diff --git a/examples/simple_zonal_with_acm/acm.tf b/examples/simple_zonal_with_acm/acm.tf
index e4662d08f..61b2b61bc 100644
--- a/examples/simple_zonal_with_acm/acm.tf
+++ b/examples/simple_zonal_with_acm/acm.tf
@@ -28,7 +28,7 @@ module "acm" {
 
   secret_type = "ssh"
 
-  policy_bundles = ["https://github.com/GoogleCloudPlatform/acm-policy-controller-library/bundles/policy-essentials-v2022#e4094aacb91a35b0219f6f4cf6a31580e85b3c28"]
+  policy_bundles = ["https://github.com/GoogleCloudPlatform/acm-policy-controller-library/bundles/policy-essentials-v2022?ref=59f4695394285078f7c2029ec7d0f9ed1d6d700a"]
 
   create_metrics_gcp_sa = true
 }
diff --git a/modules/acm/policy_bundles.tf b/modules/acm/policy_bundles.tf
index 8bd122d1e..b03987e86 100644
--- a/modules/acm/policy_bundles.tf
+++ b/modules/acm/policy_bundles.tf
@@ -18,13 +18,12 @@ module "policy_bundles" {
   source  = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
   version = "~> 3.1"
 
-  # Use index as name to avoid long url or special filesystem chars
-  for_each                = { for i, v in var.policy_bundles : i => v }
+  for_each                = toset(var.policy_bundles)
   project_id              = var.project_id
   cluster_name            = var.cluster_name
   cluster_location        = var.location
-  kubectl_create_command  = "kubectl apply -k ${each.value}"
-  kubectl_destroy_command = "kubectl delete -k ${each.value}"
+  kubectl_create_command  = "kubectl apply -k ${each.key}"
+  kubectl_destroy_command = "kubectl delete -k ${each.key}"
 
   module_depends_on = [time_sleep.wait_acm]
 }