diff --git a/Dockerfile b/Dockerfile
index 30bd1f2..adf7e8f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM plus3it/tardigrade-ci:0.25.3
+FROM plus3it/tardigrade-ci:0.26.0
 
 COPY ./lambda/src/requirements.txt /app/requirements.txt
 COPY ./requirements/requirements_dev.txt /app/requirements_dev.txt
diff --git a/Dockerfile_test b/Dockerfile_test
index 00c327b..af00f86 100644
--- a/Dockerfile_test
+++ b/Dockerfile_test
@@ -1,4 +1,4 @@
-FROM plus3it/tardigrade-ci:0.25.3
+FROM plus3it/tardigrade-ci:0.26.0
 
 COPY ./requirements/requirements_test.txt /app/requirements_test.txt
 COPY ./requirements/requirements_common.txt /app/requirements_common.txt
diff --git a/README.md b/README.md
index 5da6dc2..99ec254 100644
--- a/README.md
+++ b/README.md
@@ -82,8 +82,8 @@ make mockstack/clean
 | <a name="input_assume_role_name"></a> [assume\_role\_name](#input\_assume\_role\_name) | Name of the IAM role to assume in the target account (case sensitive) | `string` | n/a | yes |
 | <a name="input_trust_policy"></a> [trust\_policy](#input\_trust\_policy) | JSON string representing the trust policy to apply to the role being updated | `string` | n/a | yes |
 | <a name="input_update_role_name"></a> [update\_role\_name](#input\_update\_role\_name) | Name of the IAM role to update in the target account (case sensitive) | `string` | n/a | yes |
-| <a name="input_event_types"></a> [event\_types](#input\_event\_types) | Event types that will trigger this lambda | `set(string)` | <pre>[<br>  "CreateAccountResult",<br>  "InviteAccountToOrganization"<br>]</pre> | no |
-| <a name="input_lambda"></a> [lambda](#input\_lambda) | Map of any additional arguments for the upstream lambda module. See <https://github.com/terraform-aws-modules/terraform-aws-lambda> | <pre>object({<br>    artifacts_dir            = optional(string, "builds")<br>    create_package           = optional(bool, true)<br>    ephemeral_storage_size   = optional(number)<br>    ignore_source_code_hash  = optional(bool, true)<br>    local_existing_package   = optional(string)<br>    recreate_missing_package = optional(bool, false)<br>    s3_bucket                = optional(string)<br>    s3_existing_package      = optional(map(string))<br>    s3_prefix                = optional(string)<br>    store_on_s3              = optional(bool, false)<br>  })</pre> | `{}` | no |
+| <a name="input_event_types"></a> [event\_types](#input\_event\_types) | Event types that will trigger this lambda | `set(string)` | <pre>[<br/>  "CreateAccountResult",<br/>  "InviteAccountToOrganization"<br/>]</pre> | no |
+| <a name="input_lambda"></a> [lambda](#input\_lambda) | Map of any additional arguments for the upstream lambda module. See <https://github.com/terraform-aws-modules/terraform-aws-lambda> | <pre>object({<br/>    artifacts_dir            = optional(string, "builds")<br/>    create_package           = optional(bool, true)<br/>    ephemeral_storage_size   = optional(number)<br/>    ignore_source_code_hash  = optional(bool, true)<br/>    local_existing_package   = optional(string)<br/>    recreate_missing_package = optional(bool, false)<br/>    runtime                  = optional(string, "python3.12")<br/>    s3_bucket                = optional(string)<br/>    s3_existing_package      = optional(map(string))<br/>    s3_prefix                = optional(string)<br/>    store_on_s3              = optional(bool, false)<br/>  })</pre> | `{}` | no |
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | Log level of the lambda output, one of: debug, info, warning, error, critical | `string` | `"info"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags that are passed to resources | `map(string)` | `{}` | no |
 
diff --git a/lambda/tests/test_new_account_trust_policy.py b/lambda/tests/test_new_account_trust_policy.py
index 834e663..2720197 100644
--- a/lambda/tests/test_new_account_trust_policy.py
+++ b/lambda/tests/test_new_account_trust_policy.py
@@ -14,9 +14,7 @@
 
 import boto3
 import botocore.exceptions
-from moto import mock_iam
-from moto import mock_sts
-from moto import mock_organizations
+from moto import mock_aws
 from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
 import pytest
 
@@ -53,7 +51,7 @@ def aws_credentials(tmpdir, monkeypatch):
 
     In addition to using the aws_credentials fixture, the test functions
     must also use a mocked client.  For this test file, that would be the
-    test fixture "iam_client", which invokes "mock_iam()", or "sts_client".
+    test fixture "iam_client", which invokes "mock_aws()", or "sts_client".
     """
     # Create a temporary AWS credentials file for calls to boto.Session().
     aws_creds = [
@@ -77,21 +75,21 @@ def aws_credentials(tmpdir, monkeypatch):
 @pytest.fixture(scope="function")
 def iam_client(aws_credentials):
     """Yield a mock IAM client that will not affect a real AWS account."""
-    with mock_iam():
+    with mock_aws():
         yield boto3.client("iam", region_name=AWS_REGION)
 
 
 @pytest.fixture(scope="function")
 def sts_client(aws_credentials):
     """Yield a mock STS client that will not affect a real AWS account."""
-    with mock_sts():
+    with mock_aws():
         yield boto3.client("sts", region_name=AWS_REGION)
 
 
 @pytest.fixture(scope="function")
 def org_client(aws_credentials):
     """Yield a mock organization that will not affect a real AWS account."""
-    with mock_organizations():
+    with mock_aws():
         yield boto3.client("organizations", region_name=AWS_REGION)
 
 
@@ -288,7 +286,7 @@ def test_lambda_handler_valid_arguments(
     initial_trust_policy,
     replacement_trust_policy,
     monkeypatch,
-):  # pylint: disable=too-many-arguments
+):  # pylint: disable=too-many-arguments,too-many-positional-arguments
     """Invoke the lambda handler with only valid arguments."""
     assume_role_name = "TEST_TRUST_POLICY_VALID_ASSUME_ROLE"
     update_role_name = "TEST_TRUST_POLICY_VALID_UPDATE_ROLE"
@@ -338,7 +336,7 @@ def test_lambda_handler_same_roles(
     initial_trust_policy,
     replacement_trust_policy,
     monkeypatch,
-):  # pylint: disable=too-many-arguments
+):  # pylint: disable=too-many-arguments,too-many-positional-arguments
     """Invoke the lambda handler with the same assume and update role."""
     assume_role_name = "TEST_TRUST_POLICY_VALID_ROLE"
     monkeypatch.setenv("ASSUME_ROLE_NAME", assume_role_name)
diff --git a/main.tf b/main.tf
index ccc18a4..d96e43b 100644
--- a/main.tf
+++ b/main.tf
@@ -28,7 +28,7 @@ module "lambda" {
 
   description = "Update trust policy on IAM Account Role"
   handler     = "new_account_trust_policy.lambda_handler"
-  runtime     = "python3.8"
+  runtime     = var.lambda.runtime
   tags        = var.tags
   timeout     = 300
 
diff --git a/requirements/requirements_dev.txt b/requirements/requirements_dev.txt
index 035872c..39a70e8 100644
--- a/requirements/requirements_dev.txt
+++ b/requirements/requirements_dev.txt
@@ -1,3 +1,3 @@
 -r ./requirements_common.txt
 
-moto==4.2.13
+moto==5.0.25
diff --git a/variables.tf b/variables.tf
index ce5184d..69fa19b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -36,6 +36,7 @@ variable "lambda" {
     ignore_source_code_hash  = optional(bool, true)
     local_existing_package   = optional(string)
     recreate_missing_package = optional(bool, false)
+    runtime                  = optional(string, "python3.12")
     s3_bucket                = optional(string)
     s3_existing_package      = optional(map(string))
     s3_prefix                = optional(string)