diff --git a/.github/.github.env b/.github/.github.env
index 97289f3..ad8c623 100644
--- a/.github/.github.env
+++ b/.github/.github.env
@@ -2,3 +2,5 @@ COGNITO_USER_POOL_ID=rapid-pool
 RESOURCE_PREFIX=rapid
 ALLOWED_EMAIL_DOMAINS=example1.com,example2.com
 LAYERS=raw,layer
+DOMAIN_NAME=example.com
+DATA_BUCKET=the-bucket
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
index 1278154..3835c6e 100644
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -45,8 +45,6 @@ jobs:
       - name: Populate .env with additional vars
         run: |
           cp ./.github/.github.env .env
-          echo DOMAIN_NAME=${{ secrets.DOMAIN_NAME }} >> .env
-          echo DATA_BUCKET=${{ secrets.DATA_BUCKET }} >> .env
           echo AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }} >> .env
           echo AWS_REGION=${{ secrets.AWS_REGION }} >> .env
           echo AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} >> .env
@@ -76,7 +74,7 @@ jobs:
         run: |
           echo "TWINE_USERNAME=${{ secrets.TWINE_USERNAME_TEST }}" >> .env
           echo "TWINE_PASSWORD=${{ secrets.TWINE_PASSWORD_TEST }}" >> .env
-          echo TWINE_NON_INTERACTIVE=${{ secrets.TWINE_NON_INTERACTIVE }} >> .env
+          echo "TWINE_NON_INTERACTIVE=true" >> .env
 
       - name: Setup Python
         uses: actions/setup-python@v4
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1f5bfe3..65a0807 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -44,8 +44,6 @@ jobs:
       - name: Populate .env with additional vars
         run: |
           cp ./.github/.github.env .env
-          echo DOMAIN_NAME=${{ secrets.DOMAIN_NAME }} >> .env
-          echo DATA_BUCKET=${{ secrets.DATA_BUCKET }} >> .env
           echo AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }} >> .env
           echo AWS_REGION=${{ secrets.AWS_REGION }} >> .env
           echo AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} >> .env
@@ -69,7 +67,7 @@ jobs:
         run: make api-tag-prod-candidate
 
       - name: API Deploy Image to Prod
-        run: make api-tag-live-in-prod
+        run: make api-app-live-in-prod
 
       - name: API Allow for Application to Start
         run: sleep 120
@@ -81,6 +79,8 @@ jobs:
       - name: API E2E Tests
         id: e2e-tests
         env:
+          DOMAIN_NAME: ${{ secrets.DOMAIN_NAME }}
+          DATA_BUCKET: ${{ secrets.DATA_BUCKET }}
           COGNITO_USER_POOL_ID: ${{ secrets.COGNITO_USER_POOL_ID }}
           RESOURCE_PREFIX: ${{ secrets.RESOURCE_PREFIX }}
           ALLOWED_EMAIL_DOMAINS: ${{ secrets.ALLOWED_EMAIL_DOMAINS }}
diff --git a/Makefile b/Makefile
index 8b2d897..6e11259 100644
--- a/Makefile
+++ b/Makefile
@@ -88,8 +88,8 @@ api-tag-and-upload-release-image:## Tag and upload the api release image
 api-tag-prod-candidate:		## Tag the uploaded api image as a candidate for PROD deployment
 	@cd api/; $(MAKE) tag-prod-candidate
 
-api-tag-live-in-prod:		## Deploy the latest version of the api
-	@cd api/; $(MAKE) tag-live-in-prod
+api-app-live-in-prod:		## Deploy the latest version of the api
+	@cd api/; $(MAKE) app-live-in-prod
 
 api-check-app-is-running:
 	@cd api/; $(MAKE) check-app-is-running
diff --git a/api/Makefile b/api/Makefile
index 4aa6398..7b03249 100644
--- a/api/Makefile
+++ b/api/Makefile
@@ -1,5 +1,5 @@
-ECS_SERVICE=rapid-ecs-service
-ECS_CLUSTER=rapid-cluster
+ECS_SERVICE=rapid-preprod-ecs-service
+ECS_CLUSTER=rapid-preprod-cluster
 LATEST_COMMIT_HASH=$(shell git rev-parse --short HEAD)
 ACCOUNT_ECR_URI=$(AWS_ACCOUNT).dkr.ecr.$(AWS_REGION).amazonaws.com
 IMAGE_NAME=data-f1-registry
diff --git a/docs/infrastructure/deployment.md b/docs/infrastructure/deployment.md
index 0266808..c2c67d7 100644
--- a/docs/infrastructure/deployment.md
+++ b/docs/infrastructure/deployment.md
@@ -74,9 +74,6 @@ Our infrastructure is built using AWS, so you'll need an AWS account, and access
 Follow these steps to set up the AWS profile:
 
 - [Install/Update AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
-- [Set up a named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) if you already have the AWS cli.
-
-After setting up the named profile, the current session can be checked by running ```aws sts get-caller-identity```. We have a file (`scripts/env_setup.sh) with the required exports to use the 'gov' profile. These exports have to be run when starting a new session.
 
 We use `jq` in our scripts to help the `make` targets work correctly, please [Install jq](https://stedolan.github.io/jq/download/) before running any make command.
 
@@ -184,8 +181,6 @@ In order to gain the admin privileges necessary for infrastructure changes one n
 enabled only for user's defined in `input-params.tfvars`, only after logging into the AWS console for the first time as an
 IAM user and enabling MFA.
 
-Then, to assume the role, set up the profile (`scripts/env_setup.sh`), run ```make infra-assume-role``` and follow the prompts.
-
 ### Deploying remaining infra-blocks
 
 Once the state backend has been configured, provide/change the following inputs in `input-params.tfvars`.
diff --git a/infrastructure/blocks/pipeline-ami/data.tf b/infrastructure/blocks/pipeline-ami/data.tf
new file mode 100644
index 0000000..603ec83
--- /dev/null
+++ b/infrastructure/blocks/pipeline-ami/data.tf
@@ -0,0 +1,9 @@
+data "terraform_remote_state" "vpc-state" {
+  backend   = "s3"
+  workspace = "prod"
+
+  config = {
+    key    = "vpc/terraform.tfstate"
+    bucket = var.state_bucket
+  }
+}
diff --git a/infrastructure/scripts/initialisation-script.sh.tpl b/infrastructure/blocks/pipeline-ami/install.sh
similarity index 53%
rename from infrastructure/scripts/initialisation-script.sh.tpl
rename to infrastructure/blocks/pipeline-ami/install.sh
index 73a1d86..020b8ed 100644
--- a/infrastructure/scripts/initialisation-script.sh.tpl
+++ b/infrastructure/blocks/pipeline-ami/install.sh
@@ -1,5 +1,3 @@
-#!/usr/bin/env bash
-
 # Enable SSM
 sudo snap install amazon-ssm-agent --classic
 sudo snap start amazon-ssm-agent
@@ -38,23 +36,3 @@ sudo apt install gh -y
 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
 unzip awscliv2.zip
 sudo ./aws/install
-
-# ---- Start docker service
-sudo service docker start
-
-# ---- Allow ubuntu user to manage Docker service
-sudo usermod -a -G docker ubuntu
-
-# Install GitHub Actions Runner
-# Need to run these commands as the ubuntu user for correct permissions
-sudo -u ubuntu mkdir /home/ubuntu/actions-runner
-cd /home/ubuntu/actions-runner
-sudo -u ubuntu curl -o actions-runner-linux-x64-2.307.1.tar.gz -L https://github.com/actions/runner/releases/download/v2.307.1/actions-runner-linux-x64-2.307.1.tar.gz
-sudo -u ubuntu tar xzf ./actions-runner-linux-x64-2.307.1.tar.gz
-sudo -u ubuntu ./config.sh --url https://github.com/no10ds --token "${runner-registration-token}" --name Data-F1-Pipeline-Runner --unattended --replace
-
-# Run the GitHub Actions Runner
-sudo -u ubuntu ./run.sh &
-
-# # Configure the GitHub Actions Runner to start on reboot
-sudo crontab -l -u ubuntu | echo "@reboot sudo -u ubuntu /home/ubuntu/actions-runner/run.sh &" | sudo crontab -u ubuntu -
\ No newline at end of file
diff --git a/infrastructure/blocks/pipeline-ami/packer.tf b/infrastructure/blocks/pipeline-ami/packer.tf
new file mode 100644
index 0000000..3b24632
--- /dev/null
+++ b/infrastructure/blocks/pipeline-ami/packer.tf
@@ -0,0 +1,25 @@
+resource "null_resource" "packer_build" {
+  triggers = {
+    sha256_ami_config  = filesha256("${path.module}/template.json")
+    sha256_ami_install = filesha256("${path.module}/install.sh")
+    version            = var.pipeline_ami_version
+  }
+
+  provisioner "local-exec" {
+    command = <<EOF
+    set -ex;
+    PACKER_LOG=1 packer validate \
+      -var "version=${var.pipeline_ami_version}" \
+      -var "subnet_id=${data.terraform_remote_state.vpc-state.outputs.public_subnets_ids[0]}" \
+      -var "vpc_id=${data.terraform_remote_state.vpc-state.outputs.vpc_id}" \
+      -var "region=${var.aws_region}" \
+      template.json
+    PACKER_LOG=1 packer build \
+      -var "version=${var.pipeline_ami_version}" \
+      -var "subnet_id=${data.terraform_remote_state.vpc-state.outputs.public_subnets_ids[0]}" \
+      -var "vpc_id=${data.terraform_remote_state.vpc-state.outputs.vpc_id}" \
+      -var "region=${var.aws_region}" \
+      template.json
+EOF
+  }
+}
diff --git a/infrastructure/blocks/pipeline-ami/provider.tf b/infrastructure/blocks/pipeline-ami/provider.tf
new file mode 100644
index 0000000..c54d77e
--- /dev/null
+++ b/infrastructure/blocks/pipeline-ami/provider.tf
@@ -0,0 +1,6 @@
+terraform {
+  backend "s3" {
+    key = "pipeline-ami/terraform.tfstate"
+  }
+}
+
diff --git a/infrastructure/blocks/pipeline-ami/template.json b/infrastructure/blocks/pipeline-ami/template.json
new file mode 100644
index 0000000..69a8a89
--- /dev/null
+++ b/infrastructure/blocks/pipeline-ami/template.json
@@ -0,0 +1,58 @@
+{
+    "variables": {
+        "version": "",
+        "region": "",
+        "subnet_id": "",
+        "vpc_id": ""
+    },
+    "builders": [
+        {
+            "ami_description": "An AMI for creating github runners",
+            "ami_name": "pipeline-ami-{{user `version`}}",
+            "instance_type": "t3.large",
+            "region": "{{user `region`}}",
+            "force_deregister": "true",
+            "force_delete_snapshot": "true",
+            "vpc_id": "{{user `vpc_id`}}",
+            "subnet_id": "{{user `subnet_id`}}",
+            "associate_public_ip_address": true,
+            "ami_block_device_mappings": [
+                {
+                    "device_name": "/dev/sda1",
+                    "encrypted": false,
+                    "volume_type": "gp2",
+                    "volume_size": 32,
+                    "delete_on_termination": true
+                }
+            ],
+            "source_ami_filter": {
+                "filters": {
+                    "name": "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*",
+                    "virtualization-type": "hvm",
+                    "root-device-type": "ebs"
+                },
+                "most_recent": true,
+                "owners": [
+                    "099720109477"
+                ]
+            },
+            "ssh_username": "ubuntu",
+            "type": "amazon-ebs"
+        }
+    ],
+    "provisioners": [
+        {
+            "inline": [
+                "echo 'Sleeping for 30 seconds to give Ubuntu enough time to initialize (otherwise, packages may fail to install).'",
+                "sleep 30"
+            ],
+            "type": "shell"
+        },
+        {
+            "scripts": [
+                "{{template_dir}}/install.sh"
+            ],
+            "type": "shell"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/infrastructure/blocks/pipeline-ami/variables.tf b/infrastructure/blocks/pipeline-ami/variables.tf
new file mode 100644
index 0000000..87e7023
--- /dev/null
+++ b/infrastructure/blocks/pipeline-ami/variables.tf
@@ -0,0 +1,33 @@
+variable "tags" {
+  type        = map(string)
+  description = "A common map of tags for all VPC resources that are created (for e.g. billing purposes)"
+}
+
+variable "state_bucket" {
+  type        = string
+  description = "Bucket name for backend state"
+}
+
+variable "aws_account" {
+  type        = string
+  description = "AWS Account number to host the rAPId service"
+}
+
+variable "aws_region" {
+  type        = string
+  description = "The region of the AWS Account for the rAPId service"
+}
+
+variable "version_check" {
+  description = "Ensure that you have incremented the version of the ami. Enter 'yes' to continue"
+  validation {
+    condition     = var.version_check == "yes"
+    error_message = "You must enter 'yes' to continue"
+  }
+}
+
+
+variable "pipeline_ami_version" {
+  type        = string
+  description = "The version of the pipeline AMI to use"
+}
diff --git a/infrastructure/blocks/pipeline/data.tf b/infrastructure/blocks/pipeline/data.tf
new file mode 100644
index 0000000..b013895
--- /dev/null
+++ b/infrastructure/blocks/pipeline/data.tf
@@ -0,0 +1,35 @@
+data "terraform_remote_state" "vpc-state" {
+  backend   = "s3"
+  workspace = "prod"
+
+  config = {
+    key    = "vpc/terraform.tfstate"
+    bucket = var.state_bucket
+  }
+}
+
+
+data "terraform_remote_state" "s3-state" {
+  backend   = "s3"
+  workspace = "prod"
+
+  config = {
+    key    = "s3/terraform.tfstate"
+    bucket = var.state_bucket
+  }
+}
+
+data "terraform_remote_state" "ecr-state" {
+  backend = "s3"
+
+  config = {
+    key    = "ecr/terraform.tfstate"
+    bucket = var.state_bucket
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  name_regex  = "pipeline-ami-${var.pipeline_ami_version}"
+  owners      = ["self"]
+}
diff --git a/infrastructure/blocks/pipeline/iam.tf b/infrastructure/blocks/pipeline/iam.tf
index 6d5db51..c8546f4 100644
--- a/infrastructure/blocks/pipeline/iam.tf
+++ b/infrastructure/blocks/pipeline/iam.tf
@@ -151,29 +151,6 @@ resource "aws_iam_policy" "pipeline_secrets_manager_access" {
   })
 }
 
-resource "aws_iam_policy" "pipeline_ssm_access" {
-  name        = "pipeline_ssm_access"
-  description = "Allow pipeline to use SSM"
-  tags        = var.tags
-
-  policy = jsonencode({
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Action" : [
-          "ssm:UpdateInstanceInformation",
-          "ssmmessages:CreateControlChannel",
-          "ssmmessages:CreateDataChannel",
-          "ssmmessages:OpenControlChannel",
-          "ssmmessages:OpenDataChannel"
-        ],
-        "Resource" : "*"
-      }
-    ],
-    "Version" : "2012-10-17"
-  })
-}
-
 resource "aws_iam_policy" "pipeline_dynamodb_access" {
   name        = "pipeline_dynamodb_access"
   description = "Allow pipeline to access DynamoDB"
@@ -235,11 +212,13 @@ resource "aws_iam_role" "pipeline_ecr_role" {
 EOF
 }
 
-resource "aws_iam_role_policy_attachment" "ssm_role_policy_attach" {
+
+resource "aws_iam_role_policy_attachment" "ssm_policy_attachment" {
   role       = aws_iam_role.pipeline_ecr_role.name
-  policy_arn = aws_iam_policy.pipeline_ssm_access.arn
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
 }
 
+
 resource "aws_iam_role_policy_attachment" "ecr_role_policy_attach" {
   role       = aws_iam_role.pipeline_ecr_role.name
   policy_arn = aws_iam_policy.pipeline_ecr_access.arn
diff --git a/infrastructure/blocks/pipeline/initialisation-script.sh.tpl b/infrastructure/blocks/pipeline/initialisation-script.sh.tpl
new file mode 100644
index 0000000..786abf9
--- /dev/null
+++ b/infrastructure/blocks/pipeline/initialisation-script.sh.tpl
@@ -0,0 +1,20 @@
+#!/bin/bash 
+# ---- Start docker service
+sudo service docker start
+
+# ---- Allow ubuntu user to manage Docker service
+sudo usermod -a -G docker ubuntu
+
+# Install GitHub Actions Runner
+# Need to run these commands as the ubuntu user for correct permissions
+sudo -u ubuntu mkdir /home/ubuntu/actions-runner
+cd /home/ubuntu/actions-runner
+sudo -u ubuntu curl -o actions-runner-linux-x64-2.307.1.tar.gz -L https://github.com/actions/runner/releases/download/v2.307.1/actions-runner-linux-x64-2.307.1.tar.gz
+sudo -u ubuntu tar xzf ./actions-runner-linux-x64-2.307.1.tar.gz
+sudo -u ubuntu ./config.sh --url https://github.com/no10ds --token "${runner-registration-token}" --name Data-F1-Pipeline-Runner --unattended --replace
+
+# Run the GitHub Actions Runner
+sudo -u ubuntu ./run.sh &
+
+# # Configure the GitHub Actions Runner to start on reboot
+sudo crontab -l -u ubuntu | echo "@reboot sudo -u ubuntu /home/ubuntu/actions-runner/run.sh &" | sudo crontab -u ubuntu -
diff --git a/infrastructure/blocks/pipeline/main.tf b/infrastructure/blocks/pipeline/main.tf
index 7a433ed..7dc9d93 100644
--- a/infrastructure/blocks/pipeline/main.tf
+++ b/infrastructure/blocks/pipeline/main.tf
@@ -1,37 +1,13 @@
-terraform {
-  backend "s3" {
-    key = "pipeline/terraform.tfstate"
-  }
-}
-
-data "terraform_remote_state" "s3-state" {
-  backend   = "s3"
-  workspace = "prod"
-
-  config = {
-    key    = "s3/terraform.tfstate"
-    bucket = var.state_bucket
-  }
-}
-
-data "terraform_remote_state" "ecr-state" {
-  backend = "s3"
-
-  config = {
-    key    = "ecr/terraform.tfstate"
-    bucket = var.state_bucket
-  }
-}
-
 resource "aws_instance" "pipeline" {
   #checkov:skip=CKV_AWS_135:EBS Optimised not available for instance type
-  ami                         = "ami-00826bd51e68b1487"
+  ami                         = data.aws_ami.this.id
   instance_type               = "t3.medium"
   associate_public_ip_address = false
   iam_instance_profile        = aws_iam_instance_profile.pipeline_instance_profile.name
   subnet_id                   = data.terraform_remote_state.vpc-state.outputs.private_subnets_ids[0]
   user_data                   = data.template_file.initialise-runner.rendered
   monitoring                  = true
+  vpc_security_group_ids      = [aws_security_group.this.id]
 
   metadata_options {
     http_endpoint = "enabled"
@@ -57,18 +33,24 @@ resource "aws_iam_instance_profile" "pipeline_instance_profile" {
 }
 
 data "template_file" "initialise-runner" {
-  template = file("../../scripts/initialisation-script.sh.tpl")
+  template = file("${path.module}/initialisation-script.sh.tpl")
   vars = {
     runner-registration-token = var.runner-registration-token
   }
 }
 
-data "terraform_remote_state" "vpc-state" {
-  backend   = "s3"
-  workspace = "prod"
+resource "aws_security_group" "this" {
+  vpc_id      = data.terraform_remote_state.vpc-state.outputs.vpc_id
+  name        = "${var.resource-name-prefix}-pipeline-sg"
+  description = "Pipeline security group"
+}
 
-  config = {
-    key    = "vpc/terraform.tfstate"
-    bucket = var.state_bucket
-  }
+resource "aws_security_group_rule" "this" {
+  type              = "egress"
+  description       = "Allow all outbound traffic"
+  from_port         = 0
+  to_port           = 65535
+  protocol          = "TCP"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.this.id
 }
diff --git a/infrastructure/blocks/pipeline/provider.tf b/infrastructure/blocks/pipeline/provider.tf
new file mode 100644
index 0000000..b94153b
--- /dev/null
+++ b/infrastructure/blocks/pipeline/provider.tf
@@ -0,0 +1,5 @@
+terraform {
+  backend "s3" {
+    key = "pipeline/terraform.tfstate"
+  }
+}
diff --git a/infrastructure/blocks/pipeline/variables.tf b/infrastructure/blocks/pipeline/variables.tf
index 23ba065..cbcbfcc 100644
--- a/infrastructure/blocks/pipeline/variables.tf
+++ b/infrastructure/blocks/pipeline/variables.tf
@@ -22,3 +22,13 @@ variable "aws_region" {
   type        = string
   description = "The region of the AWS Account for the rAPId service"
 }
+
+variable "pipeline_ami_version" {
+  type        = string
+  description = "The version of the pipeline AMI to use"
+}
+
+variable "resource-name-prefix" {
+  type        = string
+  description = "The prefix to add to resources for easier identification"
+}
diff --git a/infrastructure/scripts/env_setup.sh b/infrastructure/scripts/env_setup.sh
deleted file mode 100644
index 6f17d5f..0000000
--- a/infrastructure/scripts/env_setup.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-export AWS_DEFAULT_REGION=eu-west-2
-export AWS_REGION=eu-west-2
-export AWS_PROFILE=rapid-dev
diff --git a/infrastructure/scripts/infra_make_helper.sh b/infrastructure/scripts/infra_make_helper.sh
index 6851997..dec221d 100755
--- a/infrastructure/scripts/infra_make_helper.sh
+++ b/infrastructure/scripts/infra_make_helper.sh
@@ -5,23 +5,9 @@ set -e -ou pipefail
 PROJECT_DIR=$(git rev-parse --show-toplevel)
 BLOCKS_DIR=${PROJECT_DIR}/infrastructure/blocks
 CONFIG_DIR="${RAPID_INFRA_CONFIG_ENV:-../../rapid-infrastructure-config}"
-ENV_FILE=${PROJECT_DIR}/infrastructure/scripts/env_setup.sh
 BACKEND_SETUP_SCRIPT=${PROJECT_DIR}/infrastructure/scripts/backend_setup.sh
 TERRAFORM=$(which terraform)
 
-function _set_aws_vars() {
-  # shellcheck source=/dev/null
-  source "$ENV_FILE"|| die "[ERROR] Not able to load $ENV_FILE"
-}
-
-function _unset_aws_vars(){
-  #shellcheck disable=SC2013
-  for var in $(grep export "$ENV_FILE"| awk '{print $2}'|awk -F= '{print $1}')
-  do
-    unset "$var"
-  done
-}
-
 function _go_to_block() {
   local block="$1"
   if [ "$block" == "" ]
@@ -51,7 +37,6 @@ function run_tf() {
     var_file="input-params.tfvars"
   fi
   _go_to_block "$block"
-  _set_aws_vars
   if [ "$cmd" == "plan" ] || [ "$cmd" == "apply" ] || [ "$cmd" == "destroy" ]
   then
     $TERRAFORM workspace select $env
@@ -60,7 +45,6 @@ function run_tf() {
      $TERRAFORM workspace select $env
     $TERRAFORM "$cmd"
   fi
-  _unset_aws_vars
 }
 
 function run_init() {
@@ -68,9 +52,7 @@ function run_init() {
   _go_to_block "$block"
   local config_path="${CONFIG_DIR}/backend.hcl"
   local cmd="init -backend-config ${config_path}"
-  _set_aws_vars
   echo "$TERRAFORM $cmd" |bash
-  _unset_aws_vars
 }
 
 function precommit() {
@@ -87,11 +69,9 @@ function _set_backend_config_vars(){
 
 function create_backend(){
   _set_backend_config_vars
-  _set_aws_vars
   echo $bucket
   echo $dynamodb_table
   $BACKEND_SETUP_SCRIPT $bucket $dynamodb_table
-  _unset_aws_vars
 }
 
 "$@"