diff --git a/Makefile b/Makefile
index 841caf6..ae65654 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,4 @@
 
 run:
-	@echo Done
+	cd $(PROJECT_DIR) && AUTO_APPROVE="-auto-approve" make
+
diff --git a/templates/Makefile b/templates/Makefile
index e4011fc..0ffb0ee 100644
--- a/templates/Makefile
+++ b/templates/Makefile
@@ -2,28 +2,29 @@ ENVIRONMENT ?= staging
 
 apply: apply-remote-state apply-secrets apply-env apply-k8s-utils
 
-## remove state file only if exit code 0 from terraform apply
 apply-remote-state:
+	aws s3 ls <% .Name %>-$(ENVIRONMENT)-terraform-state || (\
 	pushd terraform/bootstrap/remote-state && \
 	terraform init && \
-	terraform apply -var "environment=$(ENVIRONMENT)" && \
-	rm ./terraform.tfstate
+	terraform apply -var "environment=$(ENVIRONMENT)" $(AUTO_APPROVE) && \
+	rm ./terraform.tfstate)
 
 apply-secrets:
+	aws iam list-access-keys --user-name <% .Name %>-ci-user > /dev/null || (\
 	pushd terraform/bootstrap/secrets && \
 	terraform init && \
-	terraform apply && \
-	rm ./terraform.tfstate
+	terraform apply $(AUTO_APPROVE) && \
+	rm ./terraform.tfstate)
 
 apply-env:
 	pushd terraform/environments/$(ENVIRONMENT); \
 	terraform init && \
-	terraform apply
+	terraform apply $(AUTO_APPROVE)
 
 apply-k8s-utils: update-k8s-conf
 	pushd kubernetes/terraform/environments/$(ENVIRONMENT) && \
 	terraform init && \
-	terraform apply
+	terraform apply $(AUTO_APPROVE)
 
 update-k8s-conf:
 	aws eks --region <% index .Params `region` %> update-kubeconfig --name <% .Name %>-$(ENVIRONMENT)-<% index .Params `region` %>
diff --git a/templates/terraform/bootstrap/secrets/main.tf b/templates/terraform/bootstrap/secrets/main.tf
index 8089891..0b90a68 100644
--- a/templates/terraform/bootstrap/secrets/main.tf
+++ b/templates/terraform/bootstrap/secrets/main.tf
@@ -26,7 +26,7 @@ resource "aws_iam_access_key" "ci_user" {
 module "ci_user_keys" {
   source  = "../../modules/secret"
 
-  name_prefix    = "ci-user-aws-keys"
+  name    = "ci-user-aws-keys<% index .Params `randomSeed` %>"
   type    = "map"
   values  = map("access_key_id", aws_iam_access_key.ci_user.id, "secret_key", aws_iam_access_key.ci_user.secret)
   tags = map("project", local.project)
diff --git a/templates/terraform/environments/production/main.tf b/templates/terraform/environments/production/main.tf
index 2fee691..9b1ff9f 100644
--- a/templates/terraform/environments/production/main.tf
+++ b/templates/terraform/environments/production/main.tf
@@ -23,7 +23,7 @@ module "production" {
   ecr_repositories = [] # Should be created by the staging environment
 
   # EKS configuration
-  eks_cluster_version      = "1.15"
+  eks_cluster_version      = "1.16"
   eks_worker_instance_type = "t3.medium"
   eks_worker_asg_min_size  = 2
   eks_worker_asg_max_size  = 4
diff --git a/templates/terraform/environments/staging/main.tf b/templates/terraform/environments/staging/main.tf
index 5fb49ae..f6dbd1f 100644
--- a/templates/terraform/environments/staging/main.tf
+++ b/templates/terraform/environments/staging/main.tf
@@ -22,7 +22,7 @@ module "staging" {
   ecr_repositories = [ "<% .Name %>" ]
 
   # EKS configuration
-  eks_cluster_version      = "1.15"
+  eks_cluster_version      = "1.16"
   eks_worker_instance_type = "t3.medium"
   eks_worker_asg_min_size  = 1
   eks_worker_asg_max_size  = 3
diff --git a/templates/terraform/modules/eks/main.tf b/templates/terraform/modules/eks/main.tf
index 05a3e87..78525fc 100644
--- a/templates/terraform/modules/eks/main.tf
+++ b/templates/terraform/modules/eks/main.tf
@@ -16,7 +16,7 @@ provider "kubernetes" {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "10.0.0"
+  version = "12.1.0"
 
   cluster_name    = var.cluster_name
   cluster_version = var.cluster_version
diff --git a/templates/terraform/modules/secret/main.tf b/templates/terraform/modules/secret/main.tf
index 963038c..faafaf0 100644
--- a/templates/terraform/modules/secret/main.tf
+++ b/templates/terraform/modules/secret/main.tf
@@ -1,6 +1,7 @@
 # Add the keys to AWS secrets manager
 resource "aws_secretsmanager_secret" "secret" {
   name_prefix = var.name_prefix
+  name = var.name
   tags = var.tags
 }
 
diff --git a/templates/terraform/modules/secret/variables.tf b/templates/terraform/modules/secret/variables.tf
index 11a46c1..70ce3d6 100644
--- a/templates/terraform/modules/secret/variables.tf
+++ b/templates/terraform/modules/secret/variables.tf
@@ -1,6 +1,10 @@
+variable "name" {
+  default = ""
+  description = "The name of the secret in Secrets Manager (only one of name or name_prefix can be specified)"
+}
 variable "name_prefix" {
-  default = "secret-key"
-  description = "The name prefix of the secret in Secrets Manager"
+  default = ""
+  description = "The name prefix of the secret in Secrets Manager - a random suffix will be appended (only one of name or name_prefix can be specified)"
 }
 
 variable type {
diff --git a/zero-module.yml b/zero-module.yml
index a2fe47a..cf06ab4 100644
--- a/zero-module.yml
+++ b/zero-module.yml
@@ -43,5 +43,8 @@ parameters:
     execute: aws sts get-caller-identity --query "Account" | tr -d '"'
   - field: eksWorkerAMI
     label: EKS Worker EC2 AMI ID
-    execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"'
+    execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.16/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"'
+  - field: randomSeed
+    label: Random seed that will be shared between projects to come up with deterministic resource names
+    execute: uuidgen