diff --git a/.ebextensions/06-https-instance-securitygroup.config b/.ebextensions/06-https-instance-securitygroup.config
index 4005ba8..e32bd94 100644
--- a/.ebextensions/06-https-instance-securitygroup.config
+++ b/.ebextensions/06-https-instance-securitygroup.config
@@ -4,6 +4,6 @@ Resources:
     Properties:
       GroupId: { "Fn::GetAtt": ["AWSEBSecurityGroup", "GroupId"] }
       IpProtocol: tcp
-      ToPort: 444
-      FromPort: 444
+      ToPort: 443
+      FromPort: 443
       CidrIp: 0.0.0.0/0
diff --git a/todo.md b/todo.md
index 5e3733a..523a5cd 100644
--- a/todo.md
+++ b/todo.md
@@ -44,4 +44,8 @@ Deploy the ELB environment referencing the VPC + Subnets created with Cloudforma
 
 Check the security group defined in 06 is created successfully.
 
+When you reference a resource in a config file with resources, if it exists in ELB it will apply that to the existing ELB resource. You can overwrite/append values this way.
+
+For example setting `sslSecurityGroupIngress:` in a config resources will edit the security group for ssl ingress for your ec2.
+
 Recreate env with database, check the DB subnets - are they the same as the EC2 subnets? If so we can reference them in https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-ec2vpc with ELBSubnets