diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml
index 72829d8..04b96db 100644
--- a/.github/workflows/terraform-validate.yaml
+++ b/.github/workflows/terraform-validate.yaml
@@ -1,42 +1,40 @@
-name: Terraform Validate
+name: Terraform CI/CD
 on:
-  pull_request:
   workflow_dispatch:
-
+  pull_request:
+    types: [closed]
+    branches:
+      - main
 jobs:
-
-  terraform-validate:
-    runs-on: "229685449397"
+  terraform-ci-cd:
+    runs-on: 229685449397
     permissions:
       contents: write
+
     steps:
       - name: Checkout code
         uses: CSVD/gh-actions-checkout@v4
 
-      - name: Setup Terraform
-        uses: CSVD/gh-actions-setup-terraform@v2
+      - name: Setup GITHUB Credentials
+        id: github_credentials
+        uses: CSVD/gh-auth@main
         with:
-          terraform_version: '1.7.3'
-
-      - name: Validate Terraform Configuration
-        id: validate
-        uses: CSVD/terraform-validate@main
+          github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+          github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+          github_app_id: ${{ vars.GH_APP_ID }}
 
-      - name: Check Validation/Test Results
-        if: always()
+      - name: Setup GitHub CLI
         run: |
-          # Set default values if outputs are empty
-          IS_VALID="${{ steps.validate.outputs.is_valid }}"
-          TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}"
+          # Force manual authentication since setup-git might not work with GitHub Enterprise
+          echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt
+          gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt
+          rm /tmp/token.txt
 
-          # If outputs are empty, set them to false
-          [ -z "$IS_VALID" ] && IS_VALID="false"
-          [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false"
+          # Test GitHub CLI auth status
+          gh auth status || echo "GitHub CLI authentication failed"
 
-          if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then
-            echo "Validation or test errors found:"
-            echo "${{ steps.validate.outputs.stderr }}"
-            exit 1
-          else
-            echo "All validations and tests passed successfully!"
-          fi
+      - name: Run Release Action
+        uses: CSVD/releaser@main
+        with:
+          github-token: ${{ steps.github_credentials.outputs.github_token }}
+          working-directory: '.'
diff --git a/README.md b/README.md
index 38e11f2..d686b70 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ This module deploys and configures Kiali via its operator and integrates it with
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
 
@@ -17,6 +18,8 @@ This module deploys and configures Kiali via its operator and integrates it with
 
 | Name | Version |
 |------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.94.1 |
+| <a name="provider_aws.eecr"></a> [aws.eecr](#provider\_aws.eecr) | 5.94.1 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
 
 ## Modules
@@ -24,18 +27,21 @@ This module deploys and configures Kiali via its operator and integrates it with
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_images"></a> [images](#module\_images) | git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
-| <a name="module_ingress_resources"></a> [ingress\_resources](#module\_ingress\_resources) | git::https://github.e.it.census.gov/SCT-Engineering/tfmod-istio-service-ingress.git | main |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [helm_release.kiali](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source |
+| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no |
 | <a name="input_cluster_domain"></a> [cluster\_domain](#input\_cluster\_domain) | The domain name used to reference ingresses for the cluster | `string` | n/a | yes |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which the tools are deployed. | `string` | n/a | yes |
 | <a name="input_grafana_internal_url"></a> [grafana\_internal\_url](#input\_grafana\_internal\_url) | The url within the cluster to use to access grafana. | `string` | n/a | yes |
@@ -47,7 +53,10 @@ This module deploys and configures Kiali via its operator and integrates it with
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to create and into which the tools are deployed. | `string` | `"namespace"` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | The AWS\_PROFILE to use while running the scripts. | `string` | `""` | no |
 | <a name="input_prometheus_internal_url"></a> [prometheus\_internal\_url](#input\_prometheus\_internal\_url) | The url within the cluster to use to query the prometheus server. | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | region name | `string` | `"us-gov-east-1"` | no |
 | <a name="input_service_name"></a> [service\_name](#input\_service\_name) | The name of the service for Kiali. | `string` | `"kiali"` | no |
+| <a name="input_tempo_datasource_id"></a> [tempo\_datasource\_id](#input\_tempo\_datasource\_id) | The UID of the created Tempo datasource | `string` | n/a | yes |
+| <a name="input_tempo_internal_url"></a> [tempo\_internal\_url](#input\_tempo\_internal\_url) | The url within the cluster to use to query tempo tracing. | `string` | n/a | yes |
 
 ## Outputs
 
@@ -56,5 +65,5 @@ This module deploys and configures Kiali via its operator and integrates it with
 | <a name="output_internal_endpoint"></a> [internal\_endpoint](#output\_internal\_endpoint) | The internal endpoint to use to access kiali |
 | <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
 | <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
-| <a name="output_public_endpoint"></a> [public\_endpoint](#output\_public\_endpoint) | The endpoint at which keycloak can be reached from outside the cluster. |
+| <a name="output_namespace"></a> [namespace](#output\_namespace) | The namespace in which kiali gets installed in. |
 <!-- END_TF_DOCS -->
diff --git a/copy_images.tf b/copy_images.tf
index b26ad1f..5398783 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -1,6 +1,7 @@
 locals {
   kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
   kiali_server_key   = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
+  # ent_ecr_source     = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
 
   image_config = [
     ## Images for Kiali
@@ -33,7 +34,23 @@ module "images" {
   image_config     = local.image_config
   tags             = {}
 
-  enable_lifecycle_policy = true
-  lifecycle_policy_all    = true
-  force_delete            = true
+  enable_lifecycle_policy     = true
+  lifecycle_policy_all        = true
+  force_delete                = true
+  lifecycle_policy_keep_count = 5
+
+  source_username = data.aws_ecr_authorization_token.ecr_token.user_name
+  source_password = data.aws_ecr_authorization_token.ecr_token.password
+
+  destination_username = data.aws_ecr_authorization_token.token.user_name
+  destination_password = data.aws_ecr_authorization_token.token.password
+}
+
+data "aws_ecr_authorization_token" "ecr_token" {
+  provider    = aws.eecr
+  registry_id = var.eecr_account_id
+}
+
+data "aws_ecr_authorization_token" "token" {
+  registry_id = var.account_id
 }
diff --git a/kiali-operator/templates/_helpers.tpl b/kiali-operator/templates/_helpers.tpl
index 214059a..af02c83 100644
--- a/kiali-operator/templates/_helpers.tpl
+++ b/kiali-operator/templates/_helpers.tpl
@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "kiali-operator.name" -}}
+{{- define "kiali.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "kiali-operator.fullname" -}}
+{{- define "kiali.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -27,17 +27,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "kiali-operator.chart" -}}
+{{- define "kiali.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "kiali-operator.labels" -}}
-helm.sh/chart: {{ include "kiali-operator.chart" . }}
-app: {{ include "kiali-operator.name" . }}
-{{ include "kiali-operator.selectorLabels" . }}
+{{- define "kiali.labels" -}}
+helm.sh/chart: {{ include "kiali.chart" . }}
+{{ include "kiali.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
@@ -48,8 +47,7 @@ app.kubernetes.io/part-of: "kiali-operator"
 {{/*
 Selector labels
 */}}
-{{- define "kiali-operator.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "kiali-operator.name" . }}
+{{- define "kiali.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kiali.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
-
diff --git a/kiali-server/templates/kiali.yaml b/kiali-server/templates/kiali.yaml
index 4406f76..ef6e33f 100644
--- a/kiali-server/templates/kiali.yaml
+++ b/kiali-server/templates/kiali.yaml
@@ -35,4 +35,4 @@ spec:
       tempo_config:
         org_id: "1"
         datasource_uid: {{ .Values.tracing.tempo_config.datasource_uid }}
-        url_format: "grafana"
\ No newline at end of file
+        url_format: "grafana"
diff --git a/requirements.tf b/requirements.tf
index 5f150af..ae62e15 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -2,6 +2,10 @@ terraform {
   required_version = ">= 0.13"
 
   required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.14.0"
+    }
     helm = {
       source  = "hashicorp/helm"
       version = ">= 2.11.0"
diff --git a/variables.tf b/variables.tf
index 1736c2a..ad27e43 100644
--- a/variables.tf
+++ b/variables.tf
@@ -78,3 +78,17 @@ variable "service_name" {
   type        = string
   default     = "kiali"
 }
+
+# tflint-ignore: terraform_unused_declarations
+variable "account_id" {
+  description = "aws account number"
+  type        = string
+  default     = ""
+}
+
+# tflint-ignore: terraform_unused_declarations
+variable "region" {
+  description = "region name"
+  type        = string
+  default     = "us-gov-east-1"
+}