diff --git a/common/version.tf b/common/version.tf
index 623dad5..a85d9a7 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.6.3"
+  _module_version = "2.7.0"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 
@@ -10,10 +10,12 @@ locals {
     "nacls"                                = "aws-vpc-setup/nacls"
     "peer"                                 = "aws-vpc-setup/peer"
     "routing"                              = "aws-vpc-setup/routing"
+    "route53-zone-assoication/vpc"         = "aws-vpc/setup/route53-zone-association/vpc"
+    "route53-zone-assoication/zone"        = "aws-vpc/setup/route53-zone-association/zone"
     "security-groups"                      = "aws-vpc-setup/security-groups"
-    "tag-shared-vpc-resources"             = "aws-vpc-setup/tag-shared-vpc-resources"
     "share-resources"                      = "aws-vpc-setup/share-resources"
     "subnets"                              = "aws-vpc-setup/subnets"
+    "tag-shared-vpc-resources"             = "aws-vpc-setup/tag-shared-vpc-resources"
     "vpc"                                  = "aws-vpc-setup/vpc"
     "vpc-interface-endpoint"               = "aws-vpc-setup/vpc-interface-endpoint"
     "vpn"                                  = "aws-vpc-setup/vpn"
diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf
index d804ded..cfbe343 100644
--- a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf
+++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf
@@ -53,3 +53,8 @@ data "aws_security_groups" "test" {
   }
 }
 
+# https://docs.aws.amazon.com/linux/al2023/ug/get-started.html
+data "aws_ssm_parameter" "ami" {
+  name = "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64"
+}
+
diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf
index bffa088..8a3e6bb 100644
--- a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf
+++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf
@@ -17,7 +17,8 @@ resource "aws_instance" "test" {
   #  for_each = var.enable_instances ? local.private_subnets_id_map : {}
   for_each = var.enable_instances ? { for k in local.private_subnets_id_list : k => local.private_subnets_id_map[k] } : {}
 
-  ami                    = local.ami
+  #  ami                    = local.ami
+  ami                    = data.aws_ssm_parameter.ami.value
   instance_type          = local.instance_type
   availability_zone      = each.value.availability_zone
   key_name               = local.key_name
diff --git a/examples/full-setup-tf-upgrade/apps/dns/tf-run.data b/examples/full-setup-tf-upgrade/apps/dns/tf-run.data
index 26ec2e6..1365909 100644
--- a/examples/full-setup-tf-upgrade/apps/dns/tf-run.data
+++ b/examples/full-setup-tf-upgrade/apps/dns/tf-run.data
@@ -1,11 +1,16 @@
-VERSION 1.1.3
+VERSION 1.1.4
 REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
 
-LINKTOP includes.d/variables.application_tags.tf 
-LINKTOP includes.d/prod/variables.application_tags.auto.tfvars 
+LINKTOP includes.d/variables.account_tags.tf
+LINKTOP includes.d/variables.account_tags.auto.tfvars
+LINKTOP includes.d/variables.infrastructure_tags.tf
+LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars
+LINKTOP includes.d/variables.application_tags.tf
+## LINKTOP includes.d/variables.application_tags.auto.tfvars
+
 LINK variables.vpc.tf
 LINK variables.vpc.auto.tfvars
 
diff --git a/examples/full-setup-tf-upgrade/apps/tf-run.data b/examples/full-setup-tf-upgrade/apps/tf-run.data
index f8cad8e..8e4d78e 100644
--- a/examples/full-setup-tf-upgrade/apps/tf-run.data
+++ b/examples/full-setup-tf-upgrade/apps/tf-run.data
@@ -1,7 +1,12 @@
-VERSION 1.0.0
+VERSION 1.0.3
 REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
+COMMAND rm provider.infoblox.*
+
+LINK variables.vpc.auto.tfvars 
+# LINK variables.vpc.tf .
+
 ALL
 COMMAND tf-directory-setup.py -l s3
diff --git a/examples/full-setup-tf-upgrade/apps/versions.tf b/examples/full-setup-tf-upgrade/apps/versions.tf
index ec1ce3c..54c9599 100644
--- a/examples/full-setup-tf-upgrade/apps/versions.tf
+++ b/examples/full-setup-tf-upgrade/apps/versions.tf
@@ -1,12 +1,37 @@
+#terraform {
+#  experiments = [module_variable_optional_attrs]
+#}
+
 terraform {
+  required_version = ">= 1.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0"
-    }
-    infoblox = {
-      source  = "infobloxopen/infoblox"
-      version = ">= 2.1.0"
+      version = ">= 4.55.0"
     }
+    ##     ldap = {
+    ##       source  = "trevex/ldap"
+    ##       version = ">= 0.5.4"
+    ##     }
+    ##     external = {
+    ##       source  = "hashicorp/external"
+    ##       version = ">= 1.0"
+    ##     }
+    ##     null = {
+    ##       source  = "hashicorp/null"
+    ##       version = ">= 1.0"
+    ##     }
+    ##     random = {
+    ##       source  = "hashicorp/random"
+    ##       version = ">= 1.0"
+    ##     }
+    ##     template = {
+    ##       source  = "hashicorp/template"
+    ##       version = ">= 1.0"
+    ##     }
+    ##     infoblox = {
+    ##       source  = "infobloxopen/infoblox"
+    ##       version = ">= 2.1.0"
+    ##     }
   }
 }
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/README.md b/examples/shared-vpc-setup-tf-upgrade/apps/dns/README.md
deleted file mode 100644
index 0d006f9..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/README.md
+++ /dev/null
@@ -1,55 +0,0 @@
-<!-- BEGIN_TF_DOCS -->
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-| <a name="provider_aws.east_main_dns"></a> [aws.east\_main\_dns](#provider\_aws.east\_main\_dns) | n/a |
-| <a name="provider_aws.west_main_dns"></a> [aws.west\_main\_dns](#provider\_aws.west\_main\_dns) | n/a |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_route53_resolver_rule_association.all_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
-| [aws_route53_vpc_association_authorization.east_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_vpc_association_authorization.east_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_vpc_association_authorization.west_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_vpc_association_authorization.west_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
-| [aws_route53_zone.ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
-| [aws_route53_zone_association.east_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
-| [aws_route53_zone_association.east_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
-| [aws_route53_zone_association.west_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
-| [aws_route53_zone_association.west_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
-| [aws_route53_resolver_rules.all_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_resolver_rules) | data source |
-| [aws_route53_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_dns_zone_create"></a> [dns\_zone\_create](#input\_dns\_zone\_create) | Flag determing to create (true) or associate (false) the main forward zone.  Used for the same VPC domain name across different regions or VPCs | `bool` | `true` | no |
-| <a name="input_dns_zone_description_prefix"></a> [dns\_zone\_description\_prefix](#input\_dns\_zone\_description\_prefix) | Zone description with the org-project-program-environment | `string` | `""` | no |
-| <a name="input_main_dns_profile"></a> [main\_dns\_profile](#input\_main\_dns\_profile) | Profile name for AWS for the main DNS central account | `string` | `"107742151971-do2-govcloud"` | no |
-| <a name="input_main_dns_vpcs"></a> [main\_dns\_vpcs](#input\_main\_dns\_vpcs) | Map of region and VPC ids of the vpc1-services in us-gov-west-1 and us-gov-east-1 for centralized DNS | `map(string)` | <pre>{<br>  "us-gov-east-1": "vpc-099a991da7c4eb8a5",<br>  "us-gov-west-1": "vpc-77877a12"<br>}</pre> | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_all_zones"></a> [all\_zones](#output\_all\_zones) | DNS zone list |
-| <a name="output_domain_zone_id"></a> [domain\_zone\_id](#output\_domain\_zone\_id) | DNS Zone ID |
-| <a name="output_domain_zone_ns"></a> [domain\_zone\_ns](#output\_domain\_zone\_ns) | DNS Zone Nameservers |
-| <a name="output_ptr_zone_id"></a> [ptr\_zone\_id](#output\_ptr\_zone\_id) | DNS PTR Zone IDs |
-| <a name="output_ptr_zone_info"></a> [ptr\_zone\_info](#output\_ptr\_zone\_info) | DNS PTR Zone Info |
-| <a name="output_ptr_zone_ns"></a> [ptr\_zone\_ns](#output\_ptr\_zone\_ns) | DNS PTR Zone Nameservers |
-<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/associate-shared.tf b/examples/shared-vpc-setup-tf-upgrade/apps/dns/associate-shared.tf
deleted file mode 100644
index ea9a292..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/associate-shared.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-## locals {
-##   reverse_zones = flatten([
-##     "10.in-addr.arpa",
-##     "168.192.in-addr.arpa",
-##     "129.148.in-addr.arpa",
-##     [for x in range(16, 32) : format("%v.172.in-addr.arpa", x)],
-##   ])
-##   reverse_rules  = formatlist("reverse-%v", local.reverse_zones)
-##   forward_rules  = ["forward-all-onprem", "amazon"]
-##   all_main_rules = formatlist("resolver-%v", concat(local.forward_rules, local.reverse_rules))
-## }
-
-data "aws_route53_resolver_rules" "all_rules" {
-  share_status = "SHARED_WITH_ME"
-}
-
-data "aws_route53_resolver_rules" "all_rules_me" {
-  share_status = "SHARED_BY_ME"
-}
-
-resource "aws_route53_resolver_rule_association" "all_rules" {
-  for_each         = length(data.aws_route53_resolver_rules.all_rules.resolver_rule_ids) > 0 ? toset(data.aws_route53_resolver_rules.all_rules.resolver_rule_ids) : (var.profile != var.main_dns_profile ? toset(data.aws_route53_resolver_rules.all_rules_me.resolver_rule_ids) : toset([]))
-  resolver_rule_id = each.key
-  vpc_id           = local.vpc_id
-}
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/locals.tf b/examples/shared-vpc-setup-tf-upgrade/apps/dns/locals.tf
deleted file mode 100644
index 6c49d21..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/locals.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-locals {
-  base_tags = {
-    "boc:created_by" = "terraform"
-  }
-}
-
-locals {
-  vpc_info       = data.terraform_remote_state.vpc_REGION_vpcN.outputs.vpc_info
-  vpc_id         = local.vpc_info["vpc_id"]
-  domain_name    = local.vpc_info["vpc_domain_name"]
-  dns_servers    = local.vpc_info["vpc_dns_servers"]
-  vpc_short_name = local.vpc_info["vpc_short_name"]
-}
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/provider.main_dns.tf b/examples/shared-vpc-setup-tf-upgrade/apps/dns/provider.main_dns.tf
deleted file mode 100644
index 0e693d1..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/provider.main_dns.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-provider "aws" {
-  alias   = "east_main_dns"
-  region  = var.region_map["east"]
-  profile = var.main_dns_profile
-}
-
-provider "aws" {
-  alias   = "west_main_dns"
-  region  = var.region_map["west"]
-  profile = var.main_dns_profile
-}
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/sort-ip.py b/examples/shared-vpc-setup-tf-upgrade/apps/dns/sort-ip.py
deleted file mode 100755
index 293f723..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/sort-ip.py
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/env python
-
-import json
-import sys
-import ipaddress
-
-r=0
-outdata={'ip_addresses_sorted':''}
-try:
-  indata=json.load(sys.stdin)
-  ipa=indata['ip_addresses'].split(',')
-  ips=sorted(ipa,key=ipaddress.ip_address)
-  outdata['ip_addresses_sorted']=','.join(ips)
-  print(json.dumps(outdata))
-except:
-  sys.stderr.write("unable to parse input address\n")
-  r=1
-
-sys.exit(r)
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/tf-run.data b/examples/shared-vpc-setup-tf-upgrade/apps/dns/tf-run.data
deleted file mode 100644
index 26ec2e6..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/tf-run.data
+++ /dev/null
@@ -1,13 +0,0 @@
-VERSION 1.1.3
-REMOTE-STATE
-COMMAND tf-directory-setup.py -l none -f
-COMMAND setup-new-directory.sh
-COMMAND tf-init -upgrade
-
-LINKTOP includes.d/variables.application_tags.tf 
-LINKTOP includes.d/prod/variables.application_tags.auto.tfvars 
-LINK variables.vpc.tf
-LINK variables.vpc.auto.tfvars
-
-ALL
-COMMAND tf-directory-setup.py -l s3
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/variables.dns.auto.tfvars b/examples/shared-vpc-setup-tf-upgrade/apps/dns/variables.dns.auto.tfvars
deleted file mode 100644
index 649480f..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/variables.dns.auto.tfvars
+++ /dev/null
@@ -1,2 +0,0 @@
-dns_zone_description_prefix = "{project} {environment}"
-dns_zone_create             = true
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/variables.dns.tf b/examples/shared-vpc-setup-tf-upgrade/apps/dns/variables.dns.tf
deleted file mode 100644
index 68ed443..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/variables.dns.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-variable "main_dns_vpcs" {
-  description = "Map of region and VPC ids of the vpc1-services in us-gov-west-1 and us-gov-east-1 for centralized DNS"
-  type        = map(string)
-  default = {
-    "us-gov-west-1" = "vpc-77877a12"
-    "us-gov-east-1" = "vpc-099a991da7c4eb8a5"
-  }
-}
-
-variable "main_dns_profile" {
-  description = "Profile name for AWS for the main DNS central account"
-  type        = string
-  default     = "107742151971-do2-govcloud"
-}
-
-
-variable "dns_zone_description_prefix" {
-  description = "Zone description with the org-project-program-environment"
-  type        = string
-  default     = ""
-}
-
-variable "dns_zone_create" {
-  description = "Flag determing to create (true) or associate (false) the main forward zone.  Used for the same VPC domain name across different regions or VPCs"
-  type        = bool
-  default     = true
-}
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/versions.tf b/examples/shared-vpc-setup-tf-upgrade/apps/dns/versions.tf
deleted file mode 100644
index c791e91..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/versions.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.0"
-    }
-  }
-}
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/zones.tf b/examples/shared-vpc-setup-tf-upgrade/apps/dns/zones.tf
deleted file mode 100644
index d58dcd4..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/dns/zones.tf
+++ /dev/null
@@ -1,209 +0,0 @@
-locals {
-  # calculate set of /24 blocks for PTR subnets from cidr bock size
-  vpc_cidr_block = local.vpc_info["vpc_cidr_block"]
-  bits           = tonumber(split("/", local.vpc_cidr_block)[1])
-  split_bits     = 24 - local.bits
-  _ptr_zones     = local.split_bits > 0 ? { for x in range(0, pow(2, local.split_bits)) : x => cidrsubnet(local.vpc_cidr_block, local.split_bits, x) } : {}
-  ptr_zones = { for x, s in local._ptr_zones : s => {
-    index    = x
-    cidr     = s
-    octets   = split(".", split("/", s)[0])
-    bits     = tonumber(split("/", s)[1])
-    ptr_zone = format("%v.in-addr.arpa", join(".", reverse(slice(split(".", split("/", s)[0]), 0, 3))))
-    }
-  }
-
-  zone_description = var.dns_zone_description_prefix == "" ? var.dns_zone_description_prefix : format("%v ", var.dns_zone_description_prefix)
-}
-
-#---
-# domain (forward) zone
-#   need to pull this ando ther forward zones up to vpc/apps/dns
-#---
-data "aws_route53_zone" "domain_zone" {
-  #  provider = aws.east
-  count        = var.dns_zone_create ? 0 : 1
-  name         = local.domain_name
-  private_zone = true
-}
-
-resource "aws_route53_zone" "domain_zone" {
-  count         = var.dns_zone_create ? 1 : 0
-  name          = local.domain_name
-  comment       = format("%vDNS Forward Zone %v", local.zone_description, local.domain_name)
-  force_destroy = false
-
-  vpc {
-    vpc_id     = local.vpc_id
-    vpc_region = local.region
-  }
-
-  lifecycle {
-    ignore_changes = [vpc]
-  }
-
-  tags = merge(
-    local.base_tags,
-    local.common_tags,
-    var.application_tags,
-    tomap({ "Name" = local.domain_name }),
-  )
-}
-
-resource "aws_route53_vpc_association_authorization" "west_domain_zone" {
-  #  provider = aws.west_main_dns
-  #  for_each   = tomap({ "zone" = var.dns_zone_create ? aws_route53_zone.domain_zone[0] : data.aws_route53_zone.domain_zone[0] })
-  for_each   = var.dns_zone_create ? { "zone" = aws_route53_zone.domain_zone[0] } : {}
-  zone_id    = each.value.zone_id
-  vpc_region = "us-gov-west-1"
-  vpc_id     = var.main_dns_vpcs["us-gov-west-1"]
-}
-
-resource "aws_route53_zone_association" "west_domain_zone" {
-  provider = aws.west_main_dns
-  for_each = var.dns_zone_create ? aws_route53_vpc_association_authorization.west_domain_zone : {}
-
-  zone_id    = each.value.zone_id
-  vpc_id     = each.value.vpc_id
-  vpc_region = each.value.vpc_region
-}
-
-# resource "aws_route53_zone_association" "east_domain_zone"  {
-#   for_each = tomap({"zone" = aws_route53_zone.domain_zone[0]})
-#   zone_id = each.value.zone_id
-#   vpc_region  = "us-gov-east-1"
-#   vpc_id  = var.main_dns_vpcs["us-gov-east-1"]
-# }
-
-resource "aws_route53_vpc_association_authorization" "east_domain_zone" {
-  #  provider = aws.east_main_dns
-  #  for_each = tomap({ "zone" = var.dns_zone_create ? aws_route53_zone.domain_zone[0] : data.aws_route53_zone.domain_zone[0] })
-  for_each = var.dns_zone_create ? { "zone" = aws_route53_zone.domain_zone[0] } : {}
-
-  zone_id    = each.value.zone_id
-  vpc_region = "us-gov-east-1"
-  vpc_id     = var.main_dns_vpcs["us-gov-east-1"]
-}
-
-resource "aws_route53_zone_association" "east_domain_zone" {
-  provider   = aws.east_main_dns
-  for_each   = var.dns_zone_create ? aws_route53_vpc_association_authorization.east_domain_zone : {}
-  zone_id    = each.value.zone_id
-  vpc_id     = each.value.vpc_id
-  vpc_region = each.value.vpc_region
-}
-
-output "domain_zone_id" {
-  description = "DNS Zone ID"
-  #  value       = aws_route53_zone.domain_zone[0].zone_id
-  value = var.dns_zone_create ? aws_route53_zone.domain_zone[0].zone_id : data.aws_route53_zone.domain_zone[0].zone_id
-}
-
-output "domain_zone_ns" {
-  description = "DNS Zone Nameservers"
-  #  value       = aws_route53_zone.domain_zone[0].name_servers
-  value = var.dns_zone_create ? aws_route53_zone.domain_zone[0].name_servers : data.aws_route53_zone.domain_zone[0].name_servers
-}
-
-#---
-# ptr (reverse) zones
-#---
-resource "aws_route53_zone" "ptr_zone" {
-  for_each = local.ptr_zones
-
-  name          = each.value.ptr_zone
-  comment       = format("%vDNS PTR Zone %v (%v)", local.zone_description, each.value.ptr_zone, each.value.cidr)
-  force_destroy = false
-
-  vpc {
-    vpc_id     = local.vpc_id
-    vpc_region = local.region
-  }
-
-  lifecycle {
-    ignore_changes = [vpc]
-  }
-
-  tags = merge(
-    local.base_tags,
-    local.common_tags,
-    var.application_tags,
-    tomap({ "Name" = each.value.ptr_zone }),
-  )
-}
-
-resource "aws_route53_vpc_association_authorization" "west_ptr_zone" {
-  #  provider = aws.west_main_dns
-  for_each = aws_route53_zone.ptr_zone
-
-  zone_id    = each.value.zone_id
-  vpc_region = "us-gov-west-1"
-  vpc_id     = var.main_dns_vpcs["us-gov-west-1"]
-}
-
-resource "aws_route53_zone_association" "west_ptr_zone" {
-  provider = aws.west_main_dns
-  for_each = aws_route53_vpc_association_authorization.west_ptr_zone
-
-  zone_id    = each.value.zone_id
-  vpc_id     = each.value.vpc_id
-  vpc_region = each.value.vpc_region
-}
-
-resource "aws_route53_vpc_association_authorization" "east_ptr_zone" {
-  #  provider = aws.east_main_dns
-  for_each = aws_route53_zone.ptr_zone
-
-  zone_id    = each.value.zone_id
-  vpc_region = "us-gov-east-1"
-  vpc_id     = var.main_dns_vpcs["us-gov-east-1"]
-}
-
-resource "aws_route53_zone_association" "east_ptr_zone" {
-  provider = aws.east_main_dns
-  for_each = aws_route53_vpc_association_authorization.east_ptr_zone
-
-  zone_id    = each.value.zone_id
-  vpc_id     = each.value.vpc_id
-  vpc_region = each.value.vpc_region
-}
-
-## resource "aws_route53_zone_association" "west_ptr_zone" {
-##   for_each = aws_route53_zone.ptr_zone
-##   zone_id = each.value.zone_id
-##   vpc_region  = "us-gov-west-1"
-##   vpc_id  = var.main_dns_vpcs["us-gov-west-1"]
-## }
-## 
-## resource "aws_route53_zone_association" "east_ptr_zone" {
-##   for_each = aws_route53_zone.ptr_zone
-##   zone_id = each.value.zone_id
-##   vpc_region  = "us-gov-east-1"
-##   vpc_id  = var.main_dns_vpcs["us-gov-east-1"]
-## }
-## 
-
-output "ptr_zone_id" {
-  description = "DNS PTR Zone IDs"
-  value       = { for x, s in local.ptr_zones : x => aws_route53_zone.ptr_zone[x].zone_id }
-}
-
-output "ptr_zone_ns" {
-  description = "DNS PTR Zone Nameservers"
-  value       = { for x, s in local.ptr_zones : x => aws_route53_zone.ptr_zone[x].name_servers }
-}
-
-output "ptr_zone_info" {
-  description = "DNS PTR Zone Info"
-  value = { for x, s in local.ptr_zones : x => {
-    cidr         = s.cidr
-    ptr_zone     = s.ptr_zone
-    zone_id      = aws_route53_zone.ptr_zone[x].zone_id
-    name_servers = aws_route53_zone.ptr_zone[x].name_servers
-  } }
-}
-
-output "all_zones" {
-  description = "DNS zone list"
-  value       = flatten(concat([local.domain_name], [for x, s in local.ptr_zones : s.ptr_zone]))
-}
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/region.tf b/examples/shared-vpc-setup-tf-upgrade/apps/region.tf
deleted file mode 100644
index f617506..0000000
--- a/examples/shared-vpc-setup-tf-upgrade/apps/region.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-locals {
-  region = var.region
-}
diff --git a/examples/shared-vpc-setup-tf-upgrade/.gitignore b/examples/shared-vpc/.gitignore
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/.gitignore
rename to examples/shared-vpc/.gitignore
diff --git a/examples/shared-vpc-setup-tf-upgrade/.tf-control b/examples/shared-vpc/.tf-control
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/.tf-control
rename to examples/shared-vpc/.tf-control
diff --git a/examples/shared-vpc-setup-tf-upgrade/.tf-control.tfrc b/examples/shared-vpc/.tf-control.tfrc
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/.tf-control.tfrc
rename to examples/shared-vpc/.tf-control.tfrc
diff --git a/examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mariadb.tf b/examples/shared-vpc/OFF/sg-rds-mariadb.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mariadb.tf
rename to examples/shared-vpc/OFF/sg-rds-mariadb.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mssql.tf b/examples/shared-vpc/OFF/sg-rds-mssql.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mssql.tf
rename to examples/shared-vpc/OFF/sg-rds-mssql.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mysql.tf b/examples/shared-vpc/OFF/sg-rds-mysql.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mysql.tf
rename to examples/shared-vpc/OFF/sg-rds-mysql.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-postgres.tf b/examples/shared-vpc/OFF/sg-rds-postgres.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-postgres.tf
rename to examples/shared-vpc/OFF/sg-rds-postgres.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/README.md b/examples/shared-vpc/README.md
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/README.md
rename to examples/shared-vpc/README.md
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/.terraform-docs.yml b/examples/shared-vpc/apps/.terraform-docs.yml
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/apps/.terraform-docs.yml
rename to examples/shared-vpc/apps/.terraform-docs.yml
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/.tf-control b/examples/shared-vpc/apps/.tf-control
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/apps/.tf-control
rename to examples/shared-vpc/apps/.tf-control
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/.tf-control.tfrc b/examples/shared-vpc/apps/.tf-control.tfrc
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/apps/.tf-control.tfrc
rename to examples/shared-vpc/apps/.tf-control.tfrc
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/.terraform-docs.yml b/examples/shared-vpc/apps/dns/.terraform-docs.yml
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/apps/dns/.terraform-docs.yml
rename to examples/shared-vpc/apps/dns/.terraform-docs.yml
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/dns/region.tf b/examples/shared-vpc/apps/region.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/apps/dns/region.tf
rename to examples/shared-vpc/apps/region.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/tf-run.data b/examples/shared-vpc/apps/tf-run.data
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/apps/tf-run.data
rename to examples/shared-vpc/apps/tf-run.data
diff --git a/examples/shared-vpc-setup-tf-upgrade/apps/versions.tf b/examples/shared-vpc/apps/versions.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/apps/versions.tf
rename to examples/shared-vpc/apps/versions.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/data.tf b/examples/shared-vpc/data.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/data.tf
rename to examples/shared-vpc/data.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/data.vpc.tf b/examples/shared-vpc/data.vpc.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/data.vpc.tf
rename to examples/shared-vpc/data.vpc.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/outputs.tf b/examples/shared-vpc/outputs.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/outputs.tf
rename to examples/shared-vpc/outputs.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/region.tf b/examples/shared-vpc/region.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/region.tf
rename to examples/shared-vpc/region.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/sg-web.tf b/examples/shared-vpc/sg-web.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/sg-web.tf
rename to examples/shared-vpc/sg-web.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/tf-run.data b/examples/shared-vpc/tf-run.data
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/tf-run.data
rename to examples/shared-vpc/tf-run.data
diff --git a/examples/shared-vpc-setup-tf-upgrade/variables.availability_zones.tf b/examples/shared-vpc/variables.availability_zones.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/variables.availability_zones.tf
rename to examples/shared-vpc/variables.availability_zones.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/variables.subnets.auto.tfvars b/examples/shared-vpc/variables.subnets.auto.tfvars
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/variables.subnets.auto.tfvars
rename to examples/shared-vpc/variables.subnets.auto.tfvars
diff --git a/examples/shared-vpc-setup-tf-upgrade/variables.subnets.tf b/examples/shared-vpc/variables.subnets.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/variables.subnets.tf
rename to examples/shared-vpc/variables.subnets.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/variables.vpc.auto.tfvars b/examples/shared-vpc/variables.vpc.auto.tfvars
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/variables.vpc.auto.tfvars
rename to examples/shared-vpc/variables.vpc.auto.tfvars
diff --git a/examples/shared-vpc-setup-tf-upgrade/variables.vpc.tf b/examples/shared-vpc/variables.vpc.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/variables.vpc.tf
rename to examples/shared-vpc/variables.vpc.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/versions.tf b/examples/shared-vpc/versions.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/versions.tf
rename to examples/shared-vpc/versions.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/vpc-endpoints.tf b/examples/shared-vpc/vpc-endpoints.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/vpc-endpoints.tf
rename to examples/shared-vpc/vpc-endpoints.tf
diff --git a/examples/shared-vpc-setup-tf-upgrade/vpc.tf b/examples/shared-vpc/vpc.tf
similarity index 100%
rename from examples/shared-vpc-setup-tf-upgrade/vpc.tf
rename to examples/shared-vpc/vpc.tf
diff --git a/route53-zone-association/common/README.md b/route53-zone-association/common/README.md
new file mode 100644
index 0000000..8ba66c1
--- /dev/null
+++ b/route53-zone-association/common/README.md
@@ -0,0 +1,35 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | n/a |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_account_alias.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_iam_account_alias.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_region.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
diff --git a/route53-zone-association/common/data.peer.tf b/route53-zone-association/common/data.peer.tf
new file mode 100644
index 0000000..e6d747f
--- /dev/null
+++ b/route53-zone-association/common/data.peer.tf
@@ -0,0 +1,37 @@
+data "aws_caller_identity" "peer" {
+  provider = aws.peer
+}
+
+data "aws_arn" "peer" {
+  provider = aws.peer
+  arn      = data.aws_caller_identity.peer.arn
+}
+
+data "aws_region" "peer" {
+  provider = aws.peer
+}
+
+data "aws_iam_account_alias" "peer" {
+  provider = aws.peer
+}
+
+# output "caller_account_id" {
+#   value = data.aws_caller_identity.peer.account_id
+# }
+#
+# output "account_caller_arn" {
+#   value = data.aws_caller_identity.peer.arn
+# }
+#
+# output "account_caller_arn_partition" {
+#   value = data.aws_arn.peer.partition
+# }
+#
+# output "account_region_name" {
+#   value = data.aws_region.peer.name
+# }
+#
+# output "account_alias" {
+#   value = data.aws_iam_account_alias.peer.account_alias
+# }
+
diff --git a/route53-zone-association/common/data.self.tf b/route53-zone-association/common/data.self.tf
new file mode 100644
index 0000000..055ee35
--- /dev/null
+++ b/route53-zone-association/common/data.self.tf
@@ -0,0 +1,36 @@
+data "aws_caller_identity" "self" {
+  provider = aws.self
+}
+
+data "aws_arn" "self" {
+  provider = aws.self
+  arn      = data.aws_caller_identity.self.arn
+}
+
+data "aws_region" "self" {
+  provider = aws.self
+}
+
+data "aws_iam_account_alias" "self" {
+  provider = aws.self
+}
+
+# output "caller_account_id" {
+#   value = data.aws_caller_identity.self.account_id
+# }
+#
+# output "account_caller_arn" {
+#   value = data.aws_caller_identity.self.arn
+# }
+#
+# output "account_caller_arn_partition" {
+#   value = data.aws_arn.self.partition
+# }
+#
+# output "account_region_name" {
+#   value = data.aws_region.self.name
+# }
+#
+# output "account_alias" {
+#   value = data.aws_iam_account_alias.self.account_alias
+# }
diff --git a/route53-zone-association/vpc/README.md b/route53-zone-association/vpc/README.md
new file mode 100644
index 0000000..21a6d5a
--- /dev/null
+++ b/route53-zone-association/vpc/README.md
@@ -0,0 +1,61 @@
+# About aws-vpc-setup :: route53-zone-assoication :: vpc
+
+Associate VPC in aws.self to Private Hosted Zone(s) (PHZ) in aws.peer
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
+| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | >= 0.5.4 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 4.0.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 4.0.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_vpc_association_authorization.peer_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_zone_association.peer_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_iam_account_alias.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_iam_account_alias.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID with which to associate Route53 PHZs | `string` | n/a | yes |
+| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | List of Route53 PHZs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
+
+## Outputs
+
+No outputs.
diff --git a/route53-zone-association/vpc/data.peer.tf b/route53-zone-association/vpc/data.peer.tf
new file mode 120000
index 0000000..531a8ea
--- /dev/null
+++ b/route53-zone-association/vpc/data.peer.tf
@@ -0,0 +1 @@
+../common/data.peer.tf
\ No newline at end of file
diff --git a/route53-zone-association/vpc/data.self.tf b/route53-zone-association/vpc/data.self.tf
new file mode 120000
index 0000000..74be818
--- /dev/null
+++ b/route53-zone-association/vpc/data.self.tf
@@ -0,0 +1 @@
+../common/data.self.tf
\ No newline at end of file
diff --git a/route53-zone-association/vpc/data.tf b/route53-zone-association/vpc/data.tf
new file mode 120000
index 0000000..37fff16
--- /dev/null
+++ b/route53-zone-association/vpc/data.tf
@@ -0,0 +1 @@
+../../common/data.tf
\ No newline at end of file
diff --git a/route53-zone-association/vpc/defaults.tf b/route53-zone-association/vpc/defaults.tf
new file mode 120000
index 0000000..1227df3
--- /dev/null
+++ b/route53-zone-association/vpc/defaults.tf
@@ -0,0 +1 @@
+../../common/defaults.tf
\ No newline at end of file
diff --git a/route53-zone-association/vpc/main.tf b/route53-zone-association/vpc/main.tf
new file mode 100644
index 0000000..3d4bddf
--- /dev/null
+++ b/route53-zone-association/vpc/main.tf
@@ -0,0 +1,35 @@
+/*
+* # About aws-vpc-setup :: route53-zone-assoication :: vpc
+* 
+* Associate VPC in aws.self to Private Hosted Zone(s) (PHZ) in aws.peer
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+  region              = data.aws_region.current.name
+  region_short        = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
+    "boc:created_by"        = "terraform"
+  }
+}
+
+resource "aws_route53_vpc_association_authorization" "peer_zone" {
+  provider   = aws.peer
+  for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? toset(var.zone_ids) : toset([])
+  zone_id    = each.key
+  vpc_region = data.aws_region.peer.name
+  vpc_id     = var.vpc_id
+}
+
+resource "aws_route53_zone_association" "peer_zone" {
+  provider = aws.self
+  for_each = toset(var.zone_ids)
+
+  zone_id    = each.key
+  vpc_id     = var.vpc_id
+  vpc_region = data.aws_region.self.name
+}
diff --git a/route53-zone-association/vpc/module_name.tf b/route53-zone-association/vpc/module_name.tf
new file mode 100644
index 0000000..a88a2e7
--- /dev/null
+++ b/route53-zone-association/vpc/module_name.tf
@@ -0,0 +1,3 @@
+locals {
+  _module_name = "route53-zone-assoication/vpc"
+}
diff --git a/route53-zone-association/vpc/prefixes.tf b/route53-zone-association/vpc/prefixes.tf
new file mode 120000
index 0000000..5bc256c
--- /dev/null
+++ b/route53-zone-association/vpc/prefixes.tf
@@ -0,0 +1 @@
+../../common/prefixes.tf
\ No newline at end of file
diff --git a/route53-zone-association/vpc/variables.common.tf b/route53-zone-association/vpc/variables.common.tf
new file mode 120000
index 0000000..e01226c
--- /dev/null
+++ b/route53-zone-association/vpc/variables.common.tf
@@ -0,0 +1 @@
+../../common/variables.common.tf
\ No newline at end of file
diff --git a/route53-zone-association/vpc/variables.tf b/route53-zone-association/vpc/variables.tf
new file mode 100644
index 0000000..2484e8a
--- /dev/null
+++ b/route53-zone-association/vpc/variables.tf
@@ -0,0 +1,11 @@
+variable "zone_ids" {
+  description = "List of Route53 PHZs to associate with a (local/remote) VPC"
+  type        = list(string)
+  default     = []
+}
+
+variable "vpc_id" {
+  description = "VPC ID with which to associate Route53 PHZs"
+  type        = string
+}
+
diff --git a/route53-zone-association/vpc/version.tf b/route53-zone-association/vpc/version.tf
new file mode 120000
index 0000000..4950c91
--- /dev/null
+++ b/route53-zone-association/vpc/version.tf
@@ -0,0 +1 @@
+../../common/version.tf
\ No newline at end of file
diff --git a/route53-zone-association/vpc/versions.tf b/route53-zone-association/vpc/versions.tf
new file mode 100644
index 0000000..b3f1f2a
--- /dev/null
+++ b/route53-zone-association/vpc/versions.tf
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    aws = {
+      source                = "hashicorp/aws"
+      version               = ">= 4.0.0"
+      configuration_aliases = [aws.self, aws.peer]
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.0"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = ">= 2.0"
+    }
+    ldap = {
+      source  = "trevex/ldap"
+      version = ">= 0.5.4"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 1.0.0"
+    }
+  }
+  required_version = ">= 1.0.0"
+}
diff --git a/route53-zone-association/zone/README.md b/route53-zone-association/zone/README.md
new file mode 100644
index 0000000..f362ac3
--- /dev/null
+++ b/route53-zone-association/zone/README.md
@@ -0,0 +1,61 @@
+# About aws-vpc-setup :: route53-zone-assoication :: zone
+
+Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
+| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | >= 0.5.4 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 4.0.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 4.0.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_vpc_association_authorization.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_zone_association.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_iam_account_alias.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_iam_account_alias.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID with which to associate Route53 PHZs | `string` | n/a | yes |
+| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | List of Route53 PHZs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
+
+## Outputs
+
+No outputs.
diff --git a/route53-zone-association/zone/data.peer.tf b/route53-zone-association/zone/data.peer.tf
new file mode 120000
index 0000000..531a8ea
--- /dev/null
+++ b/route53-zone-association/zone/data.peer.tf
@@ -0,0 +1 @@
+../common/data.peer.tf
\ No newline at end of file
diff --git a/route53-zone-association/zone/data.self.tf b/route53-zone-association/zone/data.self.tf
new file mode 120000
index 0000000..74be818
--- /dev/null
+++ b/route53-zone-association/zone/data.self.tf
@@ -0,0 +1 @@
+../common/data.self.tf
\ No newline at end of file
diff --git a/route53-zone-association/zone/data.tf b/route53-zone-association/zone/data.tf
new file mode 120000
index 0000000..37fff16
--- /dev/null
+++ b/route53-zone-association/zone/data.tf
@@ -0,0 +1 @@
+../../common/data.tf
\ No newline at end of file
diff --git a/route53-zone-association/zone/defaults.tf b/route53-zone-association/zone/defaults.tf
new file mode 120000
index 0000000..1227df3
--- /dev/null
+++ b/route53-zone-association/zone/defaults.tf
@@ -0,0 +1 @@
+../../common/defaults.tf
\ No newline at end of file
diff --git a/route53-zone-association/zone/main.tf b/route53-zone-association/zone/main.tf
new file mode 100644
index 0000000..9508d00
--- /dev/null
+++ b/route53-zone-association/zone/main.tf
@@ -0,0 +1,35 @@
+/*
+* # About aws-vpc-setup :: route53-zone-assoication :: zone
+* 
+* Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+  region              = data.aws_region.current.name
+  region_short        = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
+    "boc:created_by"        = "terraform"
+  }
+}
+
+resource "aws_route53_vpc_association_authorization" "self_zone" {
+  provider   = aws.self
+  for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? toset(var.zone_ids) : toset([])
+  zone_id    = each.key
+  vpc_region = data.aws_region.self.name
+  vpc_id     = var.vpc_id
+}
+
+resource "aws_route53_zone_association" "self_zone" {
+  provider = aws.peer
+  for_each = toset(var.zone_ids)
+
+  zone_id    = each.key
+  vpc_id     = var.vpc_id
+  vpc_region = data.aws_region.peer.name
+}
diff --git a/route53-zone-association/zone/module_name.tf b/route53-zone-association/zone/module_name.tf
new file mode 100644
index 0000000..aab7674
--- /dev/null
+++ b/route53-zone-association/zone/module_name.tf
@@ -0,0 +1,3 @@
+locals {
+  _module_name = "route53-zone-assoication/zone"
+}
diff --git a/route53-zone-association/zone/prefixes.tf b/route53-zone-association/zone/prefixes.tf
new file mode 120000
index 0000000..5bc256c
--- /dev/null
+++ b/route53-zone-association/zone/prefixes.tf
@@ -0,0 +1 @@
+../../common/prefixes.tf
\ No newline at end of file
diff --git a/route53-zone-association/zone/variables.common.tf b/route53-zone-association/zone/variables.common.tf
new file mode 120000
index 0000000..e01226c
--- /dev/null
+++ b/route53-zone-association/zone/variables.common.tf
@@ -0,0 +1 @@
+../../common/variables.common.tf
\ No newline at end of file
diff --git a/route53-zone-association/zone/variables.tf b/route53-zone-association/zone/variables.tf
new file mode 100644
index 0000000..b91bb89
--- /dev/null
+++ b/route53-zone-association/zone/variables.tf
@@ -0,0 +1,10 @@
+variable "zone_ids" {
+  description = "List of Route53 PHZs to associate with a (local/remote) VPC"
+  type        = list(string)
+  default     = []
+}
+
+variable "vpc_id" {
+  description = "VPC ID with which to associate Route53 PHZs"
+  type        = string
+}
diff --git a/route53-zone-association/zone/version.tf b/route53-zone-association/zone/version.tf
new file mode 120000
index 0000000..4950c91
--- /dev/null
+++ b/route53-zone-association/zone/version.tf
@@ -0,0 +1 @@
+../../common/version.tf
\ No newline at end of file
diff --git a/route53-zone-association/zone/versions.tf b/route53-zone-association/zone/versions.tf
new file mode 100644
index 0000000..b3f1f2a
--- /dev/null
+++ b/route53-zone-association/zone/versions.tf
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    aws = {
+      source                = "hashicorp/aws"
+      version               = ">= 4.0.0"
+      configuration_aliases = [aws.self, aws.peer]
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.0"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = ">= 2.0"
+    }
+    ldap = {
+      source  = "trevex/ldap"
+      version = ">= 0.5.4"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 1.0.0"
+    }
+  }
+  required_version = ">= 1.0.0"
+}