diff --git a/route53-zone-association/zone/README.md b/route53-zone-association/zone/README.md
index e3cf260..2c80f5b 100644
--- a/route53-zone-association/zone/README.md
+++ b/route53-zone-association/zone/README.md
@@ -2,6 +2,11 @@
 
 Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer
 
+<!-- BEGIN_TF_DOCS -->
+# About aws-vpc-setup :: route53-zone-assoication :: zone
+
+Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer
+
 ## Requirements
 
 | Name | Version |
@@ -18,9 +23,9 @@ Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
-| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 4.0.0 |
-| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 4.0.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.74.0 |
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | 5.74.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | 5.74.0 |
 
 ## Modules
 
@@ -64,3 +69,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_zones"></a> [zones](#output\_zones) | Map of zone ids to zone names for PHZs |
+<!-- END_TF_DOCS -->
diff --git a/route53-zone-association/zone/main.tf b/route53-zone-association/zone/main.tf
index 596efa6..882e88a 100644
--- a/route53-zone-association/zone/main.tf
+++ b/route53-zone-association/zone/main.tf
@@ -15,12 +15,13 @@ locals {
     "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
     "boc:created_by"        = "terraform"
   }
-  zone_ids = compact(var.zone_ids)
+  zone_ids     = compact(var.zone_ids)
+  zone_ids_map = { for z in local.zone_ids : z => z }
 }
 
 resource "aws_route53_vpc_association_authorization" "self_zone" {
   provider   = aws.self
-  for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? toset(local.zone_ids) : toset([])
+  for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? local.zone_ids_map : {}
   zone_id    = each.key
   vpc_region = var.region == null ? data.aws_region.peer.name : var.region
   vpc_id     = var.vpc_id
@@ -28,7 +29,7 @@ resource "aws_route53_vpc_association_authorization" "self_zone" {
 
 resource "aws_route53_zone_association" "self_zone" {
   provider = aws.peer
-  for_each = toset(local.zone_ids)
+  for_each = local.zone_ids_map
 
   zone_id    = each.key
   vpc_id     = var.vpc_id
@@ -42,7 +43,7 @@ resource "aws_route53_zone_association" "self_zone" {
 #---
 data "aws_route53_zone" "zones" {
   provider     = aws.self
-  for_each     = toset(local.zone_ids)
+  for_each     = local.zone_ids_map
   zone_id      = each.key
   private_zone = var.private_zone
 }