diff --git a/README.md b/README.md
index f744b73..fca3ab2 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Terraform AWS Access
 
+WARNING! The subnets argument must not be derived from an apply time resource.
+
 ## Recent Changes
 
 - Manage external access
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index 89f7a0f..0950c7f 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -13,17 +13,11 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "basic"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
   zone         = var.zone
   domain       = "${local.identifier}.${local.zone}"
 }
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
-}
+
 # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "this" {
   source              = "../../"
diff --git a/examples/domain/main.tf b/examples/domain/main.tf
index 3d577ae..506e70e 100644
--- a/examples/domain/main.tf
+++ b/examples/domain/main.tf
@@ -13,19 +13,13 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "domain"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
   owner        = "terraform-ci@suse.com"
   zone         = var.zone
   domain       = "${local.identifier}.${local.zone}"
   #zone = var.domain_zone
 }
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
-}
+
 # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "this" {
   source              = "../../"
diff --git a/examples/ingress/main.tf b/examples/ingress/main.tf
index 7067519..4b2b231 100644
--- a/examples/ingress/main.tf
+++ b/examples/ingress/main.tf
@@ -14,17 +14,11 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "ingress"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
   zone         = var.zone
   domain       = "${local.identifier}.${local.zone}"
 }
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
-}
+
 # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "this" {
   source              = "../../"
diff --git a/examples/loadbalancer/main.tf b/examples/loadbalancer/main.tf
index f06e7f8..fc33350 100644
--- a/examples/loadbalancer/main.tf
+++ b/examples/loadbalancer/main.tf
@@ -13,15 +13,9 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "loadbalancer"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
-}
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
 }
+
 # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "this" {
   source              = "../../"
diff --git a/examples/securitygroup/main.tf b/examples/securitygroup/main.tf
index 6e99a32..afec602 100644
--- a/examples/securitygroup/main.tf
+++ b/examples/securitygroup/main.tf
@@ -13,15 +13,9 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "securitygroup"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
-}
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
 }
+
 # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "this" {
   source                     = "../../"
diff --git a/examples/selectvpc/main.tf b/examples/selectvpc/main.tf
index 7a7ddf6..05bcf9b 100644
--- a/examples/selectvpc/main.tf
+++ b/examples/selectvpc/main.tf
@@ -14,17 +14,10 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "selectvpc"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
   zone         = var.zone
   domain       = "${local.identifier}.${local.zone}"
 }
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
-}
 
 module "setup" {
   source              = "../../"
diff --git a/examples/subnets/main.tf b/examples/subnets/main.tf
index e3fb4a1..17720eb 100644
--- a/examples/subnets/main.tf
+++ b/examples/subnets/main.tf
@@ -13,32 +13,26 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "subnets"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
-}
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
 }
+
 # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "this" {
   source   = "../../"
   vpc_name = "${local.project_name}-vpc"
   vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
   subnets = {
-    "subnetA" = {
+    "${local.project_name}A" = {
       cidr              = "10.0.255.0/26"
       availability_zone = "us-west-2a"
       public            = false # when true AWS will automatically provision public ips for instances in this subnet
     }
-    "subnetB" = {
+    "${local.project_name}B" = {
       cidr              = "10.0.255.64/26"
       availability_zone = "us-west-2b"
       public            = false # when true AWS will automatically provision public ips for instances in this subnet
     }
-    "subnetC" = {
+    "${local.project_name}C" = {
       cidr              = "10.0.255.128/26"
       availability_zone = "us-west-2c"
       public            = false # when true AWS will automatically provision public ips for instances in this subnet
diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf
index 338b722..0d8d407 100644
--- a/examples/vpc/main.tf
+++ b/examples/vpc/main.tf
@@ -13,15 +13,9 @@ provider "acme" {
 locals {
   identifier   = var.identifier
   example      = "vpc"
-  project_name = "tf-${substr(md5(join("-", [local.example, random_pet.string.id])), 0, 5)}-${local.identifier}"
-}
-resource "random_pet" "string" {
-  keepers = {
-    # regenerate the pet name when the identifier changes
-    identifier = local.identifier
-  }
-  length = 1
+  project_name = "tf-${substr(md5(join("-", [local.example, md5(local.identifier)])), 0, 5)}-${local.identifier}"
 }
+
 # AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "this" {
   source              = "../../"
diff --git a/main.tf b/main.tf
index 68cfb2f..9d4eaea 100644
--- a/main.tf
+++ b/main.tf
@@ -47,7 +47,7 @@ locals {
   vpc_cidr = (var.vpc_cidr == "" ? "10.0.255.0/24" : var.vpc_cidr)
 
   # subnet
-  subnets                    = (local.subnet_mod == 1 ? var.subnets : {})
+  subnets                    = var.subnets
   subnet_names               = keys(local.subnets)
   subnet_count               = length(local.subnets)
   newbits                    = (local.subnet_count > 1 ? ceil(log(local.subnet_count, 2)) : 1)
@@ -86,7 +86,7 @@ module "subnet" {
   depends_on = [
     module.vpc,
   ]
-  for_each          = local.subnets
+  for_each          = (local.subnet_mod == 1 ? local.subnets : {})
   source            = "./modules/subnet"
   use               = local.subnet_use_strategy
   vpc_id            = module.vpc[0].id
diff --git a/variables.tf b/variables.tf
index ec60d98..91bd763 100644
--- a/variables.tf
+++ b/variables.tf
@@ -79,6 +79,7 @@ variable "subnets" {
      - The cidr will be generated based on the VPC's cidr and the number of subnets you are creating.
      - The public flag will be set to false.
     If you are expecting high availability, make sure there are at least three availability zones in the region you are deploying to.
+    WARNING! The key for this argument must not be derived from a resource, it must be static.
   EOT
   default = { "default" = {
     cidr              = "", # will be generated based on the vpc cidr
@@ -221,4 +222,4 @@ variable "domain_zone" {
     If you are using an existing domain zone, you can leave this blank.
   EOT
   default     = ""
-}
\ No newline at end of file
+}