diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 0cafaed..53cac00 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -2,40 +2,52 @@ name: Lint
 on: [push, pull_request]
 
 jobs:
+  tflint:
+    name: TFLint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: TFLint
+        uses: docker://wata727/tflint
+  
+  fmt:
+    name: Code Format
+    runs-on: ubuntu-latest
+    container:
+      image: hashicorp/terraform:latest
+    steps:
+      - uses: actions/checkout@master
+      - run: terraform fmt --recursive -check=true
+  
+  docs:
+    name: Docs
+    runs-on: macOS-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Install Deps
+        run: brew install pre-commit terraform-docs terraform
+      - name: Check Docs
+        run: pre-commit run --show-diff-on-failure --all-files terraform_docs
+
   validate:
     name: Validate
     runs-on: ubuntu-latest
+    container:
+      image: hashicorp/terraform:latest
     steps:
-    - uses: actions/checkout@master
-    # - uses: actions/setup-ruby@v1
-    #   with:
-    #     ruby-version: '2.4.6'
-    # - name: Install Kitchen-Terraform
-    #   run: |
-    #     gem install bundler --no-document
-    #     bundle install
-    - name: Install Terraform
-      run: |
-        export TERRAFORM_VERSION=$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version')
-        curl --silent --output terraform.zip "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip"
-        unzip terraform.zip ; rm -f terraform.zip; chmod +x terraform
-        mkdir -p ${HOME}/bin ; export PATH=${PATH}:${HOME}/bin; mv terraform ${HOME}/bin/
-        terraform -v
-    - name: Validate Code
-      env:
-        AWS_REGION: 'us-east-1'
-        TF_VAR_region: ${AWS_REGION}
-        TF_WARN_OUTPUT_ERRORS: 1
-      run: |
-        terraform init
-        terraform fmt -check=true
-        terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
-    - name: Validate Examples
-      run: |
-        for example in $(find examples -maxdepth 1 -mindepth 1 -type d); do
-          cd $example
+      - uses: actions/checkout@master
+      - name: Validate Code
+        env:
+          AWS_REGION: 'us-east-1'
+          TF_WARN_OUTPUT_ERRORS: 1
+        run: |
           terraform init
-          terraform fmt -check=true
-          terraform validate
-          cd -
-        done
+          terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
+      - name: Validate Examples
+        run: |
+          for example in $(find examples -maxdepth 1 -mindepth 1 -type d); do
+            cd $example
+            terraform init
+            terraform validate
+            cd -
+          done
diff --git a/README.md b/README.md
index cb44483..c35e307 100644
--- a/README.md
+++ b/README.md
@@ -134,7 +134,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list(string) | `[]` | no |
 | map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | object | `[]` | no |
 | map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | object | `[]` | no |
-| permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `""` | no |
+| permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `"null"` | no |
 | subnets | A list of subnets to place the EKS cluster and workers within. | list(string) | n/a | yes |
 | tags | A map of tags to add to all resources. | map(string) | `{}` | no |
 | vpc\_id | VPC where the cluster and workers will be deployed. | string | n/a | yes |
@@ -181,4 +181,4 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | workers\_launch\_template\_latest\_versions | Latest versions of the worker launch templates. |
 | workers\_user\_data | User data of worker groups |
 
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index bb8a7ff..d1a1f71 100644
--- a/variables.tf
+++ b/variables.tf
@@ -207,7 +207,7 @@ variable "worker_create_security_group" {
 variable "permissions_boundary" {
   description = "If provided, all IAM roles will be created with this permissions boundary attached."
   type        = string
-  default     = ""
+  default     = null
 }
 
 variable "iam_path" {