diff --git a/.env b/.env
deleted file mode 100644
index 8602b6f..0000000
--- a/.env
+++ /dev/null
@@ -1,3 +0,0 @@
-BUILD_HARNESS_REPO=ghcr.io/defenseunicorns/not-a-build-harness/not-a-build-harness
-# renovate: datasource=docker depName=ghcr.io/defenseunicorns/not-a-build-harness/not-a-build-harness versioning=docker
-BUILD_HARNESS_VERSION=0.0.23
diff --git a/.github/workflows/pre-commit-pr.yml b/.github/workflows/pre-commit-pr.yml
index 9ae5d1e..819c395 100644
--- a/.github/workflows/pre-commit-pr.yml
+++ b/.github/workflows/pre-commit-pr.yml
@@ -1,11 +1,107 @@
----
-name: Scan Terraform
+name: Scan
 on:
   push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+    branches:
+      - main
+    paths:
+      - "**.tf"
+      - "**.go"
+      - ".github/**"
+      - "README.md"
+
+permissions:
+  contents: read
 
 jobs:
-  scan-terraform:
-    uses: defenseunicorns/uds-common-workflows/.github/workflows/terraform-scan.yaml@main
-    with:
-      soft-fail: true
-      github-token: $GITHUB_TOKEN
+  tflint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3    
+        with:
+          # renovate: datasource=github-tags depName=opentofu/opentofu versioning=semver
+          tofu_version: 1.6.3
+
+      - name: tofu init
+        run: tofu init
+
+      - name: tofu validate
+        run: tofu validate
+
+      - name: tofu fmt
+        run: tofu fmt -recursive
+
+      - name: Update Tofu Docs
+        uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # v1.2.0
+        with:
+          working-dir: .
+          output-method: inject
+          git-push: false
+          fail-on-diff: true
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0
+        with:
+          # renovate: datasource=github-tags depName=terraform-linters/tflint versioning=semver
+          tflint_version: v0.46.1
+
+      - name: Show version
+        run: tflint --version
+
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+
+      - name: Run TFLint
+        run: tflint -f compact --recursive
+
+  tfsec-scan:
+    needs: [tflint]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: tfsec
+        uses: aquasecurity/tfsec-action@b466648d6e39e7c75324f25d83891162a721f2d6 # v1.0.3
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }} 
+          soft_fail: true
+
+  regula:
+    needs: [tflint]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: List Directories
+        run: ls -lsa
+
+      - name: Scan with Regula
+        uses: fugue/regula-action@e47ae38fae32dccedc5ef814acdb2081eb2a351d # v3.2.1
+        with:
+          input_path: .
+          input_type: tf
+          severity: high
+
+  lintgo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 67317a3..745ce7f 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -11,8 +11,16 @@ permissions:
   repository-projects: read
 
 jobs:
-  release-terraform:
-    uses: defenseunicorns/uds-common-workflows/.github/workflows/release-terraform.yml@main
-    with:
-      command: manifest
-      release-type: simple
+  release-please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-flag.outputs.release_created }}
+    steps:
+      - name: Create Release Tag
+        id: tag
+        uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
+        with:
+          command: ${{ inputs.command }}
+          release-type: ${{ inputs.release-type }} 
+      - id: release-flag
+        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/test-module.yml b/.github/workflows/test-module.yml
index 287d137..8b06db2 100644
--- a/.github/workflows/test-module.yml
+++ b/.github/workflows/test-module.yml
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
         with:
           role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
           role-session-name: ${{ github.event.client_payload.pull_request.head.sha || github.sha }}
@@ -40,7 +40,17 @@ jobs:
           # 1800 seconds == 30 minutes
           role-duration-seconds: 1800
 
-      - name: Run Shared Test workfow
-        uses: defenseunicorns/uds-common-workflows/.github/actions/terraform-test@main
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Setup Go from go.mod
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          test_retry: 1
+          go-version-file: go.mod
+
+      - name: Install Go Dependencies and Test
+        shell: bash
+        working-directory: test
+        run: |
+          go mod tidy
+          go test -count 1 -timeout 30m -v .
diff --git a/.golangci.yml b/.golangci.yml
index bb11561..468fe7f 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -13,6 +13,7 @@ linters:
     - gomnd
     - lll
     - nlreturn
+    - perfsprint
     - stylecheck
     #   - testpackage
     - varnamelen
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
deleted file mode 100644
index ef1e261..0000000
--- a/.pre-commit-config.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
-    hooks:
-      - id: check-added-large-files
-        args: ["--maxkb=1024"]
-      - id: check-merge-conflict
-      - id: detect-aws-credentials
-        args:
-          - "--allow-missing-credentials"
-      - id: detect-private-key
-      - id: end-of-file-fixer
-      - id: fix-byte-order-marker
-      - id: trailing-whitespace
-        args: [--markdown-linebreak-ext=md]
-      - id: check-yaml
-        args:
-          - "--allow-multiple-documents"
-  - repo: https://github.com/sirosen/fix-smartquotes
-    rev: 0.2.0
-    hooks:
-      - id: fix-smartquotes
-  - repo: https://github.com/dnephin/pre-commit-golang
-    rev: v0.5.1
-    hooks:
-      - id: go-fmt
-      - id: golangci-lint
-  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.79.1
-    hooks:
-      - id: terraform_fmt
-      - id: terraform_docs
-        args:
-          - --args=--lockfile=false
-      - id: terraform_checkov
-        verbose: true
-        args:
-          - --args=--config-file __GIT_WORKING_DIR__/.checkov.yml
-      - id: terraform_tflint
-        args:
-          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
-  - repo: https://github.com/renovatebot/pre-commit-hooks
-    rev: 35.95.1
-    hooks:
-      - id: renovate-config-validator
diff --git a/.tool-versions b/.tool-versions
deleted file mode 100644
index d1edc0a..0000000
--- a/.tool-versions
+++ /dev/null
@@ -1,20 +0,0 @@
-# renovate: datasource=github-tags depName=npryce/adr-tools
-adr-tools 3.0.0
-awscli 2.11.20
-# renovate: datasource=github-tags depName=bridgecrewio/checkov
-checkov 2.3.234
-golang 1.20.4
-# renovate: datasource=github-tags depName=golangci/golangci-lint
-golangci-lint 1.52.2
-make 4.4.1
-# renovate: datasource=github-tags depName=pre-commit/pre-commit
-pre-commit 3.3.2
-terraform 1.4.6
-# renovate: datasource=github-tags depName=terraform-docs/terraform-docs
-terraform-docs 0.16.0
-# renovate: datasource=github-tags depName=terraform-linters/tflint
-tflint 0.46.1
-# renovate: datasource=github-tags depName=aquasecurity/tfsec
-tfsec 1.28.1
-# renovate: datasource=github-tags depName=defenseunicorns/zarf
-zarf 0.26.4
diff --git a/Makefile b/Makefile
index a6dce64..deca561 100644
--- a/Makefile
+++ b/Makefile
@@ -1,129 +1,19 @@
-include .env
-
-.DEFAULT_GOAL := help
-
-# Optionally add the "-it" flag for docker run commands if the env var "CI" is not set (meaning we are on a local machine and not in github actions)
-TTY_ARG :=
-ifndef CI
-	TTY_ARG := -it
-endif
-
-# Silent mode by default. Run `make VERBOSE=1` to turn off silent mode.
-ifndef VERBOSE
-.SILENT:
-endif
-
-# Idiomatic way to force a target to always run, by having it depend on this dummy target
-FORCE:
-
 .PHONY: help
 help: ## Show a list of all targets
-	grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) \
+	@grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) \
 	| sed -n 's/^\(.*\): \(.*\)##\(.*\)/\1:\3/p' \
 	| column -t -s ":"
 
-.PHONY: _create-folders
-_create-folders:
-	mkdir -p .cache/docker
-	mkdir -p .cache/pre-commit
-	mkdir -p .cache/go
-	mkdir -p .cache/go-build
-	mkdir -p .cache/tmp
-	mkdir -p .cache/.terraform.d/plugin-cache
-	mkdir -p .cache/.zarf-cache
-
-.PHONY: _test-all
-_test-all: _create-folders
-	echo "Running automated tests. This will take several minutes. At times it may not log anything to the console. If you interrupt the test run you will need to log into AWS console and manually delete any orphaned infrastructure."
-	# Developer note: If sshuttle is to be used, --cap-add=NET_ADMIN and --cap-add=NET_RAW need to be added to the below docker run command
-	docker run $(TTY_ARG) --rm \
-		-v "${PWD}:/app" \
-		-v "${PWD}/.cache/tmp:/tmp" \
-		-v "${PWD}/.cache/go:/root/go" \
-		-v "${PWD}/.cache/go-build:/root/.cache/go-build" \
-		-v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \
-		-v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \
-		--workdir "/app" \
-		-e TF_LOG_PATH \
-		-e TF_LOG \
-		-e GOPATH=/root/go \
-		-e GOCACHE=/root/.cache/go-build \
-		-e TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=true \
-		-e TF_PLUGIN_CACHE_DIR=/root/.terraform.d/plugin-cache \
-		-e AWS_REGION \
-		-e AWS_DEFAULT_REGION \
-		-e AWS_ACCESS_KEY_ID \
-		-e AWS_SECRET_ACCESS_KEY \
-		-e AWS_SESSION_TOKEN \
-		-e AWS_SECURITY_TOKEN \
-		-e AWS_SESSION_EXPIRATION \
-		-e SKIP_SETUP \
-		-e SKIP_TEST \
-		-e SKIP_TEARDOWN \
-		${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
-		bash -c 'git config --global --add safe.directory /app \
-			&& asdf install && cd examples/complete \
-			&& terraform init -upgrade=true \
-			&& cd ../../test/e2e \
-			&& go test -count 1 -v $(EXTRA_TEST_ARGS) .'
-
-.PHONY: test
-test: ## Run all automated tests. Requires access to an AWS account. Costs real money.
-	$(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 2h"
-
-# Example of how to run a single test only
-#.PHONY: test-complete-foo
-#test-complete-foo: ## Run one test (TestExamplesCompleteFoo). Requires access to an AWS account. Costs real money.
-#	$(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 2h -run TestExamplesCompleteFoo"
-
-.PHONY: docker-save-build-harness
-docker-save-build-harness: _create-folders ## Pulls the build harness docker image and saves it to a tarball
-	docker pull ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION}
-	docker save -o .cache/docker/build-harness.tar ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION}
-
-.PHONY: docker-load-build-harness
-docker-load-build-harness: ## Loads the saved build harness docker image
-	docker load -i .cache/docker/build-harness.tar
-
-.PHONY: _runhooks
-_runhooks: _create-folders
-	docker run $(TTY_ARG) --rm \
-		-v "${PWD}:/app" \
-		-v "${PWD}/.cache/tmp:/tmp" \
-		-v "${PWD}/.cache/go:/root/go" \
-		-v "${PWD}/.cache/go-build:/root/.cache/go-build" \
-		-v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \
-		-v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \
-		--workdir "/app" \
-		-e GOPATH=/root/go \
-		-e GOCACHE=/root/.cache/go-build \
-		-e TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=true \
-		-e TF_PLUGIN_CACHE_DIR=/root/.terraform.d/plugin-cache \
-		-e "SKIP=$(SKIP)" \
-		-e "PRE_COMMIT_HOME=/app/.cache/pre-commit" \
-		${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
-		bash -c 'git config --global --add safe.directory /app && asdf install && pre-commit run -a --show-diff-on-failure $(HOOK)'
-
-.PHONY: pre-commit-all
-pre-commit-all: ## Run all pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
-	$(MAKE) _runhooks HOOK="" SKIP=""
-
-.PHONY: pre-commit-terraform
-pre-commit-terraform: ## Run the terraform pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
-	$(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,end-of-file-fixer,fix-byte-order-marker,trailing-whitespace,check-yaml,fix-smartquotes,go-fmt,golangci-lint,renovate-config-validator"
-
-.PHONY: pre-commit-golang
-pre-commit-golang: ## Run the golang pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
-	$(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,end-of-file-fixer,fix-byte-order-marker,trailing-whitespace,check-yaml,fix-smartquotes,terraform_fmt,terraform_docs,terraform_checkov,terraform_tflint,renovate-config-validator"
-
-.PHONY: pre-commit-renovate
-pre-commit-renovate: ## Run the renovate pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
-	$(MAKE) _runhooks HOOK="renovate-config-validator" SKIP=""
-
-.PHONY: pre-commit-common
-pre-commit-common: ## Run the common pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
-	$(MAKE) _runhooks HOOK="" SKIP="go-fmt,golangci-lint,terraform_fmt,terraform_docs,terraform_checkov,terraform_tflint,renovate-config-validator"
-
-.PHONY: fix-cache-permissions
-fix-cache-permissions: ## Fixes the permissions on the pre-commit cache
-	docker run $(TTY_ARG) --rm -v "${PWD}:/app" --workdir "/app" -e "PRE_COMMIT_HOME=/app/.cache/pre-commit" ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} chmod -R a+rx .cache
+.PHONY: tfdocs
+tfdocs: ## update the terraform docs
+	tofu init
+	tofu validate
+	tofu fmt -recursive
+	terraform-docs markdown table --indent 2 --output-mode inject --output-file README.md .
+
+.PHONY: tflint
+tflint: ## tflint
+	tflint
+	
+lint-go: ## Run golang-ci-lint to lint the go code (must `brew install golangci-lint` first)
+	golangci-lint run
diff --git a/README.md b/README.md
index 7897915..af6e0e7 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ go test -count 1 -v .
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.42.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.62.0 |
 
 ## Modules
 
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..ea39a8f
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,21 @@
+{
+    "enabled": true,
+    "forkProcessing": "enabled",
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+      "github>defenseunicorns/uds-common//config/renovate.json5",
+      ":semanticPrefixFixDepsChoreOthers",
+      "config:base",
+      "group:all",
+      "replacements:all",
+      "workarounds:all"
+    ],
+    "packageRules": [
+      {
+        "matchManagers": ["terraform"],
+        "matchDepTypes": ["module"],
+        "matchDatasources": ["github-tags", "git-tags"],
+        "versioning": "loose"
+      }
+    ]
+  }