ec2.md in beaker-aws-0.5.0 vs ec2.md in beaker-aws-0.6.0

- old
+ new

@@ -32,11 +32,11 @@
         user: ec2-user
     CONFIG:
       nfs_server: none
       consoleport: 443
 
-### Using role  
+### Using role
 *(If you'd like to use instance role you can disable reading fog credentials)*
 
 #### No fog file needed ####
 #### Update CONFIG section of ec2 hosts file ####
     CONFIG:
@@ -54,42 +54,60 @@
 Beaker will automagically provision EC2 nodes, provided the 'platform:' section of your config file lists a supported platform type: ubuntu-10.04-i386, el-6-x86_64, el-6-i386, el-5-i386.
 
 ### Supported EC2 Variables ###
 These variables can either be set per-host or globally.
 
-####`additional_ports`####
+#### `additional_ports` ####
 Ports to be opened on the instance, in addition to those opened by Beaker to support Puppet functionality.  Can be a single value or an array.  Example valid values: 1001, [1001], [1001, 1002].
 
 Ports opened by default:
 * all hosts have [22, 61613, 8139] opened
 * `master` will also have [8140, 8142] opened
 * `dashboard` will also have [443, 4433, 4435] opened
 * `database` will also have [5432, 8080, 8081] opened
 * If you have a split install, all the hosts with `master`, `dashboard` and `database` role will have port 8143 opened
 
-####`amisize` ####
-The [instance type](https://aws.amazon.com/ec2/instance-types/) - defaults to `m1.small`.  
-####`snapshot`####
+#### `amisize` ####
+The [instance type](https://aws.amazon.com/ec2/instance-types/) - defaults to `m1.small`.
+
+#### `snapshot` ####
 The snapshot to use for ec2 instance creation.
-####`subnet_id`####
+
+#### `subnet_id` ####
 If defined the instance will be created in this EC2 subnet.  `vpc_id` must be defined.  Cannot be defined at the same time as `subnet_ids`.
-####`subnet_ids`####
+
+#### `subnet_ids` ####
 If defined the instace will be crated in one of the provided array of EC2 subnets.  `vpc_id` must be defined.  Cannot be defined at the same time as `subnet_id`.
-####`vmname`####
+
+#### `vmname` ####
 Used to look up the pre-defined AMI information in `config/image_templates/ec2.yaml`.  Will default to `platform` if not defined.
-#####Example ec2.yaml#####
+
+##### Example ec2.yaml #####
 In this example the `vmname` would be `puppetlabs-centos-5-x86-64-west`.  Looking up the `vmname` in the `ec2.yaml` file provides an AMI ID by type (`pe` or `foss`) and the region.
 
 ```
 AMI:
   puppetlabs-centos-5-x86-64-west:
     :image:
       :pe: ami-pl-12345
     :region: us-west-2
 ```
 
-####`volume_size`####
+#### `volume_size` ####
 Size of the [EBS Volume](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html) that will be attached to the EC2 instance.
-####`vpc_id`####
+
+#### `vpc_id` ####
 ID of the [VPC](https://aws.amazon.com/vpc/) to create the instances in.  If not provided will either use the default VPC for the provided region (marked as `isDefault`), otherwise falls back to `nil`.  If subnet information is provided (`subnet_id`/`subnet_ids`) this must be defined.
-####`user`####
+
+#### `sg_cidr_ips` ####
+Comma seperated list of [CIDRs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html) which define the whitelisted IPs used by beaker. They will be added to the security groups which are created and associated with EC2 instance. Below is an example:
+
+```
+HOSTS:
+  somehostname:
+    sg_cidr_ips: 172.28.40.0/24,172.20.112.0/20
+```
+
+This is optional and by default is set to '0.0.0.0/0'.
+
+#### `user` ####
 By default root login is not allowed with Amazon Linux. Setting it to ec2-user will trigger `sshd_config` and `authorized_keys` changes by beaker.