diff --git a/examples/terraform/enterprise/airgapped terraform enterprise on azure/README.md b/examples/terraform/enterprise/airgapped terraform enterprise on azure/README.md
index 9313c90..8d98234 100644
--- a/examples/terraform/enterprise/airgapped terraform enterprise on azure/README.md	
+++ b/examples/terraform/enterprise/airgapped terraform enterprise on azure/README.md	
@@ -11,11 +11,15 @@ Stateless active/active.
 
 | Requirement             | Description                                                                                                                                        |
 | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Passwords               | All passwords must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during runtime.                                           |
-| Replicated license file | A valid Replicated license file (`.rli`) must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during runtime.                |
+| Docker Engine           | Required by Replicated.                                                                                                                            |
+| Load balancer           | Azure Application Gateway; FIXME                                                                                                                   |
+| Passwords               | All passwords must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during the apply phase.                                   |
+| PostgreSQL              | Azure Database For PostgreSQL; FIXME                                                                                                               |
+| Redis                   | Azure Cache for Redis; FIXME                                                                                                                       |
+| Replicated license file | A valid Replicated license file (`.rli`) must be stored as a Blob in an Azure Storage Account and retrieved during the apply phase.                |
 | TFE airgap bundle       | The TFE airgap bundle for Replicated must be stored as a Blob in a Storage Account and retrieved by the VM after first boot.                       |
 | TLS certificate         | The TLS certificate and private key files must be PEM-encoded. The TLS certificate file can contain a full chain of TLS certificates if necessary. |
-| Tokens                  | All tokens must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during runtime.                                              |
+| Tokens                  | All tokens must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during the apply phase.                                      |
 | Virtual machine         | Must be a Linux VM.                                                                                                                                |
 
 ![requirements diagram]
@@ -28,7 +32,7 @@ Stateless active/active.
 - Azure's [Terraform Enterprise Azure Instance Module][azure-terraform/terraform-azurerm-terraform-enterprise-instance] on GitHub
 
 <!-- knowledge base -->
-[requirements diagram]: design/requirements.png
+[requirements diagram]: design/images/requirements.png
 
 <!-- hashicorp references -->
 [terraform enterprise]: https://developer.hashicorp.com/terraform/enterprise
diff --git a/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/images/replicated.png b/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/images/replicated.png
new file mode 100644
index 0000000..5876209
Binary files /dev/null and b/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/images/replicated.png differ
diff --git a/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/images/requirements.png b/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/images/requirements.png
new file mode 100644
index 0000000..85e7935
Binary files /dev/null and b/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/images/requirements.png differ
diff --git a/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/requirements.png b/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/requirements.png
deleted file mode 100644
index 2c420a7..0000000
Binary files a/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/requirements.png and /dev/null differ
diff --git a/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/requirements.py b/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/requirements.py
index f6e3772..2754a75 100755
--- a/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/requirements.py	
+++ b/examples/terraform/enterprise/airgapped terraform enterprise on azure/design/requirements.py	
@@ -1,33 +1,40 @@
 #!/usr/bin/env python3
 
-from diagrams import Diagram
-from diagrams.azure.compute import VMLinux
+from diagrams import Cluster, Diagram
+from diagrams.azure.compute import OsImages, VMLinux
 from diagrams.azure.database import CacheForRedis, DatabaseForPostgresqlServers
-from diagrams.azure.network import LoadBalancers, NetworkInterfaces, Subnets, VirtualNetworks
+from diagrams.azure.network import ApplicationGateway, NetworkInterfaces, VirtualNetworks
 from diagrams.azure.security import KeyVaults
 from diagrams.azure.storage import BlobStorage
+from diagrams.custom import Custom
+from diagrams.generic.os import RedHat
 from diagrams.onprem.container import Docker
 from diagrams.onprem.iac import Terraform
 
 with Diagram("Requirements", show=False):
-
-    cache = CacheForRedis("Redis Cache")
-    db = DatabaseForPostgresqlServers("PostgreSQL DB")
-    engine = Docker("Docker Engine")
-    kv = KeyVaults("Key Vault")
-    lb = LoadBalancers("Load Balancer")
-    nic = NetworkInterfaces("Network Interface")
-    storage = BlobStorage("Blob Storage")
-    subnet_private = Subnets("Private Subnet")
-    subnet_public = Subnets("Public Subnet")
+    container_engine = Docker("Docker Engine")
+    replicated = Custom("Replicated", icon_path = "images/replicated.png")
+    rhel = RedHat("RHEL")
     tfe = Terraform("Terraform Enterprise")
-    vm = VMLinux("Linux Virtual Machine")
-    vnet = VirtualNetworks("VNet")
 
-    vnet >> [subnet_private, subnet_public]
-    subnet_private >> kv
-    [subnet_private, subnet_public] >> nic
-    kv >> [cache, db, storage, vm]
+    with Cluster("Azure"):
+        os = OsImages("Image")
+        vnet = VirtualNetworks("VNet")
+
+        with Cluster("Private Subnet"):
+            cache = CacheForRedis("Redis Cache")
+            db = DatabaseForPostgresqlServers("PostgreSQL DB")
+            kv = KeyVaults("Key Vault")
+            nic = NetworkInterfaces("Network Interface")
+            storage = BlobStorage("Blob Storage")
+            vm = VMLinux("Linux Virtual Machine")
+
+        with Cluster("Public Subnet"):
+            lb = ApplicationGateway("Application Gateway")
+
+    vnet >> [kv, nic]
+    kv >> [cache, db, lb, storage, vm]
     nic >> [lb, vm]
-    vm >> engine
-    [cache, db, engine, lb, storage] >> tfe
+    rhel >> os >> vm
+    storage >> vm >> container_engine >> replicated
+    [cache, db, lb, replicated] >> tfe