diff --git a/.github/workflows/_build_image.yml b/.github/workflows/_build_image.yml
index 408c0319..641e31f9 100644
--- a/.github/workflows/_build_image.yml
+++ b/.github/workflows/_build_image.yml
@@ -104,4 +104,4 @@ jobs:
             --image-ids imageTag=${GITHUB_SHA} \
             --query 'imageDetails[0].imageDigest' \
             --output text)
-          echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT"
+          echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT"
\ No newline at end of file
diff --git a/.github/workflows/_deploy_lambda.yml b/.github/workflows/_deploy_lambda.yml
index bff106c5..3612ab43 100644
--- a/.github/workflows/_deploy_lambda.yml
+++ b/.github/workflows/_deploy_lambda.yml
@@ -23,6 +23,18 @@ on:
         required: true
         type: string
 
+      terraform_apply:
+        required: false
+        type: string
+        default: 'false'
+        # can only be 'true' or 'false'
+
+      terraform_destroy:
+        required: false
+        type: string
+        default: 'false'
+        # can only be 'true' or 'false'
+
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -87,5 +99,11 @@ jobs:
             -out=lambdaplan
 
       - name: Terraform Apply
+        if: inputs.terraform_apply == 'true' && inputs.terraform_destroy != 'true'
         working-directory: ${{ inputs.lambda_path }}
         run: terraform apply -auto-approve lambdaplan
+
+      - name: Terraform Destroy
+        if: inputs.terraform_destroy == 'true' && inputs.terraform_apply != 'true'
+        working-directory: ${{ inputs.lambda_path }}
+        run: terraform destroy -auto-approve
\ No newline at end of file
diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml
index 4ac08e41..71e2ad9d 100644
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@@ -4,29 +4,43 @@ on:
   push:
     branches:
       - "**"
+    paths:
+      - 'infrastructure/terraform/**'
+      - '.github/workflows/deploy_terraform.yml'
+      - '.github/workflows/_build_image.yml'
+      - '.github/workflows/_deploy_lambda.yml'
 
 jobs:
   determine_stage:
     runs-on: ubuntu-latest
+
     outputs:
       stage: ${{ steps.set-stage.outputs.stage }}
+      terraform_apply: ${{ steps.set-stage.outputs.terraform_apply }}
+
+    env:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }}
 
     steps:
       - name: Determine stage from branch
         id: set-stage
         shell: bash
         run: |
-          env
           BRANCH="${GITHUB_REF_NAME}"
 
           if [[ "$BRANCH" == "prod" ]]; then
             echo "stage=prod" >> "$GITHUB_OUTPUT"
-
+            echo "terraform_apply=false" >> "$GITHUB_OUTPUT"
           elif [[ "$BRANCH" == "dev" ]]; then
             echo "stage=dev" >> "$GITHUB_OUTPUT"
-
+            echo "terraform_apply=true" >> "$GITHUB_OUTPUT"
           else
+            # Feature branch
             echo "stage=dev" >> "$GITHUB_OUTPUT"
+            echo "terraform_apply=false" >> "$GITHUB_OUTPUT"
           fi
 
   # ============================================================
@@ -93,6 +107,7 @@ jobs:
       stage: ${{ needs.determine_stage.outputs.stage }}
       ecr_repo: address2uprn-${{ needs.determine_stage.outputs.stage }}
       image_digest: ${{ needs.address2uprn_image.outputs.image_digest }}
+      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
@@ -109,10 +124,17 @@ jobs:
       ecr_repo: postcode_splitter-${{ needs.determine_stage.outputs.stage }}
       dockerfile_path: backend/postcode_splitter/handler/Dockerfile
       build_context: .
+      build_args: |
+        DEV_DB_HOST=$DEV_DB_HOST
+        DEV_DB_PORT=$DEV_DB_PORT
+        DEV_DB_NAME=$DEV_DB_NAME
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
       AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }}
+      DEV_DB_PORT: ${{ secrets.DEV_DB_PORT }}
+      DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }}
 
   # ============================================================
   # 3️⃣ Deploy Postcode Splitter Lambda
@@ -126,6 +148,7 @@ jobs:
       stage: ${{ needs.determine_stage.outputs.stage }}
       ecr_repo: postcode_splitter-${{ needs.determine_stage.outputs.stage }}
       image_digest: ${{ needs.postcodeSplitter_image.outputs.image_digest }}
+      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
@@ -165,8 +188,8 @@ jobs:
       stage: ${{ needs.determine_stage.outputs.stage }}
       ecr_repo: condition-etl-${{ needs.determine_stage.outputs.stage }}
       image_digest: ${{ needs.condition_etl_image.outputs.image_digest }}
+      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
-      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
-
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
\ No newline at end of file
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 14d5a06f..cc6431b8 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -4,9 +4,6 @@ on:
   pull_request:
     branches:
       - "**"
-  push:
-    branches:
-      - "**"
 
 
 jobs:
@@ -30,4 +27,4 @@ jobs:
         env:
           EPC_AUTH_TOKEN: ${{ secrets.DEV_EPC_AUTH_TOKEN }}
         run: |
-          make test
+          make test
\ No newline at end of file