diff --git a/api.tf b/api.tf
index 8130a2a..0ddd149 100644
--- a/api.tf
+++ b/api.tf
@@ -1,5 +1,10 @@
 resource "aws_api_gateway_rest_api" "root" {
   name = local.api_gateway_name
+  endpoint_configuration {
+    types = var.api_type
+    vpc_endpoint_ids = local.vpc_endpoint_id
+  }
+  policy = local.api_access_policy
 }
 
 resource "aws_api_gateway_resource" "modules_root" {
@@ -36,7 +41,13 @@ resource "aws_api_gateway_deployment" "live" {
     module.modules_v1,
     module.disco,
   ]
-
   rest_api_id = aws_api_gateway_rest_api.root.id
   stage_name  = "live"
+  variables = {
+    deployment_version = formatdate("MMDDYYYYHHmmss", timestamp())
+    version_scheme = "MMDDYYYHHmmss"
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
 }
diff --git a/hostname.tf b/hostname.tf
index 908f7b0..8bda010 100644
--- a/hostname.tf
+++ b/hostname.tf
@@ -10,7 +10,7 @@ resource "aws_api_gateway_domain_name" "main" {
 
   domain_name              = local.friendly_hostname.host
   regional_certificate_arn = local.friendly_hostname.acm_certificate_arn
-
+  security_policy = var.domain_security_policy
   endpoint_configuration {
     types = ["REGIONAL"]
   }
@@ -18,7 +18,6 @@ resource "aws_api_gateway_domain_name" "main" {
 
 resource "aws_api_gateway_base_path_mapping" "main" {
   count = length(aws_api_gateway_domain_name.main)
-
   api_id      = aws_api_gateway_deployment.live.rest_api_id
   stage_name  = aws_api_gateway_deployment.live.stage_name
   domain_name = aws_api_gateway_domain_name.main[count.index].domain_name
diff --git a/modules/modules.v1/api_download.tf b/modules/modules.v1/api_download.tf
index a1a9959..f73014a 100644
--- a/modules/modules.v1/api_download.tf
+++ b/modules/modules.v1/api_download.tf
@@ -7,24 +7,25 @@ resource "aws_api_gateway_method" "download_GET" {
   authorizer_id = local.authorizer.id
 }
 
+data template_file "download_request" {
+  template = file("${path.module}/files/download_request.tpl")
+  vars = {
+    dynamo_table_name = var.dynamodb_table_name
+  }
+}
+
 resource "aws_api_gateway_integration" "download_GET" {
   rest_api_id = aws_api_gateway_method.download_GET.rest_api_id
   resource_id = aws_api_gateway_method.download_GET.resource_id
   http_method = aws_api_gateway_method.download_GET.http_method
 
   type                    = "AWS"
-  uri                     = "arn:aws:apigateway:us-west-2:dynamodb:action/GetItem"
+  uri                     = "arn:aws:apigateway:${data.aws_region.region.name}:dynamodb:action/GetItem"
   integration_http_method = "POST"
   credentials             = var.dynamodb_query_role_arn
 
   request_templates = {
-    "application/json" = jsonencode({
-      TableName = var.dynamodb_table_name
-      Key : {
-        Id      = { S = "$util.urlEncode($input.params('namespace'))/$util.urlEncode($input.params('module'))/$util.urlEncode($input.params('provider'))" }
-        Version = { S = "$util.urlEncode($input.params('version'))" }
-      }
-    })
+    "application/json" = data.template_file.download_request.rendered
   }
 }
 
@@ -50,12 +51,6 @@ resource "aws_api_gateway_integration_response" "download_GET_200" {
   }
 
   response_templates = {
-    "application/json" = <<EOT
-#set($inputRoot = $input.path('$'))
-{
-  "version": "$util.escapeJavaScript($inputRoot.Item.Version.S)",
-  "source": "$util.escapeJavaScript($inputRoot.Item.Source.S)",
-}
-EOT
+    "application/json" = file("${path.module}/files/download_response.template")
   }
 }
diff --git a/modules/modules.v1/api_versions.tf b/modules/modules.v1/api_versions.tf
index 2b943cd..9802fba 100644
--- a/modules/modules.v1/api_versions.tf
+++ b/modules/modules.v1/api_versions.tf
@@ -13,7 +13,7 @@ resource "aws_api_gateway_integration" "versions_GET" {
   http_method = aws_api_gateway_method.versions_GET.http_method
 
   type                    = "AWS"
-  uri                     = "arn:aws:apigateway:us-west-2:dynamodb:action/Query"
+  uri                     = "arn:aws:apigateway:${data.aws_region.region.name}:dynamodb:action/Query"
   integration_http_method = "POST"
   credentials             = var.dynamodb_query_role_arn
 
@@ -43,21 +43,6 @@ resource "aws_api_gateway_integration_response" "versions_GET_200" {
   status_code = aws_api_gateway_method_response.versions_GET_200.status_code
 
   response_templates = {
-    "application/json" = <<EOT
-#set($inputRoot = $input.path('$'))
-{
-  "modules": [
-    {
-      "versions": [
-#foreach($elem in $inputRoot.Items)        {
-        "version": "$util.escapeJavaScript($elem.Version.S)"
-      }#if($foreach.hasNext),#end
-
-	#end
-      ]
-    }
-  ]
-}
-EOT
+    "application/json" = file("${path.module}/files/version_request.template")
   }
 }
diff --git a/modules/modules.v1/data.tf b/modules/modules.v1/data.tf
new file mode 100644
index 0000000..ab4ff44
--- /dev/null
+++ b/modules/modules.v1/data.tf
@@ -0,0 +1 @@
+data aws_region "region" {}
\ No newline at end of file
diff --git a/modules/modules.v1/files/download_request.tpl b/modules/modules.v1/files/download_request.tpl
new file mode 100644
index 0000000..256ee0b
--- /dev/null
+++ b/modules/modules.v1/files/download_request.tpl
@@ -0,0 +1,7 @@
+{
+      "Key" : {
+        "Id" : { "S" : "$util.urlEncode($input.params('namespace'))/$util.urlEncode($input.params('module'))/$util.urlEncode($input.params('provider'))" },
+        "Version" : { "S" : "$util.urlEncode($input.params('version'))" }
+      },
+      "TableName" : "${dynamo_table_name}"
+}
\ No newline at end of file
diff --git a/modules/modules.v1/files/download_response.template b/modules/modules.v1/files/download_response.template
new file mode 100644
index 0000000..c0df8d1
--- /dev/null
+++ b/modules/modules.v1/files/download_response.template
@@ -0,0 +1,5 @@
+#set($inputRoot = $input.path('$'))
+{
+  "version": "$util.escapeJavaScript($inputRoot.Item.Version)",
+  "source": "$util.escapeJavaScript($inputRoot.Item.Source)",
+}
\ No newline at end of file
diff --git a/modules/modules.v1/files/version_request.template b/modules/modules.v1/files/version_request.template
new file mode 100644
index 0000000..f7d477d
--- /dev/null
+++ b/modules/modules.v1/files/version_request.template
@@ -0,0 +1,10 @@
+#set($inputRoot = $input.path('$'))
+{
+    "modules": [
+        {
+            "versions": [
+                #foreach($elem in $inputRoot.Items){"version": "$util.escapeJavaScript($elem.Version.S)"}#if($foreach.hasNext),#end#end
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 0c9bc78..716ae12 100644
--- a/variables.tf
+++ b/variables.tf
@@ -9,7 +9,7 @@ variable "friendly_hostname" {
 }
 
 variable "name_prefix" {
-  type        = "string"
+  type        = string
   default     = "TerraformRegistry"
   description = "A name to use as the prefix for the created API Gateway REST API, DynamoDB tables, etc"
 }
@@ -24,11 +24,34 @@ variable "lambda_authorizer" {
   default = null
 }
 
+variable "api_type" {
+  description = "Sets API type if you want a private API without a custom domain name, defaults to EDGE for public access"
+  default = ["EDGE"]
+  type = list(string)
+}
+
+variable "api_access_policy" {
+  description = "If using a Private API requires you to have an access policy configured and accepts a string, but must be valid json. Defaults to Null"
+  type = string
+}
+
+variable "domain_security_policy" {
+  description = "Sets the TLS version to desired state, defaults to 1.2"
+  type = string
+  default = "TLS_1_2"
+}
+
+variable "vpc_endpoint_ids" {
+  description = "Sets the VPC endpoint ID for a private API, defaults to null"
+  type = list(string)
+  default = null
+}
+
 locals {
   name_prefix = var.name_prefix
-
   api_gateway_name   = local.name_prefix
   modules_table_name = "${local.name_prefix}-modules"
-
   authorizers = var.lambda_authorizer != null ? [var.lambda_authorizer] : []
+  api_access_policy = var.api_type != "PRIVATE" ? var.api_access_policy : ""
+  vpc_endpoint_id = var.vpc_endpoint_ids != null ? var.vpc_endpoint_ids : []
 }