diff --git a/.gitignore b/.gitignore
index 1dded9f04..495708425 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,14 @@ terraform-provider-azurerm_v*
 terraform-provider-random_v*
 *.terraform.lock.hcl
 
+# Terraform logs
+crash.log
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+*plan*
+*.plan*
+
 # Setup config variables file
 mlz.config
 saca-hub.tfvars.json
diff --git a/src/terraform/mlz/variables.tf b/src/terraform/mlz/variables.tf
index 17aa7e9a6..4b73757a7 100644
--- a/src/terraform/mlz/variables.tf
+++ b/src/terraform/mlz/variables.tf
@@ -6,35 +6,51 @@
 #################################
 
 variable "tf_environment" {
-  description = "The Terraform backend environment e.g. public or usgovernment"
+  description = "The Terraform backend environment e.g. public or usgovernment. It defults to public."
+  type        = string
+  default     = "public"
 }
 
 variable "deploymentname" {
-  description = "A name for the deployment"
+  description = "A name for the deployment. It defaults to dev."
+  type        = string
+  default     = "dev"
 }
 
 variable "mlz_tenantid" {
-  description = "The Azure tenant for the deployment"
+  description = "The Azure Active Directory tenant ID that should be used for the deployment."
+  type        = string
+  sensitive   = true
 }
 
 variable "mlz_location" {
-  description = "The Azure region for most Mission LZ resources"
+  description = "The Azure region for most Mission LZ resources. It defaults to eastus."
+  type        = string
+  default     = "eastus"
 }
 
 variable "mlz_metadatahost" {
   description = "The metadata host for the Azure Cloud e.g. management.azure.com"
+  type        = string
+  default     = "management.azure.com"
 }
 
 variable "mlz_clientid" {
-  description = "The account to deploy with"
+  description = "The Client ID of the Service Principal to deploy with."
+  type        = string
+  sensitive   = true
 }
 
 variable "mlz_clientsecret" {
-  description = "The account to deploy with"
+  description = "The Client Secret of the Service Principal to deploy with."
+  type        = string
+  sensitive   = true
 }
 
 variable "mlz_objectid" {
-  description = "The account to deploy with"
+  description = "The object ID of a service principal in the Azure Active Directory tenant."
+  type        = string
+  sensitive   = true
 }
 
 #################################
@@ -42,15 +58,21 @@ variable "mlz_objectid" {
 #################################
 
 variable "hub_subid" {
-  description = "Subscription ID for the deployment"
+  description = "Subscription ID for the HUB deployment"
+  type        = string
+  sensitive   = true
 }
 
 variable "hub_rgname" {
   description = "Resource Group for the deployment"
+  type        = string
+  default     = "rg-saca-dev"
 }
 
 variable "hub_vnetname" {
   description = "Virtual Network Name for the deployment"
+  type        = string
+  default     = "vn-saca-dev"
 }
 
 variable "hub_vnet_address_space" {
@@ -78,31 +100,37 @@ variable "hub_management_address_space" {
 variable "firewall_name" {
   description = "Name of the Hub Firewall"
   default     = "mlzFirewall"
+  type        = string
 }
 
 variable "firewall_policy_name" {
   description = "Name of the firewall policy to apply to the hub firewall"
   default     = "firewallpolicy"
+  type        = string
 }
 
 variable "client_ipconfig_name" {
   description = "The name of the Firewall Client IP Configuration"
   default     = "mlzFWClientIpCfg"
+  type        = string
 }
 
 variable "client_publicip_name" {
   description = "The name of the Firewall Client Public IP"
   default     = "mlzFWClientPip"
+  type        = string
 }
 
 variable "management_ipconfig_name" {
   description = "The name of the Firewall Management IP Configuration"
   default     = "mlzFWMgmtIpCfg"
+  type        = string
 }
 
 variable "management_publicip_name" {
   description = "The name of the Firewall Management Public IP"
   default     = "mlzFWMgmtPip"
+  type        = string
 }
 
 #################################
@@ -290,14 +318,20 @@ variable "jumpbox_linux_vm_version" {
 
 variable "tier0_subid" {
   description = "Subscription ID for the deployment"
+  type        = string
+  sensitive   = true
 }
 
 variable "tier0_rgname" {
   description = "Resource Group for the deployment"
+  type        = string
+  default     = "rg-t0-dev"
 }
 
 variable "tier0_vnetname" {
   description = "Virtual Network Name for the deployment"
+  type        = string
+  default     = "vn-t0-dev"
 }
 
 variable "tier0_vnet_address_space" {
@@ -377,18 +411,26 @@ variable "tier0_subnets" {
 
 variable "tier1_subid" {
   description = "Subscription ID for the deployment"
+  type        = string
+  sensitive   = true
 }
 
 variable "tier1_rgname" {
   description = "Resource Group for the deployment"
+  type        = string
+  default     = "rg-t1-dev"
 }
 
 variable "tier1_vnetname" {
   description = "Virtual Network Name for the deployment"
+  type        = string
+  default     = "vn-t1-dev"
 }
 
 variable "mlz_lawsname" {
   description = "Log Analytics Workspace Name for the deployment"
+  type        = string
+  default     = "laws-dev"
 }
 
 variable "create_sentinel" {
@@ -474,14 +516,20 @@ variable "tier1_subnets" {
 
 variable "tier2_subid" {
   description = "Subscription ID for the deployment"
+  type        = string
+  sensitive   = true
 }
 
 variable "tier2_rgname" {
   description = "Resource Group for the deployment"
+  type        = string
+  default     = "rg-t2-dev"
 }
 
 variable "tier2_vnetname" {
   description = "Virtual Network Name for the deployment"
+  type        = string
+  default     = "vn-t2-dev"
 }
 
 variable "tier2_vnet_address_space" {