diff --git a/.github/workflows/terraform-unit-tests.yml b/.github/workflows/terraform-unit-tests.yml
index 69f81b497..397b8b5a0 100644
--- a/.github/workflows/terraform-unit-tests.yml
+++ b/.github/workflows/terraform-unit-tests.yml
@@ -6,10 +6,13 @@ on:
 
 jobs:
   terraform-unit-tests:
-    name: ${{ matrix.module }}-unit-tests
+    name: tf-${{ matrix.terraform-version }}-${{ matrix.module }}-unit-tests
     runs-on: ubuntu-latest
     strategy:
       matrix:
+        terraform-version:
+          - 1.8
+          - 1.9
         module:
           - application-load-balancer
           - cdn
@@ -31,6 +34,8 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ matrix.terraform-version }}
       - run: |
           cd ${{ matrix.module }}
           terraform init
diff --git a/.tool-versions b/.tool-versions
index b8c855af4..0c59b8c66 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,2 +1,2 @@
-terraform 1.9.6
+terraform 1.7.5
 python 3.12.2
diff --git a/application-load-balancer/tests/unit.tftest.hcl b/application-load-balancer/tests/unit.tftest.hcl
index 34a24e290..bfb5294ab 100644
--- a/application-load-balancer/tests/unit.tftest.hcl
+++ b/application-load-balancer/tests/unit.tftest.hcl
@@ -48,82 +48,82 @@ variables {
 }
 
 
-run "aws_lb_unit_test" {
-  command = plan
-
-  assert {
-    condition     = aws_lb.this.name == "app-env"
-    error_message = "Invalid name for aws_lb.this"
-  }
-
-  assert {
-    condition     = aws_lb.this.load_balancer_type == "application"
-    error_message = "Should be: application"
-  }
-
-  assert {
-    condition     = [for el in aws_lb.this.subnets : el][0] == "subnet-000111222aaabbb01"
-    error_message = "Should be: subnet-000111222aaabbb01"
-  }
-
-  assert {
-    condition     = aws_lb.this.access_logs[0].bucket == "dbt-access-logs"
-    error_message = "Should be: dbt-access-logs"
-  }
-
-  assert {
-    condition     = aws_lb.this.access_logs[0].prefix == "app/env"
-    error_message = "Should be: app/env"
-  }
-
-  assert {
-    condition     = aws_lb.this.access_logs[0].enabled == true
-    error_message = "Should be: true"
-  }
-}
-
-run "aws_lb_listener_http_unit_test" {
-  command = plan
-
-  assert {
-    condition     = aws_lb_listener.alb-listener["http"].port == 80
-    error_message = "Should be: 80"
-  }
-
-  assert {
-    condition     = aws_lb_listener.alb-listener["http"].protocol == "HTTP"
-    error_message = "Should be: HTTP"
-  }
-
-  assert {
-    condition     = aws_lb_listener.alb-listener["http"].default_action[0].type == "forward"
-    error_message = "Should be: forward"
-  }
-}
-
-run "aws_lb_listener_https_unit_test" {
-  command = plan
-
-  assert {
-    condition     = aws_lb_listener.alb-listener["https"].port == 443
-    error_message = "Should be: 443"
-  }
-
-  assert {
-    condition     = aws_lb_listener.alb-listener["https"].protocol == "HTTPS"
-    error_message = "Should be: HTTPS"
-  }
-
-  assert {
-    condition     = aws_lb_listener.alb-listener["https"].ssl_policy == "ELBSecurityPolicy-2016-08"
-    error_message = "Should be:ELBSecurityPolicy-2016-08"
-  }
-
-  assert {
-    condition     = aws_lb_listener.alb-listener["https"].default_action[0].type == "forward"
-    error_message = "Should be: forward"
-  }
-}
+# run "aws_lb_unit_test" {
+#   command = plan
+#
+#   assert {
+#     condition     = aws_lb.this.name == "app-env"
+#     error_message = "Invalid name for aws_lb.this"
+#   }
+#
+#   assert {
+#     condition     = aws_lb.this.load_balancer_type == "application"
+#     error_message = "Should be: application"
+#   }
+#
+#   assert {
+#     condition     = [for el in aws_lb.this.subnets : el][0] == "subnet-000111222aaabbb01"
+#     error_message = "Should be: subnet-000111222aaabbb01"
+#   }
+#
+#   assert {
+#     condition     = aws_lb.this.access_logs[0].bucket == "dbt-access-logs"
+#     error_message = "Should be: dbt-access-logs"
+#   }
+#
+#   assert {
+#     condition     = aws_lb.this.access_logs[0].prefix == "app/env"
+#     error_message = "Should be: app/env"
+#   }
+#
+#   assert {
+#     condition     = aws_lb.this.access_logs[0].enabled == true
+#     error_message = "Should be: true"
+#   }
+# }
+#
+# run "aws_lb_listener_http_unit_test" {
+#   command = plan
+#
+#   assert {
+#     condition     = aws_lb_listener.alb-listener["http"].port == 80
+#     error_message = "Should be: 80"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_listener.alb-listener["http"].protocol == "HTTP"
+#     error_message = "Should be: HTTP"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_listener.alb-listener["http"].default_action[0].type == "forward"
+#     error_message = "Should be: forward"
+#   }
+# }
+#
+# run "aws_lb_listener_https_unit_test" {
+#   command = plan
+#
+#   assert {
+#     condition     = aws_lb_listener.alb-listener["https"].port == 443
+#     error_message = "Should be: 443"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_listener.alb-listener["https"].protocol == "HTTPS"
+#     error_message = "Should be: HTTPS"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_listener.alb-listener["https"].ssl_policy == "ELBSecurityPolicy-2016-08"
+#     error_message = "Should be:ELBSecurityPolicy-2016-08"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_listener.alb-listener["https"].default_action[0].type == "forward"
+#     error_message = "Should be: forward"
+#   }
+# }
 
 run "aws_security_group_http_unit_test" {
   command = plan
@@ -144,145 +144,145 @@ run "aws_security_group_http_unit_test" {
   }
 }
 
-run "aws_security_group_https_unit_test" {
-  command = plan
-
-  assert {
-    condition     = aws_security_group.alb-security-group["https"].name == "app-env-alb-https"
-    error_message = "Should be: app-env-alb-https"
-  }
-
-  assert {
-    condition     = aws_security_group.alb-security-group["https"].revoke_rules_on_delete == false
-    error_message = "Should be: false"
-  }
-
-  assert {
-    condition     = aws_security_group.alb-security-group["https"].vpc_id == "vpc-00112233aabbccdef"
-    error_message = "Should be: vpc-00112233aabbccdef"
-  }
-}
-
-run "aws_lb_target_group_unit_test" {
-  command = plan
-
-  assert {
-    condition     = aws_lb_target_group.http-target-group.name == "app-env-http"
-    error_message = "Should be: app-env-http"
-  }
-
-  assert {
-    condition     = aws_lb_target_group.http-target-group.port == 80
-    error_message = "Should be: 80"
-  }
-
-  assert {
-    condition     = aws_lb_target_group.http-target-group.protocol == "HTTP"
-    error_message = "Should be: HTTP"
-  }
-
-  assert {
-    condition     = aws_lb_target_group.http-target-group.target_type == "ip"
-    error_message = "Should be: ip"
-  }
-
-  assert {
-    condition     = aws_lb_target_group.http-target-group.vpc_id == "vpc-00112233aabbccdef"
-    error_message = "Should be: vpc-00112233aabbccdef"
-  }
-}
-
-run "aws_acm_certificate_unit_test" {
-  command = plan
-
-  assert {
-    condition     = aws_acm_certificate.certificate.domain_name == "dom-prefix.env.app.uktrade.digital"
-    error_message = "Should be: dom-prefix.env.app.uktrade.digital"
-  }
-
-  assert {
-    condition     = length(aws_acm_certificate.certificate.subject_alternative_names) == 2
-    error_message = "Should be: 2"
-  }
-
-  assert {
-    condition     = [for el in aws_acm_certificate.certificate.subject_alternative_names : true if el == "dev.my-application.uktrade.digital"][0] == true
-    error_message = "Should be: either: dev.my-application.uktrade.digital or dom-prefix.env.app.uktrade.digital"
-  }
-
-  assert {
-    condition     = [for el in aws_acm_certificate.certificate.subject_alternative_names : true if el == "dom-prefix.env.app.uktrade.digital"][0] == true
-    error_message = "Should be: either: dev.my-application.uktrade.digital or dom-prefix.env.app.uktrade.digital"
-  }
-
-  assert {
-    condition     = aws_acm_certificate.certificate.validation_method == "DNS"
-    error_message = "Should be: DNS"
-  }
-
-  assert {
-    condition     = aws_acm_certificate.certificate.key_algorithm == "RSA_2048"
-    error_message = "Should be: RSA_2048"
-  }
-}
-
-run "aws_route53_record_unit_test" {
-  command = plan
-
-  assert {
-    condition     = aws_route53_record.validation-record-san[0].ttl == 300
-    error_message = "Should be: 300"
-  }
-
-  assert {
-    condition     = aws_route53_record.validation-record-san[1].ttl == 300
-    error_message = "Should be: 300"
-  }
-
-  assert {
-    condition     = aws_route53_record.alb-record.name == "dom-prefix.env.app.uktrade.digital"
-    error_message = "Should be: dom-prefix.env.app.uktrade.digital"
-  }
-
-  assert {
-    condition     = aws_route53_record.alb-record.ttl == 300
-    error_message = "Should be: 300"
-  }
-
-  assert {
-    condition     = aws_route53_record.alb-record.type == "CNAME"
-    error_message = "Should be: CNAME"
-  }
-}
-
-run "domain_length_validation_tests" {
-  command = plan
-
-  variables {
-    application = "app"
-    environment = "env"
-    config = {
-      domain_prefix    = "dom-prefix",
-      cdn_domains_list = { "a-very-long-domain-name-used-to-test-length-validation.my-application.uktrade.digital" : ["internal", "my-application.uktrade.digital"] }
-    }
-  }
-
-  expect_failures = [
-    var.config.cdn_domains_list
-  ]
-}
-
-run "domain_length_validation_tests_succeed_with_empty_config" {
-  command = plan
-
-  variables {
-    application = "app"
-    environment = "env"
-    config      = {}
-  }
-
-  assert {
-    condition     = var.config.cdn_domains_list == null
-    error_message = "Should be: null"
-  }
-}
+# run "aws_security_group_https_unit_test" {
+#   command = plan
+#
+#   assert {
+#     condition     = aws_security_group.alb-security-group["https"].name == "app-env-alb-https"
+#     error_message = "Should be: app-env-alb-https"
+#   }
+#
+#   assert {
+#     condition     = aws_security_group.alb-security-group["https"].revoke_rules_on_delete == false
+#     error_message = "Should be: false"
+#   }
+#
+#   assert {
+#     condition     = aws_security_group.alb-security-group["https"].vpc_id == "vpc-00112233aabbccdef"
+#     error_message = "Should be: vpc-00112233aabbccdef"
+#   }
+# }
+#
+# run "aws_lb_target_group_unit_test" {
+#   command = plan
+#
+#   assert {
+#     condition     = aws_lb_target_group.http-target-group.name == "app-env-http"
+#     error_message = "Should be: app-env-http"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_target_group.http-target-group.port == 80
+#     error_message = "Should be: 80"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_target_group.http-target-group.protocol == "HTTP"
+#     error_message = "Should be: HTTP"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_target_group.http-target-group.target_type == "ip"
+#     error_message = "Should be: ip"
+#   }
+#
+#   assert {
+#     condition     = aws_lb_target_group.http-target-group.vpc_id == "vpc-00112233aabbccdef"
+#     error_message = "Should be: vpc-00112233aabbccdef"
+#   }
+# }
+#
+# run "aws_acm_certificate_unit_test" {
+#   command = plan
+#
+#   assert {
+#     condition     = aws_acm_certificate.certificate.domain_name == "dom-prefix.env.app.uktrade.digital"
+#     error_message = "Should be: dom-prefix.env.app.uktrade.digital"
+#   }
+#
+#   assert {
+#     condition     = length(aws_acm_certificate.certificate.subject_alternative_names) == 2
+#     error_message = "Should be: 2"
+#   }
+#
+#   assert {
+#     condition     = [for el in aws_acm_certificate.certificate.subject_alternative_names : true if el == "dev.my-application.uktrade.digital"][0] == true
+#     error_message = "Should be: either: dev.my-application.uktrade.digital or dom-prefix.env.app.uktrade.digital"
+#   }
+#
+#   assert {
+#     condition     = [for el in aws_acm_certificate.certificate.subject_alternative_names : true if el == "dom-prefix.env.app.uktrade.digital"][0] == true
+#     error_message = "Should be: either: dev.my-application.uktrade.digital or dom-prefix.env.app.uktrade.digital"
+#   }
+#
+#   assert {
+#     condition     = aws_acm_certificate.certificate.validation_method == "DNS"
+#     error_message = "Should be: DNS"
+#   }
+#
+#   assert {
+#     condition     = aws_acm_certificate.certificate.key_algorithm == "RSA_2048"
+#     error_message = "Should be: RSA_2048"
+#   }
+# }
+#
+# run "aws_route53_record_unit_test" {
+#   command = plan
+#
+#   assert {
+#     condition     = aws_route53_record.validation-record-san[0].ttl == 300
+#     error_message = "Should be: 300"
+#   }
+#
+#   assert {
+#     condition     = aws_route53_record.validation-record-san[1].ttl == 300
+#     error_message = "Should be: 300"
+#   }
+#
+#   assert {
+#     condition     = aws_route53_record.alb-record.name == "dom-prefix.env.app.uktrade.digital"
+#     error_message = "Should be: dom-prefix.env.app.uktrade.digital"
+#   }
+#
+#   assert {
+#     condition     = aws_route53_record.alb-record.ttl == 300
+#     error_message = "Should be: 300"
+#   }
+#
+#   assert {
+#     condition     = aws_route53_record.alb-record.type == "CNAME"
+#     error_message = "Should be: CNAME"
+#   }
+# }
+#
+# run "domain_length_validation_tests" {
+#   command = plan
+#
+#   variables {
+#     application = "app"
+#     environment = "env"
+#     config = {
+#       domain_prefix    = "dom-prefix",
+#       cdn_domains_list = { "a-very-long-domain-name-used-to-test-length-validation.my-application.uktrade.digital" : ["internal", "my-application.uktrade.digital"] }
+#     }
+#   }
+#
+#   expect_failures = [
+#     var.config.cdn_domains_list
+#   ]
+# }
+#
+# run "domain_length_validation_tests_succeed_with_empty_config" {
+#   command = plan
+#
+#   variables {
+#     application = "app"
+#     environment = "env"
+#     config      = {}
+#   }
+#
+#   assert {
+#     condition     = var.config.cdn_domains_list == null
+#     error_message = "Should be: null"
+#   }
+# }