diff --git a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf
new file mode 100644
index 00000000000..4c7bd8e8fa1
--- /dev/null
+++ b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-rules.tf
@@ -0,0 +1,6 @@
+resource "aws_cloudwatch_event_rule" "jml_lambda_trigger" {
+  count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
+
+  name                = "jml-lambda-trigger"
+  schedule_expression = "cron(0 2 1 * ? *)"
+}
diff --git a/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf
new file mode 100644
index 00000000000..a7cd1a490a3
--- /dev/null
+++ b/terraform/environments/data-platform-apps-and-tools/cloudwatch-event-targets.tf
@@ -0,0 +1,7 @@
+resource "aws_cloudwatch_event_target" "jml_lambda_trigger" {
+  count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
+
+  rule      = aws_cloudwatch_event_rule.jml_lambda_trigger[0].name
+  target_id = "jml-lambda-trigger"
+  arn       = module.jml_extract_lambda[0].lambda_function_arn
+}
diff --git a/terraform/environments/data-platform-apps-and-tools/data.tf b/terraform/environments/data-platform-apps-and-tools/data.tf
index 2e0925f12c8..ac3e45e1363 100644
--- a/terraform/environments/data-platform-apps-and-tools/data.tf
+++ b/terraform/environments/data-platform-apps-and-tools/data.tf
@@ -81,4 +81,20 @@ data "aws_secretsmanager_secret_version" "openmetadata_entra_id_client_id" {
 
 data "aws_secretsmanager_secret_version" "openmetadata_entra_id_tenant_id" {
   secret_id = "openmetadata/entra-id/tenant-id"
-}
\ No newline at end of file
+}
+
+##################################################
+# Data Platform Apps and Tools JML
+##################################################
+
+data "aws_secretsmanager_secret_version" "govuk_notify_api_key" {
+  count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
+
+  secret_id = aws_secretsmanager_secret.govuk_notify_api_key[0].id
+}
+
+data "aws_secretsmanager_secret_version" "jml_email" {
+  count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
+
+  secret_id = aws_secretsmanager_secret.jml_email[0].id
+}
diff --git a/terraform/environments/data-platform-apps-and-tools/jml_lambda_execution_roles.tf b/terraform/environments/data-platform-apps-and-tools/jml_lambda_execution_roles.tf
deleted file mode 100644
index c9642059e7b..00000000000
--- a/terraform/environments/data-platform-apps-and-tools/jml_lambda_execution_roles.tf
+++ /dev/null
@@ -1,54 +0,0 @@
-# IAM role with a trust policy that allows the Lambda service to assume this role. 
-resource "aws_iam_role" "lambda_execution_role" {
-  name = "lambda_execution_role"
-
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Action = "sts:AssumeRole",
-        Effect = "Allow",
-        Principal = {
-          Service = "lambda.amazonaws.com"
-        }
-      }
-    ]
-  })
-}
-#Creates a Lambda function named using the IAM role created earlier. 
-resource "aws_lambda_function" "jml_lambda_execution_function" {
-  function_name = "jml_lambda_execution_function"
-  handler       = "handler"
-  runtime       = "python3.11"
-  filename      = "src/var/task"
-  role          = aws_iam_role.lambda_execution_role.arn
-}
-# Defines an IAM policy named that grants various permissions to interact with CloudWatch Logs.
-resource "aws_iam_policy" "cloudwatch_logs_policy" {
-  name        = "CloudWatchLogsPolicy"
-  description = "Policy to access CloudWatch Logs"
-
-  policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Action = [
-          "cloudwatch:GenerateQuery",
-          "logs:DescribeLogStreams",
-          "logs:DescribeLogGroups",
-          "logs:GetLogEvents",
-          "secretsmanager:GetSecretValue",
-          "secretsmanager:DescribeSecret",
-          "secretsmanager:ListSecrets"
-        ],
-        Effect   = "Allow",
-        Resource = "arn:aws:logs::${local.environment_management.account_ids["data-platform-apps-and-tools-production"]}:log-group:/aws/events/auth0/*",
-      }
-    ]
-  })
-}
-# Attaches the CloudWatch Logs policy to the IAM role created for the Lambda function.
-resource "aws_iam_role_policy_attachment" "cloudwatch_logs_policy_attachment" {
-  policy_arn = aws_iam_policy.cloudwatch_logs_policy.arn
-  role       = aws_iam_role.lambda_execution_role.name
-}
diff --git a/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf
new file mode 100644
index 00000000000..7e4b686027b
--- /dev/null
+++ b/terraform/environments/data-platform-apps-and-tools/lambda-functions.tf
@@ -0,0 +1,59 @@
+module "jml_extract_lambda" {
+  #checkov:skip=CKV_TF_1:Module is from Terraform registry
+  count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
+
+  source  = "terraform-aws-modules/lambda/aws"
+  version = "~> 6.0"
+
+  publish        = true
+  create_package = false
+
+  function_name = "data_platform_jml_extract"
+  description   = "Generates a JML report and sends it to JMLv4"
+  package_type  = "Image"
+  image_uri     = "374269020027.dkr.ecr.eu-west-2.amazonaws.com/data-platform-jml-extract-lambda-ecr-repo:1.0.1"
+
+  environment_variables = {
+    SECRET_ID       = data.aws_secretsmanager_secret_version.govuk_notify_api_key[0].secret_string
+    LOG_GROUP_NAMES = module.auth0_log_streams["alpha-analytics-moj"].cloudwatch_log_group_name
+    EMAIL_SECRET    = data.aws_secretsmanager_secret_version.jml_email[0].secret_string
+    TEMPLATE_ID     = "de618989-db86-4d9a-aa55-4724d5485fa5"
+  }
+
+  attach_policy_statements = true
+  policy_statements = {
+    "cloudwatch" = {
+      sid    = "CloudWatch"
+      effect = "Allow"
+      actions = [
+        "cloudwatch:GenerateQuery",
+        "logs:DescribeLogStreams",
+        "logs:DescribeLogGroups",
+        "logs:GetLogEvents"
+      ]
+      resources = [
+        "${module.auth0_log_streams["alpha-analytics-moj"].cloudwatch_log_group_arn}/*"
+      ]
+    }
+    "secretsmanager" = {
+      sid    = "SecretsManager"
+      effect = "Allow"
+      actions = [
+        "secretsmanager:DescribeSecret",
+        "secretsmanager:GetSecretValue",
+        "secretsmanager:ListSecrets"
+      ]
+      resources = [
+        aws_secretsmanager_secret.govuk_notify_api_key[0].arn,
+        aws_secretsmanager_secret.jml_email[0].arn
+      ]
+    }
+  }
+
+  allowed_triggers = {
+    "eventbridge" = {
+      principal  = "events.amazonaws.com"
+      source_arn = aws_cloudwatch_event_rule.jml_lambda_trigger[0].arn
+    }
+  }
+}
diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/outputs.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/outputs.tf
new file mode 100644
index 00000000000..1ccfb8b03e1
--- /dev/null
+++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/outputs.tf
@@ -0,0 +1,7 @@
+output "cloudwatch_log_group_arn" {
+  value = aws_cloudwatch_log_group.this.arn
+}
+
+output "cloudwatch_log_group_name" {
+  value = local.cloudwatch_log_group_name
+}
diff --git a/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf b/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf
index d68597b579a..7de2afa4db5 100644
--- a/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf
+++ b/terraform/environments/data-platform-apps-and-tools/powerbi-gateway-server.tf
@@ -15,8 +15,9 @@ module "powerbi_gateway" {
   source  = "terraform-aws-modules/ec2-instance/aws"
   version = "v5.6.0"
 
-  name                        = local.environment_configuration.powerbi_gateway_ec2.instance_name
-  ami                         = data.aws_ami.windows_server_2022.id
+  name = local.environment_configuration.powerbi_gateway_ec2.instance_name
+  # ami                         = data.aws_ami.windows_server_2022.id
+  ami                         = "ami-00ffeb610527f540b" # Hardcoded AMI ID for Windows Server 2022
   instance_type               = local.environment_configuration.powerbi_gateway_ec2.instance_type
   key_name                    = aws_key_pair.powerbi_gateway_keypair.key_name
   monitoring                  = true
diff --git a/terraform/environments/data-platform-apps-and-tools/secrets.tf b/terraform/environments/data-platform-apps-and-tools/secrets.tf
index d5516cbb6bc..6b85dcdadb2 100644
--- a/terraform/environments/data-platform-apps-and-tools/secrets.tf
+++ b/terraform/environments/data-platform-apps-and-tools/secrets.tf
@@ -42,6 +42,8 @@ resource "aws_secretsmanager_secret" "govuk_notify_api_key" {
 }
 
 # Email secret for Lambda function
-resource "aws_secretsmanager_secret" "email_secret" {
+resource "aws_secretsmanager_secret" "jml_email" {
+  count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
+
   name = "jml/email"
 }