diff --git a/.gitignore b/.gitignore
index 957aebf8e..03e8098f2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,8 @@ tags
 fetch_config.rb
 bin/terrafile
 terraform/application/vendor
+terraform/domains/infrastructure/vendor
+terraform/domains/environment_domains/vendor
 
 app/assets/builds/*
 !app/assets/builds/.keep
diff --git a/.tool-versions b/.tool-versions
index a5df66b7e..5ff0f2848 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -4,3 +4,4 @@ postgres 13.5
 redis 7.0.11
 ruby 3.3.0
 yarn 1.22.19
+terraform 1.6.4
diff --git a/Makefile b/Makefile
index 6a96341f6..26026b8c0 100644
--- a/Makefile
+++ b/Makefile
@@ -77,6 +77,18 @@ review: review-init set-azure-resource-group-tags
 	$(eval NAME_ENV=${DEPLOY_ENV}${env})
 	$(eval RESOURCE_ENV=${DEPLOY_ENV}${env})
 
+.PHONY: aks-test
+test: test-cluster
+	$(eval include global_config/test.sh)
+
+.PHONY: aks-preprod
+preprod: test-cluster
+	$(eval include global_config/preprod.sh)
+
+.PHONY: aks-production
+production: production-cluster
+	$(eval include global_config/production.sh)
+
 .PHONY: domain
 domain:
 	$(eval DEPLOY_ENV=production)
@@ -85,6 +97,9 @@ domain:
 	$(eval ENV_SHORT=pd)
 	$(eval ENV_TAG=prod)
 
+domains:
+	$(eval include global_config/domains.sh)
+
 ci:	## Run in automation environment
 	$(eval DISABLE_PASSCODE=true)
 	$(eval AUTO_APPROVE=-auto-approve)
@@ -266,6 +281,12 @@ aks-terraform-apply: aks-terraform-init
 aks-terraform-destroy: aks-terraform-init
 	terraform -chdir=terraform/application destroy -var-file "config/${CONFIG}.tfvars.json" ${AUTO_APPROVE}
 
+aks-domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags# make domain domain-azure-resources AUTO_APPROVE=1
+	$(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE))
+	az deployment sub create -l "West Europe" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \
+		--parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-rsmdomains-rg" 'tags=${RG_TAGS}' "environment=${DEPLOY_ENV}" \
+			"tfStorageAccountName=${RESOURCE_NAME_PREFIX}rsmdomainstf" "tfStorageContainerName=rsmdomains-tf"  "keyVaultName=${RESOURCE_NAME_PREFIX}-rsmdomains-kv"
+
 domains-infra-init: bin/terrafile domains composed-variables set-azure-account
 	./bin/terrafile -p terraform/domains/infrastructure/vendor/modules -f terraform/domains/infrastructure/config/zones_Terrafile
 
diff --git a/global_config/domains.sh b/global_config/domains.sh
new file mode 100644
index 000000000..a7b764187
--- /dev/null
+++ b/global_config/domains.sh
@@ -0,0 +1,4 @@
+AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production
+AZURE_RESOURCE_PREFIX=s189p01
+CONFIG_SHORT=dom
+DISABLE_KEYVAULTS=true
diff --git a/terraform/domains/environment_domains/.terraform.lock.hcl b/terraform/domains/environment_domains/.terraform.lock.hcl
new file mode 100644
index 000000000..10fdcc67e
--- /dev/null
+++ b/terraform/domains/environment_domains/.terraform.lock.hcl
@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "3.116.0"
+  constraints = "3.116.0"
+  hashes = [
+    "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=",
+    "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d",
+    "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7",
+    "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24",
+    "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a",
+    "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880",
+    "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70",
+    "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc",
+    "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953",
+    "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa",
+    "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab",
+  ]
+}
diff --git a/terraform/domains/environment_domains/config/preprod.tfvars.json b/terraform/domains/environment_domains/config/preprod.tfvars.json
index a624b6e92..68200853a 100644
--- a/terraform/domains/environment_domains/config/preprod.tfvars.json
+++ b/terraform/domains/environment_domains/config/preprod.tfvars.json
@@ -5,7 +5,7 @@
       "resource_group_name": "s189p01-rsm-dom-rg",
       "domains": ["preprod"],
       "environment_short": "pp",
-      "origin_hostname": "refer-serious-misconduct-preprod.test.teacherservices.cloud"
+      "origin_hostname": "s165t01-rsm-preprod-app.azurewebsites.net"
     }
   }
 }
diff --git a/terraform/domains/environment_domains/config/production.tfvars.json b/terraform/domains/environment_domains/config/production.tfvars.json
index 5b5894189..551d4f11f 100644
--- a/terraform/domains/environment_domains/config/production.tfvars.json
+++ b/terraform/domains/environment_domains/config/production.tfvars.json
@@ -11,7 +11,7 @@
           "to-domain": "refer-serious-misconduct.education.gov.uk"
         }
       ],
-      "origin_hostname": "refer-serious-misconduct-production.teacherservices.cloud"
+      "origin_hostname": "s165p01-rsm-production-app.azurewebsites.net"
     }
   }
 }
diff --git a/terraform/domains/environment_domains/config/test.tfvars.json b/terraform/domains/environment_domains/config/test.tfvars.json
index a2b7a2661..49181b0fc 100644
--- a/terraform/domains/environment_domains/config/test.tfvars.json
+++ b/terraform/domains/environment_domains/config/test.tfvars.json
@@ -5,7 +5,7 @@
       "resource_group_name": "s189p01-rsm-dom-rg",
       "domains": ["test"],
       "environment_short": "test",
-      "origin_hostname": "refer-serious-misconduct-test.test.teacherservices.cloud"
+      "origin_hostname": "s165t01-rsm-test-app.azurewebsites.net"
     }
   }
 }
diff --git a/terraform/domains/environment_domains/main.tf b/terraform/domains/environment_domains/main.tf
index e576b3004..b7f35e347 100644
--- a/terraform/domains/environment_domains/main.tf
+++ b/terraform/domains/environment_domains/main.tf
@@ -8,7 +8,5 @@ module "domains" {
   domains             = each.value.domains
   environment         = each.value.environment_short
   host_name           = each.value.origin_hostname
-  null_host_header    = try(each.value.null_host_header, false)
-  cached_paths        = try(each.value.cached_paths, [])
   redirect_rules      = try(each.value.redirect_rules, [])
 }
diff --git a/terraform/domains/infrastructure/.terraform.lock.hcl b/terraform/domains/infrastructure/.terraform.lock.hcl
new file mode 100644
index 000000000..10fdcc67e
--- /dev/null
+++ b/terraform/domains/infrastructure/.terraform.lock.hcl
@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "3.116.0"
+  constraints = "3.116.0"
+  hashes = [
+    "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=",
+    "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d",
+    "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7",
+    "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24",
+    "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a",
+    "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880",
+    "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70",
+    "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc",
+    "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953",
+    "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa",
+    "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab",
+  ]
+}