
             invalidText: unconditionalInvalidText("Select a date"),
           },
diff --git a/client/src/lib/state/cos.js b/client/src/lib/state/cos.js
index 0ab5cfba..31732619 100644
--- a/client/src/lib/state/cos.js
+++ b/client/src/lib/state/cos.js
@@ -22,7 +22,8 @@ const {
   unconditionalInvalidText,
 } = require("./utils");
 const { cosPlans } = require("../constants");
-const { nameField } = require("./reusable-fields");
+const { nameField, hideWhenFieldFalse } = require("./reusable-fields");
+const { invalidCrnList } = require("../forms/invalid-callbacks");
 
 /**
  * set cosBuckets and cosKeys in slz store
@@ -258,6 +259,27 @@ function cosKeyDelete(config, stateData, componentProps) {
   deleteSubChild(config, "object_storage", "keys", componentProps);
 }
 
+/**
+ * create cos helper text function
+ * @param {*} isKey
+ * @returns {Function} helpertext function
+ */
+function cosChildHelperText(isKey) {
+  /**
+   * helper text for object storage child form names
+   * @param {*} stateData
+   * @param {*} componentProps
+   * @returns {string} helper text
+   */
+  return function (stateData, componentProps) {
+    return `${componentProps.craig.store.json._options.prefix}-${
+      componentProps.arrayParentName
+    }-${isKey ? "key-" : ""}${stateData.name}${
+      componentProps.parent.use_random_suffix ? "-<random-suffix>" : ""
+    }`;
+  };
+}
+
 /**
  * initialize object storage store
  * @param {*} store
@@ -309,7 +331,7 @@ function initObjectStorageStore(store) {
             stateData.use_data
               ? ""
               : componentProps.craig.store.json._options.prefix + "-"
-          }${stateData.name}${
+          }${stateData.name}-object-storage${
             stateData.use_random_suffix ? "-<random-suffix>" : ""
           }`;
         },
@@ -358,13 +380,21 @@ function initObjectStorageStore(store) {
         save: cosBucketSave,
         delete: cosBucketDelete,
         shouldDisableSave: shouldDisableComponentSave(
-          ["name", "storage_class"],
+          [
+            "name",
+            "storage_class",
+            "activity_tracking_crn",
+            "metrics_monitoring_crn",
+          ],
           "object_storage",
           "buckets"
         ),
         schema: {
-          name: nameField("buckets"),
+          name: nameField("buckets", {
+            helperText: cosChildHelperText(),
+          }),
           storage_class: {
+            size: "small",
             default: "",
             type: "select",
             invalid: fieldIsNullOrEmptyString("storage_class"),
@@ -375,6 +405,7 @@ function initObjectStorageStore(store) {
             onRender: titleCaseRender("storage_class"),
           },
           kms_key: {
+            size: "small",
             labelText: "Encryption Key",
             type: "select",
             default: null,
@@ -418,6 +449,7 @@ function initObjectStorageStore(store) {
             },
           },
           force_delete: {
+            size: "small",
             default: false,
             type: "toggle",
             tooltip: {
@@ -426,6 +458,82 @@ function initObjectStorageStore(store) {
             },
             labelText: "Force Delete Contents",
           },
+          activity_tracking: {
+            type: "toggle",
+            size: "small",
+            default: false,
+            labelText: "Enable Activity Tracking",
+          },
+          read_data_events: {
+            type: "toggle",
+            size: "small",
+            default: false,
+            labelText: "Read Data Events",
+            hideWhen: hideWhenFieldFalse("activity_tracking"),
+          },
+          write_data_events: {
+            type: "toggle",
+            size: "small",
+            default: false,
+            labelText: "Write Data Events",
+            hideWhen: hideWhenFieldFalse("activity_tracking"),
+          },
+          activity_tracking_crn: {
+            labelText: "Activity Tracking CRN",
+            default: null,
+            size: "small",
+            hideWhen: function (stateData, componentProps) {
+              return (
+                hideWhenFieldFalse("activity_tracking")(stateData) ||
+                componentProps.craig.store.json.atracker.instance
+              );
+            },
+            invalid: function (stateData, componentProps) {
+              return hideWhenFieldFalse("activity_tracking")(stateData) ||
+                componentProps.craig.store.json.atracker.instance
+                ? false
+                : invalidCrnList([stateData.activity_tracking_crn]);
+            },
+            invalidText: unconditionalInvalidText("Enter a valid resource CRN"),
+          },
+          metrics_monitoring: {
+            type: "toggle",
+            size: "small",
+            default: false,
+            labelText: "Enable Metrics Monitoring",
+          },
+          usage_metrics_enabled: {
+            type: "toggle",
+            size: "small",
+            default: false,
+            labelText: "Usage Metrics",
+            hideWhen: hideWhenFieldFalse("metrics_monitoring"),
+          },
+          request_metrics_enabled: {
+            type: "toggle",
+            size: "small",
+            default: false,
+            labelText: "Request Metrics",
+            hideWhen: hideWhenFieldFalse("metrics_monitoring"),
+          },
+          metrics_monitoring_crn: {
+            labelText: "Cloud Monitoring CRN",
+            default: null,
+            size: "small",
+            hideWhen: function (stateData, componentProps) {
+              return (
+                hideWhenFieldFalse("metrics_monitoring")(stateData) ||
+                componentProps.craig.store.json.sysdig.enabled
+              );
+            },
+            invalid: function (stateData, componentProps) {
+              return hideWhenFieldFalse("metrics_monitoring")(stateData) ||
+                componentProps.craig.store.json.sysdig.enabled
+                ? false
+                : invalidCrnList([stateData.metrics_monitoring_crn]);
+            },
+            invalidText: unconditionalInvalidText("Enter a valid resource CRN"),
+          },
         },
       },
       keys: {
@@ -438,7 +546,9 @@ function initObjectStorageStore(store) {
           "keys"
         ),
         schema: {
-          name: nameField("cos_keys"),
+          name: nameField("cos_keys", {
+            helperText: cosChildHelperText(true),
+          }),
           role: {
             type: "select",
             default: "",
diff --git a/client/src/lib/state/dns.js b/client/src/lib/state/dns.js
index 79f0b52d..facd1daa 100644
--- a/client/src/lib/state/dns.js
+++ b/client/src/lib/state/dns.js
@@ -35,6 +35,7 @@ const {
   nameField,
   hasDuplicateName,
   invalidNameText,
+  hideWhenFieldFalse,
 } = require("./reusable-fields");
 
 function dnsInit(config) {
@@ -240,15 +241,6 @@ function hideWhenRecordNotSrv(stateData) {
   return stateData.type !== "SRV";
 }
 
-/**
- * hide when not targeting vs
- * @param {*} stateData
- * @returns {boolean} true when should be hidden
- */
-function hideWhenNotVsi(stateData) {
-  return stateData.use_vsi !== true;
-}
-
 /**
  * init dns store
  * @param {*} store
@@ -397,7 +389,7 @@ function initDnsStore(store) {
                 ? isNullOrEmptyString(stateData.vpc, true)
                 : false;
             },
-            hideWhen: hideWhenNotVsi,
+            hideWhen: hideWhenFieldFalse("use_vsi"),
           },
           vsi: {
             size: "small",
@@ -426,7 +418,7 @@ function initDnsStore(store) {
               });
               return allVsiNames;
             },
-            hideWhen: hideWhenNotVsi,
+            hideWhen: hideWhenFieldFalse("use_vsi"),
           },
           name: nameField("records", { size: "small" }),
           dns_zone: {
@@ -454,9 +446,7 @@ function initDnsStore(store) {
             invalidText: unconditionalInvalidText(
               "Resource Data cannot be null or empty string."
             ),
-            hideWhen: function (stateData) {
-              return stateData.use_vsi === true;
-            },
+            hideWhen: hideWhenFieldFalse("use_vsi", true),
           },
           ttl: timeToLive(),
           type: {
diff --git a/client/src/lib/state/power-vs-instances/power-instances-schema.js b/client/src/lib/state/power-vs-instances/power-instances-schema.js
index 5390ff6a..ae80bf5c 100644
--- a/client/src/lib/state/power-vs-instances/power-instances-schema.js
+++ b/client/src/lib/state/power-vs-instances/power-instances-schema.js
@@ -27,7 +27,7 @@ const {
   powerStoragePoolSelect,
 } = require("../utils");
 const { sapProfiles, systemTypes } = require("../../constants");
-const { nameField } = require("../reusable-fields");
+const { nameField, hideWhenFieldFalse } = require("../reusable-fields");
 
 /**
  * hide field for vtl forms when no workspace is selected
@@ -185,9 +185,7 @@ function powerVsInstanceSchema(vtl) {
       size: "small",
     },
     sap_profile: {
-      hideWhen: function (stateData) {
-        return stateData.sap !== true;
-      },
+      hideWhen: hideWhenFieldFalse("sap"),
       default: "",
       invalid: function (stateData) {
         return stateData.sap && isNullOrEmptyString(stateData.sap_profile);
diff --git a/client/src/lib/state/reusable-fields.js b/client/src/lib/state/reusable-fields.js
index b77488ff..56f78ffc 100644
--- a/client/src/lib/state/reusable-fields.js
+++ b/client/src/lib/state/reusable-fields.js
@@ -365,6 +365,13 @@ function invalidName(field, craig) {
             1 +
             componentProps.craig.store.json._options.prefix.length >
             20) ||
+        // prevent clusters with names that include prefix and "-cluster" longer than 32 characters
+        (field === "clusters" &&
+          stateData.name &&
+          stateData.name.length +
+            9 +
+            componentProps.craig.store.json._options.prefix.length >
+            32) ||
         stateData[stateField] === "" ||
         (!stateData.use_data && invalidNewResourceName(stateData[stateField]))
       );
@@ -445,6 +452,15 @@ function invalidNameText(field, craig) {
         20
     ) {
       return "Classic VLAN names must be 20 or fewer characters including the environment prefix";
+    } else if (
+      field === "clusters" &&
+      stateData.name &&
+      stateData.name.length +
+        9 +
+        componentProps.craig.store.json._options.prefix.length >
+        32
+    ) {
+      return "Cluster names must be 32 or fewer characters including the environment prefix and suffix";
     } else return genericNameCallback();
   }
   if (field === "vpcs") {
@@ -779,11 +795,12 @@ function domainField() {
         (stateData.domain || "").match(
           new RegexButWithWords()
             .stringBegin()
-            .set("a-z")
+            .set("A-z")
             .oneOrMore()
             .literal(".")
-            .set("a-z")
+            .set("A-z-")
             .oneOrMore()
+            .set("a-z")
             .stringEnd()
             .done("g")
         ) === null
@@ -863,9 +880,7 @@ function classicPublicVlan() {
     invalidText: selectInvalidText("public VLAN"),
     groups: classicVlanFilter("PUBLIC"),
     size: "small",
-    hideWhen: function (stateData) {
-      return stateData.private_network_only;
-    },
+    hideWhen: hideWhenFieldFalse("private_network_only", true),
   };
 }
 
@@ -888,6 +903,18 @@ function classicPrivateNetworkOnly() {
   };
 }
 
+/**
+ * shortcut for hide when field false
+ * @param {*} field
+ * @param {boolean=} hideWhenTrue
+ * @returns {Function} hide when function
+ */
+function hideWhenFieldFalse(field, hideWhenTrue) {
+  return function (stateData) {
+    return hideWhenTrue ? stateData[field] : !stateData[field];
+  };
+}
+
 module.exports = {
   networkingRuleProtocolField,
   networkingRulePortField,
@@ -914,4 +941,6 @@ module.exports = {
   classicPrivateVlan,
   classicPublicVlan,
   classicPrivateNetworkOnly,
+  invalidNewResourceName,
+  hideWhenFieldFalse,
 };
diff --git a/client/src/lib/state/routing-tables.js b/client/src/lib/state/routing-tables.js
index d8a9a4c7..5895fb5b 100644
--- a/client/src/lib/state/routing-tables.js
+++ b/client/src/lib/state/routing-tables.js
@@ -131,7 +131,11 @@ function initRoutingTable(store) {
       "routing_tables"
     ),
     schema: {
-      name: nameField("routing_tables"),
+      name: nameField("routing_tables", {
+        helperText: function (stateData, componentProps) {
+          return `${componentProps.craig.store.json._options.prefix}-${stateData.vpc}-vpc-${stateData.name}-table`;
+        },
+      }),
       vpc: {
         type: "select",
         default: "",
@@ -161,6 +165,9 @@ function initRoutingTable(store) {
           alignModal: "bottom-left",
         },
         labelText: "Direct Link Ingress",
+        disabled: function (stateData) {
+          return contains(stateData.advertise_routes_to, "direct_link");
+        },
       },
       transit_gateway_ingress: {
         default: false,
@@ -172,6 +179,9 @@ function initRoutingTable(store) {
           align: "bottom-left",
           alignModal: "bottom-left",
         },
+        disabled: function (stateData) {
+          return contains(stateData.advertise_routes_to, "transit_gateway");
+        },
       },
       route_vpc_zone_ingress: {
         default: false,
@@ -184,6 +194,28 @@ function initRoutingTable(store) {
           alignModal: "bottom-left",
         },
       },
+      advertise_routes_to: {
+        default: [],
+        type: "multiselect",
+        labelText: "Advertise Routes to Service",
+        groups: function (stateData, componentProps) {
+          return []
+            .concat(stateData.route_direct_link_ingress ? ["Direct Link"] : [])
+            .concat(
+              stateData.transit_gateway_ingress ? ["Transit Gateway"] : []
+            );
+        },
+        onRender: function (stateData) {
+          return stateData.advertise_routes_to.map((type) => {
+            return titleCase(type).replace(/Vpn/g, "VPN");
+          });
+        },
+        onInputChange: function (stateData) {
+          return stateData.advertise_routes_to.map((type) => {
+            return snakeCase(type);
+          });
+        },
+      },
       accept_routes_from_resource_type: {
         default: [],
         type: "multiselect",
@@ -270,6 +302,27 @@ function initRoutingTable(store) {
             placeholder: "X.X.X.X/X",
             size: "small",
           },
+          advertise: {
+            size: "small",
+            labelText: "Advertise",
+            type: "toggle",
+            default: false,
+            tooltip: {
+              content:
+                "Indicates whether this route will be advertised to the ingress sources of the parent route",
+              align: "right",
+              alignModal: "right",
+            },
+          },
+          priority: {
+            size: "small",
+            type: "select",
+            default: "",
+            groups: ["0", "1", "2", "3", "4"],
+            tooltip: {
+              content: "Smaller values have higher priority",
+            },
+          },
         },
       },
     },
diff --git a/client/src/lib/state/security-groups.js b/client/src/lib/state/security-groups.js
index d145db49..49f7de0e 100644
--- a/client/src/lib/state/security-groups.js
+++ b/client/src/lib/state/security-groups.js
@@ -272,7 +272,12 @@ function initSecurityGroupStore(store) {
           );
         },
       },
-      name: nameField("security_groups", { size: "small" }),
+      name: nameField("security_groups", {
+        size: "small",
+        helperText: function (stateData, componentProps) {
+          return `${componentProps.craig.store.json._options.prefix}-${stateData.vpc}-${stateData.name}-sg`;
+        },
+      }),
       resource_group: resourceGroupsField(true),
       vpc: {
         type: "select",
diff --git a/client/src/lib/state/utils.js b/client/src/lib/state/utils.js
index 6f984baf..7b2634f4 100644
--- a/client/src/lib/state/utils.js
+++ b/client/src/lib/state/utils.js
@@ -18,10 +18,11 @@ const {
   isArray,
   capitalize,
   containsKeys,
+  getObjectFromArray,
 } = require("lazy-z");
 const { commaSeparatedIpListExp, newResourceNameExp } = require("../constants");
 const { validSshKey } = require("../forms/invalid-callbacks");
-const { nameField } = require("./reusable-fields");
+const { nameField, hideWhenFieldFalse } = require("./reusable-fields");
 const {
   unconditionalInvalidText,
   fieldIsNullOrEmptyString,
@@ -615,9 +616,7 @@ function sshKeySchema(fieldName) {
           ? "SSH Public Key in use"
           : "";
       },
-      hideWhen: function (stateData) {
-        return stateData.use_data;
-      },
+      hideWhen: hideWhenFieldFalse("use_data", true),
     },
   };
   if (fieldName === "ssh_keys" || fieldName === "power_vs_ssh_keys") {
@@ -677,6 +676,7 @@ function subnetMultiSelect(options) {
         (isFunction(options?.invalid) && options.invalid(stateData))
       );
     },
+    onInputChange: options?.onInputChange,
     invalidText: unconditionalInvalidText(
       options?.invalidText ? options.invalidText : "Select at least one subnet"
     ),
@@ -790,7 +790,19 @@ function ipCidrListTextArea(field, options) {
     type: "textArea",
     labelText: options.labelText || "Additional Address Prefixes",
     placeholder: "X.X.X.X/X, X.X.X.X/X, ...",
-    invalid: function (stateData) {
+    invalid: function (stateData, componentProps) {
+      if (componentProps?.arrayParentName) {
+        if (
+          getObjectFromArray(
+            componentProps.craig.store.json.vpn_gateways,
+            "name",
+            componentProps.arrayParentName
+          ).policy_mode !== true
+        ) {
+          return false;
+        }
+      }
+
       return isNullOrEmptyString(stateData[field], true) && !options.strict
         ? false
         : // prevent empty array from passing regex
@@ -816,6 +828,20 @@ function ipCidrListTextArea(field, options) {
         ? []
         : stateData[field].split(/,\s?/g);
     },
+    hideWhen: function (stateData, componentProps) {
+      if (componentProps?.arrayParentName) {
+        if (
+          getObjectFromArray(
+            componentProps.craig.store.json.vpn_gateways,
+            "name",
+            componentProps.arrayParentName
+          ).policy_mode !== true
+        ) {
+          return true;
+        }
+      }
+      return false;
+    },
   };
 }
 
diff --git a/client/src/lib/state/vpc/vpc.js b/client/src/lib/state/vpc/vpc.js
index bf70ec3d..e6e9355f 100644
--- a/client/src/lib/state/vpc/vpc.js
+++ b/client/src/lib/state/vpc/vpc.js
@@ -66,6 +66,7 @@ const {
   genericNameCallback,
   nameHelperText,
 } = require("../reusable-fields");
+const { RegexButWithWords } = require("regex-but-with-words");
 
 /**
  * read only when
@@ -246,6 +247,7 @@ function vpcOnStoreUpdate(config) {
         subnet.public_gateway = false;
       }
     });
+
     network.acls.forEach((acl) => {
       if (isNullOrEmptyString(acl.use_data, true)) {
         acl.use_data = false;
@@ -341,6 +343,22 @@ function vpcOnStoreUpdate(config) {
       });
       vpc.subnets = newSubnets;
     });
+  } else if (config.store.json._options.dynamic_subnets === false) {
+    config.store.json.vpcs.forEach((vpc) => {
+      // if the vpc is not the edge vpc, create new prefixes for subnets
+      // is_edge_vpc only used when creating f5 network with setup wizatd
+      if (vpc.name !== config.store.edge_vpc_name && !vpc.is_edge_vpc) {
+        vpc.address_prefixes = [];
+        vpc.subnets.forEach((subnet) => {
+          vpc.address_prefixes.push({
+            cidr: subnet.cidr,
+            name: subnet.name,
+            vpc: vpc.name,
+            zone: subnet.zone,
+          });
+        });
+      }
+    });
   }
 }
 
@@ -451,6 +469,13 @@ function subnetSave(config, stateData, componentProps) {
         if (prefix) {
           prefix.name = stateData.name;
           prefix.cidr = stateData.cidr;
+        } else {
+          data.address_prefixes.push({
+            name: stateData.name,
+            cidr: stateData.cidr,
+            zone: stateData.zone,
+            vpc: stateData.vpc,
+          });
         }
       }
     })
@@ -1400,7 +1425,16 @@ function initVpcStore(store) {
             helperText: function (stateData, componentProps) {
               if (stateData.use_data) {
                 return "";
-              } else return nameHelperText(stateData, componentProps);
+              } else
+                return nameHelperText(stateData, componentProps).replace(
+                  new RegexButWithWords()
+                    .stringBegin()
+                    .literal(
+                      componentProps.craig.store.json._options.prefix + "-"
+                    )
+                    .done("s"),
+                  `${componentProps.craig.store.json._options.prefix}-${componentProps.vpc_name}-`
+                );
             },
             size: "small",
             invalid: function (stateData, componentProps) {
diff --git a/client/src/lib/state/vpn.js b/client/src/lib/state/vpn.js
index 5d162fb5..883000b7 100644
--- a/client/src/lib/state/vpn.js
+++ b/client/src/lib/state/vpn.js
@@ -199,7 +199,7 @@ function initVpnGatewayStore(store) {
           name: nameField("connections"),
           peer_address: {
             default: "",
-            invalid: function (stateData) {
+            invalid: function (stateData, componentProps) {
               return (
                 isIpv4CidrOrAddress(stateData.peer_address || "") === false ||
                 contains(stateData.peer_address, "/")
diff --git a/client/src/lib/state/vsi.js b/client/src/lib/state/vsi.js
index eae45c6b..9db81a9b 100644
--- a/client/src/lib/state/vsi.js
+++ b/client/src/lib/state/vsi.js
@@ -7,6 +7,11 @@ const {
   isInRange,
   isNullOrEmptyString,
   getObjectFromArray,
+  buildNumberDropdownList,
+  isIpv4CidrOrAddress,
+  contains,
+  containsKeys,
+  isWholeNumber,
 } = require("lazy-z");
 const { newDefaultManagementServer } = require("./defaults");
 const {
@@ -29,7 +34,7 @@ const {
   encryptionKeyGroups,
   vpcSshKeyMultiselect,
 } = require("./utils");
-const { nameField } = require("./reusable-fields");
+const { nameField, hideWhenFieldFalse } = require("./reusable-fields");
 
 /**
  * initialize vsi
@@ -210,6 +215,26 @@ function updateVsi(config, key) {
         }
       });
       deployment.ssh_keys = nextSshKeys;
+      let nextReservedIps = [];
+      deployment.subnets.forEach((subnet, subnetIndex) => {
+        nextReservedIps.push([]);
+        buildNumberDropdownList(Number(deployment.vsi_per_subnet)).forEach(
+          (vsi) => {
+            if (
+              deployment.reserved_ips &&
+              deployment?.reserved_ips[subnetIndex] &&
+              deployment?.reserved_ips[subnetIndex][vsi]
+            ) {
+              nextReservedIps[subnetIndex].push(
+                deployment.reserved_ips[subnetIndex][vsi]
+              );
+            } else {
+              nextReservedIps[subnetIndex].push("");
+            }
+          }
+        );
+      });
+      deployment.reserved_ips = nextReservedIps;
     });
     config.store[camelCase(key + " List")] = splat(data, "name");
   });
@@ -349,6 +374,39 @@ function vsiVolumeDelete(config, stateData, componentProps) {
   deleteSubChild(config, "vsi", "volumes", componentProps);
 }
 
+/**
+ * handle reserved ip input change
+ * @param {*} fieldToUpdate
+ * @returns {Function} on input change function
+ */
+function reservedIpInputChange(fieldToUpdate) {
+  return function (stateData) {
+    let reservedIps = [];
+    if (isWholeNumber(Number(stateData.vsi_per_subnet)))
+      stateData.subnets.forEach((subnet, subnetIndex) => {
+        reservedIps.push([]);
+        buildNumberDropdownList(Number(stateData.vsi_per_subnet)).forEach(
+          (vsi) => {
+            if (
+              stateData.reserved_ips[subnetIndex]
+                ? !isNullOrEmptyString(
+                    stateData.reserved_ips[subnetIndex][vsi],
+                    true
+                  )
+                : false
+            ) {
+              reservedIps[subnetIndex].push(
+                stateData.reserved_ips[subnetIndex][vsi]
+              );
+            } else reservedIps[subnetIndex].push("");
+          }
+        );
+      });
+    stateData.reserved_ips = reservedIps;
+    return stateData[fieldToUpdate];
+  };
+}
+
 /**
  * init vsi store
  * @param {*} store
@@ -373,6 +431,7 @@ function initVsiStore(store) {
         "subnets",
         "ssh_keys",
         "snapshot",
+        "reserved_ips",
       ],
       "vsi"
     ),
@@ -394,7 +453,9 @@ function initVsiStore(store) {
           stateData.subnets = [];
         },
       },
-      subnets: subnetMultiSelect(),
+      subnets: subnetMultiSelect({
+        onInputChange: reservedIpInputChange("subnets"),
+      }),
       image_name: {
         labelText: "Image",
         size: "small",
@@ -435,9 +496,7 @@ function initVsiStore(store) {
         apiEndpoint: function (stateData, componentProps) {
           return `/api/vsi/${componentProps.craig.store.json._options.region}/snapshots`;
         },
-        hideWhen: function (stateData) {
-          return stateData.use_snapshot !== true;
-        },
+        hideWhen: hideWhenFieldFalse("use_snapshot"),
       },
       profile: {
         size: "small",
@@ -471,6 +530,7 @@ function initVsiStore(store) {
           "Enter a whole number between 1 and 10"
         ),
         labelText: "VSI Per Subnet",
+        onInputChange: reservedIpInputChange("vsi_per_subnet"),
       },
       security_groups: securityGroupsMultiselect(),
       ssh_keys: vpcSshKeyMultiselect(),
@@ -510,6 +570,54 @@ function initVsiStore(store) {
         default: false,
         labelText: "Create VSI From Snapshot",
       },
+      enable_static_ips: {
+        size: "small",
+        type: "toggle",
+        default: false,
+        labelText: "Configure VSI IP Addresses",
+      },
+      reserved_ips: {
+        default: [],
+        size: "small",
+        labelText: "Reserved IP Address",
+        placeholder: "X.X.X.X",
+        onRender: function (stateData, componentProps) {
+          return stateData.reserved_ips
+            ? stateData.reserved_ips[componentProps.subnet][componentProps.vsi]
+            : "";
+        },
+        invalidText: unconditionalInvalidText("Enter a valid IP address"),
+        invalid: function (stateData, componentProps) {
+          if (!stateData.reserved_ips) {
+            return false;
+          } else if (
+            containsKeys(componentProps, "subnet") &&
+            !isNullOrEmptyString(componentProps.subnet)
+          ) {
+            let ipRef =
+              stateData.reserved_ips[componentProps.subnet][componentProps.vsi];
+            // 0 is falsy
+            return isNullOrEmptyString(ipRef, true)
+              ? false
+              : !isIpv4CidrOrAddress(ipRef)
+              ? true
+              : contains(ipRef, "/");
+          } else {
+            let invalidReservedIps = false;
+            stateData.reserved_ips.forEach((row) => {
+              row.forEach((ip) => {
+                if (
+                  (ip !== "" && !isIpv4CidrOrAddress(ip)) ||
+                  contains(ip, "/")
+                ) {
+                  invalidReservedIps = true;
+                }
+              });
+            });
+            return invalidReservedIps;
+          }
+        },
+      },
     },
     subComponents: {
       volumes: {
diff --git a/client/src/lib/validate.js b/client/src/lib/validate.js
index 11909556..221424c9 100644
--- a/client/src/lib/validate.js
+++ b/client/src/lib/validate.js
@@ -370,7 +370,7 @@ const validate = function (json) {
 
   // vpcs
   json.vpcs.forEach((network) => {
-    nullResourceGroupTest("VPCs", network);
+    if (!network.use_data) nullResourceGroupTest("VPCs", network);
 
     // for each address prefix
     network.address_prefixes.forEach((prefix) => {
@@ -387,7 +387,7 @@ const validate = function (json) {
     });
     // for each subnet
     network.subnets.forEach((subnet) => {
-      nullResourceGroupTest("Subnets", subnet);
+      if (!network.use_data) nullResourceGroupTest("Subnets", subnet);
       validationTest("Subnets", subnet, "vpc", "vpc");
       if (!subnet.use_data) {
         validationTest("Subnets", subnet, "network_acl", "network_acl");
@@ -404,7 +404,6 @@ const validate = function (json) {
   // security groups
   json.security_groups.forEach((group) => {
     nullVpcNameTest("Security Groups", group);
-    nullResourceGroupTest("Security Groups", group);
     updateNetworkingRulesForCompatibility(group.rules);
     group.rules.forEach((rule) => {
       validationTest("Security Group Rule", rule, "security group", "sg");
diff --git a/express-controllers/craig-api.js b/express-controllers/craig-api.js
index abc80bec..97cb80f3 100644
--- a/express-controllers/craig-api.js
+++ b/express-controllers/craig-api.js
@@ -9,6 +9,7 @@ const quickStartPower = require("../client/src/lib/docs/templates/quick-start-po
 const slzMixed = require("../client/src/lib/docs/templates/slz-mixed.json");
 const slzVsiEdge = require("../client/src/lib/docs/templates/slz-vsi-edge.json");
 const slzVsi = require("../client/src/lib/docs/templates/slz-vsi.json");
+const vpnaas = require("../client/src/lib/docs/templates/vpn-as-a-service.json");
 const { transpose } = require("lazy-z");
 const templateNameToJson = {
   "from-scratch": fromScratch,
@@ -20,6 +21,7 @@ const templateNameToJson = {
   mixed: slzMixed,
   "vsi-edge": slzVsiEdge,
   vsi: slzVsi,
+  vpnaas: vpnaas,
 };
 
 /**
diff --git a/lib/template-updater.js b/lib/template-updater.js
index be011b14..ee843e8f 100644
--- a/lib/template-updater.js
+++ b/lib/template-updater.js
@@ -156,9 +156,9 @@ fs.readdirSync("./client/src/lib/docs/templates").forEach((template) => {
           // for each sub component
           subComponents.forEach((subComponent) => {
             // for each subcomponent as part of the updated item
-            item[subComponent].forEach((subItem) => {
+            item[subComponent].forEach((subItem, subItemIndex) => {
               // update sub item
-              subItem = dynamicFormSetup(
+              item[subComponent][subItemIndex] = dynamicFormSetup(
                 subItem,
                 subComponent,
                 craigState[jsonField],
diff --git a/package-lock.json b/package-lock.json
index acedfea0..87786b5c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "craig",
-  "version": "1.14.1",
+  "version": "1.15.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "craig",
-      "version": "1.14.1",
+      "version": "1.15.0",
       "license": "ISC",
       "dependencies": {
         "axios": "^1.6.3",
@@ -16,7 +16,7 @@
         "express": "^4.19.2",
         "js-yaml": "^4.1.0",
         "json-to-tf": "^0.2.1",
-        "lazy-z": "1.11.17",
+        "lazy-z": "1.11.18",
         "regex-but-with-words": "^1.5.1",
         "swagger-ui-express": "^5.0.0",
         "tar-stream": "^3.1.6"
@@ -2273,9 +2273,9 @@
       "dev": true
     },
     "node_modules/lazy-z": {
-      "version": "1.11.17",
-      "resolved": "https://registry.npmjs.org/lazy-z/-/lazy-z-1.11.17.tgz",
-      "integrity": "sha512-Cxn7zXtnGsH5wVk2M6T99Lg5pcLik4t+OmugmGdYOn8AAbQYU+zA9Sz87H7ANYWX9AGZFz5/4JZ4mNapcRDQ5A==",
+      "version": "1.11.18",
+      "resolved": "https://registry.npmjs.org/lazy-z/-/lazy-z-1.11.18.tgz",
+      "integrity": "sha512-sqJJldfPDPF8lZb+4CrPISJSOVZKsgI4ASFVySE/LqG4Jc4RCk8ACgRrkF4PEvfXXANscHgWoms2WZdJbuW/uw==",
       "dependencies": {
         "regex-but-with-words": "^1.5.0"
       }
diff --git a/package.json b/package.json
index c96f32e4..a5efce5f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "craig",
-  "version": "1.14.1",
+  "version": "1.15.0",
   "description": "gui for generating ibm cloud infrastructure resources",
   "main": "index.js",
   "scripts": {
@@ -44,7 +44,7 @@
     "express": "^4.19.2",
     "js-yaml": "^4.1.0",
     "json-to-tf": "^0.2.1",
-    "lazy-z": "1.11.17",
+    "lazy-z": "1.11.18",
     "regex-but-with-words": "^1.5.1",
     "swagger-ui-express": "^5.0.0",
     "tar-stream": "^3.1.6"
diff --git a/unit-tests/api-refactor/cluster-api.test.js b/unit-tests/api-refactor/cluster-api.test.js
new file mode 100644
index 00000000..9a982be8
--- /dev/null
+++ b/unit-tests/api-refactor/cluster-api.test.js
@@ -0,0 +1,180 @@
+const { assert } = require("chai");
+const sinon = require("sinon");
+const controller = require("../../express-controllers/controller");
+const res = require("../mocks/response.mock");
+const { initMockAxios } = require("lazy-z");
+
+describe("cluster api", () => {
+  let sendDataOnTokenValid = (res, field, callback) => {
+    return callback();
+  };
+  beforeEach(() => {
+    res.send = new sinon.spy();
+    sendDataOnTokenValid = new sinon.spy(sendDataOnTokenValid);
+  });
+  afterEach(() => {
+    delete process.env.CRAIG_PROD;
+  });
+  describe("/api/cluster/us-south/flavors", () => {
+    it("should respond with the correct data", () => {
+      let { axios } = initMockAxios([
+        { name: "bx2.16x64" },
+        { name: "bx2.2x8" },
+      ]);
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = sendDataOnTokenValid;
+      return testController
+        .clusterFlavors({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnceWith(["bx2.16x64", "bx2.2x8"]));
+          assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+        });
+    });
+    it("should respond with the correct data and store in flavors", () => {
+      let { axios } = initMockAxios([
+        { name: "bx2.16x64" },
+        { name: "bx2.2x8" },
+      ]);
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = sendDataOnTokenValid;
+      return testController
+        .clusterFlavors({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.deepEqual(
+            testController.flavors,
+            ["bx2.16x64", "bx2.2x8"],
+            "it should save flavors"
+          );
+          assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+        });
+    });
+    it("should send flavors in controller constructor if there are flavors and the token is not expired", () => {
+      let { axios } = initMockAxios([
+        { name: "bx2.16x64" },
+        { name: "bx2.2x8" },
+      ]);
+      let testController = new controller(axios);
+      let mockExpiration = Math.floor(Date.now() / 1000) + 100;
+      testController.expiration = mockExpiration;
+      testController.flavors = ["1234"];
+      testController.token = "1234";
+      testController.sendDataOnTokenValid = new sinon.spy(
+        testController.sendDataOnTokenValid
+      );
+      return testController
+        .clusterFlavors({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnceWith(["1234"]), "it should be true");
+          assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+        });
+    });
+    it("should respond with error", () => {
+      let { axios } = initMockAxios(
+        { response: "should return this when err" },
+        true
+      );
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = sendDataOnTokenValid;
+      return testController
+        .clusterFlavors({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnceWith("should return this when err"));
+          assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+        });
+    });
+  });
+  describe("/api/cluster/versions", () => {
+    let data = {
+      kubernetes: [
+        {
+          major: 1,
+          minor: 23,
+          patch: 15,
+          default: false,
+          end_of_service: "",
+        },
+        {
+          major: 1,
+          minor: 24,
+          patch: 9,
+          default: true,
+          end_of_service: "",
+        },
+      ],
+      openshift: [
+        {
+          major: 4,
+          minor: 10,
+          patch: 43,
+          default: true,
+          end_of_service: "",
+        },
+        {
+          major: 4,
+          minor: 11,
+          patch: 17,
+          default: false,
+          end_of_service: "",
+        },
+      ],
+    };
+    it("should return the correct data", () => {
+      let { axios } = initMockAxios(data);
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = sendDataOnTokenValid;
+      return testController.clusterVersions({}, res).then(() => {
+        assert.isTrue(
+          res.send.calledOnceWith([
+            "4.10.43_openshift (Default)",
+            "1.24.9 (Default)",
+            "1.23.15",
+            "4.11.17_openshift",
+          ])
+        );
+        assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+      });
+    });
+    it("should set versions in controller constructor", () => {
+      let { axios } = initMockAxios(data);
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = sendDataOnTokenValid;
+      return testController.clusterVersions({}, res).then(() => {
+        assert.deepEqual(
+          testController.versions,
+          [
+            "4.10.43_openshift (Default)",
+            "1.24.9 (Default)",
+            "1.23.15",
+            "4.11.17_openshift",
+          ],
+          "it should have versions"
+        );
+        assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+      });
+    });
+    it("should send versions in controller constructor if there are versions and the token is not expired", () => {
+      let { axios } = initMockAxios(data);
+      let testController = new controller(axios);
+      let mockExpiration = Math.floor(Date.now() / 1000) + 100;
+      testController.expiration = mockExpiration;
+      testController.versions = ["1234"];
+      testController.token = "1234";
+      testController.sendDataOnTokenValid = new sinon.spy(
+        testController.sendDataOnTokenValid
+      );
+      return testController.clusterVersions({}, res).then(() => {
+        assert.isTrue(res.send.calledOnceWith(["1234"]));
+        assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+      });
+    });
+    it("should respond with error", () => {
+      let { axios } = initMockAxios(data, true);
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = sendDataOnTokenValid;
+      return testController.clusterVersions({}, res).then(() => {
+        assert.isTrue(res.send.calledOnce);
+        assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+      });
+    });
+  });
+});
diff --git a/unit-tests/api-refactor/vsi-api.test.js b/unit-tests/api-refactor/vsi-api.test.js
new file mode 100644
index 00000000..a81515d4
--- /dev/null
+++ b/unit-tests/api-refactor/vsi-api.test.js
@@ -0,0 +1,271 @@
+const { assert } = require("chai");
+const sinon = require("sinon");
+const controller = require("../../express-controllers/controller");
+const res = require("../mocks/response.mock");
+const { initMockAxios } = require("lazy-z");
+const { initRecursiveMockAxios } = require("../mocks/recursive-axios.mock");
+
+describe("vsi api", () => {
+  let spyFns;
+  beforeEach(() => {
+    res.send = new sinon.spy();
+    spyFns = {
+      sendDataOnTokenValid: (res, field, callback) => {
+        return callback();
+      },
+      getBearerToken: () => {
+        return new Promise((resolve) => resolve("token"));
+      },
+    };
+  });
+  afterEach(() => {
+    delete process.env.CRAIG_PROD;
+  });
+
+  describe("/api/vsi/us-south/instanceProfiles", () => {
+    it("should respond with the correct data", () => {
+      let { axios } = initMockAxios({
+        profiles: [
+          { name: "bx2-2x8" },
+          { name: "bx2-4x16" },
+          { name: "bx2-8x32" },
+        ],
+      });
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = new sinon.spy(
+        spyFns,
+        "sendDataOnTokenValid"
+      );
+      testController.getBearerToken = new sinon.spy(spyFns, "getBearerToken");
+      return testController
+        .vsiInstanceProfiles({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(
+            res.send.calledOnceWith(["bx2-2x8", "bx2-4x16", "bx2-8x32"])
+          );
+          assert.isTrue(
+            testController.getBearerToken.calledOnce,
+            "should be true"
+          );
+          assert.isTrue(
+            testController.sendDataOnTokenValid.calledOnce,
+            "should be true"
+          );
+        });
+    });
+    it("should respond with error", () => {
+      let { axios } = initMockAxios(
+        {
+          profiles: [
+            { name: "bx2-2x8" },
+            { name: "bx2-4x16" },
+            { name: "bx2-8x32" },
+          ],
+          response: "response",
+        },
+        true
+      );
+      let testController = new controller(axios);
+      testController.sendDataOnTokenValid = new sinon.spy(
+        spyFns,
+        "sendDataOnTokenValid"
+      );
+      testController.getBearerToken = new sinon.spy(spyFns, "getBearerToken");
+      return testController
+        .vsiInstanceProfiles({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnceWith("response"));
+          assert.isTrue(
+            testController.getBearerToken.calledOnce,
+            "should be true"
+          );
+          assert.isTrue(
+            testController.sendDataOnTokenValid.calledOnce,
+            "should be true"
+          );
+        });
+    });
+  });
+  describe("/api/vsi/us-south/images", () => {
+    let data;
+    beforeEach(() => {
+      data = [
+        {
+          images: [
+            {
+              name: "windows-2016-amd64",
+              operating_system: {
+                display_name: "Windows Server 2016 Standard Edition (amd64)",
+              },
+            },
+            {
+              name: "debian-9-amd64",
+              operating_system: {
+                display_name:
+                  "Debian GNU/Linux 9.x Stretch/Stable - Minimal Install (amd64)",
+              },
+            },
+            {
+              name: "my-image",
+              operating_system: {
+                display_name:
+                  "Ubuntu Linux 16.04 LTS Xenial Xerus Minimal Install (amd64)",
+              },
+            },
+          ],
+          limit: 50,
+          total_count: 101,
+          next: {
+            href: "https://us-south.iaas.cloud.ibm.com/v1/images?limit=100&start=123456",
+          },
+        },
+        {
+          images: [
+            {
+              name: "windows-2016-amd64",
+              operating_system: {
+                display_name: "Windows Server 2016 Standard Edition (amd64) 2",
+              },
+            },
+            {
+              name: "debian-9-amd64",
+              operating_system: {
+                display_name:
+                  "Debian GNU/Linux 9.x Stretch/Stable - Minimal Install (amd64) 2",
+              },
+            },
+            {
+              name: "my-image",
+              operating_system: {
+                display_name:
+                  "Ubuntu Linux 16.04 LTS Xenial Xerus Minimal Install (amd64) 2",
+              },
+            },
+          ],
+          limit: 50,
+          total_count: 1,
+        },
+      ];
+    });
+    it("should respond with the correct data", () => {
+      let { axios } = initRecursiveMockAxios(data, false, true);
+      let testController = new controller(axios);
+      testController.getBearerToken = new sinon.spy(spyFns, "getBearerToken");
+      testController.sendDataOnTokenValid = new sinon.spy(
+        spyFns,
+        "sendDataOnTokenValid"
+      );
+      return testController
+        .vsiImages({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnce);
+          assert.deepEqual(
+            res.send.lastCall.args,
+            [
+              [
+                "Debian GNU/Linux 9.x Stretch/Stable - Minimal Install (amd64) 2 [debian-9-amd64]",
+                "Debian GNU/Linux 9.x Stretch/Stable - Minimal Install (amd64) [debian-9-amd64]",
+                "Ubuntu Linux 16.04 LTS Xenial Xerus Minimal Install (amd64) 2 [my-image]",
+                "Ubuntu Linux 16.04 LTS Xenial Xerus Minimal Install (amd64) [my-image]",
+                "Windows Server 2016 Standard Edition (amd64) 2 [windows-2016-amd64]",
+                "Windows Server 2016 Standard Edition (amd64) [windows-2016-amd64]",
+              ],
+            ],
+            "it should get images"
+          );
+          assert.isTrue(
+            testController.getBearerToken.calledTwice,
+            "should be true"
+          );
+          assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+        });
+    });
+    it("should respond with error", () => {
+      let { axios } = initMockAxios(
+        {
+          images: [
+            {
+              name: "windows-2016-amd64",
+              operating_system: {
+                display_name: "Windows Server 2016 Standard Edition (amd64)",
+              },
+            },
+            {
+              name: "debian-9-amd64",
+              operating_system: {
+                display_name:
+                  "Debian GNU/Linux 9.x Stretch/Stable - Minimal Install (amd64)",
+              },
+            },
+            {
+              name: "my-image",
+              operating_system: {
+                display_name:
+                  "Ubuntu Linux 16.04 LTS Xenial Xerus Minimal Install (amd64)",
+              },
+            },
+          ],
+          limit: 50,
+          total_count: 101,
+          next: {
+            href: "https://us-south.iaas.cloud.ibm.com/v1/images?limit=100&start=123456",
+          },
+          data: "should be returned on err",
+        },
+        true,
+        true
+      );
+      let testController = new controller(axios);
+      testController.getBearerToken = new sinon.spy(spyFns, "getBearerToken");
+      testController.sendDataOnTokenValid = new sinon.spy(
+        spyFns,
+        "sendDataOnTokenValid"
+      );
+      return testController
+        .vsiImages({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnceWith("should be returned on err"));
+          assert.isTrue(
+            testController.getBearerToken.calledOnce,
+            "should be true"
+          );
+          assert.isTrue(testController.sendDataOnTokenValid.calledOnce);
+        });
+    });
+  });
+  describe("/api/vsi/us-south/snapshots", () => {
+    let data;
+    beforeEach(() => {
+      data = [{ name: "frog" }, { name: "toad" }];
+    });
+    it("should respond with the correct data", () => {
+      let { axios } = initMockAxios({ snapshots: data });
+      let testController = new controller(axios);
+      testController.getBearerToken = new sinon.spy(spyFns, "getBearerToken");
+      return testController
+        .vsiSnapShots({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnce);
+          assert.isTrue(
+            res.send.calledOnceWith(["frog", "toad"]),
+            "it should get images"
+          );
+          assert.isTrue(testController.getBearerToken.calledOnce);
+        });
+    });
+    it("should respond with error", () => {
+      let { axios } = initMockAxios(
+        { data: "should return this on err" },
+        true
+      );
+      let testController = new controller(axios);
+      testController.getBearerToken = new sinon.spy(spyFns, "getBearerToken");
+      return testController
+        .vsiSnapShots({ params: { region: "us-south" } }, res)
+        .then(() => {
+          assert.isTrue(res.send.calledOnceWith("should return this on err"));
+          assert.isTrue(testController.getBearerToken.calledOnce);
+        });
+    });
+  });
+});
diff --git a/unit-tests/api/controller.test.js b/unit-tests/api/controller.test.js
index ca00da5c..5c74ea34 100644
--- a/unit-tests/api/controller.test.js
+++ b/unit-tests/api/controller.test.js
@@ -2,12 +2,7 @@ const { assert } = require("chai");
 const sinon = require("sinon");
 const controller = require("../../express-controllers/controller");
 const res = require("../mocks/response.mock");
-const vsiInstanceProfilesRaw = require("../data-files/vsiInstanceProfilesRaw.json");
-const vsiImagesRaw = require("../data-files/vsiImagesRaw.json");
-const clusterFlavorsRaw = require("../data-files/clusterFlavorRaw.json");
-const clusterVersionRaw = require("../data-files/clusterVersionRaw.json");
 const { initMockAxios } = require("lazy-z");
-const testJson = require("../data-files/craig-json.json");
 
 describe("controller", () => {
   beforeEach(() => {
@@ -16,6 +11,16 @@ describe("controller", () => {
   afterEach(() => {
     delete process.env.CRAIG_PROD;
   });
+  describe("sendDataOnTokenValid", () => {
+    it("should use callback when invalid token", () => {
+      let axios = initMockAxios({});
+      let testController = new controller(axios);
+      let callback = () => {
+        assert.isTrue(true, "it should be true");
+      };
+      return testController.sendDataOnTokenValid({}, "field", callback);
+    });
+  });
   describe("getBearerToken", () => {
     let requestConfig = {
       method: "post",
diff --git a/unit-tests/api/craig-api.test.js b/unit-tests/api/craig-api.test.js
index e20d29ab..74d06f45 100644
--- a/unit-tests/api/craig-api.test.js
+++ b/unit-tests/api/craig-api.test.js
@@ -71,7 +71,7 @@ describe("craig api", () => {
         },
         {
           name: "craig/key_management.tf",
-          data: '##############################################################################\n# Key Management Instance Kms\n##############################################################################\n\nresource "ibm_resource_instance" "kms" {\n  name              = "${var.prefix}-kms"\n  resource_group_id = ibm_resource_group.service_rg.id\n  service           = "kms"\n  plan              = "tiered-pricing"\n  location          = var.region\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\nresource "ibm_iam_authorization_policy" "kms_server_protect_policy" {\n  source_service_name         = "server-protect"\n  target_service_name         = "kms"\n  target_resource_instance_id = ibm_resource_instance.kms.guid\n  description                 = "Allow block storage volumes to be encrypted by Key Management instance."\n  roles = [\n    "Reader"\n  ]\n}\n\nresource "ibm_iam_authorization_policy" "kms_block_storage_policy" {\n  source_service_name         = "is"\n  target_service_name         = "kms"\n  target_resource_instance_id = ibm_resource_instance.kms.guid\n  description                 = "Allow block storage volumes to be encrypted by Key Management instance."\n  source_resource_type        = "share"\n  roles = [\n    "Reader",\n    "Authorization Delegator"\n  ]\n}\n\nresource "ibm_kms_key_rings" "kms_ring_ring" {\n  key_ring_id = "${var.prefix}-kms-ring"\n  instance_id = ibm_resource_instance.kms.guid\n}\n\nresource "ibm_kms_key" "kms_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  force_delete  = true\n  endpoint_type = "public"\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\nresource "ibm_kms_key" "kms_atracker_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-atracker-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  force_delete  = true\n  endpoint_type = "public"\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_atracker_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_atracker_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\nresource "ibm_kms_key" "kms_vsi_volume_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-vsi-volume-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  force_delete  = true\n  endpoint_type = "public"\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_vsi_volume_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_vsi_volume_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\nresource "ibm_kms_key" "kms_roks_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-roks-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  endpoint_type = "private"\n  force_delete  = null\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_roks_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_roks_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\n##############################################################################\n\n',
+          data: '##############################################################################\n# Key Management Instance Kms\n##############################################################################\n\nresource "ibm_resource_instance" "kms" {\n  name              = "${var.prefix}-kms"\n  resource_group_id = ibm_resource_group.service_rg.id\n  service           = "kms"\n  plan              = "tiered-pricing"\n  location          = var.region\n  tags = [\n    "hello",\n    "world"\n  ]\n}\n\nresource "ibm_iam_authorization_policy" "kms_server_protect_policy" {\n  source_service_name         = "server-protect"\n  target_service_name         = "kms"\n  target_resource_instance_id = ibm_resource_instance.kms.guid\n  description                 = "Allow block storage volumes to be encrypted by Key Management instance."\n  roles = [\n    "Reader"\n  ]\n}\n\nresource "ibm_iam_authorization_policy" "kms_block_storage_policy" {\n  source_service_name         = "is"\n  target_service_name         = "kms"\n  target_resource_instance_id = ibm_resource_instance.kms.guid\n  description                 = "Allow block storage volumes to be encrypted by Key Management instance."\n  source_resource_type        = "share"\n  roles = [\n    "Reader",\n    "Authorization Delegator"\n  ]\n}\n\nresource "ibm_kms_key_rings" "kms_ring_ring" {\n  key_ring_id = "${var.prefix}-kms-ring"\n  instance_id = ibm_resource_instance.kms.guid\n}\n\nresource "ibm_kms_key" "kms_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  force_delete  = true\n  endpoint_type = "public"\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\nresource "ibm_kms_key" "kms_atracker_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-atracker-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  force_delete  = true\n  endpoint_type = "public"\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_atracker_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_atracker_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\nresource "ibm_kms_key" "kms_vsi_volume_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-vsi-volume-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  force_delete  = true\n  endpoint_type = "public"\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_vsi_volume_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_vsi_volume_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\nresource "ibm_kms_key" "kms_roks_key_key" {\n  instance_id   = ibm_resource_instance.kms.guid\n  key_name      = "${var.prefix}-kms-roks-key"\n  standard_key  = false\n  key_ring_id   = ibm_kms_key_rings.kms_ring_ring.key_ring_id\n  force_delete  = false\n  endpoint_type = "private"\n  depends_on = [\n    ibm_iam_authorization_policy.kms_server_protect_policy,\n    ibm_iam_authorization_policy.kms_block_storage_policy\n  ]\n}\n\nresource "ibm_kms_key_policies" "kms_roks_key_key_policy" {\n  instance_id   = ibm_resource_instance.kms.guid\n  endpoint_type = "private"\n  key_id        = ibm_kms_key.kms_roks_key_key.key_id\n  rotation {\n    interval_month = 1\n  }\n  dual_auth_delete {\n    enabled = false\n  }\n}\n\n##############################################################################\n\n',
         },
         {
           name: "craig/object_storage.tf",
@@ -95,7 +95,7 @@ describe("craig api", () => {
         },
         {
           name: "craig/craig.json",
-          data: '{\n  "_options": {\n    "prefix": "iac",\n    "region": "us-south",\n    "tags": [\n      "hello",\n      "world"\n    ],\n    "zones": 3,\n    "endpoints": "private",\n    "account_id": null,\n    "fs_cloud": false,\n    "enable_classic": false,\n    "dynamic_subnets": true,\n    "enable_power_vs": false,\n    "power_vs_zones": [],\n    "craig_version": "1.12.0",\n    "power_vs_high_availability": false,\n    "no_vpn_secrets_manager_auth": false,\n    "power_vs_ha_zone_1": null,\n    "power_vs_ha_zone_2": null,\n    "manual_power_vsi_naming": false\n  },\n  "access_groups": [],\n  "appid": [],\n  "atracker": {\n    "enabled": true,\n    "type": "cos",\n    "name": "atracker",\n    "target_name": "atracker-cos",\n    "bucket": "atracker-bucket",\n    "add_route": true,\n    "cos_key": "cos-bind-key",\n    "locations": [\n      "global",\n      "us-south"\n    ],\n    "instance": false,\n    "plan": "lite",\n    "resource_group": null,\n    "archive": false\n  },\n  "cbr_rules": [],\n  "cbr_zones": [],\n  "classic_ssh_keys": [],\n  "classic_vlans": [],\n  "clusters": [\n    {\n      "kms": "kms",\n      "cos": "cos",\n      "entitlement": "cloud_pak",\n      "kube_type": "openshift",\n      "kube_version": "4.12.26_openshift",\n      "flavor": "bx2.16x64",\n      "name": "workload-cluster",\n      "resource_group": "workload-rg",\n      "encryption_key": "roks-key",\n      "subnets": [\n        "vsi-zone-1",\n        "vsi-zone-2",\n        "vsi-zone-3"\n      ],\n      "update_all_workers": false,\n      "vpc": "workload",\n      "worker_pools": [\n        {\n          "entitlement": "cloud_pak",\n          "cluster": "workload-cluster",\n          "flavor": "bx2.16x64",\n          "name": "logging-worker-pool",\n          "resource_group": "workload-rg",\n          "subnets": [\n            "vsi-zone-1",\n            "vsi-zone-2",\n            "vsi-zone-3"\n          ],\n          "vpc": "workload",\n          "workers_per_subnet": 2\n        }\n      ],\n      "opaque_secrets": [],\n      "workers_per_subnet": 2,\n      "private_endpoint": true\n    }\n  ],\n  "dns": [],\n  "event_streams": [],\n  "f5_vsi": [],\n  "iam_account_settings": {\n    "enable": false,\n    "mfa": null,\n    "allowed_ip_addresses": null,\n    "include_history": false,\n    "if_match": null,\n    "max_sessions_per_identity": null,\n    "restrict_create_service_id": null,\n    "restrict_create_platform_apikey": null,\n    "session_expiration_in_seconds": null,\n    "session_invalidation_in_seconds": null\n  },\n  "icd": [],\n  "key_management": [\n    {\n      "name": "kms",\n      "resource_group": "service-rg",\n      "use_hs_crypto": false,\n      "authorize_vpc_reader_role": true,\n      "use_data": false,\n      "keys": [\n        {\n          "key_ring": "ring",\n          "name": "key",\n          "root_key": true,\n          "force_delete": true,\n          "endpoint": "public",\n          "rotation": 1,\n          "dual_auth_delete": false\n        },\n        {\n          "key_ring": "ring",\n          "name": "atracker-key",\n          "root_key": true,\n          "force_delete": true,\n          "endpoint": "public",\n          "rotation": 1,\n          "dual_auth_delete": false\n        },\n        {\n          "key_ring": "ring",\n          "name": "vsi-volume-key",\n          "root_key": true,\n          "force_delete": true,\n          "endpoint": "public",\n          "rotation": 1,\n          "dual_auth_delete": false\n        },\n        {\n          "key_ring": "ring",\n          "name": "roks-key",\n          "root_key": true,\n          "force_delete": null,\n          "endpoint": null,\n          "rotation": 1,\n          "dual_auth_delete": false\n        }\n      ]\n    }\n  ],\n  "load_balancers": [],\n  "logdna": {\n    "name": "logdna",\n    "archive": false,\n    "enabled": false,\n    "plan": "lite",\n    "endpoints": "private",\n    "platform_logs": false,\n    "resource_group": "service-rg",\n    "cos": "atracker-cos",\n    "bucket": "atracker-bucket"\n  },\n  "object_storage": [\n    {\n      "buckets": [\n        {\n          "endpoint": "public",\n          "force_delete": true,\n          "kms_key": "atracker-key",\n          "name": "atracker-bucket",\n          "storage_class": "standard",\n          "use_random_suffix": true\n        }\n      ],\n      "keys": [\n        {\n          "name": "cos-bind-key",\n          "role": "Writer",\n          "enable_hmac": false,\n          "use_random_suffix": true\n        }\n      ],\n      "name": "atracker-cos",\n      "plan": "standard",\n      "resource_group": "service-rg",\n      "use_data": false,\n      "use_random_suffix": true,\n      "kms": "kms"\n    },\n    {\n      "buckets": [\n        {\n          "endpoint": "public",\n          "force_delete": true,\n          "kms_key": "key",\n          "name": "management-bucket",\n          "storage_class": "standard",\n          "use_random_suffix": true\n        },\n        {\n          "endpoint": "public",\n          "force_delete": true,\n          "kms_key": "key",\n          "name": "workload-bucket",\n          "storage_class": "standard",\n          "use_random_suffix": true\n        }\n      ],\n      "use_random_suffix": true,\n      "keys": [],\n      "name": "cos",\n      "plan": "standard",\n      "resource_group": "service-rg",\n      "use_data": false,\n      "kms": "kms"\n    }\n  ],\n  "power": [],\n  "power_instances": [],\n  "power_volumes": [],\n  "resource_groups": [\n    {\n      "use_prefix": true,\n      "name": "service-rg",\n      "use_data": false\n    },\n    {\n      "use_prefix": true,\n      "name": "management-rg",\n      "use_data": false\n    },\n    {\n      "use_prefix": true,\n      "name": "workload-rg",\n      "use_data": false\n    }\n  ],\n  "routing_tables": [],\n  "scc": {\n    "credential_description": null,\n    "id": null,\n    "passphrase": null,\n    "name": "",\n    "location": "us",\n    "collector_description": null,\n    "is_public": false,\n    "scope_description": null,\n    "enable": false\n  },\n  "secrets_manager": [],\n  "security_groups": [\n    {\n      "vpc": "management",\n      "name": "management-vpe",\n      "resource_group": "management-rg",\n      "rules": [\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "inbound",\n          "name": "allow-ibm-inbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "inbound",\n          "name": "allow-vpc-inbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-vpc-outbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-53-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 53,\n            "port_min": 53\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-80-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 80,\n            "port_min": 80\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-443-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 443,\n            "port_min": 443\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        }\n      ],\n      "use_data": false\n    },\n    {\n      "vpc": "workload",\n      "name": "workload-vpe",\n      "resource_group": "workload-rg",\n      "rules": [\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "inbound",\n          "name": "allow-ibm-inbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "inbound",\n          "name": "allow-vpc-inbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-vpc-outbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-53-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 53,\n            "port_min": 53\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-80-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 80,\n            "port_min": 80\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-443-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 443,\n            "port_min": 443\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        }\n      ],\n      "use_data": false\n    },\n    {\n      "vpc": "management",\n      "name": "management-vsi",\n      "resource_group": "management-rg",\n      "rules": [\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "inbound",\n          "name": "allow-ibm-inbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "inbound",\n          "name": "allow-vpc-inbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-vpc-outbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-53-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 53,\n            "port_min": 53\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-80-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 80,\n            "port_min": 80\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-443-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 443,\n            "port_min": 443\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        }\n      ],\n      "use_data": false\n    }\n  ],\n  "ssh_keys": [\n    {\n      "name": "ssh-key",\n      "public_key": null,\n      "resource_group": "management-rg",\n      "use_data": false\n    }\n  ],\n  "sysdig": {\n    "enabled": false,\n    "plan": "graduated-tier",\n    "resource_group": "service-rg",\n    "name": "sysdig",\n    "platform_logs": false\n  },\n  "teleport_vsi": [],\n  "transit_gateways": [\n    {\n      "name": "transit-gateway",\n      "resource_group": "service-rg",\n      "global": false,\n      "connections": [\n        {\n          "tgw": "transit-gateway",\n          "vpc": "management"\n        },\n        {\n          "tgw": "transit-gateway",\n          "vpc": "workload"\n        }\n      ],\n      "use_data": false,\n      "prefix_filters": [],\n      "gre_tunnels": [],\n      "crns": null,\n      "classic": false\n    }\n  ],\n  "virtual_private_endpoints": [\n    {\n      "name": "management-cos",\n      "service": "cos",\n      "vpc": "management",\n      "resource_group": "management-rg",\n      "security_groups": [\n        "management-vpe"\n      ],\n      "subnets": [\n        "vpe-zone-1",\n        "vpe-zone-2",\n        "vpe-zone-3"\n      ],\n      "instance": null\n    },\n    {\n      "name": "workload-cos",\n      "service": "cos",\n      "vpc": "workload",\n      "resource_group": "workload-rg",\n      "security_groups": [\n        "workload-vpe"\n      ],\n      "subnets": [\n        "vpe-zone-1",\n        "vpe-zone-2",\n        "vpe-zone-3"\n      ],\n      "instance": null\n    }\n  ],\n  "vpcs": [\n    {\n      "cos": "cos",\n      "bucket": "management-bucket",\n      "name": "management",\n      "resource_group": "management-rg",\n      "classic_access": false,\n      "manual_address_prefix_management": true,\n      "default_network_acl_name": null,\n      "default_security_group_name": null,\n      "default_routing_table_name": null,\n      "publicGateways": [],\n      "address_prefixes": [\n        {\n          "vpc": "management",\n          "zone": 1,\n          "name": "management-zone-1",\n          "cidr": "10.10.0.0/22"\n        },\n        {\n          "vpc": "management",\n          "zone": 2,\n          "name": "management-zone-2",\n          "cidr": "10.20.0.0/22"\n        },\n        {\n          "vpc": "management",\n          "zone": 3,\n          "name": "management-zone-3",\n          "cidr": "10.30.0.0/22"\n        }\n      ],\n      "subnets": [\n        {\n          "vpc": "management",\n          "zone": 1,\n          "cidr": "10.10.0.0/29",\n          "name": "vsi-zone-1",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 1,\n          "cidr": "10.10.0.16/28",\n          "name": "vpn-zone-1",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 2,\n          "cidr": "10.20.0.0/29",\n          "name": "vsi-zone-2",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 3,\n          "cidr": "10.30.0.0/29",\n          "name": "vsi-zone-3",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 1,\n          "cidr": "10.10.0.48/29",\n          "name": "vpe-zone-1",\n          "resource_group": "management-rg",\n          "network_acl": "management",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 2,\n          "cidr": "10.20.0.16/29",\n          "name": "vpe-zone-2",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 3,\n          "cidr": "10.30.0.16/29",\n          "name": "vpe-zone-3",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        }\n      ],\n      "public_gateways": [],\n      "acls": [\n        {\n          "resource_group": "management-rg",\n          "name": "management",\n          "vpc": "management",\n          "rules": [\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-ibm-inbound",\n              "source": "161.26.0.0/16",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "source": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-ibm-outbound",\n              "destination": "161.26.0.0/16",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-all-network-inbound",\n              "source": "10.0.0.0/8",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-all-network-outbound",\n              "source": "10.0.0.0/8",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            }\n          ],\n          "use_data": false\n        }\n      ],\n      "subnetTiers": [\n        {\n          "name": "vsi",\n          "zones": 3\n        },\n        {\n          "name": "vpn",\n          "zones": 1\n        },\n        {\n          "name": "vpe",\n          "zones": 3\n        }\n      ],\n      "use_data": false\n    },\n    {\n      "cos": "cos",\n      "bucket": "workload-bucket",\n      "name": "workload",\n      "resource_group": "workload-rg",\n      "classic_access": false,\n      "manual_address_prefix_management": true,\n      "default_network_acl_name": null,\n      "default_security_group_name": null,\n      "default_routing_table_name": null,\n      "publicGateways": [],\n      "address_prefixes": [\n        {\n          "vpc": "workload",\n          "zone": 1,\n          "name": "workload-zone-1",\n          "cidr": "10.40.0.0/22"\n        },\n        {\n          "vpc": "workload",\n          "zone": 2,\n          "name": "workload-zone-2",\n          "cidr": "10.50.0.0/22"\n        },\n        {\n          "vpc": "workload",\n          "zone": 3,\n          "name": "workload-zone-3",\n          "cidr": "10.60.0.0/22"\n        }\n      ],\n      "subnets": [\n        {\n          "vpc": "workload",\n          "zone": 1,\n          "cidr": "10.40.0.0/28",\n          "name": "vsi-zone-1",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 2,\n          "cidr": "10.50.0.0/28",\n          "name": "vsi-zone-2",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 3,\n          "cidr": "10.60.0.0/28",\n          "name": "vsi-zone-3",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 1,\n          "cidr": "10.40.0.32/29",\n          "name": "vpe-zone-1",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 2,\n          "cidr": "10.50.0.32/29",\n          "name": "vpe-zone-2",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 3,\n          "cidr": "10.60.0.32/29",\n          "name": "vpe-zone-3",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        }\n      ],\n      "public_gateways": [],\n      "acls": [\n        {\n          "resource_group": "workload-rg",\n          "name": "workload",\n          "vpc": "workload",\n          "rules": [\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-ibm-inbound",\n              "source": "161.26.0.0/16",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "source": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-ibm-outbound",\n              "destination": "161.26.0.0/16",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-all-network-inbound",\n              "source": "10.0.0.0/8",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-all-network-outbound",\n              "source": "10.0.0.0/8",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            }\n          ],\n          "use_data": false\n        }\n      ],\n      "subnetTiers": [\n        {\n          "name": "vsi",\n          "zones": 3\n        },\n        {\n          "name": "vpe",\n          "zones": 3\n        }\n      ],\n      "use_data": false\n    }\n  ],\n  "vpn_gateways": [\n    {\n      "name": "management-gateway",\n      "resource_group": "management-rg",\n      "subnet": "vpn-zone-1",\n      "vpc": "management",\n      "connections": [],\n      "policy_mode": false,\n      "additional_prefixes": []\n    }\n  ],\n  "vpn_servers": [],\n  "vsi": [\n    {\n      "kms": "kms",\n      "encryption_key": "vsi-volume-key",\n      "image": "ibm-ubuntu-22-04-1-minimal-amd64-1",\n      "profile": "cx2-4x8",\n      "name": "management-server",\n      "security_groups": [\n        "management-vsi"\n      ],\n      "ssh_keys": [\n        "ssh-key"\n      ],\n      "subnets": [\n        "vsi-zone-1",\n        "vsi-zone-2",\n        "vsi-zone-3"\n      ],\n      "vpc": "management",\n      "vsi_per_subnet": 2,\n      "resource_group": "management-rg",\n      "override_vsi_name": null,\n      "user_data": null,\n      "network_interfaces": [],\n      "volumes": [],\n      "image_name": null,\n      "enable_floating_ip": false,\n      "primary_interface_ip_spoofing": false,\n      "use_variable_names": false,\n      "snapshot": null,\n      "use_snapshot": false\n    }\n  ]\n}',
+          data: '{\n  "_options": {\n    "prefix": "iac",\n    "region": "us-south",\n    "tags": [\n      "hello",\n      "world"\n    ],\n    "zones": 3,\n    "endpoints": "private",\n    "account_id": null,\n    "fs_cloud": false,\n    "enable_classic": false,\n    "dynamic_subnets": true,\n    "enable_power_vs": false,\n    "power_vs_zones": [],\n    "craig_version": "1.12.0",\n    "power_vs_high_availability": false,\n    "no_vpn_secrets_manager_auth": false,\n    "power_vs_ha_zone_1": null,\n    "power_vs_ha_zone_2": null,\n    "manual_power_vsi_naming": false\n  },\n  "access_groups": [],\n  "appid": [],\n  "atracker": {\n    "enabled": true,\n    "type": "cos",\n    "name": "atracker",\n    "target_name": "atracker-cos",\n    "bucket": "atracker-bucket",\n    "add_route": true,\n    "cos_key": "cos-bind-key",\n    "locations": [\n      "global",\n      "us-south"\n    ],\n    "instance": false,\n    "plan": "lite",\n    "resource_group": null,\n    "archive": false\n  },\n  "cbr_rules": [],\n  "cbr_zones": [],\n  "classic_ssh_keys": [],\n  "classic_vlans": [],\n  "clusters": [\n    {\n      "kms": "kms",\n      "cos": "cos",\n      "entitlement": "cloud_pak",\n      "kube_type": "openshift",\n      "kube_version": "4.12.26_openshift",\n      "flavor": "bx2.16x64",\n      "name": "workload-cluster",\n      "resource_group": "workload-rg",\n      "encryption_key": "roks-key",\n      "subnets": [\n        "vsi-zone-1",\n        "vsi-zone-2",\n        "vsi-zone-3"\n      ],\n      "update_all_workers": false,\n      "vpc": "workload",\n      "worker_pools": [\n        {\n          "entitlement": "cloud_pak",\n          "cluster": "workload-cluster",\n          "flavor": "bx2.16x64",\n          "name": "logging-worker-pool",\n          "resource_group": "workload-rg",\n          "subnets": [\n            "vsi-zone-1",\n            "vsi-zone-2",\n            "vsi-zone-3"\n          ],\n          "vpc": "workload",\n          "workers_per_subnet": 2\n        }\n      ],\n      "opaque_secrets": [],\n      "workers_per_subnet": 2,\n      "private_endpoint": true\n    }\n  ],\n  "dns": [],\n  "event_streams": [],\n  "f5_vsi": [],\n  "iam_account_settings": {\n    "enable": false,\n    "mfa": null,\n    "allowed_ip_addresses": null,\n    "include_history": false,\n    "if_match": null,\n    "max_sessions_per_identity": null,\n    "restrict_create_service_id": null,\n    "restrict_create_platform_apikey": null,\n    "session_expiration_in_seconds": null,\n    "session_invalidation_in_seconds": null\n  },\n  "icd": [],\n  "key_management": [\n    {\n      "name": "kms",\n      "resource_group": "service-rg",\n      "use_hs_crypto": false,\n      "authorize_vpc_reader_role": true,\n      "use_data": false,\n      "keys": [\n        {\n          "key_ring": "ring",\n          "name": "key",\n          "root_key": true,\n          "force_delete": true,\n          "endpoint": "public",\n          "rotation": 1,\n          "dual_auth_delete": false\n        },\n        {\n          "key_ring": "ring",\n          "name": "atracker-key",\n          "root_key": true,\n          "force_delete": true,\n          "endpoint": "public",\n          "rotation": 1,\n          "dual_auth_delete": false\n        },\n        {\n          "key_ring": "ring",\n          "name": "vsi-volume-key",\n          "root_key": true,\n          "force_delete": true,\n          "endpoint": "public",\n          "rotation": 1,\n          "dual_auth_delete": false\n        },\n        {\n          "key_ring": "ring",\n          "name": "roks-key",\n          "root_key": true,\n          "force_delete": false,\n          "endpoint": null,\n          "rotation": 1,\n          "dual_auth_delete": false\n        }\n      ]\n    }\n  ],\n  "load_balancers": [],\n  "logdna": {\n    "name": "logdna",\n    "archive": false,\n    "enabled": false,\n    "plan": "lite",\n    "endpoints": "private",\n    "platform_logs": false,\n    "resource_group": "service-rg",\n    "cos": "atracker-cos",\n    "bucket": "atracker-bucket"\n  },\n  "object_storage": [\n    {\n      "buckets": [\n        {\n          "endpoint": "public",\n          "force_delete": true,\n          "kms_key": "atracker-key",\n          "name": "atracker-bucket",\n          "storage_class": "standard",\n          "use_random_suffix": true,\n          "activity_tracking": false,\n          "read_data_events": false,\n          "write_data_events": false,\n          "activity_tracking_crn": null,\n          "metrics_monitoring": false,\n          "usage_metrics_enabled": false,\n          "request_metrics_enabled": false,\n          "metrics_monitoring_crn": null\n        }\n      ],\n      "keys": [\n        {\n          "name": "cos-bind-key",\n          "role": "Writer",\n          "enable_hmac": false,\n          "use_random_suffix": true\n        }\n      ],\n      "name": "atracker-cos",\n      "plan": "standard",\n      "resource_group": "service-rg",\n      "use_data": false,\n      "use_random_suffix": true,\n      "kms": "kms"\n    },\n    {\n      "buckets": [\n        {\n          "endpoint": "public",\n          "force_delete": true,\n          "kms_key": "key",\n          "name": "management-bucket",\n          "storage_class": "standard",\n          "use_random_suffix": true,\n          "activity_tracking": false,\n          "read_data_events": false,\n          "write_data_events": false,\n          "activity_tracking_crn": null,\n          "metrics_monitoring": false,\n          "usage_metrics_enabled": false,\n          "request_metrics_enabled": false,\n          "metrics_monitoring_crn": null\n        },\n        {\n          "endpoint": "public",\n          "force_delete": true,\n          "kms_key": "key",\n          "name": "workload-bucket",\n          "storage_class": "standard",\n          "use_random_suffix": true,\n          "activity_tracking": false,\n          "read_data_events": false,\n          "write_data_events": false,\n          "activity_tracking_crn": null,\n          "metrics_monitoring": false,\n          "usage_metrics_enabled": false,\n          "request_metrics_enabled": false,\n          "metrics_monitoring_crn": null\n        }\n      ],\n      "use_random_suffix": true,\n      "keys": [],\n      "name": "cos",\n      "plan": "standard",\n      "resource_group": "service-rg",\n      "use_data": false,\n      "kms": "kms"\n    }\n  ],\n  "power": [],\n  "power_instances": [],\n  "power_volumes": [],\n  "resource_groups": [\n    {\n      "use_prefix": true,\n      "name": "service-rg",\n      "use_data": false\n    },\n    {\n      "use_prefix": true,\n      "name": "management-rg",\n      "use_data": false\n    },\n    {\n      "use_prefix": true,\n      "name": "workload-rg",\n      "use_data": false\n    }\n  ],\n  "routing_tables": [],\n  "scc": {\n    "credential_description": null,\n    "id": null,\n    "passphrase": null,\n    "name": "",\n    "location": "us",\n    "collector_description": null,\n    "is_public": false,\n    "scope_description": null,\n    "enable": false\n  },\n  "secrets_manager": [],\n  "security_groups": [\n    {\n      "vpc": "management",\n      "name": "management-vpe",\n      "resource_group": "management-rg",\n      "rules": [\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "inbound",\n          "name": "allow-ibm-inbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "inbound",\n          "name": "allow-vpc-inbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-vpc-outbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-53-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 53,\n            "port_min": 53\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-80-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 80,\n            "port_min": 80\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-443-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 443,\n            "port_min": 443\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        }\n      ],\n      "use_data": false\n    },\n    {\n      "vpc": "workload",\n      "name": "workload-vpe",\n      "resource_group": "workload-rg",\n      "rules": [\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "inbound",\n          "name": "allow-ibm-inbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "inbound",\n          "name": "allow-vpc-inbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-vpc-outbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-53-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 53,\n            "port_min": 53\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-80-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 80,\n            "port_min": 80\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "workload",\n          "sg": "workload-vpe",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-443-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 443,\n            "port_min": 443\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        }\n      ],\n      "use_data": false\n    },\n    {\n      "vpc": "management",\n      "name": "management-vsi",\n      "resource_group": "management-rg",\n      "rules": [\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "inbound",\n          "name": "allow-ibm-inbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "inbound",\n          "name": "allow-vpc-inbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-vpc-outbound",\n          "source": "10.0.0.0/8",\n          "tcp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "all",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-53-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 53,\n            "port_min": 53\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-80-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 80,\n            "port_min": 80\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        },\n        {\n          "vpc": "management",\n          "sg": "management-vsi",\n          "direction": "outbound",\n          "name": "allow-ibm-tcp-443-outbound",\n          "source": "161.26.0.0/16",\n          "tcp": {\n            "port_max": 443,\n            "port_min": 443\n          },\n          "udp": {\n            "port_max": null,\n            "port_min": null\n          },\n          "icmp": {\n            "type": null,\n            "code": null\n          },\n          "ruleProtocol": "tcp",\n          "port_min": null,\n          "port_max": null,\n          "type": null,\n          "code": null\n        }\n      ],\n      "use_data": false\n    }\n  ],\n  "ssh_keys": [\n    {\n      "name": "ssh-key",\n      "public_key": null,\n      "resource_group": "management-rg",\n      "use_data": false\n    }\n  ],\n  "sysdig": {\n    "enabled": false,\n    "plan": "graduated-tier",\n    "resource_group": "service-rg",\n    "name": "sysdig",\n    "platform_logs": false\n  },\n  "teleport_vsi": [],\n  "transit_gateways": [\n    {\n      "name": "transit-gateway",\n      "resource_group": "service-rg",\n      "global": false,\n      "connections": [\n        {\n          "tgw": "transit-gateway",\n          "vpc": "management"\n        },\n        {\n          "tgw": "transit-gateway",\n          "vpc": "workload"\n        }\n      ],\n      "use_data": false,\n      "prefix_filters": [],\n      "gre_tunnels": [],\n      "crns": null,\n      "classic": false\n    }\n  ],\n  "virtual_private_endpoints": [\n    {\n      "name": "management-cos",\n      "service": "cos",\n      "vpc": "management",\n      "resource_group": "management-rg",\n      "security_groups": [\n        "management-vpe"\n      ],\n      "subnets": [\n        "vpe-zone-1",\n        "vpe-zone-2",\n        "vpe-zone-3"\n      ],\n      "instance": null\n    },\n    {\n      "name": "workload-cos",\n      "service": "cos",\n      "vpc": "workload",\n      "resource_group": "workload-rg",\n      "security_groups": [\n        "workload-vpe"\n      ],\n      "subnets": [\n        "vpe-zone-1",\n        "vpe-zone-2",\n        "vpe-zone-3"\n      ],\n      "instance": null\n    }\n  ],\n  "vpcs": [\n    {\n      "cos": "cos",\n      "bucket": "management-bucket",\n      "name": "management",\n      "resource_group": "management-rg",\n      "classic_access": false,\n      "manual_address_prefix_management": true,\n      "default_network_acl_name": null,\n      "default_security_group_name": null,\n      "default_routing_table_name": null,\n      "publicGateways": [],\n      "address_prefixes": [\n        {\n          "vpc": "management",\n          "zone": 1,\n          "name": "management-zone-1",\n          "cidr": "10.10.0.0/22"\n        },\n        {\n          "vpc": "management",\n          "zone": 2,\n          "name": "management-zone-2",\n          "cidr": "10.20.0.0/22"\n        },\n        {\n          "vpc": "management",\n          "zone": 3,\n          "name": "management-zone-3",\n          "cidr": "10.30.0.0/22"\n        }\n      ],\n      "subnets": [\n        {\n          "vpc": "management",\n          "zone": 1,\n          "cidr": "10.10.0.0/29",\n          "name": "vsi-zone-1",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 1,\n          "cidr": "10.10.0.16/28",\n          "name": "vpn-zone-1",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 2,\n          "cidr": "10.20.0.0/29",\n          "name": "vsi-zone-2",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 3,\n          "cidr": "10.30.0.0/29",\n          "name": "vsi-zone-3",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 1,\n          "cidr": "10.10.0.48/29",\n          "name": "vpe-zone-1",\n          "resource_group": "management-rg",\n          "network_acl": "management",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 2,\n          "cidr": "10.20.0.16/29",\n          "name": "vpe-zone-2",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "management",\n          "zone": 3,\n          "cidr": "10.30.0.16/29",\n          "name": "vpe-zone-3",\n          "network_acl": "management",\n          "resource_group": "management-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        }\n      ],\n      "public_gateways": [],\n      "acls": [\n        {\n          "resource_group": "management-rg",\n          "name": "management",\n          "vpc": "management",\n          "rules": [\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-ibm-inbound",\n              "source": "161.26.0.0/16",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "source": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-ibm-outbound",\n              "destination": "161.26.0.0/16",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-all-network-inbound",\n              "source": "10.0.0.0/8",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-all-network-outbound",\n              "source": "10.0.0.0/8",\n              "acl": "management",\n              "vpc": "management",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            }\n          ],\n          "use_data": false\n        }\n      ],\n      "subnetTiers": [\n        {\n          "name": "vsi",\n          "zones": 3,\n          "advanced": false,\n          "networkAcl": null,\n          "addPublicGateway": false\n        },\n        {\n          "name": "vpn",\n          "zones": 1,\n          "advanced": false,\n          "networkAcl": null,\n          "addPublicGateway": false\n        },\n        {\n          "name": "vpe",\n          "zones": 3,\n          "advanced": false,\n          "networkAcl": null,\n          "addPublicGateway": false\n        }\n      ],\n      "use_data": false\n    },\n    {\n      "cos": "cos",\n      "bucket": "workload-bucket",\n      "name": "workload",\n      "resource_group": "workload-rg",\n      "classic_access": false,\n      "manual_address_prefix_management": true,\n      "default_network_acl_name": null,\n      "default_security_group_name": null,\n      "default_routing_table_name": null,\n      "publicGateways": [],\n      "address_prefixes": [\n        {\n          "vpc": "workload",\n          "zone": 1,\n          "name": "workload-zone-1",\n          "cidr": "10.40.0.0/22"\n        },\n        {\n          "vpc": "workload",\n          "zone": 2,\n          "name": "workload-zone-2",\n          "cidr": "10.50.0.0/22"\n        },\n        {\n          "vpc": "workload",\n          "zone": 3,\n          "name": "workload-zone-3",\n          "cidr": "10.60.0.0/22"\n        }\n      ],\n      "subnets": [\n        {\n          "vpc": "workload",\n          "zone": 1,\n          "cidr": "10.40.0.0/28",\n          "name": "vsi-zone-1",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 2,\n          "cidr": "10.50.0.0/28",\n          "name": "vsi-zone-2",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 3,\n          "cidr": "10.60.0.0/28",\n          "name": "vsi-zone-3",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 1,\n          "cidr": "10.40.0.32/29",\n          "name": "vpe-zone-1",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 2,\n          "cidr": "10.50.0.32/29",\n          "name": "vpe-zone-2",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        },\n        {\n          "vpc": "workload",\n          "zone": 3,\n          "cidr": "10.60.0.32/29",\n          "name": "vpe-zone-3",\n          "network_acl": "workload",\n          "resource_group": "workload-rg",\n          "public_gateway": false,\n          "has_prefix": false\n        }\n      ],\n      "public_gateways": [],\n      "acls": [\n        {\n          "resource_group": "workload-rg",\n          "name": "workload",\n          "vpc": "workload",\n          "rules": [\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-ibm-inbound",\n              "source": "161.26.0.0/16",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "source": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-ibm-outbound",\n              "destination": "161.26.0.0/16",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "inbound",\n              "name": "allow-all-network-inbound",\n              "source": "10.0.0.0/8",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            },\n            {\n              "action": "allow",\n              "destination": "10.0.0.0/8",\n              "direction": "outbound",\n              "name": "allow-all-network-outbound",\n              "source": "10.0.0.0/8",\n              "acl": "workload",\n              "vpc": "workload",\n              "icmp": {\n                "type": null,\n                "code": null\n              },\n              "tcp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "udp": {\n                "port_min": null,\n                "port_max": null,\n                "source_port_min": null,\n                "source_port_max": null\n              },\n              "ruleProtocol": "all",\n              "port_min": null,\n              "port_max": null,\n              "type": null,\n              "code": null,\n              "source_port_min": null,\n              "source_port_max": null\n            }\n          ],\n          "use_data": false\n        }\n      ],\n      "subnetTiers": [\n        {\n          "name": "vsi",\n          "zones": 3,\n          "advanced": false,\n          "networkAcl": null,\n          "addPublicGateway": false\n        },\n        {\n          "name": "vpe",\n          "zones": 3,\n          "advanced": false,\n          "networkAcl": null,\n          "addPublicGateway": false\n        }\n      ],\n      "use_data": false\n    }\n  ],\n  "vpn_gateways": [\n    {\n      "name": "management-gateway",\n      "resource_group": "management-rg",\n      "subnet": "vpn-zone-1",\n      "vpc": "management",\n      "connections": [],\n      "policy_mode": false,\n      "additional_prefixes": []\n    }\n  ],\n  "vpn_servers": [],\n  "vsi": [\n    {\n      "kms": "kms",\n      "encryption_key": "vsi-volume-key",\n      "image": "ibm-ubuntu-22-04-1-minimal-amd64-1",\n      "profile": "cx2-4x8",\n      "name": "management-server",\n      "security_groups": [\n        "management-vsi"\n      ],\n      "ssh_keys": [\n        "ssh-key"\n      ],\n      "subnets": [\n        "vsi-zone-1",\n        "vsi-zone-2",\n        "vsi-zone-3"\n      ],\n      "vpc": "management",\n      "vsi_per_subnet": 2,\n      "resource_group": "management-rg",\n      "override_vsi_name": null,\n      "user_data": null,\n      "network_interfaces": [],\n      "volumes": [],\n      "image_name": null,\n      "enable_floating_ip": false,\n      "primary_interface_ip_spoofing": false,\n      "use_variable_names": false,\n      "snapshot": null,\n      "use_snapshot": false,\n      "reserved_ips": [\n        [\n          "",\n          ""\n        ],\n        [\n          "",\n          ""\n        ],\n        [\n          "",\n          ""\n        ]\n      ],\n      "enable_static_ips": false\n    }\n  ]\n}',
         },
         {
           data: '                                 Apache License\nVersion 2.0, January 2004\nhttp://www.apache.org/licenses/\n\nTERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n1. Definitions.\n\n"License" shall mean the terms and conditions for use, reproduction,\nand distribution as defined by Sections 1 through 9 of this document.\n\n"Licensor" shall mean the copyright owner or entity authorized by\nthe copyright owner that is granting the License.\n\n"Legal Entity" shall mean the union of the acting entity and all\nother entities that control, are controlled by, or are under common\ncontrol with that entity. For the purposes of this definition,\n"control" means (i) the power, direct or indirect, to cause the\ndirection or management of such entity, whether by contract or\notherwise, or (ii) ownership of fifty percent (50%) or more of the\noutstanding shares, or (iii) beneficial ownership of such entity.\n\n"You" (or "Your") shall mean an individual or Legal Entity\nexercising permissions granted by this License.\n\n"Source" form shall mean the preferred form for making modifications,\nincluding but not limited to software source code, documentation\nsource, and configuration files.\n\n"Object" form shall mean any form resulting from mechanical\ntransformation or translation of a Source form, including but\nnot limited to compiled object code, generated documentation,\nand conversions to other media types.\n\n"Work" shall mean the work of authorship, whether in Source or\nObject form, made available under the License, as indicated by a\ncopyright notice that is included in or attached to the work\n(an example is provided in the Appendix below).\n\n"Derivative Works" shall mean any work, whether in Source or Object\nform, that is based on (or derived from) the Work and for which the\neditorial revisions, annotations, elaborations, or other modifications\nrepresent, as a whole, an original work of authorship. For the purposes\nof this License, Derivative Works shall not include works that remain\nseparable from, or merely link (or bind by name) to the interfaces of,\nthe Work and Derivative Works thereof.\n\n"Contribution" shall mean any work of authorship, including\nthe original version of the Work and any modifications or additions\nto that Work or Derivative Works thereof, that is intentionally\nsubmitted to Licensor for inclusion in the Work by the copyright owner\nor by an individual or Legal Entity authorized to submit on behalf of\nthe copyright owner. For the purposes of this definition, "submitted"\nmeans any form of electronic, verbal, or written communication sent\nto the Licensor or its representatives, including but not limited to\ncommunication on electronic mailing lists, source code control systems,\nand issue tracking systems that are managed by, or on behalf of, the\nLicensor for the purpose of discussing and improving the Work, but\nexcluding communication that is conspicuously marked or otherwise\ndesignated in writing by the copyright owner as "Not a Contribution."\n\n"Contributor" shall mean Licensor and any individual or Legal Entity\non behalf of whom a Contribution has been received by Licensor and\nsubsequently incorporated within the Work.\n\n2. Grant of Copyright License. Subject to the terms and conditions of\nthis License, each Contributor hereby grants to You a perpetual,\nworldwide, non-exclusive, no-charge, royalty-free, irrevocable\ncopyright license to reproduce, prepare Derivative Works of,\npublicly display, publicly perform, sublicense, and distribute the\nWork and such Derivative Works in Source or Object form.\n\n3. Grant of Patent License. Subject to the terms and conditions of\nthis License, each Contributor hereby grants to You a perpetual,\nworldwide, non-exclusive, no-charge, royalty-free, irrevocable\n(except as stated in this section) patent license to make, have made,\nuse, offer to sell, sell, import, and otherwise transfer the Work,\nwhere such license applies only to those patent claims licensable\nby such Contributor that are necessarily infringed by their\nContribution(s) alone or by combination of their Contribution(s)\nwith the Work to which such Contribution(s) was submitted. If You\ninstitute patent litigation against any entity (including a\ncross-claim or counterclaim in a lawsuit) alleging that the Work\nor a Contribution incorporated within the Work constitutes direct\nor contributory patent infringement, then any patent licenses\ngranted to You under this License for that Work shall terminate\nas of the date such litigation is filed.\n\n4. Redistribution. You may reproduce and distribute copies of the\nWork or Derivative Works thereof in any medium, with or without\nmodifications, and in Source or Object form, provided that You\nmeet the following conditions:\n\n(a) You must give any other recipients of the Work or\nDerivative Works a copy of this License; and\n\n(b) You must cause any modified files to carry prominent notices\nstating that You changed the files; and\n\n(c) You must retain, in the Source form of any Derivative Works\nthat You distribute, all copyright, patent, trademark, and\nattribution notices from the Source form of the Work,\nexcluding those notices that do not pertain to any part of\nthe Derivative Works; and\n\n(d) If the Work includes a "NOTICE" text file as part of its\ndistribution, then any Derivative Works that You distribute must\ninclude a readable copy of the attribution notices contained\nwithin such NOTICE file, excluding those notices that do not\npertain to any part of the Derivative Works, in at least one\nof the following places: within a NOTICE text file distributed\nas part of the Derivative Works; within the Source form or\ndocumentation, if provided along with the Derivative Works; or,\nwithin a display generated by the Derivative Works, if and\nwherever such third-party notices normally appear. The contents\nof the NOTICE file are for informational purposes only and\ndo not modify the License. You may add Your own attribution\nnotices within Derivative Works that You distribute, alongside\nor as an addendum to the NOTICE text from the Work, provided\nthat such additional attribution notices cannot be construed\nas modifying the License.\n\nYou may add Your own copyright statement to Your modifications and\nmay provide additional or different license terms and conditions\nfor use, reproduction, or distribution of Your modifications, or\nfor any such Derivative Works as a whole, provided Your use,\nreproduction, and distribution of the Work otherwise complies with\nthe conditions stated in this License.\n\n5. Submission of Contributions. Unless You explicitly state otherwise,\nany Contribution intentionally submitted for inclusion in the Work\nby You to the Licensor shall be under the terms and conditions of\nthis License, without any additional terms or conditions.\nNotwithstanding the above, nothing herein shall supersede or modify\nthe terms of any separate license agreement you may have executed\nwith Licensor regarding such Contributions.\n\n6. Trademarks. This License does not grant permission to use the trade\nnames, trademarks, service marks, or product names of the Licensor,\nexcept as required for reasonable and customary use in describing the\norigin of the Work and reproducing the content of the NOTICE file.\n\n7. Disclaimer of Warranty. Unless required by applicable law or\nagreed to in writing, Licensor provides the Work (and each\nContributor provides its Contributions) on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\nimplied, including, without limitation, any warranties or conditions\nof TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\nPARTICULAR PURPOSE. You are solely responsible for determining the\nappropriateness of using or redistributing the Work and assume any\nrisks associated with Your exercise of permissions under this License.\n\n8. Limitation of Liability. In no event and under no legal theory,\nwhether in tort (including negligence), contract, or otherwise,\nunless required by applicable law (such as deliberate and grossly\nnegligent acts) or agreed to in writing, shall any Contributor be\nliable to You for damages, including any direct, indirect, special,\nincidental, or consequential damages of any character arising as a\nresult of this License or out of the use or inability to use the\nWork (including but not limited to damages for loss of goodwill,\nwork stoppage, computer failure or malfunction, or any and all\nother commercial damages or losses), even if such Contributor\nhas been advised of the possibility of such damages.\n\n9. Accepting Warranty or Additional Liability. While redistributing\nthe Work or Derivative Works thereof, You may choose to offer,\nand charge a fee for, acceptance of support, warranty, indemnity,\nor other liability obligations and/or rights consistent with this\nLicense. However, in accepting such obligations, You may act only\non Your own behalf and on Your sole responsibility, not on behalf\nof any other Contributor, and only if You agree to indemnify,\ndefend, and hold each Contributor harmless for any liability\nincurred by, or claims asserted against, such Contributor by reason\nof your accepting any such warranty or additional liability.\n\nEND OF TERMS AND CONDITIONS\n\nAPPENDIX: How to apply the Apache License to your work.\n\nTo apply the Apache License to your work, attach the following\nboilerplate notice, with the fields enclosed by brackets "[]"\nreplaced with your own identifying information. (Don\'t include\nthe brackets!)  The text should be enclosed in the appropriate\ncomment syntax for the file format. We also recommend that a\nfile or class name and description of purpose be included on the\nsame "printed page" as the copyright notice for easier\nidentification within third-party archives.\n\nCopyright [yyyy] [name of copyright owner]\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n',
diff --git a/unit-tests/data-files/craig-json-routing-tables.json b/unit-tests/data-files/craig-json-routing-tables.json
index 57230a49..8da0fa63 100644
--- a/unit-tests/data-files/craig-json-routing-tables.json
+++ b/unit-tests/data-files/craig-json-routing-tables.json
@@ -905,7 +905,8 @@
       ],
       "vpc": "management",
       "vsi_per_subnet": 2,
-      "resource_group": "slz-management-rg"
+      "resource_group": "slz-management-rg",
+      "reserved_ips": [["",""],["",""],["",""]]
     }
   ],
   "appid": [],
diff --git a/unit-tests/data-files/expected-hard-set.json b/unit-tests/data-files/expected-hard-set.json
index 1ddd13ce..5051e2ad 100644
--- a/unit-tests/data-files/expected-hard-set.json
+++ b/unit-tests/data-files/expected-hard-set.json
@@ -166,43 +166,43 @@
         {
           "vpc": "management",
           "zone": 1,
-          "cidr": "10.10.10.0/24",
-          "name": "vsi-zone-1"
+          "cidr": "10.10.20.0/24",
+          "name": "vpe-zone-1"
         },
         {
           "vpc": "management",
           "zone": 2,
-          "cidr": "10.10.20.0/24",
-          "name": "vsi-zone-2"
+          "cidr": "10.20.20.0/24",
+          "name": "vpe-zone-2"
         },
         {
           "vpc": "management",
           "zone": 3,
-          "cidr": "10.10.30.0/24",
-          "name": "vsi-zone-3"
+          "cidr": "10.30.20.0/24",
+          "name": "vpe-zone-3"
         },
         {
           "vpc": "management",
           "zone": 1,
-          "cidr": "10.20.10.0/24",
-          "name": "vpe-zone-1"
+          "cidr": "10.10.10.0/24",
+          "name": "vsi-zone-1"
         },
         {
           "vpc": "management",
           "zone": 2,
-          "cidr": "10.20.20.0/24",
-          "name": "vpe-zone-2"
+          "cidr": "10.20.10.0/24",
+          "name": "vsi-zone-2"
         },
         {
           "vpc": "management",
           "zone": 3,
-          "cidr": "10.20.30.0/24",
-          "name": "vpe-zone-3"
+          "cidr": "10.30.10.0/24",
+          "name": "vsi-zone-3"
         },
         {
           "vpc": "management",
           "zone": 1,
-          "cidr": "10.30.10.0/24",
+          "cidr": "10.10.30.0/24",
           "name": "vpn-zone-1"
         }
       ],
@@ -1061,7 +1061,8 @@
       "vpc": "management",
       "vsi_per_subnet": 2,
       "resource_group": "slz-management-rg",
-      "user_data": null
+      "user_data": null,
+      "reserved_ips": [["",""],["",""],["",""]]
     }
   ],
   "appid": [],
diff --git a/unit-tests/forms/disable-save.test.js b/unit-tests/forms/disable-save.test.js
index 6d027f49..590e94c8 100644
--- a/unit-tests/forms/disable-save.test.js
+++ b/unit-tests/forms/disable-save.test.js
@@ -11,6 +11,60 @@ describe("disableSave", () => {
   it("should otherwise return false", () => {
     assert.isFalse(disableSave("pretend_field", {}, {}), "it should be false");
   });
+  describe("clusters", () => {
+    it("should return true if a cluster worker pool has an invalid name", () => {
+      assert.isTrue(
+        disableSave(
+          "worker_pools",
+          {
+            name: "a--",
+          },
+          {
+            craig: state(),
+            data: {
+              name: "mm",
+            },
+          }
+        ),
+        "it should be true"
+      );
+    });
+    it("should return true if a secrets group is an invalid duplicate name", () => {
+      let tempCraig = state();
+      tempCraig.store = {
+        json: {
+          clusters: [
+            {
+              name: "frog",
+              opaque_secrets: [
+                {
+                  name: "a",
+                  secrets_group: "duplicate",
+                },
+              ],
+            },
+          ],
+        },
+      };
+
+      assert.isTrue(
+        disableSave(
+          "opaque_secrets",
+          {
+            name: "frog",
+            secrets_group: "duplicate",
+          },
+          {
+            craig: tempCraig,
+            data: {
+              name: "mm",
+            },
+          }
+        ),
+        "it should be true"
+      );
+    });
+  });
   describe("security groups", () => {
     describe("rules", () => {
       it("should return true if security group rule has invalid name", () => {
diff --git a/unit-tests/forms/dynamic-form-fields/craig-form-group.test.js b/unit-tests/forms/dynamic-form-fields/craig-form-group.test.js
index 8f7bb684..6bf37f7b 100644
--- a/unit-tests/forms/dynamic-form-fields/craig-form-group.test.js
+++ b/unit-tests/forms/dynamic-form-fields/craig-form-group.test.js
@@ -347,4 +347,291 @@ describe("dynamicCraigFormGroupsProps", () => {
       "it should return correct props"
     );
   });
+  it("should return for cos when no activity_tracking", () => {
+    let actualData = dynamicCraigFormGroupsProps(
+      {
+        form: {
+          groups: [
+            {
+              name: craig.object_storage.buckets.name,
+              storage_class: craig.object_storage.buckets.storage_class,
+              kms_key: craig.object_storage.buckets.kms_key,
+            },
+            {
+              force_delete: craig.object_storage.buckets.force_delete,
+            },
+            {
+              activity_tracking: craig.object_storage.buckets.activity_tracking,
+              metrics_monitoring:
+                craig.object_storage.buckets.metrics_monitoring,
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Activity Tracking",
+                className: "marginBottomSmall",
+              },
+              hideWhen: craig.object_storage.buckets.read_data_events.hideWhen,
+            },
+            {
+              read_data_events: craig.object_storage.buckets.read_data_events,
+              write_data_events: craig.object_storage.buckets.write_data_events,
+              activity_tracking_crn:
+                craig.object_storage.buckets.activity_tracking_crn,
+              className: "subForm",
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Metrics Monitoring",
+                className: "marginBottomSmall",
+              },
+              hideWhen:
+                craig.object_storage.buckets.request_metrics_enabled.hideWhen,
+            },
+            {
+              request_metrics_enabled:
+                craig.object_storage.buckets.request_metrics_enabled,
+              usage_metrics_enabled:
+                craig.object_storage.buckets.usage_metrics_enabled,
+              metrics_monitoring_crn:
+                craig.object_storage.buckets.metrics_monitoring_crn,
+              className: "subForm",
+            },
+          ],
+        },
+        data: {
+          name: "frog",
+        },
+      },
+      4,
+      {}
+    );
+    assert.deepEqual(
+      actualData,
+      { key: "frog-group-4", noMarginBottom: true },
+      "it should have correct data"
+    );
+  });
+  it("should return for cos when activity_tracking", () => {
+    let actualData = dynamicCraigFormGroupsProps(
+      {
+        form: {
+          groups: [
+            {
+              name: craig.object_storage.buckets.name,
+              storage_class: craig.object_storage.buckets.storage_class,
+              kms_key: craig.object_storage.buckets.kms_key,
+            },
+            {
+              force_delete: craig.object_storage.buckets.force_delete,
+            },
+            {
+              activity_tracking: craig.object_storage.buckets.activity_tracking,
+              metrics_monitoring:
+                craig.object_storage.buckets.metrics_monitoring,
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Activity Tracking",
+                className: "marginBottomSmall",
+              },
+              hideWhen: craig.object_storage.buckets.read_data_events.hideWhen,
+            },
+            {
+              read_data_events: craig.object_storage.buckets.read_data_events,
+              write_data_events: craig.object_storage.buckets.write_data_events,
+              activity_tracking_crn:
+                craig.object_storage.buckets.activity_tracking_crn,
+              className: "subForm",
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Metrics Monitoring",
+                className: "marginBottomSmall",
+              },
+              hideWhen:
+                craig.object_storage.buckets.request_metrics_enabled.hideWhen,
+            },
+            {
+              request_metrics_enabled:
+                craig.object_storage.buckets.request_metrics_enabled,
+              usage_metrics_enabled:
+                craig.object_storage.buckets.usage_metrics_enabled,
+              metrics_monitoring_crn:
+                craig.object_storage.buckets.metrics_monitoring_crn,
+              className: "subForm",
+            },
+          ],
+        },
+        data: {
+          name: "frog",
+        },
+        craig: craig,
+      },
+      4,
+      {
+        activity_tracking: true,
+      }
+    );
+    assert.deepEqual(
+      actualData,
+      {
+        key: "frog-group-4",
+        noMarginBottom: true,
+        className: "subForm marginBottomNone",
+      },
+      "it should have correct data"
+    );
+  });
+  it("should return for cos when activity_tracking and metrics monitoring for metrics", () => {
+    let actualData = dynamicCraigFormGroupsProps(
+      {
+        form: {
+          groups: [
+            {
+              name: craig.object_storage.buckets.name,
+              storage_class: craig.object_storage.buckets.storage_class,
+              kms_key: craig.object_storage.buckets.kms_key,
+            },
+            {
+              force_delete: craig.object_storage.buckets.force_delete,
+            },
+            {
+              activity_tracking: craig.object_storage.buckets.activity_tracking,
+              metrics_monitoring:
+                craig.object_storage.buckets.metrics_monitoring,
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Activity Tracking",
+                className: "marginBottomSmall",
+              },
+              hideWhen: craig.object_storage.buckets.read_data_events.hideWhen,
+            },
+            {
+              read_data_events: craig.object_storage.buckets.read_data_events,
+              write_data_events: craig.object_storage.buckets.write_data_events,
+              activity_tracking_crn:
+                craig.object_storage.buckets.activity_tracking_crn,
+              className: "subForm",
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Metrics Monitoring",
+                className: "marginBottomSmall",
+              },
+              hideWhen:
+                craig.object_storage.buckets.request_metrics_enabled.hideWhen,
+            },
+            {
+              request_metrics_enabled:
+                craig.object_storage.buckets.request_metrics_enabled,
+              usage_metrics_enabled:
+                craig.object_storage.buckets.usage_metrics_enabled,
+              metrics_monitoring_crn:
+                craig.object_storage.buckets.metrics_monitoring_crn,
+              className: "subForm",
+            },
+          ],
+        },
+        data: {
+          name: "frog",
+        },
+        craig: craig,
+      },
+      6,
+      {
+        activity_tracking: true,
+        metrics_monitoring: true,
+      }
+    );
+    assert.deepEqual(
+      actualData,
+      {
+        key: "frog-group-6",
+        noMarginBottom: true,
+        className: "subForm marginBottomNone",
+      },
+      "it should have correct data"
+    );
+  });
+  it("should return for cos when activity_tracking and metrics monitoring for activity tracking", () => {
+    let actualData = dynamicCraigFormGroupsProps(
+      {
+        form: {
+          groups: [
+            {
+              name: craig.object_storage.buckets.name,
+              storage_class: craig.object_storage.buckets.storage_class,
+              kms_key: craig.object_storage.buckets.kms_key,
+            },
+            {
+              force_delete: craig.object_storage.buckets.force_delete,
+            },
+            {
+              activity_tracking: craig.object_storage.buckets.activity_tracking,
+              metrics_monitoring:
+                craig.object_storage.buckets.metrics_monitoring,
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Activity Tracking",
+                className: "marginBottomSmall",
+              },
+              hideWhen: craig.object_storage.buckets.read_data_events.hideWhen,
+            },
+            {
+              read_data_events: craig.object_storage.buckets.read_data_events,
+              write_data_events: craig.object_storage.buckets.write_data_events,
+              activity_tracking_crn:
+                craig.object_storage.buckets.activity_tracking_crn,
+              className: "subForm",
+            },
+            {
+              heading: {
+                type: "subHeading",
+                name: "Metrics Monitoring",
+                className: "marginBottomSmall",
+              },
+              hideWhen:
+                craig.object_storage.buckets.request_metrics_enabled.hideWhen,
+            },
+            {
+              request_metrics_enabled:
+                craig.object_storage.buckets.request_metrics_enabled,
+              usage_metrics_enabled:
+                craig.object_storage.buckets.usage_metrics_enabled,
+              metrics_monitoring_crn:
+                craig.object_storage.buckets.metrics_monitoring_crn,
+              className: "subForm",
+            },
+          ],
+        },
+        data: {
+          name: "frog",
+        },
+        craig: craig,
+      },
+      4,
+      {
+        activity_tracking: true,
+        metrics_monitoring: true,
+      }
+    );
+    assert.deepEqual(
+      actualData,
+      {
+        key: "frog-group-4",
+        noMarginBottom: false,
+        className: "subForm",
+      },
+      "it should have correct data"
+    );
+  });
 });
diff --git a/unit-tests/forms/wizard.test.js b/unit-tests/forms/wizard.test.js
index 6911059f..a58375fb 100644
--- a/unit-tests/forms/wizard.test.js
+++ b/unit-tests/forms/wizard.test.js
@@ -57,7 +57,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -975,7 +975,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -1892,7 +1892,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -2403,7 +2403,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -2905,7 +2905,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -3484,7 +3484,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         no_vpn_secrets_manager_auth: false,
       },
       resource_groups: [
@@ -3654,7 +3654,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -4225,7 +4225,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -4770,7 +4770,7 @@ describe("setup wizard", () => {
         enable_power_vs: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -5320,7 +5320,7 @@ describe("setup wizard", () => {
         enable_classic: false,
         enable_classic: false,
         power_vs_zones: [],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         no_vpn_secrets_manager_auth: false,
       },
       resource_groups: [
@@ -5812,7 +5812,7 @@ describe("setup wizard", () => {
         enable_power_vs: true,
         enable_classic: false,
         power_vs_zones: ["dal10"],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -6314,7 +6314,7 @@ describe("setup wizard", () => {
         enable_power_vs: true,
         enable_classic: false,
         power_vs_zones: ["dal10"],
-        craig_version: "1.14.1",
+        craig_version: "1.15.0",
         power_vs_high_availability: false,
         no_vpn_secrets_manager_auth: false,
       },
@@ -6411,6 +6411,7 @@ describe("setup wizard", () => {
           default_network_acl_name: null,
           default_routing_table_name: null,
           default_security_group_name: null,
+          is_edge_vpc: true,
           publicGateways: [],
           address_prefixes: [
             { vpc: "edge", zone: 1, cidr: "10.5.0.0/16", name: "edge-zone-1" },
@@ -6726,8 +6727,14 @@ describe("setup wizard", () => {
             {
               vpc: "workload",
               zone: 1,
-              name: "workload-zone-1",
-              cidr: "10.40.0.0/22",
+              name: "vsi-zone-1",
+              cidr: "10.40.0.0/28",
+            },
+            {
+              vpc: "workload",
+              zone: 1,
+              name: "vpe-zone-1",
+              cidr: "10.40.0.32/29",
             },
           ],
           subnets: [
diff --git a/unit-tests/json-to-iac/key-management.test.js b/unit-tests/json-to-iac/key-management.test.js
index b6f4445b..4ef5071a 100644
--- a/unit-tests/json-to-iac/key-management.test.js
+++ b/unit-tests/json-to-iac/key-management.test.js
@@ -867,6 +867,100 @@ resource "ibm_kms_key" "kms_key_key" {
   ]
 }
 
+##############################################################################
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return terraform code"
+      );
+    });
+    it("should create code for one instance from configuration file with no rotation for standard keys and no key ring", () => {
+      let actualData = kmsTf({
+        _options: {
+          region: "us-south",
+          tags: ["hello", "world"],
+          prefix: "iac",
+          endpoints: "private",
+        },
+        resource_groups: [
+          {
+            use_data: false,
+            name: "slz-service-rg",
+          },
+        ],
+        key_management: [
+          {
+            name: "kms",
+            service: "kms",
+            resource_group: "slz-service-rg",
+            authorize_vpc_reader_role: true,
+            use_data: false,
+            use_hs_crypto: false,
+            keys: [
+              {
+                name: "key",
+                root_key: false,
+                key_ring: null,
+                force_delete: false,
+                endpoint: null,
+                rotation: 1,
+                dual_auth_delete: false,
+              },
+            ],
+          },
+        ],
+      });
+      let expectedData = `##############################################################################
+# Key Management Instance Kms
+##############################################################################
+
+resource "ibm_resource_instance" "kms" {
+  name              = "\${var.prefix}-kms"
+  resource_group_id = ibm_resource_group.slz_service_rg.id
+  service           = "kms"
+  plan              = "tiered-pricing"
+  location          = var.region
+  tags = [
+    "hello",
+    "world"
+  ]
+}
+
+resource "ibm_iam_authorization_policy" "kms_server_protect_policy" {
+  source_service_name         = "server-protect"
+  target_service_name         = "kms"
+  target_resource_instance_id = ibm_resource_instance.kms.guid
+  description                 = "Allow block storage volumes to be encrypted by Key Management instance."
+  roles = [
+    "Reader"
+  ]
+}
+
+resource "ibm_iam_authorization_policy" "kms_block_storage_policy" {
+  source_service_name         = "is"
+  target_service_name         = "kms"
+  target_resource_instance_id = ibm_resource_instance.kms.guid
+  description                 = "Allow block storage volumes to be encrypted by Key Management instance."
+  source_resource_type        = "share"
+  roles = [
+    "Reader",
+    "Authorization Delegator"
+  ]
+}
+
+resource "ibm_kms_key" "kms_key_key" {
+  instance_id   = ibm_resource_instance.kms.guid
+  key_name      = "\${var.prefix}-kms-key"
+  standard_key  = true
+  force_delete  = false
+  endpoint_type = "private"
+  depends_on = [
+    ibm_iam_authorization_policy.kms_server_protect_policy,
+    ibm_iam_authorization_policy.kms_block_storage_policy
+  ]
+}
+
 ##############################################################################
 `;
       assert.deepEqual(
diff --git a/unit-tests/json-to-iac/object-storage.test.js b/unit-tests/json-to-iac/object-storage.test.js
index 2535ca77..2377dd4e 100644
--- a/unit-tests/json-to-iac/object-storage.test.js
+++ b/unit-tests/json-to-iac/object-storage.test.js
@@ -8,8 +8,6 @@ const {
   cosTf,
 } = require("../../client/src/lib/json-to-iac/object-storage");
 
-// add object-storage
-
 describe("object storage", () => {
   describe("formatCosInstance", () => {
     it("should create an object storage resource instance", () => {
@@ -1149,7 +1147,88 @@ resource "ibm_cos_bucket" "cos_object_storage_bucket_bucket" {
   region_location      = var.region
   key_protect          = ibm_kms_key.kms_key_key.crn
   metrics_monitoring {
-    metrics_monitoring_crn  = "metrics_monitoring"
+    metrics_monitoring_crn  = ibm_resource_instance.sysdig.crn
+    usage_metrics_enabled   = true
+    request_metrics_enabled = true
+  }
+  depends_on = [
+    ibm_iam_authorization_policy.cos_cos_to_kms_kms_policy
+  ]
+}
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return cos bucket tf"
+      );
+    });
+    it("should create cos bucket terraform code from data source with random suffix and metrics monitoring from crn", () => {
+      let actualData = formatCosBucket(
+        {
+          force_delete: true,
+          kms_key: "key",
+          name: "bucket",
+          storage_class: "standard",
+          metrics_monitoring: true,
+          metrics_monitoring_crn: "crn",
+          usage_metrics_enabled: true,
+          request_metrics_enabled: true,
+        },
+        {
+          name: "cos",
+          plan: "standard",
+          resource_group: "slz-service-rg",
+          use_random_suffix: true,
+          use_data: true,
+          kms: "kms",
+        },
+        {
+          _options: {
+            endpoints: "public",
+            region: "us-south",
+            tags: ["hello", "world"],
+            prefix: "iac",
+          },
+          resource_groups: [
+            {
+              use_data: false,
+              name: "slz-service-rg",
+            },
+          ],
+          key_management: [
+            {
+              name: "kms",
+              service: "kms",
+              resource_group: "slz-service-rg",
+              authorize_vpc_reader_role: true,
+              use_data: true,
+              use_hs_crypto: true,
+              keys: [
+                {
+                  name: "key",
+                  root_key: true,
+                  key_ring: "test",
+                  force_delete: true,
+                  endpoint: "private",
+                  rotation: 12,
+                  dual_auth_delete: true,
+                },
+              ],
+            },
+          ],
+        }
+      );
+      let expectedData = `
+resource "ibm_cos_bucket" "cos_object_storage_bucket_bucket" {
+  bucket_name          = "\${var.prefix}-cos-bucket-\${random_string.cos_random_suffix.result}"
+  resource_instance_id = data.ibm_resource_instance.cos_object_storage.id
+  storage_class        = "standard"
+  endpoint_type        = "public"
+  force_delete         = true
+  region_location      = var.region
+  key_protect          = ibm_kms_key.kms_key_key.crn
+  metrics_monitoring {
+    metrics_monitoring_crn  = "crn"
     usage_metrics_enabled   = true
     request_metrics_enabled = true
   }
@@ -1171,7 +1250,87 @@ resource "ibm_cos_bucket" "cos_object_storage_bucket_bucket" {
           kms_key: "key",
           name: "bucket",
           storage_class: "standard",
-          atracker: "atracker",
+          activity_tracking: true,
+          read_data_events: true,
+          write_data_events: true,
+          activity_tracking_crn: "crn",
+        },
+        {
+          name: "cos",
+          plan: "standard",
+          resource_group: "slz-service-rg",
+          use_random_suffix: true,
+          use_data: true,
+          kms: "kms",
+        },
+        {
+          _options: {
+            region: "us-south",
+            tags: ["hello", "world"],
+            prefix: "iac",
+            endpoints: "public",
+          },
+          resource_groups: [
+            {
+              use_data: false,
+              name: "slz-service-rg",
+            },
+          ],
+          key_management: [
+            {
+              name: "kms",
+              service: "kms",
+              resource_group: "slz-service-rg",
+              authorize_vpc_reader_role: true,
+              use_data: true,
+              use_hs_crypto: true,
+              keys: [
+                {
+                  name: "key",
+                  root_key: true,
+                  key_ring: "test",
+                  force_delete: true,
+                  rotation: 12,
+                  dual_auth_delete: true,
+                },
+              ],
+            },
+          ],
+        }
+      );
+      let expectedData = `
+resource "ibm_cos_bucket" "cos_object_storage_bucket_bucket" {
+  bucket_name          = "\${var.prefix}-cos-bucket-\${random_string.cos_random_suffix.result}"
+  resource_instance_id = data.ibm_resource_instance.cos_object_storage.id
+  storage_class        = "standard"
+  endpoint_type        = "public"
+  force_delete         = true
+  region_location      = var.region
+  key_protect          = ibm_kms_key.kms_key_key.crn
+  activity_tracking {
+    read_data_events     = true
+    write_data_events    = true
+    activity_tracker_crn = "crn"
+  }
+  depends_on = [
+    ibm_iam_authorization_policy.cos_cos_to_kms_kms_policy
+  ]
+}
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return cos bucket tf"
+      );
+    });
+    it("should create cos bucket terraform code from data source with random suffix and activity tracking from crn", () => {
+      let actualData = formatCosBucket(
+        {
+          force_delete: true,
+          kms_key: "key",
+          name: "bucket",
+          storage_class: "standard",
+          activity_tracking: "atracker",
           read_data_events: true,
           write_data_events: true,
         },
@@ -1230,7 +1389,7 @@ resource "ibm_cos_bucket" "cos_object_storage_bucket_bucket" {
   activity_tracking {
     read_data_events     = true
     write_data_events    = true
-    activity_tracker_crn = "atracker"
+    activity_tracker_crn = ibm_resource_instance.atracker.crn
   }
   depends_on = [
     ibm_iam_authorization_policy.cos_cos_to_kms_kms_policy
diff --git a/unit-tests/json-to-iac/routing-table.test.js b/unit-tests/json-to-iac/routing-table.test.js
index 839deac1..c4f7207a 100644
--- a/unit-tests/json-to-iac/routing-table.test.js
+++ b/unit-tests/json-to-iac/routing-table.test.js
@@ -30,6 +30,81 @@ resource "ibm_is_vpc_routing_table" "management_vpc_routing_table_table" {
   route_transit_gateway_ingress = true
   route_vpc_zone_ingress        = true
 }
+`;
+
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct terraform"
+      );
+    });
+    it("should format a routing table with vpc from data", () => {
+      let actualData = formatRoutingTable(
+        {
+          vpc: "management",
+          name: "routing-table",
+          route_direct_link_ingress: true,
+          transit_gateway_ingress: true,
+          route_vpc_zone_ingress: true,
+        },
+        {
+          _options: {
+            prefix: "iac",
+          },
+          vpcs: [
+            {
+              name: "workload",
+            },
+            {
+              name: "management",
+              use_data: true,
+            },
+          ],
+        }
+      );
+      let expectedData = `
+resource "ibm_is_vpc_routing_table" "management_vpc_routing_table_table" {
+  name                          = "\${var.prefix}-management-vpc-routing-table-table"
+  vpc                           = data.ibm_is_vpc.management_vpc.id
+  route_direct_link_ingress     = true
+  route_transit_gateway_ingress = true
+  route_vpc_zone_ingress        = true
+}
+`;
+
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct terraform"
+      );
+    });
+    it("should format a routing table with advertised routes", () => {
+      let actualData = formatRoutingTable(
+        {
+          vpc: "management",
+          name: "routing-table",
+          route_direct_link_ingress: true,
+          transit_gateway_ingress: true,
+          route_vpc_zone_ingress: true,
+          advertise_routes_to: ["vpn_server"],
+        },
+        {
+          _options: {
+            prefix: "iac",
+          },
+        }
+      );
+      let expectedData = `
+resource "ibm_is_vpc_routing_table" "management_vpc_routing_table_table" {
+  name                          = "\${var.prefix}-management-vpc-routing-table-table"
+  vpc                           = ibm_is_vpc.management_vpc.id
+  route_direct_link_ingress     = true
+  route_transit_gateway_ingress = true
+  route_vpc_zone_ingress        = true
+  advertise_routes_to = [
+    "vpn_server"
+  ]
+}
 `;
 
       assert.deepEqual(
@@ -67,6 +142,44 @@ resource "ibm_is_vpc_routing_table_route" "management_vpc_routing_table_table_te
   action        = "delegate"
   next_hop      = "0.0.0.0"
 }
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct terraform"
+      );
+    });
+    it("should format routing table route with advertise and priority", () => {
+      let actualData = formatRoutingTableRoute(
+        {
+          vpc: "management",
+          routing_table: "routing-table",
+          name: "test-route",
+          zone: 1,
+          destination: "1.2.3.4/5",
+          action: "delegate",
+          advertise: true,
+          priority: "0",
+        },
+        {
+          _options: {
+            region: "us-south",
+            prefix: "iac",
+          },
+        }
+      );
+      let expectedData = `
+resource "ibm_is_vpc_routing_table_route" "management_vpc_routing_table_table_test_route_route" {
+  vpc           = ibm_is_vpc.management_vpc.id
+  routing_table = ibm_is_vpc_routing_table.management_vpc_routing_table_table.routing_table
+  zone          = "\${var.region}-1"
+  name          = "\${var.prefix}-management-routing-table-test-route-route"
+  destination   = "1.2.3.4/5"
+  action        = "delegate"
+  next_hop      = "0.0.0.0"
+  advertise     = true
+  priority      = "0"
+}
 `;
       assert.deepEqual(
         actualData,
diff --git a/unit-tests/json-to-iac/vsi.test.js b/unit-tests/json-to-iac/vsi.test.js
index 1f1aedd6..928ed51b 100644
--- a/unit-tests/json-to-iac/vsi.test.js
+++ b/unit-tests/json-to-iac/vsi.test.js
@@ -1561,10 +1561,12 @@ resource "ibm_is_instance" "management_vpc_management_server_vsi_3_2" {
           security_groups: ["management-vpe-sg"],
           ssh_keys: ["slz-ssh-key"],
           subnets: ["vsi-zone-1", "vsi-zone-2", "vsi-zone-3"],
+          reserved_ips: [[""], [""], [""]],
           vpc: "management",
           vsi_per_subnet: 2,
           resource_group: "slz-management-rg",
           snapshot: "example-snapshot",
+          enable_static_ips: true,
         },
       ];
       let actualData = vsiTf(nw);
@@ -1751,6 +1753,7 @@ resource "ibm_is_instance" "management_vpc_management_server_vsi_3_2" {
           vsi_per_subnet: 1,
           resource_group: "slz-management-rg",
           reserved_ips: [["1.2.3.4"], ["5.6.7.8"], ["9.10.11.12"]],
+          enable_static_ips: true,
         },
       ];
       let actualData = vsiTf(nw);
@@ -1870,6 +1873,123 @@ resource "ibm_is_instance" "management_vpc_management_server_vsi_3_1" {
   ]
 }
 
+##############################################################################
+`;
+      assert.deepEqual(
+        actualData,
+        expectedData,
+        "it should return correct data"
+      );
+    });
+    it("should not render reserved ips when not enabled", () => {
+      let nw = {};
+      transpose(slzNetwork, nw);
+      nw.vsi = [
+        {
+          kms: "slz-kms",
+          encryption_key: "slz-vsi-volume-key",
+          image: "ibm-ubuntu-22-04-1-minimal-amd64-1",
+          profile: "cx2-4x8",
+          name: "management-server",
+          security_groups: ["management-vpe-sg"],
+          ssh_keys: ["slz-ssh-key"],
+          subnets: ["vsi-zone-1", "vsi-zone-2", "vsi-zone-3"],
+          vpc: "management",
+          vsi_per_subnet: 1,
+          resource_group: "slz-management-rg",
+          reserved_ips: [["1.2.3.4"], ["5.6.7.8"], ["9.10.11.12"]],
+        },
+      ];
+      let actualData = vsiTf(nw);
+      let expectedData = `##############################################################################
+# Image Data Sources
+##############################################################################
+
+data "ibm_is_image" "ibm_ubuntu_22_04_1_minimal_amd64_1" {
+  name = "ibm-ubuntu-22-04-1-minimal-amd64-1"
+}
+
+##############################################################################
+
+##############################################################################
+# Management VPC Management Server Deployment
+##############################################################################
+
+resource "ibm_is_instance" "management_vpc_management_server_vsi_1_1" {
+  name           = "\${var.prefix}-management-management-server-vsi-zone-1-1"
+  image          = data.ibm_is_image.ibm_ubuntu_22_04_1_minimal_amd64_1.id
+  profile        = "cx2-4x8"
+  resource_group = ibm_resource_group.slz_management_rg.id
+  vpc            = module.management_vpc.id
+  zone           = "\${var.region}-1"
+  tags = [
+    "slz",
+    "landing-zone"
+  ]
+  primary_network_interface {
+    subnet = module.management_vpc.vsi_zone_1_id
+    security_groups = [
+      module.management_vpc.management_vpe_sg_id
+    ]
+  }
+  boot_volume {
+    encryption = ibm_kms_key.slz_kms_slz_vsi_volume_key_key.crn
+  }
+  keys = [
+    ibm_is_ssh_key.slz_ssh_key.id
+  ]
+}
+
+resource "ibm_is_instance" "management_vpc_management_server_vsi_2_1" {
+  name           = "\${var.prefix}-management-management-server-vsi-zone-2-1"
+  image          = data.ibm_is_image.ibm_ubuntu_22_04_1_minimal_amd64_1.id
+  profile        = "cx2-4x8"
+  resource_group = ibm_resource_group.slz_management_rg.id
+  vpc            = module.management_vpc.id
+  zone           = "\${var.region}-2"
+  tags = [
+    "slz",
+    "landing-zone"
+  ]
+  primary_network_interface {
+    subnet = module.management_vpc.vsi_zone_2_id
+    security_groups = [
+      module.management_vpc.management_vpe_sg_id
+    ]
+  }
+  boot_volume {
+    encryption = ibm_kms_key.slz_kms_slz_vsi_volume_key_key.crn
+  }
+  keys = [
+    ibm_is_ssh_key.slz_ssh_key.id
+  ]
+}
+
+resource "ibm_is_instance" "management_vpc_management_server_vsi_3_1" {
+  name           = "\${var.prefix}-management-management-server-vsi-zone-3-1"
+  image          = data.ibm_is_image.ibm_ubuntu_22_04_1_minimal_amd64_1.id
+  profile        = "cx2-4x8"
+  resource_group = ibm_resource_group.slz_management_rg.id
+  vpc            = module.management_vpc.id
+  zone           = "\${var.region}-3"
+  tags = [
+    "slz",
+    "landing-zone"
+  ]
+  primary_network_interface {
+    subnet = module.management_vpc.vsi_zone_3_id
+    security_groups = [
+      module.management_vpc.management_vpe_sg_id
+    ]
+  }
+  boot_volume {
+    encryption = ibm_kms_key.slz_kms_slz_vsi_volume_key_key.crn
+  }
+  keys = [
+    ibm_is_ssh_key.slz_ssh_key.id
+  ]
+}
+
 ##############################################################################
 `;
       assert.deepEqual(
diff --git a/unit-tests/state/atracker.test.js b/unit-tests/state/atracker.test.js
index 6d824a0e..97f7fbb4 100644
--- a/unit-tests/state/atracker.test.js
+++ b/unit-tests/state/atracker.test.js
@@ -135,7 +135,7 @@ describe("atracker", () => {
             craig: craig,
           }
         ),
-        "iac-atracker",
+        "iac-us-south-atracker",
         "it should return correct text"
       );
     });
diff --git a/unit-tests/state/clusters.test.js b/unit-tests/state/clusters.test.js
index 76c47a89..51dcab68 100644
--- a/unit-tests/state/clusters.test.js
+++ b/unit-tests/state/clusters.test.js
@@ -373,6 +373,52 @@ describe("clusters", () => {
     });
   });
   describe("clusters.schema", () => {
+    describe("clusters.name.invalid", () => {
+      it("should be invalid when cluster name length is greater than 32", () => {
+        assert.isTrue(
+          craig.clusters.name.invalid(
+            { name: "a-super-long-name-yes" },
+            {
+              vpc_name: "vpc",
+              craig: {
+                store: {
+                  json: {
+                    _options: {
+                      prefix: "iac",
+                    },
+                    clusters: [],
+                  },
+                },
+              },
+            }
+          ),
+          "should be invalid"
+        );
+      });
+    });
+    describe("clusters.name.invalidText", () => {
+      it("should return correct text when name is longer than 32 characters", () => {
+        assert.deepEqual(
+          craig.clusters.name.invalidText(
+            { name: "a-super-long-name-yes" },
+            {
+              vpc_name: "vpc",
+              craig: {
+                store: {
+                  json: {
+                    _options: {
+                      prefix: "iac",
+                    },
+                    clusters: [],
+                  },
+                },
+              },
+            }
+          ),
+          "Cluster names must be 32 or fewer characters including the environment prefix and suffix"
+        );
+      });
+    });
     describe("clusters.name.helperText", () => {
       it("should return correct text", () => {
         assert.deepEqual(
@@ -433,6 +479,20 @@ describe("clusters", () => {
         "it should return correct data"
       );
     });
+    it("should be not have invalid cos when openshift", () => {
+      assert.isFalse(
+        craig.clusters.cos.invalid({}),
+        "it should not be invalid"
+      );
+    });
+    it("should be have invalid cos when openshift and not selected", () => {
+      assert.isFalse(
+        craig.clusters.cos.invalid({
+          kube_type: "openshift",
+        }),
+        "it should not be invalid"
+      );
+    });
     it("should return correct groups for cos", () => {
       assert.deepEqual(
         craig.clusters.cos.groups({}, { craig: craig }),
@@ -665,6 +725,42 @@ describe("clusters", () => {
       });
     });
     describe("clusters.opaque_secrets.schema", () => {
+      it("should have invalid expiration date", () => {
+        assert.isTrue(
+          craig.clusters.opaque_secrets.expiration_date.invalid({}),
+          "it should be invalid"
+        );
+      });
+      it("should have invalid username_password_secret_description", () => {
+        assert.isTrue(
+          craig.clusters.opaque_secrets.username_password_secret_description.invalid(
+            {
+              username_password_secret_description: "@@@",
+            }
+          ),
+          "it should be invalid"
+        );
+      });
+      it("should have invalid arbitrary_secret_description", () => {
+        assert.isTrue(
+          craig.clusters.opaque_secrets.arbitrary_secret_description.invalid({
+            arbitrary_secret_description: "@@@",
+          }),
+          "it should be invalid"
+        );
+      });
+      it("should have correct invalid values", () => {
+        assert.isTrue(
+          craig.clusters.opaque_secrets.labels.invalid({}),
+          "it should be invalid"
+        );
+        assert.isTrue(
+          craig.clusters.opaque_secrets.labels.invalid({
+            labels: ["@!@@"],
+          }),
+          "it should be invalid"
+        );
+      });
       it("should return true if arbitrary_secret_name has empty string as name", () => {
         let actualData =
           craig.clusters.opaque_secrets.arbitrary_secret_name.invalid(
diff --git a/unit-tests/state/object-storage.test.js b/unit-tests/state/object-storage.test.js
index d2002a5d..2b04bd61 100644
--- a/unit-tests/state/object-storage.test.js
+++ b/unit-tests/state/object-storage.test.js
@@ -258,7 +258,7 @@ describe("object_storage", () => {
             use_data: true,
             name: "test",
           }),
-          "test",
+          "test-object-storage",
           "it should display data"
         );
       });
@@ -278,7 +278,7 @@ describe("object_storage", () => {
               },
             }
           ),
-          "test-test-<random-suffix>",
+          "test-test-object-storage-<random-suffix>",
           "it should display data"
         );
       });
@@ -298,7 +298,7 @@ describe("object_storage", () => {
               },
             }
           ),
-          "test-test",
+          "test-test-object-storage",
           "it should display data"
         );
       });
@@ -518,6 +518,198 @@ describe("object_storage", () => {
           ],
         };
       });
+      it("should return correct name helper text", () => {
+        assert.deepEqual(
+          craig.object_storage.buckets.name.helperText(
+            {
+              name: "yes",
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    _options: {
+                      prefix: "test",
+                    },
+                  },
+                },
+              },
+              arrayParentName: "test",
+              parent: {},
+            }
+          ),
+          "test-test-yes",
+          "it should have correct helper text"
+        );
+        assert.deepEqual(
+          craig.object_storage.buckets.name.helperText(
+            {
+              name: "yes",
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    _options: {
+                      prefix: "test",
+                    },
+                  },
+                },
+              },
+              arrayParentName: "test",
+              parent: {
+                use_random_suffix: true,
+              },
+            }
+          ),
+          "test-test-yes-<random-suffix>",
+          "it should have correct helper text with random suffix"
+        );
+      });
+      it("should hide activity_tracking_crn", () => {
+        assert.isTrue(
+          craig.object_storage.buckets.activity_tracking_crn.hideWhen({}),
+          "it should be hidden"
+        );
+        assert.isTrue(
+          craig.object_storage.buckets.activity_tracking_crn.hideWhen(
+            {
+              activity_tracking: true,
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    atracker: {
+                      instance: true,
+                    },
+                  },
+                },
+              },
+            }
+          ),
+          "it should be hidden when creating atracker instance"
+        );
+      });
+      it("should have invalid activity_tracking_crn", () => {
+        assert.isFalse(
+          craig.object_storage.buckets.activity_tracking_crn.invalid({}),
+          "it should not be invalid"
+        );
+        assert.isFalse(
+          craig.object_storage.buckets.activity_tracking_crn.invalid(
+            {
+              activity_tracking: true,
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    atracker: {
+                      instance: true,
+                    },
+                  },
+                },
+              },
+            }
+          ),
+          "it should not be invalid when creating atracker instance"
+        );
+        assert.isTrue(
+          craig.object_storage.buckets.activity_tracking_crn.invalid(
+            {
+              activity_tracking: true,
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    atracker: {
+                      instance: false,
+                    },
+                  },
+                },
+              },
+            }
+          ),
+          "it should be invalid when not creating instance"
+        );
+      });
+      it("should hide metrics_monitoring_crn", () => {
+        assert.isTrue(
+          craig.object_storage.buckets.metrics_monitoring_crn.hideWhen({}),
+          "it should be hidden"
+        );
+        assert.isTrue(
+          craig.object_storage.buckets.metrics_monitoring_crn.hideWhen(
+            {
+              metrics_monitoring: true,
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    sysdig: {
+                      enabled: true,
+                    },
+                  },
+                },
+              },
+            }
+          ),
+          "it should be hidden when creating atracker instance"
+        );
+      });
+      it("should have invalid metrics_monitoring_crn", () => {
+        assert.isFalse(
+          craig.object_storage.buckets.metrics_monitoring_crn.invalid({}),
+          "it should not be invalid"
+        );
+        assert.isFalse(
+          craig.object_storage.buckets.metrics_monitoring_crn.invalid(
+            {
+              metrics_monitoring: true,
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    sysdig: {
+                      enabled: true,
+                    },
+                  },
+                },
+              },
+            }
+          ),
+          "it should not be invalid when creating atracker instance"
+        );
+        assert.isTrue(
+          craig.object_storage.buckets.metrics_monitoring_crn.invalid(
+            {
+              metrics_monitoring: true,
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    sysdig: {
+                      enabled: false,
+                    },
+                  },
+                },
+              },
+            }
+          ),
+          "it should be invalid when not creating instance"
+        );
+      });
+      it("should hide read data events when activity tracking is not enabled", () => {
+        assert.isTrue(
+          craig.object_storage.buckets.read_data_events.hideWhen({}),
+          "it should be hidden"
+        );
+      });
       it("should return an empty array if kms is falsy", () => {
         assert.deepEqual(
           craig.object_storage.buckets.kms_key.groups(
@@ -549,6 +741,32 @@ describe("object_storage", () => {
     });
   });
   describe("object_storage.keys", () => {
+    describe("schema", () => {
+      it("should return correct name helper text", () => {
+        assert.deepEqual(
+          craig.object_storage.keys.name.helperText(
+            {
+              name: "yes",
+            },
+            {
+              craig: {
+                store: {
+                  json: {
+                    _options: {
+                      prefix: "test",
+                    },
+                  },
+                },
+              },
+              arrayParentName: "test",
+              parent: {},
+            }
+          ),
+          "test-test-key-yes",
+          "it should have correct helper text"
+        );
+      });
+    });
     describe("object_storage.keys.create", () => {
       it("should create a new cos key in a specified instance", () => {
         craig.object_storage.keys.create(
diff --git a/unit-tests/state/power-vs-volumes.test.js b/unit-tests/state/power-vs-volumes.test.js
index e6d9c053..9df435e2 100644
--- a/unit-tests/state/power-vs-volumes.test.js
+++ b/unit-tests/state/power-vs-volumes.test.js
@@ -382,6 +382,14 @@ describe("power_volumes", () => {
         "it should update attachments"
       );
     });
+    it("should have invalid pi_volume_size when out of range", () => {
+      assert.isTrue(
+        craig.power_volumes.pi_volume_size.invalid({
+          pi_volume_size: -1,
+        }),
+        "it should be invalid"
+      );
+    });
     it("should not disable volume size when sap and storage log", () => {
       assert.isFalse(
         craig.power_volumes.pi_volume_size.disabled({
diff --git a/unit-tests/state/reusable-fields.test.js b/unit-tests/state/reusable-fields.test.js
index d4d4e53e..2fed3559 100644
--- a/unit-tests/state/reusable-fields.test.js
+++ b/unit-tests/state/reusable-fields.test.js
@@ -4,10 +4,16 @@ const {
   hideWhenNotAllIcmp,
   onRuleFieldInputChange,
   invalidPort,
+  invalidNewResourceName,
 } = require("../../client/src/lib/state/reusable-fields");
 
 describe("reusable fields", () => {
   describe("utility functions", () => {
+    describe("invalidNewResourceName", () => {
+      it("should be true if no value", () => {
+        assert.isTrue(invalidNewResourceName(), "it should be false");
+      });
+    });
     describe("onRuleFieldInputChange", () => {
       it("should set rule when no rule is found", () => {
         let task = onRuleFieldInputChange("port_max");
diff --git a/unit-tests/state/routing-tables.test.js b/unit-tests/state/routing-tables.test.js
index ce3c5f14..189896fb 100644
--- a/unit-tests/state/routing-tables.test.js
+++ b/unit-tests/state/routing-tables.test.js
@@ -122,6 +122,77 @@ describe("routing_tables", () => {
         "it should return groups"
       );
     });
+    it("should return correct advertise groups", () => {
+      assert.deepEqual(
+        craig.routing_tables.advertise_routes_to.groups({}),
+        [],
+        "it should return groups"
+      );
+      assert.deepEqual(
+        craig.routing_tables.advertise_routes_to.groups({
+          route_direct_link_ingress: true,
+        }),
+        ["Direct Link"],
+        "it should return groups"
+      );
+      assert.isTrue(
+        craig.routing_tables.route_direct_link_ingress.disabled({
+          advertise_routes_to: ["direct_link"],
+        }),
+        "it should be disabled"
+      );
+      assert.isTrue(
+        craig.routing_tables.transit_gateway_ingress.disabled({
+          advertise_routes_to: ["transit_gateway"],
+        }),
+        "it should be disabled"
+      );
+      assert.deepEqual(
+        craig.routing_tables.advertise_routes_to.groups({
+          transit_gateway_ingress: true,
+        }),
+        ["Transit Gateway"],
+        "it should return groups"
+      );
+    });
+    it("should return list of routes on render", () => {
+      assert.deepEqual(
+        craig.routing_tables.advertise_routes_to.onRender({
+          advertise_routes_to: ["vpn_server", "vpn_gateway"],
+        }),
+        ["VPN Server", "VPN Gateway"],
+        "it should return groups"
+      );
+    });
+    it("should return list of routes on input change", () => {
+      assert.deepEqual(
+        craig.routing_tables.advertise_routes_to.onInputChange({
+          advertise_routes_to: ["VPN Server", "VPN Gateway"],
+        }),
+        ["vpn_server", "vpn_gateway"],
+        "it should return groups"
+      );
+    });
+    it("should have the correct name helper text", () => {
+      assert.deepEqual(
+        craig.routing_tables.name.helperText(
+          {},
+          {
+            craig: {
+              store: {
+                json: {
+                  _options: {
+                    prefix: "hi",
+                  },
+                },
+              },
+            },
+          }
+        ),
+        "hi-undefined-vpc-undefined-table",
+        "it should have correct helper text"
+      );
+    });
   });
   describe("routing_tables.routes", () => {
     beforeEach(() => {
diff --git a/unit-tests/state/schema.test.js b/unit-tests/state/schema.test.js
index b2bbe230..21af71da 100644
--- a/unit-tests/state/schema.test.js
+++ b/unit-tests/state/schema.test.js
@@ -157,6 +157,14 @@ describe("automate schema generation", () => {
                   groups: "<calculated>",
                 },
                 force_delete: { type: "boolean", default: false },
+                read_data_events: { type: "boolean", default: false },
+                write_data_events: { type: "boolean", default: false },
+                activity_tracking: { type: "boolean", default: false },
+                activity_tracking_crn: { type: "string", default: null },
+                metrics_monitoring: { type: "boolean", default: false },
+                usage_metrics_enabled: { type: "boolean", default: false },
+                request_metrics_enabled: { type: "boolean", default: false },
+                metrics_monitoring_crn: { type: "string", default: null },
               },
             },
             keys: {
@@ -1249,6 +1257,14 @@ describe("automate schema generation", () => {
                   groups: "<calculated>",
                 },
                 force_delete: { type: "boolean", default: false },
+                read_data_events: { type: "boolean", default: false },
+                write_data_events: { type: "boolean", default: false },
+                activity_tracking: { type: "boolean", default: false },
+                activity_tracking_crn: { type: "string", default: null },
+                metrics_monitoring: { type: "boolean", default: false },
+                usage_metrics_enabled: { type: "boolean", default: false },
+                request_metrics_enabled: { type: "boolean", default: false },
+                metrics_monitoring_crn: { type: "string", default: null },
               },
             },
             keys: {
@@ -1544,6 +1560,7 @@ describe("automate schema generation", () => {
             transit_gateway_ingress: { type: "boolean", default: false },
             route_vpc_zone_ingress: { type: "boolean", default: false },
             accept_routes_from_resource_type: { type: "Array", default: [] },
+            advertise_routes_to: { type: "Array", default: [] },
             routes: {
               Array: {
                 name: { type: "string", default: null },
@@ -1557,8 +1574,17 @@ describe("automate schema generation", () => {
                   default: null,
                   groups: ["delegate", "deliver", "delegate_vpc", "drop"],
                 },
+                advertise: {
+                  default: false,
+                  type: "boolean",
+                },
                 next_hop: { type: "string", default: null },
                 destination: { type: "string", default: null },
+                priority: {
+                  default: null,
+                  groups: ["0", "1", "2", "3", "4"],
+                  type: "string",
+                },
               },
             },
           },
@@ -1915,6 +1941,14 @@ describe("automate schema generation", () => {
               default: null,
               groups: "<calculated>",
             },
+            reserved_ips: {
+              default: [],
+              type: "Array",
+            },
+            enable_static_ips: {
+              type: "boolean",
+              default: false,
+            },
             vpc: { type: "string", default: null, groups: "<calculated>" },
             subnets: { type: "Array", default: [] },
             image_name: { type: "string", default: null },
diff --git a/unit-tests/state/security-groups.test.js b/unit-tests/state/security-groups.test.js
index b312d133..dde23798 100644
--- a/unit-tests/state/security-groups.test.js
+++ b/unit-tests/state/security-groups.test.js
@@ -614,6 +614,26 @@ describe("security groups", () => {
     });
   });
   describe("security_groups.schema", () => {
+    it("should have the correct name helper text", () => {
+      assert.deepEqual(
+        craig.security_groups.name.helperText(
+          {},
+          {
+            craig: {
+              store: {
+                json: {
+                  _options: {
+                    prefix: "hi",
+                  },
+                },
+              },
+            },
+          }
+        ),
+        "hi-undefined-undefined-sg",
+        "it should have correct helper text"
+      );
+    });
     it("should hide use_data", () => {
       assert.isTrue(
         craig.security_groups.use_data.hideWhen({}, { craig: craig }),
diff --git a/unit-tests/state/state.test.js b/unit-tests/state/state.test.js
index 97abd955..9519d540 100644
--- a/unit-tests/state/state.test.js
+++ b/unit-tests/state/state.test.js
@@ -4,7 +4,6 @@ const { splat } = require("lazy-z");
 const json = require("../data-files/craig-json.json");
 const hardSetData = require("../data-files/expected-hard-set.json");
 const brokenSubnets = require("../data-files/broken-subnets.json");
-const { deepEqual } = require("assert");
 
 /**
  * initialize store
diff --git a/unit-tests/state/vpc.test.js b/unit-tests/state/vpc.test.js
index fd82e46c..db41f933 100644
--- a/unit-tests/state/vpc.test.js
+++ b/unit-tests/state/vpc.test.js
@@ -18,6 +18,24 @@ describe("vpcs", () => {
   beforeEach(() => {
     state = newState();
   });
+  describe("vpc.onStoreUpdate", () => {
+    it("should update unfound and changed address prefixes on store update when using manual subnet addressing", () => {
+      state.store.json._options.dynamic_subnets = false;
+      state.store.json.vpcs[0].address_prefixes.shift();
+      state.store.json.vpcs[0].subnets[1].cidr = "1.2.3.4/5";
+      state.update();
+      assert.deepEqual(
+        state.store.json.vpcs[0].address_prefixes.length,
+        7,
+        "it should have correct number of address prefixes"
+      );
+      assert.deepEqual(
+        state.store.json.vpcs[0].address_prefixes[1].cidr,
+        "1.2.3.4/5",
+        "it should update cidr"
+      );
+    });
+  });
   describe("vpcs.save", () => {
     it("should rename a vpc", () => {
       state.store.json.dns = [
@@ -961,6 +979,12 @@ describe("vpcs", () => {
             cidr: "10.10.10.0/24",
             name: "vsi-zone-1",
           },
+          {
+            vpc: "management",
+            zone: 1,
+            cidr: "1.2.3.4/5",
+            name: "frog",
+          },
           {
             vpc: "management",
             zone: 2,
@@ -991,12 +1015,6 @@ describe("vpcs", () => {
             cidr: "10.30.20.0/24",
             name: "vpe-zone-3",
           },
-          {
-            vpc: "management",
-            zone: 1,
-            cidr: "1.2.3.4/5",
-            name: "frog",
-          },
         ];
         state.vpcs.subnetTiers.save(
           {
@@ -1158,6 +1176,62 @@ describe("vpcs", () => {
           "it should be frog"
         );
       });
+      it("should update vpc address prefixes when advanced subnet is created with no matching prefix", () => {
+        let state = new newState(true);
+        state.store.json._options.dynamic_subnets = false;
+        state.vpcs.subnetTiers.save(
+          {
+            advanced: true,
+            select_zones: [1],
+            name: "vpn",
+          },
+          {
+            vpc_name: "management",
+            data: {
+              name: "vpn",
+              craig: {
+                store: state.store.json.vpcs[0],
+              },
+            },
+          }
+        );
+        state.store.subnetTiers.management[2].subnets.push("lol");
+        state.store.json.vpcs[0].address_prefixes = [];
+        state.vpcs.subnets.save(
+          {
+            name: "frog",
+            acl_name: "",
+            tier: "vpn",
+            cidr: "1.2.3.4/5",
+            zone: "vpn-zone-1",
+            vpc: "management",
+          },
+          {
+            vpc_name: "management",
+            data: { name: "vpn-zone-1" },
+          }
+        );
+        assert.deepEqual(
+          state.store.json.vpcs[0].subnets[1].name,
+          "frog",
+          "it should be null"
+        );
+        assert.deepEqual(
+          state.store.subnetTiers.management[2].subnets,
+          ["frog", "lol"],
+          "it should update subnets"
+        );
+        assert.deepEqual(
+          state.store.json.vpcs[0].address_prefixes[1],
+          {
+            name: "frog",
+            cidr: "1.2.3.4/5",
+            zone: "vpn-zone-1",
+            vpc: "management",
+          },
+          "it should update address prefixes"
+        );
+      });
       describe("vpcs.subnets.save (from tier JSON)", () => {
         let craig;
         beforeEach(() => {
@@ -1173,6 +1247,12 @@ describe("vpcs", () => {
               cidr: "10.10.10.0/24",
               name: "vsi-zone-1",
             },
+            {
+              vpc: "management",
+              zone: 1,
+              cidr: "1.2.3.4/5",
+              name: "frog",
+            },
             {
               vpc: "management",
               zone: 2,
@@ -1203,12 +1283,6 @@ describe("vpcs", () => {
               cidr: "10.30.20.0/24",
               name: "vpe-zone-3",
             },
-            {
-              vpc: "management",
-              zone: 1,
-              cidr: "1.2.3.4/5",
-              name: "frog",
-            },
           ];
           craig.vpcs.subnetTiers.save(
             {
@@ -1400,9 +1474,9 @@ describe("vpcs", () => {
         assert.deepEqual(
           craig.vpcs.subnets.name.helperText(
             { name: "iac-subnet" },
-            { craig: craig }
+            { craig: craig, vpc_name: "hi" }
           ),
-          "iac-iac-subnet",
+          "iac-hi-iac-subnet",
           "it should return correct helper text"
         );
       });
@@ -1567,6 +1641,12 @@ describe("vpcs", () => {
             cidr: "10.10.10.0/24",
             name: "frog-zone-1",
           },
+          {
+            vpc: "management",
+            zone: 1,
+            cidr: "10.10.30.0/24",
+            name: "vpn-zone-1",
+          },
           {
             vpc: "management",
             zone: 2,
@@ -1591,12 +1671,6 @@ describe("vpcs", () => {
             cidr: "10.30.20.0/24",
             name: "vpe-zone-3",
           },
-          {
-            vpc: "management",
-            zone: 1,
-            cidr: "10.10.30.0/24",
-            name: "vpn-zone-1",
-          },
         ];
         vpcState.vpcs.subnetTiers.save(
           {
@@ -1815,6 +1889,12 @@ describe("vpcs", () => {
             cidr: "10.10.10.0/24",
             name: "vsi-zone-1",
           },
+          {
+            vpc: "management",
+            zone: 1,
+            cidr: "10.10.30.0/24",
+            name: "vpn-zone-1",
+          },
           {
             vpc: "management",
             zone: 2,
@@ -1845,12 +1925,6 @@ describe("vpcs", () => {
             cidr: "10.30.20.0/24",
             name: "vpe-zone-3",
           },
-          {
-            vpc: "management",
-            zone: 1,
-            cidr: "10.10.30.0/24",
-            name: "vpn-zone-1",
-          },
           {
             vpc: "management",
             zone: 2,
@@ -2228,6 +2302,12 @@ describe("vpcs", () => {
             cidr: "10.10.10.0/24",
             name: "frog-zone-1",
           },
+          {
+            vpc: "management",
+            zone: 1,
+            cidr: "10.10.30.0/24",
+            name: "vpn-zone-1",
+          },
           {
             vpc: "management",
             zone: 2,
@@ -2252,12 +2332,6 @@ describe("vpcs", () => {
             cidr: "10.30.20.0/24",
             name: "vpe-zone-3",
           },
-          {
-            vpc: "management",
-            zone: 1,
-            cidr: "10.10.30.0/24",
-            name: "vpn-zone-1",
-          },
         ];
         assert.deepEqual(
           vpcState.store.json.dns[0].custom_resolvers[0].subnets,
@@ -2399,6 +2473,12 @@ describe("vpcs", () => {
             cidr: "10.10.10.0/24",
             name: "frog-zone-1",
           },
+          {
+            vpc: "management",
+            zone: 1,
+            cidr: "10.10.30.0/24",
+            name: "vpn-zone-1",
+          },
           {
             vpc: "management",
             zone: 2,
@@ -2423,12 +2503,6 @@ describe("vpcs", () => {
             cidr: "10.30.20.0/24",
             name: "vpe-zone-3",
           },
-          {
-            vpc: "management",
-            zone: 1,
-            cidr: "10.10.30.0/24",
-            name: "vpn-zone-1",
-          },
         ];
         assert.deepEqual(
           vpcState.store.json.dns[0].custom_resolvers[0].subnets,
@@ -3196,6 +3270,12 @@ describe("vpcs", () => {
               cidr: "10.10.10.0/24",
               name: "frog-zone-1",
             },
+            {
+              vpc: "management",
+              zone: 1,
+              cidr: "10.10.30.0/24",
+              name: "vpn-zone-1",
+            },
             {
               vpc: "management",
               zone: 2,
@@ -3221,10 +3301,10 @@ describe("vpcs", () => {
               name: "vpe-zone-3",
             },
             {
+              cidr: undefined,
+              name: "test",
               vpc: "management",
-              zone: 1,
-              cidr: "10.10.30.0/24",
-              name: "vpn-zone-1",
+              zone: undefined,
             },
           ];
           craig.vpcs.subnetTiers.save(
@@ -3570,6 +3650,12 @@ describe("vpcs", () => {
               cidr: "10.10.10.0/24",
               name: "vsi-zone-1",
             },
+            {
+              vpc: "management",
+              zone: 1,
+              cidr: "10.10.30.0/24",
+              name: "vpn-zone-1",
+            },
             {
               vpc: "management",
               zone: 2,
@@ -3601,10 +3687,10 @@ describe("vpcs", () => {
               name: "vpe-zone-3",
             },
             {
+              cidr: undefined,
+              name: "test",
               vpc: "management",
-              zone: 1,
-              cidr: "10.10.30.0/24",
-              name: "vpn-zone-1",
+              zone: undefined,
             },
             {
               vpc: "management",
@@ -4108,6 +4194,12 @@ describe("vpcs", () => {
               cidr: "10.10.10.0/24",
               name: "frog-zone-1",
             },
+            {
+              vpc: "management",
+              zone: 1,
+              cidr: "10.10.30.0/24",
+              name: "vpn-zone-1",
+            },
             {
               vpc: "management",
               zone: 2,
@@ -4133,10 +4225,10 @@ describe("vpcs", () => {
               name: "vpe-zone-3",
             },
             {
+              cidr: undefined,
+              name: "test",
               vpc: "management",
-              zone: 1,
-              cidr: "10.10.30.0/24",
-              name: "vpn-zone-1",
+              zone: undefined,
             },
           ];
           assert.deepEqual(
@@ -4285,6 +4377,12 @@ describe("vpcs", () => {
               cidr: "10.10.10.0/24",
               name: "frog-zone-1",
             },
+            {
+              vpc: "management",
+              zone: 1,
+              cidr: "10.10.30.0/24",
+              name: "vpn-zone-1",
+            },
             {
               vpc: "management",
               zone: 2,
@@ -4310,10 +4408,10 @@ describe("vpcs", () => {
               name: "vpe-zone-3",
             },
             {
+              cidr: undefined,
+              name: "test",
               vpc: "management",
-              zone: 1,
-              cidr: "10.10.30.0/24",
-              name: "vpn-zone-1",
+              zone: undefined,
             },
           ];
           assert.deepEqual(
@@ -4513,6 +4611,12 @@ describe("vpcs", () => {
               cidr: "10.10.10.0/24",
               name: "vsi-zone-1",
             },
+            {
+              vpc: "management",
+              zone: 1,
+              cidr: "10.10.30.0/24",
+              name: "vpn-zone-1",
+            },
             {
               vpc: "management",
               zone: 3,
@@ -4538,10 +4642,10 @@ describe("vpcs", () => {
               name: "vpe-zone-3",
             },
             {
+              cidr: undefined,
+              name: "test",
               vpc: "management",
-              zone: 1,
-              cidr: "10.10.30.0/24",
-              name: "vpn-zone-1",
+              zone: undefined,
             },
           ];
           assert.deepEqual(
@@ -6762,6 +6866,12 @@ describe("vpcs", () => {
         let vpcState = new newState(true);
         vpcState.store.json._options.dynamic_subnets = false;
         let expectedData = [
+          {
+            vpc: "management",
+            zone: 1,
+            cidr: "10.10.20.0/24",
+            name: "vpn-zone-1",
+          },
           {
             vpc: "management",
             zone: 1,
@@ -6780,12 +6890,6 @@ describe("vpcs", () => {
             cidr: "10.30.10.0/24",
             name: "vpe-zone-3",
           },
-          {
-            vpc: "management",
-            zone: 1,
-            cidr: "10.10.20.0/24",
-            name: "vpn-zone-1",
-          },
         ];
         vpcState.vpcs.subnetTiers.delete(
           {},
@@ -7063,6 +7167,12 @@ describe("vpcs", () => {
         });
         it("should delete a subnet tier and update address prefixes", () => {
           let expectedData = [
+            {
+              vpc: "management",
+              zone: 1,
+              cidr: "10.10.10.0/24",
+              name: "vpn-zone-1",
+            },
             {
               vpc: "management",
               zone: 1,
@@ -7081,12 +7191,6 @@ describe("vpcs", () => {
               cidr: "10.30.20.0/24",
               name: "vpe-zone-3",
             },
-            {
-              vpc: "management",
-              zone: 1,
-              cidr: "10.10.10.0/24",
-              name: "vpn-zone-1",
-            },
           ];
           craig.vpcs.subnetTiers.delete(
             {},
diff --git a/unit-tests/state/vpn.test.js b/unit-tests/state/vpn.test.js
index 773fab24..7c0221be 100644
--- a/unit-tests/state/vpn.test.js
+++ b/unit-tests/state/vpn.test.js
@@ -413,6 +413,53 @@ describe("vpn_gateways", () => {
           "it should be disabled"
         );
       });
+      it("should handle invalid for peer cidrs when parent is policy based", () => {
+        craig.store.json.vpn_gateways[0].policy_mode = true;
+        craig.store.json.vpn_gateways.unshift({ name: "um" });
+        assert.isTrue(
+          craig.vpn_gateways.connections.peer_cidrs.invalid(
+            { peer_cidrs: [] },
+            { craig: craig, arrayParentName: "management-gateway" }
+          ),
+          "it should be valid"
+        );
+        craig.store.json.vpn_gateways[1].policy_mode = false;
+        craig.store.json.vpn_gateways.unshift({ name: "um" });
+        assert.isFalse(
+          craig.vpn_gateways.connections.peer_cidrs.invalid(
+            { peer_cidrs: [] },
+            { craig: craig, arrayParentName: "management-gateway" }
+          ),
+          "it should be invalid"
+        );
+      });
+      it("should handle hideWhen for peer cidrs when parent is policy based", () => {
+        craig.store.json.vpn_gateways[0].policy_mode = true;
+        craig.store.json.vpn_gateways.unshift({ name: "um" });
+        assert.isFalse(
+          craig.vpn_gateways.connections.peer_cidrs.hideWhen(
+            { peer_cidrs: [] },
+            { craig: craig, arrayParentName: "management-gateway" }
+          ),
+          "it should be valid"
+        );
+        craig.store.json.vpn_gateways[1].policy_mode = false;
+        craig.store.json.vpn_gateways.unshift({ name: "um" });
+        assert.isTrue(
+          craig.vpn_gateways.connections.peer_cidrs.hideWhen(
+            { peer_cidrs: [] },
+            { craig: craig, arrayParentName: "management-gateway" }
+          ),
+          "it should be invalid"
+        );
+        assert.isFalse(
+          craig.vpn_gateways.connections.peer_cidrs.hideWhen(
+            { peer_cidrs: [] },
+            { craig: craig }
+          ),
+          "it should be invalid"
+        );
+      });
     });
   });
 });
diff --git a/unit-tests/state/vsi.test.js b/unit-tests/state/vsi.test.js
index dc2daab2..3b6e9875 100644
--- a/unit-tests/state/vsi.test.js
+++ b/unit-tests/state/vsi.test.js
@@ -47,6 +47,7 @@ describe("vsi", () => {
           user_data: null,
           network_interfaces: [],
           volumes: [],
+          reserved_ips: [],
         },
         "it should return correct server"
       );
@@ -86,6 +87,7 @@ describe("vsi", () => {
           user_data: null,
           network_interfaces: [],
           volumes: [],
+          reserved_ips: [],
         },
         "it should return correct server"
       );
@@ -97,6 +99,21 @@ describe("vsi", () => {
     });
   });
   describe("vsi.save", () => {
+    it("should update vsi with reserved ips", () => {
+      craig.vsi.save(
+        { reserved_ips: [[], ["", "frog"]] },
+        { data: { name: "management-server" } }
+      );
+      assert.deepEqual(
+        craig.store.json.vsi[0].reserved_ips,
+        [
+          ["", ""],
+          ["", "frog"],
+          ["", ""],
+        ],
+        "it should have updated vsi"
+      );
+    });
     it("should update in place with new name", () => {
       craig.vsi.create(
         { name: "todd", vpc: "management" },
@@ -373,6 +390,193 @@ describe("vsi", () => {
         "it should return ssh keys"
       );
     });
+    it("should not have invalid reserved ips when not found", () => {
+      assert.isFalse(
+        craig.vsi.reserved_ips.invalid({}, { subnet: 0 }),
+        "it should be valid when not found on object"
+      );
+    });
+    it("should not have invalid reserved ip when empty string", () => {
+      assert.isFalse(
+        craig.vsi.reserved_ips.invalid(
+          { reserved_ips: [[""]] },
+          { subnet: 0, vsi: 0 }
+        ),
+        "it should be valid when item is empty string"
+      );
+    });
+    it("should have invalid reserved ip when not ipv4 address", () => {
+      assert.isTrue(
+        craig.vsi.reserved_ips.invalid(
+          { reserved_ips: [["AAA"]] },
+          { subnet: 0, vsi: 0 }
+        ),
+        "it should be invalid"
+      );
+      assert.isTrue(
+        craig.vsi.reserved_ips.invalid(
+          { reserved_ips: [["1.2.3.4/5"]] },
+          { subnet: 0, vsi: 0 }
+        ),
+        "it should be invalid"
+      );
+    });
+    it("should have a valid reserved ip when an ip address", () => {
+      assert.isFalse(
+        craig.vsi.reserved_ips.invalid(
+          { reserved_ips: [["1.2.3.4"]] },
+          { subnet: 0, vsi: 0 }
+        ),
+        "it should be invalid"
+      );
+    });
+    it("should render reserved ips", () => {
+      assert.deepEqual(
+        craig.vsi.reserved_ips.onRender({}),
+        "",
+        "it should return empty string"
+      );
+      assert.deepEqual(
+        craig.vsi.reserved_ips.onRender(
+          { reserved_ips: [[""]] },
+          { subnet: 0, vsi: 0 }
+        ),
+        "",
+        "it should return empty string"
+      );
+    });
+    it("should update reserved ips when invalid vsi per subnet", () => {
+      let nextState = {
+        vsi_per_subnet: "aaa",
+        subnets: [1, 2],
+        reserved_ips: [
+          ["", ""],
+          ["", ""],
+        ],
+      };
+      craig.vsi.vsi_per_subnet.onInputChange(nextState);
+      assert.deepEqual(
+        nextState.reserved_ips,
+        [],
+        "it should add additional subnets"
+      );
+    });
+    it("should update reserved ips when changing vsi per subnet and adding additional vsi", () => {
+      let nextState = {
+        vsi_per_subnet: "3",
+        subnets: [1, 2],
+        reserved_ips: [
+          ["", ""],
+          ["", ""],
+        ],
+      };
+      craig.vsi.vsi_per_subnet.onInputChange(nextState);
+      assert.deepEqual(
+        nextState.reserved_ips,
+        [
+          ["", "", ""],
+          ["", "", ""],
+        ],
+        "it should add additional vsi"
+      );
+    });
+    it("should update reserved ips when changing vsi per subnet and adding vsi with existing ips", () => {
+      let nextState = {
+        vsi_per_subnet: "3",
+        subnets: [1, 2],
+        reserved_ips: [
+          ["", "1.2.3.4"],
+          ["", ""],
+        ],
+      };
+      craig.vsi.vsi_per_subnet.onInputChange(nextState);
+      assert.deepEqual(
+        nextState.reserved_ips,
+        [
+          ["", "1.2.3.4", ""],
+          ["", "", ""],
+        ],
+        "it should maintain items in place"
+      );
+    });
+    it("should update reserved ips when reducing vsi per subnet and adding vsi with existing ips", () => {
+      let nextState = {
+        vsi_per_subnet: "1",
+        subnets: [1, 2],
+        reserved_ips: [
+          ["1.2.3.4", ""],
+          ["", ""],
+        ],
+      };
+      craig.vsi.vsi_per_subnet.onInputChange(nextState);
+      assert.deepEqual(
+        nextState.reserved_ips,
+        [["1.2.3.4"], [""]],
+        "it should maintain items in place"
+      );
+    });
+    it("should update reserved ips when reducing subnets and adding vsi with existing ips", () => {
+      let nextState = {
+        vsi_per_subnet: "2",
+        subnets: [1],
+        reserved_ips: [
+          ["1.2.3.4", ""],
+          ["", ""],
+        ],
+      };
+      craig.vsi.subnets.onInputChange(nextState);
+      assert.deepEqual(
+        nextState.reserved_ips,
+        [["1.2.3.4", ""]],
+        "it should maintain items in place"
+      );
+    });
+    it("should update reserved ips when changing subnets and adding vsi with existing ips", () => {
+      let nextState = {
+        vsi_per_subnet: "2",
+        subnets: [1, 2, 3],
+        reserved_ips: [
+          ["", "1.2.3.4"],
+          ["", ""],
+        ],
+      };
+      craig.vsi.subnets.onInputChange(nextState);
+      assert.deepEqual(
+        nextState.reserved_ips,
+        [
+          ["", "1.2.3.4"],
+          ["", ""],
+          ["", ""],
+        ],
+        "it should maintain items in place"
+      );
+    });
+  });
+  describe("vsi.shouldDisableSave", () => {
+    it("should disable save when reserved ip is invalid", () => {
+      craig.store.json.vsi[0].reserved_ips = [["", "1.2"], ["1.2.3.4/6"]];
+      assert.isTrue(
+        craig.vsi.shouldDisableSave(craig.store.json.vsi[0], {
+          craig: craig,
+          data: {
+            name: "management-server",
+          },
+        }),
+        "it should disable save"
+      );
+    });
+    it("should not disable save when reserved ip is valid", () => {
+      craig.store.json.vsi[0].reserved_ips = [["", ""], ["1.2.3.4"]];
+      assert.isFalse(
+        craig.vsi.shouldDisableSave(craig.store.json.vsi[0], {
+          craig: craig,
+          data: {
+            name: "management-server",
+          },
+        }),
+        "it should disable save"
+      );
+    });
   });
   describe("volumes", () => {
     describe("volumes.create", () => {
diff --git a/unit-tests/validate.test.js b/unit-tests/validate.test.js
index 6f9a73b1..c291a631 100644
--- a/unit-tests/validate.test.js
+++ b/unit-tests/validate.test.js
@@ -2048,6 +2048,17 @@ describe("validate", () => {
       };
       assert.doesNotThrow(task, "it should not throw an error");
     });
+    it("should be valid with vpc use data and no rg", () => {
+      let overrideJson = minimumValidJson();
+      overrideJson.vpcs.forEach((vpc) => {
+        vpc.use_data = true;
+        vpc.resource_group = null;
+      });
+      let task = () => {
+        validate(overrideJson);
+      };
+      assert.doesNotThrow(task, "it should not throw an error");
+    });
     it("should return empty project valid as is", () => {
       let overrideJson = require("../client/src/lib/docs/templates/from-scratch.json");
       let task = () => {