diff --git a/terraform/modules/container/README.md b/terraform/modules/container/README.md
index f5ab0df..ecbca09 100644
--- a/terraform/modules/container/README.md
+++ b/terraform/modules/container/README.md
@@ -35,7 +35,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_host_urls"></a> [additional\_host\_urls](#input\_additional\_host\_urls) | n/a | `list(string)` | `[]` | no |
 | <a name="input_application_type"></a> [application\_type](#input\_application\_type) | defines what type of application is running, fullstack, client, backend, etc. will be used for cloudwatch logs | `string` | n/a | yes |
-| <a name="input_container_cpu"></a> [container\_cpu](#input\_container\_cpu) | n/a | `number` | `512` | no |
+| <a name="input_container_cpu"></a> [container\_cpu](#input\_container\_cpu) | n/a | `number` | `256` | no |
 | <a name="input_container_environment"></a> [container\_environment](#input\_container\_environment) | n/a | <pre>list(object({<br/>    name = string<br/>    value = string<br/>  }))</pre> | n/a | yes |
 | <a name="input_container_environment_secrets"></a> [container\_environment\_secrets](#input\_container\_environment\_secrets) | n/a | <pre>list(object({<br/>    name = string<br/>    valueFrom = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_container_image"></a> [container\_image](#input\_container\_image) | n/a | `string` | n/a | yes |
@@ -44,6 +44,7 @@ No modules.
 | <a name="input_environment"></a> [environment](#input\_environment) | n/a | `string` | n/a | yes |
 | <a name="input_health_check_path"></a> [health\_check\_path](#input\_health\_check\_path) | n/a | `string` | `"/"` | no |
 | <a name="input_hostname"></a> [hostname](#input\_hostname) | n/a | `string` | n/a | yes |
+| <a name="input_launch_type"></a> [launch\_type](#input\_launch\_type) | n/a | `string` | `"fargate"` | no |
 | <a name="input_listener_priority"></a> [listener\_priority](#input\_listener\_priority) | n/a | `number` | n/a | yes |
 | <a name="input_path"></a> [path](#input\_path) | n/a | `string` | `null` | no |
 | <a name="input_project_name"></a> [project\_name](#input\_project\_name) | The overall name of the project using this infrastructure; used to group related resources by | `any` | n/a | yes |
diff --git a/terraform/modules/root-dns-entry/README.md b/terraform/modules/root-dns-entry/README.md
index 1a9f5e2..7aa5fa7 100644
--- a/terraform/modules/root-dns-entry/README.md
+++ b/terraform/modules/root-dns-entry/README.md
@@ -1,4 +1,11 @@
 <!-- BEGIN_TF_DOCS -->
+# root-dns-entry
+
+This is used to create a root DNS entry in Route 53, for example "vrms.io" or "homeunite.us"
+that have no "www" or subdomain before it. The Route 53 DNS entry points to incubator's main
+ingress (cloudfront or ALB). All services that require web access (frontends or API backends)
+should use this.
+
 ## Requirements
 
 No requirements.
@@ -18,18 +25,16 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_route53_record.www](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_lb.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb) | data source |
-| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | n/a | `string` | n/a | yes |
+| <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | the Route 53 hosted zone id to create the entry | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_full_dns_name"></a> [full\_dns\_name](#output\_full\_dns\_name) | n/a |
+| <a name="output_full_dns_name"></a> [full\_dns\_name](#output\_full\_dns\_name) | full dns name, i.e. "qa.vrms.io" |
 <!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/root-dns-entry/main.tf b/terraform/modules/root-dns-entry/main.tf
index 36d5f2b..2ecbd61 100644
--- a/terraform/modules/root-dns-entry/main.tf
+++ b/terraform/modules/root-dns-entry/main.tf
@@ -1,9 +1,20 @@
+/**
+ * # root-dns-entry
+ *
+ * This is used to create a root DNS entry in Route 53, for example "vrms.io" or "homeunite.us"
+ * that have no "www" or subdomain before it. The Route 53 DNS entry points to incubator's main 
+ * ingress (cloudfront or ALB). All services that require web access (frontends or API backends) 
+ * should use this.
+ * 
+ */
 
+
+#terraform-docs-ignore
 data "aws_route53_zone" "this" {
   zone_id = var.zone_id
 } 
 
-
+#terraform-docs-ignore
 data "aws_lb" "this" {
   arn  = "arn:aws:elasticloadbalancing:us-west-2:035866691871:loadbalancer/app/incubator-prod-lb/7451adf77133ef36"
 }
diff --git a/terraform/modules/root-dns-entry/outputs.tf b/terraform/modules/root-dns-entry/outputs.tf
index 30e6be7..397b478 100644
--- a/terraform/modules/root-dns-entry/outputs.tf
+++ b/terraform/modules/root-dns-entry/outputs.tf
@@ -1,3 +1,4 @@
 output "full_dns_name" {
     value = data.aws_route53_zone.this.name
+    description = "full dns name, i.e. \"qa.vrms.io\""
 }
\ No newline at end of file
diff --git a/terraform/modules/root-dns-entry/variables.tf b/terraform/modules/root-dns-entry/variables.tf
index dbdf0fa..ec767a6 100644
--- a/terraform/modules/root-dns-entry/variables.tf
+++ b/terraform/modules/root-dns-entry/variables.tf
@@ -1,3 +1,4 @@
 variable "zone_id" {
   type = string
+  description = "the Route 53 hosted zone id to create the entry"
 }
diff --git a/terraform/modules/secret/README.md b/terraform/modules/secret/README.md
index 0ff59d6..bff28ac 100644
--- a/terraform/modules/secret/README.md
+++ b/terraform/modules/secret/README.md
@@ -1,4 +1,14 @@
 <!-- BEGIN_TF_DOCS -->
+# secret
+
+A secret is a securely-stored piece of information,
+in our case a string. Things like database credentials,
+oauth secrets, etc should be stored as a secret. In general,
+secrets are added to running containers via environment variables.
+
+Instead of using AWS Secret Manager secrets, we use SSM Parameters,
+as there is a cost associated with secrets.
+
 ## Requirements
 
 No requirements.
@@ -25,17 +35,17 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_application_type"></a> [application\_type](#input\_application\_type) | n/a | `string` | n/a | yes |
-| <a name="input_environment"></a> [environment](#input\_environment) | n/a | `string` | `""` | no |
-| <a name="input_length"></a> [length](#input\_length) | n/a | `number` | `48` | no |
-| <a name="input_name"></a> [name](#input\_name) | n/a | `string` | n/a | yes |
-| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | n/a | `string` | n/a | yes |
-| <a name="input_value"></a> [value](#input\_value) | n/a | `string` | `null` | no |
+| <a name="input_application_type"></a> [application\_type](#input\_application\_type) | frontend, backend, or fullstack | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | what environment this is for - staging, production, etc | `string` | `""` | no |
+| <a name="input_length"></a> [length](#input\_length) | if letting the module set the secret value, the length of the generated random secret | `number` | `48` | no |
+| <a name="input_name"></a> [name](#input\_name) | secret name | `string` | n/a | yes |
+| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | HfLA project name (vrms, home-unite-us, etc) | `string` | n/a | yes |
+| <a name="input_value"></a> [value](#input\_value) | when set, the secret value, otherwise generated at random | `string` | `null` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_arn"></a> [arn](#output\_arn) | n/a |
-| <a name="output_value"></a> [value](#output\_value) | n/a |
+| <a name="output_arn"></a> [arn](#output\_arn) | the ARN of the generated ssm parameter |
+| <a name="output_value"></a> [value](#output\_value) | value of autogenerated secret |
 <!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/secret/main.tf b/terraform/modules/secret/main.tf
index 0ac6571..e79f4af 100644
--- a/terraform/modules/secret/main.tf
+++ b/terraform/modules/secret/main.tf
@@ -1,3 +1,15 @@
+/**
+ * # secret
+ *
+ * A secret is a securely-stored piece of information,
+ * in our case a string. Things like database credentials,
+ * oauth secrets, etc should be stored as a secret. In general,
+ * secrets are added to running containers via environment variables.
+ *
+ * Instead of using AWS Secret Manager secrets, we use SSM Parameters,
+ * as there is a cost associated with secrets.
+ */
+
 locals {
   secret_name = "/${var.project_name}/${var.application_type}-${var.environment != "" ? "${var.environment}-" : "" }${var.name}"
 }
@@ -21,9 +33,11 @@ resource "aws_ssm_parameter" "this" {
 
 output "arn" {
   value = aws_ssm_parameter.this.arn
+  description = "the ARN of the generated ssm parameter"
 }
 
 output "value" {
   value = random_password.password.result
   sensitive = true
+  description = "value of autogenerated secret"
 }
\ No newline at end of file
diff --git a/terraform/modules/secret/variables.tf b/terraform/modules/secret/variables.tf
index f8da27f..f315449 100644
--- a/terraform/modules/secret/variables.tf
+++ b/terraform/modules/secret/variables.tf
@@ -1,26 +1,32 @@
 variable "project_name" {
   type = string
+  description = "HfLA project name (vrms, home-unite-us, etc)"
 }
 
 variable "application_type" {
   type = string
+  description = "frontend, backend, or fullstack"
 }
 
 variable "environment" {
   type = string
   default = ""
+  description = "what environment this is for - staging, production, etc"
 }
 
 variable "name" {
   type = string
+  description = "secret name"
 }
 
 variable "length" {
   type    = number
   default = 48
+  description = "if letting the module set the secret value, the length of the generated random secret"
 }
 
 variable "value" {
   type = string
   default = null
+  description = "when set, the secret value, otherwise generated at random"
 }
\ No newline at end of file