diff --git a/_outputs.tf b/_outputs.tf
index 2b831dd..1d57c24 100644
--- a/_outputs.tf
+++ b/_outputs.tf
@@ -1,67 +1,67 @@
 output "alb_id" {
-  value = "${aws_lb.ecs.*.id}"
+  value = aws_lb.ecs.*.id
 }
 
 output "alb_arn" {
-  value = "${aws_lb.ecs.*.arn}"
+  value = aws_lb.ecs.*.arn
 }
 
 output "alb_dns_name" {
-  value = "${aws_lb.ecs.*.dns_name}"
+  value = aws_lb.ecs.*.dns_name
 }
 
 output "alb_zone_id" {
-  value = "${aws_lb.ecs.*.zone_id}"
+  value = aws_lb.ecs.*.zone_id
 }
 
 output "ecs_iam_role_arn" {
-  value = "${aws_iam_role.ecs.arn}"
+  value = aws_iam_role.ecs.arn
 }
 
 output "ecs_iam_role_name" {
-  value = "${aws_iam_role.ecs.name}"
+  value = aws_iam_role.ecs.name
 }
 
 output "ecs_service_iam_role_arn" {
-  value = "${aws_iam_role.ecs_service.arn}"
+  value = aws_iam_role.ecs_service.arn
 }
 
 output "ecs_service_iam_role_name" {
-  value = "${aws_iam_role.ecs_service.name}"
+  value = aws_iam_role.ecs_service.name
 }
 
 output "ecs_task_iam_role_arn" {
-  value = "${aws_iam_role.ecs_task.arn}"
+  value = aws_iam_role.ecs_task.arn
 }
 
 output "ecs_task_iam_role_name" {
-  value = "${aws_iam_role.ecs_task.name}"
+  value = aws_iam_role.ecs_task.name
 }
 
 output "ecs_id" {
-  value = "${aws_ecs_cluster.ecs.id}"
+  value = aws_ecs_cluster.ecs.id
 }
 
 output "ecs_arn" {
-  value = "${aws_ecs_cluster.ecs.arn}"
+  value = aws_ecs_cluster.ecs.arn
 }
 
 output "ecs_name" {
-  value = "${aws_ecs_cluster.ecs.name}"
+  value = aws_ecs_cluster.ecs.name
 }
 
 output "alb_listener_https_arn" {
-  value = "${aws_lb_listener.ecs_https.*.arn}"
+  value = aws_lb_listener.ecs_https.*.arn
 }
 
 output "ecs_nodes_secgrp_id" {
-  value = "${aws_security_group.ecs_nodes.id}"
+  value = aws_security_group.ecs_nodes.id
 }
 
 output "alb_secgrp_id" {
-  value = "${aws_security_group.alb.*.id}"
+  value = aws_security_group.alb.*.id
 }
 
 output "alb_cloudfront_key" {
-  value = "${random_string.alb_cloudfront_key.result}"
+  value = random_string.alb_cloudfront_key.result
 }
diff --git a/_variables.tf b/_variables.tf
index 564c083..708cd0f 100644
--- a/_variables.tf
+++ b/_variables.tf
@@ -31,17 +31,17 @@ variable "vpc_id" {
 }
 
 variable "private_subnet_ids" {
-  type        = "list"
+  type        = list(string)
   description = "List of private subnet IDs for ECS instances"
 }
 
 variable "public_subnet_ids" {
-  type        = "list"
+  type        = list(string)
   description = "List of public subnet IDs for ECS ALB"
 }
 
 variable "secure_subnet_ids" {
-  type        = "list"
+  type        = list(string)
   description = "List of secure subnet IDs for EFS"
 }
 
@@ -50,7 +50,7 @@ variable "certificate_arn" {}
 # == OPTIONAL VARS
 
 variable "security_group_ids" {
-  type        = "list"
+  type        = list(string)
   default     = []
   description = "Extra security groups for instances"
 }
@@ -97,7 +97,7 @@ variable "expire_backup_efs" {
 
 variable "target_group_arns" {
   default     = []
-  type        = "list"
+  type        = list(string)
   description = "List of target groups for ASG to register"
 }
 
diff --git a/alb.tf b/alb.tf
index e48f86a..63b5d5b 100644
--- a/alb.tf
+++ b/alb.tf
@@ -1,5 +1,5 @@
 resource "aws_lb" "ecs" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   load_balancer_type = "application"
   internal           = false
@@ -18,13 +18,13 @@ resource "aws_lb" "ecs" {
 }
 
 resource "aws_lb_listener" "ecs_https" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   load_balancer_arn = aws_lb.ecs[0].arn
   port              = "443"
   protocol          = "HTTPS"
   ssl_policy        = "ELBSecurityPolicy-2016-08"
-  certificate_arn   = "${var.certificate_arn}"
+  certificate_arn   = var.certificate_arn
 
   default_action {
     type             = "forward"
@@ -33,7 +33,7 @@ resource "aws_lb_listener" "ecs_https" {
 }
 
 resource "aws_lb_listener" "ecs_http_redirect" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   load_balancer_arn = aws_lb.ecs[0].arn
   port              = "80"
@@ -51,19 +51,19 @@ resource "aws_lb_listener" "ecs_http_redirect" {
 }
 
 resource "aws_lb_target_group" "ecs_default_http" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   name     = "ecs-${var.name}-default-http"
   port     = 80
   protocol = "HTTP"
-  vpc_id   = "${var.vpc_id}"
+  vpc_id   = var.vpc_id
 }
 
 resource "aws_lb_target_group" "ecs_default_https" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   name     = "ecs-${var.name}-default-https"
   port     = 80
   protocol = "HTTP"
-  vpc_id   = "${var.vpc_id}"
+  vpc_id   = var.vpc_id
 }
diff --git a/asg.tf b/asg.tf
index 4a4dcac..fd10f70 100644
--- a/asg.tf
+++ b/asg.tf
@@ -4,37 +4,37 @@ resource "aws_autoscaling_group" "ecs" {
   mixed_instances_policy {
     launch_template {
       launch_template_specification {
-        launch_template_id = "${aws_launch_template.ecs.id}"
+        launch_template_id = aws_launch_template.ecs.id
         version            = "$Latest"
       }
 
       override {
-        instance_type = "${var.instance_type_1}"
+        instance_type = var.instance_type_1
       }
 
       override {
-        instance_type = "${var.instance_type_2}"
+        instance_type = var.instance_type_2
       }
 
       override {
-        instance_type = "${var.instance_type_3}"
+        instance_type = var.instance_type_3
       }
     }
 
     instances_distribution {
       spot_instance_pools                      = 3
-      on_demand_base_capacity                  = "${var.on_demand_base_capacity}"
-      on_demand_percentage_above_base_capacity = "${var.on_demand_percentage}"
+      on_demand_base_capacity                  = var.on_demand_base_capacity
+      on_demand_percentage_above_base_capacity = var.on_demand_percentage
     }
   }
 
   vpc_zone_identifier = var.private_subnet_ids
 
-  min_size = "${var.asg_min}"
-  max_size = "${var.asg_max}"
+  min_size = var.asg_min
+  max_size = var.asg_max
 
   tags = [
-    "${map("key", "Name", "value", "ecs-node-${var.name}", "propagate_at_launch", true)}",
+    map("key", "Name", "value", "ecs-node-${var.name}", "propagate_at_launch", true)
   ]
 
   target_group_arns = var.target_group_arns
@@ -48,14 +48,14 @@ resource "aws_autoscaling_group" "ecs" {
 resource "aws_autoscaling_policy" "ecs_memory_tracking" {
   name                      = "ecs-${var.name}-memory"
   policy_type               = "TargetTrackingScaling"
-  autoscaling_group_name    = "${aws_autoscaling_group.ecs.name}"
+  autoscaling_group_name    = aws_autoscaling_group.ecs.name
   estimated_instance_warmup = "180"
 
   target_tracking_configuration {
     customized_metric_specification {
       metric_dimension {
         name  = "ClusterName"
-        value = "${aws_ecs_cluster.ecs.name}"
+        value = aws_ecs_cluster.ecs.name
       }
 
       metric_name = "MemoryReservation"
@@ -64,6 +64,6 @@ resource "aws_autoscaling_policy" "ecs_memory_tracking" {
       unit        = "Percent"
     }
 
-    target_value = "${var.asg_memory_target}"
+    target_value = var.asg_memory_target
   }
 }
diff --git a/cf-exports.tf b/cf-exports.tf
index 52a74e0..8364b56 100644
--- a/cf-exports.tf
+++ b/cf-exports.tf
@@ -4,23 +4,23 @@ resource "aws_cloudformation_stack" "tf_exports" {
   template_body = templatefile("${path.module}/cf-exports.yml", {
     "name" = var.name,
     "vars" = {
-      "AlbId"                 = "${aws_lb.ecs.*.id[0]}",
-      "AlbArn"                = "${aws_lb.ecs.*.arn[0]}",
-      "AlbDnsName"            = "${aws_lb.ecs.*.dns_name[0]}",
-      "AlbZoneId"             = "${aws_lb.ecs.*.zone_id[0]}",
-      "AlbSecgrpId"           = "${aws_security_group.alb.*.id[0]}"
-      "EcsIamRoleArn"         = "${aws_iam_role.ecs.arn}",
-      "EcsIamRoleName"        = "${aws_iam_role.ecs.name}",
-      "EcsServiceIamRoleArn"  = "${aws_iam_role.ecs_service.arn}",
-      "EcsServiceIamRoleName" = "${aws_iam_role.ecs_service.name}",
-      "EcsTaskIamRoleArn"     = "${aws_iam_role.ecs_task.arn}",
-      "EcsTaskIamRoleName"    = "${aws_iam_role.ecs_task.name}",
-      "EcsId"                 = "${aws_ecs_cluster.ecs.*.id[0]}",
-      "EcsName"               = "${aws_ecs_cluster.ecs.*.name[0]}",
-      "EcsArn"                = "${aws_ecs_cluster.ecs.*.arn[0]}",
-      "AlbListenerHttpsArn"   = "${aws_lb_listener.ecs_https.*.arn[0]}",
-      "EcsNodesSecGrpId"      = "${aws_security_group.ecs_nodes.id}",
-      "VpcId"                 = "${var.vpc_id}"
+      "AlbId"                 = aws_lb.ecs.*.id[0],
+      "AlbArn"                = aws_lb.ecs.*.arn[0],
+      "AlbDnsName"            = aws_lb.ecs.*.dns_name[0],
+      "AlbZoneId"             = aws_lb.ecs.*.zone_id[0],
+      "AlbSecgrpId"           = aws_security_group.alb.*.id[0]
+      "EcsIamRoleArn"         = aws_iam_role.ecs.arn,
+      "EcsIamRoleName"        = aws_iam_role.ecs.name,
+      "EcsServiceIamRoleArn"  = aws_iam_role.ecs_service.arn,
+      "EcsServiceIamRoleName" = aws_iam_role.ecs_service.name,
+      "EcsTaskIamRoleArn"     = aws_iam_role.ecs_task.arn,
+      "EcsTaskIamRoleName"    = aws_iam_role.ecs_task.name,
+      "EcsId"                 = aws_ecs_cluster.ecs.*.id[0],
+      "EcsName"               = aws_ecs_cluster.ecs.*.name[0],
+      "EcsArn"                = aws_ecs_cluster.ecs.*.arn[0],
+      "AlbListenerHttpsArn"   = aws_lb_listener.ecs_https.*.arn[0],
+      "EcsNodesSecGrpId"      = aws_security_group.ecs_nodes.id,
+      "VpcId"                 = var.vpc_id
     }
   })
-}
\ No newline at end of file
+}
diff --git a/cloutwatch-alarms.tf b/cloutwatch-alarms.tf
index 34ec230..a9fbda7 100644
--- a/cloutwatch-alarms.tf
+++ b/cloutwatch-alarms.tf
@@ -1,5 +1,5 @@
 resource "aws_cloudwatch_metric_alarm" "high_memory" {
-  count = "${length(var.alarm_sns_topics) > 0 ? 1 : 0}"
+  count = length(var.alarm_sns_topics) > 0 ? 1 : 0
 
   alarm_name                = "${data.aws_iam_account_alias.current.account_alias}-ecs-${var.name}-high-memory"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -14,12 +14,12 @@ resource "aws_cloudwatch_metric_alarm" "high_memory" {
   ok_actions                = var.alarm_sns_topics
 
   dimensions = {
-    ClusterName = "${aws_ecs_cluster.ecs.name}"
+    ClusterName = aws_ecs_cluster.ecs.name
   }
 }
 
 resource "aws_cloudwatch_metric_alarm" "high_cpu" {
-  count = "${length(var.alarm_sns_topics) > 0 ? 1 : 0}"
+  count = length(var.alarm_sns_topics) > 0 ? 1 : 0
 
   alarm_name                = "${data.aws_iam_account_alias.current.account_alias}-ecs-${var.name}-high-cpu"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -34,6 +34,6 @@ resource "aws_cloudwatch_metric_alarm" "high_cpu" {
   ok_actions                = var.alarm_sns_topics
 
   dimensions = {
-    ClusterName = "${aws_ecs_cluster.ecs.name}"
+    ClusterName = aws_ecs_cluster.ecs.name
   }
 }
\ No newline at end of file
diff --git a/ec2-launch-template.tf b/ec2-launch-template.tf
index 85d2a69..ce25a79 100644
--- a/ec2-launch-template.tf
+++ b/ec2-launch-template.tf
@@ -1,27 +1,27 @@
 data "template_file" "userdata" {
-  template = "${file("${path.module}/userdata.tpl")}"
+  template = file("${path.module}/userdata.tpl")
 
   vars = {
-    tf_cluster_name = "${aws_ecs_cluster.ecs.name}"
-    tf_efs_id       = "${aws_efs_file_system.ecs.id}"
-    userdata_extra  = "${var.userdata}"
+    tf_cluster_name = aws_ecs_cluster.ecs.name
+    tf_efs_id       = aws_efs_file_system.ecs.id
+    userdata_extra  = var.userdata
   }
 }
 
 resource "aws_launch_template" "ecs" {
   name_prefix   = "ecs-${var.name}-"
-  image_id      = "${data.aws_ami.amzn.image_id}"
-  instance_type = "${var.instance_type_1}"
+  image_id      = data.aws_ami.amzn.image_id
+  instance_type = var.instance_type_1
 
   iam_instance_profile {
-    name = "${aws_iam_instance_profile.ecs.name}"
+    name = aws_iam_instance_profile.ecs.name
   }
 
   block_device_mappings {
     device_name = "/dev/xvda"
 
     ebs {
-      volume_size = "${var.instance_volume_size_root}"
+      volume_size = var.instance_volume_size_root
     }
   }
 
@@ -29,13 +29,13 @@ resource "aws_launch_template" "ecs" {
     device_name = "/dev/xvdcz"
 
     ebs {
-      volume_size = "${var.instance_volume_size}"
+      volume_size = var.instance_volume_size
     }
   }
 
   vpc_security_group_ids = concat(list(aws_security_group.ecs_nodes.id), var.security_group_ids)
 
-  user_data = "${base64encode(data.template_file.userdata.rendered)}"
+  user_data = base64encode(data.template_file.userdata.rendered)
 
   lifecycle {
     create_before_destroy = true
diff --git a/ecs.tf b/ecs.tf
index 9f32c5d..278f309 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -1,3 +1,3 @@
 resource "aws_ecs_cluster" "ecs" {
-  name = "${var.name}"
+  name = var.name
 }
diff --git a/efs-backup.tf b/efs-backup.tf
index 11b839c..ea981a5 100644
--- a/efs-backup.tf
+++ b/efs-backup.tf
@@ -1,25 +1,25 @@
 resource "aws_backup_vault" "nfs" {
-  count = "${var.expire_backup_efs > 0 ? 1 : 0}"
+  count = var.expire_backup_efs > 0 ? 1 : 0
   name  = "vault-${var.name}"
 }
 
 resource "aws_backup_plan" "bkp_efs_plan" {
-  count = "${var.expire_backup_efs > 0 ? 1 : 0}"
+  count = var.expire_backup_efs > 0 ? 1 : 0
   name  = "Backup-${var.name}"
 
   rule {
     rule_name           = "Daily-Backup-${var.name}"
-    target_vault_name   = "${aws_backup_vault.nfs.*.name[count.index]}"
+    target_vault_name   = aws_backup_vault.nfs.*.name[count.index]
     schedule            = "cron(0 22 * * ? *)"
     lifecycle{
-      delete_after      =  "${var.expire_backup_efs}"
+      delete_after      = var.expire_backup_efs
     }
 
   }
 }
 
 resource "aws_iam_role" "efs_backup_role" {
-  count = "${var.expire_backup_efs > 0 ? 1 : 0}"
+  count = var.expire_backup_efs > 0 ? 1 : 0
   
   name               = "Backup-efs-${var.name}"
   assume_role_policy = <<POLICY
@@ -39,20 +39,20 @@ POLICY
 }
 
 resource "aws_iam_role_policy_attachment" "efs_backup_role" {
-  count = "${var.expire_backup_efs > 0 ? 1 : 0}"
+  count = var.expire_backup_efs > 0 ? 1 : 0
   
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
-  role       = "${aws_iam_role.efs_backup_role.*.name[count.index]}"
+  role       = aws_iam_role.efs_backup_role.*.name[count.index]
 }
 
 
 resource "aws_backup_selection" "example" {
-  count = "${var.expire_backup_efs > 0 ? 1 : 0}"
+  count = var.expire_backup_efs > 0 ? 1 : 0
   
-  iam_role_arn = "${aws_iam_role.efs_backup_role.*.arn[count.index]}"
+  iam_role_arn = aws_iam_role.efs_backup_role.*.arn[count.index]
   name         = "Backup-efs-${var.name}"
-  plan_id      = "${aws_backup_plan.bkp_efs_plan.*.id[count.index]}"
+  plan_id      = aws_backup_plan.bkp_efs_plan.*.id[count.index]
   resources = [
-    "${aws_efs_file_system.ecs.arn}",
+    aws_efs_file_system.ecs.arn
   ]
 }
diff --git a/efs.tf b/efs.tf
index 395a46a..1555281 100644
--- a/efs.tf
+++ b/efs.tf
@@ -12,12 +12,12 @@ resource "aws_efs_file_system" "ecs" {
 }
 
 resource "aws_efs_mount_target" "ecs" {
-  count          = "${length(var.secure_subnet_ids)}"
-  file_system_id = "${aws_efs_file_system.ecs.id}"
-  subnet_id      = "${var.secure_subnet_ids[count.index]}"
+  count          = length(var.secure_subnet_ids)
+  file_system_id = aws_efs_file_system.ecs.id
+  subnet_id      = element(var.secure_subnet_ids, count.index)
 
   security_groups = [
-    "${aws_security_group.efs.id}",
+    aws_security_group.efs.id
   ]
 
   lifecycle {
@@ -28,7 +28,7 @@ resource "aws_efs_mount_target" "ecs" {
 resource "aws_security_group" "efs" {
   name        = "ecs-${var.name}-efs"
   description = "for EFS to talk to ECS cluster"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
 
   tags = {
     Name = "ecs-efs-${var.name}"
@@ -41,6 +41,6 @@ resource "aws_security_group_rule" "nfs_from_ecs_to_efs" {
   from_port                = 2049
   to_port                  = 2049
   protocol                 = "tcp"
-  security_group_id        = "${aws_security_group.efs.id}"
-  source_security_group_id = "${aws_security_group.ecs_nodes.id}"
+  security_group_id        = aws_security_group.efs.id
+  source_security_group_id = aws_security_group.ecs_nodes.id
 }
diff --git a/example/db.tf b/example/db.tf
index 3be1c1f..2a288bd 100644
--- a/example/db.tf
+++ b/example/db.tf
@@ -7,11 +7,11 @@ resource "aws_rds_cluster" "apps" {
   cluster_identifier      = "${local.workspace["db_name"]}-cluster"
   engine                  = "aurora"
   engine_mode             = "serverless"
-  db_subnet_group_name    = "${local.workspace["db_subnet"]}"
-  vpc_security_group_ids  = ["${aws_security_group.rds_apps.id}"]
+  db_subnet_group_name    = local.workspace["db_subnet"]
+  vpc_security_group_ids  = [aws_security_group.rds_apps.id]
   master_username         = "master"
-  master_password         = "${random_string.rds_apps_password.result}"
-  backup_retention_period = "${local.workspace["db_retention"]}"
+  master_password         = random_string.rds_apps_password.result
+  backup_retention_period = local.workspace["db_retention"]
   apply_immediately       = true
 
   scaling_configuration {
@@ -28,7 +28,7 @@ resource "aws_rds_cluster" "apps" {
 
 resource "aws_security_group" "rds_apps" {
   name   = "rds-${local.workspace["cluster_name"]}"
-  vpc_id = "${local.workspace["vpc_id"]}"
+  vpc_id = local.workspace["vpc_id"]
 
   lifecycle {
     create_before_destroy = true
@@ -38,13 +38,13 @@ resource "aws_security_group" "rds_apps" {
     from_port       = 3306
     to_port         = 3306
     protocol        = "tcp"
-    security_groups = ["${module.ecs_apps.ecs_nodes_secgrp_id}"]
+    security_groups = [module.ecs_apps.ecs_nodes_secgrp_id]
     description     = "From ECS Nodes"
   }
 }
 
 output "rds_host" {
-  value = "${aws_rds_cluster.apps.endpoint}"
+  value = aws_rds_cluster.apps.endpoint
 }
 
 output "rds_creds" {
diff --git a/example/ecs-app.tf b/example/ecs-app.tf
index 0c37154..fc6610d 100644
--- a/example/ecs-app.tf
+++ b/example/ecs-app.tf
@@ -1,11 +1,11 @@
 module "ecs_app_wordpress_01" {
   source                 = "git::https://github.com/DNXLabs/terraform-aws-ecs-app.git?ref=1.5.0"
-  vpc_id                 = "${local.workspace["vpc_id"]}"
-  cluster_name           = "${module.ecs_apps.ecs_name}"
-  service_role_arn       = "${module.ecs_apps.ecs_service_iam_role_arn}"
-  task_role_arn          = "${module.ecs_apps.ecs_task_iam_role_arn}"
-  alb_listener_https_arn = "${element(module.ecs_apps.alb_listener_https_arn, 0)}"
-  alb_dns_name           = "${element(module.ecs_apps.alb_dns_name, 0)}"
+  vpc_id                 = local.workspace["vpc_id"]
+  cluster_name           = module.ecs_apps.ecs_name
+  service_role_arn       = module.ecs_apps.ecs_service_iam_role_arn
+  task_role_arn          = module.ecs_apps.ecs_task_iam_role_arn
+  alb_listener_https_arn = element(module.ecs_apps.alb_listener_https_arn, 0)
+  alb_dns_name           = element(module.ecs_apps.alb_dns_name, 0)
   name                   = "wordpress-01"
   image                  = "nginxdemos/hello:latest"
   container_port         = 80
@@ -13,8 +13,8 @@ module "ecs_app_wordpress_01" {
   hostname_blue          = "wp01-blue.labs.dnx.host"                                             # signed by cf_certificate_arn
   hostname_origin        = "wp01-origin.labs.dnx.host"                                           # signed by alb_certificate_arn
   hosted_zone            = "labs.dnx.host"
-  certificate_arn        = "${local.workspace["cf_certificate_arn"]}"                            # goes on cloudfront
-  alb_cloudfront_key     = "${module.ecs_apps.alb_cloudfront_key}"
+  certificate_arn        = local.workspace["cf_certificate_arn"]                            # goes on cloudfront
+  alb_cloudfront_key     = module.ecs_apps.alb_cloudfront_key
 
   # use these values for Wordpress
   healthcheck_path                          = "/readme.html"
diff --git a/example/ecs-cluster.tf b/example/ecs-cluster.tf
index 2e11f2f..63c6247 100644
--- a/example/ecs-cluster.tf
+++ b/example/ecs-cluster.tf
@@ -4,10 +4,10 @@ module "ecs_apps" {
   instance_type_1      = "t3.large"
   instance_type_2      = "t2.large"
   instance_type_3      = "m2.xlarge"
-  vpc_id               = "${local.workspace["vpc_id"]}"
-  private_subnet_ids   = ["${split(",", local.workspace["private_subnet_ids"])}"]
-  public_subnet_ids    = ["${split(",", local.workspace["public_subnet_ids"])}"]
-  secure_subnet_ids    = ["${split(",", local.workspace["secure_subnet_ids"])}"]
-  certificate_arn      = "${local.workspace["alb_certificate_arn"]}"
+  vpc_id               = local.workspace["vpc_id"]
+  private_subnet_ids   = [split(",", local.workspace["private_subnet_ids"])]
+  public_subnet_ids    = [split(",", local.workspace["public_subnet_ids"])]
+  secure_subnet_ids    = [split(",", local.workspace["secure_subnet_ids"])]
+  certificate_arn      = local.workspace["alb_certificate_arn"]
   on_demand_percentage = 0
 }
diff --git a/example/variables.tf b/example/variables.tf
index 8387e7d..0931609 100644
--- a/example/variables.tf
+++ b/example/variables.tf
@@ -27,5 +27,5 @@ locals {
     }
   }
 
-  workspace = "${local.env[terraform.workspace]}"
+  workspace = local.env[terraform.workspace]
 }
diff --git a/iam-ecs-service.tf b/iam-ecs-service.tf
index d5030df..334c4b6 100644
--- a/iam-ecs-service.tf
+++ b/iam-ecs-service.tf
@@ -37,6 +37,6 @@ data "aws_iam_policy_document" "ecs_service_policy" {
 
 resource "aws_iam_role_policy" "ecs_service_role_policy" {
   name   = "ecs_service_role_policy-${var.name}"
-  policy = "${data.aws_iam_policy_document.ecs_service_policy.json}"
-  role   = "${aws_iam_role.ecs_service.id}"
+  policy = data.aws_iam_policy_document.ecs_service_policy.json
+  role   = aws_iam_role.ecs_service.id
 }
diff --git a/iam-ecs-task.tf b/iam-ecs-task.tf
index 101fef7..3858761 100644
--- a/iam-ecs-task.tf
+++ b/iam-ecs-task.tf
@@ -19,13 +19,13 @@ EOF
 }
 
 resource "aws_iam_role_policy_attachment" "ecs_task" {
-  role       = "${aws_iam_role.ecs_task.name}"
+  role       = aws_iam_role.ecs_task.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }
 
 resource "aws_iam_role_policy" "ssm_policy" {
   name = "ecs-ssm-policy"
-  role = "${aws_iam_role.ecs_task.name}"
+  role = aws_iam_role.ecs_task.name
 
   policy = <<EOF
 {
diff --git a/iam-ecs.tf b/iam-ecs.tf
index 2011ea4..8ef738e 100644
--- a/iam-ecs.tf
+++ b/iam-ecs.tf
@@ -1,6 +1,6 @@
 resource "aws_iam_instance_profile" "ecs" {
   name = "ecs-${var.name}-${data.aws_region.current.name}"
-  role = "${aws_iam_role.ecs.name}"
+  role = aws_iam_role.ecs.name
 }
 
 resource "aws_iam_role" "ecs" {
@@ -24,11 +24,11 @@ EOF
 }
 
 resource "aws_iam_role_policy_attachment" "ecs_ssm" {
-  role       = "${aws_iam_role.ecs.name}"
+  role       = aws_iam_role.ecs.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
 }
 
 resource "aws_iam_role_policy_attachment" "ecs_ecs" {
-  role       = "${aws_iam_role.ecs.name}"
+  role       = aws_iam_role.ecs.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
 }
diff --git a/sg-alb.tf b/sg-alb.tf
index 1bf96b9..f0b8360 100644
--- a/sg-alb.tf
+++ b/sg-alb.tf
@@ -1,9 +1,9 @@
 resource "aws_security_group" "alb" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   name        = "ecs-${var.name}-lb"
   description = "SG for ECS ALB"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
 
   tags = {
     Name = "ecs-${var.name}-lb"
@@ -11,7 +11,7 @@ resource "aws_security_group" "alb" {
 }
 
 resource "aws_security_group_rule" "http_from_world_to_alb" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   description       = "HTTP Redirect ECS ALB"
   type              = "ingress"
@@ -23,7 +23,7 @@ resource "aws_security_group_rule" "http_from_world_to_alb" {
 }
 
 resource "aws_security_group_rule" "https_from_world_to_alb" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   description       = "HTTPS ECS ALB"
   type              = "ingress"
@@ -35,7 +35,7 @@ resource "aws_security_group_rule" "https_from_world_to_alb" {
 }
 
 resource "aws_security_group_rule" "to_ecs_nodes" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   description              = "Traffic to ECS Nodes"
   type                     = "egress"
@@ -43,5 +43,5 @@ resource "aws_security_group_rule" "to_ecs_nodes" {
   to_port                  = 0
   protocol                 = "-1"
   security_group_id        = aws_security_group.alb[0].id
-  source_security_group_id = "${aws_security_group.ecs_nodes.id}"
+  source_security_group_id = aws_security_group.ecs_nodes.id
 }
diff --git a/sg-ecs-nodes.tf b/sg-ecs-nodes.tf
index ef6cecb..8f19f28 100644
--- a/sg-ecs-nodes.tf
+++ b/sg-ecs-nodes.tf
@@ -1,7 +1,7 @@
 resource "aws_security_group" "ecs_nodes" {
   name        = "ecs-${var.name}-nodes"
   description = "SG for ECS nodes"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
 
   tags = {
     Name = "ecs-${var.name}-nodes"
@@ -9,14 +9,14 @@ resource "aws_security_group" "ecs_nodes" {
 }
 
 resource "aws_security_group_rule" "all_from_alb_to_ecs_nodes" {
-  count = "${var.alb ? 1 : 0}"
+  count = var.alb ? 1 : 0
 
   description              = "from ALB"
   type                     = "ingress"
   from_port                = 0
   to_port                  = 0
   protocol                 = "-1"
-  security_group_id        = "${aws_security_group.ecs_nodes.id}"
+  security_group_id        = aws_security_group.ecs_nodes.id
   source_security_group_id = aws_security_group.alb[0].id
 }
 
@@ -26,8 +26,8 @@ resource "aws_security_group_rule" "all_from_ecs_nodes_to_ecs_nodes" {
   from_port                = 0
   to_port                  = 0
   protocol                 = "-1"
-  security_group_id        = "${aws_security_group.ecs_nodes.id}"
-  source_security_group_id = "${aws_security_group.ecs_nodes.id}"
+  security_group_id        = aws_security_group.ecs_nodes.id
+  source_security_group_id = aws_security_group.ecs_nodes.id
 }
 
 resource "aws_security_group_rule" "all_from_ecs_nodes_world" {
@@ -36,6 +36,6 @@ resource "aws_security_group_rule" "all_from_ecs_nodes_world" {
   from_port         = 0
   to_port           = 0
   protocol          = "-1"
-  security_group_id = "${aws_security_group.ecs_nodes.id}"
+  security_group_id = aws_security_group.ecs_nodes.id
   cidr_blocks       = ["0.0.0.0/0"]
 }
diff --git a/waf.tf b/waf.tf
index e39ff5f..c8fe7da 100644
--- a/waf.tf
+++ b/waf.tf
@@ -1,16 +1,16 @@
 resource "aws_wafregional_web_acl_association" "alb" {
-  count = "${var.alb && !var.alb_only ? 1 : 0}"
+  count = var.alb && !var.alb_only ? 1 : 0
 
   resource_arn = aws_lb.ecs[0].arn
   web_acl_id   = aws_wafregional_web_acl.alb[0].id
 }
 
 resource "aws_wafregional_web_acl" "alb" {
-  count = "${var.alb && !var.alb_only ? 1 : 0}"
+  count = var.alb && !var.alb_only ? 1 : 0
 
-  depends_on  = ["aws_wafregional_rule.alb_header"]
+  depends_on  = [aws_wafregional_rule.alb_header]
   name        = "alb_ecs_${var.name}"
-  metric_name = "${replace(format("alb_ecs_%s", var.name), "/[^a-zA-Z0-9]/", "")}"
+  metric_name = replace(format("alb_ecs_%s", var.name), "/[^a-zA-Z0-9]/", "")
 
   default_action {
     type = "ALLOW"
@@ -28,11 +28,11 @@ resource "aws_wafregional_web_acl" "alb" {
 }
 
 resource "aws_wafregional_rule" "alb_header" {
-  count = "${var.alb && !var.alb_only ? 1 : 0}"
+  count = var.alb && !var.alb_only ? 1 : 0
 
-  depends_on  = ["aws_wafregional_byte_match_set.alb_header"]
+  depends_on  = [aws_wafregional_byte_match_set.alb_header]
   name        = "alb_cloudfront_header_ecs_${var.name}"
-  metric_name = "${replace(format("alb_cloudfront_header_ecs_%s", var.name), "/[^a-zA-Z0-9]/", "")}"
+  metric_name = replace(format("alb_cloudfront_header_ecs_%s", var.name), "/[^a-zA-Z0-9]/", "")
 
   predicate {
     data_id = aws_wafregional_byte_match_set.alb_header[0].id
@@ -47,13 +47,13 @@ resource "random_string" "alb_cloudfront_key" {
 }
 
 resource "aws_wafregional_byte_match_set" "alb_header" {
-  count = "${var.alb && !var.alb_only ? 1 : 0}"
+  count = var.alb && !var.alb_only ? 1 : 0
 
   name = "alb_cloudfront_header_ecs_${var.name}"
 
   byte_match_tuples {
     text_transformation   = "NONE"
-    target_string         = "${random_string.alb_cloudfront_key.result}"
+    target_string         = random_string.alb_cloudfront_key.result
     positional_constraint = "EXACTLY"
 
     field_to_match {