diff --git a/README.md b/README.md
index 3ac084f..f60b1b0 100644
--- a/README.md
+++ b/README.md
@@ -281,7 +281,7 @@ Available targets:
 | <a name="input_lambda_memory_size"></a> [lambda\_memory\_size](#input\_lambda\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime | `number` | `128` | no |
 | <a name="input_lambda_policy_source_json"></a> [lambda\_policy\_source\_json](#input\_lambda\_policy\_source\_json) | Additional IAM policy document that can optionally be passed and merged with the created policy document | `string` | `""` | no |
 | <a name="input_lambda_reserved_concurrent_executions"></a> [lambda\_reserved\_concurrent\_executions](#input\_lambda\_reserved\_concurrent\_executions) | Amount of reserved concurrent executions for the lambda function. A value of 0 disables Lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1 | `number` | `-1` | no |
-| <a name="input_lambda_runtime"></a> [lambda\_runtime](#input\_lambda\_runtime) | Runtime environment for Datadog Lambda | `string` | `"python3.7"` | no |
+| <a name="input_lambda_runtime"></a> [lambda\_runtime](#input\_lambda\_runtime) | Runtime environment for Datadog Lambda | `string` | `"python3.11"` | no |
 | <a name="input_lambda_timeout"></a> [lambda\_timeout](#input\_lambda\_timeout) | Amount of time your Datadog Lambda Function has to run in seconds | `number` | `120` | no |
 | <a name="input_log_permissions_boundary"></a> [log\_permissions\_boundary](#input\_log\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the lambda-log role managed by this module. | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index c1b44a9..c53072e 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -117,7 +117,7 @@
 | <a name="input_lambda_memory_size"></a> [lambda\_memory\_size](#input\_lambda\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime | `number` | `128` | no |
 | <a name="input_lambda_policy_source_json"></a> [lambda\_policy\_source\_json](#input\_lambda\_policy\_source\_json) | Additional IAM policy document that can optionally be passed and merged with the created policy document | `string` | `""` | no |
 | <a name="input_lambda_reserved_concurrent_executions"></a> [lambda\_reserved\_concurrent\_executions](#input\_lambda\_reserved\_concurrent\_executions) | Amount of reserved concurrent executions for the lambda function. A value of 0 disables Lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1 | `number` | `-1` | no |
-| <a name="input_lambda_runtime"></a> [lambda\_runtime](#input\_lambda\_runtime) | Runtime environment for Datadog Lambda | `string` | `"python3.7"` | no |
+| <a name="input_lambda_runtime"></a> [lambda\_runtime](#input\_lambda\_runtime) | Runtime environment for Datadog Lambda | `string` | `"python3.11"` | no |
 | <a name="input_lambda_timeout"></a> [lambda\_timeout](#input\_lambda\_timeout) | Amount of time your Datadog Lambda Function has to run in seconds | `number` | `120` | no |
 | <a name="input_log_permissions_boundary"></a> [log\_permissions\_boundary](#input\_log\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the lambda-log role managed by this module. | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
diff --git a/variables.tf b/variables.tf
index 71914e9..2f69e2a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -32,7 +32,7 @@ variable "datadog_forwarder_lambda_environment_variables" {
 variable "lambda_runtime" {
   type        = string
   description = "Runtime environment for Datadog Lambda"
-  default     = "python3.7"
+  default     = "python3.11"
 }
 
 variable "lambda_timeout" {
@@ -79,8 +79,8 @@ variable "dd_api_key_source" {
 
   # Check SSM name format
   validation {
-    condition     = var.dd_api_key_source.resource == "ssm" ? can(regex("^[a-zA-Z0-9_./-]+$", var.dd_api_key_source.identifier)) : true
-    error_message = "Name for SSM parameter does not appear to be valid format, acceptable characters are `a-zA-Z0-9_.-` and `/` to delineate hierarchies."
+    condition     = var.dd_api_key_source.resource == "ssm" ? can(regex("^[a-zA-Z0-9_./-]+$", var.dd_api_key_source.identifier)) || can(regex("^arn:[^:]*:ssm:[^:]*:[^:]*:parameter/[a-zA-Z0-9_./-]+$", var.dd_api_key_source.identifier)) : true
+    error_message = "API key source identifier must either be full arn or name of SSM parameter. Acceptable characters for name are `a-zA-Z0-9_.-` and `/` to delineate hierarchies."
   }
 }