diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
index b1944ec..8615845 100644
--- a/.github/workflows/terraform-apply.yml
+++ b/.github/workflows/terraform-apply.yml
@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: CI
+name: Terraform Apply
 
 # Controls when the workflow will run
 on:
diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml
index fb45474..199f910 100644
--- a/.github/workflows/terraform-plan.yaml
+++ b/.github/workflows/terraform-plan.yaml
@@ -1,14 +1,11 @@
 # This is a basic workflow to help you get started with Actions
 
-name: CI
+name: Terraform Plan
+
 
 # Controls when the workflow will run
 on:
-  # Triggers the workflow on push or pull request events but only for the "main" branch
   pull_request:
-    branches: [ "main" ]
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -21,18 +18,20 @@ jobs:
       AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
       AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}"
       
+
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-#       - uses: CSVD/gh-actions-setup-node@v3
-#         with:
-#           node-version: 16
+
+       - uses: CSVD/gh-actions-setup-node@v3
+         with:
+           node-version: 16
           
-#       - uses: CSVD/gh-actions-setup-terraform@v2
-#         with:
-#           terraform_wrapper: false
+       - uses: CSVD/gh-actions-setup-terraform@v2
+         with:
+           terraform_wrapper: false
           
       - name: Terraform fmt
         id: fmt
@@ -88,3 +87,4 @@ jobs:
               repo: context.repo.repo,
               body: output
             })
+
diff --git a/.gitignore b/.gitignore
index 2faf43d..d3e557e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,3 +35,4 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+ghe-runner
diff --git a/linux.tf b/linux.tf
index 6cff4e7..2c6eb98 100644
--- a/linux.tf
+++ b/linux.tf
@@ -1,3 +1,7 @@
+moved {
+  from = module.main
+  to = module.amazon_linux
+}
 
 module "amazon_linux" {
   source                    = "HappyPathway/image-pipeline/aws"
@@ -18,7 +22,11 @@ module "amazon_linux" {
       type  = "PLAINTEXT"
     }
   ]
-  packer_repo   = data.aws_codecommit_repository.linux
+  packer_source_type = "S3"
+  packer_bucket = {
+    name =  aws_s3_bucket.assets_bucket.bucket
+    key  =  "linux-image-pipeline.zip"
+  }
   ansible_repo  = data.aws_codecommit_repository.ansible
   goss_repo     = data.aws_codecommit_repository.goss
   goss_profile  = "base-test"
@@ -32,11 +40,11 @@ output "linux_iam_arn" {
   value = module.amazon_linux.iam_arn
 }
 
-output "linux_codebuild_user" {
-  value = module.amazon_linux.build_user.name
-}
-
 output "linux_parameters" {
   value     = keys(module.amazon_linux.parameters)
   sensitive = true
-}
\ No newline at end of file
+}
+
+output linux_bucket {
+  value = module.amazon_linux.s3_bucket
+}
diff --git a/main.tf b/main.tf
index fac9b5d..715c85e 100644
--- a/main.tf
+++ b/main.tf
@@ -4,9 +4,17 @@ resource "aws_s3_bucket" "state_bucket" {
   bucket = "inf-test-${random_uuid.random.result}"
 }
 
-resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
-  bucket = aws_s3_bucket.state_bucket.bucket
+resource "aws_s3_bucket" "assets_bucket" {
+  bucket = "image-pipeline-assets"
+}
 
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
+  for_each = tomap({
+    state_bucket = aws_s3_bucket.state_bucket.bucket
+    assets_bucket = aws_s3_bucket.assets_bucket.bucket
+  })
+  bucket = each.value
   rule {
     apply_server_side_encryption_by_default {
       sse_algorithm = "aws:kms"
@@ -18,7 +26,10 @@ data "aws_iam_policy_document" "s3_access" {
   statement {
     effect    = "Allow"
     actions   = ["s3:*"]
-    resources = ["*"]
+    resources = [
+      aws_s3_bucket.state_bucket.arn,
+      aws_s3_bucket.assets_bucket.arn
+    ]
   }
 }
 
diff --git a/rhel.tf b/rhel.tf
index 3aba4c1..d51e331 100644
--- a/rhel.tf
+++ b/rhel.tf
@@ -27,16 +27,3 @@ module "rhel" {
   source_ami    = "ami-03fadeeea589a106b" # x86_64 compatible AMI
   instance_type = "t3.micro"              # x86_64 compatible instance type
 }
-
-output "rhel_iam_arn" {
-  value = module.amazon_linux.iam_arn
-}
-
-output "rhel_codebuild_user" {
-  value = module.amazon_linux.build_user.name
-}
-
-output "rhel_parameters" {
-  value     = keys(module.amazon_linux.parameters)
-  sensitive = true
-}
\ No newline at end of file
diff --git a/windows.tf b/windows.tf
index c7834d3..3448477 100644
--- a/windows.tf
+++ b/windows.tf
@@ -35,19 +35,3 @@ module "windows" {
   instance_type = "t2.xlarge"             # x86_64 compatible instance type
 }
 
-output "winrm_password" {
-  value = nonsensitive(random_password.winrm.result)
-}
-
-output "windows_iam_arn" {
-  value = module.amazon_linux.iam_arn
-}
-
-output "windows_codebuild_user" {
-  value = module.amazon_linux.build_user.name
-}
-
-output "windows_parameters" {
-  value     = keys(module.amazon_linux.parameters)
-  sensitive = true
-}
\ No newline at end of file