diff --git a/ibm_catalog.json b/ibm_catalog.json
index 968db5f8..5befb48d 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -177,6 +177,7 @@
             },
             {
               "service_name": "cloud-object-storage",
+              "notes": "[Optional] Required if you are enabling VPC flow logs",
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::serviceRole:Manager",
                 "crn:v1:bluemix:public:iam::::role:Editor"
@@ -184,12 +185,14 @@
             },
             {
               "service_name": "kms",
+              "notes": "[Optional] Required if you are enabling KMS for encrypting COS bucket",
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::serviceRole:Manager",
                 "crn:v1:bluemix:public:iam::::role:Editor"
               ]
             }
           ],
+
           "configuration": [
             {
               "key": "ibmcloud_api_key"
@@ -222,23 +225,6 @@
                 }
               }
             },
-            {
-              "key": "provider_visibility",
-              "options": [
-                {
-                  "displayname": "private",
-                  "value": "private"
-                },
-                {
-                  "displayname": "public",
-                  "value": "public"
-                },
-                {
-                  "displayname": "public-and-private",
-                  "value": "public-and-private"
-                }
-              ]
-            },
             {
               "key": "vpc_name",
               "required": true
@@ -344,6 +330,7 @@
             },
             {
               "key": "kms_endpoint_type",
+              "hidden": true,
               "options": [
                 {
                   "displayname": "private",
@@ -445,6 +432,24 @@
             },
             {
               "key": "flow_logs_cos_bucket_enable_permanent_retention"
+            },
+            {
+              "key": "provider_visibility",
+              "hidden": true,
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
             }
           ],
           "dependencies": [
diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md
index 93ddc896..8df3d489 100644
--- a/solutions/fully-configurable/README.md
+++ b/solutions/fully-configurable/README.md
@@ -102,7 +102,7 @@ This solution supports provisioning and configuring the following infrastructure
 | <a name="input_security_group_rules"></a> [security\_group\_rules](#input\_security\_group\_rules) | A list of security group rules to be added to the default vpc security group (default empty). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#security-group-rules-). | <pre>list(<br/>    object({<br/>      name      = string<br/>      direction = string<br/>      remote    = optional(string)<br/>      tcp = optional(<br/>        object({<br/>          port_max = optional(number)<br/>          port_min = optional(number)<br/>        })<br/>      )<br/>      udp = optional(<br/>        object({<br/>          port_max = optional(number)<br/>          port_min = optional(number)<br/>        })<br/>      )<br/>      icmp = optional(<br/>        object({<br/>          type = optional(number)<br/>          code = optional(number)<br/>        })<br/>      )<br/>    })<br/>  )</pre> | `[]` | no |
 | <a name="input_skip_cos_kms_iam_auth_policy"></a> [skip\_cos\_kms\_iam\_auth\_policy](#input\_skip\_cos\_kms\_iam\_auth\_policy) | To skip creating an IAM authorization policy that allows Cloud Object Storage(COS) to access KMS key. | `bool` | `false` | no |
 | <a name="input_skip_vpc_cos_iam_auth_policy"></a> [skip\_vpc\_cos\_iam\_auth\_policy](#input\_skip\_vpc\_cos\_iam\_auth\_policy) | To skip creating an IAM authorization policy that allows the VPC to access the Cloud Object Storage, set this variable to `true`. Required only if `enable_vpc_flow_logs` is set to true. | `bool` | `false` | no |
-| <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-). | <pre>object({<br/>    zone-1 = list(object({<br/>      name           = string<br/>      cidr           = string<br/>      public_gateway = optional(bool)<br/>      acl_name       = string<br/>      no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/>      subnet_tags    = optional(list(string), [])<br/>    }))<br/>    zone-2 = optional(list(object({<br/>      name           = string<br/>      cidr           = string<br/>      public_gateway = optional(bool)<br/>      acl_name       = string<br/>      no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/>      subnet_tags    = optional(list(string), [])<br/>    })))<br/>    zone-3 = optional(list(object({<br/>      name           = string<br/>      cidr           = string<br/>      public_gateway = optional(bool)<br/>      acl_name       = string<br/>      no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/>      subnet_tags    = optional(list(string), [])<br/>    })))<br/>  })</pre> | <pre>{<br/>  "zone-1": [<br/>    {<br/>      "acl_name": "vpc-acl",<br/>      "cidr": "10.10.10.0/24",<br/>      "name": "subnet-a",<br/>      "no_addr_prefix": false,<br/>      "public_gateway": true<br/>    }<br/>  ]<br/>}</pre> | no |
+| <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-). | <pre>object({<br/>    zone-1 = list(object({<br/>      name           = string<br/>      cidr           = string<br/>      public_gateway = optional(bool)<br/>      acl_name       = string<br/>      no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/>      subnet_tags    = optional(list(string), [])<br/>    }))<br/>    zone-2 = optional(list(object({<br/>      name           = string<br/>      cidr           = string<br/>      public_gateway = optional(bool)<br/>      acl_name       = string<br/>      no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/>      subnet_tags    = optional(list(string), [])<br/>    })))<br/>    zone-3 = optional(list(object({<br/>      name           = string<br/>      cidr           = string<br/>      public_gateway = optional(bool)<br/>      acl_name       = string<br/>      no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/>      subnet_tags    = optional(list(string), [])<br/>    })))<br/>  })</pre> | <pre>{<br/>  "zone-1": [<br/>    {<br/>      "acl_name": "vpc-acl",<br/>      "cidr": "10.10.10.0/24",<br/>      "name": "subnet-a",<br/>      "no_addr_prefix": false,<br/>      "public_gateway": true<br/>    }<br/>  ],<br/>  "zone-2": [<br/>    {<br/>      "acl_name": "vpc-acl",<br/>      "cidr": "10.20.10.0/24",<br/>      "name": "subnet-b",<br/>      "no_addr_prefix": false,<br/>      "public_gateway": false<br/>    }<br/>  ],<br/>  "zone-3": [<br/>    {<br/>      "acl_name": "vpc-acl",<br/>      "cidr": "10.30.10.0/24",<br/>      "name": "subnet-c",<br/>      "no_addr_prefix": false,<br/>      "public_gateway": false<br/>    }<br/>  ]<br/>}</pre> | no |
 | <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | Name of the VPC. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"vpc"` | no |
 | <a name="input_vpe_gateway_cloud_service_by_crn"></a> [vpe\_gateway\_cloud\_service\_by\_crn](#input\_vpe\_gateway\_cloud\_service\_by\_crn) | The list of cloud service CRNs used to create endpoint gateways. Use this list to identify services that are not supported by service name in the `cloud_services` variable. For a list of supported services, see [VPE-enabled services](https://cloud.ibm.com/docs/vpc?topic=vpc-vpe-supported-services). If `service_name` is not specified, the CRN is used to find the name. If `vpe_name` is not specified in the list, VPE names are created in the format `<prefix>-<vpc_name>-<service_name>`. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#vpe-gateway-cloud-service-by-crn-). | <pre>set(<br/>    object({<br/>      crn                          = string<br/>      vpe_name                     = optional(string) # Full control on the VPE name. If not specified, the VPE name will be computed based on prefix, vpc name and service name.<br/>      service_name                 = optional(string) # Name of the service used to compute the name of the VPE. If not specified, the service name will be obtained from the crn.<br/>      allow_dns_resolution_binding = optional(bool, true)<br/>    })<br/>  )</pre> | `[]` | no |
 | <a name="input_vpe_gateway_cloud_services"></a> [vpe\_gateway\_cloud\_services](#input\_vpe\_gateway\_cloud\_services) | The list of cloud services used to create endpoint gateways. If `vpe_name` is not specified in the list, VPE names are created in the format `<prefix>-<vpc_name>-<service_name>`. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#vpe-gateway-cloud-services-). | <pre>set(object({<br/>    service_name                 = string<br/>    vpe_name                     = optional(string), # Full control on the VPE name. If not specified, the VPE name will be computed based on prefix, vpc name and service name.<br/>    allow_dns_resolution_binding = optional(bool, false)<br/>  }))</pre> | `[]` | no |
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index bef9415d..50ab4484 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -107,6 +107,24 @@ variable "subnets" {
         acl_name       = "vpc-acl"
         no_addr_prefix = false
       }
+    ],
+    zone-2 = [
+      {
+        name           = "subnet-b"
+        cidr           = "10.20.10.0/24"
+        public_gateway = false
+        acl_name       = "vpc-acl"
+        no_addr_prefix = false
+      }
+    ],
+    zone-3 = [
+      {
+        name           = "subnet-c"
+        cidr           = "10.30.10.0/24"
+        public_gateway = false
+        acl_name       = "vpc-acl"
+        no_addr_prefix = false
+      }
     ]
   }