diff --git a/README.md b/README.md
index 16d943c3..e21a9205 100644
--- a/README.md
+++ b/README.md
@@ -1,146 +1,51 @@
-Prerequisites:
-
-AWS CLI installed and configured with admin access to the C&C account.
-Terraform installed
-Git installed
-
-
-Create new S3 bucket for new Jenkins instance to use setting the following options DURING CREATION some can't be set after
-   - bucket should be named using the following template : avillach-biodatacatalyst-deployments-<Random 7 hex digits>
-   - Object Locking must be enabled
-   - Encryption should be AES-256
-   - Enable Object-level logging as secrets are stored in this bucket
-   - Enable versioning
-   - Server access logging enabled (hms-dbmi-cnc-cloudtrail, no target prefix)
-
-Set Bucket Policy in the Permissions section for the bucket to the following after replacing __BUCKET_NAME__ with the bucket name:
-
------------------------------------------------------
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Principal": {
-                "AWS": "arn:aws:iam::191687121306:role/hms-dbmi-cnc-role"
-            },
-            "Action": [
-                "s3:GetObject",
-                "s3:PutObject",
-                "s3:PutObjectAcl",
-                "s3:GetObjectAcl",
-                "s3:GetObjectTagging",
-                "s3:DeleteObject"
-            ],
-            "Resource": "arn:aws:s3:::__BUCKET_NAME__/*"
-        },
-        {
-            "Effect": "Allow",
-            "Principal": {
-                "AWS": "arn:aws:iam::752463128620:role/system/jenkins-s3-role"
-            },
-            "Action": [
-                "s3:GetObject",
-                "s3:PutObject",
-                "s3:PutObjectAcl",
-                "s3:GetObjectAcl",
-                "s3:GetObjectTagging",
-                "s3:DeleteObject"
-            ],
-            "Resource": "arn:aws:s3:::__BUCKET_NAME__/*"
-        }
-    ]
-}
------------------------------------------------------
-
-
-
-
-Clone https://github.com/hms-dbmi/avillachlab-jenkins
-
-Run the following commands after replacing all __VARIABLE_NAME__ entries with their correct values for the environment:
-
------------------------------------------------------
-
-cd dev-jenkins-terraform
-env > env.txt
-terraform init
-terraform apply -auto-approve \
--var "git-commit=__GIT_COMMIT_FOR_JENKINS_REPO__" \
--var "stack-s3-bucket=__S3_BUCKET_NAME_YOU_CREATED__" \
--var "stack-id=__S3_BUCKET_NAME_SUFFIX__" \
--var "subnet-id=__JENKINS_SUBNET_ID__" \
--var "vpc-id=__JENKINS_VPC_ID__" \
--var "instance-profile-name=__JENKINS_INSTANCE_PROFILE_NAME__" \
--var "access-cidr=__JENKINS_ACCESS_CIDR__" \
--var "provisioning-cidr=__JENKINS_PROVISIONING_CIDR__"
-
-aws s3 --sse=AES256 cp terraform.tfstate s3://${stack_s3_bucket}/jenkins_state_${GIT_COMMIT}/terraform.tfstate 
-aws s3 --sse=AES256 cp env.txt s3://${stack_s3_bucket}/jenkins_state_${GIT_COMMIT}/last_env.txt
-
-INSTANCE_ID=`terraform state show aws_instance.dev-jenkins | grep "\"i-[a-f0-9]" | cut -f 2 -d "=" | sed 's/"//g'`
-
-while [ -z $(/usr/local/bin/aws --region=us-east-1 ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE_ID}" | grep InitComplete) ];do echo "still initializing";sleep 10;done
-
-echo "http://`terraform state show aws_instance.dev-jenkins | grep private_ip | cut -f 2 -d "=" | sed 's/\"//g' | sed 's/ //g'`"
-
------------------------------------------------------
-
-
-Set stack_s3_bucket Value to new S3 bucket name in new Jenkins
-   - Manage Jenkins > Configure System
-   - under "Global properties" set stack_s3_bucket to the new bucket created in the first step
-
-Add the following arn as a trusted entity in the hms-dbmi-cnc-role in the prod account:
-   - https://console.aws.amazon.com/iam/home?region=us-east-1#/roles/hms-dbmi-cnc-role?section=trust
-   - example template : 
-
-   {
-      "Effect": "Allow",
-      "Principal": {
-        "AWS": "arn:aws:sts::752463128620:assumed-role/jenkins-s3-role/< instance id of the jenkins ec2 you just created >"
-      },
-      "Action": "sts:AssumeRole",
-      "Condition": {}
-    }
-
-   - example : 
-
-   {
-      "Effect": "Allow",
-      "Principal": {
-        "AWS": "arn:aws:sts::752463128620:assumed-role/jenkins-s3-role/i-0615f53dd368cbdfc"
-      },
-      "Action": "sts:AssumeRole",
-      "Condition": {}
-    }
-
-Switch to Jenkins Configuration View ( DO NOT QUEUE UP THE JOBS! Wait for each to complete successfully before going on to the next. )
-
-Run Jenkins Build "Create stack_variables.tf files"
-Run Jenkins Build "Update VPC Settings" after confirming the following:
-   - confirm that the R53_Zone_ID is correct for the prod account Route 53 Zone
-   - confirm that the vpc and subnet group names are correct for the prod account
-Run Jenkins Build "Update PIC-SURE Token Introspection Token"
-Run Jenkins Build "Update Fence Client Credentials"
-   - provide the correct Fence Client ID and Client Secret as provided by the Fence team
-Run Jenkins Build "Update HTTPD Certs and Key"
-   - provide the correct Cert, Chain and Key file for the production HTTPD server
+# Overview
 
+Welcome to the base folder of your Jenkins project. This folder contains two subfolders, each dedicated to a specific aspect of your Jenkins infrastructure: `jenkins-docker` and `jenkins-terraform`. Below, you'll find an overview of each component along with links to their respective README files for detailed information.
 
-Switch to the Deployment View
+## Jenkins Docker (`jenkins-docker`)
 
-Run Jenkins Build Check For Updates
-   - The first time this runs it will take about 1.5 hours because it has to rekey the data.
+This section focuses on the Dockerization of Jenkins, incorporating additional tools and configurations to enhance its functionality. The Jenkins Docker image is extended from the official LTS image, making it a versatile and powerful solution. For more information, refer to the [Jenkins Docker README](jenkins-docker/README.md).
 
-Run Jenkins Build Swap Stacks
-   - This will point the internal production CNAME at the current stage environment
-   - The current stage environment becomes prod and the current prod environment becomes stage
+## Jenkins Terraform (`jenkins-terraform`)
 
-Run Jenkins Build Check For Updates
-   - This time it should only take about a half hour because the data has already been rekeyed.
+Here, Terraform is leveraged to deploy and manage Jenkins infrastructure on AWS. The README provides insights into the variables, backend configuration, and outputs defined in the Terraform files. Detailed information about variables, Terraform backend configuration, and outputs can be found in the [Jenkins Terraform README](jenkins-terraform/README.md).
 
+Feel free to explore each component to understand their configurations, usage, and any additional details you may need for managing your Jenkins environment efficiently. If you have any questions or need assistance, don't hesitate to reach out.
 
+## Table of Contents
 
+- [Jenkins Docker](#jenkins-docker)
+- [Jenkins Terraform](#jenkins-terraform)
 
+Feel free to dive into the respective sections for detailed information and instructions.
 
+# Jenkins Docker (`jenkins-docker`)
+
+This section focuses on the Dockerization of Jenkins, incorporating additional tools and configurations to enhance its functionality. The Jenkins Docker image is extended from the official LTS image, making it a versatile and powerful solution.
+
+## [Jenkins Docker README](jenkins-docker/README.md)
+
+- [Features](jenkins-docker/README.md#features)
+- [Prerequisites](jenkins-docker/README.md#prerequisites)
+- [Building the Image](jenkins-docker/README.md#building-the-image)
+- [Configuration](jenkins-docker/README.md#configuration)
+- [Usage](jenkins-docker/README.md#usage)
+- [Cleanup](jenkins-docker/README.md#cleanup)
+- [Contributing](jenkins-docker/README.md#contributing)
+- [License](jenkins-docker/README.md#license)
+
+Feel free to explore the Jenkins Docker README for comprehensive information on configuring, building, and using the Docker image.
+
+# Jenkins Terraform (`jenkins-terraform`)
+
+Here, Terraform is leveraged to deploy and manage Jenkins infrastructure on AWS. The README provides insights into the variables, backend configuration, and outputs defined in the Terraform files.
+
+## [Jenkins Terraform README](jenkins-terraform/README.md)
+
+- [Variables](jenkins-terraform/README.md#variables)
+- [Terraform Backend](jenkins-terraform/README.md#terraform-backend)
+- [Outputs](jenkins-terraform/README.md#outputs)
+
+Feel free to explore the Jenkins Terraform README for detailed information on variables, Terraform backend configuration, and outputs.
+
+Feel free to explore each component to understand their configurations, usage, and any additional details you may need for managing your Jenkins environment efficiently. If you have any questions or need assistance, don't hesitate to reach out.
diff --git a/dev-jenkins-terraform/install-docker.sh b/dev-jenkins-terraform/install-docker.sh
deleted file mode 100644
index d858d7dd..00000000
--- a/dev-jenkins-terraform/install-docker.sh
+++ /dev/null
@@ -1,375 +0,0 @@
-#!/bin/bash
-sudo yum install wget -y
-sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
-sudo systemctl enable amazon-ssm-agent
-sudo systemctl start amazon-ssm-agent
-wget https://s3.amazonaws.com/amazoncloudwatch-agent/centos/amd64/latest/amazon-cloudwatch-agent.rpm
-sudo rpm -U amazon-cloudwatch-agent.rpm
-sudo touch /opt/aws/amazon-cloudwatch-agent/etc/custom_config.json
-echo "
-
-{
-	\"metrics\": {
-
-		\"metrics_collected\": {
-			\"cpu\": {
-				\"measurement\": [
-					\"cpu_usage_idle\",
-					\"cpu_usage_user\",
-					\"cpu_usage_system\"
-				],
-				\"metrics_collection_interval\": 300,
-				\"totalcpu\": false
-			},
-			\"disk\": {
-				\"measurement\": [
-					\"used_percent\"
-				],
-				\"metrics_collection_interval\": 600,
-				\"resources\": [
-					\"*\"
-				]
-			},
-			\"mem\": {
-				\"measurement\": [
-					\"mem_used_percent\",
-                                        \"mem_available\",
-                                        \"mem_available_percent\",
-                                       \"mem_total\",
-                                        \"mem_used\"
-
-				],
-				\"metrics_collection_interval\": 600
-			}
-		}
-	},
-	\"logs\":{
-   \"logs_collected\":{
-      \"files\":{
-         \"collect_list\":[
-            {
-               \"file_path\":\"/var/log/secure\",
-               \"log_group_name\":\"secure\",
-               \"log_stream_name\":\"{instance_id} secure\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/log/messages\",
-               \"log_group_name\":\"messages\",
-               \"log_stream_name\":\"{instance_id} messages\",
-               \"timestamp_format\":\"UTC\"
-            },
-						{
-               \"file_path\":\"/var/log/audit/audit.log\",
-               \"log_group_name\":\"audit.log\",
-               \"log_stream_name\":\"{instance_id} audit.log\",
-               \"timestamp_format\":\"UTC\"
-            },
-						{
-               \"file_path\":\"/var/log/yum.log\",
-               \"log_group_name\":\"yum.log\",
-               \"log_stream_name\":\"{instance_id} yum.log\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/log/jenkins-docker-logs/*\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-app-logs\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Backup Jenkins Home/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Backup_Jenkins_Home\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Create new Jenkins Server/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Create_new_Jenkins_Server\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Create stack_variables.tf Files/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Create_stack_variables.tf_Files\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Destroy Old Jenkins Server/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Destroy_Old_Jenkins_Server\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Docker-AWSCLI/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Docker_AWSCLI\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/List Instance Profiles/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs List_Instance_Profiles\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Update Bucket Policy/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Update_Bucket_Policy\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Update Fence Client Credentials/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Update_Fence_Client_Credentials\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Update HTTPD Certs and Key/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Update_HTTPD_Certs_and_Key\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Update PIC-SURE Token Introspection Token/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Update_PIC_SURE_Token_Introspection_Token\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Update VPC Settings/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Update_VPC_Settings\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Deployment Pipeline/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Deployment_Pipeline\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Move Prod DNS Pointer/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Move_Prod_DNS_Pointer\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Retrieve Build Spec/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Retrieve_Build_Spec\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Retrieve Deployment State/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Retrieve_Deployment_State\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Swap Stacks/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Swap_Stacks\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Teardown and Rebuild Stage Environment/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Teardown_and_Rebuild_Stage_Environment\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Write Stack State/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Write_Stack_State\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Import_and_Rekey_HPDS_Data/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Import_and_Rekey_HPDS_Data\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/PIC-SURE Auth Micro-App Build/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs PIC_SURE_Auth_Micro_App_Build\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/PIC-SURE Pipeline/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs PIC_SURE_Pipeline\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/PIC-SURE Wildfly Image Build/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs PIC_SURE_Wildfly_Image_Build\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/PIC-SURE-API Build/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs PIC_SURE_API_Build\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/PIC-SURE-HPDS Build/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs PIC_SURE_HPDS_Build\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/PIC-SURE-HPDS-UI Docker Build/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs PIC_SURE_HPDS_UI_Docker_Build\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/biodatacatalyst-ui/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs biodatacatalyst_ui\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Await Initialization/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Await_Initialization\",
-               \"timestamp_format\":\"UTC\"
-            },
-            {
-               \"file_path\":\"/var/jenkins_home/jobs/Check For Updates/**/log\",
-               \"log_group_name\":\"jenkins-logs\",
-               \"log_stream_name\":\"{instance_id} ${stack_id} jenkins-build-logs Check_For_Updates\",
-               \"timestamp_format\":\"UTC\"
-            }
-         ]
-      }
-		}
-	}
-
-
-}
-
-" > /opt/aws/amazon-cloudwatch-agent/etc/custom_config.json
-sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/custom_config.json  -s
-
-# Trend Mirco
-echo '172.25.255.76 dsm.datastage.hms.harvard.edu' | sudo tee -a /etc/hosts
-ACTIVATIONURL='dsm://dsm.datastage.hms.harvard.edu:4120/'
-MANAGERURL='https://dsm.datastage.hms.harvard.edu:443'
-CURLOPTIONS='--silent --tlsv1.2'
-linuxPlatform='';
-isRPM='';
-if [[ $(/usr/bin/id -u) -ne 0 ]]; then
-    echo You are not running as the root user.  Please try again with root privileges.;
-    logger -t You are not running as the root user.  Please try again with root privileges.;
-    exit 1;
-fi;
-if ! type curl >/dev/null 2>&1; then
-    echo "Please install CURL before running this script."
-    logger -t Please install CURL before running this script
-    exit 1
-fi
-curl $MANAGERURL/software/deploymentscript/platform/linuxdetectscriptv1/ -o /tmp/PlatformDetection $CURLOPTIONS --insecure
-if [ -s /tmp/PlatformDetection ]; then
-    . /tmp/PlatformDetection
-else
-    echo "Failed to download the agent installation support script."
-    logger -t Failed to download the Deep Security Agent installation support script
-    exit 1
-fi
-platform_detect
-if [[ -z "$${linuxPlatform}" ]] || [[ -z "$${isRPM}" ]]; then
-    echo Unsupported platform is detected
-    logger -t Unsupported platform is detected
-    exit 1
-fi
-echo Downloading agent package...
-if [[ $isRPM == 1 ]]; then package='agent.rpm'
-    else package='agent.deb'
-fi
-curl -H "Agent-Version-Control: on" $MANAGERURL/software/agent/$${runningPlatform}$${majorVersion}/$${archType}/$package?tenantID= -o /tmp/$package $CURLOPTIONS --insecure
-echo Installing agent package...
-rc=1
-if [[ $isRPM == 1 && -s /tmp/agent.rpm ]]; then
-    rpm -ihv /tmp/agent.rpm
-    rc=$?
-elif [[ -s /tmp/agent.deb ]]; then
-    dpkg -i /tmp/agent.deb
-    rc=$?
-else
-    echo Failed to download the agent package. Please make sure the package is imported in the Deep Security Manager
-    logger -t Failed to download the agent package. Please make sure the package is imported in the Deep Security Manager
-    exit 1
-fi
-if [[ $${rc} != 0 ]]; then
-    echo Failed to install the agent package
-    logger -t Failed to install the agent package
-    exit 1
-fi
-echo Install the agent package successfully
-sleep 15
-/opt/ds_agent/dsa_control -r
-/opt/ds_agent/dsa_control -a $ACTIVATIONURL "policyid:14"
-
-
-echo "user-data progress starting update"
-sudo yum -y update
-echo "user-data progress finished update installing epel-release"
-sudo yum -y install epel-release
-echo "user-data progress finished epel-release adding docker-ce repo"
-sudo yum-config-manager  --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-echo "user-data progress added docker-ce repo starting docker install"
-sudo yum -y install docker-ce docker-ce-cli containerd.io
-echo "user-data progress finished docker install enabling docker service"
-sudo systemctl enable docker
-echo "user-data progress finished enabling docker service starting docker"
-sudo service docker start
-cd /home/centos/jenkins
-sudo mkdir -p /var/jenkins_home/jobs/
-sudo mkdir -p /var/log/jenkins-docker-logs
-cp -r jobs/* /var/jenkins_home/jobs/
-sudo docker build --build-arg S3_BUCKET=${stack_s3_bucket} -t avillach-lab-dev-jenkins .
-
-## Download and Install Nessus
-for i in {1..5}; do sudo /usr/local/bin/aws --region us-east-1 s3 cp s3://${stack_s3_bucket}/nessus_config/setup.sh /opt/nessus_setup.sh && break || sleep 45; done 
-sh /opt/nessus_setup.sh "${stack_s3_bucket}" "CNC_Prod"
-
-# Download Jenkins config file from s3
-for i in {1..5}; do sudo /usr/local/bin/aws --region us-east-1 s3 cp s3://${stack_s3_bucket}/jenkins_config/config.xml /var/jenkins_home/config.xml && break || sleep 45; done
-
-# copy ssl cert & key from s3
-for i in {1..5}; do sudo /usr/local/bin/aws --region us-east-1 s3 cp s3://${stack_s3_bucket}/certs/jenkins/jenkins.cer /root/jenkins.cer && break || sleep 45; done
-for i in {1..5}; do sudo /usr/local/bin/aws --region us-east-1 s3 cp s3://${stack_s3_bucket}/certs/jenkins/jenkins.key /root/jenkins.key && break || sleep 45; done
-
-# generate keystore file for docker/jenkins use
-keystore_pass=`echo $RANDOM | md5sum | head -c 20`
-sudo openssl pkcs12 -export -in /root/jenkins.cer -inkey /root/jenkins.key -out /root/jenkins.p12 -password pass:$keystore_pass
-
-#run jenkins docker container
-sudo docker run -d -v /var/jenkins_home/jobs:/var/jenkins_home/jobs \
-                    -v /var/jenkins_home/config.xml:/usr/share/jenkins/ref/config.xml.override \
-                    -v /var/jenkins_home/workspace:/var/jenkins_home/workspace \
-                    -v /var/run/docker.sock:/var/run/docker.sock \
-                    -v /root/jenkins.p12:/root/jenkins.p12 \
-                    -p 443:8443 \
-                    --restart always \
-                    --name jenkins \
-                    avillach-lab-dev-jenkins \
-                    --httpsPort=8443 \
-		    --httpsKeyStore=/root/jenkins.p12 \
-		    --httpsKeyStorePassword="$keystore_pass"
-
-for i in 1 2 3 4 5; do sudo /usr/local/bin/aws --region us-east-1 s3 cp s3://${stack_s3_bucket}/domain-join.sh /root/domain-join.sh && break || sleep 45; done
-cd /root
-sudo bash domain-join.sh
-
-echo "setup script finished"
-
-sudo docker logs -f jenkins > /var/log/jenkins-docker-logs/jenkins.log &
-
-INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")" --silent http://169.254.169.254/latest/meta-data/instance-id)
-sudo docker exec jenkins /usr/local/bin/aws --region=us-east-1 ec2 create-tags --resources $${INSTANCE_ID} --tags Key=InitComplete,Value=true
diff --git a/dev-jenkins-terraform/jenkins-ec2.tf b/dev-jenkins-terraform/jenkins-ec2.tf
deleted file mode 100644
index bd8f6b4a..00000000
--- a/dev-jenkins-terraform/jenkins-ec2.tf
+++ /dev/null
@@ -1,73 +0,0 @@
-resource "tls_private_key" "provisioning-key" {
-  algorithm = "RSA"
-  rsa_bits  = 4096
-}
-output "provisioning-private-key" {
-  value = tls_private_key.provisioning-key.private_key_pem
-}
-resource "aws_key_pair" "generated_key" {
-  key_name   = "jenkins-provisioning-key-${var.stack-id}-${var.git-commit}"
-  public_key = tls_private_key.provisioning-key.public_key_openssh
-}
-
-
-data "template_file" "jenkins-user_data" {
-  template = file("install-docker.sh")
-  vars = {
-    stack_s3_bucket = var.stack-s3-bucket
-    stack_id = var.stack-id
-  }
-}
-
-data "template_cloudinit_config" "config" {
-  gzip          = true
-  base64_encode = true
-
-  # user_data
-  part {
-    content_type = "text/x-shellscript"
-    content      = data.template_file.jenkins-user_data.rendered
-  }
-}
-
-resource "aws_instance" "dev-jenkins" {
-  ami = "ami-03d8711fa5461c9f3"
-  instance_type = "m5.2xlarge"
-  associate_public_ip_address = false
-  key_name = aws_key_pair.generated_key.key_name
-
-  iam_instance_profile = var.instance-profile-name
-
-  root_block_device {
-    delete_on_termination = true
-    encrypted = true
-    volume_size = 1000
-  }
-
-  provisioner "file" {
-    source      = "../jenkins-docker"
-    destination = "/home/centos/jenkins"
-    connection {
-      type     = "ssh"
-      user     = "centos"
-      private_key = tls_private_key.provisioning-key.private_key_pem
-      host = self.private_ip
-    }
-  }
-
-  vpc_security_group_ids = [
-    aws_security_group.inbound-jenkins-from-lma.id,
-    aws_security_group.outbound-jenkins-to-internet.id
-  ]
-
-  subnet_id = var.subnet-id
-
-  tags = {
-    Owner       = "Avillach_Lab"
-    Environment = "development"
-    Name        = "FISMA Terraform Playground - Dev Jenkins - ${var.stack-id} - ${var.git-commit}"
-  }
-
-  user_data = data.template_cloudinit_config.config.rendered
-
-}
diff --git a/dev-jenkins-terraform/jenkins-security-groups.tf b/dev-jenkins-terraform/jenkins-security-groups.tf
deleted file mode 100644
index 1608ff19..00000000
--- a/dev-jenkins-terraform/jenkins-security-groups.tf
+++ /dev/null
@@ -1,77 +0,0 @@
-resource "aws_security_group" "inbound-jenkins-from-lma" {
-  name = "allow_inbound_from_lma_subnet_to_jenkins_vpc_${var.stack-id}_${var.git-commit}"
-  description = "Allow inbound traffic from LMA on ports 22, 80 and 443"
-  vpc_id = var.vpc-id
-
-  ingress {
-    from_port = 80
-    to_port = 80
-    protocol = "tcp"
-    cidr_blocks = [
-      var.access-cidr
-    ]
-  }
-
-  ingress {
-    from_port = 443
-    to_port = 443
-    protocol = "tcp"
-    cidr_blocks = [
-      var.access-cidr
-    ]
-  }
-
-  ingress {
-    from_port = 22
-    to_port = 22
-    protocol = "tcp"
-    cidr_blocks = [
-      var.access-cidr
-    ]
-  }
-
-  ingress {
-    from_port = 22
-    to_port = 22
-    protocol = "tcp"
-    cidr_blocks = [
-      var.provisioning-cidr
-    ]
-  }
-
-  ingress {
-    from_port = 22
-    to_port = 22
-    protocol = "tcp"
-    cidr_blocks = [
-      "172.25.255.73/32"
-    ]
-  }
-
-  tags = {
-    Owner       = "Avillach_Lab"
-    Environment = "development"
-    Name        = "FISMA Terraform Playground - inbound-jenkins-from-lma Security Group - ${var.stack-id}"
-  }
-}
-
-resource "aws_security_group" "outbound-jenkins-to-internet" {
-  name = "allow_jenkins_outbound_to_internet_${var.stack-id}_${var.git-commit}"
-  description = "Allow outbound traffic from Jenkins"
-  vpc_id = var.vpc-id
-
-  egress {
-    from_port = 0
-    to_port = 0
-    protocol = -1
-    cidr_blocks = [
-       "0.0.0.0/0"
-    ]
-  }
-
-  tags = {
-    Owner       = "Avillach_Lab"
-    Environment = "development"
-    Name        = "FISMA Terraform Playground - outbound-jenkins-to-internet Security Group - ${var.stack-id}"
-  }
-}
diff --git a/dev-jenkins-terraform/provider.tf b/dev-jenkins-terraform/provider.tf
deleted file mode 100644
index 7faf7528..00000000
--- a/dev-jenkins-terraform/provider.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-provider "aws" {
-  region     = "us-east-1" 
-  profile    = "avillachlab-secure-infrastructure"
-  version    = "3.74"
-}
diff --git a/dev-jenkins-terraform/stack_variables.tf b/dev-jenkins-terraform/stack_variables.tf
deleted file mode 100644
index 843d123b..00000000
--- a/dev-jenkins-terraform/stack_variables.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-variable "stack-id" {
-	type = string
-	default = "test"
-}
-
-variable "git-commit" {
-    type = string
-}
-
-variable "subnet-id" {
-    type = string
-}
-
-variable "vpc-id" {
-    type = string
-}
-
-variable "instance-profile-name" {
-	type = string
-}
-
-variable "access-cidr" {
-	type = string
-}
-
-variable "provisioning-cidr" {
-	type = string
-}
-
-variable "stack-s3-bucket" {
-	type = string
-}
diff --git a/jenkins-docker/.gitignore b/jenkins-docker/.gitignore
new file mode 100644
index 00000000..014c0bc0
--- /dev/null
+++ b/jenkins-docker/.gitignore
@@ -0,0 +1,5 @@
+builds/
+lastStable
+lastSuccessful
+nextBuildNumber
+.DS_Store
\ No newline at end of file
diff --git a/jenkins-docker/Dockerfile b/jenkins-docker/Dockerfile
index aa36f433..8fb5b8a1 100644
--- a/jenkins-docker/Dockerfile
+++ b/jenkins-docker/Dockerfile
@@ -1,41 +1,67 @@
 FROM jenkins/jenkins:lts
-
-ARG S3_BUCKET
-
-COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
-
-COPY config.xml /var/jenkins_home/config.xml
-
-COPY scriptApproval.xml /var/jenkins_home/scriptApproval.xml
-
-COPY hudson.tasks.Maven.xml /var/jenkins_home/hudson.tasks.Maven.xml
-
+# user to swap easily between OS operations and jenkins configuration.
+ENV JENKINS_USERNAME=$USER
+
+ARG JENKINS_DOCKER_TERRAFORM_DISTRO
+ARG PLUGINS_FILE
+ARG CONFIG_XML_FILE
+ARG SCRIPT_APPROVAL_FILE
+ARG HUDSON_TASKS_FILE
+ARG JENKINS_JOBS_DIR
+ARG PKCS12_FILE
+ARG PKCS12_PASS
+ARG JENKINS_HTTP_PORT=-1
+ARG JENKINS_HTTPS_PORT=8443
+
+# Can use this to swap users back to jenkins user without hardcoding it.  Safe to hardcode swap to root user.
+###### OS configs and package installations ########
+# We could run these commands and build an image then configure jenkins only in this dockerfile instead of directly using the jenkins stock image
 USER root
 
+# debian repos to install openjdk headless? 
+# Jenkins must have a better way to manage JRE ....
 RUN echo deb http://archive.debian.org/debian stretch-backports main >> /etc/apt/sources.list
-
 RUN echo deb http://archive.debian.org/debian stretch main >> /etc/apt/sources.list
 
 RUN apt-get update
 
-RUN apt-get -y install apt-transport-https
-
-RUN apt-get -y install python3-pip
+RUN apt-get -y -t stretch-backports install openjdk-11-jdk-headless
 
-RUN apt-get -y install wget
+RUN apt-get -y install apt-transport-https \
+    python3-pip \
+    wget
 
+# maybe not the best way to install awscli 
+# see https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
 RUN pip3 install --no-input awscli --upgrade --break-system-packages
 
-RUN curl -fsSL https://get.docker.com | sh
-
-RUN docker --version
-
-RUN apt-get -y -t stretch-backports install openjdk-11-jdk-headless
+RUN set -e; \
+    curl -fsSL https://get.docker.com | sh && \
+    docker --version
 
+# maven
 RUN apt-get -y install maven
-
+# jq
 RUN apt-get install jq -y
+# terraform
+RUN wget -c $JENKINS_DOCKER_TERRAFORM_DISTRO -O /opt/terraform.zip && \
+    unzip /opt/terraform.zip -d /usr/local/bin/ && rm -f /opt/terraform.zip
+
+# Cleanup
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/apt/*
+
+##### Configuration for jenkins ###########
+USER $JENKINS_USERNAME
+# Check if PLUGINS_FILE is provided and copy it, then run jenkins-plugin-cli
+COPY $PLUGINS_FILE /usr/share/jenkins/ref/plugins.txt 
 
 RUN /bin/jenkins-plugin-cli -f /usr/share/jenkins/ref/plugins.txt || echo "Some errors occurred during plugin installation."
 
-RUN wget https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip && unzip terraform_0.12.31_linux_amd64.zip && mv terraform /usr/local/bin/
+COPY $CONFIG_XML_FILE /var/jenkins_home/config.xml
+COPY $SCRIPT_APPROVAL_FILE /var/jenkins_home/scriptApproval.xml
+COPY $HUDSON_TASKS_FILE /var/jenkins_home/hudson.tasks.Maven.xml
+COPY $JENKINS_JOBS_DIR /var/jenkins_home/jobs
+COPY $PKCS12_FILE /var/jenkins_home/$PKCS12_FILE
+
+# Should set env var at runtime using an entrypoint.
+ENV JENKINS_OPTS="--httpPort=$JENKINS_HTTP_PORT --httpsPort=$JENKINS_HTTPS_PORT --httpsKeyStore=/var/jenkins_home/$PKCS12_FILE --httpsKeyStorePassword=$PKCS12_PASS"
diff --git a/jenkins-docker/README.md b/jenkins-docker/README.md
new file mode 100644
index 00000000..ea760997
--- /dev/null
+++ b/jenkins-docker/README.md
@@ -0,0 +1,64 @@
+# Jenkins Docker Image with Additional Tools and Configuration
+
+This Dockerfile extends the official Jenkins Docker image (LTS) and adds additional tools and configurations to enhance its functionality.
+
+## Table of Contents
+
+- [Features](#features)
+- [Prerequisites](#prerequisites)
+- [Building the Image](#building-the-image)
+- [Configuration](#configuration)
+- [Usage](#usage)
+- [Cleanup](#cleanup)
+- [Contributing](#contributing)
+- [License](#license)
+
+## Features
+
+- Installs OpenJDK 11, Maven, jq, and AWS CLI
+- Installs Docker and configures it to work within the Jenkins environment
+- Installs Terraform and other essential tools
+- Allows easy user switching between OS operations and Jenkins configuration
+- Configures Jenkins with specified plugins, settings, and jobs
+- Provides options to customize Jenkins HTTP and HTTPS ports
+- Cleans up unnecessary files to reduce image size
+
+## Prerequisites
+
+- Docker installed on the host machine
+
+## Building the Image
+
+To build the Jenkins Docker image, run the following commands:
+
+```bash
+docker build \
+  --build-arg JENKINS_DOCKER_TERRAFORM_DISTRO=<terraform_distribution_url> \
+  --build-arg PLUGINS_FILE=<path_to_plugins_file> \
+  --build-arg CONFIG_XML_FILE=<path_to_config_xml_file> \
+  --build-arg SCRIPT_APPROVAL_FILE=<path_to_script_approval_file> \
+  --build-arg HUDSON_TASKS_FILE=<path_to_hudson_tasks_file> \
+  --build-arg JENKINS_JOBS_DIR=<path_to_jenkins_jobs_dir> \
+  --build-arg PKCS12_FILE=<path_to_pkcs12_file> \
+  --build-arg PKCS12_PASS=<pkcs12_password> \
+  --build-arg JENKINS_HTTP_PORT=<custom_http_port> \
+  --build-arg JENKINS_HTTPS_PORT=<custom_https_port> \
+  -t your/jenkins-docker-image .
+```
+## Configuration
+
+### Environment Variables
+
+- **JENKINS_USERNAME**: User to swap easily between OS operations and Jenkins configuration.
+- **JENKINS_HTTP_PORT**: Custom HTTP port for Jenkins (default is -1, which means the default Jenkins port).
+- **JENKINS_HTTPS_PORT**: Custom HTTPS port for Jenkins (default is 8443).
+
+### Configuration Files
+
+- **PLUGINS_FILE**: Text file containing a list of Jenkins plugins to be installed.
+- **CONFIG_XML_FILE**: Jenkins configuration XML file.
+- **SCRIPT_APPROVAL_FILE**: Jenkins scriptApproval XML file.
+- **HUDSON_TASKS_FILE**: Jenkins hudson.tasks.Maven XML file.
+- **JENKINS_JOBS_DIR**: Directory containing Jenkins job configurations.
+- **PKCS12_FILE**: Path to the PKCS12 file for Jenkins HTTPS configuration.
+- **PKCS12_PASS**: Password for the PKCS12 file.
diff --git a/jenkins-docker/config.xml b/jenkins-docker/config.xml
index dbf5781b..af5aa622 100644
--- a/jenkins-docker/config.xml
+++ b/jenkins-docker/config.xml
@@ -131,6 +131,7 @@
         <string>PIC-SURE-API Build</string>
         <string>PIC-SURE-HPDS Build</string>
         <string>PIC-SURE-HPDS-UI Docker Build</string>
+        <string>PIC-SURE-VISUALIZATION Build</string>
         <string>Retrieve Build Spec</string>
         <string>Retrieve Deployment State</string>
         <string>Teardown and Rebuild Stage Environment</string>
@@ -165,7 +166,7 @@
           <default>
             <comparator class="hudson.util.CaseInsensitiveComparator"/>
           </default>
-          <int>4</int>
+          <int>6</int>
           <string>stack_s3_bucket</string>
           <string>avillach-biodatacatalyst-deployments-b7rwpwv</string>
           <string>git_base_url</string>
diff --git a/jenkins-docker/jobs/Await Initialization/config.xml b/jenkins-docker/jobs/Await Initialization/config.xml
index 10155d5a..6b2ab899 100644
--- a/jenkins-docker/jobs/Await Initialization/config.xml	
+++ b/jenkins-docker/jobs/Await Initialization/config.xml	
@@ -1,40 +1,36 @@
 <?xml version='1.1' encoding='UTF-8'?>
 <project>
   <actions/>
-  <description></description>
+  <description>This would be cleaner and more portable if it was a python script that check for initialization.</description>
   <keepDependencies>false</keepDependencies>
   <properties>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>target_stack</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
-          <name>infrastructure_git_hash</name>
-          <description></description>
-          <defaultValue></defaultValue>
+          <name>git_hash</name>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.1.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-infrastructure</url>
+        <url>${infrastructure_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>${infrastructure_git_hash}</name>
+        <name>${git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -45,93 +41,130 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>cd app-infrastructure
-wget https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip &amp;&amp; unzip terraform_0.12.31_linux_amd64.zip &amp;&amp; mv terraform /usr/local/bin/
-terraform init
-
-aws sts assume-role --duration-seconds 3600 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+
+cd app-infrastructure
 
 aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate .
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/stack_variables.tf .
-cp stack_variables.tf ../s3-deployment-roles/
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles ../s3-deployment-roles/terraform.tfstate || echo &quot;role state doesnt exist, it will be created&quot;
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-
-aws sts assume-role --duration-seconds 3600 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-INSTANCE_ID=`terraform state show aws_instance.wildfly-ec2 | grep &quot;\&quot;i-[a-f0-9]&quot; | cut -f 2 -d &quot;=&quot; | sed &apos;s/&quot;//g&apos;`
-while [ -z $(/usr/local/bin/aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | grep InitComplete) ];do echo &quot;still initializing&quot;;sleep 10;done
-echo &quot;Wildfly EC2 Initialization Complete&quot;
-
-aws sts assume-role --duration-seconds 3600 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-INSTANCE_ID=`terraform state show aws_instance.httpd-ec2 | grep &quot;\&quot;i-[a-f0-9]&quot; | cut -f 2 -d &quot;=&quot; | sed &apos;s/&quot;//g&apos;`
-while [ -z $(/usr/local/bin/aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | grep InitComplete) ];do echo &quot;still initializing&quot;;sleep 10;done
-echo &quot;HTTPD EC2 Initialization Complete&quot;
-
-aws sts assume-role --duration-seconds 3600 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-INSTANCE_ID=`terraform state show aws_instance.open-hpds-ec2 | grep &quot;\&quot;i-[a-f0-9]&quot; | cut -f 2 -d &quot;=&quot; | sed &apos;s/&quot;//g&apos;`
-while [ -z $(/usr/local/bin/aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | grep InitComplete) ];do echo &quot;still initializing&quot;;sleep 10;done
-echo &quot;Open HPDS EC2 Initialization Complete&quot;
 
-aws sts assume-role --duration-seconds 3600 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-INSTANCE_ID=`terraform state show aws_instance.dictionary-ec2 | grep &quot;\&quot;i-[a-f0-9]&quot; | cut -f 2 -d &quot;=&quot; | sed &apos;s/&quot;//g&apos;`
-while [ -z $(/usr/local/bin/aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | grep InitComplete) ];do echo &quot;still initializing&quot;;sleep 10;done
-echo &quot;Dictionary EC2 Initialization Complete&quot;
-
-aws sts assume-role --duration-seconds 3600 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-aws sts assume-role --duration-seconds 3600 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-INSTANCE_ID=`terraform state show aws_instance.auth-hpds-ec2 | grep &quot;\&quot;i-[a-f0-9]&quot; | cut -f 2 -d &quot;=&quot; | sed &apos;s/&quot;//g&apos;`
-while [ -z $(/usr/local/bin/aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | grep InitComplete) ];do echo &quot;still initializing&quot;;sleep 10;done
-echo &quot;Auth HPDS EC2 Initialization Complete&quot;
+terraform init
 
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN</command>
+output_names=$(terraform output -json | jq -r &apos;keys[]&apos;)
+echo &quot;Output names: $output_names&quot;
+
+for output_name in $output_names; do
+  reset_role
+  assume_role
+  	
+  echo &quot;Current instance: ${output_name}.&quot;
+  INSTANCE_ID=`terraform output &quot;${output_name}&quot;`
+  
+  # Skip if the instance ID is empty or is not a valid instance-id
+  if [ -z &quot;$INSTANCE_ID&quot; ] || ! [[ &quot;$INSTANCE_ID&quot; =~ ^i-[a-fA-F0-9]{17}$ ]]; then
+    echo &quot;No instance ID for output ${output_name}. Skipping...&quot;
+    continue
+  fi
+  
+  echo &quot;Instance-id is $INSTANCE_ID&quot;
+
+  aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot;
+  while [ $(aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | grep InitComplete | wc -l ) -eq 0 ]; do 
+    # avoid role timeout by assuming role continously
+    reset_role
+    assume_role
+    echo &quot;${output_name} EC2 still initializing&quot;
+    sleep 60
+  done
+  
+  echo &quot;${output_name} EC2 Initialization Complete&quot;
+done
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command># json tag schema.  Used to uniquely identify a projects staging instances.
+cat &lt;&lt;EOF &gt; staging_httpd_tags_file.json
+[
+  {
+    &quot;Name&quot;: &quot;tag:Stack&quot;,
+    &quot;Values&quot;: [&quot;$target_stack&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Node&quot;,
+    &quot;Values&quot;: [&quot;HTTPD&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Project&quot;,
+    &quot;Values&quot;: [&quot;$env_project&quot;]
+  }
+]
+EOF</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+
+cd &quot;$WORKSPACE&quot;
+
+assume_role
+# register new deployment to staging ( register green )
+echo &quot;registering new deployment to staging ( register green )&quot;
+target_group_vpc=$(get_target_group_vpc_by_tg_name $staging_tg_name)
+staging_target_group_arn=$(get_target_group_arn_by_name &quot;$staging_tg_name&quot;)
+staging_httpd_instance_prv_ips=($(get_private_ip_by_tags &quot;staging_httpd_tags_file.json&quot;))
+
+if [ -z &quot;${staging_httpd_instance_prv_ips}&quot; ]; then
+   echo &quot;No private IPs found when registering target groups.&quot;
+   echo &quot;Ensure nodes have been created with proper tags for Node,Project and Stack keys.&quot;
+   exit 1
+else
+  register_targets &quot;$target_group_vpc&quot; &quot;$staging_target_group_arn&quot; &quot;${staging_httpd_instance_prv_ips[@]}&quot;
+  
+  # Wait for draining
+  wait_for_target_group_health &quot;$staging_target_group_arn&quot; &quot;HEALTHY&quot; &quot;${staging_httpd_instance_prv_ips[@]}&quot;
+fi
+reset_role</command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.38">
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
       <deleteDirs>false</deleteDirs>
       <cleanupParameter></cleanupParameter>
       <externalDelete></externalDelete>
       <disableDeferredWipeout>false</disableDeferredWipeout>
     </hudson.plugins.ws__cleanup.PreBuildCleanup>
+    <hudson.plugins.build__timeout.BuildTimeoutWrapper plugin="build-timeout@1.31">
+      <strategy class="hudson.plugins.build_timeout.impl.AbsoluteTimeOutStrategy">
+        <timeoutMinutes>240</timeoutMinutes>
+      </strategy>
+      <operationList/>
+    </hudson.plugins.build__timeout.BuildTimeoutWrapper>
   </buildWrappers>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Bash_Functions/config.xml b/jenkins-docker/jobs/Bash_Functions/config.xml
new file mode 100644
index 00000000..1c8beea7
--- /dev/null
+++ b/jenkins-docker/jobs/Bash_Functions/config.xml
@@ -0,0 +1,397 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description>Job will be triggered by Check for updates. &#xd;
+&#xd;
+Gives a central location to store bash functions used in the pipeline.</description>
+  <keepDependencies>false</keepDependencies>
+  <properties/>
+  <scm class="hudson.scm.NullSCM"/>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>echo &apos;
+assume_role(){
+  local role_arn=${1:-&quot;arn:aws:iam::&apos;${app_acct_id}&apos;:role/&apos;${jenkins_provisioning_assume_role_name}&apos;&quot;}
+  OUTPUT=$(aws sts assume-role \
+      --role-arn $role_arn \
+      --role-session-name &quot;teardown-rebuild&quot; \
+      --query &quot;Credentials.[AccessKeyId,SecretAccessKey,SessionToken]&quot; \
+      --output text)
+
+  export AWS_ACCESS_KEY_ID=$(echo $OUTPUT | awk &quot;{print \$1}&quot;)
+  export AWS_SECRET_ACCESS_KEY=$(echo $OUTPUT | awk &quot;{print \$2}&quot;)
+  export AWS_SESSION_TOKEN=$(echo $OUTPUT | awk &quot;{print \$3}&quot;)
+  export AWS_DEFAULT_REGION=us-east-1
+}
+
+reset_role(){
+  unset AWS_ACCESS_KEY_ID
+  unset AWS_SECRET_ACCESS_KEY
+  unset AWS_SESSION_TOKEN
+}
+
+export -f assume_role
+export -f reset_role
+        &apos; &gt; role_functions.sh</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command># Provides automation for swapping instances between staging and live target groups, using green/blue deployment strategy.
+
+# Script Usage:
+# To use this script, specify the names of the staging and live target groups, as well as JSON files
+# containing tag filters for identifying instances to swap between the target groups.
+
+# Example Usage:
+# swap_stacks &quot;staging-tg-name&quot; &quot;live-tg-name&quot; &quot;staging-httpd-tags.txt&quot; &quot;live-httpd-tags.txt&quot;
+
+# Function to get Target Group ARN by name
+
+echo &apos;
+get_target_group_arn_by_name() {
+  # Use AWS CLI to describe target groups and extract the ARN by name
+  aws elbv2 describe-target-groups \
+    --query &quot;TargetGroups[?TargetGroupName==\`$1\`].TargetGroupArn&quot; \
+    --output text
+}
+
+# Function to get Target Group VPC by name
+get_target_group_vpc_by_tg_name() {
+  local target_group_name=$1
+  # Use AWS CLI to describe the target group and extract the VPC ID
+  aws elbv2 describe-target-groups \
+    --names &quot;$target_group_name&quot; \
+    --query &quot;TargetGroups[0].VpcId&quot; \
+    --output text
+}
+
+# Function to get private IP by tags
+get_private_ip_by_tags() {
+  local tag_filters_file=&quot;$1&quot;
+  # Use AWS CLI to describe instances with specified tag filters from a file and extract private IPs
+  aws ec2 describe-instances \
+    --filters &quot;file://$tag_filters_file&quot; \
+    --query &quot;Reservations[].Instances[].PrivateIpAddress&quot; \
+    --output text
+}
+
+# Function to check if an EC2 instance is in the same VPC as a target group
+is_ec2_in_same_vpc_as_target_group() {
+  local ec2_private_ip=&quot;$1&quot;
+  local target_group_vpc_id=&quot;$2&quot;
+  # Use AWS CLI to describe the EC2 instance and extract its VPC ID
+  local ec2_vpc_id=$(aws ec2 describe-instances \
+    --filters &quot;Name=private-ip-address,Values=$ec2_private_ip&quot; \
+    --query &quot;Reservations[0].Instances[0].VpcId&quot; \
+    --output text)
+
+  # Compare the EC2 instances VPC ID with the known target groups VPC ID
+  if [ &quot;$ec2_vpc_id&quot; == &quot;$target_group_vpc_id&quot; ]; then
+    echo &quot;The EC2 instance with private IP $ec2_private_ip is in the same VPC as the target group.&quot;
+    return 0  # Return success (0)
+  else
+    echo &quot;The EC2 instance with private IP $ec2_private_ip is NOT in the same VPC as the target group.&quot;
+    return 1  # Return failure (non-zero)
+  fi
+}
+
+# Function to register targets in a target group
+register_targets() {
+  local local_target_group_vpc=&quot;$1&quot;
+  local local_target_group_arn=&quot;$2&quot;
+  local httpd_priv_ips=(&quot;${@:3}&quot;)
+
+  for local_httpd_priv_ips in &quot;${httpd_priv_ips[@]}&quot;; do
+    # Check if the EC2 instance is in the same VPC as the target group and register it accordingly
+    if is_ec2_in_same_vpc_as_target_group &quot;$local_httpd_priv_ips&quot; &quot;$local_target_group_vpc&quot;; then
+      aws elbv2 register-targets --target-group-arn $local_target_group_arn --targets &quot;Id=$local_httpd_priv_ips&quot;
+    else
+      aws elbv2 register-targets --target-group-arn $local_target_group_arn --targets &quot;Id=$local_httpd_priv_ips,AvailabilityZone=all&quot;
+    fi
+  done
+}
+
+# Function to deregister targets from a target group
+deregister_targets() {
+  local local_target_group_vpc=&quot;$1&quot;
+  local local_target_group_arn=&quot;$2&quot;
+  local httpd_priv_ips=(&quot;${@:3}&quot;)
+
+  for httpd_priv_ip in &quot;${httpd_priv_ips[@]}&quot;; do
+    # Check if the EC2 instance is in the same VPC as the target group and deregister it accordingly
+    if is_ec2_in_same_vpc_as_target_group &quot;$httpd_priv_ip&quot; &quot;$local_target_group_vpc&quot;; then
+      aws elbv2 deregister-targets --target-group-arn $local_target_group_arn --targets &quot;Id=$httpd_priv_ip&quot;
+    else
+      aws elbv2 deregister-targets --target-group-arn $local_target_group_arn --targets &quot;Id=$httpd_priv_ip,AvailabilityZone=all&quot;
+    fi
+  done
+}
+
+# Function to wait for a target group to become healthy for all instances
+wait_for_target_group_health() {
+  local target_group_arn=&quot;$1&quot;
+  local wait_for_health=&quot;$2&quot;
+  local target_instance_ips=(&quot;${@:3}&quot;)
+
+  local timeout_secs=600
+  local start_time=$(date +%s)
+
+  for target_instance_ip in &quot;${target_instance_ips[@]}&quot;; do
+    local health_status=$(aws elbv2 describe-target-health \
+      --target-group-arn &quot;$target_group_arn&quot; \
+      --targets &quot;Id=$target_instance_ip&quot; \
+      --query &quot;TargetHealthDescriptions[0].TargetHealth.State&quot; \
+      --output text
+    )
+
+    while [[ ${health_status^^} != ${wait_for_health^^} ]]; do
+      local elapsed_time=$(( $(date +%s) - start_time ))
+      if [ $elapsed_time -ge $timeout_secs ]; then
+        echo &quot;Target group health check exceeds timeout&quot;
+        echo &quot;Target=$target_instance_ip Current_Health=${health_status^^} wait_for_health=$wait_for_health&quot;
+        exit 1
+      fi
+
+      # Use AWS CLI to describe the target health status and update the health_status variable
+      health_status=$(aws elbv2 describe-target-health \
+        --target-group-arn &quot;$target_group_arn&quot; \
+        --targets &quot;Id=$target_instance_ip&quot; \
+        --query &quot;TargetHealthDescriptions[0].TargetHealth.State&quot; \
+        --output text
+      )
+      echo &quot;$target_instance_ip - ${health_status^^}.  Waiting for health of ${wait_for_health^^}&quot;
+      sleep 10  # Wait for 10 seconds before checking again
+    done
+  done
+}
+
+# Function to swap instances between staging and live target groups
+swap_stacks() {
+  local staging_tg_name=$1
+  local live_tg_name=$2
+  local staging_httpd_tags_file=&quot;$3&quot;
+  local live_httpd_tags_file=&quot;$4&quot;
+  local fail_empty_stacks=&quot;${5,,:-&quot;false&quot;,,}&quot;  # Set to true for stable prod and release testing
+  echo &quot;staging_tg_name=$1&quot;
+  echo &quot;live_tg_name=$2&quot;
+  echo &quot;staging_httpd_tags_file=$3&quot;
+  echo &quot;live_httpd_tags_file=$4&quot;
+  
+  # Get Target Group ARNs using the function
+  local local_staging_target_group_arn=$(get_target_group_arn_by_name &quot;$staging_tg_name&quot;)
+  local local_live_target_group_arn=$(get_target_group_arn_by_name &quot;$live_tg_name&quot;)
+  
+  # Get target group VPC. Both target groups are known to be in the same VPC
+  local local_target_group_vpc=$(get_target_group_vpc_by_tg_name &quot;$live_tg_name&quot;)
+
+  # Get private IPs using the function with tags from files
+  local local_staging_httpd_instance_prv_ips=($(get_private_ip_by_tags &quot;$staging_httpd_tags_file&quot;))
+  local local_live_httpd_instance_prv_ips=($(get_private_ip_by_tags &quot;$live_httpd_tags_file&quot;))
+
+  # Promote Staging to Live (green to blue)
+  echo &quot;Promote Staging to Live (green to blue)&quot;
+  if [ -z &quot;${local_staging_httpd_instance_prv_ips}&quot; ]; then
+    echo &quot;No staging IP Addresses found when promoting to live server.&quot;
+    echo &quot;Ensure nodes have been created with proper tags for Node, Project, and Stack keys.&quot;
+    if [ &quot;${fail_empty_stacks}&quot; = &quot;true&quot; ]; then
+      echo &quot;failing build&quot;
+      exit 1
+    fi
+  else
+    register_targets &quot;$local_target_group_vpc&quot; &quot;$local_live_target_group_arn&quot; &quot;${local_staging_httpd_instance_prv_ips[@]}&quot;
+    wait_for_target_group_health &quot;$local_live_target_group_arn&quot; &quot;HEALTHY&quot; &quot;${local_staging_httpd_instance_prv_ips[@]}&quot;   
+  fi
+  
+  # Demote Live to Staging (blue to green)
+  echo &quot;Demote Live to Staging (blue to green)&quot;
+  if [ -z &quot;${local_live_httpd_instance_prv_ips}&quot; ]; then
+    echo &quot;No live IP Addresses found when demoting to staging server.&quot;
+    echo &quot;Ensure nodes have been created with proper tags for Node, Project, and Stack keys.&quot;
+    if [ &quot;${fail_empty_stacks}&quot; = &quot;true&quot; ]; then
+      echo &quot;failing build&quot;
+      exit 1
+    fi
+  else
+    register_targets &quot;$local_target_group_vpc&quot; &quot;$local_staging_target_group_arn&quot; &quot;${local_live_httpd_instance_prv_ips[@]}&quot;
+    wait_for_target_group_health &quot;$local_staging_target_group_arn&quot; &quot;HEALTHY&quot; &quot;${local_live_httpd_instance_prv_ips[@]}&quot;
+  fi
+
+  # Deregister previous Live from Live TG (remove blue from blue)
+  echo &quot;Deregister previous Live from Live TG (remove blue from blue)&quot;
+  if [ -z &quot;${local_live_httpd_instance_prv_ips}&quot; ]; then
+    echo &quot;No live IP Addresses found when deregistering from live TG.&quot;
+    echo &quot;Ensure nodes have been created with proper tags for Node, Project, and Stack keys and that it has a TGA.&quot;
+    if [ &quot;${fail_empty_stacks}&quot; = &quot;true&quot; ]; then
+      echo &quot;failing build&quot;
+      exit 1
+    fi
+  else  
+    deregister_targets &quot;$local_target_group_vpc&quot; &quot;$local_live_target_group_arn&quot; &quot;${local_live_httpd_instance_prv_ips[@]}&quot;
+    # Wait for draining
+    wait_for_target_group_health &quot;$local_live_target_group_arn&quot; &quot;UNUSED&quot; &quot;${local_live_httpd_instance_prv_ips[@]}&quot;
+  fi
+
+  # Deregister previous Staging from Staging TG (remove green from green)
+  echo &quot;Deregister previous Staging from Staging TG (remove green from green)&quot;  
+  if [ -z &quot;${local_staging_httpd_instance_prv_ips}&quot; ]; then
+    echo &quot;No staging IP Addresses found when deregistering from live TG.&quot;
+    echo &quot;Ensure nodes have been created with proper tags for Node, Project, and Stack keys and that it has a TGA.&quot;
+    if [ &quot;${fail_empty_stacks}&quot; = &quot;true&quot; ]; then
+      echo &quot;failing build&quot;
+      exit 1
+    fi
+  else  
+    deregister_targets &quot;$local_target_group_vpc&quot; &quot;$local_staging_target_group_arn&quot; &quot;${local_staging_httpd_instance_prv_ips[@]}&quot;
+    # Wait for draining
+    wait_for_target_group_health &quot;$local_staging_target_group_arn&quot; &quot;UNUSED&quot; &quot;${local_staging_httpd_instance_prv_ips[@]}&quot;
+  fi
+  echo &quot;Swap Stacks complete&quot;
+}&apos; &gt; target_group_attachment_functions.sh</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command>cat &lt;&lt;&apos;EOF&apos; &gt; pic_sure_rds_snapshot.sh
+# Use feature toggle to the strategy to use for picsure RDS
+# Available strategies
+# * STANDALONE = Unmanaged RDS instance. No prebuild blue snapshot
+# * STANDALONE_W_SS = Unmanaged RDS instance. With prebuild blue snapshot
+# * STANDALONE_W_TAGGED_SS = Unmanaged RDS instance. Will use a specified tagged snapshot to build from. # Tags are being tricky.  But should work.
+# * MANAGED_EMPTY = Managed RDS instance. No prebuild blue snapshot
+# * MANAGED_USE_LATEST_SS = Managed RDS instance. Will take and use the latest snapshot of blue.
+
+do_picsure_rds_strategy() {
+  # variables
+  local picsure_rds_strategy=&quot;${1}&quot;
+  local live_stack=&quot;${2}&quot;
+  local env_project=&quot;${3}&quot;
+    
+  # picsure_rds_standalone_instance=
+  if [ -z ${picsure_rds_strategy} ]; then
+    picsure_rds_snapshot_id=
+  fi
+  if [ &quot;${picsure_rds_strategy}&quot; == &quot;STANDALONE&quot; ]; then
+    # placeholder. implement with persistent work
+    echo &quot;placeholder&quot;
+  fi
+  if [ &quot;${picsure_rds_strategy}&quot; == &quot;STANDALONE_W_SS&quot; ]; then
+    # placeholder. implement with persistent work
+    echo &quot;placeholder&quot;
+  fi
+  if [ &quot;${picsure_rds_strategy}&quot; == &quot;STANDALONE_W_TAGGED_SS&quot; ]; then
+    # placeholder. implement with persistent work
+    echo &quot;placeholder&quot;
+  fi
+  # RDS Strategy: Managed RDS. Empty Database.
+  if [ &quot;${picsure_rds_strategy}&quot; == &quot;MANAGED_EMPTY&quot; ]; then
+    echo &quot;initializing empty database.&quot;
+    exit 0
+  fi
+  # RDS Strategy: Managed RDS using latest SS of blue.
+  if [ &quot;${picsure_rds_strategy}&quot; == &quot;MANAGED_USE_LATEST_SS&quot; ]; then
+    echo &quot;Creating snapshot for picsure rds&quot;
+    create_rds_snapshot_by_tag &quot;${live_stack}&quot; &quot;${env_project}&quot;
+    picsure_rds_snapshot_id=$(get_latest_rds_snapshot_id &quot;${picsure_rds_strategy}&quot; &quot;${live_stack}&quot; &quot;${env_project}&quot;)
+    echo &quot;$picsure_rds_snapshot_id&quot;
+    # validate snapshot
+    if [ -z &quot;$picsure_rds_snapshot_id&quot; ]; then
+      echo &quot;Error: Error with RDS Snapshot. Snapshot empty.  Ensure a snapshot exists for the blue rds instance.&quot;
+      exit 1
+    fi
+    # validate snapshot id format
+    if [[ ! &quot;$picsure_rds_snapshot_id&quot; =~ ^[a-zA-Z0-9-]+$ ]]; then
+      echo &quot;Error: Error with RDS Snapshot. $picsure_rds_snapshot_id is not a valid snapshot id.&quot;
+      exit 1
+    fi
+  fi
+}
+
+# Funtion to return latest snapshot for rds instance
+get_latest_rds_snapshot_id() {
+  local picsure_rds_strategy=&quot;$1&quot;
+  local stack=&quot;$2&quot;
+  local project=&quot;$3&quot;
+  
+  if [ &quot;${picsure_rds_strategy}&quot; == &quot;MANAGED_USE_LATEST_SS&quot; ]; then
+    db_instance_identifier=$(get_db_instance_identifier_by_tag &quot;$live_stack&quot; &quot;$env_project&quot;)
+    latest_snapshot=$(aws rds describe-db-snapshots \
+      --db-instance-identifier &quot;$db_instance_identifier&quot; \
+      --query &quot;DBSnapshots | sort_by(@, &amp;SnapshotCreateTime) | [-1].DBSnapshotIdentifier&quot; \
+      --output text)
+  fi
+  echo &quot;$latest_snapshot&quot;
+}
+
+# find db instance by stack and project tags
+get_db_instance_identifier_by_tag() {
+  local stack=&quot;$1&quot;
+  local project=&quot;$2&quot;
+  local identifier
+  identifier=$(aws rds describe-db-instances | jq --arg stack &quot;$stack&quot; --arg project &quot;$project&quot; -r &apos;.DBInstances[] | select(.TagList[] | .Key == &quot;Stack&quot; and .Value == $stack) | select(.TagList[] | .Key == &quot;Project&quot; and .Value == $project) | .DBInstanceIdentifier&apos;)
+  echo &quot;$identifier&quot;
+}
+
+create_rds_snapshot_by_tag() {
+  local live_stack=&quot;$1&quot;
+  local env_project=&quot;$2&quot;  
+
+  # Find the RDS instance based on the specified tag
+  local db_instance_identifier
+  db_instance_identifier=$(get_db_instance_identifier_by_tag &quot;$live_stack&quot; &quot;$env_project&quot;)
+  
+  if [ -z &quot;$db_instance_identifier&quot; ]; then
+    echo &quot;No RDS instance found with tag: $live_stack and $env_project&quot;
+    return 1
+  fi
+  local timestamp=$(date +&quot;%Y-%m-%d-%H-%M-%S&quot;)
+  local snapshot_identifier=&quot;${db_instance_identifier}-snapshot-${timestamp}&quot;
+
+  # Create a snapshot for the RDS instance
+  aws rds create-db-snapshot \
+    --db-instance-identifier &quot;$db_instance_identifier&quot; \
+    --db-snapshot-identifier &quot;$snapshot_identifier&quot;
+    
+  while true; do  
+    local status=$(aws rds describe-db-snapshots \
+      --db-instance-identifier &quot;$db_instance_identifier&quot; \
+      --db-snapshot-identifier &quot;$snapshot_identifier&quot; \
+      --query &quot;DBSnapshots[0].Status&quot; --output text)
+
+    if [ &quot;${status,,}&quot; = &quot;available&quot; ]; then
+      echo &quot;$snapshot_identifier&quot;
+      return 0
+    else
+      sleep 20
+    fi
+  done
+}
+EOF
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers>
+    <hudson.tasks.ArtifactArchiver>
+      <artifacts>target_group_attachment_functions.sh, role_functions.sh, pic_sure_rds_snapshot.sh</artifacts>
+      <allowEmptyArchive>false</allowEmptyArchive>
+      <onlyIfSuccessful>false</onlyIfSuccessful>
+      <fingerprint>false</fingerprint>
+      <defaultExcludes>true</defaultExcludes>
+      <caseSensitive>true</caseSensitive>
+      <followSymlinks>false</followSymlinks>
+    </hudson.tasks.ArtifactArchiver>
+  </publishers>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Check For Updates/config.xml b/jenkins-docker/jobs/Check For Updates/config.xml
index 6e39908d..4c3cb6a3 100644
--- a/jenkins-docker/jobs/Check For Updates/config.xml	
+++ b/jenkins-docker/jobs/Check For Updates/config.xml	
@@ -4,17 +4,17 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties/>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.7.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-release-control</url>
+        <url>${release_control_git_repo}</url>
         <credentialsId>c1cbb1df-9da8-4f3f-85b9-8de0b9685008</credentialsId>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${release_control_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
@@ -28,9 +28,9 @@
   <triggers/>
   <concurrentBuild>false</concurrentBuild>
   <builders>
-    <hudson.plugins.groovy.SystemGroovy plugin="groovy@2.3">
+    <hudson.plugins.groovy.SystemGroovy plugin="groovy@453.vcdb_a_c5c99890">
       <source class="hudson.plugins.groovy.StringSystemScriptSource">
-        <script plugin="script-security@1.76">
+        <script plugin="script-security@1275.v23895f409fb_d">
           <script>import jenkins.*
 import jenkins.model.*
 import hudson.*
@@ -41,13 +41,16 @@ def buildSpec = new JsonSlurper().parse(new File(&apos;/var/jenkins_home/workspa
 
 def envVars= Hudson.instance.getItem(&quot;Check For Updates&quot;).lastBuild.properties.get(&quot;envVars&quot;);
 
+Jenkins.instance.getItemByFullName(&quot;Bash_Functions&quot;)
+.scheduleBuild2(0).get()
+
 Jenkins.instance.getItemByFullName(&quot;Import_HPDS_Dictionary_File&quot;)
 .scheduleBuild2(0, new ParametersAction([
     new StringParameterValue(&quot;dictionary_s3_key&quot;, buildSpec.source_dictionary_s3_object_key.trim()),
     new StringParameterValue(&quot;pipeline_build_id&quot;,  envVars[&quot;GIT_COMMIT&quot;].trim())
     ])).get()
-    
-    
+
+
 Jenkins.instance.getItemByFullName(&quot;PIC-SURE Pipeline&quot;)
     .scheduleBuild2(0).get()
 
@@ -57,9 +60,11 @@ Jenkins.instance.getItemByFullName(&quot;PIC-SURE Pipeline&quot;)
       </source>
     </hudson.plugins.groovy.SystemGroovy>
     <hudson.tasks.Shell>
-      <command>LAST_DATASET_MODIFICATION_COMMIT=`git blame --abbrev=39 build-spec.json | grep source_dataset_s3_url | cut -f 1 -d &apos; &apos;`
+      <command>#!/bin/bash
 
-docker exec jenkins /usr/local/bin/aws s3api head-object --bucket $stack_s3_bucket --key &quot;data/${LAST_DATASET_MODIFICATION_COMMIT}/javabins_rekeyed.tar.gz&quot; || not_exist=true
+LAST_DATASET_MODIFICATION_COMMIT=`git blame --abbrev=39 build-spec.json | grep source_dataset_s3_url | cut -f 1 -d &apos; &apos;`
+
+aws s3api head-object --bucket $stack_s3_bucket --key &quot;data/${LAST_DATASET_MODIFICATION_COMMIT}/javabins_rekeyed.tar.gz&quot; || not_exist=true
 if [ $not_exist ]; then
   echo $LAST_DATASET_MODIFICATION_COMMIT &gt; toBeRekeyed.txt
   echo &quot;Will rekey new dataset.&quot;
@@ -71,7 +76,7 @@ fi
 
 LAST_DESTIGMATIZED_DATASET_MODIFICATION_COMMIT=`git blame --abbrev=39 build-spec.json | grep source_destigmatized_dataset_s3_url | cut -f 1 -d &apos; &apos;`
 
-docker exec jenkins /usr/local/bin/aws s3api head-object --bucket $stack_s3_bucket --key &quot;data/${LAST_DESTIGMATIZED_DATASET_MODIFICATION_COMMIT}/destigmatized_javabins_rekeyed.tar.gz&quot; || not_exist_destig=false
+aws s3api head-object --bucket $stack_s3_bucket --key &quot;data/${LAST_DESTIGMATIZED_DATASET_MODIFICATION_COMMIT}/destigmatized_javabins_rekeyed.tar.gz&quot; || not_exist_destig=false
 
 if [ $not_exist_destig ]; then
   echo $LAST_DESTIGMATIZED_DATASET_MODIFICATION_COMMIT &gt; destigmatized_toBeRekeyed.txt
@@ -81,15 +86,15 @@ else
   echo &quot;Using existing destigmatized dataset (Skipping rekey).&quot;
 fi
 
-
 LAST_GENOMIC_DATASET_MODIFICATION_COMMIT=`git blame --abbrev=39 build-spec.json | grep source_genomic_dataset_s3_url | cut -f 1 -d &apos; &apos;`
 echo $LAST_GENOMIC_DATASET_MODIFICATION_COMMIT &gt; genomicDatasetKey.txt
+
 </command>
       <configuredLocalRules/>
     </hudson.tasks.Shell>
-    <hudson.plugins.groovy.SystemGroovy plugin="groovy@2.3">
+    <hudson.plugins.groovy.SystemGroovy plugin="groovy@453.vcdb_a_c5c99890">
       <source class="hudson.plugins.groovy.StringSystemScriptSource">
-        <script plugin="script-security@1.76">
+        <script plugin="script-security@1275.v23895f409fb_d">
           <script>import jenkins.*
 import jenkins.model.*
 import hudson.*
@@ -149,11 +154,11 @@ Jenkins.instance.getItemByFullName(&quot;Deployment Pipeline&quot;)
   </builders>
   <publishers/>
   <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.39">
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
       <deleteDirs>false</deleteDirs>
       <cleanupParameter></cleanupParameter>
       <externalDelete></externalDelete>
       <disableDeferredWipeout>false</disableDeferredWipeout>
     </hudson.plugins.ws__cleanup.PreBuildCleanup>
   </buildWrappers>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Create new Jenkins Server/config.xml b/jenkins-docker/jobs/Create new Jenkins Server/config.xml
index c8a06eb9..7a998b49 100644
--- a/jenkins-docker/jobs/Create new Jenkins Server/config.xml	
+++ b/jenkins-docker/jobs/Create new Jenkins Server/config.xml	
@@ -4,67 +4,25 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties>
-    <hudson.model.ParametersDefinitionProperty>
-      <parameterDefinitions>
-        <hudson.model.StringParameterDefinition>
-          <name>stack_s3_bucket</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>stack_id</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>subnet_id</name>
-          <description></description>
-          <defaultValue>subnet-002719488d0e4f10d</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>instance_profile_name</name>
-          <description></description>
-          <defaultValue>jenkins-s3-profile</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>access_cidr</name>
-          <description></description>
-          <defaultValue>172.24.0.68/32</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>vpc_id</name>
-          <description></description>
-          <defaultValue>vpc-07fdd0533a5ec2e35</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>provisioning_cidr</name>
-          <description></description>
-          <defaultValue>172.36.0.0/25</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-      </parameterDefinitions>
-    </hudson.model.ParametersDefinitionProperty>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.1.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/avillachlab-jenkins.git</url>
+        <url>${jenkins_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${jenkins_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -75,36 +33,182 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>cd dev-jenkins-terraform
+      <command>#!/bin/bash
+set -e
+
+cd &quot;${WORKSPACE}/jenkins-docker&quot;
+
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+#export TF_LOG=TRACE
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+ echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+git_commit_short=`echo ${GIT_COMMIT} |head -c7`
+
+mkdir certs/
+aws s3 cp s3://${jenkins_tf_state_bucket}/certs/jenkins/jenkins.key certs/
+aws s3 cp s3://${jenkins_tf_state_bucket}/certs/jenkins/jenkins.cer certs/
+
+# generate keystore file for docker/jenkins use
+echo &quot;# generate keystore file for docker/jenkins use&quot;
+keystore_pass=`echo $RANDOM | md5sum | head -c 20`
+openssl pkcs12 -export -in certs/jenkins.cer -inkey certs/jenkins.key -out certs/jenkins.p12 -password pass:$keystore_pass
+
+# Download Jenkins config file from s3
+echo &quot;# Download Jenkins config file from s3&quot;
+aws --region us-east-1 s3 cp &quot;${jenkins_config_s3_location}&quot; ./config.xml
+
+# Build Container
+echo &quot;# Build Container&quot;
+docker build \
+  --build-arg JENKINS_DOCKER_TERRAFORM_DISTRO=&quot;${jenkins_docker_terraform_distro}&quot; \
+  --build-arg CONFIG_XML_FILE=&quot;./config.xml&quot; \
+  --build-arg PLUGINS_FILE=&quot;./plugins.txt&quot; \
+  --build-arg SCRIPT_APPROVAL_FILE=&quot;./scriptApproval.xml&quot; \
+  --build-arg HUDSON_TASKS_FILE=&quot;./hudson.tasks.Maven.xml&quot; \
+  --build-arg JENKINS_JOBS_DIR=&quot;./jobs/&quot; \
+  --build-arg PKCS12_FILE=&quot;./certs/jenkins.p12&quot; \
+  --build-arg PKCS12_PASS=&quot;${keystore_pass}&quot; \
+  -t jenkins:$git_commit_short .
+
+# Time to put it in a private repo instead of just a image tar on s3.
+docker save jenkins:$git_commit_short | gzip &gt; jenkins.tar.gz
+
+aws s3 cp jenkins.tar.gz s3://${jenkins_tf_state_bucket}/containers/jenkins/ 
+
+cd &quot;${WORKSPACE}&quot;</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+#export TF_LOG=TRACE
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+
+cd jenkins-terraform
 env &gt; env.txt
-terraform init
+# git commit used in Terraform and user-scripts
+git_commit_short=`echo ${GIT_COMMIT} |head -c7`
+
+
+echo &quot;Deploying new jenkins&quot;
+# Deploy state to green 
+# should only deploy to green. safe to leave as constant
+terraform init \
+-backend-config=&quot;bucket=${jenkins_tf_state_bucket}&quot; \
+-backend-config=&quot;key=jenkins_state/green/terraform.tfstate&quot; \
+-backend-config=&quot;region=${jenkins_tf_state_region}&quot;
+
+# Check if green state exists.
+jenkins_green_ip=$(terraform state pull | jq -r &apos;.resources[] | select(.type == &quot;aws_instance&quot; and .name == &quot;jenkins&quot;) | .instances[0].attributes.private_ip&apos;)
+if [ $jenkins_green_ip ] || [[ $jenkins_green_ip =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
+   echo &quot;Jenkins Green server still active.  Run Destroy old Jenkins job to destroy current state.&quot;
+   exit 1
+fi
+
+# could probably just export env vars with TF_ and terraform will use them.
 terraform apply -auto-approve \
--var &quot;git-commit=`echo ${GIT_COMMIT} |cut -c1-7`&quot; \
--var &quot;stack-s3-bucket=${stack_s3_bucket}&quot; \
--var &quot;stack-id=${stack_id}&quot; \
--var &quot;subnet-id=${subnet_id}&quot; \
--var &quot;vpc-id=${vpc_id}&quot; \
--var &quot;instance-profile-name=${instance_profile_name}&quot; \
--var &quot;access-cidr=${access_cidr}&quot; \
--var &quot;provisioning-cidr=${provisioning_cidr}&quot;
+-var &quot;git_commit=${git_commit_short}&quot; \
+-var &quot;jenkins_tf_state_bucket=${jenkins_tf_state_bucket}&quot; \
+-var &quot;stack_id=${stack_id}&quot; \
+-var &quot;environment_name=${environment_name}&quot; \
+-var &quot;env_is_open_access=${env_is_open_access}&quot; \
+-var &quot;jenkins_subnet_id=${jenkins_subnet_id}&quot; \
+-var &quot;jenkins_git_repo=${jenkins_git_repo}&quot; \
+-var &quot;jenkins_vpc_id=${jenkins_vpc_id}&quot; \
+-var &quot;jenkins_instance_profile_name=${jenkins_instance_profile_name}&quot; \
+-var &quot;jenkins_sg_ingress_https_cidr_blocks=${jenkins_sg_ingress_https_cidr_blocks}&quot; \
+-var &quot;jenkins_sg_egress_allow_all_cidr_blocks=${jenkins_sg_egress_allow_all_cidr_blocks}&quot; \
+-var &quot;jenkins_config_s3_location=${jenkins_config_s3_location}&quot; \
+-var &quot;jenkins_ec2_instance_type=${jenkins_ec2_instance_type}&quot; \
+-var &quot;jenkins_tf_local_var_OS_dist=${jenkins_tf_local_var_OS_dist}&quot; \
+-var &quot;jenkins_ec2_ebs_volume_size=${jenkins_ec2_ebs_volume_size}&quot; \
+-var &quot;jenkins_docker_maven_distro=${jenkins_docker_maven_distro}&quot; \
+-var &quot;jenkins_docker_terraform_distro=${jenkins_docker_terraform_distro}&quot;
+
+# Moving this to Terraform remote state
+#aws s3 --sse=AES256 cp terraform.tfstate s3://${jenkins_tf_state_bucket}/jenkins_state/jenkins_${GIT_COMMIT}/terraform.tfstate
+
+# Not quite sure why we save the env variables to s3 so leaving it in for now.
+#aws s3 --sse=AES256 cp env.txt s3://${jenkins_tf_state_bucket}/jenkins_state/jenkins_${git_commit_short}/last_env.txt
 
-aws s3 --sse=AES256 cp terraform.tfstate s3://${stack_s3_bucket}/jenkins_state/jenkins_${GIT_COMMIT}/terraform.tfstate
-aws s3 --sse=AES256 cp env.txt s3://${stack_s3_bucket}/jenkins_state/jenkins_${GIT_COMMIT}/last_env.txt
+echo &quot;Waiting for user-script to initialize the environment.&quot;
+# This could get moved to a terraform provisioner to wait for the user script to finish.  Essientially would look the same though.  Leaving for now
+INSTANCE_ID=$(terraform output jenkins-ec2-id)
+JENKINS_IP=$(terraform output jenkins-ec2-ip)
 
-INSTANCE_ID=`terraform state show aws_instance.dev-jenkins | grep &quot;\&quot;i-[a-f0-9]&quot; | cut -f 2 -d &quot;=&quot; | sed &apos;s/&quot;//g&apos;`
+while [ &quot;$(aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | jq -r &apos;.Tags[] | select(.Key==&quot;InitComplete&quot;) | .Value&apos;)&quot; != &quot;true&quot; ]
+do 
+    echo &quot;still initializing&quot;
+    sleep 30
+done
+
+# Tag it true in state file
+echo &quot;Tagging as initialized&quot;
+terraform apply -auto-approve \
+-var &quot;git_commit=${git_commit_short}&quot; \
+-var &quot;jenkins_tf_state_bucket=${jenkins_tf_state_bucket}&quot; \
+-var &quot;stack_id=${stack_id}&quot; \
+-var &quot;environment_name=${environment_name}&quot; \
+-var &quot;env_is_open_access=${env_is_open_access}&quot; \
+-var &quot;jenkins_subnet_id=${jenkins_subnet_id}&quot; \
+-var &quot;jenkins_git_repo=${jenkins_git_repo}&quot; \
+-var &quot;jenkins_vpc_id=${jenkins_vpc_id}&quot; \
+-var &quot;jenkins_instance_profile_name=${jenkins_instance_profile_name}&quot; \
+-var &quot;jenkins_sg_ingress_https_cidr_blocks=${jenkins_sg_ingress_https_cidr_blocks}&quot; \
+-var &quot;jenkins_sg_egress_allow_all_cidr_blocks=${jenkins_sg_egress_allow_all_cidr_blocks}&quot; \
+-var &quot;jenkins_config_s3_location=${jenkins_config_s3_location}&quot; \
+-var &quot;jenkins_ec2_instance_type=${jenkins_ec2_instance_type}&quot; \
+-var &quot;jenkins_tf_local_var_OS_dist=${jenkins_tf_local_var_OS_dist}&quot; \
+-var &quot;jenkins_ec2_ebs_volume_size=${jenkins_ec2_ebs_volume_size}&quot; \
+-var &quot;jenkins_docker_maven_distro=${jenkins_docker_maven_distro}&quot; \
+-var &quot;jenkins_docker_terraform_distro=${jenkins_docker_terraform_distro}&quot; \
+-var &quot;is_initialized=true&quot;
 
-while [ -z $(/usr/local/bin/aws --region=us-east-1 ec2 describe-tags --filters &quot;Name=resource-id,Values=${INSTANCE_ID}&quot; | grep InitComplete) ];do echo &quot;still initializing&quot;;sleep 10;done
+# swap the backends so newly deployed jenkins backend is stored in blue
+echo &quot;Moving states for green/blue&quot;
+echo &quot;Staging state swap&quot;
+aws s3 --sse=AES256 cp s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate_swap
+aws s3 --sse=AES256 cp s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate_swap
 
-# get Jenkins IP
-jenkins_ip_addr=`terraform state show aws_instance.dev-jenkins | grep private_ip | cut -f 2 -d &quot;=&quot; | sed &apos;s/\&quot;//g&apos; | sed &apos;s/ //g&apos; | grep &apos;172.36&apos;`
+echo &quot;Swapping states&quot;
+aws s3 --sse=AES256 mv s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate_swap s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate
+aws s3 --sse=AES256 mv s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate_swap s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate
 
-# update security group for jenkins access
-aws ec2 --region=us-east-1 authorize-security-group-ingress --group-id sg-0ab37675f33775da8 --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges=[{CidrIp=${jenkins_ip_addr}/32}]
-aws ec2 --region=us-east-1 update-security-group-rule-descriptions-ingress --group-id sg-0ab37675f33775da8 --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges=[{CidrIp=${jenkins_ip_addr}/32,Description="Allow Jenkins"}]
+# Update dns
+echo &quot;Updating DNS. Jenkins should update to new server automatically&quot;
+assume_role
+aws route53 change-resource-record-sets --hosted-zone-id ${env_hosted_zone_id} --change-batch &apos;{&quot;Changes&quot;:[{&quot;Action&quot;:&quot;UPSERT&quot;,&quot;ResourceRecordSet&quot;:{&quot;Name&quot;:&quot;jenkins.&apos;${env_private_dns_name}&apos;&quot;,&quot;Type&quot;:&quot;A&quot;,&quot;TTL&quot;:300,&quot;ResourceRecords&quot;:[{&quot;Value&quot;:&quot;&apos;$JENKINS_IP&apos;&quot;}]}}]}&apos;
 
-echo &quot;http://$jenkins_ip_addr&quot;</command>
+reset_role
+</command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
-  <buildWrappers/>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
 </project>
diff --git a/jenkins-docker/jobs/Create stack_variables.tf Files/config.xml b/jenkins-docker/jobs/Create stack_variables.tf Files/config.xml
index c036e464..f320ec5e 100644
--- a/jenkins-docker/jobs/Create stack_variables.tf Files/config.xml	
+++ b/jenkins-docker/jobs/Create stack_variables.tf Files/config.xml	
@@ -8,18 +8,17 @@
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>infrastructure_git_hash</name>
-          <description></description>
-          <defaultValue></defaultValue>
+          <defaultValue>*/master</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-infrastructure.git</url>
+        <url>https://${git_base_url}/avillachlab-secure-infrastructure.git</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -28,7 +27,7 @@
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -55,8 +54,9 @@ unset AWS_ACCESS_KEY_ID
 unset AWS_SECRET_ACCESS_KEY
 unset AWS_SESSION_TOKEN
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Delete Terraform State File for Application/config.xml b/jenkins-docker/jobs/Delete Terraform State File for Application/config.xml
new file mode 100644
index 00000000..725ce514
--- /dev/null
+++ b/jenkins-docker/jobs/Delete Terraform State File for Application/config.xml	
@@ -0,0 +1,46 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description>Use this job if the application&apos;s state file is broken.&#xd;
+&#xd;
+If the state file cannot be destroyed properly then manual clean up of resources will be needed.</description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>target_stack</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+  </properties>
+  <scm class="hudson.scm.NullSCM"/>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+
+aws sts assume-role --duration-seconds ${jenkins_provisioning_assume_role_duration} --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/${jenkins_s3_role_name}&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+aws s3 rm s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers/>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Deployment Pipeline/config.xml b/jenkins-docker/jobs/Deployment Pipeline/config.xml
index 0d6d7a77..44834c44 100644
--- a/jenkins-docker/jobs/Deployment Pipeline/config.xml	
+++ b/jenkins-docker/jobs/Deployment Pipeline/config.xml	
@@ -1,8 +1,8 @@
 <?xml version='1.1' encoding='UTF-8'?>
-<flow-definition plugin="workflow-job@2.36">
+<flow-definition plugin="workflow-job@1348.v32a_a_f150910e">
   <actions>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@1.5.1"/>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@1.5.1">
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@2.2144.v077a_d1928a_40"/>
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@2.2144.v077a_d1928a_40">
       <jobProperties/>
       <triggers/>
       <parameters/>
@@ -12,48 +12,43 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties>
+<com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>deployment_git_hash</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>dataset_s3_object_key</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
-         <hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
           <name>destigmatized_dataset_s3_object_key</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>genomic_dataset_s3_object_key</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@2.78">
+  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@3802.vd42b_fcf00b_a_c">
     <script>import groovy.json.JsonSlurper;
 
 def retrieveDepStateId
 def stacksJson
-def ami_id
 def target_stack
 def infrastructure_git_hash
 
 pipeline {
-    agent any 
+    agent any
     stages {
-        stage(&apos;Retrieve Build Spec&apos;) { 
+        stage(&apos;Retrieve Build Spec&apos;) {
             steps {
                 script {
                     def result = build job: &apos;Retrieve Build Spec&apos;
@@ -66,13 +61,11 @@ pipeline {
                     sh &apos;pwd&apos;
                     def buildSpec = new JsonSlurper().parse(new File(&apos;/var/jenkins_home/workspace/Deployment Pipeline/build-spec.json&apos;))
                     println(buildSpec)
-                    ami_id = buildSpec.terraform_vars[0].ami_id
                     infrastructure_git_hash = buildSpec.infrastructure_git_hash
-                    println(&quot;AMI : &quot; + ami_id)
                 }
             }
         }
-        stage(&apos;Acquire and lock deployment state&apos;) { 
+        stage(&apos;Acquire and lock deployment state&apos;) {
             steps {
                 script {
                     def result = build job: &apos;Retrieve Deployment State&apos;
@@ -85,25 +78,19 @@ pipeline {
                 }
             }
         }
-        stage(&apos;Teardown and Rebuild Stage Environment&apos;) { 
+        stage(&apos;Teardown and Rebuild Stage Environment&apos;) {
             steps {
                 script {
                     target_stack = new JsonSlurper().parseText(stacksJson).environments.next_prod
-                    def result = build job: &apos;Teardown and Rebuild Stage Environment&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;ami_id&apos;, value: ami_id], [$class: &apos;StringParameterValue&apos;, name: &apos;target_stack&apos;, value: target_stack], [$class: &apos;StringParameterValue&apos;, name: &apos;dataset_s3_object_key&apos;, value: env.dataset_s3_object_key], [$class: &apos;StringParameterValue&apos;, name: &apos;destigmatized_dataset_s3_object_key&apos;, value: env.destigmatized_dataset_s3_object_key], [$class: &apos;StringParameterValue&apos;, name: &apos;genomic_dataset_s3_object_key&apos;, value: env.genomic_dataset_s3_object_key], [$class: &apos;StringParameterValue&apos;, name: &apos;deployment_git_hash&apos;, value: env.deployment_git_hash], [$class: &apos;StringParameterValue&apos;, name: &apos;infrastructure_git_hash&apos;, value: infrastructure_git_hash]]
-                }
-            }
-        }
-        stage(&apos;Update bucket policy&apos;) {
-            steps {
-                script {
-                    def result = build job: &apos;Update Bucket Policy&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;target_stack&apos;, value: target_stack],[$class: &apos;StringParameterValue&apos;, name: &apos;stack_githash&apos;, value: env.deployment_git_hash]]
+                    live_stack = new JsonSlurper().parseText(stacksJson).environments.prod
+                    def result = build job: &apos;Teardown and Rebuild Stage Environment&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;live_stack&apos;, value: live_stack], [$class: &apos;StringParameterValue&apos;, name: &apos;target_stack&apos;, value: target_stack], [$class: &apos;StringParameterValue&apos;, name: &apos;dataset_s3_object_key&apos;, value: env.dataset_s3_object_key], [$class: &apos;StringParameterValue&apos;, name: &apos;destigmatized_dataset_s3_object_key&apos;, value: env.destigmatized_dataset_s3_object_key], [$class: &apos;StringParameterValue&apos;, name: &apos;genomic_dataset_s3_object_key&apos;, value: env.genomic_dataset_s3_object_key], [$class: &apos;StringParameterValue&apos;, name: &apos;deployment_git_hash&apos;, value: env.deployment_git_hash], [$class: &apos;StringParameterValue&apos;, name: &apos;infrastructure_git_hash&apos;, value: infrastructure_git_hash]]
                 }
             }
         }
         stage(&apos;Await Initialization&apos;) {
             steps {
                 script {
-                    def result = build job: &apos;Await Initialization&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;target_stack&apos;, value: target_stack], [$class: &apos;StringParameterValue&apos;, name: &apos;infrastructure_git_hash&apos;, value: infrastructure_git_hash]]
+                    def result = build job: &apos;Await Initialization&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;target_stack&apos;, value: target_stack], [$class: &apos;StringParameterValue&apos;, name: &apos;git_hash&apos;, value: infrastructure_git_hash]]
                 }
             }
         }
diff --git a/jenkins-docker/jobs/Destroy Old Jenkins Server/config.xml b/jenkins-docker/jobs/Destroy Old Jenkins Server/config.xml
index fa2a63ab..33a16da0 100644
--- a/jenkins-docker/jobs/Destroy Old Jenkins Server/config.xml	
+++ b/jenkins-docker/jobs/Destroy Old Jenkins Server/config.xml	
@@ -6,71 +6,28 @@
   <properties>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
-        <hudson.model.StringParameterDefinition>
-          <name>stack_s3_bucket</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>stack_id</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>subnet_id</name>
-          <description></description>
-          <defaultValue>subnet-002719488d0e4f10d</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>instance_profile_name</name>
-          <description></description>
-          <defaultValue>jenkins-s3-profile</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>access_cidr</name>
-          <description></description>
-          <defaultValue>172.24.0.68/32</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>vpc_id</name>
-          <description></description>
-          <defaultValue>vpc-07fdd0533a5ec2e35</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>provisioning_cidr</name>
-          <description></description>
-          <defaultValue>172.36.0.0/25</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>jenkins_githash_to_destroy</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
+        <hudson.model.BooleanParameterDefinition>
+          <name>Destroy</name>
+          <description>Uncheck to only view destroy plan</description>
+          <defaultValue>false</defaultValue>
+        </hudson.model.BooleanParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.1.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/avillachlab-jenkins.git</url>
+        <url>${jenkins_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${jenkins_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -81,34 +38,49 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>cd dev-jenkins-terraform
-aws s3 --sse=AES256 cp s3://${stack_s3_bucket}/jenkins_state/jenkins_${jenkins_githash_to_destroy}/terraform.tfstate terraform.tfstate
-env &gt; env.txt
-terraform init
+      <command>cd jenkins-terraform
 
-# get Jenkins IP
-jenkins_ip_addr=`terraform state show aws_instance.dev-jenkins | grep private_ip | cut -f 2 -d &quot;=&quot; | sed &apos;s/\&quot;//g&apos; | sed &apos;s/ //g&apos; | grep &apos;172.36&apos;`
+terraform init \
+-backend-config=&quot;bucket=${jenkins_tf_state_bucket}&quot; \
+-backend-config=&quot;key=jenkins_state/green/terraform.tfstate&quot; \
+-backend-config=&quot;region=${jenkins_tf_state_region}&quot;
 
-# remove jenkins access from security group
-aws ec2 --region=us-east-1 revoke-security-group-ingress --group-id sg-0ab37675f33775da8 --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges=[{CidrIp=${jenkins_ip_addr}/32}]
+terraform plan -destroy -out jenkins.tfplan \
+-var &quot;git_commit=${jenkins_githash_to_destroy}&quot; \
+-var &quot;jenkins_tf_state_bucket=${jenkins_tf_state_bucket}&quot; \
+-var &quot;stack_id=${stack_id}&quot; \
+-var &quot;environment_name=${environment_name}&quot; \
+-var &quot;env_is_open_access=${env_is_open_access}&quot; \
+-var &quot;jenkins_subnet_id=${jenkins_subnet_id}&quot; \
+-var &quot;jenkins_git_repo=${jenkins_git_repo}&quot; \
+-var &quot;jenkins_vpc_id=${jenkins_vpc_id}&quot; \
+-var &quot;jenkins_instance_profile_name=${jenkins_instance_profile_name}&quot; \
+-var &quot;jenkins_sg_ingress_https_cidr_blocks=${jenkins_sg_ingress_https_cidr_blocks}&quot; \
+-var &quot;jenkins_sg_egress_allow_all_cidr_blocks=${jenkins_sg_egress_allow_all_cidr_blocks}&quot; \
+-var &quot;jenkins_config_s3_location=${jenkins_config_s3_location}&quot; \
+-var &quot;jenkins_ec2_instance_type=${jenkins_ec2_instance_type}&quot; \
+-var &quot;jenkins_tf_local_var_OS_dist=${jenkins_tf_local_var_OS_dist}&quot; \
+-var &quot;jenkins_ec2_ebs_volume_size=${jenkins_ec2_ebs_volume_size}&quot; \
+-var &quot;jenkins_docker_maven_distro=${jenkins_docker_maven_distro}&quot; \
+-var &quot;jenkins_docker_terraform_distro=${jenkins_docker_terraform_distro}&quot;
 
-terraform destroy  -auto-approve \
--var &quot;stack-s3-bucket=${stack_s3_bucket}&quot; \
--var &quot;stack-id=${stack_id}&quot; \
--var &quot;subnet-id=${subnet_id}&quot; \
--var &quot;vpc-id=${vpc_id}&quot; \
--var &quot;instance-profile-name=${instance_profile_name}&quot; \
--var &quot;access-cidr=${access_cidr}&quot; \
--var &quot;provisioning-cidr=${provisioning_cidr}&quot;
-
-aws s3 --sse=AES256 cp terraform.tfstate s3://${stack_s3_bucket}/jenkins_state/jenkins_${jenkins_githash_to_destroy}/terraform.tfstate
-aws s3 --sse=AES256 cp env.txt s3://${stack_s3_bucket}/jenkins_state/jenkins_${jenkins_githash_to_destroy}/last_env.txt
+if $Destroy; then
+  terraform apply jenkins.tfplan
+fi
 
 
 
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
-  <buildWrappers/>
-</project>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Docker-AWSCLI/config.xml b/jenkins-docker/jobs/Docker-AWSCLI/config.xml
index 64f878bf..b0ee7b18 100644
--- a/jenkins-docker/jobs/Docker-AWSCLI/config.xml
+++ b/jenkins-docker/jobs/Docker-AWSCLI/config.xml
@@ -1,35 +1,36 @@
 <?xml version='1.1' encoding='UTF-8'?>
-<flow-definition plugin="workflow-job@2.36">
+<flow-definition plugin="workflow-job@1316.vd2290d3341a_f">
   <actions>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@1.5.0"/>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@1.5.0">
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@2.2141.v5402e818a_779"/>
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@2.2141.v5402e818a_779">
       <jobProperties/>
       <triggers/>
       <parameters/>
       <options/>
     </org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction>
   </actions>
-  <description></description>
+  <description>This is hard coded to use master infrastructure branch.  Need to adopt a better solution for building and publishing amis.  Terraform not being utilized correctly.&#xd;
+&#xd;
+Why use groovy script if you are going to just execute bash?&#xd;
+&#xd;
+Why are we building the image on the application account then sharing it with the cnc server, shouldn&apos;t it be the opposite?&#xd;
+</description>
   <keepDependencies>false</keepDependencies>
   <properties>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>VPC_ID</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>SUBNET_ID</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@2.78">
+  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@3697.vb_470e454c232">
     <script>import groovy.json.JsonSlurper;
 def target_stack
 def instance_state
@@ -39,7 +40,7 @@ pipeline {
    stages {
       stage(&apos;Build&apos;) {
          steps {
-            git branch: &apos;master&apos;, url: &apos;https://${git_base_url}/pic-sure-bdc-infrastructure.git&apos;
+            git branch: &apos;master&apos;, url: &apos;${infrastructure_git_repo}&apos;
             sh &quot;&quot;&quot;
                 aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;ami-builder&quot; &gt; assume-role-output.txt
                 export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\\\&quot;]//g&quot;`
@@ -87,4 +88,4 @@ pipeline {
   </definition>
   <triggers/>
   <disabled>false</disabled>
-</flow-definition>
+</flow-definition>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Export Google Analytics/config.xml b/jenkins-docker/jobs/Export Google Analytics/config.xml
new file mode 100644
index 00000000..8ef34888
--- /dev/null
+++ b/jenkins-docker/jobs/Export Google Analytics/config.xml	
@@ -0,0 +1,15 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <keepDependencies>false</keepDependencies>
+  <properties/>
+  <scm class="hudson.scm.NullSCM"/>
+  <canRoam>false</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders/>
+  <publishers/>
+  <buildWrappers/>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Get Jobs/config.xml b/jenkins-docker/jobs/Get Jobs/config.xml
new file mode 100644
index 00000000..5c5d7be3
--- /dev/null
+++ b/jenkins-docker/jobs/Get Jobs/config.xml	
@@ -0,0 +1,35 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description></description>
+  <keepDependencies>false</keepDependencies>
+  <properties/>
+  <scm class="hudson.scm.NullSCM"/>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+
+cp -r ${JENKINS_HOME}/jobs/ .
+
+
+
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Import HPDS VCF Data/config.xml b/jenkins-docker/jobs/Import HPDS VCF Data/config.xml
index 5e9fe01d..f90a00b8 100644
--- a/jenkins-docker/jobs/Import HPDS VCF Data/config.xml	
+++ b/jenkins-docker/jobs/Import HPDS VCF Data/config.xml	
@@ -4,20 +4,20 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties/>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.1.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-release-control</url>
+        <url>${release_control_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${release_control_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -28,21 +28,32 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>SOURCE_FILE_S3_LINK=`grep source_genomic_dataset_s3_url build-spec.json | cut -d &apos;:&apos; -f 2,3 | sed &apos;s/&quot;//g&apos;`
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
 
-[ -d 'all' ] || mkdir all/
-aws sts assume-role --duration-seconds 1800 --role-arn arn:aws:iam::736265540791:role/curated-datasets-s3-role --role-session-name &quot;s3-test&quot; &gt; assume-role-output.txt
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+SOURCE_FILE_S3_LINK=`grep source_genomic_dataset_s3_url build-spec.json | cut -d &apos;:&apos; -f 2,3 | sed &apos;s/&quot;//g&apos;`
+
+[ -d &apos;all&apos; ] || mkdir all/
+assume_role &quot;arn:aws:iam::736265540791:role/curated-datasets-s3-role&quot;
 aws s3 cp --recursive $SOURCE_FILE_S3_LINK all/
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
+
+reset_role
 aws s3 --sse=AES256 cp --recursive all/ s3://${stack_s3_bucket}/data/`git blame --abbrev=39 build-spec.json | grep source_genomic_dataset_s3_url | cut -f 1 -d &apos; &apos;`/all/
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Import_HPDS_Dictionary_File/config.xml b/jenkins-docker/jobs/Import_HPDS_Dictionary_File/config.xml
index 133de84b..353d9b83 100644
--- a/jenkins-docker/jobs/Import_HPDS_Dictionary_File/config.xml
+++ b/jenkins-docker/jobs/Import_HPDS_Dictionary_File/config.xml
@@ -8,29 +8,26 @@
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>dictionary_s3_key</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>true</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>pipeline_build_id</name>
           <description>the githash of the release control for the current release</description>
-          <defaultValue></defaultValue>
           <trim>true</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.7.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-release-control.git</url>
+        <url>${release_control_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${release_control_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
@@ -45,34 +42,37 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
 
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
 ### Pull dictionary in boundary.
-aws sts assume-role --duration-seconds 900 --role-arn arn:aws:iam::736265540791:role/curated-datasets-s3-role --role-session-name &quot;s3-test&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
+assume_role &quot;arn:aws:iam::736265540791:role/curated-datasets-s3-role&quot;
 aws s3 cp ${dictionary_s3_key} dictionary.javabin.tar.gz
 
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-
+reset_role
 aws s3 --sse=AES256 cp dictionary.javabin.tar.gz s3://${stack_s3_bucket}/data/${pipeline_build_id}/dictionary.javabin.tar.gz --quiet
-
       </command>
       <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.39">
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
       <deleteDirs>false</deleteDirs>
       <cleanupParameter></cleanupParameter>
       <externalDelete></externalDelete>
       <disableDeferredWipeout>false</disableDeferredWipeout>
     </hudson.plugins.ws__cleanup.PreBuildCleanup>
   </buildWrappers>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Import_and_Rekey_HPDS_Data/config.xml b/jenkins-docker/jobs/Import_and_Rekey_HPDS_Data/config.xml
index e0fc1df7..147714ef 100644
--- a/jenkins-docker/jobs/Import_and_Rekey_HPDS_Data/config.xml
+++ b/jenkins-docker/jobs/Import_and_Rekey_HPDS_Data/config.xml
@@ -8,40 +8,34 @@
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>source_s3_url</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>output_file_name</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>destination_bucket_hash</name>
           <description>the git hash of the commit that changed the data set</description>
-          <defaultValue></defaultValue>
           <trim>true</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.BooleanParameterDefinition>
           <name>isDestigmatized</name>
-          <description></description>
           <defaultValue>false</defaultValue>
         </hudson.model.BooleanParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.7.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-release-control</url>
+        <url>${release_control_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${release_control_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
@@ -56,7 +50,21 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+
 ### Build ETL Image
 aws s3 --sse=AES256 cp s3://${stack_s3_bucket}/releases/jenkins_pipeline_build_${GIT_COMMIT}/pic-sure-hpds-etl.tar.gz pic-sure-hpds-etl.tar.gz
 
@@ -68,20 +76,12 @@ mkdir -p local/hpds/
 mkdir -p local/source/
 
 ### Pull data set to rekey.
-aws sts assume-role --duration-seconds 900 --role-arn arn:aws:iam::736265540791:role/curated-datasets-s3-role --role-session-name &quot;s3-test&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
+assume_role &quot;arn:aws:iam::736265540791:role/curated-datasets-s3-role&quot;
 aws s3 cp ${source_s3_url} local/source/javabins.tar.gz
 
 tar -xvzf local/source/javabins.tar.gz -C local/source
 
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-
+reset_role
 ### Move meta into local/hpds to include with new data set
 cp local/source/metadata.json local/hpds/
 
@@ -109,24 +109,18 @@ tar -cvzf ${output_file_name}.tar.gz *.javabin encryption_key metadata.json
 
 aws s3 --sse=AES256 cp ${output_file_name}.tar.gz s3://${stack_s3_bucket}/data/${destination_bucket_hash}/${output_file_name}.tar.gz --quiet
 
-if [ -f metadata.json ]; then
-   if [ ${isDestigmatized} = &apos;false&apos; ]; then
-
-      aws s3 --sse=AES256 cp metadata.json s3://${stack_s3_bucket}/data/${destination_bucket_hash}/fence_mapping.json --quiet
-
-   fi
-fi
+aws s3 --sse=AES256 cp metadata.json s3://${stack_s3_bucket}/data/${destination_bucket_hash}/fence_mapping.json
                 </command>
       <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.39">
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
       <deleteDirs>false</deleteDirs>
       <cleanupParameter></cleanupParameter>
       <externalDelete></externalDelete>
       <disableDeferredWipeout>false</disableDeferredWipeout>
     </hudson.plugins.ws__cleanup.PreBuildCleanup>
   </buildWrappers>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/List Instance Profiles/config.xml b/jenkins-docker/jobs/List Instance Profiles/config.xml
index 44300bb8..b33b6f42 100644
--- a/jenkins-docker/jobs/List Instance Profiles/config.xml	
+++ b/jenkins-docker/jobs/List Instance Profiles/config.xml	
@@ -1,23 +1,28 @@
 <?xml version='1.1' encoding='UTF-8'?>
 <project>
   <actions/>
-  <description></description>
+  <description>Is this used?</description>
   <keepDependencies>false</keepDependencies>
-  <properties/>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.1.1">
+  <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
+  </properties>
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-infrastructure</url>
+        <url>${infrastructure_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>*/ALS-4536</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -56,15 +61,16 @@ aws iam list-instance-profiles
 unset AWS_ACCESS_KEY_ID
 unset AWS_SECRET_ACCESS_KEY
 unset AWS_SESSION_TOKEN</command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.38">
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
       <deleteDirs>false</deleteDirs>
       <cleanupParameter></cleanupParameter>
       <externalDelete></externalDelete>
       <disableDeferredWipeout>false</disableDeferredWipeout>
     </hudson.plugins.ws__cleanup.PreBuildCleanup>
   </buildWrappers>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Move Prod DNS Pointer/config.xml b/jenkins-docker/jobs/Move Prod DNS Pointer/config.xml
deleted file mode 100644
index cf3bc9ad..00000000
--- a/jenkins-docker/jobs/Move Prod DNS Pointer/config.xml	
+++ /dev/null
@@ -1,107 +0,0 @@
-<?xml version='1.1' encoding='UTF-8'?>
-<project>
-  <actions/>
-  <description></description>
-  <keepDependencies>false</keepDependencies>
-  <properties>
-    <hudson.model.ParametersDefinitionProperty>
-      <parameterDefinitions>
-        <hudson.model.StringParameterDefinition>
-          <name>target_prod_stack</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>target_next_prod_stack</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>infrastructure_git_hash</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>true</trim>
-        </hudson.model.StringParameterDefinition>
-      </parameterDefinitions>
-    </hudson.model.ParametersDefinitionProperty>
-  </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
-    <configVersion>2</configVersion>
-    <userRemoteConfigs>
-      <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-infrastructure</url>
-      </hudson.plugins.git.UserRemoteConfig>
-    </userRemoteConfigs>
-    <branches>
-      <hudson.plugins.git.BranchSpec>
-        <name>$infrastructure_git_hash</name>
-      </hudson.plugins.git.BranchSpec>
-    </branches>
-    <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
-    <extensions/>
-  </scm>
-  <canRoam>true</canRoam>
-  <disabled>false</disabled>
-  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
-  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
-  <triggers/>
-  <concurrentBuild>false</concurrentBuild>
-  <builders>
-    <hudson.tasks.Shell>
-      <command>cd prod-dns-pointer
-wget https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip &amp;&amp; unzip terraform_0.12.31_linux_amd64.zip &amp;&amp; mv terraform /usr/local/bin/
-terraform init
-
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/terraform.tfstate_prod_dns terraform.tfstate || echo &quot;prod_dns state doesnt exist, it will be created&quot;
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_prod_stack}/stack_variables.tf .
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_prod_stack}/subnet_variables.tf .
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-#terraform destroy -auto-approve -var=&quot;target-prod-stack=${target_prod_stack}&quot; -var=&quot;target-next-prod-stack=${target_next_prod_stack}&quot; || true
-terraform apply -auto-approve -var=&quot;target-prod-stack=${target_prod_stack}&quot; -var=&quot;target-next-prod-stack=${target_next_prod_stack}&quot; || true
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-aws s3 cp terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/terraform.tfstate_prod_dns 
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN</command>
-    </hudson.tasks.Shell>
-  </builders>
-  <publishers/>
-  <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.38">
-      <deleteDirs>false</deleteDirs>
-      <cleanupParameter></cleanupParameter>
-      <externalDelete></externalDelete>
-      <disableDeferredWipeout>false</disableDeferredWipeout>
-    </hudson.plugins.ws__cleanup.PreBuildCleanup>
-  </buildWrappers>
-</project>
diff --git a/jenkins-docker/jobs/PIC-SURE Auth Micro-App Build/config.xml b/jenkins-docker/jobs/PIC-SURE Auth Micro-App Build/config.xml
index 83daf883..0e692b0b 100644
--- a/jenkins-docker/jobs/PIC-SURE Auth Micro-App Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE Auth Micro-App Build/config.xml	
@@ -4,34 +4,35 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>pipeline_build_id</name>
-          <description></description>
           <defaultValue>MANUAL_RUN</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>git_hash</name>
-          <description></description>
           <defaultValue>*/master</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>S3_BUCKET_NAME</name>
-          <description></description>
           <defaultValue>${stack_s3_bucket}</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-auth-microapp.git</url>
+        <url>${pic_sure_auth_microapp_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -40,7 +41,7 @@
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -52,7 +53,7 @@
   <builders>
     <hudson.tasks.Maven>
       <targets>clean install -DskipTests</targets>
-      <mavenName>Maven Home</mavenName>
+      <mavenName>Maven</mavenName>
       <usePrivateRepository>false</usePrivateRepository>
       <settings class="jenkins.mvn.DefaultSettingsProvider"/>
       <globalSettings class="jenkins.mvn.DefaultGlobalSettingsProvider"/>
@@ -66,8 +67,9 @@ docker build -t hms-dbmi/pic-sure-auth-microapp:${GIT_BRANCH_SHORT}_${GIT_COMMIT
 docker save hms-dbmi/pic-sure-auth-microapp:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} | gzip &gt; pic-sure-auth-microapp.tar.gz
 aws s3 --sse=AES256 cp pic-sure-auth-microapp.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-auth-microapp.tar.gz
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/PIC-SURE Open Build/config.xml b/jenkins-docker/jobs/PIC-SURE Open Build/config.xml
new file mode 100644
index 00000000..8d6d6cb9
--- /dev/null
+++ b/jenkins-docker/jobs/PIC-SURE Open Build/config.xml	
@@ -0,0 +1,58 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+    <actions/>
+    <description></description>
+    <keepDependencies>false</keepDependencies>
+    <properties>
+        <hudson.model.ParametersDefinitionProperty>
+            <parameterDefinitions>
+                <hudson.model.StringParameterDefinition>
+                    <name>pipeline_build_id</name>
+                    <defaultValue>MANUAL_RUN</defaultValue>
+                    <trim>false</trim>
+                </hudson.model.StringParameterDefinition>
+                <hudson.model.StringParameterDefinition>
+                    <name>git_hash</name>
+                    <defaultValue>*/master</defaultValue>
+                    <trim>false</trim>
+                </hudson.model.StringParameterDefinition>
+                <hudson.model.StringParameterDefinition>
+                    <name>S3_BUCKET_NAME</name>
+                    <defaultValue>${stack_s3_bucket}</defaultValue>
+                    <trim>false</trim>
+                </hudson.model.StringParameterDefinition>
+            </parameterDefinitions>
+        </hudson.model.ParametersDefinitionProperty>
+    </properties>
+    <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
+        <configVersion>2</configVersion>
+        <userRemoteConfigs>
+            <hudson.plugins.git.UserRemoteConfig>
+                <url>${pic_sure_open_access_biodatacatalyst_ui_repo}</url>
+            </hudson.plugins.git.UserRemoteConfig>
+        </userRemoteConfigs>
+        <branches>
+            <hudson.plugins.git.BranchSpec>
+                <name>${git_hash}</name>
+            </hudson.plugins.git.BranchSpec>
+        </branches>
+        <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+        <submoduleCfg class="empty-list"/>
+        <extensions/>
+    </scm>
+    <canRoam>true</canRoam>
+    <disabled>false</disabled>
+    <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+    <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+    <triggers/>
+    <concurrentBuild>false</concurrentBuild>
+    <builders>
+        <hudson.tasks.Shell>
+            <command>ls -la
+            </command>
+            <configuredLocalRules/>
+        </hudson.tasks.Shell>
+    </builders>
+    <publishers/>
+    <buildWrappers/>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/PIC-SURE Pipeline/config.xml b/jenkins-docker/jobs/PIC-SURE Pipeline/config.xml
index b17bc57b..62289743 100644
--- a/jenkins-docker/jobs/PIC-SURE Pipeline/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE Pipeline/config.xml	
@@ -1,8 +1,8 @@
 <?xml version='1.1' encoding='UTF-8'?>
-<flow-definition plugin="workflow-job@2.36">
+<flow-definition plugin="workflow-job@1316.vd2290d3341a_f">
   <actions>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@1.5.1"/>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@1.5.1">
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@2.2144.v077a_d1928a_40"/>
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@2.2144.v077a_d1928a_40">
       <jobProperties/>
       <triggers/>
       <parameters/>
@@ -12,16 +12,16 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties/>
-  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@2.78">
+  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@3740.v6d35b_4ed5f9f">
     <script>import groovy.json.JsonSlurper;
 
 def retrieveBuildSpecId;
 def pipelineBuildId;
 def build_hashes = {};
 pipeline {
-    agent any 
+    agent any
     stages {
-        stage(&apos;Retrieve Build Spec&apos;) { 
+        stage(&apos;Retrieve Build Spec&apos;) {
             steps {
                 script {
                     def result = build job: &apos;Retrieve Build Spec&apos;
@@ -40,7 +40,7 @@ pipeline {
                 }
             }
         }
-        stage(&apos;PIC-SURE API, PIC-SURE-HPDS UI&apos;) { 
+        stage(&apos;PIC-SURE API, PIC-SURE-HPDS UI&apos;) {
             steps {
                 parallel (
                     picsureapi:{
@@ -72,7 +72,7 @@ pipeline {
                )
             }
         }
-        stage(&apos;PIC-SURE Dictionary image build&apos;){
+        stage(&apos;PIC-SURE Dictionary image &apos;){
             steps {
                 script {
                     build job: &apos;PIC-SURE-HPDS-DICTIONARY Build&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;pipeline_build_id&apos;, value: pipelineBuildId],[$class: &apos;StringParameterValue&apos;, name: &apos;git_hash&apos;, value: build_hashes[&apos;PSS&apos;]]]
@@ -90,7 +90,10 @@ pipeline {
                     },
                     biodatacatalystui:{
                         script {
-                            def result = build job: &apos;biodatacatalyst-ui&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;pipeline_build_id&apos;, value: pipelineBuildId],[$class: &apos;StringParameterValue&apos;, name: &apos;git_hash&apos;, value: build_hashes[&apos;BDCU&apos;]]]
+                            if (env_is_open_access == &apos;true&apos;) {
+                                def result = build job: &apos;PIC-SURE Open Build&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;pipeline_build_id&apos;, value: pipelineBuildId], [$class: &apos;StringParameterValue&apos;, name: &apos;git_hash&apos;, value: build_hashes[&apos;OPENBDC&apos;]]];
+                            }
+                            def result = build job: &apos;biodatacatalyst-ui&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;pipeline_build_id&apos;, value: pipelineBuildId], [$class: &apos;StringParameterValue&apos;, name: &apos;git_hash&apos;, value: build_hashes[&apos;BDCU&apos;]]];
                         }
                     }
                )
diff --git a/jenkins-docker/jobs/PIC-SURE Wildfly Image Build/config.xml b/jenkins-docker/jobs/PIC-SURE Wildfly Image Build/config.xml
index 6a92cc9c..df33649c 100644
--- a/jenkins-docker/jobs/PIC-SURE Wildfly Image Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE Wildfly Image Build/config.xml	
@@ -4,37 +4,38 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>pipeline_build_id</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>S3_BUCKET_NAME</name>
-          <description></description>
           <defaultValue>${stack_s3_bucket}</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-wildfly-docker</url>
+        <url>${wildfly_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${wildfly_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -48,7 +49,7 @@
       <command>aws s3 --sse=AES256 cp s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-api.tar.gz pic-sure-api.tar.gz 
 aws s3 --sse=AES256 cp s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-auth-microapp.tar.gz pic-sure-auth-microapp.tar.gz 
 aws s3 --sse=AES256 cp s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-aggregate-resource.tar.gz pic-sure-aggregate-resource.tar.gz 
-aws s3 --sse=AES256 cp s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-visualization-resource.tar.gz pic-sure-visualization-resource.tar.gz 
+aws s3 --sse=AES256 cp s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-visualization-resource.tar.gz pic-sure-visualization-resource.tar.gz
 
 PIC_SURE_API_VERSION=`docker load -i pic-sure-api.tar.gz |cut -d &apos;:&apos; -f 3`
 PIC_SURE_AUTH_VERSION=`docker load -i pic-sure-auth-microapp.tar.gz |cut -d &apos;:&apos; -f 3`
@@ -60,13 +61,22 @@ echo $PIC_SURE_AUTH_VERSION
 echo $PIC_SURE_AGGREGATE_RESOURCE_VERSION
 echo $PIC_SURE_VISUALIZATION_VERSION
 
-docker build -f pic-sure-with-aggregate-resource.Dockerfile --build-arg PIC_SURE_API_VERSION=$PIC_SURE_API_VERSION --build-arg PIC_SURE_AUTH_VERSION=$PIC_SURE_AUTH_VERSION --build-arg PIC_SURE_VISUALIZATION_VERSION=$PIC_SURE_VISUALIZATION_VERSION --build-arg PIC_SURE_AGGREGATE_VERSION=$PIC_SURE_AGGREGATE_RESOURCE_VERSION -t hms-dbmi/pic-sure-wildfly:${pipeline_build_id} .
+docker build \
+ -f pic-sure-with-aggregate-resource.Dockerfile \
+ --build-arg PIC_SURE_API_VERSION=$PIC_SURE_API_VERSION \
+ --build-arg PIC_SURE_AUTH_VERSION=$PIC_SURE_AUTH_VERSION  \
+ --build-arg PIC_SURE_AGGREGATE_VERSION=$PIC_SURE_AGGREGATE_RESOURCE_VERSION \
+ --build-arg PIC_SURE_VISUALIZATION_VERSION=$PIC_SURE_VISUALIZATION_VERSION \
+ -t hms-dbmi/pic-sure-wildfly:${pipeline_build_id} \
+ .
+ 
 docker save hms-dbmi/pic-sure-wildfly:${pipeline_build_id} &gt; pic-sure-wildfly.tar.gz
 aws s3 --sse=AES256 cp pic-sure-wildfly.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-wildfly.tar.gz 
 
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/PIC-SURE-API Build/config.xml b/jenkins-docker/jobs/PIC-SURE-API Build/config.xml
index 4b775e27..10ed34d3 100644
--- a/jenkins-docker/jobs/PIC-SURE-API Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE-API Build/config.xml	
@@ -1,37 +1,38 @@
 <?xml version='1.1' encoding='UTF-8'?>
 <project>
   <actions/>
-  <description></description>
+  <description>Git hash for this job should be set dynamically by the deployment pipeline, do not add to the global config.</description>
   <keepDependencies>false</keepDependencies>
   <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>pipeline_build_id</name>
-          <description></description>
           <defaultValue>MANUAL_RUN</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>git_hash</name>
-          <description></description>
           <defaultValue>*/master</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>S3_BUCKET_NAME</name>
-          <description></description>
           <defaultValue>${stack_s3_bucket}</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure.git</url>
+        <url>${pic_sure_api_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -40,7 +41,7 @@
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -52,7 +53,7 @@
   <builders>
     <hudson.tasks.Maven>
       <targets>clean install -DskipTests -Dwildfly.skip=true</targets>
-      <mavenName>Maven Home</mavenName>
+      <mavenName>Maven</mavenName>
       <usePrivateRepository>false</usePrivateRepository>
       <settings class="jenkins.mvn.DefaultSettingsProvider"/>
       <globalSettings class="jenkins.mvn.DefaultGlobalSettingsProvider"/>
@@ -76,11 +77,10 @@ cd ../pic-sure-visualization-resource
 
 docker build -t hms-dbmi/pic-sure-visualization-resource:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} .
 docker save hms-dbmi/pic-sure-visualization-resource:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} | gzip &gt; pic-sure-visualization-resource.tar.gz
-aws s3 --sse=AES256 cp pic-sure-visualization-resource.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-visualization-resource.tar.gz
-
-</command>
+aws s3 --sse=AES256 cp pic-sure-visualization-resource.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-visualization-resource.tar.gz</command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/PIC-SURE-HPDS Build/config.xml b/jenkins-docker/jobs/PIC-SURE-HPDS Build/config.xml
index 374d4b74..63be969a 100644
--- a/jenkins-docker/jobs/PIC-SURE-HPDS Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE-HPDS Build/config.xml	
@@ -4,34 +4,35 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>pipeline_build_id</name>
-          <description></description>
           <defaultValue>MANUAL_RUN</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>git_hash</name>
-          <description></description>
           <defaultValue>*/master</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>S3_BUCKET_NAME</name>
-          <description></description>
           <defaultValue>${stack_s3_bucket}</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-hpds.git</url>
+        <url>${pic_sure_hpds_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -40,7 +41,7 @@
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -52,7 +53,7 @@
   <builders>
     <hudson.tasks.Maven>
       <targets>clean install -DskipTests</targets>
-      <mavenName>Maven Home</mavenName>
+      <mavenName>Maven</mavenName>
       <usePrivateRepository>false</usePrivateRepository>
       <settings class="jenkins.mvn.DefaultSettingsProvider"/>
       <globalSettings class="jenkins.mvn.DefaultGlobalSettingsProvider"/>
@@ -73,8 +74,9 @@ aws s3 --sse=AES256 cp pic-sure-hpds.tar.gz s3://$S3_BUCKET_NAME/releases/jenkin
 docker save hms-dbmi/pic-sure-hpds-etl:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} | gzip &gt; pic-sure-hpds-etl.tar.gz
 aws s3 --sse=AES256 cp pic-sure-hpds-etl.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-hpds-etl.tar.gz
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY Build/config.xml b/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY Build/config.xml
index 58e7b111..6bb3837d 100644
--- a/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY Build/config.xml	
@@ -4,6 +4,10 @@
   <description>Builds docker image to run RawDataImporter-jar-with-dependencies.jar for dictionary loading.</description>
   <keepDependencies>false</keepDependencies>
   <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
@@ -24,11 +28,11 @@
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.10.3">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-search-prototype.git</url>
+        <url>${pic_sure_hpds_dictionary_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -49,7 +53,7 @@
   <builders>
     <hudson.tasks.Maven>
       <targets>clean install -DskipTests</targets>
-      <mavenName>Maven Home</mavenName>
+      <mavenName>Maven</mavenName>
       <pom>tagging/pom.xml</pom>
       <usePrivateRepository>false</usePrivateRepository>
       <settings class="jenkins.mvn.DefaultSettingsProvider"/>
diff --git a/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY-RESOURCE Build/config.xml b/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY-RESOURCE Build/config.xml
index 4fe1af55..5b69248b 100644
--- a/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY-RESOURCE Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE-HPDS-DICTIONARY-RESOURCE Build/config.xml	
@@ -6,6 +6,10 @@
 </description>
   <keepDependencies>false</keepDependencies>
   <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
@@ -31,11 +35,11 @@
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.10.3">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://github.com/hms-dbmi/pic-sure-search-prototype</url>
+        <url>${pic_sure_hpds_dictionary_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -56,7 +60,7 @@
   <builders>
     <hudson.tasks.Maven>
       <targets>clean install -DskipTests</targets>
-      <mavenName>Maven Home</mavenName>
+      <mavenName>Maven</mavenName>
       <pom>tagging/pom.xml</pom>
       <usePrivateRepository>false</usePrivateRepository>
       <settings class="jenkins.mvn.DefaultSettingsProvider"/>
@@ -83,4 +87,4 @@ aws s3 --sse=AES256 cp pic-sure-hpds-dictionary-resource.tar.gz s3://$S3_BUCKET_
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/PIC-SURE-HPDS-UI Docker Build/config.xml b/jenkins-docker/jobs/PIC-SURE-HPDS-UI Docker Build/config.xml
index 292303fb..2fd1e1a2 100644
--- a/jenkins-docker/jobs/PIC-SURE-HPDS-UI Docker Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE-HPDS-UI Docker Build/config.xml	
@@ -8,30 +8,27 @@
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
           <name>pipeline_build_id</name>
-          <description></description>
           <defaultValue>MANUAL_RUN</defaultValue>
           <trim>true</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>git_hash</name>
-          <description></description>
           <defaultValue>*/master</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>S3_BUCKET_NAME</name>
-          <description></description>
           <defaultValue>${stack_s3_bucket}</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-core-frontend.git</url>
+        <url>${pic_sure_hpds_ui_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -40,7 +37,7 @@
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -52,7 +49,7 @@
   <builders>
     <hudson.tasks.Maven>
       <targets>clean install -DskipTests</targets>
-      <mavenName>Maven Home</mavenName>
+      <mavenName>Maven</mavenName>
       <usePrivateRepository>false</usePrivateRepository>
       <settings class="jenkins.mvn.DefaultSettingsProvider"/>
       <globalSettings class="jenkins.mvn.DefaultGlobalSettingsProvider"/>
@@ -67,8 +64,9 @@ docker save hms-dbmi/pic-sure-hpds-ui:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} |
 aws s3 --sse=AES256 cp pic-sure-hpds-ui.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-hpds-ui.tar.gz
 
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/PIC-SURE-VISUALIZATION Build/config.xml b/jenkins-docker/jobs/PIC-SURE-VISUALIZATION Build/config.xml
index 81d727cb..355c349a 100644
--- a/jenkins-docker/jobs/PIC-SURE-VISUALIZATION Build/config.xml	
+++ b/jenkins-docker/jobs/PIC-SURE-VISUALIZATION Build/config.xml	
@@ -4,6 +4,10 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
         <hudson.model.StringParameterDefinition>
@@ -24,11 +28,11 @@
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.10.3">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-visualization-resource.git</url>
+        <url>${pic_sure_visualization_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -49,7 +53,7 @@
   <builders>
     <hudson.tasks.Maven>
       <targets>clean install -DskipTests</targets>
-      <mavenName>Maven Home</mavenName>
+      <mavenName>Maven</mavenName>
       <pom>visualization/pom.xml</pom>
       <usePrivateRepository>false</usePrivateRepository>
       <settings class="jenkins.mvn.DefaultSettingsProvider"/>
diff --git a/jenkins-docker/jobs/Pull Global Config from S3/config.xml b/jenkins-docker/jobs/Pull Global Config from S3/config.xml
new file mode 100644
index 00000000..bfc324ef
--- /dev/null
+++ b/jenkins-docker/jobs/Pull Global Config from S3/config.xml	
@@ -0,0 +1,29 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description>This job will sync the current jenkins config.xml to the s3 location described in the global parameter &quot;jenkins_config_s3_location&quot;</description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
+  </properties>
+  <scm class="hudson.scm.NullSCM"/>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+
+aws s3 cp ${jenkins_config_s3_location} ${JENKINS_HOME}/config.xml</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers/>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Retrieve Build Spec/config.xml b/jenkins-docker/jobs/Retrieve Build Spec/config.xml
index ce70cabe..023857c5 100644
--- a/jenkins-docker/jobs/Retrieve Build Spec/config.xml	
+++ b/jenkins-docker/jobs/Retrieve Build Spec/config.xml	
@@ -3,27 +3,27 @@
   <actions/>
   <description></description>
   <keepDependencies>false</keepDependencies>
-   <properties>
-    <hudson.plugins.copyartifact.CopyArtifactPermissionProperty plugin="copyartifact@1.45.3">
+  <properties>
+    <hudson.plugins.copyartifact.CopyArtifactPermissionProperty plugin="copyartifact@705.v5295cffec284">
       <projectNameList>
         <string>*</string>
       </projectNameList>
     </hudson.plugins.copyartifact.CopyArtifactPermissionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-release-control.git</url>
+        <url>${release_control_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${release_control_git_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -35,6 +35,7 @@
   <builders>
     <hudson.tasks.Shell>
       <command>echo ${GIT_COMMIT} &gt; pipeline_git_commit.txt</command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers>
@@ -45,14 +46,15 @@
       <fingerprint>false</fingerprint>
       <defaultExcludes>true</defaultExcludes>
       <caseSensitive>true</caseSensitive>
+      <followSymlinks>true</followSymlinks>
     </hudson.tasks.ArtifactArchiver>
   </publishers>
   <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.37">
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
       <deleteDirs>false</deleteDirs>
       <cleanupParameter></cleanupParameter>
       <externalDelete></externalDelete>
       <disableDeferredWipeout>false</disableDeferredWipeout>
     </hudson.plugins.ws__cleanup.PreBuildCleanup>
   </buildWrappers>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Rollback Jenkins State/config.xml b/jenkins-docker/jobs/Rollback Jenkins State/config.xml
new file mode 100644
index 00000000..5817770d
--- /dev/null
+++ b/jenkins-docker/jobs/Rollback Jenkins State/config.xml	
@@ -0,0 +1,79 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description></description>
+  <keepDependencies>false</keepDependencies>
+  <properties/>
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
+    <configVersion>2</configVersion>
+    <userRemoteConfigs>
+      <hudson.plugins.git.UserRemoteConfig>
+        <url>${jenkins_git_repo}</url>
+      </hudson.plugins.git.UserRemoteConfig>
+    </userRemoteConfigs>
+    <branches>
+      <hudson.plugins.git.BranchSpec>
+        <name>${jenkins_git_hash}</name>
+      </hudson.plugins.git.BranchSpec>
+    </branches>
+    <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+    <submoduleCfg class="empty-list"/>
+    <extensions/>
+  </scm>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+
+cd jenkins-terraform
+
+terraform init \
+-backend-config=&quot;bucket=${jenkins_tf_state_bucket}&quot; \
+-backend-config=&quot;key=jenkins_state/green/terraform.tfstate&quot; \
+-backend-config=&quot;region=${jenkins_tf_state_region}&quot;
+
+jenkins_green_ip=$(terraform state pull -json | jq -r &apos;.resources[] | select(.type == &quot;aws_instance&quot; and .name == &quot;jenkins&quot;) | .instances[0].attributes.private_ip&apos;)
+
+# Check if green state exists.
+jenkins_green_ip=$(terraform state pull | jq -r &apos;.resources[] | select(.type == &quot;aws_instance&quot; and .name == &quot;jenkins&quot;) | .instances[0].attributes.private_ip&apos;)
+if [ -z $jenkins_green_ip ] || ! [[ $jenkins_green_ip =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
+   echo &quot;Jenkins Green server does not exist.  Nothing to rollback to.&quot;
+   exit 1
+else
+  assume_role
+  aws route53 change-resource-record-sets --hosted-zone-id ${env_hosted_zone_id} --change-batch &apos;{&quot;Changes&quot;:[{&quot;Action&quot;:&quot;UPSERT&quot;,&quot;ResourceRecordSet&quot;:{&quot;Name&quot;:&quot;jenkins.&apos;${env_private_dns_name}&apos;&quot;,&quot;Type&quot;:&quot;A&quot;,&quot;TTL&quot;:300,&quot;ResourceRecords&quot;:[{&quot;Value&quot;:&quot;&apos;$jenkins_green_ip&apos;&quot;}]}}]}&apos;
+  reset_role
+  
+  echo &quot;Moving states for green/blue&quot;
+  echo &quot;Staging state swap&quot;
+  aws s3 --sse=AES256 cp s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate_swap
+  aws s3 --sse=AES256 cp s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate_swap
+  
+  echo &quot;Swapping states&quot;
+  aws s3 --sse=AES256 mv s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate_swap s3://${jenkins_tf_state_bucket}/jenkins_state/blue/terraform.tfstate
+  aws s3 --sse=AES256 mv s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate_swap s3://${jenkins_tf_state_bucket}/jenkins_state/green/terraform.tfstate
+fi</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers/>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Swap Stacks/config.xml b/jenkins-docker/jobs/Swap Stacks/config.xml
index fa573680..80156de3 100644
--- a/jenkins-docker/jobs/Swap Stacks/config.xml	
+++ b/jenkins-docker/jobs/Swap Stacks/config.xml	
@@ -1,22 +1,22 @@
 <?xml version='1.1' encoding='UTF-8'?>
-<flow-definition plugin="workflow-job@2.36">
+<flow-definition plugin="workflow-job@1346.v180a_63f40267">
   <actions>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@1.5.1"/>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@1.5.1">
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@2.2144.v077a_d1928a_40"/>
+    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@2.2144.v077a_d1928a_40">
       <jobProperties/>
       <triggers/>
       <parameters/>
       <options/>
     </org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction>
   </actions>
-  <description></description>
+  <description>Use this to swap environment Staging and Live environments.</description>
   <keepDependencies>false</keepDependencies>
   <properties/>
-  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@2.78">
+  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@3793.v65dec41c3a_c3">
     <script>import groovy.json.*;
 
 pipeline {
-    agent any 
+    agent any
     stages {
      stage(&apos;Retrieve Build Spec&apos;) {
             steps {
@@ -31,13 +31,11 @@ pipeline {
                     sh &apos;pwd&apos;
                     def buildSpec = new JsonSlurper().parse(new File(&apos;/var/jenkins_home/workspace/Swap Stacks/build-spec.json&apos;))
                     println(buildSpec)
-                    ami_id = buildSpec.terraform_vars[0].ami_id
                     infrastructure_git_hash = buildSpec.infrastructure_git_hash
-                    println(&quot;AMI : &quot; + ami_id)
                 }
             }
         }
-        stage(&apos;Acquire and lock deployment state&apos;) { 
+        stage(&apos;Acquire and lock deployment state&apos;) {
             steps {
                 script {
                     def stacksJson
@@ -47,19 +45,19 @@ pipeline {
                     sh &apos;cat stacks.json&apos;
                     stacksJson = new File(&apos;/var/jenkins_home/workspace/Retrieve Deployment State/stacks.json&apos;).text
                     def stacks = new JsonSlurperClassic().parseText(stacksJson)
-                    def prod = stacks.environments.prod
-                    println(stacks.environments.next_prod)
-                    println(stacks.environments.prod)
-                    stacks.environments.prod = stacks.environments.next_prod
-                    stacks.environments.next_prod = prod
-                    def target_prod_stack = stacks.environments.prod
-                    def target_next_prod_stack = stacks.environments.next_prod
+                    def staging_stack = stacks.environments.next_prod
+                    def live_stack = stacks.environments.prod
+                    build job: &apos;Swap_Stacks_TGA&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;live_stack&apos;, value: live_stack],[$class: &apos;StringParameterValue&apos;, name: &apos;staging_stack&apos;, value: staging_stack],[$class: &apos;StringParameterValue&apos;, name: &apos;infrastructure_git_hash&apos;, value: infrastructure_git_hash]]
+                    println(&quot;Blue / Green Swap complete&quot;)
+                    println(&quot;Swapping target stack for staging in - stacks.json&quot;)
+                    def target_prod_stack = stacks.environments.next_prod
+                    def target_next_prod_stack = stacks.environments.prod
+                    stacks.environments.next_prod = target_next_prod_stack
+                    stacks.environments.prod = target_prod_stack
                     println(target_prod_stack)
                     println(target_next_prod_stack)
                     stacksJson = JsonOutput.toJson(stacks)
                     println(stacksJson)
-                    build job: &apos;Move Prod DNS Pointer&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;target_prod_stack&apos;, value: target_prod_stack],[$class: &apos;StringParameterValue&apos;, name: &apos;target_next_prod_stack&apos;, value: target_next_prod_stack],[$class: &apos;StringParameterValue&apos;, name: &apos;infrastructure_git_hash&apos;, value: infrastructure_git_hash]]
-                    println(&quot;Moved pointer&quot;)
                     build job: &apos;Write Stack State&apos;, parameters: [[$class: &apos;StringParameterValue&apos;, name: &apos;stacks_json&apos;, value: stacksJson]]
                 }
             }
diff --git a/jenkins-docker/jobs/Swap_Stacks_TGA/config.xml b/jenkins-docker/jobs/Swap_Stacks_TGA/config.xml
new file mode 100644
index 00000000..988dbb5d
--- /dev/null
+++ b/jenkins-docker/jobs/Swap_Stacks_TGA/config.xml
@@ -0,0 +1,112 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description>Need to add these records into httpd instance.  Module should handle these records as they relate to the state of each stacks httpd server.&#xd;
+&#xd;
+add this work when moving to modular composition approach.</description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>staging_stack</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>live_stack</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>infrastructure_git_hash</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+  </properties>
+  <scm class="hudson.scm.NullSCM"/>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command># json tag schema.  Used to uniquely identify a projects staging instances.
+cat &lt;&lt;EOF &gt; staging_httpd_tags_file.json
+[
+  {
+    &quot;Name&quot;: &quot;tag:Stack&quot;,
+    &quot;Values&quot;: [&quot;$staging_stack&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Node&quot;,
+    &quot;Values&quot;: [&quot;HTTPD&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Project&quot;,
+    &quot;Values&quot;: [&quot;$env_project&quot;]
+  }
+]
+EOF</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command># json tag schema.  Used to uniquely identify a projects staging instances.
+cat &lt;&lt;EOF &gt; live_httpd_tags_file.json
+[
+  {
+    &quot;Name&quot;: &quot;tag:Stack&quot;,
+    &quot;Values&quot;: [&quot;$live_stack&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Node&quot;,
+    &quot;Values&quot;: [&quot;HTTPD&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Project&quot;,
+    &quot;Values&quot;: [&quot;$env_project&quot;]
+  }
+]
+EOF</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+
+assume_role
+# Command to execute swap_stacks
+swap_stacks &quot;${staging_tg_name}&quot; \
+    &quot;${live_tg_name}&quot; \
+    &quot;${WORKSPACE}/staging_httpd_tags_file.json&quot; \
+    &quot;${WORKSPACE}/live_httpd_tags_file.json&quot;
+
+
+
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Teardown and Rebuild Stage Environment/config.xml b/jenkins-docker/jobs/Teardown and Rebuild Stage Environment/config.xml
index 9931a069..5ad869bb 100644
--- a/jenkins-docker/jobs/Teardown and Rebuild Stage Environment/config.xml	
+++ b/jenkins-docker/jobs/Teardown and Rebuild Stage Environment/config.xml	
@@ -6,62 +6,51 @@
   <properties>
     <hudson.model.ParametersDefinitionProperty>
       <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>live_stack</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>target_stack</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>deployment_git_hash</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>ROLE_ARN</name>
-          <description></description>
           <defaultValue>arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role</defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>dataset_s3_object_key</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>destigmatized_dataset_s3_object_key</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>genomic_dataset_s3_object_key</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>ami_id</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
         <hudson.model.StringParameterDefinition>
           <name>infrastructure_git_hash</name>
-          <description></description>
-          <defaultValue></defaultValue>
           <trim>false</trim>
         </hudson.model.StringParameterDefinition>
+        <hudson.model.BooleanParameterDefinition>
+          <name>isDestroyOnly</name>
+          <defaultValue>false</defaultValue>
+        </hudson.model.BooleanParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
   </properties>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.1.1">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/pic-sure-bdc-infrastructure</url>
+        <url>${infrastructure_git_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
@@ -70,7 +59,7 @@
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -81,171 +70,217 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>cd app-infrastructure
-wget https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip &amp;&amp; unzip terraform_0.12.31_linux_amd64.zip &amp;&amp; mv terraform /usr/local/bin/
+      <command># json tag schema.  Used to uniquely identify a projects staging instances.
+cat &lt;&lt;EOF &gt; staging_httpd_tags_file.json
+[
+  {
+    &quot;Name&quot;: &quot;tag:Stack&quot;,
+    &quot;Values&quot;: [&quot;$target_stack&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Node&quot;,
+    &quot;Values&quot;: [&quot;HTTPD&quot;]
+  },
+  {
+    &quot;Name&quot;: &quot;tag:Project&quot;,
+    &quot;Values&quot;: [&quot;$env_project&quot;]
+  }
+]
+EOF
+
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
 
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+assume_role
+# Deregister previous staging from staging TG (remove green from green)
+target_group_vpc=$(get_target_group_vpc_by_tg_name $staging_tg_name)
+staging_target_group_arn=$(get_target_group_arn_by_name &quot;$staging_tg_name&quot;)
+staging_httpd_instance_prv_ips=($(get_private_ip_by_tags &quot;staging_httpd_tags_file.json&quot;)) # json generated in previous build step.
 
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+if [ -z &quot;${staging_httpd_instance_prv_ips}&quot; ]; then
+   echo &quot;No private IPs found. No Staging Ips to deregister&quot;
+else
+   echo &quot;Deregistering staging target(s) before teardown.&quot;
+   deregister_targets &quot;$target_group_vpc&quot; &quot;$staging_target_group_arn&quot; &quot;${staging_httpd_instance_prv_ips[@]}&quot;
+   wait_for_target_group_health &quot;$staging_target_group_arn&quot; &quot;UNUSED&quot; &quot;${staging_httpd_instance_prv_ips[@]}&quot;
+fi 
 
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate .
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/stack_variables.tf .
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/subnet_variables.tf .
-cp stack_variables.tf ../s3-deployment-roles/
-cp subnet_variables.tf ../s3-deployment-roles/
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles ../s3-deployment-roles/terraform.tfstate || echo &quot;role state doesnt exist, it will be created&quot;
+reset_role</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
+
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
+# Destroy and Build resources
+cd app-infrastructure
 
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
+# TODO - Needs backend state management.
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate . || echo &quot;bad state or doesnt exist, it will be created&quot;
 
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+# Assume deployment role
+assume_role
 
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+# Perform RDS Strategy
+do_picsure_rds_strategy &quot;${picsure_rds_strategy}&quot; &quot;${live_stack}&quot; &quot;${env_project}&quot;
+picsure_rds_snapshot_id=$(get_latest_rds_snapshot_id &quot;${picsure_rds_strategy}&quot; &quot;${live_stack}&quot; &quot;${env_project}&quot;)
 
-cd ../s3-deployment-roles
 terraform init
-terraform destroy -auto-approve -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot; -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot;  -var=&quot;target-stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
-terraform apply -auto-approve -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot;  -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot; -var=&quot;target-stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
+if $isDestroyOnly; then
 
-DOMAINS=&quot;${allowed_hosts}&quot;
-# Convert commas (with optional whitespace) to spaces
-DOMAINS_ARRAY=$(echo &quot;$DOMAINS&quot; | sed &apos;s/,\s*/ /g&apos;)
-# Convert array of domains to regex
-REGEX_DOMAINS=$(echo &quot;$DOMAINS_ARRAY&quot; | sed &apos;s/ /|/g&apos;)
-        
-cd ../app-infrastructure
+  terraform destroy -auto-approve \
+     -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot;  \
+     -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot;  \
+     -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot; \
+     -var=&quot;target_stack=${target_stack}&quot; \
+     -var=&quot;picsure_rds_snapshot_id=${picsure_rds_snapshot_id}&quot; \
+     -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; \
+     -var=&quot;stack_githash_long=${deployment_git_hash}&quot; \
+     -var=&quot;env_public_dns_name=${env_public_dns_name}&quot; \
+     -var=&quot;env_public_dns_name_staging=${env_public_dns_name_staging}&quot; \
+     -var=&quot;env_private_dns_name=${env_private_dns_name}&quot; \
+     -var=&quot;env_hosted_zone_id=${env_hosted_zone_id}&quot; \
+     -var=&quot;analytics_id=${analytics_id}&quot; \
+     -var=&quot;tag_manager_id=${tag_manager_id}&quot; \
+     -var=&quot;env_is_open_access=${env_is_open_access}&quot; \
+     -var=&quot;include_auth_hpds=${include_auth_hpds}&quot; \
+     -var=&quot;include_open_hpds=${include_open_hpds}&quot; \
+     -var=&quot;environment_name=${environment_name}&quot; \
+     -var=&quot;env_staging_subdomain=${env_staging_subdomain}&quot; \
+     -var=&quot;application_id_for_base_query=${application_id_for_base_query}&quot; \
+     -var=&quot;stack_s3_bucket=${stack_s3_bucket}&quot; \
+     -var=&quot;idp_provider=${idp_provider}&quot; \
+     -var=&quot;env_project=${env_project}&quot; \
+     -var=&quot;picsure_token_introspection_token=${picsure_token_introspection_token}&quot; \
+     -var=&quot;picsure_client_secret=${picsure_client_secret}&quot; \
+     -var=&quot;fence_client_id=${fence_client_id}&quot; \
+     -var=&quot;fence_client_secret=${fence_client_secret}&quot; \
+     -var=&quot;idp_provider_uri=${idp_provider_uri}&quot; || true
+  
+  reset_role
 
-#uncomment for dev systems
-#sed -i -r &apos;s/(\$\{target-stack\})/\1.dev/&apos; configs/* scripts/*
+  # Move to terraform backend
+  aws s3 cp terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate
 
-terraform init
-        
-terraform destroy -auto-approve -var=&quot;ami-id=${ami_id}&quot; -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot;  -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot; -var=&quot;target-stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; -var=&quot;allowed_hosts=${REGEX_DOMAINS}&quot; || true
-terraform apply -auto-approve -var=&quot;ami-id=${ami_id}&quot; -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot;  -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot; -var=&quot;target-stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; -var=&quot;allowed_hosts=${REGEX_DOMAINS}&quot; || true
-
-echo &quot;
-{
-  \&quot;Changes\&quot;: [
-    {
-      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
-      \&quot;ResourceRecordSet\&quot;: {
-        \&quot;Name\&quot;: \&quot;httpd.${target_stack}.datastage.hms.harvard.edu\&quot;,
-        \&quot;Type\&quot;: \&quot;A\&quot;,
-        \&quot;TTL\&quot;: 60,
-        \&quot;ResourceRecords\&quot;: [
-          {
-            \&quot;Value\&quot;: \&quot;$(grep httpd-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
-          }
-        ]
-      }
-    },{
-      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
-      \&quot;ResourceRecordSet\&quot;: {
-        \&quot;Name\&quot;: \&quot;wildfly.${target_stack}.datastage.hms.harvard.edu\&quot;,
-        \&quot;Type\&quot;: \&quot;A\&quot;,
-        \&quot;TTL\&quot;: 60,
-        \&quot;ResourceRecords\&quot;: [
-          {
-            \&quot;Value\&quot;: \&quot;$(grep wildfly-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
-          }
-        ]
-      }
-    },{
-      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
-      \&quot;ResourceRecordSet\&quot;: {
-        \&quot;Name\&quot;: \&quot;open-hpds.${target_stack}.datastage.hms.harvard.edu\&quot;,
-        \&quot;Type\&quot;: \&quot;A\&quot;,
-        \&quot;TTL\&quot;: 60,
-        \&quot;ResourceRecords\&quot;: [
-          {
-            \&quot;Value\&quot;: \&quot;$(grep open-hpds-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
-          }
-        ]
-      }
-    },{
-      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
-      \&quot;ResourceRecordSet\&quot;: {
-        \&quot;Name\&quot;: \&quot;auth-hpds.${target_stack}.datastage.hms.harvard.edu\&quot;,
-        \&quot;Type\&quot;: \&quot;A\&quot;,
-        \&quot;TTL\&quot;: 60,
-        \&quot;ResourceRecords\&quot;: [
-          {
-            \&quot;Value\&quot;: \&quot;$(grep auth-hpds-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
-          }
-        ]
-      }
-    },{
-      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
-      \&quot;ResourceRecordSet\&quot;: {
-        \&quot;Name\&quot;: \&quot;dictionary.${target_stack}.datastage.hms.harvard.edu\&quot;,
-        \&quot;Type\&quot;: \&quot;A\&quot;,
-        \&quot;TTL\&quot;: 60,
-        \&quot;ResourceRecords\&quot;: [
-          {
-            \&quot;Value\&quot;: \&quot;$(grep dictionary-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
-          }
-        ]
-      }
-    },{
-      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
-      \&quot;ResourceRecordSet\&quot;: {
-        \&quot;Name\&quot;: \&quot;picsure-db.${target_stack}.datastage.hms.harvard.edu\&quot;,
-        \&quot;Type\&quot;: \&quot;CNAME\&quot;,
-        \&quot;TTL\&quot;: 60,
-        \&quot;ResourceRecords\&quot;: [
-          {
-            \&quot;Value\&quot;: \&quot;$(grep pic-sure-mysql-address ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
-          }
-        ]
-      }
-    }
-  ]
-}
-
-
-&quot; &gt; route-53-records.json
-aws route53 change-resource-record-sets --hosted-zone-id $(grep -A4 &apos;variable &quot;internal-dns-zone-id&apos; subnet_variables.tf  |  grep default | cut -d &quot;\&quot;&quot; -f 2) --change-batch file://route-53-records.json || true
-
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-aws s3 cp terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate 
-aws s3 cp ../s3-deployment-roles/terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles
-aws s3 --sse=AES256 cp picsureui-settings.json s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/picsureui_settings.json
-aws s3 --sse=AES256 cp configs/banner_config.json s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/banner_config.json
-aws s3 --sse=AES256 cp standalone.xml s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/standalone.xml
-aws s3 --sse=AES256 cp pic-sure-schema.sql s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/pic-sure-schema.sql
-aws s3 --sse=AES256 cp httpd-vhosts.conf s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/httpd-vhosts.conf
-aws s3 --sse=AES256 cp aggregate-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/aggregate-resource.properties
-aws s3 --sse=AES256 cp visualization-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/visualization-resource.properties    
-
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-</command>
+else
+  terraform destroy -auto-approve \
+     -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot;  \
+     -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot;  \
+     -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot; \
+     -var=&quot;target_stack=${target_stack}&quot; \
+     -var=&quot;picsure_rds_snapshot_id=${picsure_rds_snapshot_id}&quot; \
+     -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; \
+     -var=&quot;stack_githash_long=${deployment_git_hash}&quot; \
+     -var=&quot;env_public_dns_name=${env_public_dns_name}&quot; \
+     -var=&quot;env_public_dns_name_staging=${env_public_dns_name_staging}&quot; \
+     -var=&quot;env_private_dns_name=${env_private_dns_name}&quot; \
+     -var=&quot;env_hosted_zone_id=${env_hosted_zone_id}&quot; \
+     -var=&quot;analytics_id=${analytics_id}&quot; \
+     -var=&quot;tag_manager_id=${tag_manager_id}&quot; \
+     -var=&quot;env_is_open_access=${env_is_open_access}&quot; \
+     -var=&quot;include_auth_hpds=${include_auth_hpds}&quot; \
+     -var=&quot;include_open_hpds=${include_open_hpds}&quot; \
+     -var=&quot;environment_name=${environment_name}&quot; \
+     -var=&quot;env_staging_subdomain=${env_staging_subdomain}&quot; \
+     -var=&quot;application_id_for_base_query=${application_id_for_base_query}&quot; \
+     -var=&quot;stack_s3_bucket=${stack_s3_bucket}&quot; \
+     -var=&quot;idp_provider=${idp_provider}&quot; \
+     -var=&quot;env_project=${env_project}&quot; \
+     -var=&quot;picsure_token_introspection_token=${picsure_token_introspection_token}&quot; \
+     -var=&quot;picsure_client_secret=${picsure_client_secret}&quot; \
+     -var=&quot;fence_client_id=${fence_client_id}&quot; \
+     -var=&quot;fence_client_secret=${fence_client_secret}&quot; \
+     -var=&quot;idp_provider_uri=${idp_provider_uri}&quot; || true
+
+  terraform apply -auto-approve \
+     -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot;  \
+     -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot;  \
+     -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot; \
+     -var=&quot;target_stack=${target_stack}&quot; \
+     -var=&quot;picsure_rds_snapshot_id=${picsure_rds_snapshot_id}&quot; \
+     -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; \
+     -var=&quot;stack_githash_long=${deployment_git_hash}&quot; \
+     -var=&quot;env_public_dns_name=${env_public_dns_name}&quot; \
+     -var=&quot;env_public_dns_name_staging=${env_public_dns_name_staging}&quot; \
+     -var=&quot;env_private_dns_name=${env_private_dns_name}&quot; \
+     -var=&quot;env_hosted_zone_id=${env_hosted_zone_id}&quot; \
+     -var=&quot;analytics_id=${analytics_id}&quot; \
+     -var=&quot;tag_manager_id=${tag_manager_id}&quot; \
+     -var=&quot;env_is_open_access=${env_is_open_access}&quot; \
+     -var=&quot;include_auth_hpds=${include_auth_hpds}&quot; \
+     -var=&quot;include_open_hpds=${include_open_hpds}&quot; \
+     -var=&quot;environment_name=${environment_name}&quot; \
+     -var=&quot;env_staging_subdomain=${env_staging_subdomain}&quot; \
+     -var=&quot;application_id_for_base_query=${application_id_for_base_query}&quot; \
+     -var=&quot;stack_s3_bucket=${stack_s3_bucket}&quot; \
+     -var=&quot;idp_provider=${idp_provider}&quot; \
+     -var=&quot;env_project=${env_project}&quot; \
+     -var=&quot;picsure_token_introspection_token=${picsure_token_introspection_token}&quot; \
+     -var=&quot;picsure_client_secret=${picsure_client_secret}&quot; \
+     -var=&quot;fence_client_id=${fence_client_id}&quot; \
+     -var=&quot;fence_client_secret=${fence_client_secret}&quot; \
+     -var=&quot;idp_provider_uri=${idp_provider_uri}&quot; || true
+
+  reset_role
+
+  # Move to terraform backend
+  # If script fails before state file is uploaded to s3 state will be lost for created objects \
+  # terraform destroy will not destroy anything as it points to old state and apply will fail as objects may already exist
+  # Will have to manually destroy and delete roles, ec2s, etc. in that scenario
+  aws s3 cp terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate
+  # roles are now in the same state as their related resources..
+  #aws s3 cp ../s3-deployment-roles/terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles
+
+  # These files are uploaded to s3 because user-scripts download them.  The user scripts are already running
+  # so this is a race condition at this point as terraform has been applied
+  #  have terraform provision these to the ec2 and remove the aws cli stuff from the user-scripts and here
+  aws s3 --sse=AES256 cp picsureui-settings.json s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/picsureui_settings.json
+  aws s3 --sse=AES256 cp standalone.xml s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/standalone.xml
+  aws s3 --sse=AES256 cp pic-sure-schema.sql s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/pic-sure-schema.sql
+  aws s3 --sse=AES256 cp resources-registration.sql s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/resources-registration.sql
+  aws s3 --sse=AES256 cp httpd-vhosts.conf s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/httpd-vhosts.conf
+  aws s3 --sse=AES256 cp aggregate-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/aggregate-resource.properties
+  aws s3 --sse=AES256 cp visualization-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/visualization-resource.properties
+
+
+fi</command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers>
-    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.38">
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
       <deleteDirs>false</deleteDirs>
       <cleanupParameter></cleanupParameter>
       <externalDelete></externalDelete>
       <disableDeferredWipeout>false</disableDeferredWipeout>
     </hudson.plugins.ws__cleanup.PreBuildCleanup>
   </buildWrappers>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Teardown and Rebuild Stage Environment/config.xmlbk b/jenkins-docker/jobs/Teardown and Rebuild Stage Environment/config.xmlbk
new file mode 100644
index 00000000..8a2b53e7
--- /dev/null
+++ b/jenkins-docker/jobs/Teardown and Rebuild Stage Environment/config.xmlbk	
@@ -0,0 +1,266 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description></description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>target_stack</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>deployment_git_hash</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>ROLE_ARN</name>
+          <defaultValue>arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role</defaultValue>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>dataset_s3_object_key</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>destigmatized_dataset_s3_object_key</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>genomic_dataset_s3_object_key</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>ami_id</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>infrastructure_git_hash</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+  </properties>
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.0.2">
+    <configVersion>2</configVersion>
+    <userRemoteConfigs>
+      <hudson.plugins.git.UserRemoteConfig>
+        <url>${infrastructure_git_repo}</url>
+      </hudson.plugins.git.UserRemoteConfig>
+    </userRemoteConfigs>
+    <branches>
+      <hudson.plugins.git.BranchSpec>
+        <name>${infrastructure_git_hash}</name>
+      </hudson.plugins.git.BranchSpec>
+    </branches>
+    <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+    <submoduleCfg class="empty-list"/>
+    <extensions/>
+  </scm>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>cd app-infrastructure
+# why install terraform here?
+#wget https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip &amp;&amp; unzip terraform_0.12.31_linux_amd64.zip &amp;&amp; mv terraform /usr/local/bin/
+
+aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate .
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/stack_variables.tf .
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/subnet_variables.tf .
+cp stack_variables.tf ../s3-deployment-roles/
+cp subnet_variables.tf ../s3-deployment-roles/
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles ../s3-deployment-roles/terraform.tfstate || echo &quot;role state doesnt exist, it will be created&quot;
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+
+aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+cd ../s3-deployment-roles
+terraform init
+terraform destroy -auto-approve -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot; -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot;  -var=&quot;target-stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
+terraform apply -auto-approve -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot;  -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot; -var=&quot;target-stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
+
+cd ../app-infrastructure
+
+#uncomment for dev systems
+sed -i -r &apos;s/(\$\{target-stack\})/\1.dev/&apos; configs/* scripts/*
+
+terraform init
+terraform destroy -auto-approve \
+   -var=&quot;ami-id=${ami_id}&quot; \
+   -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot;  \
+   -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot;  \
+   -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot; \
+   -var=&quot;target-stack=${target_stack}&quot; \
+   -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; \
+   -var=&quot;stack_githash_long=${deployment_git_hash}&quot; \
+   -var=&quot;env_public_dns_name=${env_public_dns_name}&quot; \
+   -var=&quot;env_private_dns_name=${env_private_dns_name}&quot; \
+   -var=&quot;dsm_url=${dsm_url}&quot; \
+   || true
+
+
+terraform apply -auto-approve \
+   -var=&quot;ami-id=${ami_id}&quot; \
+   -var=&quot;dataset-s3-object-key=${dataset_s3_object_key}&quot; \
+   -var=&quot;destigmatized-dataset-s3-object-key=${destigmatized_dataset_s3_object_key}&quot; \
+   -var=&quot;genomic-dataset-s3-object-key=${genomic_dataset_s3_object_key}&quot; \
+   -var=&quot;target-stack=${target_stack}&quot; \
+   -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; \
+   -var=&quot;stack_githash_long=${deployment_git_hash}&quot; \
+   -var=&quot;env_public_dns_name=${env_public_dns_name}&quot; \
+   -var=&quot;env_private_dns_name=${env_private_dns_name}&quot; \
+   -var=&quot;dsm_url=${dsm_url}&quot; \
+   || true
+
+
+echo &quot;
+{
+  \&quot;Changes\&quot;: [
+    {
+      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
+      \&quot;ResourceRecordSet\&quot;: {
+        \&quot;Name\&quot;: \&quot;httpd.${target_stack}.dev.datastage.hms.harvard.edu\&quot;,
+        \&quot;Type\&quot;: \&quot;A\&quot;,
+        \&quot;TTL\&quot;: 60,
+        \&quot;ResourceRecords\&quot;: [
+          {
+            \&quot;Value\&quot;: \&quot;$(grep httpd-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
+          }
+        ]
+      }
+    },{
+      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
+      \&quot;ResourceRecordSet\&quot;: {
+        \&quot;Name\&quot;: \&quot;wildfly.${target_stack}.dev.datastage.hms.harvard.edu\&quot;,
+        \&quot;Type\&quot;: \&quot;A\&quot;,
+        \&quot;TTL\&quot;: 60,
+        \&quot;ResourceRecords\&quot;: [
+          {
+            \&quot;Value\&quot;: \&quot;$(grep wildfly-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
+          }
+        ]
+      }
+    },{
+      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
+      \&quot;ResourceRecordSet\&quot;: {
+        \&quot;Name\&quot;: \&quot;open-hpds.${target_stack}.dev.datastage.hms.harvard.edu\&quot;,
+        \&quot;Type\&quot;: \&quot;A\&quot;,
+        \&quot;TTL\&quot;: 60,
+        \&quot;ResourceRecords\&quot;: [
+          {
+            \&quot;Value\&quot;: \&quot;$(grep open-hpds-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
+          }
+        ]
+      }
+    },{
+      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
+      \&quot;ResourceRecordSet\&quot;: {
+        \&quot;Name\&quot;: \&quot;auth-hpds.${target_stack}.dev.datastage.hms.harvard.edu\&quot;,
+        \&quot;Type\&quot;: \&quot;A\&quot;,
+        \&quot;TTL\&quot;: 60,
+        \&quot;ResourceRecords\&quot;: [
+          {
+            \&quot;Value\&quot;: \&quot;$(grep auth-hpds-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
+          }
+        ]
+      }
+    },{
+      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
+      \&quot;ResourceRecordSet\&quot;: {
+        \&quot;Name\&quot;: \&quot;dictionary.${target_stack}.dev.datastage.hms.harvard.edu\&quot;,
+        \&quot;Type\&quot;: \&quot;A\&quot;,
+        \&quot;TTL\&quot;: 60,
+        \&quot;ResourceRecords\&quot;: [
+          {
+            \&quot;Value\&quot;: \&quot;$(grep dictionary-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
+          }
+        ]
+      }
+    },{
+      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
+      \&quot;ResourceRecordSet\&quot;: {
+        \&quot;Name\&quot;: \&quot;visualization.${target_stack}.dev.datastage.hms.harvard.edu\&quot;,
+        \&quot;Type\&quot;: \&quot;A\&quot;,
+        \&quot;TTL\&quot;: 60,
+        \&quot;ResourceRecords\&quot;: [
+          {
+            \&quot;Value\&quot;: \&quot;$(grep visualization-ec2-private_ip ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
+          }
+        ]
+      }
+    },{
+      \&quot;Action\&quot;: \&quot;UPSERT\&quot;,
+      \&quot;ResourceRecordSet\&quot;: {
+        \&quot;Name\&quot;: \&quot;picsure-db.${target_stack}.dev.datastage.hms.harvard.edu\&quot;,
+        \&quot;Type\&quot;: \&quot;CNAME\&quot;,
+        \&quot;TTL\&quot;: 60,
+        \&quot;ResourceRecords\&quot;: [
+          {
+            \&quot;Value\&quot;: \&quot;$(grep pic-sure-mysql-address ip-vars.properties | cut -d &quot;=&quot; -f 2)\&quot;
+          }
+        ]
+      }
+    }
+  ]
+}
+
+
+&quot; &gt; route-53-records.json
+aws route53 change-resource-record-sets --hosted-zone-id $(grep -A4 &apos;variable &quot;internal-dns-zone-id&apos; subnet_variables.tf  |  grep default | cut -d &quot;\&quot;&quot; -f 2) --change-batch file://route-53-records.json || true
+
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+
+aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+aws s3 cp terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate 
+aws s3 cp ../s3-deployment-roles/terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles
+aws s3 --sse=AES256 cp picsureui-settings.json s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/picsureui_settings.json
+aws s3 --sse=AES256 cp standalone.xml s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/standalone.xml
+aws s3 --sse=AES256 cp pic-sure-schema.sql s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/pic-sure-schema.sql
+aws s3 --sse=AES256 cp httpd-vhosts.conf s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/httpd-vhosts.conf
+aws s3 --sse=AES256 cp aggregate-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/aggregate-resource.properties
+
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Terraform Destroy Stack - Standalone/config.xml b/jenkins-docker/jobs/Terraform Destroy Stack - Standalone/config.xml
new file mode 100644
index 00000000..a267a2d2
--- /dev/null
+++ b/jenkins-docker/jobs/Terraform Destroy Stack - Standalone/config.xml	
@@ -0,0 +1,147 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description>This job will destroy a terraform state for the specified stack passed in. &#xd;
+&#xd;
+Deprecated - Use the teardown and rebuild job as destroy only.</description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>target_stack</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>infrastructure_git_hash</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+  </properties>
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
+    <configVersion>2</configVersion>
+    <userRemoteConfigs>
+      <hudson.plugins.git.UserRemoteConfig>
+        <url>${infrastructure_git_repo}</url>
+      </hudson.plugins.git.UserRemoteConfig>
+    </userRemoteConfigs>
+    <branches>
+      <hudson.plugins.git.BranchSpec>
+        <name>${infrastructure_git_hash}</name>
+      </hudson.plugins.git.BranchSpec>
+    </branches>
+    <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+    <submoduleCfg class="empty-list"/>
+    <extensions/>
+  </scm>
+  <canRoam>true</canRoam>
+  <disabled>true</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>cd app-infrastructure
+
+# Terraform provider can assume role
+# Should move this to terraform once we can have multiple providers
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assuming-an-iam-role
+aws sts assume-role --duration-seconds ${jenkins_provisioning_assume_role_duration} --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/${jenkins_s3_role_name}&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+# Just use a backend to store s3 no reason to store this state
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate . || echo &quot;bad state or doesnt exist, it will be created&quot;
+
+# work on eliminating these external vars
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/stack_variables.tf .
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/subnet_variables.tf .
+
+# why are the roles and the rest of everything for the nodes in differenet tf states?
+#aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles ../s3-deployment-roles/terraform.tfstate || echo &quot;role state doesnt exist, it will be created&quot;
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+
+aws sts assume-role --duration-seconds ${jenkins_provisioning_assume_role_duration} --role-arn &quot;arn:aws:iam::${app_acct_id}:role/${jenkins_provisioning_assume_role_name}&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+#  why? move the roles in the app-infrastructure and have a flat(ish) model
+#cd ../s3-deployment-roles
+#terraform init
+#terraform destroy -auto-approve -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot; -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot;  -var=&quot;target_stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
+#terraform apply -auto-approve -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot;  -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot; -var=&quot;target_stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
+
+#cd ../app-infrastructure
+
+terraform init
+
+terraform destroy -auto-approve \
+   -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot;  \
+   -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot;  \
+   -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot; \
+   -var=&quot;target_stack=${target_stack}&quot; \
+   -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; \
+   -var=&quot;stack_githash_long=${deployment_git_hash}&quot; \
+   -var=&quot;env_public_dns_name=${env_public_dns_name}&quot; \
+   -var=&quot;env_private_dns_name=${env_private_dns_name}&quot; \
+   || true
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+
+aws sts assume-role --duration-seconds ${jenkins_provisioning_assume_role_duration} --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/${jenkins_s3_role_name}&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+# Move to terraform backend
+# If script fails before state file is uploaded to s3 state will be lost for created objects \
+# terraform destroy will not destroy anything as it points to old state and apply will fail as objects may already exist
+# that the old state does not control.  Will have to manually destroy and delete roles, ec2s, etc. in that scenario
+aws s3 cp terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate
+# roles are now in the same state as their related resources..
+#aws s3 cp ../s3-deployment-roles/terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles
+
+# These files are uploaded to s3 because user-scripts download them.  The user scripts are already running
+# so this is a race condition at this point as terraform has been applied
+# Just have terraform provision these and remove the aws cli stuff from the user-scripts and here
+aws s3 --sse=AES256 cp picsureui-settings.json s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/picsureui_settings.json
+aws s3 --sse=AES256 cp configs/banner_config.json s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/banner_config.json
+aws s3 --sse=AES256 cp standalone.xml s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/standalone.xml
+aws s3 --sse=AES256 cp pic-sure-schema.sql s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/pic-sure-schema.sql
+aws s3 --sse=AES256 cp httpd-vhosts.conf s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/httpd-vhosts.conf
+aws s3 --sse=AES256 cp aggregate-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/aggregate-resource.properties
+aws s3 --sse=AES256 cp visualization-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/visualization-resource.properties
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
+</project>
diff --git a/jenkins-docker/jobs/Terraform Import Stack State/config.xml b/jenkins-docker/jobs/Terraform Import Stack State/config.xml
new file mode 100644
index 00000000..00dab4f4
--- /dev/null
+++ b/jenkins-docker/jobs/Terraform Import Stack State/config.xml	
@@ -0,0 +1,159 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description>Job will import state of objects if state gets lost.&#xd;
+&#xd;
+WIP - Just place holder while I look into how to properly import a state.  Too many changes now to make this stable.</description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@320.v5a_0933a_e7d61">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>target_stack</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>deployment_git_hash</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>ROLE_ARN</name>
+          <defaultValue>arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role</defaultValue>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>dataset_s3_object_key</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>destigmatized_dataset_s3_object_key</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>genomic_dataset_s3_object_key</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>infrastructure_git_hash</name>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.BooleanParameterDefinition>
+          <name>isDestroyOnly</name>
+          <defaultValue>false</defaultValue>
+        </hudson.model.BooleanParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+  </properties>
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.1.0">
+    <configVersion>2</configVersion>
+    <userRemoteConfigs>
+      <hudson.plugins.git.UserRemoteConfig>
+        <url>${infrastructure_git_repo}</url>
+      </hudson.plugins.git.UserRemoteConfig>
+    </userRemoteConfigs>
+    <branches>
+      <hudson.plugins.git.BranchSpec>
+        <name>${infrastructure_git_hash}</name>
+      </hudson.plugins.git.BranchSpec>
+    </branches>
+    <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+    <submoduleCfg class="empty-list"/>
+    <extensions/>
+  </scm>
+  <canRoam>true</canRoam>
+  <disabled>true</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>cd app-infrastructure
+
+# Terraform provider can assume role
+# Should move this to terraform once we can have multiple providers
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assuming-an-iam-role
+aws sts assume-role --duration-seconds ${jenkins_provisioning_assume_role_duration} --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/${jenkins_s3_role_name}&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+# Just use a backend to store s3 no reason to store this state
+#aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate . || echo &quot;bad state or doesnt exist, it will be created&quot;
+
+# work on eliminating these external vars
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/stack_variables.tf .
+aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/subnet_variables.tf .
+
+# why are the roles and the rest of everything for the nodes in differenet tf states?
+#aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles ../s3-deployment-roles/terraform.tfstate || echo &quot;role state doesnt exist, it will be created&quot;
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+
+aws sts assume-role --duration-seconds ${jenkins_provisioning_assume_role_duration} --role-arn &quot;arn:aws:iam::${app_acct_id}:role/${jenkins_provisioning_assume_role_name}&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+#  why?
+# move the roles in the app-infrastructure and have a flat(ish) model
+#cd ../s3-deployment-roles
+#terraform init
+#terraform destroy -auto-approve -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot; -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot;  -var=&quot;target_stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
+#terraform apply -auto-approve -var=&quot;dataset_s3_object_key=${dataset_s3_object_key}&quot;  -var=&quot;destigmatized_dataset_s3_object_key=${destigmatized_dataset_s3_object_key}&quot; -var=&quot;genomic_dataset_s3_object_key=${genomic_dataset_s3_object_key}&quot; -var=&quot;target_stack=${target_stack}&quot; -var=&quot;stack_githash=`echo ${deployment_git_hash} |cut -c1-7`&quot; -var=&quot;stack_githash_long=${deployment_git_hash}&quot; || true
+
+#cd ../app-infrastructure
+
+terraform init
+
+terraform import
+
+aws sts assume-role --duration-seconds ${jenkins_provisioning_assume_role_duration} --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/${jenkins_s3_role_name}&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+
+export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+
+# Move to terraform backend
+# If script fails before state file is uploaded to s3 state will be lost for created objects \
+# terraform destroy will not destroy anything as it points to old state and apply will fail as objects may already exist
+# that the old state does not control.  Will have to manually destroy and delete roles, ec2s, etc. in that scenario
+#aws s3 cp terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate
+# roles are now in the same state as their related resources..
+#aws s3 cp ../s3-deployment-roles/terraform.tfstate s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate_roles
+
+# These files are uploaded to s3 because user-scripts download them.  The user scripts are already running
+# so this is a race condition at this point as terraform has been applied
+# Just have terraform provision these and remove the aws cli stuff from the user-scripts and here
+#aws s3 --sse=AES256 cp picsureui-settings.json s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/picsureui_settings.json
+#aws s3 --sse=AES256 cp standalone.xml s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/standalone.xml
+#aws s3 --sse=AES256 cp pic-sure-schema.sql s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/pic-sure-schema.sql
+#aws s3 --sse=AES256 cp httpd-vhosts.conf s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/httpd-vhosts.conf
+#aws s3 --sse=AES256 cp aggregate-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/aggregate-resource.properties
+#aws s3 --sse=AES256 cp visualization-resource.properties s3://$stack_s3_bucket/configs/jenkins_pipeline_build_${deployment_git_hash}/visualization-resource.properties
+
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+unset AWS_SESSION_TOKEN
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers>
+    <hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
+      <deleteDirs>false</deleteDirs>
+      <cleanupParameter></cleanupParameter>
+      <externalDelete></externalDelete>
+      <disableDeferredWipeout>false</disableDeferredWipeout>
+    </hudson.plugins.ws__cleanup.PreBuildCleanup>
+  </buildWrappers>
+</project>
diff --git a/jenkins-docker/jobs/Unlock Deployment State/config.xml b/jenkins-docker/jobs/Unlock Deployment State/config.xml
index f71621a2..7c860af3 100644
--- a/jenkins-docker/jobs/Unlock Deployment State/config.xml	
+++ b/jenkins-docker/jobs/Unlock Deployment State/config.xml	
@@ -4,16 +4,6 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties>
-    <hudson.model.ParametersDefinitionProperty>
-      <parameterDefinitions>
-        <hudson.model.StringParameterDefinition>
-          <name>S3_BUCKET_NAME</name>
-          <description></description>
-          <defaultValue>${stack_s3_bucket}</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-      </parameterDefinitions>
-    </hudson.model.ParametersDefinitionProperty>
     <hudson.plugins.copyartifact.CopyArtifactPermissionProperty plugin="copyartifact@1.45.3">
       <projectNameList>
         <string>*</string>
@@ -30,16 +20,16 @@
   <builders>
     <hudson.tasks.Shell>
       <command>
-      
-      echo &quot;Unlocking deployment state.&quot;
+
+echo &quot;Unlocking deployment state.&quot;
 
 aws s3api put-object-legal-hold \
---bucket $S3_BUCKET_NAME \
+--bucket ${stack_s3_bucket} \
 --key deployment_state_metadata/stacks.json \
 --legal-hold Status=OFF
-      
+
       </command>
     </hudson.tasks.Shell>
   </builders>
   <buildWrappers/>
-</project>
\ No newline at end of file
+</project>
diff --git a/jenkins-docker/jobs/Update Bucket Policy/config.xml b/jenkins-docker/jobs/Update Bucket Policy/config.xml
deleted file mode 100644
index de0c919c..00000000
--- a/jenkins-docker/jobs/Update Bucket Policy/config.xml	
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version='1.1' encoding='UTF-8'?>
-<flow-definition plugin="workflow-job@2.36">
-  <actions>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobAction plugin="pipeline-model-definition@1.5.0"/>
-    <org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction plugin="pipeline-model-definition@1.5.0">
-      <jobProperties/>
-      <triggers/>
-      <parameters/>
-      <options/>
-    </org.jenkinsci.plugins.pipeline.modeldefinition.actions.DeclarativeJobPropertyTrackerAction>
-  </actions>
-  <description></description>
-  <keepDependencies>false</keepDependencies>
-  <properties>
-    <hudson.model.ParametersDefinitionProperty>
-      <parameterDefinitions>
-        <hudson.model.StringParameterDefinition>
-          <name>target_stack</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>stack_githash</name>
-          <description></description>
-          <defaultValue></defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-      </parameterDefinitions>
-    </hudson.model.ParametersDefinitionProperty>
-  </properties>
-  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="workflow-cps@2.78">
-    <script>import groovy.json.JsonSlurper;
-import groovy.json.JsonOutput;
-
-def new_policy
-pipeline {
-    agent any 
-    stages {
-        stage(&apos;Retrieve Build Spec&apos;) { 
-            steps {
-                script {
-                    sh &apos;aws s3api get-bucket-policy --bucket ${stack_s3_bucket} --query Policy --output text &gt; /tmp/policy.json&apos;
-                    def bucket_policy = new JsonSlurper().parse(new File(&apos;/tmp/policy.json&apos;))
-                    def statements_to_remove = [];
-                    def target_stack = &quot;$target_stack&quot;
-                    def stack_githash = &quot;$stack_githash&quot;
-                    for(def statement : bucket_policy.Statement){
-                        if(statement.Sid!=null &amp;&amp; statement.Sid.startsWith(&quot;stack-&quot;+target_stack+&quot;-statement&quot;)
-                        ||statement.Principal.AWS.size()&lt;22){
-                            // This is an identifier that AWS uses for deleted stuff... not really sure past that
-                            statements_to_remove.push(statement)
-                        }
-                    }
-                    bucket_policy.Statement.removeAll(statements_to_remove)
-                    bucket_policy.Statement.push(new JsonSlurper().parseText(&quot;{\&quot;Sid\&quot;: \&quot;stack-&quot;+target_stack+&quot;-statement-open-hpds\&quot;, \&quot;Effect\&quot;: \&quot;Allow\&quot;,\&quot;Principal\&quot;: {\&quot;AWS\&quot;: \&quot;arn:aws:iam::${app_acct_id}:role/open-hpds-deployment-s3-role-&quot; + target_stack + &quot;-&quot; + stack_githash.substring(0,7) + &quot;\&quot;},\&quot;Action\&quot;: \&quot;s3:GetObject\&quot;,\&quot;Resource\&quot;: \&quot;arn:aws:s3:::${stack_s3_bucket}/*\&quot;}&quot;));
-                    bucket_policy.Statement.push(new JsonSlurper().parseText(&quot;{\&quot;Sid\&quot;: \&quot;stack-&quot;+target_stack+&quot;-statement-auth-hpds\&quot;, \&quot;Effect\&quot;: \&quot;Allow\&quot;,\&quot;Principal\&quot;: {\&quot;AWS\&quot;: \&quot;arn:aws:iam::${app_acct_id}:role/auth-hpds-deployment-s3-role-&quot; + target_stack + &quot;-&quot; + stack_githash.substring(0,7) + &quot;\&quot;},\&quot;Action\&quot;: \&quot;s3:GetObject\&quot;,\&quot;Resource\&quot;: \&quot;arn:aws:s3:::${stack_s3_bucket}/*\&quot;}&quot;));
-                    bucket_policy.Statement.push(new JsonSlurper().parseText(&quot;{\&quot;Sid\&quot;: \&quot;stack-&quot;+target_stack+&quot;-statement-wildfly\&quot;, \&quot;Effect\&quot;: \&quot;Allow\&quot;,\&quot;Principal\&quot;: {\&quot;AWS\&quot;: \&quot;arn:aws:iam::${app_acct_id}:role/wildfly-deployment-s3-role-&quot; + target_stack + &quot;-&quot; + stack_githash.substring(0,7) + &quot;\&quot;},\&quot;Action\&quot;: \&quot;s3:GetObject\&quot;,\&quot;Resource\&quot;: \&quot;arn:aws:s3:::${stack_s3_bucket}/*\&quot;}&quot;));
-                    bucket_policy.Statement.push(new JsonSlurper().parseText(&quot;{\&quot;Sid\&quot;: \&quot;stack-&quot;+target_stack+&quot;-statement-httpd\&quot;, \&quot;Effect\&quot;: \&quot;Allow\&quot;,\&quot;Principal\&quot;: {\&quot;AWS\&quot;: \&quot;arn:aws:iam::${app_acct_id}:role/httpd-deployment-s3-role-&quot; + target_stack + &quot;-&quot; + stack_githash.substring(0,7) + &quot;\&quot;},\&quot;Action\&quot;: \&quot;s3:GetObject\&quot;,\&quot;Resource\&quot;: \&quot;arn:aws:s3:::${stack_s3_bucket}/*\&quot;}&quot;));
-                    bucket_policy.Statement.push(new JsonSlurper().parseText(&quot;{\&quot;Sid\&quot;: \&quot;stack-&quot;+target_stack+&quot;-statement-dictionary\&quot;, \&quot;Effect\&quot;: \&quot;Allow\&quot;,\&quot;Principal\&quot;: {\&quot;AWS\&quot;: \&quot;arn:aws:iam::${app_acct_id}:role/dictionary-deployment-s3-role-&quot; + target_stack + &quot;-&quot; + stack_githash.substring(0,7) + &quot;\&quot;},\&quot;Action\&quot;: \&quot;s3:GetObject\&quot;,\&quot;Resource\&quot;: \&quot;arn:aws:s3:::${stack_s3_bucket}/*\&quot;}&quot;));
-                    new_policy = new JsonOutput().toJson(bucket_policy)
-                   
-                }
-                script{
-                    println(new_policy)
-                    println(&apos;writing file&apos;)
-                    writeFile file: &apos;new_policy.json&apos;, text: new_policy
-                    println(&apos;forming command&apos;)
-                    def command = &quot;aws s3api put-bucket-policy --bucket ${stack_s3_bucket} --policy file://new_policy.json&quot;
-                    println(&apos;pushing file&apos;)
-                    println command
-                    sh command
-                    println(&apos;pushed file&apos;)
-                }
-            }
-        }
-    }
-}</script>
-    <sandbox>true</sandbox>
-  </definition>
-  <triggers/>
-  <disabled>false</disabled>
-</flow-definition>
diff --git a/jenkins-docker/jobs/Update HTTPD Certs and Key/config.xml b/jenkins-docker/jobs/Update HTTPD Certs and Key/config.xml
index fdb20887..b3d49be2 100644
--- a/jenkins-docker/jobs/Update HTTPD Certs and Key/config.xml	
+++ b/jenkins-docker/jobs/Update HTTPD Certs and Key/config.xml	
@@ -30,11 +30,7 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+      <command>
 
 aws s3 cp server.key s3://$stack_s3_bucket/certs/httpd/server.key
 aws s3 cp server.crt s3://$stack_s3_bucket/certs/httpd/server.crt
@@ -43,13 +39,9 @@ aws s3 cp server.chain s3://$stack_s3_bucket/certs/httpd/server.chain
 rm server.key
 rm server.crt
 rm server.chain
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
 </command>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
\ No newline at end of file
+</project>
diff --git a/jenkins-docker/jobs/Update Jenkins global config.xml on s3/config.xml b/jenkins-docker/jobs/Update Jenkins global config.xml on s3/config.xml
new file mode 100644
index 00000000..9f790cde
--- /dev/null
+++ b/jenkins-docker/jobs/Update Jenkins global config.xml on s3/config.xml	
@@ -0,0 +1,26 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<project>
+  <actions/>
+  <description>This job will sync the current jenkins config.xml to the s3 location described in the global parameter &quot;jenkins_config_s3_location&quot;</description>
+  <keepDependencies>false</keepDependencies>
+  <properties/>
+  <scm class="hudson.scm.NullSCM"/>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>#!/bin/bash
+# Different environments should set the config.xml name in jenkins_config_s3_location configuration to a unique name such as config_auth_dev.xml
+
+echo &quot;aws s3 cp ${JENKINS_HOME}/config.xml ${jenkins_config_s3_location}&quot;
+aws s3 cp ${JENKINS_HOME}/config.xml ${jenkins_config_s3_location}</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers/>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Update PIC-SURE Token Introspection Token/config.xml b/jenkins-docker/jobs/Update PIC-SURE Token Introspection Token/config.xml
index f18fdbcc..12cf019b 100644
--- a/jenkins-docker/jobs/Update PIC-SURE Token Introspection Token/config.xml	
+++ b/jenkins-docker/jobs/Update PIC-SURE Token Introspection Token/config.xml	
@@ -4,20 +4,20 @@
   <description></description>
   <keepDependencies>false</keepDependencies>
   <properties/>
-  <scm class="hudson.plugins.git.GitSCM" plugin="git@4.0.0">
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
     <configVersion>2</configVersion>
     <userRemoteConfigs>
       <hudson.plugins.git.UserRemoteConfig>
-        <url>https://${git_base_url}/jwt-creator.git</url>
+        <url>${pic_sure_introspection_token_repo}</url>
       </hudson.plugins.git.UserRemoteConfig>
     </userRemoteConfigs>
     <branches>
       <hudson.plugins.git.BranchSpec>
-        <name>*/master</name>
+        <name>${pic_sure_introspection_token_hash}</name>
       </hudson.plugins.git.BranchSpec>
     </branches>
     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-    <submoduleCfg class="list"/>
+    <submoduleCfg class="empty-list"/>
     <extensions/>
   </scm>
   <canRoam>true</canRoam>
@@ -36,13 +36,24 @@
       <injectBuildVariables>false</injectBuildVariables>
     </hudson.tasks.Maven>
     <hudson.tasks.Shell>
-      <command>cd target
+      <command>#!/bin/bash
+set -e
+# Source folder containing the scripts
+source_scripts_folder=&quot;${JENKINS_HOME}/workspace/Bash_Functions/&quot;
+ls -la &quot;$source_scripts_folder&quot;
 
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
+# Iterate through the files in the folder and source them
+for script_file in &quot;$source_scripts_folder&quot;*.sh; do
+    chmod +x &quot;$script_file&quot;
+    if [ -f &quot;$script_file&quot; ] &amp;&amp; [ -x &quot;$script_file&quot; ]; then
+        echo &quot;sourcing $script_file&quot;
+        source &quot;$script_file&quot;
+    fi
+done
 
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+cd target
+
+reset_role
 
 aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/a/stack_variables.tf .
 
@@ -61,22 +72,26 @@ aws s3 cp stack_variables.tf s3://$stack_s3_bucket/deployment_state_metadata/a/s
 
 mv stack_variables.tf stack_variables_a.tf
 
-aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/b/stack_variables.tf .
+echo &quot;New token:&quot;
+echo &quot;${new_token_introspection_token}&quot;
+# only one stack at the moment
+#aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/b/stack_variables.tf .
 
-export old_token_introspection_token=`cat stack_variables.tf | grep -A3 picsure_token_introspection_token | head -n 3 | tail -1 | cut -d &apos; &apos; -f 5 | sed &apos;s/&quot;//g&apos;`
+#export old_token_introspection_token=`cat stack_variables.tf | grep -A3 picsure_token_introspection_token | head -n 3 | tail -1 | cut -d &apos; &apos; -f 5 | sed &apos;s/&quot;//g&apos;`
 
-sed -i &quot;s/$old_token_introspection_token/$new_token_introspection_token/g&quot; stack_variables.tf
+#sed -i &quot;s/$old_token_introspection_token/$new_token_introspection_token/g&quot; stack_variables.tf
 
-aws s3 cp stack_variables.tf s3://$stack_s3_bucket/deployment_state_metadata/b/stack_variables.tf 
+#aws s3 cp stack_variables.tf s3://$stack_s3_bucket/deployment_state_metadata/b/stack_variables.tf 
 
-mv stack_variables.tf stack_variables_b.tf
+#mv stack_variables.tf stack_variables_b.tf
 
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
+#unset AWS_ACCESS_KEY_ID
+#unset AWS_SECRET_ACCESS_KEY
+#unset AWS_SESSION_TOKEN
 </command>
+      <configuredLocalRules/>
     </hudson.tasks.Shell>
   </builders>
   <publishers/>
   <buildWrappers/>
-</project>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/Update Preprod HTTPD Certs and Key/config.xml b/jenkins-docker/jobs/Update Preprod HTTPD Certs and Key/config.xml
index b6d1a820..dac0d9c4 100644
--- a/jenkins-docker/jobs/Update Preprod HTTPD Certs and Key/config.xml	
+++ b/jenkins-docker/jobs/Update Preprod HTTPD Certs and Key/config.xml	
@@ -30,11 +30,7 @@
   <concurrentBuild>false</concurrentBuild>
   <builders>
     <hudson.tasks.Shell>
-      <command>aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
+      <command>
 
 aws s3 cp preprod_server.key s3://$stack_s3_bucket/certs/httpd/preprod_server.key
 aws s3 cp preprod_server.crt s3://$stack_s3_bucket/certs/httpd/preprod_server.crt
@@ -43,10 +39,6 @@ aws s3 cp preprod_server.chain s3://$stack_s3_bucket/certs/httpd/preprod_server.
 rm preprod_server.key
 rm preprod_server.crt
 rm preprod_server.chain
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
 </command>
     </hudson.tasks.Shell>
   </builders>
diff --git a/jenkins-docker/jobs/Update VPC Settings/config.xml b/jenkins-docker/jobs/Update VPC Settings/config.xml
deleted file mode 100644
index 1c453f5f..00000000
--- a/jenkins-docker/jobs/Update VPC Settings/config.xml	
+++ /dev/null
@@ -1,178 +0,0 @@
-<?xml version='1.1' encoding='UTF-8'?>
-<project>
-  <actions/>
-  <description></description>
-  <keepDependencies>false</keepDependencies>
-  <properties>
-    <hudson.model.ParametersDefinitionProperty>
-      <parameterDefinitions>
-        <hudson.model.StringParameterDefinition>
-          <name>R53_Zone_ID</name>
-          <description></description>
-          <defaultValue>Z07894451Y9DMEARH90L3</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>vpc_a</name>
-          <description></description>
-          <defaultValue>vpc-0d248ee6e4ef337ef</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>vpc_b</name>
-          <description></description>
-          <defaultValue>vpc-037509eb9baffa584</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>db-subnet-group-name-a</name>
-          <description></description>
-          <defaultValue>main-a</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-        <hudson.model.StringParameterDefinition>
-          <name>db-subnet-group-name-b</name>
-          <description></description>
-          <defaultValue>main-b</defaultValue>
-          <trim>false</trim>
-        </hudson.model.StringParameterDefinition>
-      </parameterDefinitions>
-    </hudson.model.ParametersDefinitionProperty>
-  </properties>
-  <scm class="hudson.scm.NullSCM"/>
-  <canRoam>true</canRoam>
-  <disabled>false</disabled>
-  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
-  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
-  <triggers/>
-  <concurrentBuild>false</concurrentBuild>
-  <builders>
-    <hudson.tasks.Shell>
-      <command>echo $JENKINS_HOME
-
-# Describe subnets in specified VPCs in the prod account
-
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${app_acct_id}:role/hms-dbmi-cnc-role&quot; --role-session-name &quot;teardown-rebuild&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-aws ec2 --region us-east-1 describe-subnets
-
-aws ec2 --region us-east-1 describe-subnets --filters &quot;Name=vpc-id,Values=$vpc_a&quot; &gt; subnets_a.json
-cat subnets_a.json
-aws ec2 --region us-east-1 describe-subnets --filters &quot;Name=vpc-id,Values=$vpc_b&quot; &gt; subnets_b.json
-cat subnets_b.json
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-</command>
-    </hudson.tasks.Shell>
-    <hudson.plugins.groovy.SystemGroovy plugin="groovy@2.2">
-      <source class="hudson.plugins.groovy.StringSystemScriptSource">
-        <script plugin="script-security@1.68">
-          <script>import groovy.json.*
-import java.io.*
-
-buildSubnetVariablesFileForStack(&quot;a&quot;);
-buildSubnetVariablesFileForStack(&quot;b&quot;);
-
-void buildSubnetVariablesFileForStack(String stackId){
-def JsonSlurper js = new JsonSlurper()
-
-def subnetsResponse = js.parse(new File(&quot;/var/jenkins_home/workspace/Update VPC Settings/subnets_${stackId}.json&quot;))
- 
-def subnetNames = [
-  &quot;edge-subnet-us-east-1a&quot;,
-  &quot;edge-subnet-us-east-1b&quot;,
-  &quot;app-subnet-us-east-1a&quot;,
-  &quot;app-subnet-us-east-1b&quot;,
-  &quot;db-subnet-us-east-1a&quot;,
-  &quot;db-subnet-us-east-1b&quot;,
-]
-
-def subnetAWSNames = [
-  &quot;edge-subnet-us-east-1a&quot;:&quot;Web-Subnet-AZ1&quot;,
-  &quot;edge-subnet-us-east-1b&quot;:&quot;Web-Subnet-AZ2&quot;,
-  &quot;app-subnet-us-east-1a&quot;:&quot;App-Subnet-AZ1&quot;,
-  &quot;app-subnet-us-east-1b&quot;:&quot;App-Subnet-AZ2&quot;,
-  &quot;db-subnet-us-east-1a&quot;:&quot;Database-Subnet-AZ1&quot;,
-  &quot;db-subnet-us-east-1b&quot;:&quot;Database-Subnet-AZ2&quot;,
-]
-
-def subnetVars = [:]
-String subnetVariables = &quot;&quot;
-
-for(def subnetName : subnetNames){
-  def subnet = getSubnetForName(subnetAWSNames.get(subnetName), subnetsResponse);
-  subnetVariables+=&quot;variable \&quot;&quot; + subnetName + &quot;-id\&quot; {\n&quot;;
-  subnetVariables+=&quot;    type = string\n&quot;;
-  subnetVariables+=&quot;    default = \&quot;&quot;+ subnet.SubnetId +&quot;\&quot;\n&quot;;
-  subnetVariables+=&quot;}\n&quot;;
-  subnetVariables+=&quot;variable \&quot;&quot; + subnetName + &quot;-cidr\&quot; {\n&quot;;
-  subnetVariables+=&quot;    type = string\n&quot;;
-  subnetVariables+=&quot;    default = \&quot;&quot;+ subnet.CidrBlock +&quot;\&quot;\n&quot;;
-  subnetVariables+=&quot;}\n&quot;;
-}
-def zoneId = build.buildVariableResolver.resolve(&quot;R53_Zone_ID&quot;)
-subnetVariables+=&quot;&quot;&quot;
-variable &quot;internal-dns-zone-id&quot; {
-  type = string
-  default = &quot;$zoneId&quot;
-}
-&quot;&quot;&quot;
-def vpcId = build.buildVariableResolver.resolve(&quot;vpc_$stackId&quot;)
-subnetVariables+=&quot;&quot;&quot;
-variable &quot;target-vpc&quot; {
-  type = string
-  default = &quot;$vpcId&quot;
-}
-&quot;&quot;&quot;
-def subnetGroupName = build.buildVariableResolver.resolve(&quot;db-subnet-group-name-$stackId&quot;)
-subnetVariables+=&quot;&quot;&quot;
-variable &quot;db-subnet-group-name&quot; {
-  type = string
-  default = &quot;$subnetGroupName&quot;
-}
-&quot;&quot;&quot;
-
-println(subnetVariables)
-
-new File(&quot;/var/jenkins_home/workspace/Update VPC Settings/subnet_variables_${stackId}.tf&quot;).write(subnetVariables)
-}
-
-
-def getSubnetForName(String name, def subnetsResponse){
-  return subnetsResponse.Subnets.find(
-    {it-&gt;it.Tags.find(
-      {tag-&gt;return tag.Key.contentEquals(&quot;Name&quot;) &amp;&amp; tag.Value.contentEquals(name)}
-    )}
-  );
-}</script>
-          <sandbox>false</sandbox>
-        </script>
-      </source>
-    </hudson.plugins.groovy.SystemGroovy>
-    <hudson.tasks.Shell>
-      <command># Push new subnet variables files to bucket
-
-aws sts assume-role --duration-seconds 900 --role-arn &quot;arn:aws:iam::${cnc_acct_id}:role/system/jenkins-s3-role&quot; --role-session-name &quot;configure-vpc-settings&quot; &gt; assume-role-output.txt
-
-export AWS_ACCESS_KEY_ID=`grep AccessKeyId assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SECRET_ACCESS_KEY=`grep SecretAccessKey assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-export AWS_SESSION_TOKEN=`grep SessionToken assume-role-output.txt | cut -d &apos;:&apos; -f 2 | sed &quot;s/[ ,\&quot;]//g&quot;`
-
-aws s3 cp subnet_variables_a.tf s3://$stack_s3_bucket/deployment_state_metadata/a/subnet_variables.tf 
-aws s3 cp subnet_variables_b.tf s3://$stack_s3_bucket/deployment_state_metadata/b/subnet_variables.tf 
-
-unset AWS_ACCESS_KEY_ID
-unset AWS_SECRET_ACCESS_KEY
-unset AWS_SESSION_TOKEN
-</command>
-    </hudson.tasks.Shell>
-  </builders>
-  <publishers/>
-  <buildWrappers/>
-</project>
\ No newline at end of file
diff --git a/jenkins-docker/jobs/biodatacatalyst-ui/config.xml b/jenkins-docker/jobs/biodatacatalyst-ui/config.xml
index 5f130c7a..45d4d936 100644
--- a/jenkins-docker/jobs/biodatacatalyst-ui/config.xml
+++ b/jenkins-docker/jobs/biodatacatalyst-ui/config.xml
@@ -1,85 +1,93 @@
 <?xml version='1.1' encoding='UTF-8'?>
 <project>
-    <actions/>
-    <description></description>
-    <keepDependencies>false</keepDependencies>
-    <properties>
-        <hudson.model.ParametersDefinitionProperty>
-            <parameterDefinitions>
-                <hudson.model.StringParameterDefinition>
-                    <name>pipeline_build_id</name>
-                    <description></description>
-                    <defaultValue>MANUAL_RUN</defaultValue>
-                    <trim>false</trim>
-                </hudson.model.StringParameterDefinition>
-                <hudson.model.StringParameterDefinition>
-                    <name>git_hash</name>
-                    <description></description>
-                    <defaultValue>*/master</defaultValue>
-                    <trim>false</trim>
-                </hudson.model.StringParameterDefinition>
-                <hudson.model.StringParameterDefinition>
-                    <name>S3_BUCKET_NAME</name>
-                    <description></description>
-                    <defaultValue>${stack_s3_bucket}</defaultValue>
-                    <trim>false</trim>
-                </hudson.model.StringParameterDefinition>
-            </parameterDefinitions>
-        </hudson.model.ParametersDefinitionProperty>
-    </properties>
-    <scm class="hudson.plugins.git.GitSCM" plugin="git@4.1.1">
-        <configVersion>2</configVersion>
-        <userRemoteConfigs>
-            <hudson.plugins.git.UserRemoteConfig>
-                <url>https://${git_base_url}/pic-sure-bdc-frontend.git</url>
-            </hudson.plugins.git.UserRemoteConfig>
-        </userRemoteConfigs>
-        <branches>
-            <hudson.plugins.git.BranchSpec>
-                <name>${git_hash}</name>
-            </hudson.plugins.git.BranchSpec>
-        </branches>
-        <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
-        <submoduleCfg class="list"/>
-        <extensions/>
-    </scm>
-    <canRoam>true</canRoam>
-    <disabled>false</disabled>
-    <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
-    <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
-    <triggers/>
-    <concurrentBuild>false</concurrentBuild>
-    <builders>
-        <hudson.tasks.Shell>
-            <command>
-                aws s3 --sse=AES256 cp s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-hpds-ui.tar.gz .
-                
-                PIC_SURE_HPDS_UI_VERSION=`docker load -i pic-sure-hpds-ui.tar.gz|cut -d &apos;:&apos; -f 3`
-                
-                docker tag hms-dbmi/pic-sure-hpds-ui:${PIC_SURE_HPDS_UI_VERSION} hms-dbmi/pic-sure-hpds-ui:TARGET_BUILD_VERSION
+  <actions/>
+  <description></description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>pipeline_build_id</name>
+          <defaultValue>MANUAL_RUN</defaultValue>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>git_hash</name>
+          <defaultValue>*/master</defaultValue>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>S3_BUCKET_NAME</name>
+          <defaultValue>${stack_s3_bucket}</defaultValue>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+  </properties>
+  <scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
+    <configVersion>2</configVersion>
+    <userRemoteConfigs>
+      <hudson.plugins.git.UserRemoteConfig>
+        <url>${pic_sure_biodatacatalyst_ui_repo}</url>
+      </hudson.plugins.git.UserRemoteConfig>
+    </userRemoteConfigs>
+    <branches>
+      <hudson.plugins.git.BranchSpec>
+        <name>${git_hash}</name>
+      </hudson.plugins.git.BranchSpec>
+    </branches>
+    <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+    <submoduleCfg class="empty-list"/>
+    <extensions/>
+  </scm>
+  <canRoam>true</canRoam>
+  <disabled>false</disabled>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <triggers/>
+  <concurrentBuild>false</concurrentBuild>
+  <builders>
+    <hudson.tasks.Shell>
+      <command>aws s3 --sse=AES256 cp s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-hpds-ui.tar.gz .
+PIC_SURE_HPDS_UI_VERSION=$(docker load -i pic-sure-hpds-ui.tar.gz | cut -d &apos;:&apos; -f 3)
+docker tag hms-dbmi/pic-sure-hpds-ui:${PIC_SURE_HPDS_UI_VERSION} hms-dbmi/pic-sure-hpds-ui:TARGET_BUILD_VERSION
 
-                GIT_BRANCH_SHORT=`echo ${GIT_BRANCH} | cut -d &quot;/&quot; -f 2`
-                GIT_COMMIT_SHORT=`echo ${GIT_COMMIT} | cut -c1-7`
-                
-                cd biodatacatalyst-ui
+GIT_BRANCH_SHORT=$(echo ${GIT_BRANCH} | cut -d &quot;/&quot; -f 2)
+GIT_COMMIT_SHORT=$(echo ${GIT_COMMIT} | cut -c1-7)
 
-                <!-- check if the open-pic-sure-bdc-frontend/ui/src/main/picsureui/ file exist. If it doesn't make an empty dir -->
-                if [ ! -d open-pic-sure-bdc-frontend/ui/src/main/picsureui/ ]; then
-                   mkdir -p open-pic-sure-bdc-frontend/ui/src/main/picsureui/
-                fi
+# Clean the dir out first
+rm -rf biodatacatalyst-ui/open-pic-sure-bdc-frontend
 
-                docker build --build-arg FILE_SUFFIX=${pipeline_build_id} --build-arg IS_OPEN_ACCESS=${is_open_access} -t hms-dbmi/pic-sure-biodatacatalyst-ui:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} .
-                
-                cd ../
-                mkdir -p docker_image_output
-                cd docker_image_output
-                
-                docker save hms-dbmi/pic-sure-biodatacatalyst-ui:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} | gzip &gt; pic-sure-ui.tar.gz
-                
-                aws s3 --sse=AES256 cp pic-sure-ui.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-ui.tar.gz
-            </command>
-        </hudson.tasks.Shell>
-    </builders>
-    <publishers/>
-    <buildWrappers/>
-</project>
+if [ "${env_is_open_access}" = &apos;true&apos; ]; then
+  # Move Open Access UI into BDC UI
+  echo &quot;Is open access: Copying repository to biodatacatalyst-ui/open-pic-sure-bdc-frontend&quot;
+  cp -r &quot;/var/jenkins_home/workspace/PIC-SURE Open Build&quot; &quot;biodatacatalyst-ui/open-pic-sure-bdc-frontend/&quot;
+  echo &quot;ls -la biodatacatalyst-ui/open-pic-sure-bdc-frontend&quot;
+else
+  # Create an empty directory structure if not open access
+  echo &quot;Is not open access: making empty dir structure&quot;
+  mkdir -p &quot;biodatacatalyst-ui/open-pic-sure-bdc-frontend/ui/src/main/psamaui/&quot;
+  mkdir -p &quot;biodatacatalyst-ui/open-pic-sure-bdc-frontend/ui/src/main/picsureui/&quot;
+fi
+
+# Check if &apos;psamaui&apos; directory exists at &apos;biodatacatalyst-ui/open-pic-sure-bdc-frontend/ui/src/main/&apos;
+if [ ! -d &quot;biodatacatalyst-ui/open-pic-sure-bdc-frontend/ui/src/main/psamaui/&quot; ]; then
+  mkdir -p &quot;biodatacatalyst-ui/open-pic-sure-bdc-frontend/ui/src/main/psamaui/&quot;
+fi
+
+
+# Move into workspace dir
+cd biodatacatalyst-ui
+docker build --build-arg FILE_SUFFIX=${pipeline_build_id} --build-arg IS_OPEN_ACCESS=${env_is_open_access} -t hms-dbmi/pic-sure-biodatacatalyst-ui:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} .
+mkdir -p docker_image_output
+cd docker_image_output
+
+docker save hms-dbmi/pic-sure-biodatacatalyst-ui:${GIT_BRANCH_SHORT}_${GIT_COMMIT_SHORT} | gzip &gt; pic-sure-ui.tar.gz
+aws s3 --sse=AES256 cp pic-sure-ui.tar.gz s3://$S3_BUCKET_NAME/releases/jenkins_pipeline_build_${pipeline_build_id}/pic-sure-ui.tar.gz
+</command>
+      <configuredLocalRules/>
+    </hudson.tasks.Shell>
+  </builders>
+  <publishers/>
+  <buildWrappers/>
+</project>
\ No newline at end of file
diff --git a/jenkins-docker/plugins.txt b/jenkins-docker/plugins.txt
index d30dbcb8..22b149a0 100644
--- a/jenkins-docker/plugins.txt
+++ b/jenkins-docker/plugins.txt
@@ -19,6 +19,6 @@ ws-cleanup
 subversion
 ldap
 cloudbees-folder
-list-git-branches-parameter
 copyartifact
 saml
+role-strategy
\ No newline at end of file
diff --git a/jenkins-docker/scriptApproval.xml b/jenkins-docker/scriptApproval.xml
index b640d7f0..72336ded 100644
--- a/jenkins-docker/scriptApproval.xml
+++ b/jenkins-docker/scriptApproval.xml
@@ -1,35 +1,10 @@
 <?xml version='1.1' encoding='UTF-8'?>
-<scriptApproval plugin="script-security@1.69">
+<scriptApproval plugin="script-security@1273.v66c1964f0dfd">
   <approvedScriptHashes>
-    <string>017d0db438428731cd600b6ebda805065433520f</string>
-    <string>06a421bb34e0e8aa45d8402eab04e6e54e46f913</string>
-    <string>06b6d44b82898dcd0960934aea3f4d5eae271fc5</string>
-    <string>111a0660bd7c615e97a4b6114a6e6a3048a6ab9a</string>
-    <string>1e85783c7377f7012394a563d520e4fbebc0511f</string>
-    <string>29e61b5ee7c9114091e46e3570618e0104d5cfc6</string>
-    <string>322c8d131432ddc7d8da24362c1e9fbd98209def</string>
-    <string>41c82a6a8c829d8c2826c2ee9e675231938c91c9</string>
-    <string>4562d484eec17bbf6c1a4c2dfb9e75c76db75188</string>
-    <string>4b3bea48f47c9481c6775e29d6b4b6adab5e286e</string>
-    <string>4ce588ae2c722178d1a0bcbb7962423f5fc78068</string>
-    <string>52bdc81591ab4a2186602c27d33b3f595ba3e163</string>
-    <string>5cd0f8e92c0fad5e2ae68b2d55065b69c776acc1</string>
-    <string>67e468ca78a4d1d61a4f44b52f1177572094ff1e</string>
-    <string>6af9235e3b2be6f41cf962add1f08ca4a5664bfd</string>
-    <string>73bc048aca7c126772f39853e7dc8417ddd4ec54</string>
-    <string>796400d4c193b8ba1000aae6ef1d46e80b348afe</string>
-    <string>9061fb0b398bac834e90acac342c71b75fd5e9b3</string>
-    <string>90be77cc74f11f2305ec7704d3c7955b7c1655a2</string>
-    <string>adb6d9d969156a0e0d503c00f76271c44e185346</string>
-    <string>adce500d4a52fb0b5edb0f93c5c0e26ccca0b4d9</string>
-    <string>bf65c48f68235f3efd5c76b56406453d8655fdd9</string>
-    <string>c21d14044b16f41290e92dcf26e9fd31b278b442</string>
-    <string>d2e279e72f439f7d7e6f65aeeddbf8d6b167b659</string>
-    <string>e5ad22ea5934b94ba902974b1677e7d2250594d7</string>
-    <string>fb10b1b30d59d5087570a5af06b603a62fde9408</string>
-    <string>df74e9004131c8ff7cdaea580a40816aeeaeb142</string>
-    <string>001e4903e2f6757845eabf6158f55b75bb3f5d7e</string>
-    <string>c542b6d9c470ba02878b35aa54dead50ad8a7fb3</string>
+    <string>SHA512:3f205299bef2fe3329258a42f2c60d332cc35ccb41a3ca0512d7869c6aff4561ff708c48123b4f7c3dec33ccca30d54fb8b9b51b5bc7070f96236d11a3f0bdcb</string>
+    <string>SHA512:90a8e21755ae6fa93c3f606a1ce62d6116d485ed6569a94cde9993aa005f6f29557fbd9a705bc09baded1de761b15d28f5e001db9c9c10d2e138653dffe52c26</string>
+    <string>SHA512:d1a422ef19f95e8c6f81b8b0f4c90d988d3e24a0833acb2bb71f103a912f7e1d66203367571bda4283470da26d0a62fba8d60d3fb23ee9304a457892dbf5b919</string>
+    <string>SHA512:d4b9f78c783e15291f0bc65fe5e5915b3be9586ffaf793a9202a0292560b9effac840e27257a517e666fd6ca7b2863c1fb0078bf30055aacfe6ce1f77d78edd6</string>
   </approvedScriptHashes>
   <approvedSignatures>
     <string>method groovy.json.JsonOutput toJson java.util.Map</string>
diff --git a/jenkins-terraform/README.md b/jenkins-terraform/README.md
new file mode 100644
index 00000000..b2a55027
--- /dev/null
+++ b/jenkins-terraform/README.md
@@ -0,0 +1,140 @@
+# Table of Contents
+
+- [Variables](#variables)
+- [Terraform Backend](#terraform-backend)
+- [Outputs](#outputs)
+
+## Variables
+- [stack_id](#stack_id)
+- [git_commit](#git_commit)
+- [jenkins_vpc_id](#jenkins_vpc_id)
+- [jenkins_instance_profile_name](#jenkins_instance_profile_name)
+- [jenkins_tf_state_bucket](#jenkins_tf_state_bucket)
+- [jenkins_subnet_id](#jenkins_subnet_id)
+- [jenkins_sg_egress_allow_all_cidr_blocks](#jenkins_sg_egress_allow_all_cidr_blocks)
+- [jenkins_sg_ingress_https_cidr_blocks](#jenkins_sg_ingress_https_cidr_blocks)
+- [jenkins_config_s3_location](#jenkins_config_s3_location)
+- [jenkins_ec2_instance_type](#jenkins_ec2_instance_type)
+- [jenkins_tf_local_var_OS_dist](#jenkins_tf_local_var_OS_dist)
+- [jenkins_ec2_ebs_volume_size](#jenkins_ec2_ebs_volume_size)
+- [jenkins_docker_maven_distro](#jenkins_docker_maven_distro)
+- [jenkins_docker_terraform_distro](#jenkins_docker_terraform_distro)
+- [jenkins_git_repo](#jenkins_git_repo)
+- [program](#program)
+- [env_is_open_access](#env_is_open_access)
+- [environment_name](#environment_name)
+- [is_initialized](#is_initialized)
+- [locals](#locals)
+
+## Terraform Backend
+- [Terraform Backend Configuration](#terraform-backend-configuration)
+
+## Outputs
+- [jenkins-ec2-id](#jenkins-ec2-id)
+- [jenkins-ec2-ip](#jenkins-ec2-ip)
+
+# Variables
+
+The following variables are defined in the `jenkins-deploy-tf-variables.tf` and `jenkins-local-tf-variables.tf` file. Adjust these variables based on your specific requirements:
+
+- **stack_id**:
+  - Description: Identifier for the Jenkins instance stack.
+  - Type: `string`
+
+- **git_commit**:
+  - Description: Git commit hash for version tracking.
+  - Type: `string`
+
+- **jenkins_vpc_id**:
+  - Description: ID of the VPC where Jenkins will be deployed.
+  - Type: `string`
+
+- **jenkins_instance_profile_name**:
+  - Description: Name of the IAM instance profile attached to the Jenkins EC2 instance.
+  - Type: `string`
+
+- **jenkins_tf_state_bucket**:
+  - Description: Name of the S3 bucket for storing Terraform state.
+  - Type: `string`
+
+- **jenkins_subnet_id**:
+  - Description: ID of the subnet where Jenkins will be deployed.
+  - Type: `string`
+
+- **jenkins_sg_egress_allow_all_cidr_blocks**:
+  - Description: List of CIDR blocks for egress traffic from Jenkins security group.
+  - Type: `list(any)`
+
+- **jenkins_sg_ingress_https_cidr_blocks**:
+  - Description: List of CIDR blocks for inbound HTTPS traffic to Jenkins security group.
+  - Type: `list(any)`
+
+- **jenkins_config_s3_location**:
+  - Description: S3 location for Jenkins configuration files.
+  - Type: `string`
+
+- **jenkins_ec2_instance_type**:
+  - Description: AWS EC2 instance type for Jenkins.
+  - Type: `string`
+
+- **jenkins_tf_local_var_OS_dist**:
+  - Description: Operating system distribution for Jenkins (e.g., "CENTOS").
+  - Type: `string`
+
+- **jenkins_ec2_ebs_volume_size**:
+  - Description: Size of the EBS volume attached to the Jenkins EC2 instance.
+  - Type: `number`
+
+- **jenkins_docker_maven_distro**:
+  - Description: Docker Maven distribution used by Jenkins.
+  - Type: `string`
+
+- **jenkins_docker_terraform_distro**:
+  - Description: Docker Terraform distribution used by Jenkins.
+  - Type: `string`
+
+- **jenkins_git_repo**:
+  - Description: Git repository URL for Jenkins.
+  - Type: `string`
+
+- **program**:
+  - Description: Program identifier.
+  - Type: `string`
+
+- **env_is_open_access**:
+  - Description: Boolean flag indicating if the environment is open access.
+  - Type: `bool`
+
+- **environment_name**:
+  - Description: Name of the environment (e.g., "dev").
+  - Type: `string`
+
+- **is_initialized**:
+  - Description: Flag indicating whether Jenkins is initialized.
+  - Type: `string`
+
+Make sure to replace the placeholder values with actual configurations.
+
+# Terraform Backend
+
+```hcl
+terraform {
+  backend "s3" {
+    encrypt = true
+  }
+}
+```
+
+# Outputs
+
+This module defines the following outputs:
+
+- **jenkins-ec2-id**:
+  - Description: The ID of the Jenkins EC2 instance.
+  - Usage: Use this output to reference the unique identifier of the deployed Jenkins EC2 instance.
+
+- **jenkins-ec2-ip**:
+  - Description: The private IP address of the Jenkins EC2 instance.
+  - Usage: Use this output to obtain the private IP address assigned to the Jenkins EC2 instance.
+
+These outputs can be utilized in other Terraform objects or scripts to access information about the deployed Jenkins infrastructure.
diff --git a/jenkins-terraform/distro/linux/centos/user-scripts/install-docker.sh b/jenkins-terraform/distro/linux/centos/user-scripts/install-docker.sh
new file mode 100644
index 00000000..a2d89954
--- /dev/null
+++ b/jenkins-terraform/distro/linux/centos/user-scripts/install-docker.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+sh /opt/srce/scripts/start-gsstools.sh
+sudo yum -y update
+
+# grab image tar
+aws s3 cp s3://${jenkins_tf_state_bucket}/containers/jenkins/jenkins.tar.gz jenkins.tar.gz
+
+# load image
+load_result=$(docker load -i jenkins.tar.gz)
+image_tag=$(echo "$load_result" | grep -o -E "jenkins:[[:alnum:]_]+")
+
+#run docker container
+sudo docker run -d --log-driver syslog --log-opt tag=jenkins \
+                    -v /var/jenkins_home/workspace:/var/jenkins_home/workspace \
+                    -v /var/run/docker.sock:/var/run/docker.sock \
+                    -p 443:8443 \
+                    --restart always \
+                    --name jenkins \
+                    $image_tag
+
+#sudo docker logs -f jenkins > /var/log/jenkins-docker-logs/jenkins.log &
+
+INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")" --silent http://169.254.169.254/latest/meta-data/instance-id)
+sudo /usr/bin/aws --region=us-east-1 ec2 create-tags --resources $${INSTANCE_ID} --tags Key=InitComplete,Value=true
+
diff --git a/jenkins-terraform/export_initialization_variables.sh b/jenkins-terraform/export_initialization_variables.sh
new file mode 100644
index 00000000..5e2022a6
--- /dev/null
+++ b/jenkins-terraform/export_initialization_variables.sh
@@ -0,0 +1,18 @@
+#!\usr\bin\env bash
+
+export GIT_COMMIT=<Git hash for Jenkins Repo> \
+export jenkins_tf_state_region=<AWS Region> \
+export jenkins_tf_state_bucket=<TF state bucket> \
+export jenkins_tf_state_bucket=<s3 bucket created in prerequisites> \
+export stack_id=<environment short name ( dev or prod )> \
+export jenkins_subnet_id=<aws subnet_id used for jenkins> \
+export jenkins_vpc_id=<aws vpc_id for Jenkins> \
+export jenkins_instance_profile_name=<IAM Profile name for Jenkins> \
+export jenkins_sg_ingress_https_cidr_blocks=<CIDR block used for Jenkins HTTPS Security group> \
+export jenkins_sg_egress_allow_all_cidr_blocks=<CIDR block used for Outbound Access SG> \
+export jenkins_config_s3_location=<s3 location that stores Jenkins config.xml> \
+export jenkins_ec2_instance_type=<size of the ec2> \
+export jenkins_tf_local_var_OS_dist=<os to distribute> \
+export jenkins_ec2_ebs_volume_size=<ebs volume size> \
+export jenkins_docker_maven_distr=NO LONGER USED \
+export jenkins_docker_terraform_distro=<terraform distribution to use>
diff --git a/jenkins-terraform/initialize-jenkins.sh b/jenkins-terraform/initialize-jenkins.sh
new file mode 100644
index 00000000..8c34c836
--- /dev/null
+++ b/jenkins-terraform/initialize-jenkins.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+### BEFORE RUNNING!
+# Need to export the variables used in the terraform apply below as env variables or store them in a variable.tf file
+# or just replace the variables with the values needed.
+# Values should be stored in the global config.xml that is located at the ${jenkins_config_s3_location} variable.
+#
+# Also need to have jenkins-s3-role on the ec2
+
+#### Script that will be used to initialize a jenkins CI environment.
+## Once a Jenkins server is built it is able to recreate itself.
+## This should be a replicate of the bash script used in the Create New Jenkins Server.
+
+### Install terraform current distro used is https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_linux_amd64.zip
+
+RUN wget -c $JENKINS_DOCKER_TERRAFORM_DISTRO -O /opt/terraform.zip
+
+RUN unzip /opt/terraform.zip -d /usr/local/bin/
+
+
+# backend s3 config will always be encrypted
+# need to find a better key location that isn't tied to the git commit for the job
+terraform init \
+-backend-config="bucket=${jenkins_tf_state_bucket}" \
+-backend-config="key=jenkins_state/jenkins_${GIT_COMMIT}/terraform.tfstate" \
+-backend-config="region=${jenkins_tf_state_region}"
+
+terraform apply -auto-approve \
+-var "git_commit=`echo ${GIT_COMMIT} |cut -c1-7`" \
+-var "jenkins_tf_state_bucket=${jenkins_tf_state_bucket}" \
+-var "stack_id=${stack_id}" \
+-var "jenkins_subnet_id=${jenkins_subnet_id}" \
+-var "jenkins_vpc_id=${jenkins_vpc_id}" \
+-var "jenkins_instance_profile_name=${jenkins_instance_profile_name}" \
+-var "jenkins_sg_ingress_https_cidr_blocks=${jenkins_sg_ingress_https_cidr_blocks}" \
+-var "jenkins_sg_egress_allow_all_cidr_blocks=${jenkins_sg_egress_allow_all_cidr_blocks}" \
+-var "jenkins_config_s3_location=${jenkins_config_s3_location}" \
+-var "jenkins_ec2_instance_type=${jenkins_ec2_instance_type}" \
+-var "jenkins_tf_local_var_OS_dist=${jenkins_tf_local_var_OS_dist}" \
+-var "jenkins_ec2_ebs_volume_size=${jenkins_ec2_ebs_volume_size}" \
+-var "jenkins_docker_maven_distro=${jenkins_docker_maven_distro}" \
+-var "jenkins_docker_terraform_distro=${jenkins_docker_terraform_distro}"
diff --git a/jenkins-terraform/jenkins-deploy-tf-variables.tf b/jenkins-terraform/jenkins-deploy-tf-variables.tf
new file mode 100644
index 00000000..08abc2d0
--- /dev/null
+++ b/jenkins-terraform/jenkins-deploy-tf-variables.tf
@@ -0,0 +1,89 @@
+#  local / dynamic variables can be found in jenkins-local-tf-variables.tf
+
+variable "stack_id" {
+  type    = string
+  default = "test"
+}
+
+variable "git_commit" {
+  type = string
+}
+
+variable "jenkins_vpc_id" {
+  type = string
+}
+
+variable "jenkins_instance_profile_name" {
+  type = string
+}
+
+variable "jenkins_tf_state_bucket" {
+  type = string
+}
+
+variable "jenkins_subnet_id" {
+  type = string
+}
+
+variable "jenkins_sg_egress_allow_all_cidr_blocks" {
+  type = list(any)
+}
+
+variable "jenkins_sg_ingress_https_cidr_blocks" {
+  type = list(any)
+}
+
+variable "jenkins_config_s3_location" {
+  type = string
+}
+
+variable "jenkins_ec2_instance_type" {
+  type = string
+}
+
+variable "jenkins_tf_local_var_OS_dist" {
+  type = string
+
+  # in terraform .13 variable validations are no longer experimental and is production ready.
+  # use this validations when upgrading to terraform .13
+  # will not implement .12 experimental features
+  #validation {
+  #  condition = contains(local.valid_os,var.jenkins_tf_local_var_OS_dist)
+  #  error_message = "Unsupported OS Distribution - Check the Terraform accepted valid_os list"
+  #}
+}
+
+variable "jenkins_ec2_ebs_volume_size" {
+  type = number
+}
+
+variable "jenkins_docker_maven_distro" {
+  type = string
+}
+
+variable "jenkins_docker_terraform_distro" {
+  type = string
+}
+
+variable "jenkins_git_repo" {
+  type = string
+}
+
+variable "program" {
+  type = string
+  default = "BdC"
+}
+
+variable "env_is_open_access" {
+  type = bool
+}
+
+variable "environment_name" {
+  type    = string
+  default = "dev"
+}
+
+variable "is_initialized" {
+  type    = string
+  default = "false"
+}
\ No newline at end of file
diff --git a/jenkins-terraform/jenkins-ec2.tf b/jenkins-terraform/jenkins-ec2.tf
new file mode 100644
index 00000000..28ff20e4
--- /dev/null
+++ b/jenkins-terraform/jenkins-ec2.tf
@@ -0,0 +1,75 @@
+# See the jenkins-local-tf-variables to find how the user-script is being set
+data "template_file" "jenkins-user_data" {
+  template = file(local.user_script)
+  vars = {
+    jenkins_tf_state_bucket         = var.jenkins_tf_state_bucket
+    stack_id                        = var.stack_id
+    jenkins_config_s3_location      = var.jenkins_config_s3_location
+    jenkins_docker_maven_distro     = var.jenkins_docker_maven_distro
+    jenkins_docker_terraform_distro = var.jenkins_docker_terraform_distro
+    jenkins_git_repo                = var.jenkins_git_repo
+    git_commit                      = var.git_commit
+  }
+}
+
+#Lookup latest AMI
+data "aws_ami" "centos" {
+  most_recent = true
+  owners      = ["752463128620"]
+  name_regex  = "^srce-centos7-golden-*"
+}
+
+data "template_cloudinit_config" "config" {
+  gzip          = true
+  base64_encode = true
+
+  # user_data
+  part {
+    content_type = "text/x-shellscript"
+    content      = data.template_file.jenkins-user_data.rendered
+  }
+}
+
+resource "aws_instance" "jenkins" {
+  ami           = data.aws_ami.centos.id
+  instance_type = var.jenkins_ec2_instance_type
+
+  iam_instance_profile = var.jenkins_instance_profile_name
+
+  root_block_device {
+    delete_on_termination = true
+    encrypted             = true
+    volume_size           = 1000
+  }
+
+  vpc_security_group_ids = [
+    aws_security_group.inbound-jenkins.id,
+    aws_security_group.outbound-jenkins-to-internet.id
+  ]
+
+  subnet_id = var.jenkins_subnet_id
+
+  tags = {
+    Owner       = "Avillach_Lab"
+    Environment = var.environment_name
+    Project     = local.project
+    Program     = var.program
+    Name        = "${var.program} Jenkins ${local.project} - ${var.stack_id} - ${var.git_commit}"
+    InitComplete = "${var.is_initialized}"
+  }
+
+  user_data = data.template_cloudinit_config.config.rendered
+
+  lifecycle {
+     create_before_destroy = true
+  }
+
+}
+
+output "jenkins-ec2-id" {
+  value =  aws_instance.jenkins.id
+}
+
+output "jenkins-ec2-ip" {
+  value =  aws_instance.jenkins.private_ip
+}
diff --git a/jenkins-terraform/jenkins-local-tf-variables.tf b/jenkins-terraform/jenkins-local-tf-variables.tf
new file mode 100644
index 00000000..ba002839
--- /dev/null
+++ b/jenkins-terraform/jenkins-local-tf-variables.tf
@@ -0,0 +1,21 @@
+/*
+  This tf vars should store dynamic vars
+
+*/
+
+# variable to control OS Distribution.
+
+locals {
+  # list of supported Distributions.  Used by jenkins_tf_local_var_dist for validation of Supported Distributions
+  valid_os           = ["CENTOS"]
+  centos_user_script = "distro/linux/centos/user-scripts/install-docker.sh"
+
+  # set user script location using coalesce based on the distribution
+  centos_script  = var.jenkins_tf_local_var_OS_dist == "CENTOS" ? local.centos_user_script : ""
+  example_script = var.jenkins_tf_local_var_OS_dist == "EXAMPLE" ? "Unreachable Coalesece Example" : ""
+
+  user_script = coalesce(local.centos_script, local.example_script)
+
+  project = var.env_is_open_access ? "Open PIC-SURE" : "Auth PIC-SURE"
+}
+
diff --git a/jenkins-terraform/jenkins-security-groups.tf b/jenkins-terraform/jenkins-security-groups.tf
new file mode 100644
index 00000000..b6f546a7
--- /dev/null
+++ b/jenkins-terraform/jenkins-security-groups.tf
@@ -0,0 +1,50 @@
+# uniq name for security group.  
+resource "random_string" "random" {
+   length  = 6
+   special = false
+}
+locals {
+   uniq_name = random_string.random.result
+}
+
+resource "aws_security_group" "inbound-jenkins" {
+  name        = "allow_inbound_to_jenkins_${var.stack_id}_${local.uniq_name}"
+  description = "Allow inbound traffic on Port 443"
+  vpc_id      = var.jenkins_vpc_id
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = var.jenkins_sg_ingress_https_cidr_blocks
+  }
+
+  tags = {
+    Owner       = "Avillach_Lab"
+    Environment = var.environment_name
+    Project     = local.project
+    Program     = var.program
+    Name        = "${local.project} Jenkins Inbound Security Group - ${var.stack_id}"
+  }
+}
+
+resource "aws_security_group" "outbound-jenkins-to-internet" {
+  name        = "allow_jenkins_outbound_to_internet_${var.stack_id}_${local.uniq_name}"
+  description = "Allow outbound traffic from Jenkins"
+  vpc_id      = var.jenkins_vpc_id
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = -1
+    cidr_blocks = var.jenkins_sg_egress_allow_all_cidr_blocks
+  }
+
+  tags = {
+    Owner       = "Avillach_Lab"
+    Environment = var.environment_name
+    Project     = local.project
+    Program     = var.program
+    Name        = "${local.project} Jenkins Outbound Security Group - ${var.stack_id}"
+  }
+}
diff --git a/jenkins-terraform/provider.tf b/jenkins-terraform/provider.tf
new file mode 100644
index 00000000..6cc28761
--- /dev/null
+++ b/jenkins-terraform/provider.tf
@@ -0,0 +1,12 @@
+provider "aws" {
+  region  = "us-east-1"
+  profile = "avillachlab-secure-infrastructure"
+  version = "3.74"
+}
+
+# currenlty using default AES encryption
+terraform {
+  backend "s3" {
+    encrypt = true
+  }
+}
\ No newline at end of file
diff --git a/non-fisma-infrastructure/provider.tf b/non-fisma-infrastructure/provider.tf
index d87ee1cd..f7fb68d2 100644
--- a/non-fisma-infrastructure/provider.tf
+++ b/non-fisma-infrastructure/provider.tf
@@ -1,4 +1,6 @@
-provider "aws" {
-  region     = "us-east-1" 
-  profile    = "avillachlab-secure-infrastructure"
-}
+# commenting out so non-fisma-infrastructure can never be applied
+# should just remove this?
+#provider "aws" {
+#  region     = "us-east-1" 
+#  profile    = "avillachlab-secure-infrastructure"
+#}