diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml
index 9808135..e0e2fdc 100755
--- a/apis/v1alpha1/ack-generate-metadata.yaml
+++ b/apis/v1alpha1/ack-generate-metadata.yaml
@@ -1,8 +1,8 @@
 ack_generate_info:
-  build_date: "2024-08-06T02:51:25Z"
-  build_hash: 587b90dc860e91ee9a763e9e3bc4d3f1b2fbddb7
+  build_date: "2024-08-29T17:01:24Z"
+  build_hash: f8f98563404066ac3340db0a049d2e530e5c51cc
   go_version: go1.22.5
-  version: v0.36.0
+  version: v0.38.1
 api_directory_checksum: 14ee2b48df20458271bcddc87436760812fd6ccd
 api_version: v1alpha1
 aws_sdk_go_version: v1.49.6
diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml
index f3ea95e..60a3de5 100644
--- a/config/controller/kustomization.yaml
+++ b/config/controller/kustomization.yaml
@@ -6,4 +6,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: public.ecr.aws/aws-controllers-k8s/acmpca-controller
-  newTag: 0.0.17
+  newTag: 0.0.18
diff --git a/go.mod b/go.mod
index 8ae0072..a89e3b0 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.22.0
 toolchain go1.22.5
 
 require (
-	github.com/aws-controllers-k8s/runtime v0.36.0
+	github.com/aws-controllers-k8s/runtime v0.38.0
 	github.com/aws/aws-sdk-go v1.49.6
 	github.com/go-logr/logr v1.4.1
 	github.com/spf13/pflag v1.0.5
diff --git a/go.sum b/go.sum
index 45b5329..dc49166 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-github.com/aws-controllers-k8s/runtime v0.36.0 h1:XEMVGfUwsT9QMShihuCLHlape+daJWyYtXj45s/iJiU=
-github.com/aws-controllers-k8s/runtime v0.36.0/go.mod h1:gI2pWb20UGLP2SnHf1a1VzTd7iVVy+/I9VAzT0Y+Dew=
+github.com/aws-controllers-k8s/runtime v0.38.0 h1:gSEpmBm7OwTPd2kIOU+AIDIivi3teSm5FFrhROfu4wg=
+github.com/aws-controllers-k8s/runtime v0.38.0/go.mod h1:gI2pWb20UGLP2SnHf1a1VzTd7iVVy+/I9VAzT0Y+Dew=
 github.com/aws/aws-sdk-go v1.49.6 h1:yNldzF5kzLBRvKlKz1S0bkvc2+04R1kt13KfBWQBfFA=
 github.com/aws/aws-sdk-go v1.49.6/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
index 764a996..a1dc8a7 100644
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: acmpca-chart
 description: A Helm chart for the ACK service controller for AWS Private Certificate Authority (PCA)
-version: 0.0.17
-appVersion: 0.0.17
+version: 0.0.18
+appVersion: 0.0.18
 home: https://github.com/aws-controllers-k8s/acmpca-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:
diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt
index 13ccd49..cf33d0c 100644
--- a/helm/templates/NOTES.txt
+++ b/helm/templates/NOTES.txt
@@ -1,5 +1,5 @@
 {{ .Chart.Name }} has been installed.
-This chart deploys "public.ecr.aws/aws-controllers-k8s/acmpca-controller:0.0.17".
+This chart deploys "public.ecr.aws/aws-controllers-k8s/acmpca-controller:0.0.18".
 
 Check its status by running:
   kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/helm/values.yaml b/helm/values.yaml
index 4b46840..47dfa2c 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -4,7 +4,7 @@
 
 image:
   repository: public.ecr.aws/aws-controllers-k8s/acmpca-controller
-  tag: 0.0.17
+  tag: 0.0.18
   pullPolicy: IfNotPresent
   pullSecrets: []
 
@@ -157,6 +157,8 @@ leaderElection:
 # Configuration for feature gates.  These are optional controller features that
 # can be individually enabled ("true") or disabled ("false") by adding key/value
 # pairs below.
-featureGates: {}
-  # featureGate1: true
-  # featureGate2: false
+featureGates:
+  # Enables the Service level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031
+  ServiceLevelCARM: false
+  # Enables the Team level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031
+  TeamLevelCARM: false
diff --git a/pkg/resource/certificate/manager_factory.go b/pkg/resource/certificate/manager_factory.go
index d50fa81..f6a53e8 100644
--- a/pkg/resource/certificate/manager_factory.go
+++ b/pkg/resource/certificate/manager_factory.go
@@ -53,8 +53,12 @@ func (f *resourceManagerFactory) ManagerFor(
 	sess *session.Session,
 	id ackv1alpha1.AWSAccountID,
 	region ackv1alpha1.AWSRegion,
+	roleARN ackv1alpha1.AWSResourceName,
 ) (acktypes.AWSResourceManager, error) {
-	rmId := fmt.Sprintf("%s/%s", id, region)
+	// We use the account ID, region, and role ARN to uniquely identify a
+	// resource manager. This helps us to avoid creating multiple resource
+	// managers for the same account/region/roleARN combination.
+	rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN)
 	f.RLock()
 	rm, found := f.rmCache[rmId]
 	f.RUnlock()
diff --git a/pkg/resource/certificate/references.go b/pkg/resource/certificate/references.go
index 0321bd7..5ad2dd4 100644
--- a/pkg/resource/certificate/references.go
+++ b/pkg/resource/certificate/references.go
@@ -144,12 +144,8 @@ func getReferencedResourceState_CertificateAuthority(
 	if err != nil {
 		return err
 	}
-	var refResourceSynced, refResourceTerminal bool
+	var refResourceTerminal bool
 	for _, cond := range obj.Status.Conditions {
-		if cond.Type == ackv1alpha1.ConditionTypeResourceSynced &&
-			cond.Status == corev1.ConditionTrue {
-			refResourceSynced = true
-		}
 		if cond.Type == ackv1alpha1.ConditionTypeTerminal &&
 			cond.Status == corev1.ConditionTrue {
 			return ackerr.ResourceReferenceTerminalFor(
@@ -162,6 +158,13 @@ func getReferencedResourceState_CertificateAuthority(
 			"CertificateAuthority",
 			namespace, name)
 	}
+	var refResourceSynced bool
+	for _, cond := range obj.Status.Conditions {
+		if cond.Type == ackv1alpha1.ConditionTypeResourceSynced &&
+			cond.Status == corev1.ConditionTrue {
+			refResourceSynced = true
+		}
+	}
 	if !refResourceSynced {
 		return ackerr.ResourceReferenceNotSyncedFor(
 			"CertificateAuthority",
diff --git a/pkg/resource/certificate_authority/manager_factory.go b/pkg/resource/certificate_authority/manager_factory.go
index 5bf1520..53e8092 100644
--- a/pkg/resource/certificate_authority/manager_factory.go
+++ b/pkg/resource/certificate_authority/manager_factory.go
@@ -53,8 +53,12 @@ func (f *resourceManagerFactory) ManagerFor(
 	sess *session.Session,
 	id ackv1alpha1.AWSAccountID,
 	region ackv1alpha1.AWSRegion,
+	roleARN ackv1alpha1.AWSResourceName,
 ) (acktypes.AWSResourceManager, error) {
-	rmId := fmt.Sprintf("%s/%s", id, region)
+	// We use the account ID, region, and role ARN to uniquely identify a
+	// resource manager. This helps us to avoid creating multiple resource
+	// managers for the same account/region/roleARN combination.
+	rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN)
 	f.RLock()
 	rm, found := f.rmCache[rmId]
 	f.RUnlock()
diff --git a/pkg/resource/certificate_authority_activation/manager_factory.go b/pkg/resource/certificate_authority_activation/manager_factory.go
index b28e7e4..425fd4c 100644
--- a/pkg/resource/certificate_authority_activation/manager_factory.go
+++ b/pkg/resource/certificate_authority_activation/manager_factory.go
@@ -53,8 +53,12 @@ func (f *resourceManagerFactory) ManagerFor(
 	sess *session.Session,
 	id ackv1alpha1.AWSAccountID,
 	region ackv1alpha1.AWSRegion,
+	roleARN ackv1alpha1.AWSResourceName,
 ) (acktypes.AWSResourceManager, error) {
-	rmId := fmt.Sprintf("%s/%s", id, region)
+	// We use the account ID, region, and role ARN to uniquely identify a
+	// resource manager. This helps us to avoid creating multiple resource
+	// managers for the same account/region/roleARN combination.
+	rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN)
 	f.RLock()
 	rm, found := f.rmCache[rmId]
 	f.RUnlock()
diff --git a/pkg/resource/certificate_authority_activation/references.go b/pkg/resource/certificate_authority_activation/references.go
index 8bae325..dba9e92 100644
--- a/pkg/resource/certificate_authority_activation/references.go
+++ b/pkg/resource/certificate_authority_activation/references.go
@@ -130,12 +130,8 @@ func getReferencedResourceState_CertificateAuthority(
 	if err != nil {
 		return err
 	}
-	var refResourceSynced, refResourceTerminal bool
+	var refResourceTerminal bool
 	for _, cond := range obj.Status.Conditions {
-		if cond.Type == ackv1alpha1.ConditionTypeResourceSynced &&
-			cond.Status == corev1.ConditionTrue {
-			refResourceSynced = true
-		}
 		if cond.Type == ackv1alpha1.ConditionTypeTerminal &&
 			cond.Status == corev1.ConditionTrue {
 			return ackerr.ResourceReferenceTerminalFor(
@@ -148,6 +144,13 @@ func getReferencedResourceState_CertificateAuthority(
 			"CertificateAuthority",
 			namespace, name)
 	}
+	var refResourceSynced bool
+	for _, cond := range obj.Status.Conditions {
+		if cond.Type == ackv1alpha1.ConditionTypeResourceSynced &&
+			cond.Status == corev1.ConditionTrue {
+			refResourceSynced = true
+		}
+	}
 	if !refResourceSynced {
 		return ackerr.ResourceReferenceNotSyncedFor(
 			"CertificateAuthority",