From 8844e8bde2662365277fa2e0010f67db566ba25d Mon Sep 17 00:00:00 2001
From: matttrach <matttrach@gmail.com>
Date: Thu, 10 Aug 2023 23:34:51 -0500
Subject: [PATCH] add workflows, add versions.tf, rename some override tests,
 update docs, generate ssh keys in tests

Signed-off-by: matttrach <matttrach@gmail.com>
---
 .github/CODEOWNERS                            |  2 +
 .github/workflows/e2e_tests.yaml              | 52 ++++++++++++++
 .github/workflows/pr_tests.yaml               | 40 +++++++++++
 examples/basic/{ => basic}/README.md          |  1 -
 examples/basic/basic/main.tf                  | 37 ++++++++++
 examples/basic/basic/variables.tf             |  8 +++
 examples/basic/basic/versions.tf              | 19 +++++
 examples/basic/main.tf                        | 12 ----
 examples/os/cis/README.md                     |  5 +-
 examples/os/cis/main.tf                       | 46 +++++++++---
 examples/os/cis/variables.tf                  |  8 +++
 examples/os/cis/versions.tf                   | 19 +++++
 examples/os/rhel8/main.tf                     | 41 ++++++++---
 examples/os/rhel8/variables.tf                |  8 +++
 examples/os/rhel8/versions.tf                 | 19 +++++
 examples/os/rocky8/main.tf                    | 39 ++++++++--
 examples/os/rocky8/variables.tf               |  8 +++
 examples/os/rocky8/versions.tf                | 19 +++++
 examples/os/sles15/main.tf                    | 46 +++++++++---
 examples/os/sles15/variables.tf               |  8 +++
 examples/os/sles15/versions.tf                | 19 +++++
 examples/os/ubuntu20/main.tf                  | 45 +++++++++---
 examples/os/ubuntu20/variables.tf             |  8 +++
 examples/os/ubuntu20/versions.tf              | 19 +++++
 examples/os/ubuntu22/main.tf                  | 46 +++++++++---
 examples/os/ubuntu22/variables.tf             |  8 +++
 examples/os/ubuntu22/versions.tf              | 19 +++++
 examples/overrides/image_only/outputs.tf      | 21 ------
 .../{image_only => select_image}/README.md    |  3 +
 .../{image_only => select_image}/main.tf      |  2 +-
 examples/overrides/select_image/outputs.tf    | 21 ++++++
 examples/overrides/select_image/versions.tf   |  9 +++
 examples/overrides/select_only/README.md      |  6 --
 examples/overrides/select_only/main.tf        |  6 --
 examples/overrides/select_only/outputs.tf     | 21 ------
 examples/overrides/select_server/README.md    | 13 ++++
 examples/overrides/select_server/main.tf      |  5 ++
 examples/overrides/select_server/outputs.tf   | 21 ++++++
 examples/overrides/select_server/versions.tf  | 19 +++++
 examples/overrides/server_only/README.md      |  2 +
 examples/overrides/server_only/main.tf        | 40 ++++++++---
 examples/overrides/server_only/variables.tf   |  8 +++
 examples/overrides/server_only/versions.tf    | 19 +++++
 examples/region/useast1/main.tf               | 45 +++++++++---
 examples/region/useast1/variables.tf          |  8 +++
 examples/region/useast1/versions.tf           | 19 +++++
 examples/region/useast2/main.tf               | 45 +++++++++---
 examples/region/useast2/variables.tf          |  8 +++
 examples/region/useast2/versions.tf           | 19 +++++
 examples/region/uswest1/main.tf               | 45 +++++++++---
 examples/region/uswest1/variables.tf          |  8 +++
 examples/region/uswest1/versions.tf           | 19 +++++
 examples/region/uswest2/main.tf               | 45 +++++++++---
 examples/region/uswest2/variables.tf          |  8 +++
 examples/region/uswest2/versions.tf           | 19 +++++
 examples/size/large/README.md                 |  2 -
 examples/size/large/main.tf                   | 45 +++++++++---
 examples/size/large/variables.tf              |  8 +++
 examples/size/large/versions.tf               | 19 +++++
 examples/size/medium/README.md                |  2 -
 examples/size/medium/main.tf                  | 45 +++++++++---
 examples/size/medium/variables.tf             |  8 +++
 examples/size/medium/versions.tf              | 19 +++++
 examples/size/small/README.md                 |  4 --
 examples/size/small/main.tf                   | 47 +++++++++---
 examples/size/small/variables.tf              |  8 +++
 examples/size/small/versions.tf               | 19 +++++
 examples/size/xl/README.md                    |  2 -
 examples/size/xl/main.tf                      | 45 +++++++++---
 examples/size/xl/variables.tf                 |  8 +++
 examples/size/xl/versions.tf                  | 19 +++++
 examples/size/xxl/README.md                   |  2 -
 examples/size/xxl/main.tf                     | 45 +++++++++---
 examples/size/xxl/variables.tf                |  8 +++
 examples/size/xxl/versions.tf                 | 19 +++++
 flake.lock                                    | 30 ++++++--
 main.tf                                       | 14 ++--
 modules/image/versions.tf                     | 19 +++++
 modules/server/versions.tf                    | 19 +++++
 outputs.tf                                    |  6 +-
 tests/basic_test.go                           | 14 ++--
 tests/go.mod                                  | 16 ++++-
 tests/go.sum                                  | 34 +++++++++
 tests/os_test.go                              | 69 ++++++++++--------
 tests/overrides_test.go                       | 42 +++++++----
 tests/region_test.go                          | 48 +++++++------
 tests/size_test.go                            | 63 +++++++++-------
 tests/util_test.go                            | 71 +++++++++++++++++++
 88 files changed, 1571 insertions(+), 353 deletions(-)
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/workflows/e2e_tests.yaml
 create mode 100644 .github/workflows/pr_tests.yaml
 rename examples/basic/{ => basic}/README.md (88%)
 create mode 100644 examples/basic/basic/main.tf
 create mode 100644 examples/basic/basic/variables.tf
 create mode 100644 examples/basic/basic/versions.tf
 delete mode 100644 examples/basic/main.tf
 create mode 100644 examples/os/cis/variables.tf
 create mode 100644 examples/os/cis/versions.tf
 create mode 100644 examples/os/rhel8/variables.tf
 create mode 100644 examples/os/rhel8/versions.tf
 create mode 100644 examples/os/rocky8/variables.tf
 create mode 100644 examples/os/rocky8/versions.tf
 create mode 100644 examples/os/sles15/variables.tf
 create mode 100644 examples/os/sles15/versions.tf
 create mode 100644 examples/os/ubuntu20/variables.tf
 create mode 100644 examples/os/ubuntu20/versions.tf
 create mode 100644 examples/os/ubuntu22/variables.tf
 create mode 100644 examples/os/ubuntu22/versions.tf
 delete mode 100644 examples/overrides/image_only/outputs.tf
 rename examples/overrides/{image_only => select_image}/README.md (78%)
 rename examples/overrides/{image_only => select_image}/main.tf (63%)
 create mode 100644 examples/overrides/select_image/outputs.tf
 create mode 100644 examples/overrides/select_image/versions.tf
 delete mode 100644 examples/overrides/select_only/README.md
 delete mode 100644 examples/overrides/select_only/main.tf
 delete mode 100644 examples/overrides/select_only/outputs.tf
 create mode 100644 examples/overrides/select_server/README.md
 create mode 100644 examples/overrides/select_server/main.tf
 create mode 100644 examples/overrides/select_server/outputs.tf
 create mode 100644 examples/overrides/select_server/versions.tf
 create mode 100644 examples/overrides/server_only/variables.tf
 create mode 100644 examples/overrides/server_only/versions.tf
 create mode 100644 examples/region/useast1/variables.tf
 create mode 100644 examples/region/useast1/versions.tf
 create mode 100644 examples/region/useast2/variables.tf
 create mode 100644 examples/region/useast2/versions.tf
 create mode 100644 examples/region/uswest1/variables.tf
 create mode 100644 examples/region/uswest1/versions.tf
 create mode 100644 examples/region/uswest2/variables.tf
 create mode 100644 examples/region/uswest2/versions.tf
 create mode 100644 examples/size/large/variables.tf
 create mode 100644 examples/size/large/versions.tf
 create mode 100644 examples/size/medium/variables.tf
 create mode 100644 examples/size/medium/versions.tf
 create mode 100644 examples/size/small/variables.tf
 create mode 100644 examples/size/small/versions.tf
 create mode 100644 examples/size/xl/variables.tf
 create mode 100644 examples/size/xl/versions.tf
 create mode 100644 examples/size/xxl/variables.tf
 create mode 100644 examples/size/xxl/versions.tf
 create mode 100644 modules/image/versions.tf
 create mode 100644 modules/server/versions.tf
 create mode 100644 tests/util_test.go

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..7608bad
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# Rancher/k3s will be a suggested reviewer for all pull requests
+* @rancher/k3s
\ No newline at end of file
diff --git a/.github/workflows/e2e_tests.yaml b/.github/workflows/e2e_tests.yaml
new file mode 100644
index 0000000..046a16c
--- /dev/null
+++ b/.github/workflows/e2e_tests.yaml
@@ -0,0 +1,52 @@
+name: 'Testing'
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  AWS_REGION: us-west-1
+  AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: ${{env.AWS_ROLE}}
+        role-session-name: ${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+        aws-region: ${{env.AWS_REGION}}
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        terraform_version: 1.5.3
+        with_wrapper: false
+    - name: Terraform Init
+      run: cd examples/basic && terraform init -upgrade
+    - name: Terraform Plan
+      run: cd examples/basic && terraform init -upgrade && terraform plan
+
+  terratest:
+    name: 'Terratest'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: ${{env.AWS_ROLE}}
+        role-session-name: ${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+        aws-region: ${{env.AWS_REGION}}
+    - name: Run Terratest
+      run: cd ./tests && go test -v -timeout=30m -parallel=50
diff --git a/.github/workflows/pr_tests.yaml b/.github/workflows/pr_tests.yaml
new file mode 100644
index 0000000..81837c3
--- /dev/null
+++ b/.github/workflows/pr_tests.yaml
@@ -0,0 +1,40 @@
+name: 'Testing'
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        terraform_version: 1.5.3
+        with_wrapper: false
+    - name: Init Basic
+      run: cd examples/basic && terraform init -upgrade
+    - name: Validate Basic
+      run: cd examples/basic && terraform validate
+
+  tflint:
+    name: 'TFLint'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - uses: terraform-linters/setup-tflint@v3
+      name: Setup TFLint
+      with:
+        tflint_version: latest
+    - name: Show version
+      run: tflint --version
+    - name: Init TFLint
+      run: tflint --init
+    - name: Run TFLint
+      run: tflint -f compact
diff --git a/examples/basic/README.md b/examples/basic/basic/README.md
similarity index 88%
rename from examples/basic/README.md
rename to examples/basic/basic/README.md
index a64067f..fca5ad8 100644
--- a/examples/basic/README.md
+++ b/examples/basic/basic/README.md
@@ -4,4 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test basic_test.go`.
 
 This is an example of using this module to deploy a small sles15 server on AWS.
-Initial test run took 125.519s to complete.
diff --git a/examples/basic/basic/main.tf b/examples/basic/basic/main.tf
new file mode 100644
index 0000000..84b1c37
--- /dev/null
+++ b/examples/basic/basic/main.tf
@@ -0,0 +1,37 @@
+locals {
+  category       = "basic"
+  example        = "basic"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestBasic" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
+}
diff --git a/examples/basic/basic/variables.tf b/examples/basic/basic/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/basic/basic/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/basic/basic/versions.tf b/examples/basic/basic/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/basic/basic/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
deleted file mode 100644
index 7f12c7c..0000000
--- a/examples/basic/main.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-
-module "TestBasic" {
-  source                     = "../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "terraform-test-basic"
-  server_type                = "small"
-  server_user                = "testbasic"
-  server_ssh_key             = "ssh-abc yOur+key name@example.com"
-  server_subnet_name         = "subnet-123abc"
-  server_security_group_name = "sg-0123abc"
-}
diff --git a/examples/os/cis/README.md b/examples/os/cis/README.md
index 285cfd6..601aadd 100644
--- a/examples/os/cis/README.md
+++ b/examples/os/cis/README.md
@@ -4,6 +4,7 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test os_test.go` or `go test -v -run TestCis`.
 
 This is an example of using this module to deploy a small sles15 server using the CIS approved image on AWS.
-WARNING! This image requires a subscription and will cost a bit extra.
 
-Initial test run took 219.320s
+WARNING! This image requires a subscription and will cost a bit extra.
+The only way I could find to subscribe was to login to the EC2 console and apply here: 
+https://aws.amazon.com/marketplace/seller-profile?id=dfa1e6a8-0b7b-4d35-a59c-ce272caee4fc&ref_=beagle
diff --git a/examples/os/cis/main.tf b/examples/os/cis/main.tf
index ec5bd9d..b1168cc 100644
--- a/examples/os/cis/main.tf
+++ b/examples/os/cis/main.tf
@@ -1,11 +1,37 @@
-module "TestCis" {
-  source                     = "../../../"
-  image                      = "sles-15-cis"
-  server_owner               = "terraform"
-  server_name                = "test-cis"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-abc yOur+key name@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "os"
+  example        = "cis"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15-cis"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestCis" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/os/cis/variables.tf b/examples/os/cis/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/os/cis/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/os/cis/versions.tf b/examples/os/cis/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/os/cis/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/os/rhel8/main.tf b/examples/os/rhel8/main.tf
index 7268504..9215ea9 100644
--- a/examples/os/rhel8/main.tf
+++ b/examples/os/rhel8/main.tf
@@ -1,12 +1,37 @@
+locals {
+  category       = "os"
+  example        = "rhel8"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "rhel-8"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
 
 module "TestRhel8" {
+  depends_on = [
+    module.aws_access,
+  ]
   source                     = "../../../"
-  image                      = "rhel-8"
-  server_owner               = "terraform"
-  server_name                = "test"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
   server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 public+ssh+key test@example.com"
-  server_subnet_name         = "terraform"
-  server_security_group_name = "terraform"
-}
\ No newline at end of file
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
+}
diff --git a/examples/os/rhel8/variables.tf b/examples/os/rhel8/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/os/rhel8/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/os/rhel8/versions.tf b/examples/os/rhel8/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/os/rhel8/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/os/rocky8/main.tf b/examples/os/rocky8/main.tf
index 844824f..45e3052 100644
--- a/examples/os/rocky8/main.tf
+++ b/examples/os/rocky8/main.tf
@@ -1,12 +1,37 @@
+locals {
+  category       = "os"
+  example        = "rocky8"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "rocky-8"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
 
 module "TestRocky8" {
+  depends_on = [
+    module.aws_access,
+  ]
   source                     = "../../../"
-  image                      = "rocky-8"
-  server_owner               = "terraform"
-  server_name                = "test"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
   server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/os/rocky8/variables.tf b/examples/os/rocky8/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/os/rocky8/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/os/rocky8/versions.tf b/examples/os/rocky8/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/os/rocky8/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/os/sles15/main.tf b/examples/os/sles15/main.tf
index 9ef995c..a1ae0fc 100644
--- a/examples/os/sles15/main.tf
+++ b/examples/os/sles15/main.tf
@@ -1,11 +1,37 @@
-module "TestSles15" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "os"
+  example        = "sles15"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestSles15" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/os/sles15/variables.tf b/examples/os/sles15/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/os/sles15/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/os/sles15/versions.tf b/examples/os/sles15/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/os/sles15/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/os/ubuntu20/main.tf b/examples/os/ubuntu20/main.tf
index dcc52ab..77b7415 100644
--- a/examples/os/ubuntu20/main.tf
+++ b/examples/os/ubuntu20/main.tf
@@ -1,11 +1,36 @@
-module "TestUbuntu20" {
-  source                     = "../../../"
-  image                      = "ubuntu-20"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "os"
+  example        = "ubuntu20"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "ubuntu-20"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUbuntu20" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/os/ubuntu20/variables.tf b/examples/os/ubuntu20/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/os/ubuntu20/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/os/ubuntu20/versions.tf b/examples/os/ubuntu20/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/os/ubuntu20/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/os/ubuntu22/main.tf b/examples/os/ubuntu22/main.tf
index 4fb4c73..3fdd656 100644
--- a/examples/os/ubuntu22/main.tf
+++ b/examples/os/ubuntu22/main.tf
@@ -1,11 +1,37 @@
-module "TestUbuntu22" {
-  source                     = "../../../"
-  image                      = "ubuntu-22"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "os"
+  example        = "ubuntu22"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "ubuntu-22"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUbuntu22" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/os/ubuntu22/variables.tf b/examples/os/ubuntu22/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/os/ubuntu22/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/os/ubuntu22/versions.tf b/examples/os/ubuntu22/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/os/ubuntu22/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/overrides/image_only/outputs.tf b/examples/overrides/image_only/outputs.tf
deleted file mode 100644
index e4d59a3..0000000
--- a/examples/overrides/image_only/outputs.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-output "private_ip" {
-  value = module.TestImageOnly.private_ip
-}
-output "public_ip" {
-  value = module.TestImageOnly.public_ip
-}
-output "id" {
-  value = module.TestImageOnly.id
-}
-output "ami" {
-  value = module.TestImageOnly.ami
-}
-output "ram" {
-  value = module.TestImageOnly.ram
-}
-output "cpu" {
-  value = module.TestImageOnly.cpu
-}
-output "storage" {
-  value = module.TestImageOnly.storage
-}
\ No newline at end of file
diff --git a/examples/overrides/image_only/README.md b/examples/overrides/select_image/README.md
similarity index 78%
rename from examples/overrides/image_only/README.md
rename to examples/overrides/select_image/README.md
index 5fd90ed..6db2cdd 100644
--- a/examples/overrides/image_only/README.md
+++ b/examples/overrides/select_image/README.md
@@ -6,3 +6,6 @@ If you would like to test this example go to the ./tests/overrides directory and
 This is an example of using this module to select information rather than creating anything.
 This will select the image from the image types and retrieve information about it.
 Please see ./image/types.tf for more information on the opinionated image selection this module provides.
+
+
+NOTE: This module does not create images, it may select them or skip them (potentially requiring the user to provide more information), but it won't create them.
diff --git a/examples/overrides/image_only/main.tf b/examples/overrides/select_image/main.tf
similarity index 63%
rename from examples/overrides/image_only/main.tf
rename to examples/overrides/select_image/main.tf
index 0413e74..dd68700 100644
--- a/examples/overrides/image_only/main.tf
+++ b/examples/overrides/select_image/main.tf
@@ -1,4 +1,4 @@
-module "TestImageOnly" {
+module "TestSelectImage" {
   source = "../../../"
   image  = "sles-15"
 }
diff --git a/examples/overrides/select_image/outputs.tf b/examples/overrides/select_image/outputs.tf
new file mode 100644
index 0000000..b306c65
--- /dev/null
+++ b/examples/overrides/select_image/outputs.tf
@@ -0,0 +1,21 @@
+output "private_ip" {
+  value = module.TestSelectImage.private_ip
+}
+output "public_ip" {
+  value = module.TestSelectImage.public_ip
+}
+output "id" {
+  value = module.TestSelectImage.id
+}
+output "ami" {
+  value = module.TestSelectImage.ami
+}
+output "ram" {
+  value = module.TestSelectImage.ram
+}
+output "cpu" {
+  value = module.TestSelectImage.cpu
+}
+output "storage" {
+  value = module.TestSelectImage.storage
+}
\ No newline at end of file
diff --git a/examples/overrides/select_image/versions.tf b/examples/overrides/select_image/versions.tf
new file mode 100644
index 0000000..4b8ed7f
--- /dev/null
+++ b/examples/overrides/select_image/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/overrides/select_only/README.md b/examples/overrides/select_only/README.md
deleted file mode 100644
index 445bf18..0000000
--- a/examples/overrides/select_only/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-# Select Only Example
-
-This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
-If you would like to test this example go to the ./tests directory and run the test with `go test overrides_test.go` or `go test -v -run TestSelectOnly`.
-
-This is an example of using this module to select and image and server without deploying anything.
diff --git a/examples/overrides/select_only/main.tf b/examples/overrides/select_only/main.tf
deleted file mode 100644
index 0e97d13..0000000
--- a/examples/overrides/select_only/main.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-
-module "TestSelectOnly" {
-  source    = "../../../"
-  image_id  = "ami-yourtestami"  # this must be an AMI in your region
-  server_id = "i-yourtestserver" # this must be an instance in your region
-}
diff --git a/examples/overrides/select_only/outputs.tf b/examples/overrides/select_only/outputs.tf
deleted file mode 100644
index 2fc19e4..0000000
--- a/examples/overrides/select_only/outputs.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-output "private_ip" {
-  value = module.TestSelectOnly.private_ip
-}
-output "public_ip" {
-  value = module.TestSelectOnly.public_ip
-}
-output "id" {
-  value = module.TestSelectOnly.id
-}
-output "ami" {
-  value = module.TestSelectOnly.ami
-}
-output "ram" {
-  value = module.TestSelectOnly.ram
-}
-output "cpu" {
-  value = module.TestSelectOnly.cpu
-}
-output "storage" {
-  value = module.TestSelectOnly.storage
-}
\ No newline at end of file
diff --git a/examples/overrides/select_server/README.md b/examples/overrides/select_server/README.md
new file mode 100644
index 0000000..de6a870
--- /dev/null
+++ b/examples/overrides/select_server/README.md
@@ -0,0 +1,13 @@
+# Select Only Example
+
+This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
+If you would like to test this example go to the ./tests directory and run the test with `go test overrides_test.go` or `go test -v -run TestSelectOnly`.
+
+This is an example of using this module to select an image and server without deploying anything.
+
+WARNING! Server values override image values in outputs.
+This means that if you select both an image and a server, and the image is not the one that the server uses, then you will not get the image information you selected.
+Accurate server information is the top priority for this module, so it will give you the image information related to the server selected.
+That makes this example somewhat useless in practice, but it exercises both paths, so we use it in testing.
+
+In most use cases you will want to either select only an image and get the image information, or select only a server to get the server information (including the image that the server is using).
diff --git a/examples/overrides/select_server/main.tf b/examples/overrides/select_server/main.tf
new file mode 100644
index 0000000..88ac0e6
--- /dev/null
+++ b/examples/overrides/select_server/main.tf
@@ -0,0 +1,5 @@
+module "TestSelectServer" {
+  source    = "../../../"
+  image_id  = "ami-09b2a1e33ce552e68" # this must be an image in your region, it should be the image used to create the server_id
+  server_id = "i-05d05c6c07c007054"   # this must be an instance in your region
+}
diff --git a/examples/overrides/select_server/outputs.tf b/examples/overrides/select_server/outputs.tf
new file mode 100644
index 0000000..62c6b01
--- /dev/null
+++ b/examples/overrides/select_server/outputs.tf
@@ -0,0 +1,21 @@
+output "private_ip" {
+  value = module.TestSelectServer.private_ip
+}
+output "public_ip" {
+  value = module.TestSelectServer.public_ip
+}
+output "id" {
+  value = module.TestSelectServer.id
+}
+output "ami" {
+  value = module.TestSelectServer.ami
+}
+output "ram" {
+  value = module.TestSelectServer.ram
+}
+output "cpu" {
+  value = module.TestSelectServer.cpu
+}
+output "storage" {
+  value = module.TestSelectServer.storage
+}
\ No newline at end of file
diff --git a/examples/overrides/select_server/versions.tf b/examples/overrides/select_server/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/overrides/select_server/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/overrides/server_only/README.md b/examples/overrides/server_only/README.md
index e2a8e30..d32c184 100644
--- a/examples/overrides/server_only/README.md
+++ b/examples/overrides/server_only/README.md
@@ -4,3 +4,5 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test overrides_test.go` or `go test -v -run TestServerOnly`.
 
 This is an example of using this module to deploy a small sles15 server, specifying the ami to use.
+If you specify an image_id, you must also specify the admin_group and initial_user.
+These are used to login to the server for the first time and set up a new user as specified by "username".
diff --git a/examples/overrides/server_only/main.tf b/examples/overrides/server_only/main.tf
index 32597fa..d036754 100644
--- a/examples/overrides/server_only/main.tf
+++ b/examples/overrides/server_only/main.tf
@@ -1,14 +1,38 @@
 
+locals {
+  category       = "overrides"
+  example        = "server-only"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
+  public_ssh_key = var.key                 # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name            # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
 module "TestServerOnly" {
+  depends_on                 = [module.aws_access]
   source                     = "../../../"
-  image_id                   = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
-  image_admin_group          = "admin"
-  image_initial_user         = "ubuntu"
-  server_owner               = "terraform"
-  server_name                = "test-server-only"
+  image_id                   = local.image # if you specify an image_id, you must also specify the admin_group and initial_user
+  image_admin_group          = "wheel"     # if you specify an image_id, you must also specify the admin_group and initial_user
+  image_initial_user         = "ec2-user"  # if you specify an image_id, you must also specify the admin_group and initial_user
+  server_owner               = local.email
+  server_name                = local.name
   server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+public+ssh+key you@example.com"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
   server_subnet_name         = "default"
-  server_security_group_name = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/overrides/server_only/variables.tf b/examples/overrides/server_only/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/overrides/server_only/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/overrides/server_only/versions.tf b/examples/overrides/server_only/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/overrides/server_only/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/region/useast1/main.tf b/examples/region/useast1/main.tf
index 7ec9fec..522df08 100644
--- a/examples/region/useast1/main.tf
+++ b/examples/region/useast1/main.tf
@@ -1,16 +1,39 @@
-
 provider "aws" {
   region = "us-east-1"
 }
 
-module "TestUsEast1" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "useast1"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUseast1" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/region/useast1/variables.tf b/examples/region/useast1/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/region/useast1/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/region/useast1/versions.tf b/examples/region/useast1/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/region/useast1/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/region/useast2/main.tf b/examples/region/useast2/main.tf
index d6deeda..edcc87e 100644
--- a/examples/region/useast2/main.tf
+++ b/examples/region/useast2/main.tf
@@ -1,16 +1,39 @@
-
 provider "aws" {
   region = "us-east-2"
 }
 
-module "TestUsEast2" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "useast2"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUseast2" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/region/useast2/variables.tf b/examples/region/useast2/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/region/useast2/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/region/useast2/versions.tf b/examples/region/useast2/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/region/useast2/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/region/uswest1/main.tf b/examples/region/uswest1/main.tf
index 3ef091e..d57cda9 100644
--- a/examples/region/uswest1/main.tf
+++ b/examples/region/uswest1/main.tf
@@ -1,16 +1,39 @@
-
 provider "aws" {
   region = "us-west-1"
 }
 
-module "TestUsWest1" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "uswest1"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUswest1" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/region/uswest1/variables.tf b/examples/region/uswest1/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/region/uswest1/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/region/uswest1/versions.tf b/examples/region/uswest1/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/region/uswest1/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/region/uswest2/main.tf b/examples/region/uswest2/main.tf
index ba92e1a..eb7171b 100644
--- a/examples/region/uswest2/main.tf
+++ b/examples/region/uswest2/main.tf
@@ -1,16 +1,39 @@
-
 provider "aws" {
   region = "us-west-2"
 }
 
-module "TestUsWest2" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "uswest2"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "test"
+  subnet_name         = "test"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUswest2" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "test"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/region/uswest2/variables.tf b/examples/region/uswest2/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/region/uswest2/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/region/uswest2/versions.tf b/examples/region/uswest2/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/region/uswest2/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/size/large/README.md b/examples/size/large/README.md
index 28cf8a9..11d4f89 100644
--- a/examples/size/large/README.md
+++ b/examples/size/large/README.md
@@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestLarge`.
 
 This is an example of using this module to deploy a large sles15 server.
-
-Initial test run took 133.759s
diff --git a/examples/size/large/main.tf b/examples/size/large/main.tf
index a33e370..46c7ff0 100644
--- a/examples/size/large/main.tf
+++ b/examples/size/large/main.tf
@@ -1,11 +1,36 @@
-module "TestLarge" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-large"
-  server_type                = "large"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey you@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "size"
+  example        = "large"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "large"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestLarge" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/size/large/variables.tf b/examples/size/large/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/size/large/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/size/large/versions.tf b/examples/size/large/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/size/large/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/size/medium/README.md b/examples/size/medium/README.md
index a6cf8ff..fb8e5a0 100644
--- a/examples/size/medium/README.md
+++ b/examples/size/medium/README.md
@@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestMedium`.
 
 This is an example of using this module to deploy a med sles15 server.
-
-Initial test run took 156.378s
diff --git a/examples/size/medium/main.tf b/examples/size/medium/main.tf
index bb216fc..396ef0a 100644
--- a/examples/size/medium/main.tf
+++ b/examples/size/medium/main.tf
@@ -1,11 +1,36 @@
-module "TestMedium" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-medium"
-  server_type                = "medium"
-  server_user                = "testmedium"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey you@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "size"
+  example        = "medium"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "medium"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestMedium" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/size/medium/variables.tf b/examples/size/medium/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/size/medium/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/size/medium/versions.tf b/examples/size/medium/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/size/medium/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/size/small/README.md b/examples/size/small/README.md
index 790bd1c..8097b36 100644
--- a/examples/size/small/README.md
+++ b/examples/size/small/README.md
@@ -2,7 +2,3 @@
 
 This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestSmall`.
-
-This is an example of using this module to deploy a small sles15 server.
-
-Initial test run took 138.855s
diff --git a/examples/size/small/main.tf b/examples/size/small/main.tf
index ca28466..94fbcb6 100644
--- a/examples/size/small/main.tf
+++ b/examples/size/small/main.tf
@@ -1,11 +1,36 @@
-module "TestSmall" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-small"
-  server_type                = "small"
-  server_user                = "testsmall"
-  server_ssh_key             = "ssh-abc yOur+public+key name@example.com"
-  server_subnet_name         = "my-subnet"
-  server_security_group_name = "my-security-group"
-}
+locals {
+  category       = "size"
+  example        = "small"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "small"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestSmall" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
+}
diff --git a/examples/size/small/variables.tf b/examples/size/small/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/size/small/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/size/small/versions.tf b/examples/size/small/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/size/small/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/size/xl/README.md b/examples/size/xl/README.md
index d4b3f50..b3a2eb1 100644
--- a/examples/size/xl/README.md
+++ b/examples/size/xl/README.md
@@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestXl`.
 
 This is an example of using this module to deploy an xl sles15 server.
-
-Initial test run took 160.765s
diff --git a/examples/size/xl/main.tf b/examples/size/xl/main.tf
index 498e03d..6da1de0 100644
--- a/examples/size/xl/main.tf
+++ b/examples/size/xl/main.tf
@@ -1,11 +1,36 @@
-module "TestXl" {
-  source                   = "../../../"
-  image                    = "sles-15"
-  server_owner             = "terraform"
-  server_name              = "test-xl"
-  server_type              = "xl"
-  server_user              = "terraform"
-  server_ssh_key           = "ssh-abc yOur+key name@example.com"
-  server_subnet_id         = "tf-test"
-  server_security_group_id = "tf-test"
+locals {
+  category       = "size"
+  example        = "xl"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "xl"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestXl" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/size/xl/variables.tf b/examples/size/xl/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/size/xl/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/size/xl/versions.tf b/examples/size/xl/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/size/xl/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/size/xxl/README.md b/examples/size/xxl/README.md
index d17aa98..6110fe0 100644
--- a/examples/size/xxl/README.md
+++ b/examples/size/xxl/README.md
@@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestXxl`.
 
 This is an example of using this module to deploy an extra extra large sles15 server.
-
-Initial test run took 200.771s
diff --git a/examples/size/xxl/main.tf b/examples/size/xxl/main.tf
index 4a61112..0e13aa1 100644
--- a/examples/size/xxl/main.tf
+++ b/examples/size/xxl/main.tf
@@ -1,11 +1,36 @@
-module "TestXxl" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-xxl"
-  server_type                = "xxl"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey you@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "size"
+  example        = "xxl"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "xxl"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestXxl" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
diff --git a/examples/size/xxl/variables.tf b/examples/size/xxl/variables.tf
new file mode 100644
index 0000000..8768690
--- /dev/null
+++ b/examples/size/xxl/variables.tf
@@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
diff --git a/examples/size/xxl/versions.tf b/examples/size/xxl/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/examples/size/xxl/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/flake.lock b/flake.lock
index 3c520ec..4c40f69 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,12 +1,15 @@
 {
   "nodes": {
     "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
       "locked": {
-        "lastModified": 1676283394,
-        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "lastModified": 1689068808,
+        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
         "type": "github"
       },
       "original": {
@@ -17,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1676487294,
-        "narHash": "sha256-fbD0tVsowxAUXwfw2C9EdEAH8UEJNsCm0zJcfkJy3Pg=",
+        "lastModified": 1691625043,
+        "narHash": "sha256-IiiOwgRTQm9W1QHe8qme7qYxDbAT2MYxbIJMfPEltN0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "63b5955814db30d2e2ff7157aaa5665b502ed2f4",
+        "rev": "3d6ebeb283be256f008541ce2b089eb5fb0e4e01",
         "type": "github"
       },
       "original": {
@@ -36,6 +39,21 @@
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs"
       }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/main.tf b/main.tf
index 1813adc..9649e42 100644
--- a/main.tf
+++ b/main.tf
@@ -13,12 +13,14 @@ locals {
   server_security_group_name = var.server_security_group_name
   server_subnet_name         = var.server_subnet_name
 
+  select_image  = (local.image_id != "" ? true : false)
+  select_server = (local.server_id != "" ? true : false)
+
   skip_server = ((local.server_id == "" && local.server_name == "") ? true : false)
-  skip_image  = (local.image_id != "" ? true : false)
 }
 
+# image module can't be skipped, but it can select an image based on the image_id rather than the image variable
 module "image" {
-  count        = local.skip_image ? 0 : 1
   source       = "./modules/image"
   id           = local.image_id
   type         = local.image_type
@@ -27,7 +29,7 @@ module "image" {
 }
 
 module "server" {
-  count = local.skip_server ? 0 : 1
+  count = (local.skip_server ? 0 : 1)
   depends_on = [
     module.image
   ]
@@ -37,9 +39,9 @@ module "server" {
   owner              = local.server_owner
   type               = local.server_type
   user               = local.server_user
-  image_id           = (local.skip_image ? local.image_id : module.image[0].id)
-  image_admin_group  = (local.skip_image ? local.image_admin_group : module.image[0].admin_group)
-  image_initial_user = (local.skip_image ? local.image_initial_user : module.image[0].initial_user)
+  image_id           = module.image.id
+  image_admin_group  = module.image.admin_group
+  image_initial_user = module.image.initial_user
   ssh_key            = local.server_ssh_key
   security_group     = local.server_security_group_name
   subnet             = local.server_subnet_name
diff --git a/modules/image/versions.tf b/modules/image/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/modules/image/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/server/versions.tf b/modules/server/versions.tf
new file mode 100644
index 0000000..da3a90c
--- /dev/null
+++ b/modules/server/versions.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
index 281f080..df2f002 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -8,7 +8,7 @@ output "id" {
   value = (local.skip_server ? "" : module.server[0].id)
 }
 output "ami" {
-  value = (local.skip_server ? (local.skip_image ? local.image_id : module.image[0].ami) : module.server[0].ami)
+  value = (local.skip_server ? module.image.ami : module.server[0].ami)
 }
 output "ram" {
   value = (local.skip_server ? "" : module.server[0].ram)
@@ -17,5 +17,5 @@ output "cpu" {
   value = (local.skip_server ? "" : module.server[0].cpu)
 }
 output "storage" {
-  value = (local.skip_server ? 0 : module.server[0].storage)
-}
\ No newline at end of file
+  value = (local.skip_server ? "" : module.server[0].storage)
+}
diff --git a/tests/basic_test.go b/tests/basic_test.go
index b9a38e0..77c8118 100644
--- a/tests/basic_test.go
+++ b/tests/basic_test.go
@@ -1,17 +1,19 @@
 package test
 
 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )
 
 func TestBasic(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/basic",
-	})
-
+	category := "basic"
+	directory := "basic"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
diff --git a/tests/go.mod b/tests/go.mod
index d9fdc1d..e457e4a 100644
--- a/tests/go.mod
+++ b/tests/go.mod
@@ -2,7 +2,11 @@ module github.com/rancher/terraform-aws-server/test.go
 
 go 1.20
 
-require github.com/gruntwork-io/terratest v0.43.3
+require (
+	github.com/aws/aws-sdk-go v1.44.288
+	github.com/gruntwork-io/terratest v0.43.3
+	github.com/stretchr/testify v1.8.4
+)
 
 require (
 	cloud.google.com/go v0.110.3 // indirect
@@ -12,9 +16,12 @@ require (
 	cloud.google.com/go/storage v1.30.1 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/aws/aws-sdk-go v1.44.288 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect
+	github.com/go-sql-driver/mysql v1.4.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
@@ -22,6 +29,7 @@ require (
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
 	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
+	github.com/gruntwork-io/go-commons v0.8.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter v1.7.1 // indirect
@@ -38,9 +46,11 @@ require (
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/pquerna/otp v1.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/tmccombs/hcl2json v0.5.0 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/urfave/cli v1.22.2 // indirect
 	github.com/zclconf/go-cty v1.13.2 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.10.0 // indirect
diff --git a/tests/go.sum b/tests/go.sum
index a9dc219..3999b61 100644
--- a/tests/go.sum
+++ b/tests/go.sum
@@ -198,6 +198,9 @@ github.com/aws/aws-sdk-go v1.44.288 h1:Ln7fIao/nl0ACtelgR1I4AiEw/GLNkKcXfCaHupUW
 github.com/aws/aws-sdk-go v1.44.288/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -215,6 +218,9 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -229,10 +235,16 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU=
+github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -331,6 +343,8 @@ github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cU
 github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
 github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro=
+github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78=
 github.com/gruntwork-io/terratest v0.43.3 h1:5m8muuUH/84vfahX1GM8yeTTfNY9oFAVcqqEAvjAt+w=
 github.com/gruntwork-io/terratest v0.43.3/go.mod h1:BaiZSbupsU6AmCuds8qLcoUOG8gcykW/IvWf4TtAUyU=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -366,6 +380,7 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk=
 github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -373,8 +388,12 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo=
 github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM=
 github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
@@ -386,13 +405,23 @@ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTS
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok=
+github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -407,6 +436,8 @@ github.com/tmccombs/hcl2json v0.5.0/go.mod h1:B0ZpBthAKbQur6yZRKrtaqDmYLCvgnwHOB
 github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
+github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -565,14 +596,17 @@ golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/tests/os_test.go b/tests/os_test.go
index 17654f4..17a065d 100644
--- a/tests/os_test.go
+++ b/tests/os_test.go
@@ -1,72 +1,79 @@
 package test
 
 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )
 
 func TestCis(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/cis",
-	})
-
+	category := "os"
+	directory := "cis"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 
 func TestSles15(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/sles15",
-	})
-
+	category := "os"
+	directory := "sles15"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 
 func TestRocky8(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/rocky8",
-	})
-
+	category := "os"
+	directory := "rocky8"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 
 func TestRhel8(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/rhel8",
-	})
-
+	category := "os"
+	directory := "rhel8"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 
 func TestUbuntu20(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/ubuntu20",
-	})
-
+	category := "os"
+	directory := "ubuntu20"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 
 func TestUbuntu22(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/ubuntu22",
-	})
-
+	category := "os"
+	directory := "ubuntu22"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
diff --git a/tests/overrides_test.go b/tests/overrides_test.go
index a825c40..3b67f1b 100644
--- a/tests/overrides_test.go
+++ b/tests/overrides_test.go
@@ -1,36 +1,54 @@
 package test
 
 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
+	"fmt"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )
 
 func TestServerOnly(t *testing.T) {
+	// in this test we are going to create a server without touching the image module
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/overrides/server_only",
-	})
-
+	category := "overrides"
+	directory := "server_only"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
-func TestImageOnly(t *testing.T) {
+func TestSelectImage(t *testing.T) {
+	// in this test we are going to select an image without touching the server module
 	t.Parallel()
-
+	category := "overrides"
+	directory := "select_image"
+	region := "us-west-1"
 	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/overrides/image_only",
+		TerraformDir: fmt.Sprintf("../examples/%s/%s", category, directory),
+		// Environment variables to set when running Terraform
+		EnvVars: map[string]string{
+			"AWS_DEFAULT_REGION": region,
+		},
 	})
 
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 
-func TestSelectOnly(t *testing.T) {
+func TestSelectServer(t *testing.T) {
+	// in this test we are going to select an image and a server without creating anything
 	t.Parallel()
-
+	category := "overrides"
+	directory := "select_server"
+	region := "us-west-1"
 	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/overrides/select_only",
+		TerraformDir: fmt.Sprintf("../examples/%s/%s", category, directory),
+		// Environment variables to set when running Terraform
+		EnvVars: map[string]string{
+			"AWS_DEFAULT_REGION": region,
+		},
 	})
 
 	defer terraform.Destroy(t, terraformOptions)
diff --git a/tests/region_test.go b/tests/region_test.go
index cf1f351..b5d7a85 100644
--- a/tests/region_test.go
+++ b/tests/region_test.go
@@ -6,42 +6,50 @@ import (
 )
 
 func TestUsEast1(t *testing.T) {
+	// in this test we are going to create a server in the us-east-1 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/useast1",
-	})
-
+	category := "region"
+	directory := "useast1"
+	region := "us-east-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestUsEast2(t *testing.T) {
+	// in this test we are going to create a server in the us-east-2 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/useast2",
-	})
-
+	category := "region"
+	directory := "useast2"
+	region := "us-east-2"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestUsWest1(t *testing.T) {
+	// in this test we are going to create a server in the us-west-1 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/uswest1",
-	})
-
+	category := "region"
+	directory := "uswest1"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestUsWest2(t *testing.T) {
+	// in this test we are going to create a server in the us-west-2 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/uswest2",
-	})
-
+	category := "region"
+	directory := "uswest2"
+	region := "us-west-2"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
diff --git a/tests/size_test.go b/tests/size_test.go
index d614dd0..a974d8b 100644
--- a/tests/size_test.go
+++ b/tests/size_test.go
@@ -1,57 +1,68 @@
 package test
 
 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )
 
 func TestSmall(t *testing.T) {
+	// in this test we are going to create a small server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/small",
-	})
-
+	category := "size"
+	directory := "small"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestMedium(t *testing.T) {
+	// in this test we are going to create a medium server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/medium",
-	})
-
+	category := "size"
+	directory := "medium"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestLarge(t *testing.T) {
+	// in this test we are going to create a large server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/large",
-	})
-
+	category := "size"
+	directory := "large"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestXl(t *testing.T) {
+	// in this test we are going to create a extra large server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/xl",
-	})
-
+	category := "size"
+	directory := "xl"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestXxl(t *testing.T) {
+	// in this test we are going to create a extra-extra large server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/xxl",
-	})
-
+	category := "size"
+	directory := "xxl"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
diff --git a/tests/util_test.go b/tests/util_test.go
new file mode 100644
index 0000000..2890d9f
--- /dev/null
+++ b/tests/util_test.go
@@ -0,0 +1,71 @@
+package test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	a "github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	aws "github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/gruntwork-io/terratest/modules/ssh"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/require"
+)
+
+func teardown(t *testing.T, category string, directory string, keyPair *aws.Ec2Keypair, sshAgent *ssh.SshAgent) {
+	err := os.RemoveAll(fmt.Sprintf("../examples/%s/%s/.terraform", category, directory))
+	require.NoError(t, err)
+	aws.DeleteEC2KeyPair(t, keyPair)
+	sshAgent.Stop()
+}
+
+func setup(t *testing.T, category string, directory string, region string, owner string) (*terraform.Options, *aws.Ec2Keypair, *ssh.SshAgent) {
+	uniqueID := random.UniqueId()
+
+	// Create an EC2 KeyPair that we can use for SSH access
+	keyPairName := fmt.Sprintf("terraform-aws-server-test-%s-%s-%s", category, directory, uniqueID)
+	keyPair := aws.CreateAndImportEC2KeyPair(t, region, keyPairName)
+
+	// tag the key pair so we can find in the access module
+	client, err1 := aws.NewEc2ClientE(t, region)
+	require.NoError(t, err1)
+
+	input := &ec2.DescribeKeyPairsInput{
+		KeyNames: []*string{a.String(keyPairName)},
+	}
+	result, err2 := client.DescribeKeyPairs(input)
+	require.NoError(t, err2)
+
+	aws.AddTagsToResource(t, region, *result.KeyPairs[0].KeyPairId, map[string]string{"Name": keyPairName, "Owner": owner})
+
+	// start an SSH agent, with our key pair added
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+
+	retryableTerraformErrors := map[string]string{
+		// The reason is unknown, but eventually these succeed after a few retries.
+		".*unable to verify signature.*":             "Failed due to transient network error.",
+		".*unable to verify checksum.*":              "Failed due to transient network error.",
+		".*no provider exists with the given name.*": "Failed due to transient network error.",
+		".*registry service is unreachable.*":        "Failed due to transient network error.",
+		".*connection reset by peer.*":               "Failed due to transient network error.",
+		".*TLS handshake timeout.*":                  "Failed due to transient network error.",
+	}
+
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: fmt.Sprintf("../examples/%s/%s", category, directory),
+		// Variables to pass to our Terraform code using -var options
+		Vars: map[string]interface{}{
+			"key":      keyPair.KeyPair.PublicKey,
+			"key_name": keyPairName,
+		},
+		// Environment variables to set when running Terraform
+		EnvVars: map[string]string{
+			"AWS_DEFAULT_REGION": region,
+		},
+		SshAgent:                 sshAgent, // Overrides local SSH agent with our new agent
+		RetryableTerraformErrors: retryableTerraformErrors,
+	})
+	return terraformOptions, keyPair, sshAgent
+}