diff --git a/src/mapping/aws/resource/aws_iam_service_specific_credential.json b/src/mapping/aws/resource/aws_iam_service_specific_credential.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_iam_service_specific_credential.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/aws_imagebuilder_container_recipe.json b/src/mapping/aws/resource/aws_imagebuilder_container_recipe.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_imagebuilder_container_recipe.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/aws_inspector2_organization_configuration.json b/src/mapping/aws/resource/aws_inspector2_organization_configuration.json
index c22551cc..cd67f376 100644
--- a/src/mapping/aws/resource/aws_inspector2_organization_configuration.json
+++ b/src/mapping/aws/resource/aws_inspector2_organization_configuration.json
@@ -1,11 +1,16 @@
 [
   {
-    "apply": [],
+    "apply": [
+      "inspector2:UpdateOrganizationConfiguration",
+      "inspector2:DescribeOrganizationConfiguration"
+    ],
     "attributes": {
       "tags": []
     },
     "destroy": [],
-    "modify": [],
+    "modify": [
+      "inspector2:UpdateOrganizationConfiguration"
+    ],
     "plan": []
   }
 ]
diff --git a/src/mapping/aws/resource/aws_internetmonitor_monitor.json b/src/mapping/aws/resource/aws_internetmonitor_monitor.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_internetmonitor_monitor.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/aws_kms_custom_key_store.json b/src/mapping/aws/resource/aws_kms_custom_key_store.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_kms_custom_key_store.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/aws_kms_external_key.json b/src/mapping/aws/resource/aws_kms_external_key.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_kms_external_key.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/aws_lambda_code_signing_config.json b/src/mapping/aws/resource/aws_lambda_code_signing_config.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_lambda_code_signing_config.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/aws_signer_signing_profile.json b/src/mapping/aws/resource/aws_signer_signing_profile.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_signer_signing_profile.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/aws_signer_signing_profile_permission.json b/src/mapping/aws/resource/aws_signer_signing_profile_permission.json
deleted file mode 100644
index c22551cc..00000000
--- a/src/mapping/aws/resource/aws_signer_signing_profile_permission.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
-  {
-    "apply": [],
-    "attributes": {
-      "tags": []
-    },
-    "destroy": [],
-    "modify": [],
-    "plan": []
-  }
-]
diff --git a/src/mapping/aws/resource/iam/aws_iam_service_specific_credential.json b/src/mapping/aws/resource/iam/aws_iam_service_specific_credential.json
new file mode 100644
index 00000000..d012a260
--- /dev/null
+++ b/src/mapping/aws/resource/iam/aws_iam_service_specific_credential.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "iam:CreateServiceSpecificCredential",
+      "iam:ListServiceSpecificCredentials",
+      "iam:DeleteServiceSpecificCredential"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "iam:DeleteServiceSpecificCredential"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_container_recipe.json b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_container_recipe.json
new file mode 100644
index 00000000..3c46e0fb
--- /dev/null
+++ b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_container_recipe.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "imagebuilder:CreateContainerRecipe",
+      "imagebuilder:GetContainerRecipe",
+      "imagebuilder:GetImage",
+      "imagebuilder:CreateImageRecipe",
+      "imagebuilder:DeleteContainerRecipe",
+      "imagebuilder:DeleteImageRecipe"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "imagebuilder:DeleteContainerRecipe",
+      "imagebuilder:DeleteImageRecipe"],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/internet-monitor/aws_internetmonitor_monitor.json b/src/mapping/aws/resource/internet-monitor/aws_internetmonitor_monitor.json
new file mode 100644
index 00000000..0f5a8705
--- /dev/null
+++ b/src/mapping/aws/resource/internet-monitor/aws_internetmonitor_monitor.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "internetmonitor:CreateMonitor",
+      "internetmonitor:GetMonitor",
+      "internetmonitor:UpdateMonitor",
+      "internetmonitor:DeleteMonitor"
+    ],
+    "attributes": {
+      "tags": [
+        "internetmonitor:TagResource",
+        "internetmonitor:UntagResource"]
+    },
+    "destroy": [
+      "internetmonitor:DeleteMonitor"],
+    "modify": [
+      "internetmonitor:UpdateMonitor"],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/aws_kms_ciphertext.json b/src/mapping/aws/resource/kms/aws_kms_ciphertext.json
similarity index 66%
rename from src/mapping/aws/resource/aws_kms_ciphertext.json
rename to src/mapping/aws/resource/kms/aws_kms_ciphertext.json
index c22551cc..e4e3ec8d 100644
--- a/src/mapping/aws/resource/aws_kms_ciphertext.json
+++ b/src/mapping/aws/resource/kms/aws_kms_ciphertext.json
@@ -1,6 +1,8 @@
 [
   {
-    "apply": [],
+    "apply": [
+      "kms:Encrypt"
+    ],
     "attributes": {
       "tags": []
     },
diff --git a/src/mapping/aws/resource/kms/aws_kms_custom_key_store.json b/src/mapping/aws/resource/kms/aws_kms_custom_key_store.json
new file mode 100644
index 00000000..b1c458c6
--- /dev/null
+++ b/src/mapping/aws/resource/kms/aws_kms_custom_key_store.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "kms:CreateCustomKeyStore",
+      "kms:DeleteCustomKeyStore",
+      "kms:UpdateCustomKeyStore",
+      "kms:DescribeCustomKeyStores"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "kms:DeleteCustomKeyStore"
+    ],
+    "modify": [
+      "kms:UpdateCustomKeyStore"
+    ],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/kms/aws_kms_external_key.json b/src/mapping/aws/resource/kms/aws_kms_external_key.json
new file mode 100644
index 00000000..ed647b3e
--- /dev/null
+++ b/src/mapping/aws/resource/kms/aws_kms_external_key.json
@@ -0,0 +1,19 @@
+[
+  {
+    "apply": [
+      "kms:CreateKey",
+      "iam:CreateServiceLinkedRole",
+      "kms:GetParametersForImport",
+      "kms:GetKeyPolicy",
+      "kms:ListResourceTags",
+      "kms:ScheduleKeyDeletion",
+      "kms:ImportKeyMaterial"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/aws_kms_replica_key.json b/src/mapping/aws/resource/kms/aws_kms_replica_key.json
similarity index 64%
rename from src/mapping/aws/resource/aws_kms_replica_key.json
rename to src/mapping/aws/resource/kms/aws_kms_replica_key.json
index c22551cc..3970a914 100644
--- a/src/mapping/aws/resource/aws_kms_replica_key.json
+++ b/src/mapping/aws/resource/kms/aws_kms_replica_key.json
@@ -1,6 +1,8 @@
 [
   {
-    "apply": [],
+    "apply": [
+      "kms:ReplicateKey"
+    ],
     "attributes": {
       "tags": []
     },
diff --git a/src/mapping/aws/resource/lambda/aws_lambda_code_signing_config.json b/src/mapping/aws/resource/lambda/aws_lambda_code_signing_config.json
new file mode 100644
index 00000000..f2aadf71
--- /dev/null
+++ b/src/mapping/aws/resource/lambda/aws_lambda_code_signing_config.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "lambda:CreateCodeSigningConfig",
+      "lambda:GetCodeSigningConfig",
+      "lambda:DeleteCodeSigningConfig"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "lambda:DeleteCodeSigningConfig"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/aws_signer_signing_job.json b/src/mapping/aws/resource/signer/aws_signer_signing_job.json
similarity index 51%
rename from src/mapping/aws/resource/aws_signer_signing_job.json
rename to src/mapping/aws/resource/signer/aws_signer_signing_job.json
index c22551cc..98bcf241 100644
--- a/src/mapping/aws/resource/aws_signer_signing_job.json
+++ b/src/mapping/aws/resource/signer/aws_signer_signing_job.json
@@ -1,6 +1,9 @@
 [
   {
-    "apply": [],
+    "apply": [
+      "signer:StartSigningJob",
+      "signer:DescribeSigningJob"
+    ],
     "attributes": {
       "tags": []
     },
diff --git a/src/mapping/aws/resource/signer/aws_signer_signing_profile.json b/src/mapping/aws/resource/signer/aws_signer_signing_profile.json
new file mode 100644
index 00000000..cc9e4a53
--- /dev/null
+++ b/src/mapping/aws/resource/signer/aws_signer_signing_profile.json
@@ -0,0 +1,18 @@
+[
+  {
+    "apply": [
+      "signer:GetSigningProfile",
+      "signer:RevokeSigningProfile",
+      "signer:PutSigningProfile",
+      "signer:CancelSigningProfile"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "signer:RevokeSigningProfile",
+      "signer:CancelSigningProfile"],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/signer/aws_signer_signing_profile_permission.json b/src/mapping/aws/resource/signer/aws_signer_signing_profile_permission.json
new file mode 100644
index 00000000..a8f32c01
--- /dev/null
+++ b/src/mapping/aws/resource/signer/aws_signer_signing_profile_permission.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "signer:ListProfilePermissions",
+      "signer:AddProfilePermission",
+      "signer:RemoveProfilePermission"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "signer:RemoveProfilePermission"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/terraform/aws/aws_elastic_beanstalk_application_version.tf b/terraform/aws/aws_elastic_beanstalk_application_version.tf
deleted file mode 100644
index a47cc136..00000000
--- a/terraform/aws/aws_elastic_beanstalk_application_version.tf
+++ /dev/null
@@ -1 +0,0 @@
-#resource "aws_elastic_beanstalk_application_version" "pike" {}
\ No newline at end of file
diff --git a/terraform/aws/aws_elastic_beanstalk_configuration_template.tf b/terraform/aws/aws_elastic_beanstalk_configuration_template.tf
deleted file mode 100644
index 4301d83b..00000000
--- a/terraform/aws/aws_elastic_beanstalk_configuration_template.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-resource "aws_elastic_beanstalk_configuration_template" "tf_template" {
-  name                = "tf-test-template-config"
-  application         = aws_elastic_beanstalk_application.tftest.name
-  solution_stack_name = "64bit Amazon Linux 2015.09 v2.0.8 running Go 1.4"
-}
\ No newline at end of file
diff --git a/terraform/aws/aws_elastic_beanstalk_environment.tf b/terraform/aws/aws_elastic_beanstalk_environment.tf
deleted file mode 100644
index 1246fdf8..00000000
--- a/terraform/aws/aws_elastic_beanstalk_environment.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-resource "aws_elastic_beanstalk_application" "tftest" {
-  name        = "tf-test-name"
-  description = "tf-test-desc"
-}
-
-resource "aws_elastic_beanstalk_environment" "tfenvtest" {
-  name                = "tf-test-name"
-  application         = aws_elastic_beanstalk_application.tftest.name
-  solution_stack_name = "64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4"
-}
\ No newline at end of file
diff --git a/terraform/aws/aws_elb_attachment.tf b/terraform/aws/aws_elb_attachment.tf
deleted file mode 100644
index a248b224..00000000
--- a/terraform/aws/aws_elb_attachment.tf
+++ /dev/null
@@ -1 +0,0 @@
-#resource "aws_elb_attachment" "pike" {}
\ No newline at end of file
diff --git a/terraform/aws/aws_internet_gateway_attachment.tf b/terraform/aws/aws_internet_gateway_attachment.tf
deleted file mode 100644
index c4b09733..00000000
--- a/terraform/aws/aws_internet_gateway_attachment.tf
+++ /dev/null
@@ -1 +0,0 @@
-#resource "aws_internet_gateway_attachment" "pike" {}
\ No newline at end of file
diff --git a/terraform/aws/aws_kms_custom_key_store.tf b/terraform/aws/aws_kms_custom_key_store.tf
deleted file mode 100644
index d52dc5da..00000000
--- a/terraform/aws/aws_kms_custom_key_store.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-#resource "aws_kms_custom_key_store" "pike" {
-#  custom_key_store_name = "pike"
-#}
\ No newline at end of file
diff --git a/terraform/aws/aws_ec2_availability_zone_group.tf b/terraform/aws/backup/aws_ec2_availability_zone_group.tf
similarity index 80%
rename from terraform/aws/aws_ec2_availability_zone_group.tf
rename to terraform/aws/backup/aws_ec2_availability_zone_group.tf
index 2afa9f50..9cefcf7f 100644
--- a/terraform/aws/aws_ec2_availability_zone_group.tf
+++ b/terraform/aws/backup/aws_ec2_availability_zone_group.tf
@@ -1,4 +1,5 @@
 resource "aws_ec2_availability_zone_group" "pike" {
+  provider= aws.central
   group_name    = "us-west-2-lax-1"
   opt_in_status = "opted-in"
 }
\ No newline at end of file
diff --git a/terraform/aws/aws_iam_security_token_service_preferences.tf b/terraform/aws/backup/aws_iam_security_token_service_preferences.tf
similarity index 100%
rename from terraform/aws/aws_iam_security_token_service_preferences.tf
rename to terraform/aws/backup/aws_iam_security_token_service_preferences.tf
diff --git a/terraform/aws/aws_iam_service_specific_credential.tf b/terraform/aws/backup/aws_iam_service_specific_credential.tf
similarity index 63%
rename from terraform/aws/aws_iam_service_specific_credential.tf
rename to terraform/aws/backup/aws_iam_service_specific_credential.tf
index 10c66186..0193998f 100644
--- a/terraform/aws/aws_iam_service_specific_credential.tf
+++ b/terraform/aws/backup/aws_iam_service_specific_credential.tf
@@ -1,4 +1,4 @@
 resource "aws_iam_service_specific_credential" "pike" {
   service_name = "codecommit.amazonaws.com"
-  user_name    = "arn:aws:iam::680235478471:user/basic"
+  user_name    = "jameswoolfenden"
 }
\ No newline at end of file
diff --git a/terraform/aws/aws_iam_virtual_mfa_device.tf b/terraform/aws/backup/aws_iam_virtual_mfa_device.tf
similarity index 100%
rename from terraform/aws/aws_iam_virtual_mfa_device.tf
rename to terraform/aws/backup/aws_iam_virtual_mfa_device.tf
diff --git a/terraform/aws/aws_imagebuilder_container_recipe.tf b/terraform/aws/backup/aws_imagebuilder_container_recipe.tf
similarity index 87%
rename from terraform/aws/aws_imagebuilder_container_recipe.tf
rename to terraform/aws/backup/aws_imagebuilder_container_recipe.tf
index 941046e0..4813cd7d 100644
--- a/terraform/aws/aws_imagebuilder_container_recipe.tf
+++ b/terraform/aws/backup/aws_imagebuilder_container_recipe.tf
@@ -3,7 +3,7 @@ resource "aws_imagebuilder_container_recipe" "pike" {
   version = "1.0.0"
 
   container_type = "DOCKER"
-  parent_image   = "arn:aws:imagebuilder:eu-central-1:aws:image/amazon-linux-x86-latest/x.x.x"
+  parent_image   = "jameswoolfenden/pike"
 
   target_repository {
     repository_name = "arn:aws:ecr:eu-west-2:680235478471:repository/pike"
@@ -49,4 +49,5 @@ resource "aws_imagebuilder_component" "example" {
   name     = "example"
   platform = "Linux"
   version  = "1.0.0"
-}
\ No newline at end of file
+}
+
diff --git a/terraform/aws/aws_inspector2_delegated_admin_account.tf b/terraform/aws/backup/aws_inspector2_delegated_admin_account.tf
similarity index 100%
rename from terraform/aws/aws_inspector2_delegated_admin_account.tf
rename to terraform/aws/backup/aws_inspector2_delegated_admin_account.tf
diff --git a/terraform/aws/aws_inspector2_enabler.tf b/terraform/aws/backup/aws_inspector2_enabler.tf
similarity index 100%
rename from terraform/aws/aws_inspector2_enabler.tf
rename to terraform/aws/backup/aws_inspector2_enabler.tf
diff --git a/terraform/aws/aws_internetmonitor_monitor.tf b/terraform/aws/backup/aws_internetmonitor_monitor.tf
similarity index 100%
rename from terraform/aws/aws_internetmonitor_monitor.tf
rename to terraform/aws/backup/aws_internetmonitor_monitor.tf
diff --git a/terraform/aws/aws_kms_ciphertext.tf b/terraform/aws/backup/aws_kms_ciphertext.tf
similarity index 62%
rename from terraform/aws/aws_kms_ciphertext.tf
rename to terraform/aws/backup/aws_kms_ciphertext.tf
index 1e253fae..24a1a1d2 100644
--- a/terraform/aws/aws_kms_ciphertext.tf
+++ b/terraform/aws/backup/aws_kms_ciphertext.tf
@@ -4,8 +4,8 @@ resource "aws_kms_ciphertext" "pike" {
 
     plaintext = <<EOF
 {
-  "client_id": "e587dbae22222f55da22",
-  "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
+  "client_id": "e000dbae00000f00da00",
+  "client_secret": "0000000d00000ace00e0000ec00000000000b0a0"
 }
 EOF
   }
diff --git a/terraform/aws/backup/aws_kms_custom_key_store.tf b/terraform/aws/backup/aws_kms_custom_key_store.tf
new file mode 100644
index 00000000..4db35ff4
--- /dev/null
+++ b/terraform/aws/backup/aws_kms_custom_key_store.tf
@@ -0,0 +1,3 @@
+resource "aws_kms_custom_key_store" "pike" {
+  custom_key_store_name = "pike"
+}
\ No newline at end of file
diff --git a/terraform/aws/aws_kms_external_key.tf b/terraform/aws/backup/aws_kms_external_key.tf
similarity index 79%
rename from terraform/aws/aws_kms_external_key.tf
rename to terraform/aws/backup/aws_kms_external_key.tf
index 4dc3e1d4..37209715 100644
--- a/terraform/aws/aws_kms_external_key.tf
+++ b/terraform/aws/backup/aws_kms_external_key.tf
@@ -6,5 +6,4 @@ resource "aws_kms_external_key" "pike" {
   multi_region            = true
   enabled                 = true
 
-  key_material_base64 = "dGhpcyBpcyBteSBrZXk="
 }
\ No newline at end of file
diff --git a/terraform/aws/aws_kms_replica_external_key.tf b/terraform/aws/backup/aws_kms_replica_external_key.tf
similarity index 68%
rename from terraform/aws/aws_kms_replica_external_key.tf
rename to terraform/aws/backup/aws_kms_replica_external_key.tf
index 7f808001..13bc6784 100644
--- a/terraform/aws/aws_kms_replica_external_key.tf
+++ b/terraform/aws/backup/aws_kms_replica_external_key.tf
@@ -3,5 +3,5 @@ resource "aws_kms_replica_external_key" "pike" {
   deletion_window_in_days = 7
   primary_key_arn         = aws_kms_external_key.pike.arn
 
-  key_material_base64 = "â¡¨Võb¹_^V<95>Ob<94>\\¬µxZî<82>1àíÎ¯^MpªQ^Bd{"
+  key_material_base64 = ""
 }
\ No newline at end of file
diff --git a/terraform/aws/aws_kms_replica_key.tf b/terraform/aws/backup/aws_kms_replica_key.tf
similarity index 100%
rename from terraform/aws/aws_kms_replica_key.tf
rename to terraform/aws/backup/aws_kms_replica_key.tf
diff --git a/terraform/aws/aws_lambda_code_signing_config.tf b/terraform/aws/backup/aws_lambda_code_signing_config.tf
similarity index 100%
rename from terraform/aws/aws_lambda_code_signing_config.tf
rename to terraform/aws/backup/aws_lambda_code_signing_config.tf
diff --git a/terraform/aws/aws_signer_signing_job.tf b/terraform/aws/backup/aws_signer_signing_job.tf
similarity index 100%
rename from terraform/aws/aws_signer_signing_job.tf
rename to terraform/aws/backup/aws_signer_signing_job.tf
diff --git a/terraform/aws/aws_signer_signing_profile.tf b/terraform/aws/backup/aws_signer_signing_profile.tf
similarity index 55%
rename from terraform/aws/aws_signer_signing_profile.tf
rename to terraform/aws/backup/aws_signer_signing_profile.tf
index 9a596f2b..4a7968eb 100644
--- a/terraform/aws/aws_signer_signing_profile.tf
+++ b/terraform/aws/backup/aws_signer_signing_profile.tf
@@ -1,14 +1,13 @@
 resource "aws_signer_signing_profile" "pike" {
   platform_id = "AWSLambda-SHA384-ECDSA"
-  name_prefix = "prod_sp_"
+
 
   signature_validity_period {
-    value = 5
-    type  = "YEARS"
+    value = 135
+    type  = "MONTHS"
   }
 
   tags = {
-    tag1 = "value1"
-    tag2 = "value2"
+    pike = "permissions"
   }
 }
\ No newline at end of file
diff --git a/terraform/aws/aws_signer_signing_profile_permission.tf b/terraform/aws/backup/aws_signer_signing_profile_permission.tf
similarity index 100%
rename from terraform/aws/aws_signer_signing_profile_permission.tf
rename to terraform/aws/backup/aws_signer_signing_profile_permission.tf
diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf
index 7c1e8bb9..faa1009a 100644
--- a/terraform/aws/role/aws_iam_policy.basic.tf
+++ b/terraform/aws/role/aws_iam_policy.basic.tf
@@ -13,6 +13,7 @@ resource "aws_iam_policy" "basic" {
 
           //aws_ec2_availability_zone_group
           "ec2:DescribeAvailabilityZones",
+          "ec2:ModifyAvailabilityZoneGroup",
 
           //aws_eip_association
           "ec2:AssociateAddress",
@@ -40,7 +41,7 @@ resource "aws_iam_policy" "basic" {
           //aws_imagebuilder_component
           "imagebuilder:CreateComponent",
           "imagebuilder:TagResource",
-          "imagebuilder:UnagResource",
+          "imagebuilder:UntagResource",
           "imagebuilder:GetComponent",
           "imagebuilder:DeleteComponent",
 
@@ -61,30 +62,9 @@ resource "aws_iam_policy" "basic" {
           "inspector2:AssociateMember",
           "inspector2:DisassociateMember",
 
-          //aws_inspector2_organization_configuration
-          "inspector2:UpdateOrganizationConfiguration",
-          "inspector2:DescribeOrganizationConfiguration",
 
-          //aws_internetmonitor_monitor
-          "internetmonitor:TagResource",
-          "internetmonitor:CreateMonitor",
-          "internetmonitor:GetMonitor",
-          "internetmonitor:UpdateMonitor",
-          "internetmonitor:DeleteMonitor",
 
-          //aws_kms_ciphertext
-          "kms:Encrypt",
 
-          //aws_kms_external_key
-          "kms:CreateKey",
-          "iam:CreateServiceLinkedRole",
-          "kms:GetParametersForImport",
-          "kms:GetKeyPolicy",
-          "kms:ListResourceTags",
-          "kms:ScheduleKeyDeletion",
-
-          //aws_kms_replica_key
-          "kms:ReplicateKey"
         ],
         "Resource" : "*",
       }