diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml
index 8179a58a..3bbcaaf5 100644
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@@ -43,27 +43,27 @@ jobs:
 
       - name: Terraform Plan (shared)
         working-directory: infrastructure/terraform/shared
-        run: terraform plan -var-file=${STAGE}.tfvars
+        run: terraform plan -var-file=${STAGE}.tfvars -out=tfplan
 
-      - name: Terraform Apply (shared)
-        working-directory: infrastructure/terraform/shared
-        run: terraform apply -auto-approve -var-file=${STAGE}.tfvars
+      # - name: Terraform Apply (shared)
+      #   working-directory: infrastructure/terraform/shared
+      #   run: terraform apply -auto-approve -var-file=${STAGE}.tfvars tfplan
 
-  # # ============================================================
-  # # 2️⃣ Build Docker image (tag = GitHub SHA, digest resolved)
-  # # ============================================================
-  # image:
-  #   uses: ./.github/workflows/_build_docker_image.yml
-  #   with:
-  #     # ecr_repo will need to changed to dynamic env in the future
-  #     ecr_repo: address2uprn-dev
-  #     aws_region: ${{ env.AWS_REGION }}
-  #     dockerfile_path: backend/address2UPRN/Dockerfile
-  #     build_context: backend/address2UPRN
-  #   secrets:
-  #     AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
-  #     AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
-  #     AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+  # ============================================================
+  # 2️⃣ Build Docker image (tag = GitHub SHA, digest resolved)
+  # ============================================================
+  image:
+    uses: ./.github/workflows/_build_docker_image.yml
+    with:
+      # ecr_repo will need to changed to dynamic env in the future
+      ecr_repo: address2uprn-dev
+      aws_region: ${{ env.AWS_REGION }}
+      dockerfile_path: backend/address2UPRN/Dockerfile
+      build_context: backend/address2UPRN
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
 
   # # ============================================================
   # # 3️⃣ Deploy Lambda (Terraform, immutable digest)