diff --git a/terraform/environments/ppud/eventbridge.tf b/terraform/environments/ppud/eventbridge.tf
new file mode 100644
index 00000000000..5a38752fb03
--- /dev/null
+++ b/terraform/environments/ppud/eventbridge.tf
@@ -0,0 +1,28 @@
+################################################
+# Eventbridge Rules (to invoke Lambda functions)
+################################################
+
+# Eventbridge rule to invoke the Send CPU Graph lambda function every weekday at 17:05
+
+resource "aws_lambda_permission" "allow_eventbridge_invoke_send_cpu_graph_prod" {
+  count         = local.is-production == true ? 1 : 0
+  statement_id  = "AllowEventBridgeInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.terraform_lambda_func_send_cpu_graph_prod[0].function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.daily_schedule_send_cpu_graph_prod[0].arn
+}
+
+resource "aws_cloudwatch_event_rule" "daily_schedule_send_cpu_graph_prod" {
+  count               = local.is-production == true ? 1 : 0
+  name                = "send-cpu-graph-daily-weekday-schedule"
+  description         = "Trigger Lambda at 17:00 UTC on weekdays"
+  schedule_expression = "cron(5 17 ? * MON-FRI *)"
+}
+
+resource "aws_cloudwatch_event_target" "trigger_lambda_target_send_cpu_graph_prod" {
+ count      = local.is-production == true ? 1 : 0
+  rule      = aws_cloudwatch_event_rule.daily_schedule_send_cpu_graph_prod[0].name
+  target_id = "send_cpu_graph"
+  arn       = aws_lambda_function.terraform_lambda_func_send_cpu_graph_prod[0].arn
+}
diff --git a/terraform/environments/ppud/security_group.tf b/terraform/environments/ppud/security_group.tf
index b2bd679b75e..dfb37a7ffc7 100644
--- a/terraform/environments/ppud/security_group.tf
+++ b/terraform/environments/ppud/security_group.tf
@@ -1023,17 +1023,6 @@ resource "aws_security_group_rule" "PPUD-Mail-Server-Ingress" {
   security_group_id = aws_security_group.PPUD-Mail-Server[0].id
 }
 
-resource "aws_security_group_rule" "PPUD-Mail-Server-Ingress-1" {
-  description       = "Rule to allow port 587 traffic inbound"
-  count             = local.is-production == true ? 1 : 0
-  type              = "ingress"
-  from_port         = 587
-  to_port           = 587
-  protocol          = "tcp"
-  cidr_blocks       = [data.aws_vpc.shared.cidr_block]
-  security_group_id = aws_security_group.PPUD-Mail-Server[0].id
-}
-
 resource "aws_security_group_rule" "PPUD-Mail-Server-Egress" {
   description       = "Rule to allow port 443 traffic outbound"
   count             = local.is-production == true ? 1 : 0