diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 705a013..c04990f 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -10,4 +10,4 @@ on:
 
 jobs:
   validate-tf:
-    uses: trussworks/shared-actions/.github/workflows/validate-tf.yml@main
+    uses: trussworks/shared-actions/.github/workflows/validate-tf.yml@3cab03ab95045711da37ad6d63a93c666fc22398 # v0.0.2
diff --git a/.markdownlintrc b/.markdownlintrc
index 83eb43d..3e0ef98 100644
--- a/.markdownlintrc
+++ b/.markdownlintrc
@@ -4,5 +4,6 @@
   "first-line-h1": false,
   "line_length": false,
   "no-multiple-blanks": false,
-  "no-inline-html": false
+  "no-inline-html": false,
+  "no-alt-text": false
 }
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index bfd87bb..34dd2cc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v5.0.0
     hooks:
       - id: check-json
       - id: check-merge-conflict
@@ -14,27 +14,17 @@ repos:
       - id: end-of-file-fixer
       - id: mixed-line-ending
 
-  - repo: https://github.com/executablebooks/mdformat
-    rev: 0.7.16
-    hooks:
-      - id: mdformat
-        additional_dependencies:
-          - mdformat-gfm
-          - mdformat-toc
-        # mdformat fights with terraform_docs
-        exclude: README.m(ark)?d(own)?
-
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.33.0
+    rev: v0.43.0
     hooks:
       - id: markdownlint
 
-  - repo: https://github.com/detailyang/pre-commit-shell
-    rev: 1.0.5
+  - repo: https://github.com/terraform-docs/terraform-docs
+    rev: "v0.19.0"
     hooks:
-      - id: shell-lint
+      - id: terraform-docs-system
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.1
+    rev: v1.96.3
     hooks:
       - id: terraform_fmt
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
index fb05467..39ca235 100644
--- a/.terraform-docs.yml
+++ b/.terraform-docs.yml
@@ -1,4 +1,35 @@
+version: ">= 0.19.0, < 1.0.0"
+
 settings:
   html: false
   anchor: false
+  escape: false
+  lockfile: false
+  hide-empty: true
 formatter: "markdown table"
+
+sort:
+  enabled: true
+  by: required
+
+sections:
+  show:
+    - requirements
+    - providers
+    - modules
+    - data-sources
+    - resources
+    - inputs
+    - outputs
+
+recursive:
+  enabled: false
+  include-main: false
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
diff --git a/README.md b/README.md
index a98c2a5..67a87fc 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ module "acm_cert" {
 
   alb_listener_arn = "arn:aws:elasticloadbalancing:us-west-2:..."
   domain_name      = "www.example.com"
-  zone_name        = "example.com"
+  zone_id          = "ABCDEFGHIGJLK1234"
 }
 ```
 
@@ -33,10 +33,6 @@ module "acm_cert" {
 |------|---------|
 | aws | >= 3.0 |
 
-## Modules
-
-No modules.
-
 ## Resources
 
 | Name | Type |
@@ -51,18 +47,16 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| alb\_listener\_arn | Associate ACM certificate to an ALB listener. | `string` | `""` | no |
-| caa\_records | Add CAA records to route53. | `list(string)` | `[]` | no |
-| domain\_name | Domain name to associate with the ACM certificate. | `string` | n/a | yes |
-| environment | Environment tag. e.g. prod | `string` | n/a | yes |
-| tags | Tags to be attached to the ACM certificate. | `map(string)` | `{}` | no |
-| zone\_id | The Route53 zone id for which the certificate should be verified and issued. | `string` | n/a | yes |
+| domain_name | Domain name to associate with the ACM certificate. | `string` | n/a | yes |
+| zone_id | The Route53 zone id for which the certificate should be verified and issued. | `string` | n/a | yes |
+| alb_listener_arn | Associate ACM certificate to an ALB listener. | `string` | `""` | no |
+| caa_records | Add CAA records to route53. | `list(string)` | `[]` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| acm\_arn | The ARN of the validated ACM certificate. |
+| acm_arn | The ARN of the validated ACM certificate. |
 <!-- END_TF_DOCS -->
 
 ## Developer Setup
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
index e592e66..e107da4 100644
--- a/examples/simple/main.tf
+++ b/examples/simple/main.tf
@@ -7,6 +7,5 @@ module "acm-cert" {
   source = "../.."
 
   domain_name = "${var.test_name}.${local.zone_name}"
-  environment = local.environment
-  zone_name   = local.zone_name
+  zone_id     = "abcd123456"
 }
diff --git a/main.tf b/main.tf
index 884126f..1e7625a 100644
--- a/main.tf
+++ b/main.tf
@@ -2,8 +2,6 @@ resource "aws_acm_certificate" "main" {
   domain_name       = var.domain_name
   validation_method = "DNS"
 
-  tags = var.tags
-
   lifecycle {
     create_before_destroy = true
   }
diff --git a/renovate.json b/renovate.json
index 838e66f..6dc744f 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,11 +1,22 @@
 {
   "extends": [
-    "config:base"
+    "config:recommended",
+    "helpers:pinGitHubActionDigests"
   ],
   "labels": [
     "dependencies"
   ],
   "packageRules": [
+    {
+      "automerge": true,
+      "description": "Automerge all updates except major versions",
+      "matchUpdateTypes": [
+        "patch",
+        "pin",
+        "digest",
+        "minor"
+      ]
+    },
     {
       "description": "Tag the waddlers Github Team for major updates",
       "matchUpdateTypes": [
@@ -19,11 +30,14 @@
       "automerge": true,
       "description": "Group minor and patch updates into a single PR",
       "groupName": "dependencies",
+      "matchManagers": [
+        "terraform",
+        "pre-commit",
+        "github-actions"
+      ],
       "matchUpdateTypes": [
         "minor",
-        "patch",
-        "pin",
-        "digest"
+        "patch"
       ]
     }
   ],
diff --git a/variables.tf b/variables.tf
index 4032eda..893dc56 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,29 +4,18 @@ variable "alb_listener_arn" {
   default     = ""
 }
 
-variable "domain_name" {
-  type        = string
-  description = "Domain name to associate with the ACM certificate."
+variable "caa_records" {
+  description = "Add CAA records to route53."
+  type        = list(string)
+  default     = []
 }
 
-variable "environment" {
+variable "domain_name" {
   type        = string
-  description = "Environment tag. e.g. prod"
+  description = "Domain name to associate with the ACM certificate."
 }
 
 variable "zone_id" {
   type        = string
   description = "The Route53 zone id for which the certificate should be verified and issued."
 }
-
-variable "caa_records" {
-  description = "Add CAA records to route53."
-  type        = list(string)
-  default     = []
-}
-
-variable "tags" {
-  description = "Tags to be attached to the ACM certificate."
-  type        = map(string)
-  default     = {}
-}
diff --git a/versions.tf b/versions.tf
index 99d5c63..9753a94 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,6 +2,9 @@ terraform {
   required_version = ">= 1.0"
 
   required_providers {
-    aws = ">= 3.0"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.0"
+    }
   }
 }