diff --git a/README.md b/README.md
index 31d5579a..505c68de 100644
--- a/README.md
+++ b/README.md
@@ -277,8 +277,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     },
     APIGatewayDevPost = {
       service    = "apigateway"
@@ -292,8 +292,6 @@ module "lambda_function" {
 }
 ```
 
-Note: `service = "apigateway" with arn` is a short form to allow invocations of a Lambda Function from any stage, any method, any resource of an API Gateway.
-
 ## Conditional creation
 
 Sometimes you need to have a way to create resources conditionally but Terraform does not allow usage of `count` inside `module` block, so the solution is to specify `create` arguments.
diff --git a/examples/alias/main.tf b/examples/alias/main.tf
index 91602229..2d673ab3 100644
--- a/examples/alias/main.tf
+++ b/examples/alias/main.tf
@@ -31,8 +31,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     }
   }
 
@@ -62,8 +62,8 @@ module "alias_no_refresh" {
 
   allowed_triggers = {
     AnotherAPIGatewayAny = { # keys should be unique
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*"
     }
   }
 
@@ -94,8 +94,8 @@ module "alias_existing" {
 
   allowed_triggers = {
     ThirdAPIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     }
   }
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index d67079de..f6c15bce 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -43,8 +43,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     },
     APIGatewayDevPost = {
       service    = "apigateway"
diff --git a/examples/deploy/main.tf b/examples/deploy/main.tf
index c236b272..d0ecd90b 100644
--- a/examples/deploy/main.tf
+++ b/examples/deploy/main.tf
@@ -26,8 +26,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     }
   }
 }
diff --git a/main.tf b/main.tf
index e8b44e5b..acbe22db 100644
--- a/main.tf
+++ b/main.tf
@@ -186,7 +186,7 @@ resource "aws_lambda_permission" "current_version_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }
@@ -200,7 +200,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }
diff --git a/modules/alias/README.md b/modules/alias/README.md
index 6c79e190..b27c7e77 100644
--- a/modules/alias/README.md
+++ b/modules/alias/README.md
@@ -34,8 +34,8 @@ module "alias_no_refresh" {
 
   allowed_triggers = {
     AnotherAPIGatewayAny = {
-      service = "apigateway"
-      arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*"
     }
   }
 }
@@ -76,8 +76,8 @@ module "alias_existing" {
 
   allowed_triggers = {
     AnotherAwesomeAPIGateway = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:999967859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:999967859851:aqnku8akd0/*/*/*"
     }
   }
 }
diff --git a/modules/alias/main.tf b/modules/alias/main.tf
index 091ea37e..61ff4e20 100644
--- a/modules/alias/main.tf
+++ b/modules/alias/main.tf
@@ -90,7 +90,7 @@ resource "aws_lambda_permission" "version_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }
@@ -104,7 +104,7 @@ resource "aws_lambda_permission" "qualified_alias_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }