diff --git a/acmpca/certificate.tf b/acmpca/certificate.tf
index 5b3fcd0..14f06ea 100644
--- a/acmpca/certificate.tf
+++ b/acmpca/certificate.tf
@@ -4,7 +4,7 @@ locals {
 
   ca_mode     = lookup(local._defaults["mode"], var.certificate_authority_mode, null)
   ca_type     = lookup(local._defaults["template"], var.certificate_type, null)
-  ca_settings = var.certificate_mode == "general" ? local.ca_longterm_settings : local.ca_shortterm_settings
+  ca_settings = var.certificate_authority_mode == "general" ? local.ca_longterm_settings : local.ca_shortterm_settings
 
   output_file_directory = var.output_file_directory != null ? var.output_file_directory : format("%v/%v", path.root, "certs")
 
@@ -39,11 +39,11 @@ resource "aws_acmpca_certificate" "certificate" {
   lifecycle {
     create_before_destroy = true
     precondition {
-      condition     = var.certificate_mode == "general" || (var.certificate_mode == "short" && var.certificate_type == "end-entity")
+      condition     = var.certificate_authority_mode == "general" || (var.certificate_authority_mode == "short" && var.certificate_type == "end-entity")
       error_message = "certificate_mode and certificate_type conflict."
     }
     precondition {
-      condition     = var.certificate_mode == "general" || (var.certificate_mode == "short" && var.validity_days <= 7)
+      condition     = var.certificate_authority_mode == "general" || (var.certificate_authority_mode == "short" && var.validity_days <= 7)
       error_message = "certificate_mode short must have validity <= 7 days."
     }
   }
@@ -64,7 +64,7 @@ locals {
 
 resource "null_resource" "output_directory" {
   count = var.create_files && local.output_file_directory != null ? 1 : 0
-  local-exec {
+  provisioner "local-exec" {
     command = "test -d ${local.output_file_directory} || mkdir -p ${local.output_file_directory}"
   }
 }