diff --git a/terraform/environments/corporate-staff-rostering/ec2_common.tf b/terraform/environments/corporate-staff-rostering/ec2_common.tf
index e5a4af1c760..03dab62ef7f 100644
--- a/terraform/environments/corporate-staff-rostering/ec2_common.tf
+++ b/terraform/environments/corporate-staff-rostering/ec2_common.tf
@@ -40,7 +40,8 @@ resource "aws_ssm_document" "cloud_watch_agent" {
   )
 }
 
-resource "aws_ssm_document" "ami_build" {
+# commented out for now as this currently returns an error on apply
+/* resource "aws_ssm_document" "ami_build" {
   name            = "ami-build"
   document_type   = "Automation"
   document_format = "YAML"
@@ -52,4 +53,4 @@ resource "aws_ssm_document" "ami_build" {
       Name = "ami-build"
     },
   )
-}
\ No newline at end of file
+} */
\ No newline at end of file
diff --git a/terraform/environments/corporate-staff-rostering/locals.tf b/terraform/environments/corporate-staff-rostering/locals.tf
index 3f55b733bbb..d1d61ee112d 100644
--- a/terraform/environments/corporate-staff-rostering/locals.tf
+++ b/terraform/environments/corporate-staff-rostering/locals.tf
@@ -19,14 +19,18 @@ locals {
     enable_ec2_self_provision                    = true
     enable_ec2_oracle_enterprise_managed_server  = true
     enable_ec2_user_keypair                      = true
-    cloudwatch_metric_alarms                     = {}
+    cloudwatch_metric_alarms_default_actions     = ["csr_pagerduty"]
     route53_resolver_rules = {
       # outbound-data-and-private-subnets = ["azure-fixngo-domain"]  # already set by nomis account
     }
     iam_policies_filter      = ["ImageBuilderS3BucketWriteAndDeleteAccessPolicy"]
     iam_policies_ec2_default = ["EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy"]
     s3_iam_policies          = ["EC2S3BucketWriteAndDeleteAccessPolicy"]
-    sns_topics               = {}
+    sns_topics = {
+      pagerduty_integrations = {
+        csr_pagerduty = "csr_alarms"
+      }
+    }
   }
 
   baseline_acm_certificates       = {}
@@ -78,6 +82,8 @@ locals {
     jumpserver        = local.security_groups.jumpserver
   }
 
-  baseline_sns_topics     = {}
   baseline_ssm_parameters = {}
+
+  baseline_sns_topics = {}
+
 }
diff --git a/terraform/environments/corporate-staff-rostering/locals_app.tf b/terraform/environments/corporate-staff-rostering/locals_app.tf
new file mode 100644
index 00000000000..1552864857b
--- /dev/null
+++ b/terraform/environments/corporate-staff-rostering/locals_app.tf
@@ -0,0 +1,8 @@
+locals {
+
+  app_ec2_cloudwatch_metric_alarms = merge(
+    module.baseline_presets.cloudwatch_metric_alarms.ec2,
+    module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_windows
+  )
+
+}
\ No newline at end of file
diff --git a/terraform/environments/corporate-staff-rostering/locals_database.tf b/terraform/environments/corporate-staff-rostering/locals_database.tf
index b0ad8d9f62c..228f9ede8a2 100644
--- a/terraform/environments/corporate-staff-rostering/locals_database.tf
+++ b/terraform/environments/corporate-staff-rostering/locals_database.tf
@@ -6,4 +6,9 @@ locals {
     }
   }
 
+  database_ec2_cloudwatch_metric_alarms = merge(
+    module.baseline_presets.cloudwatch_metric_alarms.ec2,
+    module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_linux
+  )
+
 }
diff --git a/terraform/environments/corporate-staff-rostering/locals_development.tf b/terraform/environments/corporate-staff-rostering/locals_development.tf
index 27e047db39e..5695adb47c6 100644
--- a/terraform/environments/corporate-staff-rostering/locals_development.tf
+++ b/terraform/environments/corporate-staff-rostering/locals_development.tf
@@ -39,7 +39,7 @@ locals {
           user_data_raw                 = base64encode(file("./templates/test-user-data.yaml"))
           instance_profile_policies     = concat(module.baseline_presets.ec2_instance.config.default.instance_profile_policies, ["CSRWebServerPolicy"])
         })
-
+        cloudwatch_metric_alarms = local.app_ec2_cloudwatch_metric_alarms
         instance = merge(module.baseline_presets.ec2_instance.instance.default, {
           vpc_security_group_ids = ["app", "domain", "jumpserver"]
           instance_type          = "t3.medium"
diff --git a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf
index e6a60c11c6f..145943ad54c 100644
--- a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf
+++ b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf
@@ -244,9 +244,9 @@ locals {
     }
 
     baseline_ec2_autoscaling_groups = {
-      prepprod-tst-1 = {
+      pp-web-tst-1 = {
         config = merge(module.baseline_presets.ec2_instance.config.default, {
-          ami_name                      = "hmpps_windows_server_2022_release_2023-*" # Microsoft Windows Server 2019 Base
+          ami_name                      = "hmpps_windows_server_2022_release_2023-*" # Microsoft Windows Server 2022 Base
           ami_owner                     = "754260907303"
           ebs_volumes_copy_all_from_ami = false
           user_data_raw                 = base64encode(file("./templates/test-user-data.yaml"))
@@ -254,7 +254,7 @@ locals {
         })
 
         instance = merge(module.baseline_presets.ec2_instance.instance.default, {
-          vpc_security_group_ids = ["migration-web-sg", "domain-controller"]
+          vpc_security_group_ids = ["web", "domain", "jumpserver"]
           instance_type          = "t3.medium"
 
         })
diff --git a/terraform/environments/corporate-staff-rostering/locals_web.tf b/terraform/environments/corporate-staff-rostering/locals_web.tf
new file mode 100644
index 00000000000..835f2e07e94
--- /dev/null
+++ b/terraform/environments/corporate-staff-rostering/locals_web.tf
@@ -0,0 +1,8 @@
+locals {
+
+  web_ec2_cloudwatch_metric_alarms = merge(
+    module.baseline_presets.cloudwatch_metric_alarms.ec2,
+    module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_windows
+  )
+
+}
\ No newline at end of file