diff --git a/alb.tf b/alb.tf
index 7153bbc..172b0af 100644
--- a/alb.tf
+++ b/alb.tf
@@ -1,32 +1,32 @@
 resource "aws_alb_target_group" "main" {
   name     = "tf-${var.base_name}-ecs"
-  port     = "${var.alb_container_port}"
+  port     = var.alb_container_port
   protocol = "HTTP"
-  vpc_id   = "${aws_vpc.main.id}"
+  vpc_id   = aws_vpc.main.id
 
   health_check {
-    path = "${var.health_check_path}"
+    path = var.health_check_path
   }
 }
 
 resource "aws_alb" "main" {
   name            = "tf-${var.base_name}-alb-ecs"
-  subnets         = ["${aws_subnet.main.*.id}"]
-  security_groups = ["${aws_security_group.lb_sg.id}"]
+  subnets         = aws_subnet.main.*.id
+  security_groups = [aws_security_group.lb_sg.id]
 
-  depends_on = ["aws_internet_gateway.gw"]
+  depends_on = [aws_internet_gateway.gw]
 }
 
 resource "aws_alb_listener" "front_end" {
-  load_balancer_arn = "${aws_alb.main.id}"
+  load_balancer_arn = aws_alb.main.id
   port              = "443"
   protocol          = "HTTPS"
 
-  ssl_policy        = "ELBSecurityPolicy-2015-05"
-  certificate_arn   = "${aws_iam_server_certificate.elb_cert.arn}"
+  ssl_policy      = "ELBSecurityPolicy-2015-05"
+  certificate_arn = aws_iam_server_certificate.elb_cert.arn
 
   default_action {
-    target_group_arn = "${aws_alb_target_group.main.id}"
+    target_group_arn = aws_alb_target_group.main.id
     type             = "forward"
   }
 }
diff --git a/cert.tf b/cert.tf
index d957601..9924201 100644
--- a/cert.tf
+++ b/cert.tf
@@ -1,5 +1,5 @@
 provider "acme" {
-  server_url = "${var.acme_server_url}"
+  server_url = var.acme_server_url
 }
 
 resource "tls_private_key" "private_key" {
@@ -7,30 +7,30 @@ resource "tls_private_key" "private_key" {
 }
 
 resource "acme_registration" "reg" {
-  account_key_pem = "${tls_private_key.private_key.private_key_pem}"
-  email_address   = "${var.acme_email}"
+  account_key_pem = tls_private_key.private_key.private_key_pem
+  email_address   = var.acme_email
 }
 
 resource "acme_certificate" "certificate" {
-  account_key_pem           = "${acme_registration.reg.account_key_pem}"
+  account_key_pem           = acme_registration.reg.account_key_pem
   common_name               = "api.${var.domain}"
   subject_alternative_names = []
 
   dns_challenge {
     provider = "route53"
 
-    config {
-      AWS_ACCESS_KEY_ID     = "${var.aws_access_key}"
-      AWS_SECRET_ACCESS_KEY = "${var.aws_secret_key}"
-      AWS_DEFAULT_REGION    = "${var.aws_region}"
+    config = {
+      AWS_ACCESS_KEY_ID     = var.aws_access_key
+      AWS_SECRET_ACCESS_KEY = var.aws_secret_key
+      AWS_DEFAULT_REGION    = var.aws_region
     }
   }
 }
 
 resource "aws_iam_server_certificate" "elb_cert" {
-  name_prefix       = "tf-${var.base_name}-cert-"
-  certificate_body  = "${acme_certificate.certificate.certificate_pem}"
-  private_key       = "${acme_certificate.certificate.private_key_pem}"
+  name_prefix      = "tf-${var.base_name}-cert-"
+  certificate_body = acme_certificate.certificate.certificate_pem
+  private_key      = acme_certificate.certificate.private_key_pem
 
   lifecycle {
     create_before_destroy = true
diff --git a/compute.tf b/compute.tf
index f61a588..a46e521 100644
--- a/compute.tf
+++ b/compute.tf
@@ -1,21 +1,21 @@
 resource "aws_autoscaling_group" "app" {
   name                 = "tf-${var.base_name}-asg"
-  vpc_zone_identifier  = ["${aws_subnet.main.*.id}"]
-  min_size             = "${var.asg_min}"
-  max_size             = "${var.asg_max}"
-  desired_capacity     = "${var.asg_desired}"
-  launch_configuration = "${aws_launch_configuration.app.name}"
+  vpc_zone_identifier  = aws_subnet.main.*.id
+  min_size             = var.asg_min
+  max_size             = var.asg_max
+  desired_capacity     = var.asg_desired
+  launch_configuration = aws_launch_configuration.app.name
 }
 
 data "template_file" "cloud_config" {
-  template = "${file("${path.module}/cloud-config.yml")}"
+  template = file("${path.module}/cloud-config.yml")
 
-  vars {
-    aws_region         = "${var.aws_region}"
-    ecs_cluster_name   = "${aws_ecs_cluster.main.name}"
+  vars = {
+    aws_region         = var.aws_region
+    ecs_cluster_name   = aws_ecs_cluster.main.name
     ecs_log_level      = "info"
     ecs_agent_version  = "latest"
-    ecs_log_group_name = "${aws_cloudwatch_log_group.ecs.name}"
+    ecs_log_group_name = aws_cloudwatch_log_group.ecs.name
   }
 }
 
@@ -41,19 +41,19 @@ data "aws_ami" "stable_coreos" {
 }
 
 resource "aws_key_pair" "instance" {
-  public_key = "${var.ssh_public_key}"
+  public_key = var.ssh_public_key
 }
 
 resource "aws_launch_configuration" "app" {
   security_groups = [
-    "${aws_security_group.instance_sg.id}",
+    aws_security_group.instance_sg.id,
   ]
 
-  key_name                    = "${aws_key_pair.instance.key_name}"
-  image_id                    = "${data.aws_ami.stable_coreos.id}"
-  instance_type               = "${var.instance_type}"
-  iam_instance_profile        = "${aws_iam_instance_profile.app.name}"
-  user_data                   = "${data.template_file.cloud_config.rendered}"
+  key_name                    = aws_key_pair.instance.key_name
+  image_id                    = data.aws_ami.stable_coreos.id
+  instance_type               = var.instance_type
+  iam_instance_profile        = aws_iam_instance_profile.app.name
+  user_data                   = data.template_file.cloud_config.rendered
   associate_public_ip_address = true
 
   lifecycle {
diff --git a/db.tf b/db.tf
index 40baea7..9d7a81f 100644
--- a/db.tf
+++ b/db.tf
@@ -1,18 +1,18 @@
 resource "aws_db_subnet_group" "main" {
-  name        = "db_subnet"
-  subnet_ids  = ["${aws_subnet.main.*.id}"]
-  tags {
-      Name = "db_subnet"
+  name       = "db_subnet"
+  subnet_ids = aws_subnet.main.*.id
+  tags = {
+    Name = "db_subnet"
   }
 }
 
 resource "aws_db_parameter_group" "db_pg" {
-  name = "rds-pg"
-  family = "postgres10"
+  name        = "rds-pg"
+  family      = "postgres10"
   description = "Managed by Terraform"
 
   parameter {
-    name = "timezone"
+    name  = "timezone"
     value = "Asia/Tokyo"
   }
 }
@@ -22,15 +22,15 @@ resource "aws_db_instance" "db" {
   allocated_storage       = 5
   engine                  = "postgres"
   engine_version          = "10.4"
-  instance_class          = "${var.db_instance_type}"
+  instance_class          = var.db_instance_type
   storage_type            = "gp2"
-  username                = "${var.db_username}"
-  password                = "${var.db_password}"
+  username                = var.db_username
+  password                = var.db_password
   backup_retention_period = 7
   multi_az                = true
-  vpc_security_group_ids  = ["${aws_security_group.db.id}"]
-  db_subnet_group_name    = "${aws_db_subnet_group.main.name}"
-  parameter_group_name = "${aws_db_parameter_group.db_pg.name}"
-  skip_final_snapshot = true
+  vpc_security_group_ids  = [aws_security_group.db.id]
+  db_subnet_group_name    = aws_db_subnet_group.main.name
+  parameter_group_name    = aws_db_parameter_group.db_pg.name
+  skip_final_snapshot     = true
 }
 
diff --git a/ecs.tf b/ecs.tf
index b15c0da..d7263c8 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -3,45 +3,45 @@ resource "aws_ecs_cluster" "main" {
 }
 
 data "template_file" "task_definition" {
-  template = "${file("${path.module}/task-definition.json")}"
+  template = file("${path.module}/task-definition.json")
 
-  vars {
-    image_url        = "${var.ecs_image_url}"
-    container_name   = "sakuten_backend"
-    log_group_region = "${var.aws_region}"
-    log_group_name   = "${aws_cloudwatch_log_group.app.name}"
-    secret_key = "${var.secret_key}"
-    container_port = "${var.container_port}"
-    host_port = "${var.alb_container_port}"
-    recaptcha_secret_key = "${var.recaptcha_secret_key}"
-    database_url = "postgresql://${var.db_username}:${var.db_password}@${aws_db_instance.db.endpoint}/postgres"
-    /* timepoints = "${var.timepoints}" */
-    /* start_datetime = "${var.start_datetime}" */
-    /* end_datetime = "${var.end_datetime}" */
+  vars = {
+    image_url            = var.ecs_image_url
+    container_name       = "sakuten_backend"
+    log_group_region     = var.aws_region
+    log_group_name       = aws_cloudwatch_log_group.app.name
+    secret_key           = var.secret_key
+    container_port       = var.container_port
+    host_port            = var.alb_container_port
+    recaptcha_secret_key = var.recaptcha_secret_key
+    database_url         = "postgresql://${var.db_username}:${var.db_password}@${aws_db_instance.db.endpoint}/postgres"
   }
+  /* timepoints = "${var.timepoints}" */
+  /* start_datetime = "${var.start_datetime}" */
+  /* end_datetime = "${var.end_datetime}" */
 }
 
 resource "aws_ecs_task_definition" "backend" {
   family                = "tf_backend_td"
-  container_definitions = "${data.template_file.task_definition.rendered}"
+  container_definitions = data.template_file.task_definition.rendered
 }
 
 resource "aws_ecs_service" "main" {
   name            = "tf-${var.base_name}-ecs"
-  cluster         = "${aws_ecs_cluster.main.id}"
-  task_definition = "${aws_ecs_task_definition.backend.arn}"
+  cluster         = aws_ecs_cluster.main.id
+  task_definition = aws_ecs_task_definition.backend.arn
   desired_count   = 1
-  iam_role        = "${aws_iam_role.ecs_service.name}"
+  iam_role        = aws_iam_role.ecs_service.name
 
   load_balancer {
-    target_group_arn = "${aws_alb_target_group.main.id}"
+    target_group_arn = aws_alb_target_group.main.id
     container_name   = "sakuten_backend"
-    container_port   = "${var.container_port}"
+    container_port   = var.container_port
   }
 
   depends_on = [
-    "aws_iam_role_policy.ecs_service",
-    "aws_alb_listener.front_end",
+    aws_iam_role_policy.ecs_service,
+    aws_alb_listener.front_end,
   ]
 }
 
diff --git a/iam.tf b/iam.tf
index 15d6060..06eb6e1 100644
--- a/iam.tf
+++ b/iam.tf
@@ -16,11 +16,12 @@ resource "aws_iam_role" "ecs_service" {
   ]
 }
 EOF
+
 }
 
 resource "aws_iam_role_policy" "ecs_service" {
   name = "tf_ecs_policy"
-  role = "${aws_iam_role.ecs_service.name}"
+  role = aws_iam_role.ecs_service.name
 
   policy = <<EOF
 {
@@ -41,17 +42,18 @@ resource "aws_iam_role_policy" "ecs_service" {
   ]
 }
 EOF
+
 }
 
 resource "aws_iam_instance_profile" "app" {
-  name = "tf-${var.base_name}-ecs-instprofile"
-  role = "${aws_iam_role.app_instance.name}"
+name = "tf-${var.base_name}-ecs-instprofile"
+role = aws_iam_role.app_instance.name
 }
 
 resource "aws_iam_role" "app_instance" {
-  name = "tf-${var.base_name}-ecs-instance-role"
+name = "tf-${var.base_name}-ecs-instance-role"
 
-  assume_role_policy = <<EOF
+assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -66,27 +68,28 @@ resource "aws_iam_role" "app_instance" {
   ]
 }
 EOF
+
 }
 
 data "template_file" "instance_profile" {
-  template = "${file("${path.module}/instance-profile-policy.json")}"
+template = file("${path.module}/instance-profile-policy.json")
 
-  vars {
-    app_log_group_arn = "${aws_cloudwatch_log_group.app.arn}"
-    ecs_log_group_arn = "${aws_cloudwatch_log_group.ecs.arn}"
-  }
+vars = {
+app_log_group_arn = aws_cloudwatch_log_group.app.arn
+ecs_log_group_arn = aws_cloudwatch_log_group.ecs.arn
+}
 }
 
 resource "aws_iam_role_policy" "instance" {
-  name   = "TfEcsExampleInstanceRole"
-  role   = "${aws_iam_role.app_instance.name}"
-  policy = "${data.template_file.instance_profile.rendered}"
+name = "TfEcsExampleInstanceRole"
+role = aws_iam_role.app_instance.name
+policy = data.template_file.instance_profile.rendered
 }
 
 resource "aws_iam_role" "lambda_iam" {
-  name = "iam_for_lambda"
+name = "iam_for_lambda"
 
-  assume_role_policy = <<EOF
+assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -101,9 +104,11 @@ resource "aws_iam_role" "lambda_iam" {
   ]
 }
 EOF
+
 }
 
 resource "aws_iam_role_policy_attachment" "lamba_exec_role_eni" {
-  role = "${aws_iam_role.lambda_iam.name}"
+  role       = aws_iam_role.lambda_iam.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
 }
+
diff --git a/lambda_data_gen.tf b/lambda_data_gen.tf
index 41d9852..9009cd0 100644
--- a/lambda_data_gen.tf
+++ b/lambda_data_gen.tf
@@ -1,19 +1,19 @@
 resource "aws_cloudwatch_event_rule" "dbgen" {
   name                = "tf-${var.base_name}-dbgen-event"
-  schedule_expression = "${var.dbgen_schedule}"
+  schedule_expression = var.dbgen_schedule
 }
 
 resource "aws_cloudwatch_event_target" "dbgen_taget" {
-  rule      = "${aws_cloudwatch_event_rule.dbgen.name}"
-  arn       = "${aws_lambda_function.dbgen.arn}"
+  rule = aws_cloudwatch_event_rule.dbgen.name
+  arn  = aws_lambda_function.dbgen.arn
 }
 
 resource "aws_lambda_permission" "allow_call_dbgen" {
   statement_id  = "AllowExecutionFromCloudWatch"
   action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.dbgen.function_name}"
+  function_name = aws_lambda_function.dbgen.function_name
   principal     = "events.amazonaws.com"
-  source_arn    = "${aws_cloudwatch_event_rule.dbgen.arn}"
+  source_arn    = aws_cloudwatch_event_rule.dbgen.arn
 }
 
 resource "aws_s3_bucket" "bucket" {
@@ -22,19 +22,19 @@ resource "aws_s3_bucket" "bucket" {
 }
 
 resource "aws_lambda_function" "dbgen" {
-  s3_bucket        = "${aws_s3_bucket.bucket.id}"
+  s3_bucket        = aws_s3_bucket.bucket.id
   s3_key           = "dbgen_archive"
   function_name    = "generate_initial_db"
-  role             = "${aws_iam_role.lambda_iam.arn}"
+  role             = aws_iam_role.lambda_iam.arn
   handler          = "app.gen"
-  source_code_hash = "${base64sha256(file("${var.dbgen_archive_path}"))}"
+  source_code_hash = filebase64sha256(var.dbgen_archive_path)
   runtime          = "python3.6"
   memory_size      = 512
   timeout          = 120
 
   vpc_config {
-    subnet_ids = ["${aws_subnet.main.*.id}"]
-    security_group_ids = ["${aws_security_group.lambda_sg.id}"]
+    subnet_ids         = aws_subnet.main.*.id
+    security_group_ids = [aws_security_group.lambda_sg.id]
   }
 
   environment {
@@ -43,5 +43,9 @@ resource "aws_lambda_function" "dbgen" {
     }
   }
 
-  depends_on = ["aws_iam_role_policy_attachment.lamba_exec_role_eni", "aws_s3_bucket_object.dbgen_archive"]
+  depends_on = [
+    aws_iam_role_policy_attachment.lamba_exec_role_eni,
+    aws_s3_bucket_object.dbgen_archive,
+  ]
 }
+
diff --git a/lambda_drawer.tf b/lambda_drawer.tf
index 2854fb8..122b564 100644
--- a/lambda_drawer.tf
+++ b/lambda_drawer.tf
@@ -1,40 +1,41 @@
 resource "aws_cloudwatch_event_rule" "tp" {
   count               = 4
   name                = "tf-${var.base_name}-tp${count.index}-event"
-  schedule_expression = "${element(var.tps, count.index)}"
+  schedule_expression = element(var.tps, count.index)
 }
 
 resource "aws_cloudwatch_event_target" "tp_target" {
-  count     = 4
-  rule      = "${element(aws_cloudwatch_event_rule.tp.*.name, count.index)}"
-  arn       = "${aws_lambda_function.drawer.arn}"
+  count = 4
+  rule  = element(aws_cloudwatch_event_rule.tp.*.name, count.index)
+  arn   = aws_lambda_function.drawer.arn
 }
 
 resource "aws_lambda_permission" "allow_call_tp" {
   statement_id  = "AllowExecutionFromCloudWatch"
   action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.drawer.function_name}"
+  function_name = aws_lambda_function.drawer.function_name
   principal     = "events.amazonaws.com"
 }
 
 data "archive_file" "drawer_archive" {
   type        = "zip"
-  source_dir  = "${var.drawer_source_path}"
-  output_path = "${var.drawer_archive_path}"
+  source_dir  = var.drawer_source_path
+  output_path = var.drawer_archive_path
 }
 
 resource "aws_lambda_function" "drawer" {
-  filename         = "${var.drawer_archive_path}"
+  filename         = var.drawer_archive_path
   function_name    = "draw_lotteries"
-  role             = "${aws_iam_role.lambda_iam.arn}"
+  role             = aws_iam_role.lambda_iam.arn
   handler          = "draw.draw"
-  source_code_hash = "${data.archive_file.drawer_archive.output_base64sha256}"
+  source_code_hash = data.archive_file.drawer_archive.output_base64sha256
   runtime          = "python3.6"
   timeout          = 10
 
   environment {
     variables = {
-      ADMIN_SECRET_ID = "${var.admin_secret_id}"
+      ADMIN_SECRET_ID = var.admin_secret_id
     }
   }
 }
+
diff --git a/main.tf b/main.tf
index c8411a7..d7e73d9 100644
--- a/main.tf
+++ b/main.tf
@@ -1,5 +1,5 @@
-
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+}
 
 ## CloudWatch Logs
 
@@ -10,3 +10,4 @@ resource "aws_cloudwatch_log_group" "ecs" {
 resource "aws_cloudwatch_log_group" "app" {
   name = "tf-${var.base_name}-ecs-group/app-backend"
 }
+
diff --git a/outputs.tf b/outputs.tf
index 9b47996..978bb97 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,15 +1,16 @@
 output "instance_security_group" {
-  value = "${aws_security_group.instance_sg.id}"
+  value = aws_security_group.instance_sg.id
 }
 
 output "launch_configuration" {
-  value = "${aws_launch_configuration.app.id}"
+  value = aws_launch_configuration.app.id
 }
 
 output "asg_name" {
-  value = "${aws_autoscaling_group.app.id}"
+  value = aws_autoscaling_group.app.id
 }
 
 output "elb_hostname" {
-  value = "${aws_alb.main.dns_name}"
+  value = aws_alb.main.dns_name
 }
+
diff --git a/provider.tf b/provider.tf
index 390a283..9a33397 100644
--- a/provider.tf
+++ b/provider.tf
@@ -1,5 +1,6 @@
 provider "aws" {
-  region = "${var.aws_region}"
-  access_key = "${var.aws_access_key}"
-  secret_key = "${var.aws_secret_key}"
+  region     = var.aws_region
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
 }
+
diff --git a/route53.tf b/route53.tf
index 85e53af..27f673f 100644
--- a/route53.tf
+++ b/route53.tf
@@ -1,31 +1,32 @@
 resource "aws_route53_zone" "sakuten" {
-   name = "${var.domain}"
+  name = var.domain
 }
 
 resource "aws_route53_record" "root" {
-   zone_id = "${aws_route53_zone.sakuten.zone_id}"
-   name = "${var.domain}"
-   type = "A"
-   ttl = "300"
-   records = ["104.198.14.52"]  // Netlify's load balancer
+  zone_id = aws_route53_zone.sakuten.zone_id
+  name    = var.domain
+  type    = "A"
+  ttl     = "300"
+  records = ["104.198.14.52"] // Netlify's load balancer
 }
 
 resource "aws_route53_record" "www" {
-   zone_id = "${aws_route53_zone.sakuten.zone_id}"
-   name = "www.${var.domain}"
-   type = "CNAME"
-   ttl = "300"
-   records = ["${var.netlify_domain}"]
+  zone_id = aws_route53_zone.sakuten.zone_id
+  name    = "www.${var.domain}"
+  type    = "CNAME"
+  ttl     = "300"
+  records = [var.netlify_domain]
 }
 
 resource "aws_route53_record" "api" {
-   zone_id = "${aws_route53_zone.sakuten.zone_id}"
-   name = "api.${var.domain}"
-   type = "A"
+  zone_id = aws_route53_zone.sakuten.zone_id
+  name    = "api.${var.domain}"
+  type    = "A"
 
-   alias {
-     name                   = "${aws_alb.main.dns_name}"
-     zone_id                = "${aws_alb.main.zone_id}"
-     evaluate_target_health = true
-   }
+  alias {
+    name                   = aws_alb.main.dns_name
+    zone_id                = aws_alb.main.zone_id
+    evaluate_target_health = true
+  }
 }
+
diff --git a/s3.tf b/s3.tf
index ef92986..fe8aad8 100644
--- a/s3.tf
+++ b/s3.tf
@@ -1,7 +1,7 @@
 resource "aws_s3_bucket_object" "dbgen_archive" {
-  bucket = "${aws_s3_bucket.bucket.id}"
+  bucket = aws_s3_bucket.bucket.id
   key    = "dbgen_archive"
-  source = "${var.dbgen_archive_path}"
-  etag = "${md5(file("${var.dbgen_archive_path}"))}"
+  source = var.dbgen_archive_path
+  etag   = filemd5(var.dbgen_archive_path)
 }
 
diff --git a/security_group.tf b/security_group.tf
index 11ecd3a..351faee 100644
--- a/security_group.tf
+++ b/security_group.tf
@@ -1,7 +1,7 @@
 resource "aws_security_group" "lb_sg" {
   description = "controls access to the application ELB"
 
-  vpc_id = "${aws_vpc.main.id}"
+  vpc_id = aws_vpc.main.id
   name   = "tf-${var.base_name}-ecs-lbsg"
 
   ingress {
@@ -24,7 +24,7 @@ resource "aws_security_group" "lb_sg" {
 
 resource "aws_security_group" "instance_sg" {
   description = "controls direct access to application instances"
-  vpc_id      = "${aws_vpc.main.id}"
+  vpc_id      = aws_vpc.main.id
   name        = "tf-ecs-instsg"
 
   ingress {
@@ -33,7 +33,7 @@ resource "aws_security_group" "instance_sg" {
     to_port   = 22
 
     cidr_blocks = [
-      "${var.admin_cidr_ingress}",
+      var.admin_cidr_ingress,
     ]
   }
 
@@ -43,7 +43,7 @@ resource "aws_security_group" "instance_sg" {
     to_port   = 8080
 
     security_groups = [
-      "${aws_security_group.lb_sg.id}",
+      aws_security_group.lb_sg.id,
     ]
   }
 
@@ -58,9 +58,9 @@ resource "aws_security_group" "instance_sg" {
 resource "aws_security_group" "db" {
   name        = "db_server"
   description = "a security group on db of sakuten main vpc"
-  vpc_id      = "${aws_vpc.main.id}"
-  tags {
-      Name = "db"
+  vpc_id      = aws_vpc.main.id
+  tags = {
+    Name = "db"
   }
 
   ingress {
@@ -72,7 +72,7 @@ resource "aws_security_group" "db" {
 }
 
 resource "aws_security_group" "lambda_sg" {
-  vpc_id = "${aws_vpc.main.id}"
+  vpc_id = aws_vpc.main.id
   name   = "tf-${var.base_name}-lambda-sg"
 
   egress {
@@ -85,3 +85,4 @@ resource "aws_security_group" "lambda_sg" {
     ]
   }
 }
+
diff --git a/variables.tf b/variables.tf
index ad5ac89..50ca9d9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -12,18 +12,35 @@ variable "az_count" {
   default     = "2"
 }
 
-variable "aws_access_key" {}
-variable "aws_secret_key" {}
+variable "aws_access_key" {
+}
+
+variable "aws_secret_key" {
+}
+
+variable "secret_key" {
+}
+
+variable "recaptcha_secret_key" {
+}
+
+variable "db_username" {
+}
 
-variable "secret_key" {}
-variable "recaptcha_secret_key" {}
-variable "db_username" {}
-variable "db_password" {}
-variable "dbgen_schedule" {}
-variable "acme_email" {}
-variable "admin_secret_id" {}
+variable "db_password" {
+}
 
-variable "ssh_public_key" {}
+variable "dbgen_schedule" {
+}
+
+variable "acme_email" {
+}
+
+variable "admin_secret_id" {
+}
+
+variable "ssh_public_key" {
+}
 
 variable "ecs_image_url" {
   default = "sakuten/backend:latest"
@@ -62,11 +79,11 @@ variable "admin_cidr_ingress" {
 }
 
 variable "container_port" {
-  default     = "80"
+  default = "80"
 }
 
 variable "alb_container_port" {
-  default     = "8080"
+  default = "8080"
 }
 
 variable "domain" {
@@ -113,3 +130,4 @@ variable "tps" {
     "cron(23 5 16,17 9 ? 2018)",
   ]
 }
+
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/vpc.tf b/vpc.tf
index 91e71fe..ac0fffd 100644
--- a/vpc.tf
+++ b/vpc.tf
@@ -3,28 +3,28 @@ resource "aws_vpc" "main" {
 }
 
 resource "aws_subnet" "main" {
-  count             = "${var.az_count}"
-  cidr_block        = "${cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)}"
-  availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
-  vpc_id            = "${aws_vpc.main.id}"
+  count             = var.az_count
+  cidr_block        = cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)
+  availability_zone = data.aws_availability_zones.available.names[count.index]
+  vpc_id            = aws_vpc.main.id
 }
 
 resource "aws_internet_gateway" "gw" {
-  vpc_id = "${aws_vpc.main.id}"
+  vpc_id = aws_vpc.main.id
 }
 
 resource "aws_route_table" "r" {
-  vpc_id = "${aws_vpc.main.id}"
+  vpc_id = aws_vpc.main.id
 
   route {
     cidr_block = "0.0.0.0/0"
-    gateway_id = "${aws_internet_gateway.gw.id}"
+    gateway_id = aws_internet_gateway.gw.id
   }
 }
 
 resource "aws_route_table_association" "a" {
-  count          = "${var.az_count}"
-  subnet_id      = "${element(aws_subnet.main.*.id, count.index)}"
-  route_table_id = "${aws_route_table.r.id}"
+  count          = var.az_count
+  subnet_id      = element(aws_subnet.main.*.id, count.index)
+  route_table_id = aws_route_table.r.id
 }