diff --git a/.github/workflows/terraform-CD.yml b/.github/workflows/terraform-CD.yml
index 1f6a995..a22ad5c 100644
--- a/.github/workflows/terraform-CD.yml
+++ b/.github/workflows/terraform-CD.yml
@@ -19,6 +19,8 @@ jobs:
     timeout-minutes: 60
     env:
       AWS_DEFAULT_REGION: "us-west-1"
+      ROLE_GITHUB: "arn:aws:iam::303467602807:role/ih-tf-github-control-github"
+      ROLE_STATE_MANAGER: "arn:aws:iam::289256138624:role/ih-tf-github-control-state-manager"
 
     # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
     defaults:
@@ -33,7 +35,7 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
-          role-to-assume: ${{ vars.ROLE_GITHUB }}
+          role-to-assume: ${{ env.ROLE_GITHUB }}
           role-session-name: ih-tf-terraform-control-github-control
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
 
@@ -54,7 +56,7 @@ jobs:
       # Download a plan from the approved pull request
       - name: Download plan
         run: |
-          ih-plan --aws-assume-role-arn ${{ vars.ROLE_STATE_MANAGER }} \
+          ih-plan --aws-assume-role-arn ${{ env.ROLE_STATE_MANAGER }} \
             download \
             plans/${{ github.event.pull_request.number }}.plan \
             tf.plan
@@ -75,6 +77,6 @@ jobs:
 
       - name: Remove plan
         run: |
-          ih-plan --aws-assume-role-arn ${{ vars.ROLE_STATE_MANAGER }} \
+          ih-plan --aws-assume-role-arn ${{ env.ROLE_STATE_MANAGER }} \
             remove \
             plans/${{ github.event.pull_request.number }}.plan
diff --git a/.github/workflows/terraform-CI.yml b/.github/workflows/terraform-CI.yml
index 94a6cc4..8ef0fa4 100644
--- a/.github/workflows/terraform-CI.yml
+++ b/.github/workflows/terraform-CI.yml
@@ -17,6 +17,8 @@ jobs:
     timeout-minutes: 60
     env:
       AWS_DEFAULT_REGION: "us-west-1"
+      ROLE_GITHUB: "arn:aws:iam::303467602807:role/ih-tf-github-control-github"
+      ROLE_STATE_MANAGER: "arn:aws:iam::289256138624:role/ih-tf-github-control-state-manager"
 
     # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
     defaults:
@@ -24,14 +26,6 @@ jobs:
         shell: bash
 
     steps:
-      - name: "Get token"
-        id: "app-token"
-        uses: "actions/create-github-app-token@v1"
-        with:
-          private-key: ${{ secrets.IH_GH_TF_APP_KEY }}
-          app-id: "1016363"
-          owner: "infrahouse8"
-
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout
         uses: actions/checkout@v3
@@ -39,7 +33,7 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
-          role-to-assume: ${{ vars.ROLE_GITHUB }}
+          role-to-assume: ${{ env.ROLE_GITHUB }}
           role-session-name: ih-tf-terraform-control-github-control
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
 
@@ -74,5 +68,5 @@ jobs:
       # Upload Terraform Plan
       - name: Upload Terraform Plan
         run: |
-          ih-plan --aws-assume-role-arn ${{ vars.ROLE_STATE_MANAGER }} \
+          ih-plan --aws-assume-role-arn ${{ env.ROLE_STATE_MANAGER }} \
             upload --key-name=plans/${{ github.event.pull_request.number }}.plan tf.plan