diff --git a/ibmcloud_scale_templates/sub_modules/instance_template/README.md b/ibmcloud_scale_templates/sub_modules/instance_template/README.md
index a35c02c4..824168d9 100644
--- a/ibmcloud_scale_templates/sub_modules/instance_template/README.md
+++ b/ibmcloud_scale_templates/sub_modules/instance_template/README.md
@@ -91,7 +91,7 @@ Below steps will provision IBM Cloud resources (compute and storage instances in
 | <a name="input_client_vsi_osimage_name"></a> [client_vsi_osimage_name](#input_client_vsi_osimage_name) | Name of the image that you would like to use to create the client cluster nodes for the IBM Storage Scale cluster. The solution supports only stock images that use RHEL8.8 version. | `string` |
 | <a name="input_client_vsi_profile"></a> [client_vsi_profile](#input_client_vsi_profile) | Client nodes vis profile | `string` |
 | <a name="input_colocate_protocol_cluster_instances"></a> [colocate_protocol_cluster_instances](#input_colocate_protocol_cluster_instances) | Enable it to use storage instances as protocol instances | `bool` |
-| <a name="input_comp_sg_id"></a> [comp_sg_id](#input_comp_sg_id) | Existing compute security group id | `string` |
+| <a name="input_comp_sg_name"></a> [comp_sg_name](#input_comp_sg_name) | Existing compute security group name | `string` |
 | <a name="input_compute_cluster_filesystem_mountpoint"></a> [compute_cluster_filesystem_mountpoint](#input_compute_cluster_filesystem_mountpoint) | Compute cluster (accessingCluster) Filesystem mount point. | `string` |
 | <a name="input_compute_cluster_gui_password"></a> [compute_cluster_gui_password](#input_compute_cluster_gui_password) | Password for compute cluster GUI | `string` |
 | <a name="input_compute_cluster_gui_username"></a> [compute_cluster_gui_username](#input_compute_cluster_gui_username) | GUI user to perform system management and monitoring tasks on compute cluster. | `string` |
@@ -109,7 +109,7 @@ Below steps will provision IBM Cloud resources (compute and storage instances in
 | <a name="input_gklm_instance_dns_service_id"></a> [gklm_instance_dns_service_id](#input_gklm_instance_dns_service_id) | IBM Cloud GKLM Instance DNS service resource id. | `string` |
 | <a name="input_gklm_instance_dns_zone_id"></a> [gklm_instance_dns_zone_id](#input_gklm_instance_dns_zone_id) | IBM GKLM Instance DNS zone id. | `string` |
 | <a name="input_gklm_instance_key_pair"></a> [gklm_instance_key_pair](#input_gklm_instance_key_pair) | The key pair to use to launch the GKLM host. | `list(string)` |
-| <a name="input_gklm_sg_id"></a> [gklm_sg_id](#input_gklm_sg_id) | Existing gklm security group id | `string` |
+| <a name="input_gklm_sg_name"></a> [gklm_sg_name](#input_gklm_sg_name) | Existing gklm security group name | `string` |
 | <a name="input_gklm_vsi_osimage_id"></a> [gklm_vsi_osimage_id](#input_gklm_vsi_osimage_id) | Image id to use for provisioning the GKLM instances. | `string` |
 | <a name="input_gklm_vsi_osimage_name"></a> [gklm_vsi_osimage_name](#input_gklm_vsi_osimage_name) | Image name to use for provisioning the GKLM instances. | `string` |
 | <a name="input_gklm_vsi_profile"></a> [gklm_vsi_profile](#input_gklm_vsi_profile) | Profile to be used for GKLM virtual server instance. | `string` |
@@ -120,7 +120,7 @@ Below steps will provision IBM Cloud resources (compute and storage instances in
 | <a name="input_ldap_instance_key_pair"></a> [ldap_instance_key_pair](#input_ldap_instance_key_pair) | Name of the SSH key configured in your IBM Cloud account that is used to establish a connection to the LDAP Server. Make sure that the SSH key is present in the same resource group and region where the LDAP Servers are provisioned. If you do not have an SSH key in your IBM Cloud account, create one by using the [SSH keys](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys) instructions. | `list(string)` |
 | <a name="input_ldap_server"></a> [ldap_server](#input_ldap_server) | Provide the IP address for the existing LDAP server. If no address is given, a new LDAP server will be created. | `string` |
 | <a name="input_ldap_server_cert"></a> [ldap_server_cert](#input_ldap_server_cert) | Provide the existing LDAP server certificate. This value is required if the 'ldap_server' variable is not set to null. If the certificate is not provided or is invalid, the LDAP configuration may fail. | `string` |
-| <a name="input_ldap_sg_id"></a> [ldap_sg_id](#input_ldap_sg_id) | Existing ldap security group id | `string` |
+| <a name="input_ldap_sg_name"></a> [ldap_sg_name](#input_ldap_sg_name) | Existing ldap security group name | `string` |
 | <a name="input_ldap_user_name"></a> [ldap_user_name](#input_ldap_user_name) | Custom LDAP User for performing cluster operations. Note: Username should be between 4 to 32 characters, (any combination of lowercase and uppercase letters).[This value is ignored for an existing LDAP server] | `string` |
 | <a name="input_ldap_user_password"></a> [ldap_user_password](#input_ldap_user_password) | The LDAP user password should be 8 to 20 characters long, with a mix of at least three alphabetic characters, including one uppercase and one lowercase letter. It must also include two numerical digits and at least one special character from (~@_+:) are required.It is important to avoid including the username in the password for enhanced security.[This value is ignored for an existing LDAP server]. | `string` |
 | <a name="input_ldap_vsi_osimage_name"></a> [ldap_vsi_osimage_name](#input_ldap_vsi_osimage_name) | Image name to be used for provisioning the LDAP instances. Note: Debian based OS are only supported for the LDAP feature. | `string` |
@@ -144,7 +144,7 @@ Below steps will provision IBM Cloud resources (compute and storage instances in
 | <a name="input_storage_vsi_osimage_id"></a> [storage_vsi_osimage_id](#input_storage_vsi_osimage_id) | Image id to use for provisioning the storage cluster instances. | `string` |
 | <a name="input_storage_vsi_osimage_name"></a> [storage_vsi_osimage_name](#input_storage_vsi_osimage_name) | Image name to use for provisioning the storage cluster instances. | `string` |
 | <a name="input_storage_vsi_profile"></a> [storage_vsi_profile](#input_storage_vsi_profile) | Profile to be used for storage cluster virtual server instance. | `string` |
-| <a name="input_strg_sg_id"></a> [strg_sg_id](#input_strg_sg_id) | Existing storage security group id | `string` |
+| <a name="input_strg_sg_name"></a> [strg_sg_name](#input_strg_sg_name) | Existing storage security group name | `string` |
 | <a name="input_total_afm_cluster_instances"></a> [total_afm_cluster_instances](#input_total_afm_cluster_instances) | Total number of instance count that you need to provision for afm nodes and enable AFM. | `number` |
 | <a name="input_total_client_cluster_instances"></a> [total_client_cluster_instances](#input_total_client_cluster_instances) | Total number of client cluster instances that you need to provision. A minimum of 2 nodes and a maximum of 64 nodes are supported | `number` |
 | <a name="input_total_compute_cluster_instances"></a> [total_compute_cluster_instances](#input_total_compute_cluster_instances) | Number of instances to be launched for compute cluster. | `number` |
diff --git a/ibmcloud_scale_templates/sub_modules/instance_template/main.tf b/ibmcloud_scale_templates/sub_modules/instance_template/main.tf
index 4651da7c..812b3b84 100644
--- a/ibmcloud_scale_templates/sub_modules/instance_template/main.tf
+++ b/ibmcloud_scale_templates/sub_modules/instance_template/main.tf
@@ -31,10 +31,11 @@ locals {
   enable_afm                   = var.total_afm_cluster_instances > 0 ? true : false
   afm_server_type              = strcontains(var.afm_vsi_profile, "metal")
   ces_server_type              = strcontains(var.protocol_vsi_profile, "metal")
-  existing_strg_sg_id          = var.strg_sg_id != null ? [var.strg_sg_id] : [module.storage_cluster_security_group.sec_group_id]
-  existing_comp_sg_id          = var.comp_sg_id != null ? [var.comp_sg_id] : [module.compute_cluster_security_group.sec_group_id]
-  existing_gklm_sg_id          = var.gklm_sg_id != null ? [var.gklm_sg_id] : [module.gklm_instance_security_group.sec_group_id]
-  existing_ldap_sg_id          = var.ldap_sg_id != null ? [var.ldap_sg_id] : [module.ldap_instance_security_group.sec_group_id]
+  existing_strg_sg_id          = var.strg_sg_name != null ? flatten([data.ibm_is_security_group.strg_security_group[*].id]) : [module.storage_cluster_security_group.sec_group_id]
+  existing_comp_sg_id          = var.comp_sg_name != null ? flatten([data.ibm_is_security_group.comp_security_group[*].id]) : [module.compute_cluster_security_group.sec_group_id]
+  existing_gklm_sg_id          = var.gklm_sg_name != null ? flatten([data.ibm_is_security_group.gklm_security_group[*].id]) : [module.gklm_instance_security_group.sec_group_id]
+  existing_ldap_sg_id          = var.ldap_sg_name != null ? flatten([data.ibm_is_security_group.ldap_security_group[*].id]) : [module.ldap_instance_security_group.sec_group_id]
+
 }
 
 module "generate_compute_cluster_keys" {
@@ -75,9 +76,90 @@ locals {
   deploy_sec_group_id = var.deploy_controller_sec_group_id == null ? module.deploy_security_group.sec_group_id : var.deploy_controller_sec_group_id
 }
 
+data "ibm_is_security_group" "strg_security_group" {
+  count = var.strg_sg_name != null ? 1 : 0
+  name  = var.strg_sg_name
+}
+
+data "ibm_is_security_group" "comp_security_group" {
+  count = var.comp_sg_name != null ? 1 : 0
+  name  = var.comp_sg_name
+}
+
+data "ibm_is_security_group" "gklm_security_group" {
+  count = var.gklm_sg_name != null ? 1 : 0
+  name  = var.gklm_sg_name
+}
+
+data "ibm_is_security_group" "ldap_security_group" {
+  count = var.ldap_sg_name != null ? 1 : 0
+  name  = var.ldap_sg_name
+}
+
+locals {
+  strg_sg_rules = flatten([for remote in data.ibm_is_security_group.strg_security_group[*].rules[*] : remote[*].remote])
+  comp_sg_rules = flatten([for remote in data.ibm_is_security_group.comp_security_group[*].rules[*] : remote[*].remote])
+  gklm_sg_rules = flatten([for remote in data.ibm_is_security_group.gklm_security_group[*].rules[*] : remote[*].remote])
+  ldap_sg_rules = flatten([for remote in data.ibm_is_security_group.ldap_security_group[*].rules[*] : remote[*].remote])
+
+  # Storage Security group validation
+  validate_strg_sg_in_strg_sg = var.strg_sg_name != null ? contains(local.strg_sg_rules, tolist(data.ibm_is_security_group.strg_security_group[*].id)[0]) : true
+  strg_sg_in_strg_sg_msg      = "Storage security group is not present in Storage security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_strg_sg_in_strg_sg_chk = var.strg_sg_name != null ? regex("^${local.strg_sg_in_strg_sg_msg}$", (local.validate_strg_sg_in_strg_sg ? local.strg_sg_in_strg_sg_msg : "")) : true
+
+  validate_comp_sg_in_strg_sg = var.total_compute_cluster_instances > 0 && var.comp_sg_name != null ? contains(local.strg_sg_rules, tolist(data.ibm_is_security_group.comp_security_group[*].id)[0]) : true
+  comp_sg_in_strg_sg_msg      = "Compute security group is not present in Storage security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_comp_sg_in_strg_sg_chk = var.comp_sg_name != null ? regex("^${local.comp_sg_in_strg_sg_msg}$", (local.validate_comp_sg_in_strg_sg ? local.comp_sg_in_strg_sg_msg : "")) : true
+
+  # Compute Security group validation
+  validate_strg_sg_in_comp_sg = var.total_compute_cluster_instances > 0 && var.strg_sg_name != null ? contains(local.comp_sg_rules, tolist(data.ibm_is_security_group.strg_security_group[*].id)[0]) : true
+  strg_sg_in_comp_sg_msg      = "Storage security group is not present in Compute security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_strg_sg_in_comp_sg_chk = var.strg_sg_name != null ? regex("^${local.strg_sg_in_comp_sg_msg}$", (local.validate_strg_sg_in_comp_sg ? local.strg_sg_in_comp_sg_msg : "")) : true
+
+  validate_comp_sg_in_comp_sg = var.total_compute_cluster_instances > 0 && var.comp_sg_name != null ? contains(local.comp_sg_rules, tolist(data.ibm_is_security_group.comp_security_group[*].id)[0]) : true
+  comp_sg_in_comp_sg_msg      = "Compute security group is not present in Compute security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_comp_sg_in_comp_sg_chk = var.comp_sg_name != null ? regex("^${local.comp_sg_in_comp_sg_msg}$", (local.validate_comp_sg_in_comp_sg ? local.comp_sg_in_comp_sg_msg : "")) : true
+
+  # GKLM Security group validation
+  validate_strg_sg_in_gklm_sg = var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.gklm_sg_name != null && var.strg_sg_name != null ? contains(local.gklm_sg_rules, tolist(data.ibm_is_security_group.strg_security_group[*].id)[0]) : true
+  strg_sg_in_gklm_sg_msg      = "Storage security group is not present in GKLM security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_strg_sg_in_gklm_sg_chk = var.gklm_sg_name != null ? regex("^${local.strg_sg_in_gklm_sg_msg}$", (local.validate_strg_sg_in_gklm_sg ? local.strg_sg_in_gklm_sg_msg : "")) : true
+
+  validate_comp_sg_in_gklm_sg = var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.total_compute_cluster_instances > 0 && var.comp_sg_name != null && var.gklm_sg_name != null ? contains(local.gklm_sg_rules, tolist(data.ibm_is_security_group.comp_security_group[*].id)[0]) : true
+  comp_sg_in_gklm_sg_msg      = "Compute security group is not present in GKLM security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_comp_sg_in_gklm_sg_chk = var.gklm_sg_name != null ? regex("^${local.comp_sg_in_gklm_sg_msg}$", (local.validate_comp_sg_in_gklm_sg ? local.comp_sg_in_gklm_sg_msg : "")) : true
+
+  validate_gklm_sg_in_gklm_sg = var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.gklm_sg_name != null ? contains(local.gklm_sg_rules, tolist(data.ibm_is_security_group.gklm_security_group[*].id)[0]) : true
+  gklm_sg_in_gklm_sg_msg      = "GKLM security group is not present in GKLM security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_gklm_sg_in_gklm_sg_chk = var.gklm_sg_name != null ? regex("^${local.gklm_sg_in_gklm_sg_msg}$", (local.validate_gklm_sg_in_gklm_sg ? local.gklm_sg_in_gklm_sg_msg : "")) : true
+
+  # LDAP Security group validation
+  validate_strg_sg_in_ldap_sg = var.enable_ldap == true && var.ldap_server == "null" && var.ldap_sg_name != null && var.strg_sg_name != null ? contains(local.ldap_sg_rules, tolist(data.ibm_is_security_group.strg_security_group[*].id)[0]) : true
+  strg_sg_in_ldap_sg_msg      = "Storage security group is not present in LDAP security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_strg_sg_in_ldap_sg_chk = var.ldap_sg_name != null ? regex("^${local.strg_sg_in_ldap_sg_msg}$", (local.validate_strg_sg_in_ldap_sg ? local.strg_sg_in_ldap_sg_msg : "")) : true
+
+  validate_comp_sg_in_ldap_sg = var.enable_ldap == true && var.ldap_server == "null" && var.ldap_sg_name != null && var.total_compute_cluster_instances > 0 && var.comp_sg_name != null ? contains(local.ldap_sg_rules, tolist(data.ibm_is_security_group.comp_security_group[*].id)[0]) : true
+  comp_sg_in_ldap_sg_msg      = "Compute security group is not present in LDAP security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_comp_sg_in_ldap_sg_chk = var.ldap_sg_name != null ? regex("^${local.comp_sg_in_ldap_sg_msg}$", (local.validate_comp_sg_in_ldap_sg ? local.comp_sg_in_ldap_sg_msg : "")) : true
+
+  validate_ldap_sg_in_ldap_sg = var.enable_ldap == true && var.ldap_server == "null" && var.ldap_sg_name != null ? contains(local.ldap_sg_rules, tolist(data.ibm_is_security_group.ldap_security_group[*].id)[0]) : true
+  ldap_sg_in_ldap_sg_msg      = "LDAP security group is not present in LDAP security group"
+  # tflint-ignore: terraform_unused_declarations
+  validate_ldap_sg_in_ldap_sg_chk = var.ldap_sg_name != null ? regex("^${local.ldap_sg_in_ldap_sg_msg}$", (local.validate_ldap_sg_in_ldap_sg ? local.ldap_sg_in_ldap_sg_msg : "")) : true
+}
+
 module "compute_cluster_security_group" {
   source            = "../../../resources/ibmcloud/security/security_group"
-  turn_on           = (var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.comp_sg_id == null ? true : false
+  turn_on           = (var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.comp_sg_name == null ? true : false
   sec_group_name    = [format("%s-compute-sg", var.resource_prefix)]
   vpc_id            = var.vpc_id
   resource_group_id = var.resource_group_id
@@ -87,7 +169,7 @@ module "compute_cluster_security_group" {
 # FIXME - Fine grain port inbound is needed, but hits limitation of 5 rules
 module "compute_cluster_ingress_security_rule" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = ((var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.using_jumphost_connection == false && var.comp_sg_id == null) ? 3 : 0
+  total_rules              = ((var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.using_jumphost_connection == false && var.comp_sg_name == null) ? 3 : 0
   security_group_id        = [module.compute_cluster_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.compute_cluster_security_group.sec_group_id]
@@ -95,7 +177,7 @@ module "compute_cluster_ingress_security_rule" {
 
 module "compute_cluster_ingress_security_rule_wt_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = ((var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.comp_sg_id == null) ? 3 : 0
+  total_rules              = ((var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.comp_sg_name == null) ? 3 : 0
   security_group_id        = [module.compute_cluster_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.compute_cluster_security_group.sec_group_id]
@@ -103,7 +185,7 @@ module "compute_cluster_ingress_security_rule_wt_bastion" {
 
 module "compute_cluster_ingress_security_rule_wo_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = ((var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.comp_sg_id == null) ? 2 : 0
+  total_rules              = ((var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.comp_sg_name == null) ? 2 : 0
   security_group_id        = [module.compute_cluster_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [local.deploy_sec_group_id, module.compute_cluster_security_group.sec_group_id]
@@ -111,7 +193,7 @@ module "compute_cluster_ingress_security_rule_wo_bastion" {
 
 module "compute_egress_security_rule" {
   source             = "../../../resources/ibmcloud/security/security_allow_all"
-  turn_on            = (var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.comp_sg_id == null ? true : false
+  turn_on            = (var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.comp_sg_name == null ? true : false
   security_group_ids = module.compute_cluster_security_group.sec_group_id
   sg_direction       = "outbound"
   remote_ip_addr     = "0.0.0.0/0"
@@ -119,7 +201,7 @@ module "compute_egress_security_rule" {
 
 module "storage_egress_security_rule" {
   source             = "../../../resources/ibmcloud/security/security_allow_all"
-  turn_on            = var.total_storage_cluster_instances > 0 && var.strg_sg_id == null ? true : false
+  turn_on            = var.total_storage_cluster_instances > 0 && var.strg_sg_name == null ? true : false
   security_group_ids = module.storage_cluster_security_group.sec_group_id
   sg_direction       = "outbound"
   remote_ip_addr     = "0.0.0.0/0"
@@ -127,7 +209,7 @@ module "storage_egress_security_rule" {
 
 module "gklm_instance_egress_security_rule" {
   source             = "../../../resources/ibmcloud/security/security_allow_all"
-  turn_on            = (var.scale_encryption_enabled && var.scale_encryption_type == "gklm" && var.gklm_sg_id == null) ? true : false
+  turn_on            = (var.scale_encryption_enabled && var.scale_encryption_type == "gklm" && var.gklm_sg_name == null) ? true : false
   security_group_ids = module.gklm_instance_security_group.sec_group_id
   sg_direction       = "outbound"
   remote_ip_addr     = "0.0.0.0/0"
@@ -135,7 +217,7 @@ module "gklm_instance_egress_security_rule" {
 
 module "ldap_instance_egress_security_rule" {
   source             = "../../../resources/ibmcloud/security/security_allow_all"
-  turn_on            = var.enable_ldap && var.ldap_server == "null" && var.ldap_sg_id == null
+  turn_on            = var.enable_ldap && var.ldap_server == "null" && var.ldap_sg_name == null
   security_group_ids = module.ldap_instance_security_group.sec_group_id
   sg_direction       = "outbound"
   remote_ip_addr     = "0.0.0.0/0"
@@ -143,7 +225,7 @@ module "ldap_instance_egress_security_rule" {
 
 module "storage_cluster_security_group" {
   source            = "../../../resources/ibmcloud/security/security_group"
-  turn_on           = var.total_storage_cluster_instances > 0 && var.strg_sg_id == null ? true : false
+  turn_on           = var.total_storage_cluster_instances > 0 && var.strg_sg_name == null ? true : false
   sec_group_name    = [format("%s-storage-sg", var.resource_prefix)]
   vpc_id            = var.vpc_id
   resource_group_id = var.resource_group_id
@@ -152,7 +234,7 @@ module "storage_cluster_security_group" {
 
 module "storage_cluster_ingress_security_rule" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.total_storage_cluster_instances > 0 && var.using_jumphost_connection == false && var.strg_sg_id == null) ? 3 : 0
+  total_rules              = (var.total_storage_cluster_instances > 0 && var.using_jumphost_connection == false && var.strg_sg_name == null) ? 3 : 0
   security_group_id        = [module.storage_cluster_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -160,7 +242,7 @@ module "storage_cluster_ingress_security_rule" {
 
 module "storage_cluster_ingress_security_rule_wt_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.total_storage_cluster_instances > 0 && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.strg_sg_id == null) ? 3 : 0
+  total_rules              = (var.total_storage_cluster_instances > 0 && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.strg_sg_name == null) ? 3 : 0
   security_group_id        = [module.storage_cluster_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -168,7 +250,7 @@ module "storage_cluster_ingress_security_rule_wt_bastion" {
 
 module "storage_cluster_ingress_security_rule_wo_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.total_storage_cluster_instances > 0 && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.strg_sg_id == null) ? 2 : 0
+  total_rules              = (var.total_storage_cluster_instances > 0 && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.strg_sg_name == null) ? 2 : 0
   security_group_id        = [module.storage_cluster_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [local.deploy_sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -176,7 +258,7 @@ module "storage_cluster_ingress_security_rule_wo_bastion" {
 
 module "bicluster_ingress_security_rule" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.total_storage_cluster_instances > 0 && (var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.strg_sg_id == null) ? 2 : 0
+  total_rules              = (var.total_storage_cluster_instances > 0 && (var.total_client_cluster_instances > 0 || var.total_compute_cluster_instances > 0) && var.strg_sg_name == null) ? 2 : 0
   security_group_id        = [module.storage_cluster_security_group.sec_group_id, module.compute_cluster_security_group.sec_group_id]
   sg_direction             = ["inbound", "inbound"]
   source_security_group_id = [module.compute_cluster_security_group.sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -184,7 +266,7 @@ module "bicluster_ingress_security_rule" {
 
 module "gklm_instance_security_group" {
   source            = "../../../resources/ibmcloud/security/security_group"
-  turn_on           = var.scale_encryption_enabled && var.scale_encryption_type == "gklm" && var.gklm_sg_id == null ? true : false
+  turn_on           = var.scale_encryption_enabled && var.scale_encryption_type == "gklm" && var.gklm_sg_name == null ? true : false
   sec_group_name    = [format("%s-gklm-sg", var.resource_prefix)]
   vpc_id            = var.vpc_id
   resource_group_id = var.resource_group_id
@@ -193,7 +275,7 @@ module "gklm_instance_security_group" {
 
 module "gklm_instance_ingress_security_rule" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.using_jumphost_connection == false && var.gklm_sg_id == null) ? 5 : 0
+  total_rules              = (var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.using_jumphost_connection == false && var.gklm_sg_name == null) ? 5 : 0
   security_group_id        = [module.gklm_instance_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.gklm_instance_security_group.sec_group_id, module.compute_cluster_security_group.sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -201,7 +283,7 @@ module "gklm_instance_ingress_security_rule" {
 
 module "gklm_instance_ingress_security_rule_wt_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.gklm_sg_id == null) ? 5 : 0
+  total_rules              = (var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.gklm_sg_name == null) ? 5 : 0
   security_group_id        = [module.gklm_instance_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.gklm_instance_security_group.sec_group_id, module.compute_cluster_security_group.sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -209,7 +291,7 @@ module "gklm_instance_ingress_security_rule_wt_bastion" {
 
 module "gklm_instance_ingress_security_rule_wo_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.gklm_sg_id == null) ? 4 : 0
+  total_rules              = (var.scale_encryption_enabled == true && var.scale_encryption_type == "gklm" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.gklm_sg_name == null) ? 4 : 0
   security_group_id        = [module.gklm_instance_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [local.deploy_sec_group_id, module.gklm_instance_security_group.sec_group_id, module.compute_cluster_security_group.sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -217,7 +299,7 @@ module "gklm_instance_ingress_security_rule_wo_bastion" {
 
 module "ldap_instance_security_group" {
   source            = "../../../resources/ibmcloud/security/security_group"
-  turn_on           = var.enable_ldap && var.ldap_server == "null" && var.ldap_sg_id == null
+  turn_on           = var.enable_ldap && var.ldap_server == "null" && var.ldap_sg_name == null
   sec_group_name    = [format("%s-ldap-sg", var.resource_prefix)]
   vpc_id            = var.vpc_id
   resource_group_id = var.resource_group_id
@@ -226,7 +308,7 @@ module "ldap_instance_security_group" {
 
 module "ldap_instance_ingress_security_rule" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.enable_ldap == true && var.ldap_server == "null" && var.using_jumphost_connection == false && var.ldap_sg_id == null) ? 5 : 0
+  total_rules              = (var.enable_ldap == true && var.ldap_server == "null" && var.using_jumphost_connection == false && var.ldap_sg_name == null) ? 5 : 0
   security_group_id        = [module.ldap_instance_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.ldap_instance_security_group.sec_group_id, module.compute_cluster_security_group.sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -234,7 +316,7 @@ module "ldap_instance_ingress_security_rule" {
 
 module "ldap_instance_ingress_security_rule_wt_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.enable_ldap == true && var.ldap_server == "null" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.ldap_sg_id == null) ? 5 : 0
+  total_rules              = (var.enable_ldap == true && var.ldap_server == "null" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id != null && var.ldap_sg_name == null) ? 5 : 0
   security_group_id        = [module.ldap_instance_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [var.bastion_security_group_id, local.deploy_sec_group_id, module.ldap_instance_security_group.sec_group_id, module.compute_cluster_security_group.sec_group_id, module.storage_cluster_security_group.sec_group_id]
@@ -242,7 +324,7 @@ module "ldap_instance_ingress_security_rule_wt_bastion" {
 
 module "ldap_instance_ingress_security_rule_wo_bastion" {
   source                   = "../../../resources/ibmcloud/security/security_rule_source"
-  total_rules              = (var.enable_ldap == true && var.ldap_server == "null" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.ldap_sg_id == null) ? 4 : 0
+  total_rules              = (var.enable_ldap == true && var.ldap_server == "null" && var.using_jumphost_connection == true && var.deploy_controller_sec_group_id == null && var.ldap_sg_name == null) ? 4 : 0
   security_group_id        = [module.ldap_instance_security_group.sec_group_id]
   sg_direction             = ["inbound"]
   source_security_group_id = [local.deploy_sec_group_id, module.ldap_instance_security_group.sec_group_id, module.compute_cluster_security_group.sec_group_id, module.storage_cluster_security_group.sec_group_id]
diff --git a/ibmcloud_scale_templates/sub_modules/instance_template/variables.tf b/ibmcloud_scale_templates/sub_modules/instance_template/variables.tf
index cd79802c..4c9df6dd 100644
--- a/ibmcloud_scale_templates/sub_modules/instance_template/variables.tf
+++ b/ibmcloud_scale_templates/sub_modules/instance_template/variables.tf
@@ -576,32 +576,34 @@ variable "afm_cos_config" {
   description = "Please provide details for the Cloud Object Storage (COS) instance, including information about the COS bucket, service credentials (HMAC key), AFM fileset, mode (such as Read-only (RO), Single writer (SW), Local updates (LU), and Independent writer (IW)), storage class (standard, vault, cold, or smart), and bucket type (single_site_location, region_location, cross_region_location). Note : The 'afm_cos_config' can contain up to 5 entries. For further details on COS bucket locations, refer to the relevant documentation https://cloud.ibm.com/docs/cloud-object-storage/basics?topic=cloud-object-storage-endpoints."
 }
 
-variable "strg_sg_id" {
+variable "key_protect_instance_id" {
   type        = string
   default     = null
-  description = "Existing storage security group id"
+  description = "Existing Key Protect ID"
 }
 
-variable "comp_sg_id" {
+# Existing Security Group Variables
+
+variable "strg_sg_name" {
   type        = string
   default     = null
-  description = "Existing compute security group id"
+  description = "Existing storage security group name"
 }
 
-variable "gklm_sg_id" {
+variable "comp_sg_name" {
   type        = string
   default     = null
-  description = "Existing gklm security group id"
+  description = "Existing compute security group name"
 }
 
-variable "ldap_sg_id" {
+variable "gklm_sg_name" {
   type        = string
   default     = null
-  description = "Existing ldap security group id"
+  description = "Existing gklm security group name"
 }
 
-variable "key_protect_instance_id" {
+variable "ldap_sg_name" {
   type        = string
   default     = null
-  description = "Existing Key Protect ID"
+  description = "Existing ldap security group name"
 }