diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index d784bb0630..9181b1cdf3 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Install tflint
         uses: terraform-linters/setup-tflint@v3.0.0
         with:
-          tflint_version: v0.46.1
+          tflint_version: v0.47.0
 
       - name: Run terraform pre-commit
         run: pre-commit run --all --config .pre-commit-config-terraform.yaml
diff --git a/.pre-commit-config-terraform.yaml b/.pre-commit-config-terraform.yaml
index 2474dbfc67..fc5a8064f2 100644
--- a/.pre-commit-config-terraform.yaml
+++ b/.pre-commit-config-terraform.yaml
@@ -13,7 +13,7 @@ files: "^terraform/aws/curvenote/"
 repos:
   # We can't run any CI tests on production Terraform code, so use as many static linters as possible
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.80.0
+    rev: v1.81.0
     hooks:
       - id: terraform_fmt
       - id: terraform_tflint
diff --git a/terraform/aws/curvenote/security-groups.tf b/terraform/aws/curvenote/security-groups.tf
index 2b098e1bf7..f1dc298337 100644
--- a/terraform/aws/curvenote/security-groups.tf
+++ b/terraform/aws/curvenote/security-groups.tf
@@ -3,18 +3,20 @@
 resource "aws_security_group" "worker_group_all" {
   name_prefix = "worker_group_all_ports"
   vpc_id      = module.vpc.vpc_id
-
+  description = "Allow all ports for worker group"
 
   ingress {
-    protocol  = "-1"
-    from_port = 0
-    to_port   = 0
-    self      = true
+    description = "Allow all inbound traffic"
+    protocol    = "-1"
+    from_port   = 0
+    to_port     = 0
+    self        = true
   }
   egress {
-    protocol  = "-1"
-    from_port = 0
-    to_port   = 0
+    description = "Allow all outbound traffic"
+    protocol    = "-1"
+    from_port   = 0
+    to_port     = 0
     # self      = true
     cidr_blocks = ["0.0.0.0/0"]
   }
@@ -24,11 +26,13 @@ resource "aws_security_group" "worker_group_all" {
 resource "aws_security_group" "all_worker_mgmt" {
   name_prefix = "all_worker_management"
   vpc_id      = module.vpc.vpc_id
+  description = "Worker nodes internal access"
 
   ingress {
-    from_port = 22
-    to_port   = 22
-    protocol  = "tcp"
+    description = "SSH"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
 
     cidr_blocks = [
       "10.0.0.0/8",