diff --git a/aliases b/aliases
index 6477951d..ba3ff48c 100644
--- a/aliases
+++ b/aliases
@@ -21,6 +21,8 @@ alias _bma_stack_diff_template='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma _bma_sta
 alias _bma_stack_name_arg='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma _bma_stack_name_arg'
 alias _bma_stack_params_arg='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma _bma_stack_params_arg'
 alias _bma_stack_template_arg='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma _bma_stack_template_arg'
+alias ad-apps='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma ad-apps'
+alias ad-user-groups='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma ad-user-groups'
 alias ad-users='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma ad-users'
 alias asg-capacity='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma asg-capacity'
 alias asg-desired-size-set='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma asg-desired-size-set'
@@ -73,6 +75,7 @@ alias elbv2-subnets='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma elbv2-subnets'
 alias elbv2-target-groups='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma elbv2-target-groups'
 alias elbv2s='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma elbv2s'
 alias front-door-waf-policies='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma front-door-waf-policies'
+alias front-door-waf-policy='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma front-door-waf-policy'
 alias front-door-waf-policy-rule-delete='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma front-door-waf-policy-rule-delete'
 alias front-door-waf-policy-rule-match-condition-values='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma front-door-waf-policy-rule-match-condition-values'
 alias front-door-waf-policy-rule-match-conditions='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma front-door-waf-policy-rule-match-conditions'
@@ -96,6 +99,7 @@ alias instance-ssh='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-ssh'
 alias instance-ssh-details='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-ssh-details'
 alias instance-ssm='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-ssm'
 alias instance-ssm-port-forward='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-ssm-port-forward'
+alias instance-ssm-port-forward-remote-host='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-ssm-port-forward-remote-host'
 alias instance-stack='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-stack'
 alias instance-start='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-start'
 alias instance-state='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma instance-state'
@@ -140,9 +144,12 @@ alias rds-db-clusters='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma rds-db-clusters'
 alias rds-db-instances='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma rds-db-instances'
 alias region-each='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma region-each'
 alias regions='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma regions'
+alias resource-export='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma resource-export'
 alias resource-group='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma resource-group'
+alias resource-group-export='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma resource-group-export'
 alias resource-group-unset='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma resource-group-unset'
 alias resource-groups='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma resource-groups'
+alias resourceids='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma resourceids'
 alias resources='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma resources'
 alias service-principals='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma service-principals'
 alias skim-stdin='${BMA_HOME:-$HOME/.bash-my-aws}/bin/bma skim-stdin'
diff --git a/bash_completion.sh b/bash_completion.sh
index 460734fe..6abe7a49 100644
--- a/bash_completion.sh
+++ b/bash_completion.sh
@@ -179,6 +179,7 @@ complete -F _bma_instances_completion instance-ssh
 complete -F _bma_instances_completion instance-ssh-details
 complete -F _bma_instances_completion instance-ssm
 complete -F _bma_instances_completion instance-ssm-port-forward
+complete -F _bma_instances_completion instance-ssm-port-forward-remote-host
 complete -F _bma_instances_completion instance-stack
 complete -F _bma_instances_completion instance-start
 complete -F _bma_instances_completion instance-state
diff --git a/docs/command-reference.md b/docs/command-reference.md
index db4c82ae..43a6663a 100644
--- a/docs/command-reference.md
+++ b/docs/command-reference.md
@@ -618,6 +618,26 @@ Create tunnel from localhost to remote EC2 instance
     USAGE: instance-ssm-port-forward local_port_number port_number instance-id [instance-id]
 
 
+### instance-ssm-port-forward-remote-host
+
+Start a port forwarding session to a remote host through an EC2 instance. 
+The remote host isn't required to be managed by AWS Systems Manager as long as
+it is accessible from the EC2 instance. [Reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-remote-port-forwarding)
+
+    USAGE: instance-ssm-port-forward-remote-host local_port_number port_number host instance-id [instance-id]
+
+    EXAMPLE: 
+    $ instance-ssm-port-forward-remote-host 3306 3306 database.ap-southeast-2.rds.amazonaws.com i-xxxx
+    Starting session with SessionId: dina-00000000000000000
+    Port 3306 opened for sessionId dina-00000000000000000.
+    Waiting for connections...
+
+    $ instances jumphost | instance-ssm-port-forward-remote-host 3306 3306 database.ap-southeast-2.rds.amazonaws.com
+    Starting session with SessionId: dina-00000000000000000
+    Port 3306 opened for sessionId dina-00000000000000000.
+    Waiting for connections...
+
+
 ### instance-stack
 
 List CloudFormation stack EC2 Instance(s) belong to (if any)
@@ -912,6 +932,10 @@ Create arguments from output of az-cache-items() (if present)
  resource-group
 
 
+### function
+ resource-group-export
+
+
 ### function
  resource-group-unset
 
@@ -920,6 +944,14 @@ Create arguments from output of az-cache-items() (if present)
  resources
 
 
+### function
+ resourceids
+
+
+### function
+ resource-export
+
+
 ### function
  service-principals
 
@@ -949,6 +981,10 @@ Ported from BMA
  front-door-waf-policy-rules
 
 
+### function
+ front-door-waf-policy
+
+
 ### function
  front-door-waf-policy-rule-match-conditions
 
@@ -963,6 +999,27 @@ Ported from BMA
 
 ### function
  ad-users
+Usage: ad-users REMOTE_STARTS_WITH_FILTER LOCAL_FILTER
+
+REMOTE_STARTS_WITH_FILTER: filters on start of userPrincipalName
+LOCAL_FILTER: grep results
+
+
+### function
+ ad-user-groups
+List groups for AD User(s)
+
+    USAGE: ad-user-groups USER USER # object ID or principal name of the user
+
+    $ ad-users mike.bailey@bash-my-aws.org | ad-user-groups
+
+
+### function
+ ad-apps
+Usage: ad-users REMOTE_FILTER LOCAL_FILTER
+
+REMOTE_FILTER: filters on start of userPrincipalName
+LOCAL_FILTER: grep results
 
 
 ## cert-commands
diff --git a/functions b/functions
index 110c7c16..e29b74a9 100644
--- a/functions
+++ b/functions
@@ -21,6 +21,8 @@ _bma_stack_diff_template
 _bma_stack_name_arg
 _bma_stack_params_arg
 _bma_stack_template_arg
+ad-apps
+ad-user-groups
 ad-users
 asg-capacity
 asg-desired-size-set
@@ -73,6 +75,7 @@ elbv2-subnets
 elbv2-target-groups
 elbv2s
 front-door-waf-policies
+front-door-waf-policy
 front-door-waf-policy-rule-delete
 front-door-waf-policy-rule-match-condition-values
 front-door-waf-policy-rule-match-conditions
@@ -96,6 +99,7 @@ instance-ssh
 instance-ssh-details
 instance-ssm
 instance-ssm-port-forward
+instance-ssm-port-forward-remote-host
 instance-stack
 instance-start
 instance-state
@@ -141,9 +145,12 @@ rds-db-instances
 region
 region-each
 regions
+resource-export
 resource-group
+resource-group-export
 resource-group-unset
 resource-groups
+resourceids
 resources
 service-principals
 skim-stdin
diff --git a/lib/instance-functions b/lib/instance-functions
index 96d3a599..48907492 100644
--- a/lib/instance-functions
+++ b/lib/instance-functions
@@ -344,6 +344,45 @@ instance-ssm-port-forward() {
   done
 }
 
+instance-ssm-port-forward-remote-host() {
+
+  # Start a port forwarding session to a remote host through an EC2 instance. 
+  # The remote host isn't required to be managed by AWS Systems Manager as long as
+  # it is accessible from the EC2 instance. [Reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-remote-port-forwarding)
+  #
+  #     USAGE: instance-ssm-port-forward-remote-host local_port_number port_number host instance-id [instance-id]
+  #
+  #     EXAMPLE: 
+  #     $ instance-ssm-port-forward-remote-host 3306 3306 database.ap-southeast-2.rds.amazonaws.com i-xxxx
+  #     Starting session with SessionId: dina-00000000000000000
+  #     Port 3306 opened for sessionId dina-00000000000000000.
+  #     Waiting for connections...
+  # 
+  #     $ instances jumphost | instance-ssm-port-forward-remote-host 3306 3306 database.ap-southeast-2.rds.amazonaws.com
+  #     Starting session with SessionId: dina-00000000000000000
+  #     Port 3306 opened for sessionId dina-00000000000000000.
+  #     Waiting for connections...
+
+  local local_port_number=$1
+  local port_number=$2
+  local host=$3
+  shift 3
+  local instance_ids=$(skim-stdin "$@")
+  if [[ -z $local_port_number || -z $port_number || -z $host || -z $instance_ids ]] ; then
+    echo "Usage: $FUNCNAME local_port_number port_number host instance-id [instance-id]"
+    return 1
+  fi
+
+  exec </dev/tty # reattach keyboard to STDIN
+
+  for instance_id in $instance_ids; do
+    aws ssm start-session \
+      --target "$instance_id" \
+      --document-name AWS-StartPortForwardingSessionToRemoteHost \
+      --parameters "localPortNumber=${local_port_number},portNumber=${port_number},host=${host}"
+  done
+}
+
 instance-stack() {
 
   # List CloudFormation stack EC2 Instance(s) belong to (if any)