diff --git a/iam/clouds/aws/CloudGovernanceDeletePolicy.json b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceDeletePolicy.json
similarity index 84%
rename from iam/clouds/aws/CloudGovernanceDeletePolicy.json
rename to iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceDeletePolicy.json
index f2fa18701..98cc39a8d 100644
--- a/iam/clouds/aws/CloudGovernanceDeletePolicy.json
+++ b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceDeletePolicy.json
@@ -6,7 +6,13 @@
       "Effect": "Allow",
       "Action": [
         "ce:GetCostAndUsage",
-        "ce:GetCostForecast"
+        "ce:GetCostForecast",
+        "tag:GetResources",
+        "tag:TagResources",
+        "support:DescribeTrustedAdvisorCheckResult",
+        "support:DescribeTrustedAdvisorChecks",
+        "resource-explorer-2:ListViews",
+        "resource-explorer-2:Search"
       ],
       "Resource": "*"
     },
@@ -39,52 +45,49 @@
       "Sid": "EC2ResourceLevel",
       "Effect": "Allow",
       "Action": [
-        "ec2:DeregisterImage",
-        "ec2:DeleteSubnet",
+        "autoscaling:DescribeAutoScalingGroups",
+        "autoscaling:DescribeLaunchConfigurations",
+        "ec2:AssociateDhcpOptions",
+        "ec2:DeleteDhcpOptions",
+        "ec2:DeleteInternetGateway",
+        "ec2:DeleteNatGateway",
+        "ec2:DeleteNetworkAcl",
+        "ec2:DeleteNetworkInterface",
+        "ec2:DeleteRouteTable",
+        "ec2:DeleteSecurityGroup",
         "ec2:DeleteSnapshot",
-        "ec2:DescribeAddresses",
-        "ec2:DescribeInstances",
+        "ec2:DeleteSubnet",
+        "ec2:DeleteVolume",
+        "ec2:DeleteVpc",
         "ec2:DeleteVpcEndpoints",
         "ec2:DeleteVpcPeeringConnection",
-        "autoscaling:DescribeLaunchConfigurations",
-        "ec2:DescribeRegions",
-        "ec2:CreateImage",
-        "ec2:CreateVpc",
+        "ec2:DeregisterImage",
+        "ec2:DescribeAddresses",
         "ec2:DescribeDhcpOptions",
-        "ec2:DescribeSnapshots",
-        "ec2:DeleteRouteTable",
+        "ec2:DescribeImages",
+        "ec2:DescribeInstanceTypes",
+        "ec2:DescribeInstances",
         "ec2:DescribeInternetGateways",
-        "ec2:DeleteVolume",
-        "ec2:DescribeNetworkInterfaces",
-        "autoscaling:DescribeAutoScalingGroups",
-        "ec2:DescribeVolumes",
-        "ec2:DeleteInternetGateway",
+        "ec2:DescribeNatGateways",
         "ec2:DescribeNetworkAcls",
+        "ec2:DescribeNetworkInterfaces",
+        "ec2:DescribeRegions",
+        "ec2:DescribeReservedInstances",
         "ec2:DescribeRouteTables",
-        "ec2:DeleteNetworkAcl",
-        "ec2:ReleaseAddress",
-        "ec2:AssociateDhcpOptions",
-        "ec2:TerminateInstances",
-        "ec2:DetachNetworkInterface",
+        "ec2:DescribeSecurityGroups",
+        "ec2:DescribeSnapshots",
+        "ec2:DescribeSubnets",
         "ec2:DescribeTags",
+        "ec2:DescribeVolumes",
+        "ec2:DescribeVpcEndpoints",
         "ec2:DescribeVpcPeeringConnections",
-        "ec2:ModifyNetworkInterfaceAttribute",
-        "ec2:DeleteNetworkInterface",
+        "ec2:DescribeVpcs",
         "ec2:DetachInternetGateway",
-        "ec2:DescribeNatGateways",
-        "ec2:StopInstances",
+        "ec2:DetachNetworkInterface",
         "ec2:DisassociateRouteTable",
-        "ec2:DescribeSecurityGroups",
-        "ec2:RevokeSecurityGroupIngress",
-        "ec2:DescribeImages",
-        "ec2:DescribeVpcs",
-        "ec2:DeleteSecurityGroup",
-        "ec2:DescribeInstanceTypes",
-        "ec2:DeleteDhcpOptions",
-        "ec2:DeleteNatGateway",
-        "ec2:DescribeVpcEndpoints",
-        "ec2:DeleteVpc",
-        "ec2:DescribeSubnets"
+        "ec2:ModifyNetworkInterfaceAttribute",
+        "ec2:ReleaseAddress",
+        "ec2:RevokeSecurityGroupIngress"
       ],
       "Resource": "*"
     },
@@ -95,7 +98,8 @@
         "elasticloadbalancing:DeleteLoadBalancer",
         "elasticloadbalancing:DescribeTags",
         "elasticloadbalancing:AddTags",
-        "elasticloadbalancing:DescribeLoadBalancers"
+        "elasticloadbalancing:DescribeLoadBalancers",
+        "elasticloadbalancing:RemoveTags"
       ],
       "Resource": "*"
     },
@@ -103,32 +107,28 @@
       "Sid": "IAM",
       "Effect": "Allow",
       "Action": [
-        "iam:GetRole",
-        "iam:DeleteAccessKey",
-        "iam:DeleteGroup",
-        "iam:TagRole",
+        "iam:DeleteInstanceProfile",
+        "iam:DeletePolicy",
+        "iam:DeleteRole",
+        "iam:DeleteRolePolicy",
         "iam:DeleteUserPolicy",
-        "iam:ListRoles",
-        "iam:DeleteUser",
-        "iam:ListUserPolicies",
-        "iam:CreateUser",
-        "iam:TagUser",
-        "sts:AssumeRole",
-        "iam:RemoveUserFromGroup",
-        "iam:GetUserPolicy",
-        "iam:ListAttachedRolePolicies",
-        "iam:ListUsers",
+        "iam:DetachRolePolicy",
+        "iam:GetRole",
         "iam:GetUser",
+        "iam:GetUserPolicy",
         "iam:ListAccessKeys",
-        "iam:ListRolePolicies",
         "iam:ListAccountAliases",
-        "iam:DeleteRole",
-        "iam:DetachRolePolicy",
-        "iam:DeletePolicy",
-        "iam:DeleteRolePolicy",
+        "iam:ListAttachedRolePolicies",
         "iam:ListInstanceProfilesForRole",
+        "iam:ListRolePolicies",
+        "iam:ListRoles",
+        "iam:ListUserPolicies",
+        "iam:ListUsers",
         "iam:RemoveRoleFromInstanceProfile",
-        "sts:GetCallerIdentity"
+        "iam:TagRole",
+        "iam:TagUser",
+        "iam:UntagRole",
+        "iam:UntagUser"
       ],
       "Resource": "*"
     },
@@ -142,17 +142,16 @@
       "Sid": "S3Bucket",
       "Effect": "Allow",
       "Action": [
-        "s3:PutObject",
+        "s3:DeleteBucket",
+        "s3:DeleteObject",
+        "s3:GetBucketLocation",
+        "s3:GetBucketTagging",
         "s3:GetObject",
         "s3:ListAllMyBuckets",
-        "s3:CreateBucket",
         "s3:ListBucket",
+        "s3:PutObject",
         "s3:PutObjectTagging",
-        "s3:DeleteObject",
-        "s3:DeleteBucket",
-        "s3:putBucketTagging",
-        "s3:GetBucketTagging",
-        "s3:GetBucketLocation"
+        "s3:putBucketTagging"
       ],
       "Resource": "*"
     },
@@ -173,6 +172,15 @@
         "cloudwatch:GetMetricData"
       ],
       "Resource": "*"
+    },
+    {
+      "Sid": "RDS",
+      "Effect": "Allow",
+      "Action": [
+        "rds:AddTagsToResource",
+        "rds:DescribeDBInstances"
+      ],
+      "Resource": "*"
     }
   ]
 }
diff --git a/iam/clouds/aws/CloudGovernanceReadPolicy.json b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json
similarity index 79%
rename from iam/clouds/aws/CloudGovernanceReadPolicy.json
rename to iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json
index a67c8b894..3b6e75c90 100644
--- a/iam/clouds/aws/CloudGovernanceReadPolicy.json
+++ b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json
@@ -6,7 +6,13 @@
       "Effect": "Allow",
       "Action": [
         "ce:GetCostAndUsage",
-        "ce:GetCostForecast"
+        "ce:GetCostForecast",
+        "tag:GetResources",
+        "tag:TagResources",
+        "support:DescribeTrustedAdvisorCheckResult",
+        "support:DescribeTrustedAdvisorChecks",
+        "resource-explorer-2:ListViews",
+        "resource-explorer-2:Search"
       ],
       "Resource": "*"
     },
@@ -14,6 +20,7 @@
       "Sid": "EC2AccountLevel",
       "Effect": "Allow",
       "Action": [
+        "ec2:DeleteTags",
         "ec2:CreateTags"
       ],
       "Resource": [
@@ -38,29 +45,28 @@
       "Sid": "EC2ResourceLevel",
       "Effect": "Allow",
       "Action": [
-        "ec2:DescribeAddresses",
-        "ec2:DescribeInstances",
+        "autoscaling:DescribeAutoScalingGroups",
         "autoscaling:DescribeLaunchConfigurations",
-        "ec2:DescribeRegions",
+        "ec2:DescribeAddresses",
         "ec2:DescribeDhcpOptions",
-        "ec2:DescribeSnapshots",
+        "ec2:DescribeImages",
+        "ec2:DescribeInstanceTypes",
+        "ec2:DescribeInstances",
         "ec2:DescribeInternetGateways",
-        "ec2:DescribeNetworkInterfaces",
-        "autoscaling:DescribeAutoScalingGroups",
-        "ec2:DescribeVolumes",
+        "ec2:DescribeNatGateways",
         "ec2:DescribeNetworkAcls",
+        "ec2:DescribeNetworkInterfaces",
+        "ec2:DescribeRegions",
+        "ec2:DescribeReservedInstances",
         "ec2:DescribeRouteTables",
-        "ec2:ReleaseAddress",
-        "ec2:AssociateDhcpOptions",
-        "ec2:DescribeTags",
-        "ec2:DescribeVpcPeeringConnections",
-        "ec2:DescribeNatGateways",
         "ec2:DescribeSecurityGroups",
-        "ec2:DescribeImages",
-        "ec2:DescribeVpcs",
-        "ec2:DescribeInstanceTypes",
+        "ec2:DescribeSnapshots",
+        "ec2:DescribeSubnets",
+        "ec2:DescribeTags",
+        "ec2:DescribeVolumes",
         "ec2:DescribeVpcEndpoints",
-        "ec2:DescribeSubnets"
+        "ec2:DescribeVpcPeeringConnections",
+        "ec2:DescribeVpcs"
       ],
       "Resource": "*"
     },
@@ -70,7 +76,8 @@
       "Action": [
         "elasticloadbalancing:DescribeTags",
         "elasticloadbalancing:AddTags",
-        "elasticloadbalancing:DescribeLoadBalancers"
+        "elasticloadbalancing:DescribeLoadBalancers",
+        "elasticloadbalancing:RemoveTags"
       ],
       "Resource": "*"
     },
@@ -79,20 +86,20 @@
       "Effect": "Allow",
       "Action": [
         "iam:GetRole",
-        "iam:TagRole",
-        "iam:ListRoles",
-        "iam:ListUserPolicies",
-        "iam:CreateUser",
-        "iam:TagUser",
-        "iam:GetUserPolicy",
-        "iam:ListAttachedRolePolicies",
-        "iam:ListUsers",
         "iam:GetUser",
+        "iam:GetUserPolicy",
         "iam:ListAccessKeys",
-        "iam:ListRolePolicies",
         "iam:ListAccountAliases",
+        "iam:ListAttachedRolePolicies",
         "iam:ListInstanceProfilesForRole",
-        "sts:GetCallerIdentity"
+        "iam:ListRolePolicies",
+        "iam:ListRoles",
+        "iam:ListUserPolicies",
+        "iam:ListUsers",
+        "iam:TagRole",
+        "iam:TagUser",
+        "iam:UntagRole",
+        "iam:UntagUser"
       ],
       "Resource": "*"
     },
@@ -106,15 +113,14 @@
       "Sid": "S3Bucket",
       "Effect": "Allow",
       "Action": [
-        "s3:PutObject",
+        "s3:GetBucketLocation",
+        "s3:GetBucketTagging",
         "s3:GetObject",
         "s3:ListAllMyBuckets",
-        "s3:CreateBucket",
         "s3:ListBucket",
+        "s3:PutObject",
         "s3:PutObjectTagging",
-        "s3:putBucketTagging",
-        "s3:GetBucketTagging",
-        "s3:GetBucketLocation"
+        "s3:putBucketTagging"
       ],
       "Resource": "*"
     },
@@ -131,8 +137,17 @@
       "Sid": "CloudWatch",
       "Effect": "Allow",
       "Action": [
-        "cloudwatch:GetMetricData",
-        "cloudwatch:GetMetricStatistics"
+        "cloudwatch:GetMetricStatistics",
+        "cloudwatch:GetMetricData"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "RDS",
+      "Effect": "Allow",
+      "Action": [
+        "rds:AddTagsToResource",
+        "rds:DescribeDBInstances"
       ],
       "Resource": "*"
     }
diff --git a/iam/clouds/aws/CloudGovernanceInfra/IAM/main.tf b/iam/clouds/aws/CloudGovernanceInfra/IAM/main.tf
new file mode 100644
index 000000000..26ac3af3c
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/IAM/main.tf
@@ -0,0 +1,33 @@
+provider "aws" {
+  region = var.AWS_DEFAULT_REGION
+}
+
+data "aws_caller_identity" "current" {}
+
+resource "null_resource" "modify_file" {
+  provisioner "local-exec" {
+    command = <<EOT
+      sed -i "" -e "s/account_id/${data.aws_caller_identity.current.account_id}/g" "${var.IAM_POLICY_PATH}"
+    EOT
+  }
+}
+
+resource "aws_iam_user" "cloud-governance-user" {
+  name = var.IAM_USERNAME
+}
+
+resource "aws_iam_policy" "cloud-governance-user-policy" {
+  name       = var.IAM_POLICY_NAME
+  depends_on = [null_resource.modify_file]
+  policy     = file(var.IAM_POLICY_PATH)
+  path       = "/"
+}
+
+resource "aws_iam_user_policy_attachment" "user_policy_attach" {
+  user       = aws_iam_user.cloud-governance-user.name
+  policy_arn = aws_iam_policy.cloud-governance-user-policy.arn
+}
+
+resource "aws_iam_access_key" "cloud-governance-access-key" {
+  user = aws_iam_user.cloud-governance-user.name
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/IAM/output.tf b/iam/clouds/aws/CloudGovernanceInfra/IAM/output.tf
new file mode 100644
index 000000000..f135e3ffc
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/IAM/output.tf
@@ -0,0 +1,8 @@
+output "ACCESS_KEY_ID" {
+  value = aws_iam_access_key.cloud-governance-access-key.id
+}
+
+output "SECRET_KEY_ID" {
+  value     = aws_iam_access_key.cloud-governance-access-key.secret
+  sensitive = true
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/IAM/variables.tf b/iam/clouds/aws/CloudGovernanceInfra/IAM/variables.tf
new file mode 100644
index 000000000..7518b626a
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/IAM/variables.tf
@@ -0,0 +1,29 @@
+variable "IAM_USERNAME" {
+  type        = string
+  description = "IAM User to run the CloudGovernance"
+  validation {
+    condition     = var.IAM_USERNAME != ""
+    error_message = "Provide the IAM_USERNAME"
+  }
+}
+
+variable "IAM_POLICY_NAME" {
+  type        = string
+  description = "IAM Policy to se the permissions for CloudGovernance user"
+  default     = "CloudGovernanceReadPolicy"
+  validation {
+    condition     = var.IAM_POLICY_NAME == "CloudGovernanceReadPolicy" || var.IAM_POLICY_NAME == "CloudGovernanceDeletePolicy"
+    error_message = "Mismatched policy name, Supported Values: CloudGovernanceReadPolicy, CloudGovernanceDeletePolicy"
+  }
+}
+
+variable "IAM_POLICY_PATH" {
+  type        = string
+  description = "IAM Policy Path"
+}
+
+variable "AWS_DEFAULT_REGION" {
+  type        = string
+  description = "AWS Region default to us-east-2"
+  default     = "us-east-2"
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/README.md b/iam/clouds/aws/CloudGovernanceInfra/README.md
new file mode 100644
index 000000000..7f6862cc0
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/README.md
@@ -0,0 +1,67 @@
+## Create CloudGovernance Infra in the cloud
+
+#### Requirements
+
+- IAM User: to access cloud resources.
+- IAM Policy: Least privilege principle
+- S3-Bucket: To store the logs of cloud-governance policy runs.
+
+### Pre-requisites
+
+- Install [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli).
+- Install AWS CLI and configure IAM Access credentials. (aws configure)
+
+Steps to create Cloud Governance Infra resources:
+
+* Deploy S3 bucket (once for logs)
+* Deploy IAM read role (dry_run==yes) IAM_POLICY_NAME=CloudGovernanceReadPolicy
+* Deploy IAM delete role (dry_run==no => actions) IAM_POLICY_NAME=CloudGovernanceDeletePolicy
+
+- Download tar `CloudGovernanceInfra.tar` and untar the file.
+
+```shell
+curl -L https://github.com/athiruma/cloud-governance/raw/docs_create_iam/iam/clouds/aws/CloudGovernanceInfra/terraform/CloudGovernanceInfra.tar | tar -xzvf -
+```
+
+- Create CloudGovernance Infra: S3_BUCKET. ( Only once)
+
+```shell
+export ACCOUNT_NAME="<ACCOUNT_ID>"
+export S3_BUCKET_NAME="${ACCOUNT_NAME}-<BUCKET_NAME>"
+terraform init
+terraform apply -var=S3_BUCKET_NAME="$S3_BUCKET_NAME" -target=module.CreateBucket
+```
+
+- Create CloudGovernance Infra: User, Policy
+
+```shell
+export IAM_USERNAME="cloud-governance-user"
+export IAM_POLICY_NAME="CloudGovernanceReadPolicy"
+terraform init
+terraform apply -var=IAM_USERNAME="$IAM_USERNAME" -var=IAM_POLICY_NAME="$IAM_USERNAME" -target=module.CreateIAMInfra
+```
+
+- Create CloudGovernance Infra: User, Policy and Bucket
+
+```shell
+export IAM_USERNAME="cloud-governance-user"
+export IAM_POLICY_NAME="CloudGovernanceReadPolicy"
+terraform init
+terraform apply -var=IAM_USERNAME="$IAM_USERNAME" -var=IAM_POLICY_NAME="$IAM_USERNAME" -var=S3_BUCKET_NAME="$S3_BUCKET_NAME"
+```
+
+- To provide ACCESS_KEY_ID and SECRET_KEY_ID run below command
+
+```shell
+  terraform output SECRET_KEY_ID
+  terraform output ACCESS_KEY_ID
+
+```
+
+- Destroy CloudGovernanceInfra
+
+```shell
+terraform destroy -var=S3_BUCKET_NAME="$S3_BUCKET_NAME" -target=module.CreateBucket
+terraform destroy -var=IAM_USERNAME="$IAM_USERNAME" -var=IAM_POLICY_NAME="$IAM_USERNAME" -var=S3_BUCKET_NAME="$S3_BUCKET_NAME"
+terraform destroy -var=IAM_USERNAME="${IAM_USERNAME}" -var=IAM_POLICY_NAME="${IAM_POLICY_NAME}" -var=S3_BUCKET_NAME="${S3_BUCKET_NAME}"
+```
diff --git a/iam/clouds/aws/CloudGovernanceInfra/S3/main.tf b/iam/clouds/aws/CloudGovernanceInfra/S3/main.tf
new file mode 100644
index 000000000..0a1ea64a8
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/S3/main.tf
@@ -0,0 +1,7 @@
+provider "aws" {
+  region = var.AWS_DEFAULT_REGION
+}
+
+resource "aws_s3_bucket" "cloud-governance-bucket" {
+  bucket = var.S3_BUCKET_NAME
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/S3/output.tf b/iam/clouds/aws/CloudGovernanceInfra/S3/output.tf
new file mode 100644
index 000000000..80d1af2fc
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/S3/output.tf
@@ -0,0 +1,3 @@
+output "S_BUCKET_NAME" {
+  value = aws_s3_bucket.cloud-governance-bucket.bucket
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/S3/variables.tf b/iam/clouds/aws/CloudGovernanceInfra/S3/variables.tf
new file mode 100644
index 000000000..b8d119d61
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/S3/variables.tf
@@ -0,0 +1,10 @@
+variable "S3_BUCKET_NAME" {
+  type        = string
+  description = "S3 BucketName to store logs"
+}
+
+variable "AWS_DEFAULT_REGION" {
+  type        = string
+  description = "AWS Region default to us-east-2"
+  default     = "us-east-2"
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/main.tf b/iam/clouds/aws/CloudGovernanceInfra/main.tf
new file mode 100644
index 000000000..64033733e
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/main.tf
@@ -0,0 +1,11 @@
+module "CreateIAMInfra" {
+  source          = "./IAM"
+  IAM_POLICY_PATH = "${path.cwd}/${var.IAM_POLICY_NAME}.json"
+  IAM_USERNAME    = var.IAM_USERNAME
+  IAM_POLICY_NAME = var.IAM_POLICY_NAME
+}
+
+module "CreateBucket" {
+  source         = "./S3"
+  S3_BUCKET_NAME = var.S3_BUCKET_NAME
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/output.tf b/iam/clouds/aws/CloudGovernanceInfra/output.tf
new file mode 100644
index 000000000..1ca4c5dd0
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/output.tf
@@ -0,0 +1,8 @@
+output "SECRET_KEY_ID" {
+  value     = module.CreateIAMInfra.SECRET_KEY_ID
+  sensitive = true
+}
+
+output "ACCESS_KEY_ID" {
+  value = module.CreateIAMInfra.ACCESS_KEY_ID
+}
diff --git a/iam/clouds/aws/CloudGovernanceInfra/variables.tf b/iam/clouds/aws/CloudGovernanceInfra/variables.tf
new file mode 100644
index 000000000..689587792
--- /dev/null
+++ b/iam/clouds/aws/CloudGovernanceInfra/variables.tf
@@ -0,0 +1,29 @@
+variable "IAM_USERNAME" {
+  type        = string
+  description = "IAM User to run the CloudGovernance"
+  validation {
+    condition     = var.IAM_USERNAME != ""
+    error_message = "Provide the IAM_USERNAME"
+  }
+}
+
+variable "IAM_POLICY_NAME" {
+  type        = string
+  description = "IAM Policy to se the permissions for CloudGovernance user"
+  default     = "CloudGovernanceReadPolicy"
+  validation {
+    condition     = var.IAM_POLICY_NAME == "CloudGovernanceReadPolicy" || var.IAM_POLICY_NAME == "CloudGovernanceDeletePolicy"
+    error_message = "Mismatched policy name, Supported Values: CloudGovernanceReadPolicy, CloudGovernanceDeletePolicy"
+  }
+}
+
+variable "AWS_DEFAULT_REGION" {
+  type        = string
+  description = "AWS Region default to us-east-2"
+  default     = "us-east-2"
+}
+
+variable "S3_BUCKET_NAME" {
+  type        = string
+  description = "S3 BucketName to store logs"
+}
diff --git a/jenkins/tenant/aws/README.md b/jenkins/tenant/aws/README.md
index afcae3a85..eb58efbbf 100644
--- a/jenkins/tenant/aws/README.md
+++ b/jenkins/tenant/aws/README.md
@@ -1,12 +1,14 @@
 # How to run cloud-governance on Tenant Accounts
 
 Steps
-1. Create AWS User and attach user by [CloudGovernanceDeletePolicy.json](../../../iam/clouds/aws/CloudGovernanceDeletePolicy.json). [ Note: Replace account_id with actual account id]
-2. Create S3 bucket
-3. Add kind secret-text to jenkins with below naming conventions
-   1. ${account_name}-aws-access-key-id
-   2. ${account_name}-aws-secret-key-id
-   3. ${account_name}-s3-bucket
-4. Create folder named that you want to run the cloud-governance policies and copy the file in templates.
-5. Add account_name to account variable in this [PolicyJenkinsfileDaily](../aws/template/PolicyJenkinsfileDaily) and [TaggingJenkinsfileHourly](../aws/template/TaggingJenkinsfileHourly).
-6. Create two Jenkins jobs by using this two Jenkinsfile
+
+1. Create IAM User with Read/Delete Permissions and create S3 bucket.
+    1. Follow the instructions [README.md](..%2F..%2F..%2Fiam%2Fclouds%2Faws%2FCloudGovernanceInfra%2FREADME.md).
+2. Add kind secret-text to jenkins with below naming conventions
+    1. ${account_name}-aws-access-key-id
+    2. ${account_name}-aws-secret-key-id
+    3. ${account_name}-s3-bucket
+3. Create folder named that you want to run the cloud-governance policies and copy the file in templates.
+4. Add account_name to account variable in this [PolicyJenkinsfileDaily](../aws/template/PolicyJenkinsfileDaily)
+   and [TaggingJenkinsfileHourly](../aws/template/TaggingJenkinsfileHourly).
+5. Create two Jenkins jobs by using this two Jenkinsfile