diff --git a/installscripts/cookbooks/Policyfile.rb b/installscripts/cookbooks/Policyfile.rb
index e3284066..78b0f9ba 100644
--- a/installscripts/cookbooks/Policyfile.rb
+++ b/installscripts/cookbooks/Policyfile.rb
@@ -4,4 +4,4 @@
 cookbook 'nodejs', '~> 5.0.0'
 cookbook 'cloudcli', '~> 1.2.0'
 cookbook 'jenkins', path: './jenkins'
-run_list 'jenkins::setupjenkins', 'jenkins::sonarqube-scanner', 'jenkins::configurejenkins'
+run_list 'jenkins::setupjenkins', 'jenkins::sonarqube-scanner', 'jenkins::configurejenkins', 'jenkins::installgolang'
diff --git a/installscripts/cookbooks/jenkins/attributes/default.rb b/installscripts/cookbooks/jenkins/attributes/default.rb
index bba991fa..7f8ed677 100644
--- a/installscripts/cookbooks/jenkins/attributes/default.rb
+++ b/installscripts/cookbooks/jenkins/attributes/default.rb
@@ -13,6 +13,7 @@
 default['scmpath'] = "#{node['scmelb']}/scm"
 default['region'] = 'us-east-1'
 default['git_branch'] = 'master'
+default['git_plugin_branch'] = 'master'
 default['git_repo'] = 'https://github.com/tmobile/jazz.git'
 default['git_content_repo'] = 'https://github.com/tmobile/jazz-content/raw'
 default['git_content_plugins'] = 'jenkins/staticplugins/plugins.tar'
diff --git a/installscripts/cookbooks/jenkins/files/default/jazz-installer-vars.json b/installscripts/cookbooks/jenkins/files/default/jazz-installer-vars.json
index ba4508e6..217ae008 100644
--- a/installscripts/cookbooks/jenkins/files/default/jazz-installer-vars.json
+++ b/installscripts/cookbooks/jenkins/files/default/jazz-installer-vars.json
@@ -8,7 +8,8 @@
         "CLOUDFRONT_ORIGIN_ID": "",
         "ACCOUNTID": "",
         "REGION": "",
-        "ROLEID": "",
+        "PLATFORMSERVICES_ROLEID": "",
+        "USERSERVICES_ROLEID": "",
         "ES_HOSTNAME": "",
         "COGNITO": {
             "USER_POOL_ID": "",
diff --git a/installscripts/cookbooks/jenkins/recipes/configurejenkins.rb b/installscripts/cookbooks/jenkins/recipes/configurejenkins.rb
index 83ba9ba1..4fe7f0e3 100644
--- a/installscripts/cookbooks/jenkins/recipes/configurejenkins.rb
+++ b/installscripts/cookbooks/jenkins/recipes/configurejenkins.rb
@@ -44,7 +44,7 @@
 
 # Fetch the xmls.tar from our content repo
 execute 'copyXmlsTar' do
-  command "curl -sL #{node['git_content_repo']}/#{node['git_branch']}/#{node['git_content_xmls']} -o #{node['chef_root']}/xmls.tar; chmod 755 #{node['chef_root']}/xmls.tar"
+  command "curl -sL #{node['git_content_repo']}/#{node['git_plugin_branch']}/#{node['git_content_xmls']} -o #{node['chef_root']}/xmls.tar; chmod 755 #{node['chef_root']}/xmls.tar"
 end
 
 #ToDo ChefRemoval
diff --git a/installscripts/cookbooks/jenkins/recipes/installgolang.rb b/installscripts/cookbooks/jenkins/recipes/installgolang.rb
new file mode 100644
index 00000000..3835d199
--- /dev/null
+++ b/installscripts/cookbooks/jenkins/recipes/installgolang.rb
@@ -0,0 +1,40 @@
+if node['dockerizedJenkins'] == false
+    # Installing go lang
+    remote_file "#{Chef::Config['file_cache_path']}/go1.10.3.linux-amd64.tar.gz" do
+        source 'https://dl.google.com/go/go1.10.3.linux-amd64.tar.gz'
+        mode '0755'
+        action :create
+    end
+
+    execute 'mkdir' do
+        command 'mkdir -p /opt/go/{bin,src,pkg}'
+    end
+
+    execute 'install_go' do
+        command "tar -C /usr/local -xzf #{Chef::Config['file_cache_path']}/go1.10.3.linux-amd64.tar.gz"
+    end
+
+    # Installing godep (Dependency Management tool)
+    remote_file "#{Chef::Config['file_cache_path']}/install.sh" do
+        source 'https://raw.githubusercontent.com/golang/dep/master/install.sh'
+        mode '0755'
+        action :create
+    end
+
+    execute 'install_godep' do
+        environment ({
+            'GOPATH' => "/opt/go",
+            'PATH' => "#{ENV['PATH']}:"+"#{ENV['GOPATH']}"+"/bin:"+"/usr/local/go/bin/"
+        })
+        command "bash #{Chef::Config['file_cache_path']}/install.sh"
+    end
+    # link go
+    link '/bin/go' do
+        to '/usr/local/go/bin/go'
+    end
+    # link dep
+    link '/bin/dep' do
+        to '/opt/go/bin/dep'
+    end
+end
+
diff --git a/installscripts/cookbooks/jenkins/recipes/setupjenkins.rb b/installscripts/cookbooks/jenkins/recipes/setupjenkins.rb
index 78830ea1..3e70931c 100644
--- a/installscripts/cookbooks/jenkins/recipes/setupjenkins.rb
+++ b/installscripts/cookbooks/jenkins/recipes/setupjenkins.rb
@@ -19,7 +19,7 @@
   # plugin management
   # Fetch the plugins.tar from our content repo TODO replace this with a dynamic plugin install like the dockerized version
   execute 'copyPluginsTar' do
-    command "curl -sL #{node['git_content_repo']}/#{node['git_branch']}/#{node['git_content_repo']} -o #{node['chef_root']}/plugins.tar; chmod 755 #{node['chef_root']}/plugins.tar"
+    command "curl -sL #{node['git_content_repo']}/#{node['git_plugin_branch']}/#{node['git_content_plugins']} -o #{node['chef_root']}/plugins.tar; chmod 755 #{node['chef_root']}/plugins.tar"
   end
 
   execute 'extractJenkinsPlugins' do
diff --git a/installscripts/dockerfiles/jenkins-ce/Dockerfile b/installscripts/dockerfiles/jenkins-ce/Dockerfile
index 117c933c..13c5e91f 100644
--- a/installscripts/dockerfiles/jenkins-ce/Dockerfile
+++ b/installscripts/dockerfiles/jenkins-ce/Dockerfile
@@ -2,12 +2,21 @@
 FROM jenkins/jenkins:2.121.3
 MAINTAINER JazzOSS Team
 
+ARG goVersion=1.10.3
 # Switching to root to configure the image with system packages
 USER root
 RUN apt-get update && apt-get install -y vim curl sudo libtool autoconf make unzip rsync gcc autogen shtool pkg-config lsb-release python python-dev python-pip python-setuptools groff less && \
 curl https://bootstrap.pypa.io/get-pip.py | python && pip install --upgrade awscli && apt-get clean && pip install virtualenv && /usr/bin/easy_install virtualenv
 RUN wget -O /opt/apache-maven-3.5.2-bin.tar.gz https://archive.apache.org/dist/maven/maven-3/3.5.2/binaries/apache-maven-3.5.2-bin.tar.gz && tar xzvf /opt/apache-maven-3.5.2-bin.tar.gz -C  /opt && export PATH=$PATH:/opt/apache-maven-3.5.2/bin >> /etc/profile.d/maven.sh && ln -sf /opt/apache-maven-3.5.2/bin/mvn /usr/bin/mvn
 RUN curl -sL https://deb.nodesource.com/setup_8.x | bash && apt-get install -y nodejs && npm install  -global serverless@1.30.0 @angular/cli@1.7.3 jshint
+# Install scripts for golang 
+RUN curl -O https://storage.googleapis.com/golang/go${goVersion}.linux-amd64.tar.gz && tar -xvf go${goVersion}.linux-amd64.tar.gz && mv go /usr/local
+ENV GOROOT /usr/local/go 
+ENV GOBIN  /usr/local/go/bin 
+ENV GOPATH /usr/local/go/src 
+ENV PATH $GOROOT:$GOBIN:$GOPATH:$PATH 
+RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
+
 # Copying plugins list. Downlading and installing plugins from Jenkins PluginsManager
 COPY dockerfiles/jenkins-ce/plugins.txt /usr/share/jenkins/ref/plugins.txt
 RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
diff --git a/installscripts/jazz-terraform-unix-noinstances/api-gateway.tf b/installscripts/jazz-terraform-unix-noinstances/api-gateway.tf
index 4094912f..e83389b9 100644
--- a/installscripts/jazz-terraform-unix-noinstances/api-gateway.tf
+++ b/installscripts/jazz-terraform-unix-noinstances/api-gateway.tf
@@ -30,7 +30,7 @@ resource "aws_cloudwatch_log_group" "API-Gateway-Execution-Logs_prod" {
 
 resource "aws_cloudwatch_log_subscription_filter" "logfilter-dev" {
   name            = "logfilter-dev"
-  role_arn        = "${aws_iam_role.lambda_role.arn}"
+  role_arn        = "${aws_iam_role.platform_role.arn}"
   log_group_name  = "${aws_cloudwatch_log_group.API-Gateway-Execution-Logs_dev.name}"
   filter_pattern  = ""
   destination_arn = "${aws_kinesis_stream.logs_stream_prod.arn}"
@@ -39,7 +39,7 @@ resource "aws_cloudwatch_log_subscription_filter" "logfilter-dev" {
 
 resource "aws_cloudwatch_log_subscription_filter" "logfilter-stg" {
   name            = "logfilter-stg"
-  role_arn        = "${aws_iam_role.lambda_role.arn}"
+  role_arn        = "${aws_iam_role.platform_role.arn}"
   log_group_name  = "${aws_cloudwatch_log_group.API-Gateway-Execution-Logs_stg.name}"
   filter_pattern  = ""
   destination_arn = "${aws_kinesis_stream.logs_stream_prod.arn}"
@@ -48,7 +48,7 @@ resource "aws_cloudwatch_log_subscription_filter" "logfilter-stg" {
 
 resource "aws_cloudwatch_log_subscription_filter" "logfilter-prod" {
   name            = "logfilter-prod"
-  role_arn        = "${aws_iam_role.lambda_role.arn}"
+  role_arn        = "${aws_iam_role.platform_role.arn}"
   log_group_name  = "${aws_cloudwatch_log_group.API-Gateway-Execution-Logs_prod.name}"
   filter_pattern  = ""
   destination_arn = "${aws_kinesis_stream.logs_stream_prod.arn}"
@@ -56,5 +56,5 @@ resource "aws_cloudwatch_log_subscription_filter" "logfilter-prod" {
 }
 
 resource "aws_api_gateway_account" "cloudwatchlogroleupdate" {
-  cloudwatch_role_arn = "${aws_iam_role.lambda_role.arn}"
+  cloudwatch_role_arn = "${aws_iam_role.platform_role.arn}"
 }
diff --git a/installscripts/jazz-terraform-unix-noinstances/chefProvisioner.tf b/installscripts/jazz-terraform-unix-noinstances/chefProvisioner.tf
index 51042552..d8af2c2f 100644
--- a/installscripts/jazz-terraform-unix-noinstances/chefProvisioner.tf
+++ b/installscripts/jazz-terraform-unix-noinstances/chefProvisioner.tf
@@ -80,11 +80,7 @@ resource "null_resource" "configureJenkinsInstance" {
     inline = "mkdir -p ${var.chefDestDir}"
   }
 
-  #Copy the chef playbooks and jenkins binary plugin blobs over to the remote Jenkins server
-  provisioner "file" {
-    source      = "${var.jenkinsPluginsSourceDir}"
-    destination = "${var.chefDestDir}/"
-  }
+  #Copy the chef playbooks over to the remote Jenkins server
 
   provisioner "file" {
     source      = "${var.cookbooksSourceDir}"
@@ -115,7 +111,7 @@ resource "null_resource" "configureJenkinsDocker" {
 resource "null_resource" "postJenkinsConfiguration" {
   depends_on = ["null_resource.configureJenkinsInstance", "null_resource.configureJenkinsDocker", "aws_elasticsearch_domain.elasticsearch_domain"]
   provisioner "local-exec" {
-    command = "${var.modifyCodebase_cmd}  ${lookup(var.jenkinsservermap, "jenkins_security_group")} ${lookup(var.jenkinsservermap, "jenkins_subnet")} ${aws_iam_role.lambda_role.arn} ${var.region} ${var.envPrefix} ${var.cognito_pool_username}"
+    command = "${var.modifyCodebase_cmd}  ${lookup(var.jenkinsservermap, "jenkins_security_group")} ${lookup(var.jenkinsservermap, "jenkins_subnet")} ${aws_iam_role.platform_role.arn} ${var.region} ${var.envPrefix} ${var.cognito_pool_username}"
   }
 
   // Injecting bootstrap variables into Jazz-core Jenkinsfiles*
diff --git a/installscripts/jazz-terraform-unix-noinstances/iam.tf b/installscripts/jazz-terraform-unix-noinstances/iam.tf
index 03c8239c..4c5bbb8a 100644
--- a/installscripts/jazz-terraform-unix-noinstances/iam.tf
+++ b/installscripts/jazz-terraform-unix-noinstances/iam.tf
@@ -1,10 +1,10 @@
 resource "aws_iam_role_policy_attachment" "lambdafullaccess" {
-  role       = "${aws_iam_role.lambda_role.name}"
+  role       = "${aws_iam_role.platform_role.name}"
   policy_arn = "arn:aws:iam::aws:policy/AWSLambdaFullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "apigatewayinvokefullAccess" {
-  role       = "${aws_iam_role.lambda_role.name}"
+  role       = "${aws_iam_role.platform_role.name}"
   policy_arn = "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess"
 }
 
@@ -13,33 +13,39 @@ resource "aws_iam_role_policy_attachment" "cloudwatchlogaccess" {
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
 }
 
+resource "aws_iam_role_policy_attachment" "cloudwatchlogaccessbasic" {
+  role       = "${aws_iam_role.platform_role.name}"
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
 resource "aws_iam_role_policy_attachment" "kinesisaccess" {
-  role       = "${aws_iam_role.lambda_role.name}"
+  role       = "${aws_iam_role.platform_role.name}"
   policy_arn = "arn:aws:iam::aws:policy/AmazonKinesisFullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "s3fullaccess" {
-  role       = "${aws_iam_role.lambda_role.name}"
+  role       = "${aws_iam_role.platform_role.name}"
   policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "sqsfullaccess" {
-  role       = "${aws_iam_role.lambda_role.name}"
+  role       = "${aws_iam_role.platform_role.name}"
   policy_arn = "arn:aws:iam::aws:policy/AmazonSQSFullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "cognitopoweruser" {
-  role       = "${aws_iam_role.lambda_role.name}"
+  role       = "${aws_iam_role.platform_role.name}"
   policy_arn = "arn:aws:iam::aws:policy/AmazonCognitoPowerUser"
 }
 
 resource "aws_iam_role_policy_attachment" "pushtocloudwatchlogs" {
-  role       = "${aws_iam_role.lambda_role.name}"
+  role       = "${aws_iam_role.platform_role.name}"
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
 }
 
 resource "aws_iam_role" "lambda_role" {
   name = "${var.envPrefix}_basic_execution"
+  tags = "${merge(var.additional_tags, local.common_tags)}"
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -71,9 +77,9 @@ resource "aws_iam_role" "lambda_role" {
 EOF
 }
 
-resource "aws_iam_role_policy" "basic_execution_policy" {
-  name = "${var.envPrefix}_basic_execution_policy"
-  role = "${aws_iam_role.lambda_role.id}"
+resource "aws_iam_role_policy" "platform_service_policy" {
+  name = "${var.envPrefix}_platform_service_policy"
+  role = "${aws_iam_role.platform_role.id}"
 
   policy = <<EOF
 {
@@ -90,3 +96,37 @@ resource "aws_iam_role_policy" "basic_execution_policy" {
 }
 EOF
 }
+
+resource "aws_iam_role" "platform_role" {
+  name = "${var.envPrefix}_platform_services"
+  tags = "${merge(var.additional_tags, local.common_tags)}"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+        "Sid": "",
+        "Effect": "Allow",
+        "Principal": {
+            "Service": "apigateway.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+    },
+    {
+        "Effect": "Allow",
+        "Principal": {
+            "Service": "lambda.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+    },
+    {
+        "Effect": "Allow",
+        "Principal": {
+            "Service": "logs.${var.region}.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
diff --git a/installscripts/jazz-terraform-unix-noinstances/jenkins.tf b/installscripts/jazz-terraform-unix-noinstances/jenkins.tf
index 9522197e..5d301b47 100644
--- a/installscripts/jazz-terraform-unix-noinstances/jenkins.tf
+++ b/installscripts/jazz-terraform-unix-noinstances/jenkins.tf
@@ -46,7 +46,10 @@ resource "null_resource" "update_jenkins_configs" {
     command = "${var.configureS3Names_cmd} ${aws_s3_bucket.oab-apis-deployment-dev.bucket} ${aws_s3_bucket.oab-apis-deployment-stg.bucket} ${aws_s3_bucket.oab-apis-deployment-prod.bucket} ${aws_s3_bucket.jazz-web.bucket} ${var.jenkinsjsonpropsfile}"
   }
   provisioner "local-exec" {
-    command = "${var.modifyPropertyFile_cmd} ROLEID ${aws_iam_role.lambda_role.arn}  ${var.jenkinsjsonpropsfile}"
+    command = "${var.modifyPropertyFile_cmd} PLATFORMSERVICES_ROLEID ${aws_iam_role.platform_role.arn}  ${var.jenkinsjsonpropsfile}"
+  }
+  provisioner "local-exec" {
+    command = "${var.modifyPropertyFile_cmd} USERSERVICES_ROLEID ${aws_iam_role.lambda_role.arn}  ${var.jenkinsjsonpropsfile}"
   }
   provisioner "local-exec" {
     command = "${var.modifyPropertyFile_cmd} WEBSITE_DEV_BUCKET ${aws_s3_bucket.dev-serverless-static.bucket} ${var.jenkinsjsonpropsfile}"
diff --git a/installscripts/jazz-terraform-unix-noinstances/s3bucket.tf b/installscripts/jazz-terraform-unix-noinstances/s3bucket.tf
index 96650352..6cb98f5d 100755
--- a/installscripts/jazz-terraform-unix-noinstances/s3bucket.tf
+++ b/installscripts/jazz-terraform-unix-noinstances/s3bucket.tf
@@ -157,7 +157,7 @@ data "aws_iam_policy_document" "dev-serverless-static-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.dev-serverless-static.arn}/*"
@@ -170,7 +170,7 @@ data "aws_iam_policy_document" "dev-serverless-static-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.dev-serverless-static.arn}"
@@ -191,7 +191,7 @@ data "aws_iam_policy_document" "stg-serverless-static-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.stg-serverless-static.arn}/*"
@@ -204,7 +204,7 @@ data "aws_iam_policy_document" "stg-serverless-static-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.stg-serverless-static.arn}"
@@ -227,7 +227,7 @@ data "aws_iam_policy_document" "prod-serverless-static-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.prod-serverless-static.arn}/*"
@@ -240,7 +240,7 @@ data "aws_iam_policy_document" "prod-serverless-static-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.prod-serverless-static.arn}"
@@ -261,7 +261,7 @@ data "aws_iam_policy_document" "jazz-web-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.jazz-web.arn}/*"
@@ -275,7 +275,7 @@ data "aws_iam_policy_document" "jazz-web-policy-data-contents" {
     ]
     principals  {
       type="AWS",
-      identifiers = ["${aws_iam_role.lambda_role.arn}"]
+      identifiers = ["${aws_iam_role.platform_role.arn}"]
     }
     resources = [
       "${aws_s3_bucket.jazz-web.arn}"
diff --git a/installscripts/jazz-terraform-unix-noinstances/scripts/destroy.sh b/installscripts/jazz-terraform-unix-noinstances/scripts/destroy.sh
index 39999630..11a71ec9 100755
--- a/installscripts/jazz-terraform-unix-noinstances/scripts/destroy.sh
+++ b/installscripts/jazz-terraform-unix-noinstances/scripts/destroy.sh
@@ -2,6 +2,7 @@
 date
 
 stack_name=""
+identity=""
 loopIndx=0
 
 if [ "$1" == "" ]; then
@@ -17,7 +18,8 @@ if [ "$1" != "all" ] && [ "$1" != "frameworkonly" ]; then
 fi
 
 if [ -z "$JAZZ_INSTALLER_ROOT" ]; then
-    export JAZZ_INSTALLER_ROOT=`pwd`
+    # shellcheck disable=SC2155
+    export JAZZ_INSTALLER_ROOT=$(pwd)
 fi
 
 # Rename any stack_deletion out files if any
@@ -25,21 +27,24 @@ for x in $JAZZ_INSTALLER_ROOT/stack_de*.out
 do
     if [ -f "$x" ]
     then
-        mv $x ${x%.out}-old.out
+        mv "$x" "${x%.out}-old.out"
     fi
 done
 
+# Delete the identity policy  - Created in installscripts/jazz-terraform-unix-noinstances/scripts/ses.sh
+aws ses delete-identity-policy --identity $identity --policy-name Policy-$stack_name
+
 echo " ======================================================="
 echo " The following stack has been marked for deletion in AWS"
 echo " ________________________________________________"
-cd installscripts/jazz-terraform-unix-noinstances
+cd installscripts/jazz-terraform-unix-noinstances || exit
 terraform state list
 
 echo " ======================================================="
 
 echo " Destroying of stack initiated!!! "
 echo " Execute  'tail -f stack_deletion_X.out' in below directory to see the stack deletion progress (X=1 or 2 or 3)"
-echo $JAZZ_INSTALLER_ROOT
+echo "$JAZZ_INSTALLER_ROOT"
 
 echo " ======================================================="
 
@@ -52,11 +57,11 @@ if [ "$1" == "all" ]; then
     python scripts/DeleteStackPlatformServices.py $stack_name true
 
     #Deleting Cloud Front Distributions
-    cd $JAZZ_INSTALLER_ROOT/installscripts/jazz-terraform-unix-noinstances
+    cd "$JAZZ_INSTALLER_ROOT"/installscripts/jazz-terraform-unix-noinstances || exit
     python scripts/DeleteStackCloudFrontDists.py $stack_name true
 
     echo "Destroy cloudfronts"
-    cd $JAZZ_INSTALLER_ROOT/installscripts/jazz-terraform-unix-noinstances
+    cd "$JAZZ_INSTALLER_ROOT"/installscripts/jazz-terraform-unix-noinstances || exit
     python scripts/DeleteStackCloudFrontDists.py $stack_name false
 
     while [ $loopIndx -le 2 ];
@@ -96,7 +101,7 @@ if [ "$1" == "frameworkonly" ]; then
 fi
 
 
-cd $JAZZ_INSTALLER_ROOT
+cd "$JAZZ_INSTALLER_ROOT" || exit
 
 if (grep -q "Error applying plan" ./stack_deletion_$loopIndx.out) then
     echo "Error occured in destroy, please refer stack_deletion.out and re-run destroy after resolving the issues."
diff --git a/installscripts/jazz-terraform-unix-noinstances/scripts/ses.sh b/installscripts/jazz-terraform-unix-noinstances/scripts/ses.sh
index c009734b..f27ca281 100644
--- a/installscripts/jazz-terraform-unix-noinstances/scripts/ses.sh
+++ b/installscripts/jazz-terraform-unix-noinstances/scripts/ses.sh
@@ -4,20 +4,20 @@
 EMAIL_ADDRESS=$1
 REGION=$2
 JENKINSATTRIBSFILE=$3
-AWS_ACCESS_KEY=$4
 AWS_SECRET_KEY=$5
 ENV_PREFIX=$6
 POLICY_NAME="Policy-$ENV_PREFIX"
-ACCOUNT=`aws sts get-caller-identity --output text --query 'Account'`
+ACCOUNT=$(aws sts get-caller-identity --output text --query 'Account')
 # Python Script create SMTP AUTH PASSWORD of the access key using the secret key
 # the write to default.db in the cook book
-python scripts/GetSESsmtpPassword.py $AWS_SECRET_KEY
+python scripts/GetSESsmtpPassword.py "$AWS_SECRET_KEY"
 
 # SES Validate and register email address
-aws ses verify-email-identity --email-address $EMAIL_ADDRESS
+aws ses verify-email-identity --email-address "$EMAIL_ADDRESS"
 
 # Attaching identity policy
-aws ses put-identity-policy --identity $EMAIL_ADDRESS --policy-name $POLICY_NAME --policy '{
+# shellcheck disable=SC2086
+aws ses put-identity-policy --identity "$EMAIL_ADDRESS" --policy-name "$POLICY_NAME" --policy '{
     "Version": "2008-10-17",
     "Statement": [
         {
@@ -25,7 +25,7 @@ aws ses put-identity-policy --identity $EMAIL_ADDRESS --policy-name $POLICY_NAME
             "Effect": "Allow",
             "Principal": {
                 "AWS": [
-                    "arn:aws:iam::'$ACCOUNT':role/'$ENV_PREFIX'_basic_execution",
+                    "arn:aws:iam::'$ACCOUNT':role/'$ENV_PREFIX'_platform_services",
                     "arn:aws:iam::'$ACCOUNT':root"
                 ]
             },
@@ -39,4 +39,4 @@ aws ses put-identity-policy --identity $EMAIL_ADDRESS --policy-name $POLICY_NAME
 }'
 
 #Change the config values in JENKINSATTRIBSFILE
-sed -i "s/default\['jenkins'\]\['SES-defaultSuffix'\].*.$/default['jenkins']['SES-defaultSuffix']='$EMAIL_ADDRESS'/g"  $JENKINSATTRIBSFILE
+sed -i "s/default\['jenkins'\]\['SES-defaultSuffix'\].*.$/default['jenkins']['SES-defaultSuffix']='$EMAIL_ADDRESS'/g"  "$JENKINSATTRIBSFILE"
diff --git a/installscripts/jazz-terraform-unix-noinstances/variables.tf b/installscripts/jazz-terraform-unix-noinstances/variables.tf
index 980740d2..f2b36cfb 100755
--- a/installscripts/jazz-terraform-unix-noinstances/variables.tf
+++ b/installscripts/jazz-terraform-unix-noinstances/variables.tf
@@ -19,10 +19,7 @@ variable "cognito_pool_password" {type = "string" default = "cognito_pool_passwo
 # Copying these resources to TMP on remote machines,
 # since $HOME is not reliable for all of our scenarios.
 #
-variable "jenkinsPluginsSourceDir" {
-  type = "string"
-  default = "../jenkinsplugins"
-}
+
 variable "cookbooksSourceDir" {
   type = "string"
   default = "../cookbooks"
diff --git a/installscripts/wizard/scenarios/support/jazz_common.py b/installscripts/wizard/scenarios/support/jazz_common.py
index 828e1954..c6084899 100644
--- a/installscripts/wizard/scenarios/support/jazz_common.py
+++ b/installscripts/wizard/scenarios/support/jazz_common.py
@@ -75,12 +75,14 @@ def parse_and_replace_parameter_list(terraform_folder, parameter_list):
                    get_atlassian_tools_path() + "lib/bitbucket-cli-6.7.0.jar",
                    get_tfvars_file())
 
-    subprocess.call([
-        'sed', '-i',
-        's|stack_name=.*.$|stack_name="%s"|g' % (jazz_tag_details[0]),
-        "scripts/destroy.sh"
-    ])
+    # Update stack name and identity in destroy script
+    with open("scripts/destroy.sh", 'r') as file:
+        filedata = file.read()
+    filedata = re.sub(r'stack_name=.*', 'stack_name="%s"' % (jazz_tag_details[0]), filedata)
+    filedata = re.sub(r'identity=.*', 'identity="%s"' % (cognito_details[0]), filedata)
 
+    with open("scripts/destroy.sh", 'w') as file:
+        file.write(filedata)
 
 # Uses sed to modify the values of key-value pairs within a file
 # (such as a .tfvars file) that follow the form 'key = value'
@@ -97,17 +99,20 @@ def replace_tfvars(key, value, fileName):
         r's|\(%s = \)\(.*\)|\1\"%s\"|g' % (key, value), fileName
     ])
 
-#replace it without double quotes
+
+# replace it without double quotes
 def replace_tfvars_map(key, value, fileName):
     subprocess.call([
         'sed', "-i\'.bak\'",
         r's|\(%s = \)\(.*\)|\1%s|g' % (key, value), fileName
     ])
 
+
 def validate_email_id(email_id):
     """
         Parse the parameters send from run.py and validate Cognito details
     """
+    # flake8: noqa
     if re.search('[^@]+@[^@]+\.[^@]+', email_id) is None:
         return False
     else:
diff --git a/test/check-bash.sh b/test/check-bash.sh
index 9a948f4c..976ba0de 100755
--- a/test/check-bash.sh
+++ b/test/check-bash.sh
@@ -13,10 +13,12 @@ custom_commit_range="${TRAVIS_COMMIT_RANGE/.../..}"
 
 echo "Diffing commit range" "$custom_commit_range"
 
+exitcode=0
 # Get changed file names, excluding deleted files
 for file in $(git diff --diff-filter=d --name-only "$custom_commit_range" | grep .sh\$); do
+  echo "Checking ${bold}$file${normal}..."
   # Globally ignore lint error SC2024: https://github.com/koalaman/shellcheck/wiki/SC2024
   # as I don't think it's an important check for our use case
-  echo "Checking ${bold}$file${normal}..."
-  shellcheck -e SC2024 "$file"
+  shellcheck -e SC2024 "$file" || exitcode=1 && true
 done
+exit $exitcode