diff --git a/.gitignore b/.gitignore
index d7ea567..9959de0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 *.tfstate*
 *.auto.tfvars
 .terraform
+.terraform.lock.hcl
 .terraform/*
 terraform.tfvars
 terraform.tfvars.example
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4949b1c..463acf9 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,8 +1,8 @@
 repos:
-- repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.43.0
-  hooks:
-    - id: terraform_fmt
-    - id: terraform_docs
-    - id: terraform_validate
-    - id: terraform_tflint
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.48.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_validate
+      - id: terraform_tflint
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
deleted file mode 100755
index dd164fd..0000000
--- a/.terraform.lock.hcl
+++ /dev/null
@@ -1,36 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
-  version = "3.26.0"
-  hashes = [
-    "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=",
-    "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb",
-    "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300",
-    "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b",
-    "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535",
-    "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587",
-    "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d",
-    "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea",
-    "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4",
-    "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58",
-    "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
-  version = "2.0.2"
-  hashes = [
-    "h1:vNrgTrqsLcL2Uw8kr89ZIq2NF858MZ15sLtNfd55hVA=",
-    "zh:4e66d509c828b0a2e599a567ad470bf85ebada62788aead87a8fb621301dec55",
-    "zh:55ca6466a82f60d2c9798d171edafacc9ea4991aa7aa32ed5d82d6831cf44542",
-    "zh:65741e6910c8b1322d9aef5dda4d98d1e6409aebc5514b518f46019cd06e1b47",
-    "zh:79456ca037c19983977285703f19f4b04f7eadcf8eb6af21f5ea615026271578",
-    "zh:7c39ced4dc44181296721715005e390021770077012c206ab4c209fb704b34d0",
-    "zh:86856c82a6444c19b3e3005e91408ac68eb010c9218c4c4119fc59300b107026",
-    "zh:999865090c72fa9b85c45e76b20839da51714ae429d1ab14b7d8ce66c2655abf",
-    "zh:a3ea0ae37c61b4bfe81f7a395fb7b5ba61564e7d716d7a191372c3c983271d13",
-    "zh:d9061861822933ebb2765fa691aeed2930ee495bfb6f72a5bdd88f43ccd9e038",
-    "zh:e04adbe0d5597d1fdd4f418be19c9df171f1d709009f63b8ce1239b71b4fa45a",
-  ]
-}
diff --git a/iam.tf b/iam.tf
index 7bf5360..dda884b 100644
--- a/iam.tf
+++ b/iam.tf
@@ -1,3 +1,4 @@
+
 data "aws_caller_identity" "current" {}
 
 data "aws_iam_policy_document" "eks_assume_role" {
@@ -12,7 +13,7 @@ data "aws_iam_policy_document" "eks_assume_role" {
 }
 
 resource "aws_iam_role" "external_dns" {
-  name        = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"
+  name        = local.iam_name
   description = "Permissions required by the Kubernetes AWS EKS External Name controller to do it's job."
   path        = "/"
 
@@ -38,7 +39,7 @@ data "aws_iam_policy_document" "external_dns" {
 }
 
 resource "aws_iam_policy" "external_dns" {
-  name        = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"
+  name        = local.iam_name
   description = "Allows access to resources needed to run external dns."
   policy      = data.aws_iam_policy_document.external_dns.json
 }
diff --git a/main.tf b/main.tf
index e3db61a..e186eb3 100644
--- a/main.tf
+++ b/main.tf
@@ -1,16 +1,25 @@
 locals {
   external_dns_docker_image = "k8s.gcr.io/external-dns/external-dns:v${var.external_dns_version}"
   external_dns_version      = var.external_dns_version
+
+  default_name = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}-${random_string.suffix.result}"
+
+  iam_name = "eks-istio-external-dns-${lower(var.hosted_zone_id)}-${random_string.suffix.result}"
 }
 
+resource "random_string" "suffix" {
+  length  = 6
+  special = false
+  upper   = false
+}
 
 resource "kubernetes_service_account" "this" {
   automount_service_account_token = true
   metadata {
-    name      = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name      = local.default_name
     namespace = var.k8s_namespace
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/managed-by" = "terraform"
     }
   }
@@ -18,10 +27,10 @@ resource "kubernetes_service_account" "this" {
 
 resource "kubernetes_cluster_role" "this" {
   metadata {
-    name = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name = local.default_name
 
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/managed-by" = "terraform"
     }
   }
@@ -150,11 +159,11 @@ resource "kubernetes_deployment" "this" {
   depends_on = [kubernetes_cluster_role_binding.this]
 
   metadata {
-    name      = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name      = local.default_name
     namespace = var.k8s_namespace
 
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/version"    = "v${local.external_dns_version}"
       "app.kubernetes.io/managed-by" = "terraform"
     }
@@ -170,7 +179,7 @@ resource "kubernetes_deployment" "this" {
 
     selector {
       match_labels = {
-        "app.kubernetes.io/name" = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+        "app.kubernetes.io/name" = local.default_name
       }
     }
 
@@ -182,7 +191,7 @@ resource "kubernetes_deployment" "this" {
       metadata {
         labels = merge(
           {
-            "app.kubernetes.io/name"    = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+            "app.kubernetes.io/name"    = local.default_name
             "app.kubernetes.io/version" = local.external_dns_version
           },
           var.k8s_pod_labels
@@ -199,7 +208,7 @@ resource "kubernetes_deployment" "this" {
                   match_expressions {
                     key      = "app.kubernetes.io/name"
                     operator = "In"
-                    values   = ["aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"]
+                    values   = [local.default_name]
                   }
                 }
                 topology_key = "kubernetes.io/hostname"
@@ -226,6 +235,7 @@ resource "kubernetes_deployment" "this" {
             "--source=istio-gateway",
             "--source=istio-virtualservice",
             "--domain-filter=${var.domain}",
+            "--annotation-filter=${var.annotation_filter}",
             "--provider=aws",
             "--policy=${var.sync_policy}",
             "--aws-zone-type=${var.aws_zone_type}",
diff --git a/variables.tf b/variables.tf
index c8067a8..bd384cb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -26,6 +26,11 @@ variable "hosted_zone_id" {
   type        = string
 }
 
+variable "annotation_filter" {
+  description = "A label name which determines which resources are targeted by this instance of external-dns, defaults to all sources"
+  type        = string
+  default     = "all sources"
+}
 
 variable "external_dns_version" {
   description = "The AWS External DNS version to use. See https://github.com/kubernetes-sigs/external-dns/releases for available versions"