diff --git a/.github/workflows/testsuite-master.yaml b/.github/workflows/testsuite-master.yaml
index dbdb345..ba53cea 100644
--- a/.github/workflows/testsuite-master.yaml
+++ b/.github/workflows/testsuite-master.yaml
@@ -9,11 +9,11 @@ jobs:
   tflint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: setup Terraform
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v2.0.0
         with:
-          terraform_version: 0.15.5
+          terraform_version: 1.1.7
       - name: Terraform init
         run: terraform init --backend=false
       - name: tflint
@@ -27,11 +27,11 @@ jobs:
   tfsec:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: setup Terraform
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v2.0.0
         with:
-          terraform_version: 0.15.5
+          terraform_version: 1.1.7
       - name: Terraform init
         run: terraform init --backend=false
       - name: tfsec
@@ -44,21 +44,21 @@ jobs:
   misspell:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: misspell
-        uses: reviewdog/action-misspell@v1
+        uses: reviewdog/action-misspell@v1.12.0
         with:
           github_token: ${{ secrets.ACTIONS_TOKEN }}
-          locale: "US"
+          locale: "UK"
           reporter: github-check
           filter_mode: added
           level: error
   yamllint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: yamllint
-        uses: reviewdog/action-yamllint@v1.2.0
+        uses: reviewdog/action-yamllint@v1.6.0
         with:
           github_token: ${{ secrets.ACTIONS_TOKEN }}
           reporter: github-check
diff --git a/.github/workflows/testsuite.yaml b/.github/workflows/testsuite.yaml
index dd1a909..7a42940 100644
--- a/.github/workflows/testsuite.yaml
+++ b/.github/workflows/testsuite.yaml
@@ -7,7 +7,7 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: Set up Python
         uses: actions/setup-python@v2.2.2
       - name: Install prerequisites
@@ -24,7 +24,7 @@ jobs:
             no-commit-to-branch,
             terraform_tflint_nocreds,
             terraform_tfsec
-      - uses: stefanzweifel/git-auto-commit-action@v4.11.0
+      - uses: stefanzweifel/git-auto-commit-action@v4.14.1
         if: ${{ failure() }}
         with:
           commit_message: Apply automatic changes
@@ -36,11 +36,11 @@ jobs:
   tflint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: setup Terraform
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v2.0.0
         with:
-          terraform_version: 0.15.5
+          terraform_version: 1.1.7
       - name: Terraform init
         run: terraform init --backend=false
       - name: tflint
@@ -54,11 +54,11 @@ jobs:
   tfsec:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: setup Terraform
-        uses: hashicorp/setup-terraform@v1.3.2
+        uses: hashicorp/setup-terraform@v2.0.0
         with:
-          terraform_version: 0.15.5
+          terraform_version: 1.1.7
       - name: Terraform init
         run: terraform init --backend=false
       - name: tfsec
@@ -71,21 +71,21 @@ jobs:
   misspell:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: misspell
-        uses: reviewdog/action-misspell@v1
+        uses: reviewdog/action-misspell@v1.12.0
         with:
           github_token: ${{ secrets.ACTIONS_TOKEN }}
-          locale: "US"
+          locale: "UK"
           reporter: github-pr-check
           filter_mode: added
           level: error
   yamllint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.0.2
       - name: yamllint
-        uses: reviewdog/action-yamllint@v1.2.0
+        uses: reviewdog/action-yamllint@v1.6.0
         with:
           github_token: ${{ secrets.ACTIONS_TOKEN }}
           reporter: github-pr-check
diff --git a/.gitignore b/.gitignore
index fa0ed18..c240c4e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ modules/codebuild/codebuild_files/php.ini
 # *.tfstate
 # *.tfstate.*
 .terraform.lock.hcl
+
 plan.plan
 # Crash log files
 crash.log
@@ -35,3 +36,4 @@ override.tf.json
 # example: *tfplan*
 
 .idea
+.vscode
diff --git a/.header.md b/.header.md
index f3f5bb2..a8de632 100644
--- a/.header.md
+++ b/.header.md
@@ -47,11 +47,11 @@ As such you should include the following in your provider configuration:
 
 ```
 terraform {
-  required_version = "> 0.15.1"
+  required_version = "> 1.0"
   required_providers {
     aws = {
       source                = "hashicorp/aws"
-      version               = "~> 3.0"
+      version               = "~> 4.0"
       configuration_aliases = [aws.ue1]
     }
   }
@@ -66,6 +66,9 @@ provider "aws" {
 
 The `ue1` alias is essential for this module to work correctly.
 
+## Severless Static Wordpress V2 Upgrade Guide
+See [UPGRADING](docs/UPGRADING.md) for Version 2 upgrade guidance, including for Version 4 of the AWS Terraform Provider.
+
 ## Module instantiation example
 
 ```
@@ -206,6 +209,28 @@ in your module definition.
 Gentle reminder that no backup options are currently bundled with this module - the most effective means would be to
 generate and retain a backup from within Wordpress for maximum flexibility. We recommend the UpdraftPlus plugin.
 
+## Permanent Redirects
+
+Basic url path based permanent redirects are supported via the CloudFront function. The variable `cloudfront_function_301_redirects` can be set with a custom map of match to destination mappings.
+
+Some aspects that need to be taken into consideration for the match:
+
+* It's a regular expression
+* Group replacements are supported
+* Runs in a Javascript function, escaping needs to be taken into consideration
+* Passed through a TF var, so escaping that needs to be taking into account as well
+
+An example to match a path like `/category-name`, a suitable match would be `"^\\/(category-name)$"`. Breaking down the `\\/` part, the first `\` tells TF to escape the second `\`, which is the Regex escape for the `/` character.
+
+An example:
+
+```
+cloudfront_function_301_redirects = {
+  # Redirects /travel to /category/travel/
+  "^\\/(travel)$": "/category/$1/",
+}
+```
+
 ## Troubleshooting
 
 If you experience issues with the publish element of WP2Static, you can retry. It can be more reliable to proceed to
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index affc785..4b84e9d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -33,7 +33,7 @@ repos:
         args: ["--output-file", "README.md", "markdown", "modules/waf"]
         pass_filenames: false
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.31.0
+    rev: v1.64.0
     hooks:
       - id: terraform_fmt
       - id: terraform_tflint
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69d0c09..ba97e98 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,16 +1,35 @@
 # Changelog
 
+## 0.2.0 - UNRELEASED
+
+! BREAKING CHANGES ! - See [UPGRADING.md](docs/UPGRADING.md) for guidance on upgrading from v0.1.x
+
+ ### **Maintenance**:
+
+ - Module upgraded to AWS Terraform v4. Existing installations will need Terraform state moved for forwards
+compatibility.
+
+### **New Features**
+- Added support for Graviton-based CodeBuild if supported in deployment region. Will gracefully fallback to
+non-Graviton if not supported.
+- Added support for Graviton-based ECS Fargate if supported in deployment region. Will fallback to non-Graviton
+if not supported, however source docker image used for ECS container MUST be AMD64/ARM64 architecture respectively.
+Note FARGATE_SPOT is not supported for Graviton-based ECS at this time.
+- Added healthCheeck block to ECS Task Definition.
+- Added EventBridge monitoring for ECS Service Action events (which captures placement failures when using FARGATE_SPOT
+ capacity provider)
+
 ## 0.1.2 - 23rd June 2021
 
-Bugfix: Changed special characters used in RDS password generation to ensure compatibility.
-Docs: Updated to fix typos in helper commands, and detailed supported RDS Aurora v1 regions.
+- **Bugfix**: Changed special characters used in RDS password generation to ensure compatibility.
+- **Docs**: Updated to fix typos in helper commands, and detailed supported RDS Aurora v1 regions.
 
 ## 0.1.1 - 19th June 2021
 
-Bugfix: Refactor md5 calculation on archive_file in codebuild child module.
-Bugfix: Re-typed AWS account number as string to avoid rounding on account numbers prepended with zeros.
-Bugfix: Fix passed WAF variable values if set to inactive.
+- **Bugfix**: Refactor md5 calculation on archive_file in codebuild child module.
+- **Bugfix**: Re-typed AWS account number as string to avoid rounding on account numbers prepended with zeros.
+-- **Bugfix**: Fix passed WAF variable values if set to inactive.
 
 ## 0.1.0 - 19th June 2021
 
-Initial release of Serverless Static Wordpress Terraform module.
+- Initial release of Serverless Static Wordpress Terraform module.
diff --git a/README.md b/README.md
index b60f4c5..beae3d8 100644
--- a/README.md
+++ b/README.md
@@ -48,11 +48,11 @@ As such you should include the following in your provider configuration:
 
 ```
 terraform {
-  required_version = "> 0.15.1"
+  required_version = "> 1.0"
   required_providers {
     aws = {
       source                = "hashicorp/aws"
-      version               = "~> 3.0"
+      version               = "~> 4.0"
       configuration_aliases = [aws.ue1]
     }
   }
@@ -67,6 +67,9 @@ provider "aws" {
 
 The `ue1` alias is essential for this module to work correctly.
 
+## Severless Static Wordpress V2 Upgrade Guide
+See [UPGRADING](docs/UPGRADING.md) for Version 2 upgrade guidance, including for Version 4 of the AWS Terraform Provider.
+
 ## Module instantiation example
 
 ```
@@ -227,8 +230,11 @@ For any issues relating to this module, [raise an issue against this repo.](http
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS account ID into which resources will be launched. | `string` | n/a | yes |
 | <a name="input_cloudfront_aliases"></a> [cloudfront\_aliases](#input\_cloudfront\_aliases) | The domain and sub-domain aliases to use for the cloudfront distribution. | `list(any)` | `[]` | no |
 | <a name="input_cloudfront_class"></a> [cloudfront\_class](#input\_cloudfront\_class) | The [price class](https://aws.amazon.com/cloudfront/pricing/) for the distribution. One of: PriceClass\_All, PriceClass\_200, PriceClass\_100 | `string` | `"PriceClass_All"` | no |
+| <a name="input_cloudfront_function_301_redirects"></a> [cloudfront\_function\_301\_redirects](#input\_cloudfront\_function\_301\_redirects) | A list of key value pairs of Regex match and destination for 301 redirects at CloudFront. | `map(any)` | <pre>{<br>  "^(.*)index\\.php$": "$1"<br>}</pre> | no |
 | <a name="input_ecs_cpu"></a> [ecs\_cpu](#input\_ecs\_cpu) | The CPU limit password to the Wordpress container definition. | `number` | `256` | no |
 | <a name="input_ecs_memory"></a> [ecs\_memory](#input\_ecs\_memory) | The memory limit password to the Wordpress container definition. | `number` | `512` | no |
+| <a name="input_graviton_codebuild_enabled"></a> [graviton\_codebuild\_enabled](#input\_graviton\_codebuild\_enabled) | Flag that controls whether CodeBuild should use Graviton-based build agents in [supported regions](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html). | `bool` | `false` | no |
+| <a name="input_graviton_fargate_enabled"></a> [graviton\_fargate\_enabled](#input\_graviton\_fargate\_enabled) | Flag that controls whether ECS Fargate should use Graviton-based containers in [supported regions]https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate-Regions.html). | `bool` | `false` | no |
 | <a name="input_hosted_zone_id"></a> [hosted\_zone\_id](#input\_hosted\_zone\_id) | The Route53 HostedZone ID to use to create records in. | `string` | n/a | yes |
 | <a name="input_launch"></a> [launch](#input\_launch) | The number of tasks to launch of the Wordpress container. Used as a toggle to start/stop your Wordpress management session. | `number` | `"0"` | no |
 | <a name="input_main_vpc_id"></a> [main\_vpc\_id](#input\_main\_vpc\_id) | The VPC ID into which to launch resources. | `string` | n/a | yes |
@@ -244,6 +250,7 @@ For any issues relating to this module, [raise an issue against this repo.](http
 | <a name="input_wordpress_admin_email"></a> [wordpress\_admin\_email](#input\_wordpress\_admin\_email) | The email address of the default wordpress admin user. | `string` | `"admin@example.com"` | no |
 | <a name="input_wordpress_admin_password"></a> [wordpress\_admin\_password](#input\_wordpress\_admin\_password) | The password of the default wordpress admin user. | `string` | `"techtospeech.com"` | no |
 | <a name="input_wordpress_admin_user"></a> [wordpress\_admin\_user](#input\_wordpress\_admin\_user) | The username of the default wordpress admin user. | `string` | `"supervisor"` | no |
+| <a name="input_wordpress_memory_limit"></a> [wordpress\_memory\_limit](#input\_wordpress\_memory\_limit) | The memory to allow the Wordpress process to use (in M) | `string` | `"256M"` | no |
 | <a name="input_wordpress_subdomain"></a> [wordpress\_subdomain](#input\_wordpress\_subdomain) | The subdomain used for the Wordpress container. | `string` | `"wordpress"` | no |
 ## Modules
 
@@ -265,8 +272,8 @@ For any issues relating to this module, [raise an issue against this repo.](http
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.1.0 |
 ## Resources
 
@@ -279,6 +286,7 @@ For any issues relating to this module, [raise an issue against this repo.](http
 | [aws_db_subnet_group.main_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
 | [aws_ecr_repository.serverless_wordpress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource |
 | [aws_ecs_cluster.wordpress_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
+| [aws_ecs_cluster_capacity_providers.wordpress_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster_capacity_providers) | resource |
 | [aws_ecs_service.wordpress_service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
 | [aws_ecs_task_definition.wordpress_container](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
 | [aws_efs_access_point.wordpress_efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | resource |
@@ -307,4 +315,5 @@ For any issues relating to this module, [raise an issue against this repo.](http
 | [random_password.serverless_wordpress_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [aws_iam_policy_document.ecs_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.wordpress_bucket_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 <!-- END_TF_DOCS -->
diff --git a/docs/UPGRADING.md b/docs/UPGRADING.md
new file mode 100644
index 0000000..70d5e2f
--- /dev/null
+++ b/docs/UPGRADING.md
@@ -0,0 +1,36 @@
+## Upgrading from 0.1.x to 0.2.x
+
+Version 0.2 of Serverless Static Wordpress makes numerous updates to the resources used to deploy the solution, as well
+as expanding functionality with additional options.
+
+Where possible, this has been done in a way to be as backwards compatible as reasonably possible - however there are a
+variety of quirks of Terraform behaviour that can mean that this is imperfect, and may require a manual tweak either to
+the configuration in AWS, or to the Terraform state backing the resources.
+
+### Upgrading to Version 4 of the Terraform AWS Provider
+Version 4 of the AWS Provider introduced a few breaking changes to the way ECS and S3 resources are defined. Attributes
+that would normally be specified as part of the single resource definition have now been split out into their own
+resources. To cope with this, we have created these resources, and _existing_ resources can be handled with some
+terraform state operations. To date, these are documented as follows.
+
+NOTE, in these examples, the example `site_name` is `peterdotcloud` and the resources are named accordingly. You will
+need to substitute these values with the value used for your own deployment
+
+```
+terraform import module.peterdotcloud_website.aws_ecs_cluster_capacity_providers.wordpress_cluster peterdotcloud_wordpress
+terraform state rm module.peterdotcloud_website.module.codebuild.aws_s3_bucket_object.wordpress_dockerbuild
+terraform import module.peterdotcloud_website.module.codebuild.aws_s3_object.wordpress_dockerbuild peterdotcloud-build/wordpress_docker.zip
+terraform import module.peterdotcloud_website.module.cloudfront.aws_s3_bucket_server_side_encryption_configuration.wordpress_bucket www.peter.cloud
+terraform import module.peterdotcloud_website.module.codebuild.aws_s3_bucket_acl.code_source peterdotcloud-build
+terraform import module.peterdotcloud_website.module.codebuild.aws_s3_bucket_server_side_encryption_configuration.code_source peterdotcloud-build
+```
+### Graviton
+
+With support for ARM in CodeBuild, and in ECS in regions where it is supported (strictly better for cost/performance),
+the module will need to recreate your task definition and ECS service. This is nothing to be concerned with however you
+ **must** ensure your base image of Wordpress is an arm64 platform version (and preferably linux/arm64/v8) otherwise
+ your Wordpress container will error out with `exec user process caused: exec format error` which indicates your image
+ is of the mismatched architecture.
+
+ Note that when using Graviton-based containers for ECS, FARGATE_SPOT is not currently available (bear this in mind for
+ cost).
diff --git a/ecs.tf b/ecs.tf
index 21dd3f1..13a65e3 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -1,3 +1,5 @@
+data "aws_region" "current" {}
+
 resource "aws_efs_file_system" "wordpress_persistent" {
   encrypted = true
   lifecycle_policy {
@@ -121,8 +123,14 @@ resource "aws_ecs_task_definition" "wordpress_container" {
     wordpress_admin_password = var.wordpress_admin_password
     wordpress_admin_email    = var.wordpress_admin_email
     site_name                = var.site_name
+    wordpress_memory_limit   = var.wordpress_memory_limit
   })
 
+  runtime_platform {
+    operating_system_family = "LINUX"
+    cpu_architecture        = var.graviton_fargate_enabled ? (contains(local.graviton_fargate_regions_unsupported, data.aws_region.current) ? "X86_64" : "ARM64") : "X86_64"
+  }
+
   cpu                      = var.ecs_cpu
   memory                   = var.ecs_memory
   requires_compatibilities = ["FARGATE"]
@@ -218,7 +226,7 @@ resource "aws_ecs_service" "wordpress_service" {
   desired_count   = var.launch
   # iam_role =
   capacity_provider_strategy {
-    capacity_provider = "FARGATE_SPOT"
+    capacity_provider = var.graviton_fargate_enabled ? (contains(local.graviton_fargate_regions_unsupported, data.aws_region.current) ? "FARGATE_SPOT" : "FARGATE") : "FARGATE_SPOT"
     weight            = "100"
     base              = "1"
   }
@@ -236,10 +244,14 @@ resource "aws_ecs_service" "wordpress_service" {
 # TODO: Add option to enable container insights
 #tfsec:ignore:AWS090
 resource "aws_ecs_cluster" "wordpress_cluster" {
-  name               = "${var.site_name}_wordpress"
-  capacity_providers = ["FARGATE_SPOT"]
+  name = "${var.site_name}_wordpress"
+}
+
+resource "aws_ecs_cluster_capacity_providers" "wordpress_cluster" {
+  cluster_name       = aws_ecs_cluster.wordpress_cluster.name
+  capacity_providers = [var.graviton_fargate_enabled ? (contains(local.graviton_fargate_regions_unsupported, data.aws_region.current) ? "FARGATE_SPOT" : "FARGATE") : "FARGATE_SPOT"]
   default_capacity_provider_strategy {
-    capacity_provider = "FARGATE_SPOT"
+    capacity_provider = var.graviton_fargate_enabled ? (contains(local.graviton_fargate_regions_unsupported, data.aws_region.current) ? "FARGATE_SPOT" : "FARGATE") : "FARGATE_SPOT"
     weight            = "100"
     base              = "1"
   }
diff --git a/main.tf b/main.tf
index 7fd9575..be2e09b 100644
--- a/main.tf
+++ b/main.tf
@@ -7,14 +7,17 @@ module "lambda_slack" {
 }
 
 module "codebuild" {
-  source                   = "./modules/codebuild"
-  site_name                = var.site_name
-  site_domain              = var.site_domain
-  codebuild_bucket         = "${var.site_name}-build"
-  main_vpc_id              = var.main_vpc_id
-  wordpress_ecr_repository = aws_ecr_repository.serverless_wordpress.name
-  aws_account_id           = var.aws_account_id
-  container_memory         = var.ecs_memory
+  source                     = "./modules/codebuild"
+  graviton_codebuild_enabled = var.graviton_codebuild_enabled
+  site_name                  = var.site_name
+  site_domain                = var.site_domain
+  codebuild_bucket           = "${var.site_name}-build"
+  main_vpc_id                = var.main_vpc_id
+  wordpress_ecr_repository   = aws_ecr_repository.serverless_wordpress.name
+  aws_account_id             = var.aws_account_id
+  container_memory           = var.ecs_memory
+  wp2static_version          = var.wp2static_version
+  wp2static_s3_addon_version = var.wp2static_s3_addon_version
 }
 
 module "cloudfront" {
@@ -28,8 +31,10 @@ module "cloudfront" {
   }
   depends_on = [aws_acm_certificate_validation.wordpress_site,
   module.waf]
-  cloudfront_class = var.cloudfront_class
-  waf_acl_arn      = var.waf_enabled ? module.waf[0].waf_acl_arn : null
+  
+  cloudfront_class                  = var.cloudfront_class
+  waf_acl_arn                       = var.waf_enabled ? module.waf[0].waf_acl_arn : null
+  cloudfront_function_301_redirects = var.cloudfront_function_301_redirects
 }
 
 module "waf" {
diff --git a/modules/cloudfront/README.md b/modules/cloudfront/README.md
index f28b636..0b8ae16 100644
--- a/modules/cloudfront/README.md
+++ b/modules/cloudfront/README.md
@@ -9,6 +9,7 @@ This module sets up the CloudFront distribution that fronts the static wordpress
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloudfront_aliases"></a> [cloudfront\_aliases](#input\_cloudfront\_aliases) | The domain and sub-domain aliases to use for the cloudfront distribution. | `list(any)` | `[]` | no |
 | <a name="input_cloudfront_class"></a> [cloudfront\_class](#input\_cloudfront\_class) | The [price class](https://aws.amazon.com/cloudfront/pricing/) for the distribution. One of: PriceClass\_All, PriceClass\_200, PriceClass\_100 | `string` | `"PriceClass_All"` | no |
+| <a name="input_cloudfront_function_301_redirects"></a> [cloudfront\_function\_301\_redirects](#input\_cloudfront\_function\_301\_redirects) | A list of key value pairs of Regex match and destination for 301 redirects at CloudFront. | `map(any)` | <pre>{<br>  "^(.*)index\\.php$": "$1"<br>}</pre> | no |
 | <a name="input_cloudfront_ssl"></a> [cloudfront\_ssl](#input\_cloudfront\_ssl) | The ARN of the ACM certificate used for the CloudFront domain. | `string` | n/a | yes |
 | <a name="input_site_domain"></a> [site\_domain](#input\_site\_domain) | The site domain name to configure (without any subdomains such as 'www') | `string` | n/a | yes |
 | <a name="input_site_name"></a> [site\_name](#input\_site\_name) | The unique name for this instance of the module. Required to deploy multiple wordpress instances to the same AWS account (if desired). | `string` | n/a | yes |
@@ -33,18 +34,11 @@ No requirements.
 | Name | Type |
 |------|------|
 | [aws_cloudfront_distribution.wordpress_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
+| [aws_cloudfront_function.object_rewrite](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
 | [aws_cloudfront_origin_access_identity.wordpress_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource |
-| [aws_cloudwatch_log_group.object_redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_cloudwatch_log_group.object_redirect_ue1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_cloudwatch_log_group.object_redirect_ue1_local](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_iam_role.lambda-edge](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.lambda-edge-cloudwatch-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy_attachment.basic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_lambda_function.object_redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
+| [aws_cloudwatch_log_group.object_rewrite](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_s3_bucket.wordpress_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_policy.wordpress_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_public_access_block.wordpress_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
-| [archive_file.index_html](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
-| [aws_iam_policy_document.lambda-edge-cloudwatch-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.lambda-edge-service-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_s3_bucket_server_side_encryption_configuration.wordpress_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
 <!-- END_TF_DOCS -->
diff --git a/modules/cloudfront/distribution.tf b/modules/cloudfront/distribution.tf
index 9e79890..4296f26 100644
--- a/modules/cloudfront/distribution.tf
+++ b/modules/cloudfront/distribution.tf
@@ -1,14 +1,16 @@
 # TODO: Add optional logging for S3 bucket
 # TODO: Add optional versioning for S3 bucket
-#tfsec:ignore:AWS002 #tfsec:ignore:AWS077
+#tfsec:ignore:AWS002 #tfsec:ignore:AWS017 #tfsec:ignore:AWS077
 resource "aws_s3_bucket" "wordpress_bucket" {
   bucket        = "${var.site_prefix}.${var.site_domain}"
   force_destroy = true
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "wordpress_bucket" {
+  bucket = aws_s3_bucket.wordpress_bucket.bucket
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
     }
   }
 }
@@ -59,9 +61,9 @@ resource "aws_cloudfront_distribution" "wordpress_distribution" {
       }
     }
 
-    lambda_function_association {
-      event_type = "origin-request"
-      lambda_arn = "${aws_lambda_function.object_redirect.arn}:${aws_lambda_function.object_redirect.version}"
+    function_association {
+      event_type   = "viewer-request"
+      function_arn = aws_cloudfront_function.object_rewrite.arn
     }
 
     viewer_protocol_policy = "redirect-to-https"
diff --git a/modules/cloudfront/function_rewrite/index.js.tftpl b/modules/cloudfront/function_rewrite/index.js.tftpl
new file mode 100644
index 0000000..a379415
--- /dev/null
+++ b/modules/cloudfront/function_rewrite/index.js.tftpl
@@ -0,0 +1,34 @@
+function handler(event) {
+    var request = event.request;
+    var uri = request.uri;
+
+    try {
+        %{ for match, target in REDIRECTS }
+        if (/${match}/.test(uri)) {
+            return permanentRedirect(uri, /${match}/, '${target}');
+        }
+        %{ endfor ~}
+
+        // Check whether the URI is missing a file name.
+        if (uri.endsWith('/')) {
+            request.uri += 'index.html';
+            return request;
+        }
+    }
+    catch (e) {
+        // console.error is not supported
+        console.log(e);
+    }
+
+    return request;
+}
+
+function permanentRedirect(uri, match, target) {
+    return {
+        statusCode: 301,
+        statusDescription: 'Moved Permanently',
+        headers: {
+            'location': { value: uri.replace(match, target) }
+        }
+    };
+}
diff --git a/modules/cloudfront/lambda_redirect/index_html/index.js b/modules/cloudfront/lambda_redirect/index_html/index.js
deleted file mode 100644
index 44b6d6a..0000000
--- a/modules/cloudfront/lambda_redirect/index_html/index.js
+++ /dev/null
@@ -1,30 +0,0 @@
-// Add index.html to any request URLs that end in /
-// This allows "friendly" URLs in static websites, e.g.
-// /about-us/ is converted to /about-us/index.html
-
-// https://aws.amazon.com/blogs/compute/implementing-default-directory-indexes-in-amazon-s3-backed-amazon-cloudfront-origins-using-lambdaedge/
-
-'use strict';
-exports.handler = (event, context, callback) => {
-	// Extract the request from the CloudFront event that is sent to Lambda@Edge
-	var request = event.Records[0].cf.request;
-
-	// Extract the URI from the request
-	var olduri = request.uri;
-
-	// Match any '/' that occurs at the end of a URI. Replace it with a default index
-	// Match also any calls to 'index.php' which Wordpress would ordinarily look for
-
-	var newuri = olduri.replace(/\/$/, '\/index.html');
-	newuri = newuri.replace(/\/index.php$/, '\/index.html');
-
-	// For debugging: Log the URI as received by CloudFront and the new URI to be used to fetch from origin
-	// console.log("Old URI: " + olduri);
-	// console.log("New URI: " + newuri);
-
-	// Replace the received URI with the URI that includes the index page
-	request.uri = newuri;
-
-	// Return to CloudFront
-	return callback(null, request);
-};
diff --git a/modules/cloudfront/main.tf b/modules/cloudfront/main.tf
index 7659151..35a401a 100644
--- a/modules/cloudfront/main.tf
+++ b/modules/cloudfront/main.tf
@@ -1,76 +1,24 @@
-data "archive_file" "index_html" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda_redirect/index_html"
-  output_path = "${path.module}/lambda_redirect/dst/index_html.zip"
-}
-
-#tfsec:ignore:AWS089
-resource "aws_cloudwatch_log_group" "object_redirect" {
-  name              = "/aws/lambda/${var.site_name}_redirect_index_html"
-  retention_in_days = 7
-}
-
-#tfsec:ignore:AWS089
-resource "aws_cloudwatch_log_group" "object_redirect_ue1_local" {
-  name              = "/aws/lambda/us-east-1.${var.site_name}_redirect_index_html"
-  retention_in_days = 7
-}
-
-# TODO: A solution to create/manage default log groups in all Edge Cache Regions
 #tfsec:ignore:AWS089
-resource "aws_cloudwatch_log_group" "object_redirect_ue1" {
-  name              = "/aws/lambda/us-east-1.${var.site_name}_redirect_index_html"
+resource "aws_cloudwatch_log_group" "object_rewrite" {
+  name              = "/aws/cloudfront/function/${var.site_name}_rewrite"
   retention_in_days = 7
-  provider          = aws.ue1
+  # CloudFront Functions always creates log streams in us-east-1, no matter which edge location ran the function.
+  # The purpose of this resource is to set the retention days.
+  provider = aws.ue1
 }
 
-resource "aws_lambda_function" "object_redirect" {
-  provider         = aws.ue1
-  filename         = data.archive_file.index_html.output_path
-  function_name    = "${var.site_name}_redirect_index_html"
-  role             = aws_iam_role.lambda-edge.arn
-  handler          = "index.handler"
-  source_code_hash = data.archive_file.index_html.output_base64sha256
-  runtime          = "nodejs12.x"
-  publish          = true
-  memory_size      = 128
-  timeout          = 3
+resource "aws_cloudfront_function" "object_rewrite" {
   depends_on = [
-    aws_cloudwatch_log_group.object_redirect,
-    aws_cloudwatch_log_group.object_redirect_ue1,
-    aws_cloudwatch_log_group.object_redirect_ue1_local
+    aws_cloudwatch_log_group.object_rewrite
   ]
-}
 
-data "aws_iam_policy_document" "lambda-edge-service-role" {
-  statement {
-    actions = ["sts:AssumeRole"]
-    principals {
-      type        = "Service"
-      identifiers = ["edgelambda.amazonaws.com", "lambda.amazonaws.com"]
+  name    = "${var.site_name}_rewrite"
+  runtime = "cloudfront-js-1.0"
+  publish = true
+  code = templatefile(
+    "${path.module}/function_rewrite/index.js.tftpl",
+    {
+      REDIRECTS = var.cloudfront_function_301_redirects
     }
-  }
-}
-
-resource "aws_iam_role" "lambda-edge" {
-  name               = "${var.site_name}-lambda-edge-service-role"
-  assume_role_policy = data.aws_iam_policy_document.lambda-edge-service-role.json
-}
-
-resource "aws_iam_role_policy_attachment" "basic" {
-  role       = aws_iam_role.lambda-edge.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-}
-
-data "aws_iam_policy_document" "lambda-edge-cloudwatch-logs" {
-  statement {
-    actions   = ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"]
-    resources = ["arn:aws:logs:*:*:*"]
-  }
-}
-
-resource "aws_iam_role_policy" "lambda-edge-cloudwatch-logs" {
-  name   = "${var.site_name}-lambda-edge-cloudwatch-logs"
-  role   = aws_iam_role.lambda-edge.name
-  policy = data.aws_iam_policy_document.lambda-edge-cloudwatch-logs.json
+  )
 }
diff --git a/modules/cloudfront/variables.tf b/modules/cloudfront/variables.tf
index ad773fa..b2a8ee8 100644
--- a/modules/cloudfront/variables.tf
+++ b/modules/cloudfront/variables.tf
@@ -36,3 +36,11 @@ variable "waf_acl_arn" {
   default     = null
   description = "The ARN of the WAF ACL applied to the CloudFront distribution."
 }
+
+variable "cloudfront_function_301_redirects" {
+  type = map(any)
+  default = {
+    "^(.*)index\\.php$" : "$1"
+  }
+  description = "A list of key value pairs of Regex match and destination for 301 redirects at CloudFront."
+}
diff --git a/modules/codebuild/README.md b/modules/codebuild/README.md
index b0fe45b..3797cc4 100644
--- a/modules/codebuild/README.md
+++ b/modules/codebuild/README.md
@@ -10,10 +10,13 @@ This module sets up the build to take a vanilla Wordpress image and bake customi
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS account ID into which resources will be launched. | `string` | n/a | yes |
 | <a name="input_codebuild_bucket"></a> [codebuild\_bucket](#input\_codebuild\_bucket) | The name of the bucket used for codebuild of the image. | `string` | n/a | yes |
 | <a name="input_container_memory"></a> [container\_memory](#input\_container\_memory) | The memory allocated to the container (in MB) | `number` | n/a | yes |
+| <a name="input_graviton_codebuild_enabled"></a> [graviton\_codebuild\_enabled](#input\_graviton\_codebuild\_enabled) | Flag that controls whether CodeBuild should use Graviton-based build agents in [supported regions](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html). | `bool` | `false` | no |
 | <a name="input_main_vpc_id"></a> [main\_vpc\_id](#input\_main\_vpc\_id) | The VPC ID into which to launch resources. | `string` | n/a | yes |
 | <a name="input_site_domain"></a> [site\_domain](#input\_site\_domain) | The site domain name to configure (without any subdomains such as 'www') | `string` | n/a | yes |
 | <a name="input_site_name"></a> [site\_name](#input\_site\_name) | The unique name for this instance of the module. Required to deploy multiple wordpress instances to the same AWS account (if desired). | `string` | n/a | yes |
 | <a name="input_wordpress_ecr_repository"></a> [wordpress\_ecr\_repository](#input\_wordpress\_ecr\_repository) | The ECR repository where the Wordpress image is stored. | `string` | n/a | yes |
+| <a name="input_wp2static_s3_addon_version"></a> [wp2static\_s3\_addon\_version](#input\_wp2static\_s3\_addon\_version) | Version of the WP2Static S3 Add-on to use from https://github.com/leonstafford/wp2static-addon-s3/releases/ | `string` | `"1.0"` | no |
+| <a name="input_wp2static_version"></a> [wp2static\_version](#input\_wp2static\_version) | Version of WP2Static to use from https://github.com/leonstafford/wp2static/releases | `string` | `"7.1.7"` | no |
 ## Modules
 
 No modules.
@@ -35,8 +38,10 @@ No requirements.
 | [aws_iam_role.codebuild_service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.codebuild_role_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_s3_bucket.code_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_object.wordpress_dockerbuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | resource |
+| [aws_s3_bucket_acl.code_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
 | [aws_s3_bucket_public_access_block.code_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.code_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_object.wordpress_dockerbuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
 | [aws_security_group.codebuild_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [local_file.php_ini](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [archive_file.code_build_package](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
diff --git a/modules/codebuild/codebuild_files/Dockerfile_serverless_wordpress b/modules/codebuild/codebuild_files/Dockerfile_serverless_wordpress
index 8b09544..9bb4669 100644
--- a/modules/codebuild/codebuild_files/Dockerfile_serverless_wordpress
+++ b/modules/codebuild/codebuild_files/Dockerfile_serverless_wordpress
@@ -1,12 +1,17 @@
 ARG aws_account_id
 ARG aws_region
 ARG ecr_repo_name
+ARG wp2static_version
+ARG wp2static_s3_addon_version
 
 FROM ${aws_account_id}.dkr.ecr.${aws_region}.amazonaws.com/${ecr_repo_name}:base
-COPY ["wp-cli.phar", "serverless-wordpress-wp2static.zip","serverless-wordpress-s3-addon.zip","/tmp/"]
+COPY ["wp-cli.phar", "/tmp/"]
 COPY docker-entrypoint.sh /usr/local/bin/
 RUN apt-get update && apt-get install -y sudo jq awscli mariadb-client && chmod +x /usr/local/bin/docker-entrypoint.sh && chmod +x /tmp/wp-cli.phar && mv /tmp/wp-cli.phar /usr/local/bin/wp \
 && rm -rf /var/lib/apt/lists/*
 
+RUN curl https://github.com/WP2Static/wp2static/archive/refs/tags/${wp2static_version}.zip -o /tmp/serverless-wordpress-wp2static.zip
+RUN curl https://github.com/leonstafford/wp2static-addon-s3/archive/refs/tags/${wp2static_s3_addon_version}.zip -o /tmp/serverless-wordpress-s3-addon.zip
+
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 COPY ["php.ini", "$PHP_INI_DIR/conf.d/"]
diff --git a/modules/codebuild/codebuild_files/buildspec.yml b/modules/codebuild/codebuild_files/buildspec.yml
index 5a181c7..dcdd872 100644
--- a/modules/codebuild/codebuild_files/buildspec.yml
+++ b/modules/codebuild/codebuild_files/buildspec.yml
@@ -21,7 +21,9 @@ phases:
         docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG --build-arg
         aws_account_id=$AWS_ACCOUNT_ID --build-arg
         aws_region=$AWS_DEFAULT_REGION --build-arg
-        ecr_repo_name=$IMAGE_REPO_NAME -f Dockerfile_serverless_wordpress .
+        ecr_repo_name=$IMAGE_REPO_NAME --build-arg
+        wp2static_version=$WP2STATIC_VERSION --build-arg
+        wp2static_s3_addon_version=$WP2STATIC_S3_ADDON_VERSION  -f Dockerfile_serverless_wordpress .
       # yamllint disable-line rule:line-length
       - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
   post_build:
diff --git a/modules/codebuild/codebuild_files/docker-entrypoint.sh b/modules/codebuild/codebuild_files/docker-entrypoint.sh
index d7ee68e..1e97c5c 100644
--- a/modules/codebuild/codebuild_files/docker-entrypoint.sh
+++ b/modules/codebuild/codebuild_files/docker-entrypoint.sh
@@ -318,6 +318,8 @@ fi
 if ! sudo -u www-data wp plugin is-installed wp2static-addon-s3; then
 	sudo -u www-data wp plugin install /tmp/serverless-wordpress-s3-addon.zip --activate --path=/var/www/html || true
 fi
+# Update WP_MEMORY_LIMIT
+sudo -u www-data wp config set WP_MEMORY_LIMIT ${WP_MEMORY_LIMIT}
 # # Update Wordpress options with IP of running container
 sudo -u www-data wp option update siteurl "http://${CONTAINER_DNS}" || true
 sudo -u www-data wp option update home "http://${CONTAINER_DNS}" || true
diff --git a/modules/codebuild/codebuild_files/serverless-wordpress-s3-addon.zip b/modules/codebuild/codebuild_files/serverless-wordpress-s3-addon.zip
deleted file mode 100644
index a31de89..0000000
Binary files a/modules/codebuild/codebuild_files/serverless-wordpress-s3-addon.zip and /dev/null differ
diff --git a/modules/codebuild/codebuild_files/serverless-wordpress-wp2static.zip b/modules/codebuild/codebuild_files/serverless-wordpress-wp2static.zip
deleted file mode 100644
index cb76453..0000000
Binary files a/modules/codebuild/codebuild_files/serverless-wordpress-wp2static.zip and /dev/null differ
diff --git a/modules/codebuild/main.tf b/modules/codebuild/main.tf
index 70fbe2e..d04ef20 100644
--- a/modules/codebuild/main.tf
+++ b/modules/codebuild/main.tf
@@ -2,16 +2,22 @@ data "aws_region" "current" {}
 
 # TODO: Add optional logging for S3 bucket
 # TODO: Add optional versioning for S3 bucket
-#tfsec:ignore:AWS002 #tfsec:ignore:AWS077
+#tfsec:ignore:AWS002 #tfsec:ignore:AWS017 #tfsec:ignore:AWS077
 resource "aws_s3_bucket" "code_source" {
   bucket        = var.codebuild_bucket
-  acl           = "private"
   force_destroy = true
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+}
+
+resource "aws_s3_bucket_acl" "code_source" {
+  bucket = aws_s3_bucket.code_source.bucket
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "code_source" {
+  bucket = aws_s3_bucket.code_source.bucket
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
     }
   }
 }
@@ -55,7 +61,7 @@ resource "aws_iam_role_policy_attachment" "codebuild_role_attachment" {
   policy_arn = "arn:aws:iam::aws:policy/PowerUserAccess"
 }
 
-resource "aws_s3_bucket_object" "wordpress_dockerbuild" {
+resource "aws_s3_object" "wordpress_dockerbuild" {
   bucket = aws_s3_bucket.code_source.id
   key    = "wordpress_docker.zip"
   source = "${path.module}/codebuild_files/wordpress_docker.zip"
@@ -100,9 +106,10 @@ resource "aws_codebuild_project" "wordpress_docker_build" {
   }
 
   environment {
-    compute_type                = "BUILD_GENERAL1_SMALL"
-    image                       = "aws/codebuild/standard:4.0"
-    type                        = "LINUX_CONTAINER"
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = var.graviton_codebuild_enabled ? "aws/codebuild/amazonlinux2-aarch64-standard:2.0" : "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    # Use ARM for codebuild if in supporting region
+    type                        = var.graviton_codebuild_enabled ? (contains(local.arm_container_regions, data.aws_region.current.name) ? "ARM_CONTAINER" : "LINUX_CONTAINER") : "LINUX_CONTAINER"
     image_pull_credentials_type = "CODEBUILD"
     privileged_mode             = true
 
@@ -122,6 +129,14 @@ resource "aws_codebuild_project" "wordpress_docker_build" {
       name  = "IMAGE_TAG"
       value = "latest"
     }
+    environment_variable {
+      name  = "WP2STATIC_VERSION"
+      value = var.wp2static_version
+    }
+    environment_variable {
+      name  = "WP2STATIC_S3_ADDON_VERSION"
+      value = var.wp2static_s3_addon_version
+    }
   }
 
   logs_config {
@@ -133,7 +148,7 @@ resource "aws_codebuild_project" "wordpress_docker_build" {
 
   source {
     type     = "S3"
-    location = "${aws_s3_bucket.code_source.id}/${aws_s3_bucket_object.wordpress_dockerbuild.id}"
+    location = "${aws_s3_bucket.code_source.id}/${aws_s3_object.wordpress_dockerbuild.id}"
 
   }
 }
diff --git a/modules/codebuild/variables.tf b/modules/codebuild/variables.tf
index 304200b..96273ad 100644
--- a/modules/codebuild/variables.tf
+++ b/modules/codebuild/variables.tf
@@ -1,3 +1,24 @@
+locals {
+  # https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html
+  # Regions supporting Graviton for CodeBuild
+  arm_container_regions = [
+    "us-east-2",
+    "us-east-1",
+    "us-west-1",
+    "us-west-2",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ca-central-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "eu-central-1"
+  ]
+}
+
 variable "codebuild_bucket" {
   type        = string
   description = "The name of the bucket used for codebuild of the image. "
@@ -36,3 +57,21 @@ variable "container_memory" {
   type        = number
   description = "The memory allocated to the container (in MB)"
 }
+
+variable "graviton_codebuild_enabled" {
+  type        = bool
+  default     = false
+  description = "Flag that controls whether CodeBuild should use Graviton-based build agents in [supported regions](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html)."
+}
+
+variable "wp2static_version" {
+  type        = string
+  description = "Version of WP2Static to use from https://github.com/WP2Static/wp2static/releases"
+  default     = "7.1.7"
+}
+
+variable "wp2static_s3_addon_version" {
+  type        = string
+  description = "Version of the WP2Static S3 Add-on to use from https://github.com/leonstafford/wp2static-addon-s3/releases/"
+  default     = "1.0"
+}
diff --git a/modules/lambda_slack/README.md b/modules/lambda_slack/README.md
index 6383c21..55101c6 100644
--- a/modules/lambda_slack/README.md
+++ b/modules/lambda_slack/README.md
@@ -24,12 +24,14 @@ No requirements.
 | Name | Type |
 |------|------|
 | [aws_cloudwatch_event_rule.ecs_wordpress_instance_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
+| [aws_cloudwatch_event_rule.ecs_wordpress_service_action](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
 | [aws_cloudwatch_event_rule.ecs_wordpress_service_deployment_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
 | [aws_cloudwatch_event_rule.ecs_wordpress_task_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
 | [aws_cloudwatch_event_rule.rds_wordpress_cluster_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
 | [aws_cloudwatch_event_target.lambda_slack_cluster_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_event_target.lambda_slack_deployment_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_event_target.lambda_slack_instance_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_cloudwatch_event_target.lambda_slack_service_action](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_event_target.lambda_slack_task_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_log_group.lambda_slack](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -39,6 +41,7 @@ No requirements.
 | [aws_lambda_permission.allow_rule_cluster_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_lambda_permission.allow_rule_deployment_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_lambda_permission.allow_rule_instance_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+| [aws_lambda_permission.allow_rule_service_action](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_lambda_permission.allow_rule_task_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [archive_file.lambda_slack](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
 | [aws_iam_policy_document.lambda-cloudwatch-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/modules/lambda_slack/main.tf b/modules/lambda_slack/main.tf
index 0879609..37aef3f 100644
--- a/modules/lambda_slack/main.tf
+++ b/modules/lambda_slack/main.tf
@@ -120,26 +120,26 @@ resource "aws_cloudwatch_event_rule" "ecs_wordpress_instance_state" {
   )
 }
 
-# resource "aws_cloudwatch_event_rule" "ecs_wordpress_service_action" {
-#   name        = "ecs-wordpress-service-action"
-#   description = "Event on Wordpress ECS Service Action"
-
-#   event_pattern = jsonencode(
-# {
-#   "source": [
-#     "aws.ecs"
-#   ],
-#   "detail-type": [
-#     "ECS Service Action"
-#   ],
-#   "detail": {
-#     "clusterArn": [
-#       aws_ecs_cluster.wordpress_cluster.arn
-#     ]
-#   }
-# }
-# )
-# }
+resource "aws_cloudwatch_event_rule" "ecs_wordpress_service_action" {
+  name        = "${var.site_name}-ecs-wordpress-service-action"
+  description = "Event on Wordpress ECS Service Action"
+
+  event_pattern = jsonencode(
+    {
+      "source" : [
+        "aws.ecs"
+      ],
+      "detail-type" : [
+        "ECS Service Action"
+      ],
+      "detail" : {
+        "clusterArn" : [
+          var.ecs_cluster_arn
+        ]
+      }
+    }
+  )
+}
 
 resource "aws_cloudwatch_event_rule" "ecs_wordpress_service_deployment_state" {
   name        = "${var.site_name}-ecs-wordpress-deployment-state"
@@ -178,10 +178,10 @@ resource "aws_cloudwatch_event_target" "lambda_slack_task_state" {
   rule = aws_cloudwatch_event_rule.ecs_wordpress_task_state.id
 }
 
-# resource "aws_cloudwatch_event_target" "lambda_slack_service_action" {
-#   arn  = aws_lambda_function.lambda_slack.arn
-#   rule = aws_cloudwatch_event_rule.ecs_wordpress_service_action.id
-# }
+resource "aws_cloudwatch_event_target" "lambda_slack_service_action" {
+  arn  = aws_lambda_function.lambda_slack.arn
+  rule = aws_cloudwatch_event_rule.ecs_wordpress_service_action.id
+}
 
 resource "aws_cloudwatch_event_target" "lambda_slack_instance_state" {
   arn  = aws_lambda_function.lambda_slack.arn
@@ -206,13 +206,13 @@ resource "aws_lambda_permission" "allow_rule_task_state" {
   source_arn    = aws_cloudwatch_event_rule.ecs_wordpress_task_state.arn
 }
 
-# resource "aws_lambda_permission" "allow_rule_service_action" {
-#   statement_id  = "AllowExecutionFromECSServiceAction"
-#   action        = "lambda:InvokeFunction"
-#   function_name = aws_lambda_function.lambda_slack.function_name
-#   principal     = "events.amazonaws.com"
-#   source_arn    = aws_cloudwatch_event_rule.ecs_wordpress_service_action.arn
-# }
+resource "aws_lambda_permission" "allow_rule_service_action" {
+  statement_id  = "AllowExecutionFromECSServiceAction"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.lambda_slack.function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.ecs_wordpress_service_action.arn
+}
 
 resource "aws_lambda_permission" "allow_rule_instance_state" {
   statement_id  = "AllowExecutionFromECSInstanceState"
diff --git a/provider.tf b/provider.tf
index 4766ad4..1ab964a 100644
--- a/provider.tf
+++ b/provider.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.15.1"
+  required_version = ">= 1.1.7"
   required_providers {
     aws = {
       source = "hashicorp/aws"
       # https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md
-      version               = "~> 3.0"
+      version               = "~> 4.0"
       configuration_aliases = [aws.ue1]
     }
     random = {
diff --git a/task-definitions/wordpress.json b/task-definitions/wordpress.json
index 86f8533..543e596 100644
--- a/task-definitions/wordpress.json
+++ b/task-definitions/wordpress.json
@@ -14,7 +14,8 @@
         {"name": "CONTAINER_DNS_ZONE", "value": "${container_dns_zone}"},
         {"name": "WORDPRESS_ADMIN_USER", "value": "${wordpress_admin_user}"},
         {"name": "WORDPRESS_ADMIN_PASSWORD", "value": "${wordpress_admin_password}"},
-        {"name": "WORDPRESS_ADMIN_EMAIL", "value": "${wordpress_admin_email}"}
+        {"name": "WORDPRESS_ADMIN_EMAIL", "value": "${wordpress_admin_email}"},
+        {"name": "WP_MEMORY_LIMIT", "value": "${wordpress_memory_limit}"}
     ],
     "essential": true,
     "image": "${wordpress_image}",
@@ -34,6 +35,13 @@
             "readOnly": false
         }
     ],
+    "healthCheck": {
+      "retries": 10,
+      "command": [ "CMD-SHELL", "curl -f http://localhost:80/ || exit 1" ],
+      "timeout": 5,
+      "interval": 10,
+      "startPeriod": 60
+    },
     "volumesFrom" : [],
     "logConfiguration": {
         "logDriver": "awslogs",
diff --git a/variables.tf b/variables.tf
index 34a5a15..b9f204e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,10 @@
+locals {
+  graviton_fargate_regions_unsupported = [
+    "af-south-1",
+    "me-south-1"
+  ]
+}
+
 variable "main_vpc_id" {
   type        = string
   description = "The VPC ID into which to launch resources."
@@ -97,6 +104,14 @@ variable "cloudfront_class" {
   default     = "PriceClass_All"
 }
 
+variable "cloudfront_function_301_redirects" {
+  type = map(any)
+  default = {
+    "^(.*)index\\.php$" : "$1"
+  }
+  description = "A list of key value pairs of Regex match and destination for 301 redirects at CloudFront."
+}
+
 variable "hosted_zone_id" {
   type        = string
   description = "The Route53 HostedZone ID to use to create records in."
@@ -133,6 +148,24 @@ variable "wordpress_admin_email" {
   default     = "admin@example.com"
 }
 
+variable "wordpress_memory_limit" {
+  type        = string
+  description = "The memory to allow the Wordpress process to use (in M)"
+  default     = "256M"
+}
+
+variable "wp2static_version" {
+  type        = string
+  description = "Version of WP2Static to use from https://github.com/WP2Static/wp2static/releases"
+  default     = "7.1.7"
+}
+
+variable "wp2static_s3_addon_version" {
+  type        = string
+  description = "Version of the WP2Static S3 Add-on to use from https://github.com/leonstafford/wp2static-addon-s3/releases/"
+  default     = "1.0"
+}
+
 variable "waf_acl_rules" {
   type        = list(any)
   description = "List of WAF rules to apply. Can be customized to apply others created outside of module."
@@ -166,3 +199,15 @@ variable "waf_acl_rules" {
     }
   ]
 }
+
+variable "graviton_codebuild_enabled" {
+  type        = bool
+  default     = false
+  description = "Flag that controls whether CodeBuild should use Graviton-based build agents in [supported regions](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html)."
+}
+
+variable "graviton_fargate_enabled" {
+  type        = bool
+  default     = false
+  description = "Flag that controls whether ECS Fargate should use Graviton-based containers in [supported regions]https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate-Regions.html)."
+}