diff --git a/README.md b/README.md
index f0831b8..c0e948c 100644
--- a/README.md
+++ b/README.md
@@ -17,9 +17,9 @@ Local PC:
 ```
 module "bastion" {
     source    = "hazelops/ec2-bastion/aws"
-    version   = "~> 2.0"
+    version   = "~> 3.0"
     
-    aws_profile       = var.aws_profile 
+    aws_profile       = var.aws_profile
     env               = var.env
     vpc_id            = local.vpc_id
     private_subnets   = local.private_subnets
diff --git a/main.tf b/main.tf
index 78c9192..e2a7850 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,5 @@
 # TODO: install Fail2ban
 resource "aws_security_group" "this" {
-  name   = "${var.env}-bastion"
   vpc_id = var.vpc_id
 
   ingress {
@@ -18,7 +17,7 @@ resource "aws_security_group" "this" {
   }
 
   tags = merge({
-    Name = "${var.env}-bastion"
+    Name = "${var.env}-${var.name}"
   }, var.tags)
 }
 
@@ -34,6 +33,6 @@ resource "aws_instance" "this" {
   subnet_id                   = var.private_subnets[0]
   associate_public_ip_address = false
   tags                        = merge({
-    Name = "${var.env}-bastion"
+    Name = "${var.env}-${var.name}"
   }, var.tags)
 }
diff --git a/variables.tf b/variables.tf
index bf99d56..b0daae9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,11 +1,31 @@
-variable "env" {}
-variable "aws_profile" {}
-variable "vpc_id" {}
-variable "private_subnets" {}
-variable "ec2_key_pair_name" {}
+variable "env" {
+  type = string
+  description = "Environment name, for example `dev`"
+}
+
+variable "aws_profile" {
+  type = string
+  description = "AWS Profile to use during tunnel creation"
+}
+
+variable "vpc_id" {
+    type = string
+    description = "VPC ID"
+}
+
+variable "private_subnets" {
+    type = list(string)
+    description = "Private subnets"
+}
+
+variable "ec2_key_pair_name" {
+    type = string
+    description = "EC2 Key Pair Name"
+}
 
 variable "instance_type" {
   type    = string
+  description = "EC2 instance type for bastion host"
   default = "t3.nano"
 }