diff --git a/tofu/config/development/main.tf b/tofu/config/development/main.tf
index 095eb9d..9aa3481 100644
--- a/tofu/config/development/main.tf
+++ b/tofu/config/development/main.tf
@@ -1,8 +1,8 @@
 terraform {
   backend "s3" {
-    bucket = "illinois-getchildcare-development-tfstate"
-    key    = "backend.tfstate"
-    region = "us-east-1"
+    bucket         = "illinois-getchildcare-development-tfstate"
+    key            = "backend.tfstate"
+    region         = "us-east-1"
     dynamodb_table = "development.tfstate"
   }
 }
@@ -25,7 +25,7 @@ module "hosted_zones" {
     document_transfer = {
       domain_name = "development.document-transfer.cfa.codes"
       comment     = "Hosted zone for the Document Transfer service."
-      tags = { service = "document-transfer" }
+      tags        = { service = "document-transfer" }
     }
   }
 }
@@ -58,19 +58,19 @@ module "vpc" {
 module "microservice" {
   source = "../../modules/document_transfer"
 
-  environment = "development"
-  logging_key = module.logging.kms_key_arn
-  vpc_id = module.vpc.vpc_id
-  database_apply_immediately = true
+  environment                  = "development"
+  logging_key                  = module.logging.kms_key_arn
+  vpc_id                       = module.vpc.vpc_id
+  database_apply_immediately   = true
   database_skip_final_snapshot = true
-  database_capacity_min = 2
-  database_capacity_max = 2
-  secret_recovery_period = 0
-  key_recovery_period = 7
-  domain = "development.document-transfer.cfa.codes"
-  force_delete = true
-  public = true
+  database_capacity_min        = 2
+  database_capacity_max        = 2
+  secret_recovery_period       = 0
+  key_recovery_period          = 7
+  domain                       = "development.document-transfer.cfa.codes"
+  force_delete                 = true
+  public                       = true
 
   # Allow access from the peered web application.
-#   ingress_cidrs = ["10.226.0.0/16"]
+  #   ingress_cidrs = ["10.226.0.0/16"]
 }
diff --git a/tofu/config/production/main.tf b/tofu/config/production/main.tf
index 7c7d735..fe8420d 100644
--- a/tofu/config/production/main.tf
+++ b/tofu/config/production/main.tf
@@ -1,8 +1,8 @@
 terraform {
   backend "s3" {
-    bucket = "illinois-getchildcare-prod-tfstate"
-    key    = "backend.tfstate"
-    region = "us-east-1"
+    bucket         = "illinois-getchildcare-prod-tfstate"
+    key            = "backend.tfstate"
+    region         = "us-east-1"
     dynamodb_table = "prod.tfstate"
   }
 }
@@ -65,13 +65,13 @@ module "vpc" {
 module "microservice" {
   source = "../../modules/document_transfer"
 
-  environment = "prod"
-  logging_key = module.logging.kms_key_arn
-  vpc_id = module.vpc.vpc_id
+  environment           = "prod"
+  logging_key           = module.logging.kms_key_arn
+  vpc_id                = module.vpc.vpc_id
   database_capacity_min = 2
   database_capacity_max = 2
-  domain = "illinois.document-transfer.cfa.codes"
-  database_snapshot = "arn:aws:rds:us-east-1:211125423013:cluster-snapshot:prod-cluster-env-update"
+  domain                = "illinois.document-transfer.cfa.codes"
+  database_snapshot     = "arn:aws:rds:us-east-1:211125423013:cluster-snapshot:prod-cluster-env-update"
 
   # Allow access from the peered web application.
   ingress_cidrs = ["10.65.0.0/16"]
diff --git a/tofu/config/staging/main.tf b/tofu/config/staging/main.tf
index da97202..7f65c29 100644
--- a/tofu/config/staging/main.tf
+++ b/tofu/config/staging/main.tf
@@ -1,8 +1,8 @@
 terraform {
   backend "s3" {
-    bucket = "illinois-getchildcare-staging-tfstate"
-    key    = "backend.tfstate"
-    region = "us-east-1"
+    bucket         = "illinois-getchildcare-staging-tfstate"
+    key            = "backend.tfstate"
+    region         = "us-east-1"
     dynamodb_table = "staging.tfstate"
   }
 }
@@ -66,17 +66,17 @@ module "vpc" {
 module "microservice" {
   source = "../../modules/document_transfer"
 
-  environment = "staging"
-  logging_key = module.logging.kms_key_arn
-  vpc_id = module.vpc.vpc_id
-  database_apply_immediately = true
+  environment                  = "staging"
+  logging_key                  = module.logging.kms_key_arn
+  vpc_id                       = module.vpc.vpc_id
+  database_apply_immediately   = true
   database_skip_final_snapshot = true
-  database_capacity_min = 2
-  database_capacity_max = 2
-  secret_recovery_period = 7
-  key_recovery_period = 7
-  domain = "staging.document-transfer.cfa.codes"
-  force_delete = true
+  database_capacity_min        = 2
+  database_capacity_max        = 2
+  secret_recovery_period       = 7
+  key_recovery_period          = 7
+  domain                       = "staging.document-transfer.cfa.codes"
+  force_delete                 = true
 
   # Allow access from the peered web application.
   ingress_cidrs = ["10.226.0.0/16"]
diff --git a/tofu/modules/document_transfer/main.tf b/tofu/modules/document_transfer/main.tf
index 95c0114..c862145 100644
--- a/tofu/modules/document_transfer/main.tf
+++ b/tofu/modules/document_transfer/main.tf
@@ -106,11 +106,11 @@ module "worker" {
   logging_key_id         = var.logging_key
   force_delete           = var.force_delete
   enable_execute_command = true
-  create_endpoint = false
-  create_repository = false
-  container_command = ["./script/worker", "run"]
-  image_url = module.service.repository_url
-  repository_arn = module.service.repository_arn
+  create_endpoint        = false
+  create_repository      = false
+  container_command      = ["./script/worker", "run"]
+  image_url              = module.service.repository_url
+  repository_arn         = module.service.repository_arn
 
   environment_variables = {
     RACK_ENV                    = var.service_environment != "" ? var.service_environment : var.environment
@@ -122,9 +122,9 @@ module "worker" {
     DATABASE_PASSWORD      = "${module.database.secret_arn}:password"
     DATABASE_USER          = "${module.database.secret_arn}:username"
     ONEDRIVE_CLIENT_ID     = "${module.secrets.secrets["onedrive"].secret_arn}:client_id"
-    ONEDRIVE_CLIENT_SECRET     = "${module.secrets.secrets["onedrive"].secret_arn}:client_secret"
+    ONEDRIVE_CLIENT_SECRET = "${module.secrets.secrets["onedrive"].secret_arn}:client_secret"
     ONEDRIVE_TENANT_ID     = "${module.secrets.secrets["onedrive"].secret_arn}:drive_id"
-    ONEDRIVE_DRIVE_ID     = "${module.secrets.secrets["onedrive"].secret_arn}:tenant_id"
+    ONEDRIVE_DRIVE_ID      = "${module.secrets.secrets["onedrive"].secret_arn}:tenant_id"
   }
 
   tags = { service = "document-transfer" }
diff --git a/tofu/modules/document_transfer/variables.tf b/tofu/modules/document_transfer/variables.tf
index 51691d8..c87d54d 100644
--- a/tofu/modules/document_transfer/variables.tf
+++ b/tofu/modules/document_transfer/variables.tf
@@ -23,9 +23,9 @@ variable "database_skip_final_snapshot" {
 }
 
 variable "database_snapshot" {
-  type = string
+  type        = string
   description = "The ARN of the snapshot to launch the database from."
-  default = ""
+  default     = ""
 }
 
 variable "domain" {