diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
new file mode 100644
index 000000000..828d376fd
--- /dev/null
+++ b/.git-blame-ignore-revs
@@ -0,0 +1,2 @@
+# Reformatting of deploy-authdevs.sh
+4cf011b283c9b95e4733d4463d0f5352379ad8cb
diff --git a/.terraform-version b/.terraform-version
new file mode 120000
index 000000000..fa4ffcefc
--- /dev/null
+++ b/.terraform-version
@@ -0,0 +1 @@
+ci/terraform/.terraform-version
\ No newline at end of file
diff --git a/ci/terraform/.terraform-version b/ci/terraform/.terraform-version
index ee90284c2..943f9cbc4 100644
--- a/ci/terraform/.terraform-version
+++ b/ci/terraform/.terraform-version
@@ -1 +1 @@
-1.0.4
+1.7.1
diff --git a/ci/terraform/.terraform.lock.hcl b/ci/terraform/.terraform.lock.hcl
index 76ca8984e..205f4390c 100644
--- a/ci/terraform/.terraform.lock.hcl
+++ b/ci/terraform/.terraform.lock.hcl
@@ -1,87 +1,53 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
-provider "registry.terraform.io/cloudfoundry-community/cloudfoundry" {
-  version = "0.15.0"
-  hashes = [
-    "h1:OOFJT9vgnSFcxu994kaYH72AaR2lM+UE31SXKrwyzZM=",
-    "zh:143c1624ee5c2813c32126467fb9c56053bbfcae275d6ce61c7b59c259c4b8e0",
-    "zh:18a5cb24695a1521cb8ee1e488234c337228af1b471b30a284db41c4362c6149",
-    "zh:261595c1bd8105160e8c505d76be5f49d3bd12bb7aa6882ac6315cc5727aec55",
-    "zh:2e8627bf812848fe1b232e4fe91e21eaedc3759f8997ffc5a9f201757627e835",
-    "zh:4a19d909843952b9cbf6b0445c3627d22c5caaa2ad8db1eab2f382d5faff3402",
-    "zh:4e78b3de83b2686c66c2b2e0d8a7c910ed423fd5b7b853bcc0fd05b851c6bd28",
-    "zh:713e43a21a1d3aaddfa0bf841a2cc1e2c06160917bdd443e6eac99b620d668fa",
-    "zh:a36d3e5406f96abaf9a6eb89663b7fa504d0c68521a7334c498525e8018ad7f9",
-    "zh:aa3abf232a49f66031f2a1a032f53604a51d8c9b0a3a297591d7a57949943c40",
-    "zh:b2ccc93024f1ed6e18fd92e199be12ea148383a4f5d8c3ab9e632ae88b0f5263",
-    "zh:b85379c01fc963289203170731880fb89f10047d63c45566750826ad9aff39cb",
-    "zh:c5d59b6fe39f7f4f2c556209906aa9cbb31cc0630d225fb0abd48c6de1089f2e",
-    "zh:c956d630c087fc2ede5967e89249b2477a552185c2d4167292002fc5fd1b380c",
-    "zh:edf41138788f7b16ed572f1fad940ba75f3c7b9a7c06f6876c31bf281de1257a",
-    "zh:f873bbff4c7ae1c6b7c5ba0dd42552526435d9b1bd373b18ea4169e965e4d283",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "4.33.0"
-  constraints = ">= 4.10.0"
+  version     = "5.34.0"
+  constraints = "5.34.0"
   hashes = [
-    "h1:0S9ZXYg6K0CTOJUTQnoH94YrKuOYyJYEcc+hN5qGafA=",
-    "h1:2MWU+HIKKivfhY8dAU1cR0xxwlzNrWOZEQs8BApQ/Ao=",
-    "h1:rLRYOeKvU17Tky5dleZwTPRoWtbdFTG/jOF/fTP2otY=",
-    "zh:421b24e21d7fac4d65d97438d2c0a4effe71d3a1bd15820d6fde2879e49fe817",
-    "zh:4378a84ca8e2a6990f47abc24367b801e884be928671b37ad7b8e7b656f73e48",
-    "zh:54e0d7884edf3cefd096715794d32b6532138dca905f0b2fe84fb2117594293c",
-    "zh:6269a7d0312057db5ded669e9f7f9bd80fb6dcb549b50d8d7f3f3b2a0361b8a5",
-    "zh:67f57d16aa3db493a3174c3c5f30385c7af9767c4e3cdca14e5a4bf384ff59d9",
-    "zh:7d4d4a1d963e431ffdc3348e3a578d3ba0fa782b1f4bf55fd5c0e527d24fed81",
+    "h1:1UEoNI8LGCKvrl0+60qYm0wY8uOoKmF0W+HnuAI1U4k=",
+    "h1:1Y1JgV1z99QqAK06+atyfNqreZxyGZKbm4mZO4VhhT8=",
+    "h1:CUCoX4ax5hrP6BH4973oP+hgz8VR2GuNPQil3FYwEqQ=",
+    "h1:Tbq6dKE+XyXmkup6+7eQj2vH+eCJipk8R3VXhebVYi4=",
+    "h1:YSSLSKX6xN6NM2SeqKKpzvQyp6XVx9z1n3CVXwDLznQ=",
+    "zh:01bb20ae12b8c66f0cacec4f417a5d6741f018009f3a66077008e67cce127aa4",
+    "zh:3b0c9bdbbf846beef2c9573fc27898ceb71b69cf9d2f4b1dd2d0c2b539eab114",
+    "zh:5226ecb9c21c2f6fbf1d662ac82459ffcd4ad058a9ea9c6200750a21a80ca009",
+    "zh:6021b905d9b3cd3d7892eb04d405c6fa20112718de1d6ef7b9f1db0b0c97721a",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:cd8e3d32485acb49c1b06f63916fec8e73a4caa6cf88ae9c4bf236d6f5d9b914",
-    "zh:d586fd01195bd3775346495e61806e79b6012e745dc05e31a30b958acf968abe",
-    "zh:d76122060f25ab87887a743096a42d47ba091c2c019ac13ce6b3973b2babe5a3",
-    "zh:e917d36fe18eddc42ec743b3152b4dcb4853b75ea7a679abd19bdf271bc48221",
-    "zh:eb780860d5c04f43a018aef564e76a2d84e9aa68984fa1f968ca8c09d23a611a",
+    "zh:9e61b8e0ccf923979cd2dc1f1140dbcb02f92248578e10c1996f560b6306317c",
+    "zh:ad6bf62cdcf531f2f92f6416822918b7ba2af298e4a0065c6baf44991fda982d",
+    "zh:b698b041ef38837753bbe5265dddbc70b76e8b8b34c5c10876e6aab0eb5eaf63",
+    "zh:bb799843c534f6a3f072a99d93a3b53ff97c58a96742be15518adf8127706784",
+    "zh:cebee0d942c37cd3b21e9050457cceb26d0a6ea886b855dab64bb67d78f863d1",
+    "zh:e061fdd1cb99e7c81fb4485b41ae000c6792d38f73f9f50aed0d3d5c2ce6dcfb",
+    "zh:eeb4943f82734946362696928336357cd1d36164907ae5905da0316a67e275e1",
+    "zh:ef09b6ad475efa9300327a30cbbe4373d817261c8e41e5b7391750b16ef4547d",
+    "zh:f01aab3881cd90b3f56da7c2a75f83da37fd03cc615fc5600a44056a7e0f9af7",
+    "zh:fcd0f724ebc4b56a499eb6c0fc602de609af18a0d578befa2f7a8df155c55550",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/random" {
-  version     = "3.4.3"
-  constraints = ">= 3.1.0"
+  version     = "3.6.0"
+  constraints = "3.6.0"
   hashes = [
-    "h1:saZR+mhthL0OZl4SyHXZraxyaBNVMxiZzks78nWcZ2o=",
-    "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=",
-    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
-    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
-    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
-    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=",
+    "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=",
+    "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=",
+    "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=",
+    "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=",
+    "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d",
+    "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211",
+    "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829",
+    "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d",
+    "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
-    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
-    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
-    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
-    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
-    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
-    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
-    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/time" {
-  version     = "0.7.2"
-  constraints = ">= 0.7.1"
-  hashes = [
-    "h1:NKy1QrNLlP5mKy5Tea6lQSRsVoyydJQKh6WvNTdBF4I=",
-    "zh:0bbe0158c2a9e3f5be911b7e94477586110c51746bb13d102054f22754565bda",
-    "zh:3250af7fd49b8aaf2ccc895588af05197d886e38b727e3ba33bcbb8cc96ad34d",
-    "zh:35e4de0437f4fa9c1ad69aaf8136413be2369ea607d78e04bb68dc66a6a520b8",
-    "zh:369756417a6272e79cad31eb2c82c202f6a4b6e4204a893f656644ba9e149fa2",
-    "zh:390370f1179d89b33c3a0731691e772d5450a7d59fc66671ec625e201db74aa2",
-    "zh:3d12ac905259d225c685bc42e5507ed0fbdaa5a09c30dce7c1932d908df857f7",
-    "zh:75f63e5e1c68e6c5bccba4568c3564e2774eb3a7a19189eb8e2b6e0d58c8f8cc",
-    "zh:7c22a2078a608e3e0278c4cbc9c483909062ebd1843bddaf8f176346c6d378b1",
-    "zh:7cfb3c02f78f0060d59c757c4726ab45a962ce4a9cf4833beca704a1020785bd",
-    "zh:a0325917f47c28a2ed088dedcea0d9520d91b264e63cc667fe4336ac993c0c11",
-    "zh:c181551d4c0a40b52e236f1755cc340aeca0fb5dcfd08b3b1c393a7667d2f327",
+    "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17",
+    "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21",
+    "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839",
+    "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0",
+    "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c",
+    "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e",
   ]
 }
diff --git a/ci/terraform/redis.tf b/ci/terraform/redis.tf
index 09433cb59..0b96ff007 100644
--- a/ci/terraform/redis.tf
+++ b/ci/terraform/redis.tf
@@ -21,18 +21,18 @@ resource "random_password" "redis_password" {
 }
 
 resource "aws_elasticache_replication_group" "frontend_sessions_store" {
-  automatic_failover_enabled    = true
-  availability_zones            = data.aws_availability_zones.available.names
-  replication_group_id          = "${var.environment}-frontend-cache"
-  replication_group_description = "A Redis cluster for storing user session data for the frontend"
-  node_type                     = var.redis_node_size
-  number_cache_clusters         = length(data.aws_availability_zones.available.names)
-  engine                        = "redis"
-  engine_version                = "6.x"
-  parameter_group_name          = "default.redis6.x"
-  port                          = local.redis_port_number
-  maintenance_window            = "sun:22:00-sun:23:00"
-  notification_topic_arn        = data.aws_sns_topic.slack_events.arn
+  automatic_failover_enabled  = true
+  preferred_cache_cluster_azs = data.aws_availability_zones.available.names
+  replication_group_id        = "${var.environment}-frontend-cache"
+  description                 = "A Redis cluster for storing user session data for the frontend"
+  node_type                   = var.redis_node_size
+  num_cache_clusters          = length(data.aws_availability_zones.available.names)
+  engine                      = "redis"
+  engine_version              = "6.x"
+  parameter_group_name        = "default.redis6.x"
+  port                        = local.redis_port_number
+  maintenance_window          = "sun:22:00-sun:23:00"
+  notification_topic_arn      = data.aws_sns_topic.slack_events.arn
 
   multi_az_enabled = true
 
diff --git a/ci/terraform/site.tf b/ci/terraform/site.tf
index bddc7f4ab..30170d893 100644
--- a/ci/terraform/site.tf
+++ b/ci/terraform/site.tf
@@ -1,14 +1,14 @@
 terraform {
-  required_version = ">= 1.0.4"
+  required_version = ">= 1.7.1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.10.0"
+      version = "= 5.34.0"
     }
     random = {
       source  = "hashicorp/random"
-      version = ">= 3.1.0"
+      version = "= 3.6.0"
     }
   }
 
diff --git a/ci/terraform/waf.tf b/ci/terraform/waf.tf
index 7f2e4cd26..52812386c 100644
--- a/ci/terraform/waf.tf
+++ b/ci/terraform/waf.tf
@@ -100,25 +100,40 @@ resource "aws_wafv2_web_acl" "frontend_alb_waf_regional_web_acl" {
         name        = "AWSManagedRulesCommonRuleSet"
         vendor_name = "AWS"
 
-        excluded_rule {
+        rule_action_override {
           name = "GenericRFI_QUERYARGUMENTS"
+          action_to_use {
+            count {}
+          }
         }
-        excluded_rule {
+        rule_action_override {
           name = "GenericRFI_BODY"
+          action_to_use {
+            count {}
+          }
         }
-        excluded_rule {
+        rule_action_override {
           name = "SizeRestrictions_QUERYSTRING"
+          action_to_use {
+            count {}
+          }
         }
-        dynamic "excluded_rule" {
+        dynamic "rule_action_override" {
           for_each = var.environment != "production" ? ["1"] : []
           content {
             name = "EC2MetaDataSSRF_BODY"
+            action_to_use {
+              count {}
+            }
           }
         }
-        dynamic "excluded_rule" {
+        dynamic "rule_action_override" {
           for_each = var.environment != "production" ? ["1"] : []
           content {
             name = "EC2MetaDataSSRF_QUERYARGUMENTS"
+            action_to_use {
+              count {}
+            }
           }
         }
       }
diff --git a/deploy-authdevs.sh b/deploy-authdevs.sh
index 7f03ede85..e4a2bb473 100755
--- a/deploy-authdevs.sh
+++ b/deploy-authdevs.sh
@@ -6,27 +6,26 @@ REPO_NAME="frontend-image-repository"
 REPO_URL="706615647326.dkr.ecr.eu-west-2.amazonaws.com/frontend-image-repository"
 IMAGE_TAG=latest
 
-envvalue=( "authdev1" "authdev2"  )
+envvalue=("authdev1" "authdev2")
 
 select word in "${envvalue[@]}"; do
-    if [[ -z "$word" ]]; then
-        printf '"%s" is not a valid choice\n' "$REPLY" >&2
-    else
-        user_in="$(( REPLY - 1 ))"
-        break
-    fi
+  if [[ -z "$word" ]]; then
+    printf '"%s" is not a valid choice\n' "$REPLY" >&2
+  else
+    user_in="$((REPLY - 1))"
+    break
+  fi
 done
 
-for (( i = 0; i < ${#envvalue[@]}; ++i )); do
-    if (( i == user_in )); then
-        printf 'You picked "%s"\n' "${envvalue[$i]}"
-        export env=${envvalue[$i]}
-        printf "deploying in enviorment %s\n" "$env"
-        read -r -p "Press enter to continue or ctr c to abort"
-    fi
+for ((i = 0; i < ${#envvalue[@]}; ++i)); do
+  if ((i == user_in)); then
+    printf 'You picked "%s"\n' "${envvalue[$i]}"
+    export env=${envvalue[$i]}
+    printf "deploying in enviorment %s\n" "$env"
+    read -r -p "Press enter to continue or ctr c to abort"
+  fi
 done
 
-
 function usage() {
   cat <<USAGE
   A script to deploy the GOV.UK Sign in APIs to the $env environment.
@@ -48,10 +47,12 @@ USAGE
 BUILD=0
 TERRAFORM=0
 TERRAFORM_OPTS="-auto-approve"
-if [[ $# == 0 ]]; then
+
+if [[ $# == 0 ]] || [[ $* == "-p" ]]; then
   BUILD=1
   TERRAFORM=1
 fi
+
 while [[ $# -gt 0 ]]; do
   case $1 in
   -b | --build)
@@ -76,7 +77,7 @@ while [[ $# -gt 0 ]]; do
 done
 
 echo "Generating temporary ECR credentials..."
-#Add you Tools DEV account Profile if diffrent name in below command 
+#Add you Tools DEV account Profile if diffrent name in below command
 aws ecr get-login-password --region eu-west-2 --profile di-tools-dev | docker login --username AWS --password-stdin "${REPO_URL}"
 
 if [[ $BUILD == "1" ]]; then
@@ -97,7 +98,7 @@ fi
 
 if [[ $TERRAFORM == "1" ]]; then
   echo -n "Getting AWS credentials ... "
-  ###Export The di-Auth-devlopment account profile below 
+  ###Export The di-Auth-devlopment account profile below
   export AWS_PROFILE=di-auth-dev
   echo "done!"
 
@@ -109,11 +110,11 @@ if [[ $TERRAFORM == "1" ]]; then
 
   if [[ $TERRAFORM_OPTS != "-destroy" ]]; then
     echo -n "Waiting for ECS deployment to complete ... "
-    aws ecs wait services-stable --services "$env-frontend-ecs-service" --cluster "$env-app-cluster"
+    aws --region eu-west-2 ecs wait services-stable --services "$env-frontend-ecs-service" --cluster "$env-app-cluster"
     echo "done!"
   fi
 
+  popd >/dev/null
 fi
 
 echo "Deployment complete!"
-popd >/dev/null
diff --git a/deploy-sandpit.sh b/deploy-sandpit.sh
index ef2594c13..f3049d0ae 100755
--- a/deploy-sandpit.sh
+++ b/deploy-sandpit.sh
@@ -27,7 +27,8 @@ USAGE
 BUILD=0
 TERRAFORM=0
 TERRAFORM_OPTS="-auto-approve"
-if [[ $# == 0 ]]; then
+
+if [[ $# == 0 ]] || [[ $* == "-p" ]]; then
   BUILD=1
   TERRAFORM=1
 fi
@@ -87,10 +88,10 @@ if [[ $TERRAFORM == "1" ]]; then
 
   if [[ $TERRAFORM_OPTS != "-destroy" ]]; then
     echo -n "Waiting for ECS deployment to complete ... "
-    aws ecs wait services-stable --services "sandpit-frontend-ecs-service" --cluster "sandpit-app-cluster"
+    aws --region eu-west-2 ecs wait services-stable --services "sandpit-frontend-ecs-service" --cluster "sandpit-app-cluster"
     echo "done!"
   fi
+  popd >/dev/null
 fi
 
 echo "Deployment complete!"
-popd >/dev/null
diff --git a/scripts/terraform-lint.sh b/scripts/terraform-lint.sh
new file mode 100755
index 000000000..1cf61dfa9
--- /dev/null
+++ b/scripts/terraform-lint.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(git rev-parse --show-toplevel)"
+
+TMPDIR=${TMPDIR:-/tmp}
+TF_DATA_DIR=$(mktemp -d "${TMPDIR}/terraform_lint.XXXXXX")
+trap 'rm -r "${TF_DATA_DIR}"' EXIT
+export TF_DATA_DIR
+
+module_dir="${repo_root}/ci/terraform"
+
+printf "Validating \e[1;93m%s\e[0m...\n" "terraform"
+printf "\e[92m*\e[0m Initializing..."
+terraform -chdir="${module_dir}" init -backend=false &>/dev/null
+printf " done!\n"
+
+terraform -chdir="${module_dir}" validate
+terraform -chdir="${module_dir}" fmt -write=false -diff -recursive >>"${TF_DATA_DIR}"/lint
+if [ -s "${TF_DATA_DIR}"/lint ]; then
+    printf "\e[1;91m%s\e[0m\n" "The following files need to be formatted:"
+    cat "${TF_DATA_DIR}"/lint
+else
+    printf "\e[92m*\e[0m No formatting issues found.\n"
+fi
diff --git a/scripts/terraform-upgrade.sh b/scripts/terraform-upgrade.sh
new file mode 100755
index 000000000..d881976fc
--- /dev/null
+++ b/scripts/terraform-upgrade.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(git rev-parse --show-toplevel)"
+
+TMPDIR=${TMPDIR:-/tmp}
+TF_DATA_DIR=$(mktemp -d "${TMPDIR}/terraform_lint.XXXXXX")
+trap 'rm -r "${TF_DATA_DIR}"' EXIT
+export TF_DATA_DIR
+
+module_dir="${repo_root}/ci/terraform"
+
+printf "Upgrading providers...\n"
+
+printf "\e[92m*\e[0m Initializing..."
+terraform -chdir="${module_dir}" init -backend=false -upgrade &>/dev/null
+printf " done!\n"
+
+printf "\e[92m*\e[0m Locking provider versions:\n"
+terraform -chdir="${module_dir}" providers lock \
+    -platform=windows_amd64 \
+    -platform=linux_amd64 \
+    -platform=linux_arm64 \
+    -platform=darwin_amd64 \
+    -platform=darwin_arm64