diff --git a/.github/workflows/gh-token.yml b/.github/workflows/gh-token.yml
index f7e1c7c..04aaa9e 100644
--- a/.github/workflows/gh-token.yml
+++ b/.github/workflows/gh-token.yml
@@ -4,16 +4,23 @@ on:
   schedule:
     - cron: '*/5 * * * *'  # Runs every 5 minutes
   workflow_dispatch:  # Allows manual triggering
-
+  
+permissions:
+  contents: write
+  id-token: write
+ 
 jobs:
-  refresh-token:
-    name: Refresh GitHub Token
-    uses: CSVD/centralized-actions/.github/workflows/upload-github-token.yml@main
-    with:
-      aws_region: 'us-gov-west-1'
-      secret_name: '/eks-cluster-deployment/github_token'  # This matches the SECRET_NAME in app.py
-      github_app_id: ${{ vars.GH_APP_ID }}
-      github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
-      use_ecs_credentials: true
-    secrets:
-      github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+  build:
+    runs-on: ubuntu-latest
+    if: ${{ github.server_url != 'https://github.com' }}
+    steps:
+      - name: Refresh GitHub Token
+        uses: CSVD/centralized-actions/.github/workflows/upload-github-token.yml@main
+        with:
+          aws_region: 'us-gov-west-1'
+          secret_name: '/eks-cluster-deployment/github_token'  # This matches the SECRET_NAME in app.py
+          github_app_id: ${{ vars.GH_APP_ID }}
+          github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+          use_ecs_credentials: true
+        secrets:
+          github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
diff --git a/.github/workflows/init-cluster-pr.yml b/.github/workflows/init-cluster-pr.yml
index 76246e4..df42149 100644
--- a/.github/workflows/init-cluster-pr.yml
+++ b/.github/workflows/init-cluster-pr.yml
@@ -24,38 +24,8 @@ jobs:
           echo "aws_account=${AWS_ACCOUNT}" >> $GITHUB_OUTPUT
           echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT
 
-  expand-config:
-    needs: determine-environment
-    runs-on: [ "${{ needs.determine-environment.outputs.aws_account }}" ]
-    
-    steps:
-      - uses: actions/checkout@v4
-      
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.11'
-          
-      - name: Install Ansible
-        run: |
-          python -m pip install --upgrade pip
-          pip install ansible jinja2
-          
-      - name: Run HCL Generator
-        run: |
-          cd ansible
-          ansible-playbook generate_hcl_files.yml
-          
-      - name: Commit HCL Files
-        run: |
-          git config --global user.name "GitHub Actions Bot"
-          git config --global user.email "actions@github.com"
-          git add environment/
-          git commit -m "Generate HCL files from config" || echo "No changes to commit"
-          git push origin HEAD:${{ github.head_ref }}
-
   terraform-plan:
-    needs: [ determine-environment, expand-config ]
+    needs: [ determine-environment ]
     runs-on: [ "${{ needs.determine-environment.outputs.aws_account }}" ]
     
     steps:
diff --git a/design-docs/README.md b/design-docs/README.md
index 2fcce9a..7858b74 100644
--- a/design-docs/README.md
+++ b/design-docs/README.md
@@ -11,6 +11,14 @@ This is the terraform module that is repsonsible for deploying our Lambda functi
 ### template-automation-lambda
 This is actual Lambda function, this repo creates a Docker image that we deploy to Lambda. Our actual lambda code is in template_automation/app.py.
 
+### Build Infrastructure Requirements
+The Terraform configuration in this repository is specifically for building the Lambda container image in ECR. Due to tooling restrictions and access requirements, the build process must be executed in GitHub.com rather than in the target organization's environment. This means:
+
+- The container image build pipeline runs in GitHub.com
+- Terraform in this repo manages only build-related resources (ECR repository, build IAM roles)
+- The build process cannot access internal tools or resources of the target organization
+- The resulting container image is then referenced by the terraform-aws-template-automation module for actual deployment
+
 ## Overview
 This document outlines the implementation plan for enhancing the EKS Automation Lambda to improve its GitHub integration workflow and testing capabilities. Most of this work will take place in template_automation/app.py
 
diff --git a/template-automation-lambda.code-workspace b/template-automation-lambda.code-workspace
index e25aa1f..cafb134 100644
--- a/template-automation-lambda.code-workspace
+++ b/template-automation-lambda.code-workspace
@@ -1,15 +1,23 @@
 {
 	"folders": [
 		{
+			"name": "template-eks-cluster",
+			"path": "../template-eks-cluster"
+		},
+		{
+			"name": "template-automation-lambda",
 			"path": "."
 		},
 		{
+			"name": "terraform-aws-template-automation",
 			"path": "../terraform-aws-template-automation"
 		},
 		{
+			"name": "d",
 			"path": "../providers/terraform-provider-aws/website/docs/d"
 		},
 		{
+			"name": "r",
 			"path": "../providers/terraform-provider-aws/website/docs/r"
 		}
 	],