diff --git a/examples/existing-ips/main.tf b/examples/existing-ips/main.tf
index 3f9a0954..982d2557 100644
--- a/examples/existing-ips/main.tf
+++ b/examples/existing-ips/main.tf
@@ -29,7 +29,7 @@ module "subnets" {
   vpc_id               = module.vpc.vpc_id
   igw_id               = [module.vpc.igw_id]
   ipv4_cidr_block      = [module.vpc.vpc_cidr_block]
-  nat_elastic_ips      = aws_eip.nat_ips.*.public_ip
+  nat_elastic_ips      = aws_eip.nat_ips[*].public_ip
   nat_gateway_enabled  = true
   nat_instance_enabled = false
 
diff --git a/examples/existing-ips/outputs.tf b/examples/existing-ips/outputs.tf
index a38081e0..fc78e315 100644
--- a/examples/existing-ips/outputs.tf
+++ b/examples/existing-ips/outputs.tf
@@ -1,6 +1,6 @@
 output "existing_ips" {
   description = "Elastic IP Addresses created by this module for use by NAT"
-  value       = aws_eip.nat_ips.*.public_ip
+  value       = aws_eip.nat_ips[*].public_ip
 }
 
 output "nat_ips" {
diff --git a/main.tf b/main.tf
index 1a7ab471..7eee8692 100644
--- a/main.tf
+++ b/main.tf
@@ -163,11 +163,11 @@ locals {
   )
 
   create_public_route_tables = local.public_route_table_enabled && length(var.public_route_table_ids) == 0
-  public_route_table_ids     = local.create_public_route_tables ? aws_route_table.public.*.id : var.public_route_table_ids
+  public_route_table_ids     = local.create_public_route_tables ? aws_route_table.public[*].id : var.public_route_table_ids
 
   private_route_table_enabled = local.private_enabled && var.private_route_table_enabled
   private_route_table_count   = local.private_route_table_enabled ? local.subnet_az_count : 0
-  private_route_table_ids     = local.private_route_table_enabled ? aws_route_table.private.*.id : []
+  private_route_table_ids     = local.private_route_table_enabled ? aws_route_table.private[*].id : []
 
   # public and private network ACLs
   # Support deprecated var.public_network_acl_id
@@ -199,7 +199,7 @@ locals {
   nat_enabled          = local.nat_gateway_enabled || local.nat_instance_enabled
   need_nat_eips        = local.nat_enabled && length(var.nat_elastic_ips) == 0
   need_nat_eip_data    = local.nat_enabled && length(var.nat_elastic_ips) > 0
-  nat_eip_allocations  = local.nat_enabled ? (local.need_nat_eips ? aws_eip.default.*.id : data.aws_eip.nat.*.id) : []
+  nat_eip_allocations  = local.nat_enabled ? (local.need_nat_eips ? aws_eip.default[*].id : data.aws_eip.nat[*].id) : []
 
   need_nat_ami_id     = local.nat_instance_enabled && length(var.nat_instance_ami_id) == 0
   nat_instance_ami_id = local.need_nat_ami_id ? data.aws_ami.nat_instance[0].id : try(var.nat_instance_ami_id[0], "")
diff --git a/nat-gateway.tf b/nat-gateway.tf
index 617f6763..03a95cfe 100644
--- a/nat-gateway.tf
+++ b/nat-gateway.tf
@@ -29,7 +29,7 @@ resource "aws_route" "nat4" {
   count = local.nat_gateway_enabled && local.private4_enabled ? local.private_route_table_count : 0
 
   route_table_id         = local.private_route_table_ids[count.index]
-  nat_gateway_id         = element(aws_nat_gateway.default.*.id, count.index)
+  nat_gateway_id         = element(aws_nat_gateway.default[*].id, count.index)
   destination_cidr_block = "0.0.0.0/0"
   depends_on             = [aws_route_table.private]
 
@@ -45,7 +45,7 @@ resource "aws_route" "private_nat64" {
   count = local.nat_gateway_enabled && local.private_dns64_enabled ? local.private_route_table_count : 0
 
   route_table_id              = local.private_route_table_ids[count.index]
-  nat_gateway_id              = element(aws_nat_gateway.default.*.id, count.index)
+  nat_gateway_id              = element(aws_nat_gateway.default[*].id, count.index)
   destination_ipv6_cidr_block = local.nat64_cidr
   depends_on                  = [aws_route_table.private]
 
@@ -61,7 +61,7 @@ resource "aws_route" "public_nat64" {
   count = local.nat_gateway_enabled && local.public_dns64_enabled ? local.public_route_table_count : 0
 
   route_table_id              = local.public_route_table_ids[count.index]
-  nat_gateway_id              = element(aws_nat_gateway.default.*.id, count.index)
+  nat_gateway_id              = element(aws_nat_gateway.default[*].id, count.index)
   destination_ipv6_cidr_block = local.nat64_cidr
   depends_on                  = [aws_route_table.public]
 
diff --git a/nat-instance.tf b/nat-instance.tf
index a6f781a4..70d0c50f 100644
--- a/nat-instance.tf
+++ b/nat-instance.tf
@@ -34,7 +34,7 @@ resource "aws_security_group_rule" "nat_instance_egress" {
   to_port           = 0
   protocol          = "-1"
   cidr_blocks       = ["0.0.0.0/0"] #tfsec:ignore:AWS007
-  security_group_id = join("", aws_security_group.nat_instance.*.id)
+  security_group_id = join("", aws_security_group.nat_instance[*].id)
   type              = "egress"
 }
 
@@ -46,7 +46,7 @@ resource "aws_security_group_rule" "nat_instance_ingress" {
   to_port           = 0
   protocol          = "-1"
   cidr_blocks       = [local.base_ipv4_cidr_block]
-  security_group_id = join("", aws_security_group.nat_instance.*.id)
+  security_group_id = join("", aws_security_group.nat_instance[*].id)
   type              = "ingress"
 }
 
@@ -130,7 +130,7 @@ resource "aws_route" "nat_instance" {
   count = local.nat_instance_enabled ? local.private_route_table_count : 0
 
   route_table_id         = local.private_route_table_ids[count.index]
-  network_interface_id   = element(aws_instance.nat_instance.*.primary_network_interface_id, count.index)
+  network_interface_id   = element(aws_instance.nat_instance[*].primary_network_interface_id, count.index)
   destination_cidr_block = "0.0.0.0/0"
   depends_on             = [aws_route_table.private]
 
diff --git a/outputs-deprecated.tf b/outputs-deprecated.tf
index edde41ae..851ed834 100644
--- a/outputs-deprecated.tf
+++ b/outputs-deprecated.tf
@@ -1,4 +1,4 @@
 output "nat_gateway_public_ips" {
   description = "DEPRECATED: use `nat_ips` instead. Public IPv4 IP addresses in use by NAT."
-  value       = local.need_nat_eip_data ? var.nat_elastic_ips : aws_eip.default.*.public_ip
+  value       = local.need_nat_eip_data ? var.nat_elastic_ips : aws_eip.default[*].public_ip
 }
diff --git a/outputs.tf b/outputs.tf
index 4ddaabd7..be6b0056 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -12,12 +12,12 @@ output "availability_zone_ids" {
 
 output "public_subnet_ids" {
   description = "IDs of the created public subnets"
-  value       = aws_subnet.public.*.id
+  value       = aws_subnet.public[*].id
 }
 
 output "private_subnet_ids" {
   description = "IDs of the created private subnets"
-  value       = aws_subnet.private.*.id
+  value       = aws_subnet.private[*].id
 }
 
 # Provide some consistency in CDIR outputs by always returning a list.
@@ -25,32 +25,32 @@ output "private_subnet_ids" {
 # value via configuration rather than computing it via `compact()`.
 output "public_subnet_cidrs" {
   description = "IPv4 CIDR blocks of the created public subnets"
-  value       = local.public4_enabled ? aws_subnet.public.*.cidr_block : []
+  value       = local.public4_enabled ? aws_subnet.public[*].cidr_block : []
 }
 
 output "public_subnet_ipv6_cidrs" {
   description = "IPv6 CIDR blocks of the created public subnets"
-  value       = local.public6_enabled ? aws_subnet.public.*.ipv6_cidr_block : []
+  value       = local.public6_enabled ? aws_subnet.public[*].ipv6_cidr_block : []
 }
 
 output "private_subnet_cidrs" {
   description = "IPv4 CIDR blocks of the created private subnets"
-  value       = local.private4_enabled ? aws_subnet.private.*.cidr_block : []
+  value       = local.private4_enabled ? aws_subnet.private[*].cidr_block : []
 }
 
 output "private_subnet_ipv6_cidrs" {
   description = "IPv6 CIDR blocks of the created private subnets"
-  value       = local.private6_enabled ? aws_subnet.private.*.ipv6_cidr_block : []
+  value       = local.private6_enabled ? aws_subnet.private[*].ipv6_cidr_block : []
 }
 
 output "public_route_table_ids" {
   description = "IDs of the created public route tables"
-  value       = aws_route_table.public.*.id
+  value       = aws_route_table.public[*].id
 }
 
 output "private_route_table_ids" {
   description = "IDs of the created private route tables"
-  value       = aws_route_table.private.*.id
+  value       = aws_route_table.private[*].id
 }
 
 output "public_network_acl_id" {
@@ -65,12 +65,12 @@ output "private_network_acl_id" {
 
 output "nat_gateway_ids" {
   description = "IDs of the NAT Gateways created"
-  value       = aws_nat_gateway.default.*.id
+  value       = aws_nat_gateway.default[*].id
 }
 
 output "nat_instance_ids" {
   description = "IDs of the NAT Instances created"
-  value       = aws_instance.nat_instance.*.id
+  value       = aws_instance.nat_instance[*].id
 }
 
 output "nat_instance_ami_id" {
@@ -80,7 +80,7 @@ output "nat_instance_ami_id" {
 
 output "nat_ips" {
   description = "Elastic IP Addresses in use by NAT"
-  value       = local.need_nat_eip_data ? var.nat_elastic_ips : aws_eip.default.*.public_ip
+  value       = local.need_nat_eip_data ? var.nat_elastic_ips : aws_eip.default[*].public_ip
 }
 
 output "nat_eip_allocation_ids" {
diff --git a/private.tf b/private.tf
index 0463da66..ef208fbf 100644
--- a/private.tf
+++ b/private.tf
@@ -87,7 +87,7 @@ resource "aws_network_acl" "private" {
   count = local.private_open_network_acl_enabled ? 1 : 0
 
   vpc_id     = local.vpc_id
-  subnet_ids = aws_subnet.private.*.id
+  subnet_ids = aws_subnet.private[*].id
 
   tags = module.private_label.tags
 }
diff --git a/public.tf b/public.tf
index a43ed8a7..b2b466ac 100644
--- a/public.tf
+++ b/public.tf
@@ -98,7 +98,7 @@ resource "aws_network_acl" "public" {
   count = local.public_open_network_acl_enabled ? 1 : 0
 
   vpc_id     = local.vpc_id
-  subnet_ids = aws_subnet.public.*.id
+  subnet_ids = aws_subnet.public[*].id
 
   tags = module.public_label.tags
 }