diff --git a/terraform/autoscaling-group.tf b/terraform/autoscaling-group.tf
index 2e34ca0666004f855081edc4d7269425051c1f2e..6dfc20387d8280455caa741ababcdf2ff8a00bf4 100644
--- a/terraform/autoscaling-group.tf
+++ b/terraform/autoscaling-group.tf
@@ -34,13 +34,16 @@ resource "aws_launch_configuration" "secure-agent-launch-config" {
   enable_monitoring = false
 
   iam_instance_profile = aws_iam_instance_profile.ecs-instance-profile.name
-  security_groups      = [data.aws_security_group.sec-group.id]
+  security_groups      = [data.aws_security_group.sec-group.id, data.aws_security_group.default.id]
   user_data            = <<EOF
               #!/bin/bash
               echo ECS_CLUSTER=${var.ecs_cluster_name} >> /etc/ecs/ecs.config
               sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
               EOF
   instance_type        = var.instance_type
+  root_block_device {
+    volume_size = var.instance_ebs_size
+  }
   lifecycle {
     create_before_destroy = true
   }
diff --git a/terraform/security.tf b/terraform/security.tf
index d459e3d1b87e5cbb221ad7286e6ed03bc49535eb..900795e78d0b640f17be5bffdccf7c9126e502fc 100644
--- a/terraform/security.tf
+++ b/terraform/security.tf
@@ -3,6 +3,11 @@ data "aws_security_group" "sec-group" {
   tags   = var.security_group
 }
 
+data "aws_security_group" "default" {
+  vpc_id = data.aws_vpc.vpc.id
+  name = "default"
+}
+
 // open port 2049 for NFSv4
 resource "aws_security_group" "secure-agent-efs-sg" {
   name   = var.secure_agent_efs_sg
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 92648e30845830c27506d0636921b2ad69c90b77..61204a641bf61ca37eb6ec339f8d8561728dd86e 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -61,7 +61,18 @@ variable "container_hostname" {
 }
 
 variable "container_memory" {
-  default = 5120 # 5GB
+  default = 15360 # 15GiB
+}
+
+variable "instance_ebs_size" {
+  default = 40 # 40GB
+}
+
+# see Secure Agent system requirements, before changing instance type, see the
+# supported instance types for launch configuration. See `container_memory` above for
+# configuring memory for container process.
+variable "instance_type" {
+  default = "t2.xlarge" # 4 vCPU, 16 GB
 }
 
 variable "container_app_port" {
@@ -78,15 +89,8 @@ variable "container_count" {
   default = 1
 }
 
-# see Secure Agent system requirements, before changing instance type, see the
-# supported instance types for launch configuration. See `container_memory` above for
-# configuring memory for container process.
-variable "instance_type" {
-  default = "t2.large" # 2 vCPU, 8 GB
-}
-
 variable "ecs_iam_role" {
-  default = "iics-secure-agent-iam-role"
+  default = "iics-secure-agent-iam-role-test"
 }
 
 variable "ecs_cluster_name" {