diff --git a/.gitignore b/.gitignore
index 38dccc3..d07a438 100644
--- a/.gitignore
+++ b/.gitignore
@@ -160,3 +160,6 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
+
+taskcat_outputs
+.taskcate_overrides.yml
\ No newline at end of file
diff --git a/.taskcat.yml b/.taskcat.yml
index d146068..6da728b 100644
--- a/.taskcat.yml
+++ b/.taskcat.yml
@@ -5,11 +5,13 @@ project:
 tests:
   newrelic-onboarding-us-west-2:
     parameters:
+      NewRelicLicenseKey: ''
+      AdditionalParametersLicenseKey: ''
       NewRelicAccountNumber: ''
       LaunchAccountList: ''
       NewRelicAccessKey: ''
       StackSetName: 'NewRelic-Integration'
-      StackSetUrl: 'https://newrelic-aws-quickstart.s3.amazonaws.com/control-tower/templates/newrelic-stack-set.yml'
+      StackSetUrl: 'https://cfn-ps-ct-newrelic-one.s3.us-east-2.amazonaws.com/newrelic-stack-set.yml'
     regions:
       - us-west-2
     template: templates/control-tower-customization.template.yml
\ No newline at end of file
diff --git a/templates/control-tower-customization.template.yml b/templates/control-tower-customization.template.yml
index 5014ec2..f8fbfe3 100644
--- a/templates/control-tower-customization.template.yml
+++ b/templates/control-tower-customization.template.yml
@@ -209,8 +209,8 @@ Parameters:
   NewRelicAccessKey:
     Type: String
     NoEcho: true
-    AllowedPattern: '^([A-Z0-9-]){32}$'
-    ConstraintDescription: New Relic User key is 32 characters long, and contains only numbers and letters
+    AllowedPattern: '^[A-Za-z0-9]{40}$'
+    ConstraintDescription: New Relic User key is 40 characters long, and contains only numbers and letters
     Description: New Relic NerdGraph User key. See https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key
   NerdGraphEndpoint:
     Type: String
@@ -225,11 +225,11 @@ Parameters:
     Default: NewRelic-Integration
   StackSetUrl:
     Type: String
-    Default: https://aws-quickstart.s3.amazonaws.com/quickstart-ct-newrelic-one/templates/newrelic-stack-set.yml
+    Default: https://cfn-ps-ct-newrelic-one.s3.us-east-2.amazonaws.com/newrelic-stack-set.yml
     Description: New Relic integration StackSet template URL    
   QSS3BucketName:
     Type: String
-    Default: aws-ia
+    Default: cfn-ps-ct-newrelic-one
     Description: "S3 bucket for Quick Start assets. Use this if you want to customize your deployment. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but it cannot start or end with hyphens (-)."
   QSS3KeyPrefix:
     Type: String
@@ -274,21 +274,21 @@ Resources:
                   - s3:GetObject
                   - s3:GetObjectTagging
                 Resource:
-                  - !Sub 'arn:${AWS::Partition}:s3:::${QSS3BucketName}/${QSS3KeyPrefix}*'
+                  - !Sub 'arn:${AWS::Partition}:s3:::${QSS3BucketName}/*'
               - Effect: Allow
                 Action:
                   - s3:PutObject
                   - s3:DeleteObject
                   - s3:PutObjectTagging
                 Resource:
-                  - !Sub 'arn:${AWS::Partition}:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*'
+                  - !Sub 'arn:${AWS::Partition}:s3:::${LambdaZipsBucket}/*'
 
   CopyZipsFunction:
     Type: AWS::Lambda::Function
     Properties:
       Description: Copies objects from the S3 bucket to a new location.
       Handler: index.handler
-      Runtime: python3.7
+      Runtime: python3.12
       Role: !GetAtt 'CopyZipsRole.Arn'
       Timeout: 240
       Code:
@@ -350,7 +350,7 @@ Resources:
         S3Bucket: !Ref LambdaZipsBucket
         S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', 'functions/packages/onboarding/NewRelicCTOnboarding.zip']]
       Handler: onboarding.lambda_handler
-      Runtime: python3.7
+      Runtime: python3.12
       Timeout: 120
       Environment:
         Variables:
@@ -394,11 +394,17 @@ Resources:
         PolicyDocument:
           Version: 2012-10-17
           Statement:
+          - Sid: StackSet
+            Effect: Allow
+            Action:
+            - cloudformation:GetTemplateSummary
+            Resource: '*'
           - Sid: StackSetInstanceCreate
             Effect: Allow
             Action:
             - cloudformation:CreateStackInstances
             - cloudformation:ListStackInstances
+            - cloudformation:GetTemplateSummary
             Resource:
               !Join ['', ['arn:aws:cloudformation:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':stackset/',  !Ref StackSetName, '*' ]]
           - Sid: StackSetInstanceDelete
@@ -414,6 +420,7 @@ Resources:
             Action:
             - cloudformation:CreateStackSet
             - cloudformation:DescribeStackSet
+            - cloudformation:GetTemplateSummary
             Resource:
               !Join ['', ['arn:aws:cloudformation:', '*', ':', '*', ':stackset/NewRelic-*' ]]
           - Sid: S3Ops
@@ -422,7 +429,7 @@ Resources:
             - s3:ListBucket
             - s3:GetObject
             Resource: 
-            - !Join ['',['arn:aws:s3:::', !Ref QSS3BucketName, '/', !Ref QSS3KeyPrefix, '*']]
+            - !Join ['',['arn:aws:s3:::', !Ref QSS3BucketName, '/', '*']]
           - Sid: SNSOps
             Effect: Allow
             Action:
@@ -548,7 +555,7 @@ Resources:
         S3Bucket: !Ref LambdaZipsBucket
         S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', 'functions/packages/stackset/NewRelicCTStackSet.zip']]
       Handler: stackset.lambda_handler
-      Runtime: python3.7
+      Runtime: python3.12
       Timeout: 120
       ReservedConcurrentExecutions: 1
       Environment:
@@ -624,7 +631,7 @@ Resources:
         S3Bucket: !Ref LambdaZipsBucket
         S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', 'functions/packages/register/NewRelicCTRegister.zip']]
       Handler: register.lambda_handler
-      Runtime: python3.7
+      Runtime: python3.12
       Timeout: 120
       ReservedConcurrentExecutions: 5
       Environment:
diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml
index 29f62d8..e070720 100644
--- a/templates/newrelic-hub-cfct.yaml
+++ b/templates/newrelic-hub-cfct.yaml
@@ -41,8 +41,8 @@ Parameters:
   NewRelicAccessKey:
     Type: String
     NoEcho: true
-    AllowedPattern: '^([A-Z0-9-]){32}$'
-    ConstraintDescription: New Relic User key is 32 characters long, and contains only numbers and letters
+    AllowedPattern: '^[A-Za-z0-9]{40}$'
+    ConstraintDescription: New Relic User key is 40 characters long, and contains only numbers and letters
     Description: New Relic NerdGraph User key. See https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key
   NerdGraphEndpoint:
     Type: String
@@ -120,10 +120,15 @@ Resources:
 
   CopyZipsFunction:
     Type: AWS::Lambda::Function
+    Metadata:
+      cfn-lint:
+        config:
+          ignore_checks:
+            - E3030
     Properties:
       Description: Copies objects from the S3 bucket to a new location.
       Handler: index.handler
-      Runtime: python3.7
+      Runtime: python3.12
       Role: !GetAtt 'CopyZipsRole.Arn'
       Timeout: 240
       Code:
@@ -286,12 +291,17 @@ Resources:
   NewRelicRegisterFunction:
     Type: AWS::Lambda::Function
     DependsOn: CopyZips
+    Metadata:
+      cfn-lint:
+        config:
+          ignore_checks:
+            - E3030
     Properties:
       Code:
         S3Bucket: !Ref LambdaZipsBucket
         S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', !FindInMap ["SourceCode", "Key", "Register"]]]
       Handler: cfct_register.lambda_handler
-      Runtime: python3.7
+      Runtime: python3.12
       Timeout: 120
       ReservedConcurrentExecutions: 5
       Environment: