diff --git a/applications/rag/frontend/main.tf b/applications/rag/frontend/main.tf
index 2e402cfab..3e9c2bbfd 100644
--- a/applications/rag/frontend/main.tf
+++ b/applications/rag/frontend/main.tf
@@ -63,6 +63,7 @@ module "iap_auth" {
 
 module "frontend-workload-identity" {
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "30.0.0" # Pinning to a previous version as current version (30.1.0) showed inconsitent behaviour with workload identity service accounts
   use_existing_gcp_sa = !var.create_service_account
   name                = var.google_service_account
   namespace           = var.namespace
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index f33a15a96..1df111249 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -363,4 +363,4 @@ substitutions:
   _USER_NAME: github
 options:
   substitutionOption: 'ALLOW_LOOSE'
-
+  machineType: 'E2_HIGHCPU_8'
\ No newline at end of file
diff --git a/modules/jupyter/main.tf b/modules/jupyter/main.tf
index 46c857ffb..2f8ce9aa1 100644
--- a/modules/jupyter/main.tf
+++ b/modules/jupyter/main.tf
@@ -67,6 +67,7 @@ module "iap_auth" {
 
 module "jupyterhub-workload-identity" {
   source     = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version    = "30.0.0" # Pinning to a previous version as current version (30.1.0) showed inconsitent behaviour with workload identity service accounts
   name       = var.workload_identity_service_account
   namespace  = var.namespace
   project_id = var.project_id
diff --git a/modules/kuberay-operator/kuberay.tf b/modules/kuberay-operator/kuberay.tf
index 16d7ddfa2..2683f74e4 100644
--- a/modules/kuberay-operator/kuberay.tf
+++ b/modules/kuberay-operator/kuberay.tf
@@ -25,14 +25,13 @@ resource "helm_release" "kuberay-operator" {
 
 module "kuberay-workload-identity" {
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "30.0.0" # Pinning to a previous version as current version (30.1.0) showed inconsitent behaviour with workload identity service accounts
   use_existing_gcp_sa = !var.create_service_account
   name                = var.google_service_account
   namespace           = var.namespace
   project_id          = var.project_id
   roles               = ["roles/cloudsql.client", "roles/monitoring.viewer"]
 
-  automount_service_account_token = true
-
   depends_on = [helm_release.kuberay-operator]
 }