diff --git a/.github/workflows/dss-deploy.yml b/.github/workflows/dss-deploy.yml
deleted file mode 100644
index 7b20dc265..000000000
--- a/.github/workflows/dss-deploy.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Deploy DSS
-on:
-  workflow_dispatch: {}
-  pull_request: {}
-jobs:
-  deploy:
-    name: Deploy DSS to AWS
-    runs-on: ubuntu-latest
-    if: github.repository == 'interuss/dss' || github.repository == 'Orbitalize/dss'
-    concurrency:
-      group: dss-deploy-aws
-      cancel-in-progress: false
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - name: Job information
-        run: |
-          echo "Job information"
-          echo "Trigger: ${{ github.event_name }}"
-          echo "Host: ${{ runner.os }}"
-          echo "Repository: ${{ github.repository }}"
-          echo "Branch: ${{ github.ref }}"
-          docker images
-
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::301042233698:role/InterUSSGithubCI
-          aws-region: us-east-1
-          mask-aws-account-id: true
-          role-duration-seconds: 1800
-
-      - name: Caller Id
-        run: |
-          aws sts get-caller-identity
-
-      - name: Test Deployment Scenario AWS-1
-        shell: bash
-        working-directory: ./deploy/operations/
-        env:
-          COMPOSE_PROFILES: aws-1
-        run: |
-          docker compose up --exit-code-from ci-aws-1
diff --git a/.gitignore b/.gitignore
index a24e88084..9268591f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -128,7 +128,4 @@ test/e2e_test_result
 go
 
 # vscode files
-.vscode
-
-# terraform
-.terraform*
\ No newline at end of file
+.vscode
\ No newline at end of file
diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf
index 1c5153026..dfca0743f 100644
--- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf
+++ b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf
@@ -1,11 +1,11 @@
 resource "aws_eks_cluster" "kubernetes_cluster" {
   name     = var.cluster_name
   role_arn = aws_iam_role.dss-cluster.arn
-  
+
   vpc_config {
     subnet_ids             = aws_subnet.dss[*].id
     endpoint_public_access = true
-    public_access_cidrs    = [
+    public_access_cidrs = [
       "0.0.0.0/0"
     ]
   }
@@ -26,7 +26,7 @@ resource "aws_eks_node_group" "eks_node_group" {
   node_role_arn          = aws_iam_role.dss-cluster-node-group.arn
   disk_size              = 100
   node_group_name_prefix = aws_eks_cluster.kubernetes_cluster.name
-  instance_types         = [
+  instance_types = [
     var.aws_instance_type
   ]
 
diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/ebs.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/ebs.tf
index dc7eefd8b..eedf02822 100644
--- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/ebs.tf
+++ b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/ebs.tf
@@ -1,3 +1,12 @@
+data "tls_certificate" "cluster_oidc_provider" {
+  url = aws_eks_cluster.kubernetes_cluster.identity[0].oidc[0].issuer
+}
+
+resource "aws_iam_openid_connect_provider" "cluster_provider" {
+  client_id_list  = ["sts.amazonaws.com"]
+  thumbprint_list = data.tls_certificate.cluster_oidc_provider.certificates[*].sha1_fingerprint
+  url             = data.tls_certificate.cluster_oidc_provider.url
+}
 
 resource "aws_eks_addon" "aws-ebs-csi-driver" {
   addon_name               = "aws-ebs-csi-driver"
diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/iam.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/iam.tf
index 00131e28c..6eabc6ead 100644
--- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/iam.tf
+++ b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/iam.tf
@@ -7,24 +7,22 @@ locals {
 }
 
 resource "aws_iam_role" "dss-cluster" {
-  // EKS does not support a path in the role arn
   name = "${var.cluster_name}-dss-cluster"
 
-  assume_role_policy = jsonencode(
-  {
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "Service" : "eks.amazonaws.com"
-        },
-        "Action" : "sts:AssumeRole"
-      }
-    ]
-  })
-
-  permissions_boundary = var.aws_iam_permissions_boundary
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
 }
 
 # Policy used by internal kubernetes services to access AWS resources.
@@ -33,66 +31,30 @@ resource "aws_iam_role_policy_attachment" "dss-cluster-service" {
   role       = aws_iam_role.dss-cluster.name
 }
 
-# Roles
-
 resource "aws_iam_role" "dss-cluster-node-group" {
   name = "${var.cluster_name}-cluster-node-group"
 
   assume_role_policy = jsonencode({
     Statement = [
       {
-        Action    = "sts:AssumeRole"
-        Effect    = "Allow"
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
         Principal = {
           Service = "ec2.amazonaws.com"
         }
       }
     ]
-    Version   = "2012-10-17"
+    Version = "2012-10-17"
   })
-
-  permissions_boundary = var.aws_iam_permissions_boundary
 }
 
-// EBS
-
-resource "aws_iam_role" "AmazonEKS_EBS_CSI_DriverRole" {
-  name = "${var.cluster_name}-AmazonEKS_EBS_CSI_DriverRole"
-
-  assume_role_policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "Federated" : format("arn:aws:iam::${local.aws_account_id}:%s", replace(local.aws_cluster_oidc_issuer, "https://", "oidc-provider/")),
-        },
-        "Action" : "sts:AssumeRoleWithWebIdentity",
-        "Condition" : {
-          "StringEquals" : {
-            format("%s:aud", replace(local.aws_cluster_oidc_issuer, "https://", "")) : "sts.amazonaws.com",
-            format("%s:sub", replace(local.aws_cluster_oidc_issuer, "https://", "")) : "system:serviceaccount:kube-system:ebs-csi-controller-sa"
-          }
-        }
-      }
-    ]
-  })
-
-  permissions_boundary = var.aws_iam_permissions_boundary
-}
-
-// Policies
-
 resource "aws_iam_policy" "AWSLoadBalancerControllerPolicy" {
-  name   = "${var.cluster_name}-AWSLoadBalancerControllerPolicy"
-
+  name = "${var.cluster_name}-AWSLoadBalancerControllerPolicy"
   # Source: https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html
   # Template: https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json
   policy = file("${path.module}/AWSLoadBalancerControllerPolicy.json")
 }
 
-// Attachments
-
 resource "aws_iam_role_policy_attachment" "AWSLoadBalancerControllerPolicy" {
   policy_arn = aws_iam_policy.AWSLoadBalancerControllerPolicy.arn
   role       = aws_iam_role.dss-cluster-node-group.name
@@ -108,11 +70,35 @@ resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" {
   role       = aws_iam_role.dss-cluster-node-group.name
 }
 
+## Docker registry
 resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
   role       = aws_iam_role.dss-cluster-node-group.name
 }
 
+## EBS
+resource "aws_iam_role" "AmazonEKS_EBS_CSI_DriverRole" {
+  name = "${var.cluster_name}-AmazonEKS_EBS_CSI_DriverRole"
+
+  assume_role_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Federated" : format("arn:aws:iam::${local.aws_account_id}:%s", replace(local.aws_cluster_oidc_issuer, "https://", "oidc-provider/")),
+        },
+        "Action" : "sts:AssumeRoleWithWebIdentity",
+        "Condition" : {
+          "StringEquals" : {
+            format("%s:aud", replace(local.aws_cluster_oidc_issuer, "https://", "")) : "sts.amazonaws.com",
+            format("%s:sub", replace(local.aws_cluster_oidc_issuer, "https://", "")) : "system:serviceaccount:kube-system:ebs-csi-controller-sa"
+          }
+        }
+      }
+    ]
+  })
+}
 
 resource "aws_iam_role_policy_attachment" "AmazonEKS_EBS_CSI_DriverRole" {
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/main.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/main.tf
index fc14c133f..9e0945db7 100644
--- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/main.tf
+++ b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/main.tf
@@ -7,9 +7,6 @@ terraform {
     tls = {
       source = "hashicorp/tls"
     }
-    helm = {
-      source = "hashicorp/helm"
-    }
   }
 }
 
@@ -23,14 +20,14 @@ provider "aws" {
   }
 }
 
-data "aws_eks_cluster_auth" "kubernetes_cluster" {
-  name = aws_eks_cluster.kubernetes_cluster.name
-}
-
 provider "helm" {
   kubernetes {
     host                   = aws_eks_cluster.kubernetes_cluster.endpoint
     cluster_ca_certificate = base64decode(aws_eks_cluster.kubernetes_cluster.certificate_authority[0].data)
-    token = data.aws_eks_cluster_auth.kubernetes_cluster.token
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
+      command     = "aws"
+    }
   }
-}
+}
\ No newline at end of file
diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/oidc.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/oidc.tf
deleted file mode 100644
index 0baaa6ed9..000000000
--- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/oidc.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-data "tls_certificate" "cluster_oidc_provider" {
-  url = aws_eks_cluster.kubernetes_cluster.identity[0].oidc[0].issuer
-}
-
-resource "aws_iam_openid_connect_provider" "cluster_provider" {
-  client_id_list  = ["sts.amazonaws.com"]
-  thumbprint_list = data.tls_certificate.cluster_oidc_provider.certificates[*].sha1_fingerprint
-  url             = data.tls_certificate.cluster_oidc_provider.url
-}
\ No newline at end of file
diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/output.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/output.tf
index a6d238d77..3f9594399 100644
--- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/output.tf
+++ b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/output.tf
@@ -52,8 +52,4 @@ output "gateway_address" {
 
 output "workload_subnet" {
   value = data.aws_subnet.main_subnet.id
-}
-
-output "iam_role_node_group_arn" {
-  value = aws_iam_role.dss-cluster-node-group.arn
 }
\ No newline at end of file
diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/variables.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/variables.tf
index 1b73a3e34..37313574a 100644
--- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/variables.tf
+++ b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/variables.tf
@@ -33,16 +33,6 @@ variable "aws_route53_zone_id" {
   EOT
 }
 
-variable "aws_iam_permissions_boundary" {
-  type        = string
-  description = <<-EOT
-    AWS IAM Policy ARN to be used for permissions boundaries on created roles.
-
-    Example: `arn:aws:iam::123456789012:policy/GithubCIPermissionBoundaries`
-  EOT
-}
-
-
 variable "app_hostname" {
   type        = string
   description = <<-EOT
diff --git a/deploy/infrastructure/modules/terraform-aws-dss/TFVARS.md b/deploy/infrastructure/modules/terraform-aws-dss/TFVARS.md
index 99b04c8ed..4c815d8c2 100644
--- a/deploy/infrastructure/modules/terraform-aws-dss/TFVARS.md
+++ b/deploy/infrastructure/modules/terraform-aws-dss/TFVARS.md
@@ -40,15 +40,6 @@ Leave empty to disable record creation.
 Example: `Z0123456789ABCDEFGHIJ`
 
 
-### aws_iam_permissions_boundary
-
-*Type: `string`*
-
-AWS IAM Policy ARN to be used for permissions boundaries on created roles.
-
-Example: `arn:aws:iam::123456789012:policy/GithubCIPermissionBoundaries`
-
-
 ### app_hostname
 
 *Type: `string`*
diff --git a/deploy/infrastructure/modules/terraform-aws-dss/main.tf b/deploy/infrastructure/modules/terraform-aws-dss/main.tf
index 0099d214b..60a84741b 100644
--- a/deploy/infrastructure/modules/terraform-aws-dss/main.tf
+++ b/deploy/infrastructure/modules/terraform-aws-dss/main.tf
@@ -1,14 +1,12 @@
 module "terraform-aws-kubernetes" {
   # See variables.tf for variables description.
-  cluster_name                 = var.cluster_name
-  aws_region                   = var.aws_region
-  app_hostname                 = var.app_hostname
-  crdb_hostname_suffix         = var.crdb_hostname_suffix
-  aws_instance_type            = var.aws_instance_type
-  aws_route53_zone_id          = var.aws_route53_zone_id
-  aws_iam_path                 = var.aws_iam_path
-  aws_iam_permissions_boundary = var.aws_iam_permissions_boundary
-  node_count                   = var.node_count
+  cluster_name         = var.cluster_name
+  aws_region           = var.aws_region
+  app_hostname         = var.app_hostname
+  crdb_hostname_suffix = var.crdb_hostname_suffix
+  aws_instance_type    = var.aws_instance_type
+  aws_route53_zone_id  = var.aws_route53_zone_id
+  node_count           = var.node_count
 
   source = "../../dependencies/terraform-aws-kubernetes"
 }
diff --git a/deploy/infrastructure/modules/terraform-aws-dss/variables.tf b/deploy/infrastructure/modules/terraform-aws-dss/variables.tf
index 3d276e351..55c183ba5 100644
--- a/deploy/infrastructure/modules/terraform-aws-dss/variables.tf
+++ b/deploy/infrastructure/modules/terraform-aws-dss/variables.tf
@@ -33,16 +33,6 @@ variable "aws_route53_zone_id" {
   EOT
 }
 
-variable "aws_iam_permissions_boundary" {
-  type        = string
-  description = <<-EOT
-    AWS IAM Policy ARN to be used for permissions boundaries on created roles.
-
-    Example: `arn:aws:iam::123456789012:policy/GithubCIPermissionBoundaries`
-  EOT
-}
-
-
 variable "app_hostname" {
   type        = string
   description = <<-EOT
diff --git a/deploy/infrastructure/utils/README.md b/deploy/infrastructure/utils/README.md
index e9c336372..015b7f50d 100644
--- a/deploy/infrastructure/utils/README.md
+++ b/deploy/infrastructure/utils/README.md
@@ -4,4 +4,4 @@ This directory contains the following tools to simplify the management of the te
 
 1. `generate_terraform_variables.sh`: Terraform variables can't be shared between modules without repeating their definition at every level of encapsulation.
    To prevent repeating ourselves and to maintain a consistent level of quality for every module and dependencies, this script takes variables 
-   in the `definitions` directory and creates a `variables.tf` file in each modules with the appropriate content.
+   in the `definitions` directory and creates a `variables.tf` file in each modules with the appropriate content.
\ No newline at end of file
diff --git a/deploy/infrastructure/utils/definitions/aws_iam_permissions_boundary.tf b/deploy/infrastructure/utils/definitions/aws_iam_permissions_boundary.tf
deleted file mode 100644
index 1279be202..000000000
--- a/deploy/infrastructure/utils/definitions/aws_iam_permissions_boundary.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-variable "aws_iam_permissions_boundary" {
-  type        = string
-  description = <<-EOT
-    AWS IAM Policy ARN to be used for permissions boundaries on created roles.
-
-    Example: `arn:aws:iam::123456789012:policy/GithubCIPermissionBoundaries`
-  EOT
-}
diff --git a/deploy/infrastructure/utils/variables.py b/deploy/infrastructure/utils/variables.py
index 633686634..6867b9c1d 100755
--- a/deploy/infrastructure/utils/variables.py
+++ b/deploy/infrastructure/utils/variables.py
@@ -1,8 +1,7 @@
 #! python3
 
-# This script is used to generate the terraform variables definitions and documentation.
-# This is particularly helpful since most of the variables are nested in submodules
-# (See modules and dependencies in /deploy/infrastructure).
+# This
+
 
 from os import listdir
 from os.path import isfile, join, abspath, dirname, exists
@@ -67,7 +66,6 @@
     "aws_region",
     "aws_instance_type",
     "aws_route53_zone_id",
-    "aws_iam_permissions_boundary"
 ] + COMMON_KUBERNETES_VARIABLES
 
 # modules/terraform-aws-dss
@@ -85,9 +83,6 @@
     "../dependencies/terraform-aws-kubernetes": AWS_KUBERNETES_VARIABLES,
     "../dependencies/terraform-google-kubernetes": GOOGLE_KUBERNETES_VARIABLES,
     "../dependencies/terraform-commons-dss": COMMONS_DSS_VARIABLES,
-    "../../operations/ci/aws-1": list(
-        dict.fromkeys(AWS_MODULE_VARIABLES)
-    )
 }
 
 
diff --git a/deploy/operations/Dockerfile b/deploy/operations/Dockerfile
deleted file mode 100644
index 2ca5ff552..000000000
--- a/deploy/operations/Dockerfile
+++ /dev/null
@@ -1,22 +0,0 @@
-FROM ubuntu:22.04
-
-RUN  apt-get update \
-&& apt-get install -y unzip curl gnupg lsb-release
-
-# Terraform CLI
-RUN curl -s https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \
-&& echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list \
-&& apt-get update \
-&& apt-get install -y terraform
-
-# AWS CLI
-WORKDIR /opt
-RUN  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
-&& unzip awscliv2.zip \
-&& rm awscliv2.zip \
-&& ./aws/install
-
-# Clean up apt
-RUN apt-get clean && rm -rf /var/lib/apt/lists/*
-
-RUN terraform --version
\ No newline at end of file
diff --git a/deploy/operations/ci/aws-1/README.md b/deploy/operations/ci/aws-1/README.md
deleted file mode 100644
index bdb0ebe21..000000000
--- a/deploy/operations/ci/aws-1/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# AWS-1 CI deployment
-
-This module deploys a Kubernetes cluster to AWS.
-
-## Terraform state
-
-The terraform backend is configured to be shared using a S3 bucket. (see [`main.tf`](./main.tf)).
-
-## Debugging
-
-In case of issue, it is possible to connect to the cluster and retrieve the terraform state to manage it
-locally.
-
-### Connection to the cluster
-
-To connect to the cluster, authenticate yourself to the AWS account. 
-Run the following command to load the kubernetes config:
-```
-aws eks --region us-east-1 update-kubeconfig --name dss-ci-aws-ue1
-```
-Call the kubernetes cluster using `kubectl`
-
-#### Add other roles
-
-Access to the cluster is managed using the config map `aws-auth`. 
-Its definition is managed by [`kubernetes_admin_access.tf`](./kubernetes_admin_access.tf).
-Currently only the user who bootstrapped the cluster and the ones assuming 
-the administrator role (see [`local_variables.tf`](./local_variables.tf)) have access.
-
-### Run terraform locally
-
-In case of failure, a user with administrator role can take over the deployment by cloning this 
-repository and retrieving the current deployment state by running the following command:
-
-```
-terraform init
-```
-
-At this point, the user can replay or clean the deployment as if it was the CI runner.
diff --git a/deploy/operations/ci/aws-1/data.tf b/deploy/operations/ci/aws-1/data.tf
deleted file mode 100644
index 8fc4b38cc..000000000
--- a/deploy/operations/ci/aws-1/data.tf
+++ /dev/null
@@ -1 +0,0 @@
-data "aws_caller_identity" "current" {}
diff --git a/deploy/operations/ci/aws-1/kubernetes_admin_access.tf b/deploy/operations/ci/aws-1/kubernetes_admin_access.tf
deleted file mode 100644
index 5e808c2f7..000000000
--- a/deploy/operations/ci/aws-1/kubernetes_admin_access.tf
+++ /dev/null
@@ -1,38 +0,0 @@
-# This module is expected to be applied by the Github CI user. By default, only the user has permission to
-# connect to the cluster. This file gathers resources to grant access to AWS administrators.
-
-resource "kubernetes_config_map_v1_data" "aws-auth" {
-  metadata {
-    name      = "aws-auth"
-    namespace = "kube-system"
-  }
-
-  force = true # EKS provisions this file by default.
-
-  data = {
-    mapRoles = yamlencode([
-      {
-        groups   = [
-          "system:bootstrappers",
-          "system:nodes"
-        ]
-        rolearn  = module.terraform-aws-kubernetes.iam_role_node_group_arn
-        username = "system:node:{{EC2PrivateDNSName}}"
-      },
-      {
-        groups   = [
-          "system:masters"
-        ]
-        rolearn  = var.aws_iam_administrator_role
-        username = "interuss-aws-administrator"
-      },
-      {
-        groups   = [
-          "system:masters"
-        ]
-        rolearn  = var.aws_iam_ci_role
-        username = "interuss-ci"
-      }
-    ])
-  }
-}
diff --git a/deploy/operations/ci/aws-1/local_variables.tf b/deploy/operations/ci/aws-1/local_variables.tf
deleted file mode 100644
index 628c3875e..000000000
--- a/deploy/operations/ci/aws-1/local_variables.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-# This file contains variables only used by this module and which are not provided to child dependencies.
-
-variable "aws_iam_administrator_role" {
-  type        = string
-  description = <<-EOT
-    AWS IAM administrator role
-    ARN of the role assumed by administrators when login into the AWS InterUSS account.
-
-    Example: `arn:aws:iam::123456789012:role/AdminRole`
-  EOT
-}
-
-variable "aws_iam_ci_role" {
-  type        = string
-  description = <<-EOT
-    AWS IAM administrator role
-    ARN of the role assumed by administrators when login into the AWS InterUSS account.
-
-    Example: `arn:aws:iam::123456789012:role/CiRole`
-  EOT
-}
diff --git a/deploy/operations/ci/aws-1/main.tf b/deploy/operations/ci/aws-1/main.tf
deleted file mode 100644
index a9ee3093e..000000000
--- a/deploy/operations/ci/aws-1/main.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-terraform {
-  backend "s3" {
-    bucket = "interuss-tf-backend-ci"
-    key    = "aws-1"
-    region = "us-east-1"
-  }
-}
-
-module "terraform-aws-kubernetes" {
-  # See variables.tf for variables description.
-  cluster_name         = var.cluster_name
-  aws_region           = var.aws_region
-  app_hostname         = var.app_hostname
-  crdb_hostname_suffix = var.crdb_hostname_suffix
-  aws_instance_type    = var.aws_instance_type
-  aws_route53_zone_id  = var.aws_route53_zone_id
-  aws_iam_permissions_boundary = var.aws_iam_permissions_boundary
-  node_count           = var.node_count
-
-  source = "../../../infrastructure/dependencies/terraform-aws-kubernetes"
-}
-
-module "terraform-commons-dss" {
-  # See variables.tf for variables description.
-  image                          = var.image
-  image_pull_secret              = var.image_pull_secret
-  kubernetes_namespace           = var.kubernetes_namespace
-  kubernetes_storage_class       = var.aws_kubernetes_storage_class
-  app_hostname                   = var.app_hostname
-  crdb_hostname_suffix           = var.crdb_hostname_suffix
-  should_init                    = var.should_init
-  authorization                  = var.authorization
-  crdb_locality                  = var.crdb_locality
-  crdb_internal_nodes            = module.terraform-aws-kubernetes.crdb_nodes
-  ip_gateway                     = module.terraform-aws-kubernetes.ip_gateway
-  kubernetes_api_endpoint        = module.terraform-aws-kubernetes.kubernetes_api_endpoint
-  kubernetes_cloud_provider_name = module.terraform-aws-kubernetes.kubernetes_cloud_provider_name
-  kubernetes_context_name        = module.terraform-aws-kubernetes.kubernetes_context_name
-  kubernetes_get_credentials_cmd = module.terraform-aws-kubernetes.kubernetes_get_credentials_cmd
-  workload_subnet                = module.terraform-aws-kubernetes.workload_subnet
-  gateway_cert_name              = module.terraform-aws-kubernetes.app_hostname_cert_arn
-
-  source = "../../../infrastructure/dependencies/terraform-commons-dss"
-}
diff --git a/deploy/operations/ci/aws-1/output.tf b/deploy/operations/ci/aws-1/output.tf
deleted file mode 100644
index ade9609d1..000000000
--- a/deploy/operations/ci/aws-1/output.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-output "generated_files_location" {
-  value = module.terraform-commons-dss.generated_files_location
-}
-
diff --git a/deploy/operations/ci/aws-1/providers.tf b/deploy/operations/ci/aws-1/providers.tf
deleted file mode 100644
index 8daa12fe7..000000000
--- a/deploy/operations/ci/aws-1/providers.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-provider "aws" {
-  region = "us-east-1"
-}
-
-data "aws_eks_cluster_auth" "kubernetes_cluster" {
-  name = var.cluster_name
-  depends_on = [module.terraform-aws-kubernetes]
-}
-
-data "aws_eks_cluster" "kubernetes_cluster" {
-  name = var.cluster_name
-  depends_on = [module.terraform-aws-kubernetes]
-}
-
-provider kubernetes {
-  host                   = data.aws_eks_cluster.kubernetes_cluster.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.kubernetes_cluster.certificate_authority[0].data)
-  token                  = data.aws_eks_cluster_auth.kubernetes_cluster.token
-}
diff --git a/deploy/operations/ci/aws-1/terraform.tfvars b/deploy/operations/ci/aws-1/terraform.tfvars
deleted file mode 100644
index 90a5e8458..000000000
--- a/deploy/operations/ci/aws-1/terraform.tfvars
+++ /dev/null
@@ -1,30 +0,0 @@
-# See TFVARS.md for the full set of variables and related descriptions.
-
-# AWS account
-aws_region = "us-east-1"
-
-# DNS Management
-aws_route53_zone_id = "Z03377073HUSGB4L9FKEK"
-
-# Hostnames
-app_hostname = "dss.ci.aws-interuss.uspace.dev"
-crdb_hostname_suffix = "db.ci.aws-interuss.uspace.dev"
-
-# Kubernetes configuration
-cluster_name                 = "dss-ci-aws-ue1"
-node_count                   = 3
-aws_instance_type            = "t3.medium"
-aws_kubernetes_storage_class = "gp2"
-
-# DSS configuration
-image = "latest"
-authorization = {
-  public_key_pem_path = "/test-certs/auth2.pem"
-}
-should_init         = true
-crdb_locality       = "interuss_dss-ci-aws-ue1"
-crdb_external_nodes = []
-
-aws_iam_permissions_boundary = "arn:aws:iam::301042233698:policy/GithubCIPermissionBoundaries20231130225039606500000001"
-aws_iam_administrator_role = "arn:aws:iam::301042233698:role/AWSReservedSSO_AdministratorAccess_9b637c80b830ea2c"
-aws_iam_ci_role = "arn:aws:iam::301042233698:role/InterUSSGithubCI"
diff --git a/deploy/operations/ci/aws-1/test.sh b/deploy/operations/ci/aws-1/test.sh
deleted file mode 100755
index 7caeafa93..000000000
--- a/deploy/operations/ci/aws-1/test.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-
-set -eo pipefail
-
-# Find and change to repo root directory
-OS=$(uname)
-if [[ "$OS" == "Darwin" ]]; then
-	# OSX uses BSD readlink
-	BASEDIR="$(dirname "$0")"
-else
-	BASEDIR=$(readlink -e "$(dirname "$0")")
-fi
-cd "${BASEDIR}" || exit 1
-
-clean () {
-  echo "Cleaning infrastructure"
-  terraform destroy -auto-approve
-}
-
-terraform init
-clean
-terraform apply -auto-approve
-# TODO: Deploy the DSS
-# TODO: Test the deployment of the DSS
-clean
-
diff --git a/deploy/operations/ci/aws-1/variables.tf b/deploy/operations/ci/aws-1/variables.tf
deleted file mode 100644
index 3d276e351..000000000
--- a/deploy/operations/ci/aws-1/variables.tf
+++ /dev/null
@@ -1,270 +0,0 @@
-
-# This file has been automatically generated by /deploy/infrastructure/utils/generate_terraform_variables.py.
-# Please do not modify manually.
-
-variable "aws_region" {
-  type        = string
-  description = <<-EOT
-    AWS region
-    List of available regions: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions
-    Currently, the terraform module uses the two first availability zones of the region.
-
-    Example: `eu-west-1`
-  EOT
-}
-
-variable "aws_instance_type" {
-  type        = string
-  description = <<-EOT
-    AWS EC2 instance type used for the Kubernetes node pool.
-
-    Example: `m6g.xlarge` for production and `t3.medium` for development
-  EOT
-}
-
-variable "aws_route53_zone_id" {
-  type        = string
-  description = <<-EOT
-    AWS Route 53 Zone ID
-    This module can automatically create DNS records in a Route 53 Zone.
-    Leave empty to disable record creation.
-
-    Example: `Z0123456789ABCDEFGHIJ`
-  EOT
-}
-
-variable "aws_iam_permissions_boundary" {
-  type        = string
-  description = <<-EOT
-    AWS IAM Policy ARN to be used for permissions boundaries on created roles.
-
-    Example: `arn:aws:iam::123456789012:policy/GithubCIPermissionBoundaries`
-  EOT
-}
-
-
-variable "app_hostname" {
-  type        = string
-  description = <<-EOT
-  Fully-qualified domain name of your HTTPS Gateway ingress endpoint.
-
-  Example: `dss.example.com`
-  EOT
-}
-
-variable "crdb_hostname_suffix" {
-  type        = string
-  description = <<-EOT
-  The domain name suffix shared by all of your CockroachDB nodes.
-  For instance, if your CRDB nodes were addressable at 0.db.example.com,
-  1.db.example.com and 2.db.example.com, then the value would be db.example.com.
-
-  Example: db.example.com
-  EOT
-}
-
-variable "cluster_name" {
-  type        = string
-  description = <<-EOT
-    Name of the kubernetes cluster that will host this DSS instance (should generally describe the DSS instance being hosted)
-
-    Example: `dss-che-1`
-  EOT
-}
-
-variable "node_count" {
-  type        = number
-  description = <<-EOT
-    Number of Kubernetes nodes which should correspond to the desired CockroachDB nodes.
-    **Always 3.**
-
-    Example: `3`
-  EOT
-
-  validation {
-    condition     = var.node_count == 3
-    error_message = "Node count should be 3. Only configuration supported at the moment"
-  }
-}
-
-variable "aws_kubernetes_storage_class" {
-  type        = string
-  description = <<-EOT
-  AWS Elastic Kubernetes Service Storage Class to use for CockroachDB and Prometheus persistent volumes.
-  See https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html for more details and
-  available options.
-
-  Example: `gp2`
-  EOT
-}
-
-variable "image" {
-  type        = string
-  description = <<EOT
-  URL of the DSS docker image.
-
-
-  `latest` can be used to use the latest official interuss docker image.
-  Official public images are available on Docker Hub: https://hub.docker.com/r/interuss/dss/tags
-  See [/build/README.md](../../../../build/README.md#docker-images) Docker images section to learn
-  how to build and publish your own image.
-
-  Example: `latest` or `docker.io/interuss/dss:v0.6.0`
-  EOT
-}
-
-variable "image_pull_secret" {
-  type        = string
-  description = <<EOT
-  Secret name of the credentials to access the image registry.
-  If the image specified in `VAR_DOCKER_IMAGE_NAME` requires
-  authentication, you can use the following command to store the credentials as secrets:
-
-  > kubectl create secret -n VAR_NAMESPACE docker-registry VAR_DOCKER_IMAGE_PULL_SECRET \
-      --docker-server=DOCKER_REGISTRY_SERVER \
-      --docker-username=DOCKER_USER \
-      --docker-password=DOCKER_PASSWORD \
-      --docker-email=DOCKER_EMAIL
-
-  Replace `VAR_DOCKER_IMAGE_PULL_SECRET` with the secret name (for instance: `private-registry-credentials`).
-  For docker hub private repository, use `docker.io` as `DOCKER_REGISTRY_SERVER` and an
-  [access token](https://hub.docker.com/settings/security) as `DOCKER_PASSWORD`.
-
-  Example: docker-registry
-  EOT
-  default = ""
-}
-
-variable "authorization" {
-  type = object({
-    public_key_pem_path = optional(string)
-    jwks = optional(object({
-      endpoint = string
-      key_id   = string
-    }))
-  })
-  description = <<EOT
-    One of `public_key_pem_path` or `jwks` should be provided but not both.
-
-    - public_key_pem_path
-      If providing the access token public key via JWKS, do not provide this parameter.
-      If providing a .pem file directly as the public key to validate incoming access tokens, specify the name
-      of this .pem file here as /public-certs/YOUR-KEY-NAME.pem replacing YOUR-KEY-NAME as appropriate. For instance,
-      if using the provided us-demo.pem, use the path /public-certs/us-demo.pem. Note that your .pem file should be built
-      in the docker image or mounted manually.
-
-      Example 1 (dummy auth):
-      ```
-      {
-        public_key_pem_path = "/test-certs/auth2.pem"
-      }
-      ```
-      Example 2:
-      ```
-      {
-        public_key_pem_path = "/jwt-public-certs/us-demo.pem"
-      }
-      ```
-
-    - jwks
-        If providing a .pem file directly as the public key to validate incoming access tokens, do not provide this parameter.
-        - endpoint
-          If providing the access token public key via JWKS, specify the JWKS endpoint here.
-          Example: https://auth.example.com/.well-known/jwks.json
-        - key_id:
-          If providing the access token public key via JWKS, specify the kid (key ID) of they appropriate key in the JWKS file referenced above.
-      Example:
-      ```
-      {
-        jwks = {
-          endpoint = "https://auth.example.com/.well-known/jwks.json"
-          key_id = "9C6DF78B-77A7-4E89-8990-E654841A7826"
-        }
-      }
-      ```
-  EOT
-
-  validation {
-    condition     = (var.authorization.jwks == null && var.authorization.public_key_pem_path != null) || (var.authorization.jwks != null && var.authorization.public_key_pem_path == null)
-    error_message = "Public key to validate incoming access tokens shall be provided exclusively either with a .pem file or via JWKS."
-  }
-}
-
-variable "enable_scd" {
-  type        = bool
-  description = "Set this boolean true to enable ASTM strategic conflict detection functionality"
-  default     = true
-}
-
-variable "should_init" {
-  type        = bool
-  description = <<-EOT
-    Set to false if joining an existing pool, true if creating the first DSS instance
-    for a pool. When set true, this can initialize the data directories on your cluster,
-    and prevent you from joining an existing pool.
-
-    Example: `true`
-    EOT
-}
-
-variable "desired_rid_db_version" {
-  type        = string
-  description = <<EOT
-    Desired RID DB schema version.
-    Use `latest` to use the latest schema version.
-
-    Example: `4.0.0`
-  EOT
-
-  default = "latest"
-}
-
-variable "desired_scd_db_version" {
-  type        = string
-  description = <<EOT
-    Desired SCD DB schema version.
-    Use `latest` to use the latest schema version.
-
-    Example: `3.1.0`
-  EOT
-
-  default = "latest"
-}
-
-variable "crdb_locality" {
-  type        = string
-  description = <<-EOT
-    Unique name for your DSS instance. Currently, we recommend "<ORG_NAME>_<CLUSTER_NAME>",
-    and the = character is not allowed. However, any unique (among all other participating
-    DSS instances) value is acceptable.
-
-    Example: <ORGNAME_CLUSTER_NAME>
-  EOT
-}
-
-variable "crdb_external_nodes" {
-  type        = list(string)
-  description = <<-EOT
-    Fully-qualified domain name of existing CRDB nodes outside of the cluster if you are joining an existing pool.
-    Example: ["0.db.dss.example.com", "1.db.dss.example.com", "2.db.dss.example.com"]
-  EOT
-  default     = []
-}
-
-variable "kubernetes_namespace" {
-  type        = string
-  description = <<-EOT
-    Namespace where to deploy Kubernetes resources. Only default is supported at the moment.
-
-    Example: `default`
-  EOT
-
-  default = "default"
-
-  # TODO: Adapt current deployment scripts in /build/deploy to support default is supported for the moment.
-  validation {
-    condition     = var.kubernetes_namespace == "default"
-    error_message = "Only default namespace is supported at the moment"
-  }
-}
-
diff --git a/deploy/operations/docker-compose.yaml b/deploy/operations/docker-compose.yaml
deleted file mode 100644
index 4618089db..000000000
--- a/deploy/operations/docker-compose.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-services:
-  ci-aws-1:
-    build: .
-    image: interuss-deploy
-    profiles: ["aws-1"]
-    command: operations/ci/aws-1/test.sh
-    working_dir: /opt/dss
-    environment:
-      - AWS_ACCESS_KEY_ID
-      - AWS_SECRET_ACCESS_KEY
-      - AWS_SESSION_TOKEN
-    volumes:
-      - type: bind
-        source: ../
-        target: /opt/dss/