diff --git a/README.md b/README.md
index c430a54..8b27075 100644
--- a/README.md
+++ b/README.md
@@ -167,14 +167,14 @@ module "parameter" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.37 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.11 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.8 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.37 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.8 |
 
 ## Modules
 
@@ -191,19 +191,21 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_allowed_pattern"></a> [allowed\_pattern](#input\_allowed\_pattern) | Regular expression used to validate the parameter value. | `string` | `null` | no |
+| <a name="input_allowed_pattern"></a> [allowed\_pattern](#input\_allowed\_pattern) | Regular expression used to validate the parameter value | `string` | `null` | no |
 | <a name="input_create"></a> [create](#input\_create) | Whether to create SSM Parameter | `bool` | `true` | no |
-| <a name="input_data_type"></a> [data\_type](#input\_data\_type) | Data type of the parameter. Valid values: text, aws:ssm:integration and aws:ec2:image for AMI format. | `string` | `null` | no |
+| <a name="input_data_type"></a> [data\_type](#input\_data\_type) | Data type of the parameter. Valid values: `text`, `aws:ssm:integration` and `aws:ec2:image` for AMI format, see the [Native parameter support for Amazon Machine Image IDs](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-ec2-aliases.html) | `string` | `null` | no |
 | <a name="input_description"></a> [description](#input\_description) | Description of the parameter | `string` | `null` | no |
 | <a name="input_ignore_value_changes"></a> [ignore\_value\_changes](#input\_ignore\_value\_changes) | Whether to create SSM Parameter and ignore changes in value | `bool` | `false` | no |
-| <a name="input_key_id"></a> [key\_id](#input\_key\_id) | KMS key ID or ARN for encrypting a parameter (when type is SecureString) | `string` | `null` | no |
-| <a name="input_name"></a> [name](#input\_name) | Name of SSM parameter | `string` | `null` | no |
-| <a name="input_overwrite"></a> [overwrite](#input\_overwrite) | Overwrite an existing parameter. If not specified, defaults to false during create operations to avoid overwriting existing resources and then true for all subsequent operations once the resource is managed by Terraform. Only relevant if ignore\_value\_changes is false. | `bool` | `false` | no |
-| <a name="input_secure_type"></a> [secure\_type](#input\_secure\_type) | Whether the type of the value should be considered as secure or not? | `bool` | `false` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to resources | `map(string)` | `{}` | no |
-| <a name="input_tier"></a> [tier](#input\_tier) | Parameter tier to assign to the parameter. If not specified, will use the default parameter tier for the region. Valid tiers are Standard, Advanced, and Intelligent-Tiering. Downgrading an Advanced tier parameter to Standard will recreate the resource. | `string` | `null` | no |
-| <a name="input_type"></a> [type](#input\_type) | Type of the parameter. Valid types are String, StringList and SecureString. | `string` | `null` | no |
+| <a name="input_key_id"></a> [key\_id](#input\_key\_id) | KMS key ID or ARN for encrypting a `SecureString` | `string` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the parameter. If the name contains a path (e.g., any forward slashes (`/`)), it must be fully qualified with a leading forward slash (`/`) | `string` | `null` | no |
+| <a name="input_overwrite"></a> [overwrite](#input\_overwrite) | Overwrite an existing parameter. If not specified, defaults to `false` during create operations to avoid overwriting existing resources and then `true` for all subsequent operations once the resource is managed by Terraform | `bool` | `false` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
+| <a name="input_secure_type"></a> [secure\_type](#input\_secure\_type) | Whether the type of the value should be considered as secure or not | `bool` | `false` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_tier"></a> [tier](#input\_tier) | Parameter tier to assign to the parameter. If not specified, will use the default parameter tier for the region. Valid tiers are Standard, Advanced, and Intelligent-Tiering. Downgrading an Advanced tier parameter to Standard will recreate the resource | `string` | `null` | no |
+| <a name="input_type"></a> [type](#input\_type) | Type of the parameter. Valid types are `String`, `StringList` and `SecureString` | `string` | `null` | no |
 | <a name="input_value"></a> [value](#input\_value) | Value of the parameter | `string` | `null` | no |
+| <a name="input_value_wo_version"></a> [value\_wo\_version](#input\_value\_wo\_version) | Value of the parameter. This value is always marked as sensitive in the Terraform plan output, regardless of type. Additionally, write-only values are never stored to state. `value_wo_version` can be used to trigger an update and is required with this argument | `number` | `null` | no |
 | <a name="input_values"></a> [values](#input\_values) | List of values of the parameter (will be jsonencoded to store as string natively in SSM) | `list(string)` | `[]` | no |
 
 ## Outputs
@@ -216,7 +218,6 @@ No modules.
 | <a name="output_secure_value"></a> [secure\_value](#output\_secure\_value) | Secure value of the parameter |
 | <a name="output_ssm_parameter_arn"></a> [ssm\_parameter\_arn](#output\_ssm\_parameter\_arn) | The ARN of the parameter |
 | <a name="output_ssm_parameter_name"></a> [ssm\_parameter\_name](#output\_ssm\_parameter\_name) | Name of the parameter |
-| <a name="output_ssm_parameter_tags_all"></a> [ssm\_parameter\_tags\_all](#output\_ssm\_parameter\_tags\_all) | All tags used for the parameter |
 | <a name="output_ssm_parameter_type"></a> [ssm\_parameter\_type](#output\_ssm\_parameter\_type) | Type of the parameter |
 | <a name="output_ssm_parameter_version"></a> [ssm\_parameter\_version](#output\_ssm\_parameter\_version) | Version of the parameter |
 | <a name="output_value"></a> [value](#output\_value) | Parameter value after jsondecode(). Probably this is what you are looking for |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 34a79fb..e021000 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -19,14 +19,14 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.37 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.11 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.8 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.37 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.8 |
 
 ## Modules
 
@@ -58,7 +58,6 @@ No inputs.
 | <a name="output_secure_value"></a> [secure\_value](#output\_secure\_value) | Secure value of the parameter |
 | <a name="output_ssm_parameter_arn"></a> [ssm\_parameter\_arn](#output\_ssm\_parameter\_arn) | The ARN of the parameter |
 | <a name="output_ssm_parameter_name"></a> [ssm\_parameter\_name](#output\_ssm\_parameter\_name) | Name of the parameter |
-| <a name="output_ssm_parameter_tags_all"></a> [ssm\_parameter\_tags\_all](#output\_ssm\_parameter\_tags\_all) | All tags used for the parameter |
 | <a name="output_ssm_parameter_type"></a> [ssm\_parameter\_type](#output\_ssm\_parameter\_type) | Type of the parameter |
 | <a name="output_ssm_parameter_version"></a> [ssm\_parameter\_version](#output\_ssm\_parameter\_version) | Version of the parameter |
 | <a name="output_value"></a> [value](#output\_value) | Parameter value after jsondecode(). Probably this is what you are looking for |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index b81117d..3df8069 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -11,11 +11,15 @@ locals {
     Example    = "complete"
     Repository = "github.com/terraform-aws-modules/terraform-aws-ssm-parameter"
   }
+}
+
+################################################################################
+# SSM Parameter
+################################################################################
 
+locals {
   parameters = {
-    #########
     # String
-    #########
     "string_simple" = {
       value = "string_value123"
     }
@@ -30,9 +34,7 @@ locals {
       data_type = "aws:ec2:image"
     }
 
-    ###############
     # SecureString
-    ###############
     "secure" = {
       type        = "SecureString"
       value       = "secret123123!!!"
@@ -66,9 +68,7 @@ locals {
       })
     }
 
-    #############
     # StringList
-    #############
     "list_as_autoguess_type" = {
       # List values should be specified as "values" (not "value")
       values = ["item1", "item2"]
@@ -108,10 +108,6 @@ locals {
   }
 }
 
-################################################################################
-# SSM Parameter Module
-################################################################################
-
 module "multiple" {
   source = "../../"
 
@@ -152,9 +148,9 @@ module "multiple_ignore_value_changes" {
   tags = local.tags
 }
 
-##########
+################################################################################
 # Wrapper
-##########
+################################################################################
 
 locals {
   parameters_for_wrapper = {
@@ -171,9 +167,9 @@ module "wrapper" {
   items = local.parameters_for_wrapper
 }
 
-###########
+################################################################################
 # Disabled
-###########
+################################################################################
 
 module "disabled" {
   source = "../../"
@@ -193,6 +189,6 @@ data "aws_ami" "amazon_linux" {
 
   filter {
     name   = "name"
-    values = ["amzn-ami-hvm-*-x86_64-gp2"]
+    values = ["amzn2-ami-*"]
   }
 }
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index b2e47b8..7eb2ff2 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -1,6 +1,6 @@
-#######################
+################################################################################
 # SSM Parameter values
-#######################
+################################################################################
 
 output "raw_value" {
   description = "Raw value of the parameter (as it is stored in SSM). Use 'value' output to get jsondecode'd value"
@@ -31,9 +31,9 @@ output "secure_type" {
   sensitive   = false
 }
 
-################
+################################################################################
 # SSM Parameter
-################
+################################################################################
 
 output "ssm_parameter_arn" {
   description = "The ARN of the parameter"
@@ -54,8 +54,3 @@ output "ssm_parameter_type" {
   description = "Type of the parameter"
   value       = { for k, v in module.multiple : k => v.ssm_parameter_type }
 }
-
-output "ssm_parameter_tags_all" {
-  description = "All tags used for the parameter"
-  value       = { for k, v in module.multiple : k => v.ssm_parameter_tags_all }
-}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 3d97612..00b64bf 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.11"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.37"
+      version = ">= 6.8"
     }
   }
 }
diff --git a/main.tf b/main.tf
index 7c58076..a4700c5 100644
--- a/main.tf
+++ b/main.tf
@@ -9,47 +9,59 @@ locals {
   value       = local.list_type ? (length(var.values) > 0 ? jsonencode(var.values) : var.value) : var.value
 }
 
+################################################################################
+# SSM Parameter
+################################################################################
+
 resource "aws_ssm_parameter" "this" {
   count = var.create && !var.ignore_value_changes ? 1 : 0
 
-  name        = var.name
-  type        = local.type
-  description = var.description
-
-  value          = local.secure_type ? local.value : null
-  insecure_value = local.list_type || local.string_type ? local.value : null
-
-  tier            = var.tier
-  key_id          = local.secure_type ? var.key_id : null
-  allowed_pattern = var.allowed_pattern
-  data_type       = var.data_type
+  region = var.region
 
-  overwrite = var.overwrite
+  allowed_pattern  = var.allowed_pattern
+  data_type        = var.data_type
+  description      = var.description
+  insecure_value   = local.list_type || local.string_type ? local.value : null
+  key_id           = local.secure_type ? var.key_id : null
+  name             = var.name
+  overwrite        = var.overwrite
+  tier             = var.tier
+  type             = local.type
+  value_wo         = local.secure_type ? local.value : null
+  value_wo_version = local.secure_type ? coalesce(var.value_wo_version, 1) : null
 
   tags = var.tags
 }
 
+################################################################################
+# SSM Parameter - Ignore Value Changes
+################################################################################
+
 resource "aws_ssm_parameter" "ignore_value" {
   count = var.create && var.ignore_value_changes ? 1 : 0
 
-  name        = var.name
-  type        = local.type
-  description = var.description
-
-  value          = local.secure_type ? local.value : null
-  insecure_value = local.list_type || local.string_type ? local.value : null
+  region = var.region
 
-  tier            = var.tier
-  key_id          = local.secure_type ? var.key_id : null
-  allowed_pattern = var.allowed_pattern
-  data_type       = var.data_type
+  allowed_pattern  = var.allowed_pattern
+  data_type        = var.data_type
+  description      = var.description
+  insecure_value   = local.list_type || local.string_type ? local.value : null
+  key_id           = local.secure_type ? var.key_id : null
+  name             = var.name
+  overwrite        = var.overwrite
+  tier             = var.tier
+  type             = local.type
+  value_wo         = local.secure_type ? local.value : null
+  value_wo_version = local.secure_type ? coalesce(var.value_wo_version, 1) : null
 
   tags = var.tags
 
   lifecycle {
     ignore_changes = [
       insecure_value,
-      value
+      value,
+      value_wo,
+      value_wo_version,
     ]
   }
 }
diff --git a/outputs.tf b/outputs.tf
index e774653..403fb4a 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,6 @@
-#######################
+################################################################################
 # SSM Parameter values
-#######################
+################################################################################
 
 locals {
   # Making values nonsensitive, but keeping them in separate locals
@@ -44,9 +44,9 @@ output "secure_type" {
   value       = local.secure_type
 }
 
-################
+################################################################################
 # SSM Parameter
-################
+################################################################################
 
 output "ssm_parameter_arn" {
   description = "The ARN of the parameter"
@@ -67,8 +67,3 @@ output "ssm_parameter_type" {
   description = "Type of the parameter"
   value       = try(aws_ssm_parameter.this[0].type, aws_ssm_parameter.ignore_value[0].type, null)
 }
-
-output "ssm_parameter_tags_all" {
-  description = "All tags used for the parameter"
-  value       = try(aws_ssm_parameter.this[0].tags_all, aws_ssm_parameter.ignore_value[0].tags_all, null)
-}
diff --git a/variables.tf b/variables.tf
index d790d97..598b38a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,6 +4,12 @@ variable "create" {
   default     = true
 }
 
+variable "region" {
+  description = "Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "ignore_value_changes" {
   description = "Whether to create SSM Parameter and ignore changes in value"
   type        = bool
@@ -11,7 +17,7 @@ variable "ignore_value_changes" {
 }
 
 variable "secure_type" {
-  description = "Whether the type of the value should be considered as secure or not?"
+  description = "Whether the type of the value should be considered as secure or not"
   type        = bool
   default     = false
 }
@@ -20,68 +26,74 @@ variable "secure_type" {
 # SSM Parameter
 ################################################################################
 
-variable "name" {
-  description = "Name of SSM parameter"
+variable "allowed_pattern" {
+  description = "Regular expression used to validate the parameter value"
   type        = string
   default     = null
 }
 
-variable "value" {
-  description = "Value of the parameter"
+variable "data_type" {
+  description = "Data type of the parameter. Valid values: `text`, `aws:ssm:integration` and `aws:ec2:image` for AMI format, see the [Native parameter support for Amazon Machine Image IDs](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-ec2-aliases.html)"
   type        = string
   default     = null
 }
 
-variable "values" {
-  description = "List of values of the parameter (will be jsonencoded to store as string natively in SSM)"
-  type        = list(string)
-  default     = []
-}
-
 variable "description" {
   description = "Description of the parameter"
   type        = string
   default     = null
 }
 
-variable "type" {
-  description = "Type of the parameter. Valid types are String, StringList and SecureString."
+variable "key_id" {
+  description = "KMS key ID or ARN for encrypting a `SecureString`"
   type        = string
   default     = null
 }
 
-variable "tier" {
-  description = "Parameter tier to assign to the parameter. If not specified, will use the default parameter tier for the region. Valid tiers are Standard, Advanced, and Intelligent-Tiering. Downgrading an Advanced tier parameter to Standard will recreate the resource."
+variable "name" {
+  description = "Name of the parameter. If the name contains a path (e.g., any forward slashes (`/`)), it must be fully qualified with a leading forward slash (`/`)"
   type        = string
   default     = null
 }
 
-variable "key_id" {
-  description = "KMS key ID or ARN for encrypting a parameter (when type is SecureString)"
+variable "overwrite" {
+  description = "Overwrite an existing parameter. If not specified, defaults to `false` during create operations to avoid overwriting existing resources and then `true` for all subsequent operations once the resource is managed by Terraform"
+  type        = bool
+  default     = false
+}
+
+variable "tier" {
+  description = "Parameter tier to assign to the parameter. If not specified, will use the default parameter tier for the region. Valid tiers are Standard, Advanced, and Intelligent-Tiering. Downgrading an Advanced tier parameter to Standard will recreate the resource"
   type        = string
   default     = null
 }
 
-variable "allowed_pattern" {
-  description = "Regular expression used to validate the parameter value."
+variable "type" {
+  description = "Type of the parameter. Valid types are `String`, `StringList` and `SecureString`"
   type        = string
   default     = null
 }
 
-variable "data_type" {
-  description = "Data type of the parameter. Valid values: text, aws:ssm:integration and aws:ec2:image for AMI format."
+variable "value" {
+  description = "Value of the parameter"
   type        = string
   default     = null
 }
 
+variable "values" {
+  description = "List of values of the parameter (will be jsonencoded to store as string natively in SSM)"
+  type        = list(string)
+  default     = []
+}
+
+variable "value_wo_version" {
+  description = "Value of the parameter. This value is always marked as sensitive in the Terraform plan output, regardless of type. Additionally, write-only values are never stored to state. `value_wo_version` can be used to trigger an update and is required with this argument"
+  type        = number
+  default     = null
+}
+
 variable "tags" {
-  description = "A mapping of tags to assign to resources"
+  description = "A map of tags to add to all resources"
   type        = map(string)
   default     = {}
 }
-
-variable "overwrite" {
-  description = "Overwrite an existing parameter. If not specified, defaults to false during create operations to avoid overwriting existing resources and then true for all subsequent operations once the resource is managed by Terraform. Only relevant if ignore_value_changes is false."
-  type        = bool
-  default     = false
-}
diff --git a/versions.tf b/versions.tf
index 3d97612..00b64bf 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.11"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.37"
+      version = ">= 6.8"
     }
   }
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
index 18355f7..3280554 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -11,10 +11,12 @@ module "wrapper" {
   key_id               = try(each.value.key_id, var.defaults.key_id, null)
   name                 = try(each.value.name, var.defaults.name, null)
   overwrite            = try(each.value.overwrite, var.defaults.overwrite, false)
+  region               = try(each.value.region, var.defaults.region, null)
   secure_type          = try(each.value.secure_type, var.defaults.secure_type, false)
   tags                 = try(each.value.tags, var.defaults.tags, {})
   tier                 = try(each.value.tier, var.defaults.tier, null)
   type                 = try(each.value.type, var.defaults.type, null)
   value                = try(each.value.value, var.defaults.value, null)
+  value_wo_version     = try(each.value.value_wo_version, var.defaults.value_wo_version, null)
   values               = try(each.value.values, var.defaults.values, [])
 }
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index 3d97612..00b64bf 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.11"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.37"
+      version = ">= 6.8"
     }
   }
 }
