From baf4d90ddcc4c220ee8a9458a3aeff174d5a91b9 Mon Sep 17 00:00:00 2001
From: carlomazzaferro <carlo.mazzaferro@gmail.com>
Date: Mon, 16 Oct 2023 15:09:02 +0200
Subject: [PATCH] fix: sync staging ops with main

---
 ops/README.md                                 |   2 +-
 ops/env/testnet/core/secrets.prod.json        |   8 +-
 ops/env/testnet/core/secrets.staging.json     |  16 +-
 ops/infra/.terraform-version                  |   2 +-
 ops/infra/outputs.tf                          |   5 +-
 ops/mainnet/prod/backend/.terraform-version   |   2 +-
 ops/mainnet/prod/backend/main.tf              |   5 -
 ops/mainnet/prod/core/.terraform-version      |   2 +-
 ops/mainnet/prod/core/config.tf               |   1 -
 ops/mainnet/prod/core/main.tf                 |  44 ++----
 ops/mainnet/prod/core/variables.tf            |   4 -
 ops/modules/ecr-lcp/main.tf                   |  77 ++++++++++
 ops/modules/ecr-lcp/variables.tf              |   4 +
 ops/modules/ecr/main.tf                       |  26 ----
 ops/modules/ecs/variables.tf                  |  10 --
 ops/modules/iam/outputs.tf                    |   4 +
 ops/modules/iam/vpc.tf                        |  39 +++++
 ops/modules/lambda/main.tf                    |   2 +-
 ops/modules/lambda/variables.tf               |   7 +-
 ops/modules/networking/main.tf                |  30 ++++
 ops/modules/service/main.tf                   |   5 +-
 ops/modules/service/variables.tf              |   4 -
 ops/testnet/prod/backend/.terraform-version   |   2 +-
 ops/testnet/prod/backend/config.tf            |   4 +-
 ops/testnet/prod/backend/main.tf              |   5 -
 ops/testnet/prod/core/.terraform-version      |   2 +-
 ops/testnet/prod/core/config.tf               |  86 ++++++-----
 ops/testnet/prod/core/main.tf                 |  40 ++---
 ops/testnet/prod/core/variables.tf            |   4 -
 .../staging/backend/.terraform-version        |   2 +-
 ops/testnet/staging/backend/config.tf         |   9 +-
 ops/testnet/staging/backend/main.tf           |  60 +-------
 ops/testnet/staging/core/.terraform-version   |   2 +-
 ops/testnet/staging/core/config.tf            | 138 ++++++------------
 ops/testnet/staging/core/main.tf              | 101 +++++--------
 ops/testnet/staging/core/outputs.tf           |  29 ++--
 ops/testnet/staging/core/variables.tf         |  34 ++---
 37 files changed, 354 insertions(+), 463 deletions(-)
 create mode 100644 ops/modules/ecr-lcp/main.tf
 create mode 100644 ops/modules/ecr-lcp/variables.tf
 create mode 100644 ops/modules/iam/vpc.tf

diff --git a/ops/README.md b/ops/README.md
index 33651baedc..c079dea8c0 100644
--- a/ops/README.md
+++ b/ops/README.md
@@ -1,7 +1,7 @@
 ## AWS Infrastructure
 
 This folder contains all the code necessary to deploy a sequencer and router server to a highly-available
-ecs cluster, with required dependencies. Namely:
+ecs cluster, with its required dependencies. Namely:
 
 - Fully configured load balancing, port forwarding, and TLS
 - Autoscaling with ECS on [Fargate](https://aws.amazon.com/fargate/)
diff --git a/ops/env/testnet/core/secrets.prod.json b/ops/env/testnet/core/secrets.prod.json
index 2478f63ca0..9dced95e29 100644
--- a/ops/env/testnet/core/secrets.prod.json
+++ b/ops/env/testnet/core/secrets.prod.json
@@ -1,9 +1,9 @@
 {
 	"goerli_alchemy_key_0": "ENC[AES256_GCM,data:Owj2W0HXZ8eT1NWQNAmg2X3lykNb4m1hcYyQ7X0TaEc=,iv:dSU2ek6pGWNHTCaYDvVKuurTDlnq+TsZtQ/2FJq/xHw=,tag:tS7e8SWcpCo7lxFckqwFMA==,type:str]",
 	"goerli_alchemy_key_1": "ENC[AES256_GCM,data:aHBsbLDrIu2JfR13pIziTRYTE6kGMwToboIYp9K8U3c=,iv:OvM6yWKwgYzj2ChBF2BVbDUwJC/WewdntXCxR2cofzY=,tag:WZMleETIKWrZowsdzZOOsg==,type:str]",
-	"optgoerli_alchemy_key_0": "ENC[AES256_GCM,data:+NEFwFd97974EAwMxF3ctjUpGf4EMWRy8aXIAeCPIaw=,iv:jiz3YBLnX4wYFSCj/qj/Gep4RYYZZtb974vP/gymcDE=,tag:t/lP1O9f2Q5VYtgNtIjduw==,type:str]",
+	"optgoerli_alchemy_key_0": "ENC[AES256_GCM,data:Rcy+YLf1BaHp+4IdpylsX9CZN+xgHC2GotFKpXgQwys=,iv:2hti9Xi5OVcluqu5HxPrRcAx4/b2ICZHui3dWREnCbY=,tag:MSIglSjG/00za1K4XhjW6Q==,type:str]",
 	"optgoerli_alchemy_key_1": "ENC[AES256_GCM,data:IKvEQW3u/ShLXgt90ZyvbwSgaoWSVjNKucefr1ZUOks=,iv:KNkyaDV+MoVJ4GmQDwxn/drHeTNXAtJ+IdXkh5r1UxY=,tag:7stNWMB0nmWqOrqZwsOENw==,type:str]",
-	"arbgoerli_alchemy_key_0": "ENC[AES256_GCM,data:FznvthayCWL5gQrBs4GSyRkZrXg1fAXTpuvHoZ0Brmw=,iv:h/Ln5MiegVXtUgCWB65hwfCVhRht9cr2Fw4QbUO4ZPg=,tag:r1ueHnIDTKcQBxVRmirvfg==,type:str]",
+	"arbgoerli_alchemy_key_0": "ENC[AES256_GCM,data:DzcWQbZI0vkf1VRdAZqaalCecYOedSbYyfW7livMY2g=,iv:7P9KrTDmNrD36HbALYsjTNQr3oMkZqxY57f8rzWq6PY=,tag:72I+op1utGFaLjwJHJ83pQ==,type:str]",
 	"arbgoerli_alchemy_key_1": "ENC[AES256_GCM,data:AoJEiPuHviI14XuFJP7/GFTbEd5UfLHXq3OefHwV3BQ=,iv:tvvt76MHKvXcsVOl+Lk2t6PjazzhS/tBXbVWuJ1JL8w=,tag:KS9pom1Fz9o7DLsPuxLrRQ==,type:str]",
 	"mumbai_alchemy_key_0": "ENC[AES256_GCM,data:VolMxEjn8+QnY13VzDpEWenyv1CBjvyjcLMb1l/xlrw=,iv:BWvw9p/3JYsLpqdszm5JIasoxjypghjaff/BJ2QIOtM=,tag:M/AN6XyOJoAL7/RNWy7SuQ==,type:str]",
 	"blast_key": "ENC[AES256_GCM,data:aOV48KWCE0L4tjHc+Tdt4oQBFGbTRKeb+2DMFI4Y7LGjYNke,iv:wv3W/M2ZKTFpj28WAUZIvPKOc4kvsWqabDd+qoVTdg4=,tag:gWHQBWTVIjT0PymIHOROnQ==,type:str]",
@@ -36,8 +36,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2023-06-20T08:53:00Z",
-		"mac": "ENC[AES256_GCM,data:03ff0KH7+dCzZrc/SHwl4DdInbZ5ArBveoDKQRRWStKX8r5aYxoVNGVLRv5GtJvg/sWRBodUxJfpXXr/C2N2TseMAbCcFeQz23LmJgQwljSvq9hC33Seupf5MUl0EX1+ibFkpLAmxYyhTKCiLMKNh7GvjTKxF6jt5CcOW+b1RyI=,iv:g9XXrnV7+SCwJT87RzIIGa+woRlhpLTAnUq46mCGfZk=,tag:8/1fuUCINRamsbQRpKyXTQ==,type:str]",
+		"lastmodified": "2023-10-12T18:16:36Z",
+		"mac": "ENC[AES256_GCM,data:74+Bo9rq93wtubj0aXcJUwNQB+KrSDllG4HurDeqyW2mt+kkOQckWmnZmdyK9DqNvLCp+h33dp3IiJHz+ijHWrfAku3uQCSg2x/0GNNFxEH1+/SReXriP+XaVZ81CuWYgcLEqOOi7EVWl8TTBhpwBpS3QHcP4MQ6M3xX3ebBux0=,iv:jsRaEk85OzJAtT5ArvgCdCVBlPn84PhrBkU+kujq85w=,tag:rJs0Ak7ulVgheQnoh3R+XQ==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.7.3"
diff --git a/ops/env/testnet/core/secrets.staging.json b/ops/env/testnet/core/secrets.staging.json
index bf9f774ba9..49eecd9baa 100644
--- a/ops/env/testnet/core/secrets.staging.json
+++ b/ops/env/testnet/core/secrets.staging.json
@@ -1,20 +1,18 @@
 {
+	"optgoerli_alchemy_key_0": "ENC[AES256_GCM,data:k1qUWsq8/E0RPCsjOwdv50q36b3wch73xgxTdm8mEbI=,iv:hCcTxDpm3HGETyzZ4jLtoMlYPVotQVf2647KRQwVHes=,tag:m9LqGTMbvzQa74j2aVW1lA==,type:str]",
+	"optgoerli_alchemy_key_1": "ENC[AES256_GCM,data:hW5uu+SLwb50rSLv9YdCKnk79MEhyqP2vxELQPc5/zg=,iv:xHCBKpARqPGrjt5ZAJO7PJEQGLVRIKFfI90ahnOqAmI=,tag:EcTWFj2TIshthXYjNYCjYg==,type:str]",
 	"goerli_alchemy_key_0": "ENC[AES256_GCM,data:/wISWZUmSGM3ltN4h9rxDGUnhf9kgc6VW51zl6Wu7Z8=,iv://fHe2qY8Qjl7f0qGa02lOLjccC9HyNNVeCe5NOilIM=,tag:Ei98lvqXj3MudX/dHPEfQg==,type:str]",
 	"goerli_alchemy_key_1": "ENC[AES256_GCM,data:dMUjnDXoer4TRSR/YBQ5MIs/FUuSjRILAaLWp08hj1c=,iv:z1ZD+HYfeVdujaAmFWQTL9vmF52GAB9p8iEBna9RWHw=,tag:nQE8qQgIU3asER0b3iWmng==,type:str]",
-	"optgoerli_alchemy_key_0": "ENC[AES256_GCM,data:mXcL4RU5T49CD3g4jQQA6AMGSupcFO+RknKYDYI4fBo=,iv:jPPyIcLzqyibmIZWvSUBabkH16kP32QhKpbFytIrpVI=,tag:1lw7dR9FxDCvS+2PVbsZcg==,type:str]",
-	"optgoerli_alchemy_key_1": "ENC[AES256_GCM,data:hW5uu+SLwb50rSLv9YdCKnk79MEhyqP2vxELQPc5/zg=,iv:xHCBKpARqPGrjt5ZAJO7PJEQGLVRIKFfI90ahnOqAmI=,tag:EcTWFj2TIshthXYjNYCjYg==,type:str]",
-	"arbgoerli_alchemy_key_0": "ENC[AES256_GCM,data:Bqq7QPW2TUVdlppYdxdV//Vbdca9cTyIAwnhqlVduCw=,iv:tuAnhM5QSOh06zrkBPAwgNB1agAZwFhW13FCyM03/LQ=,tag:iKFPbTBTKkZUmiI6eKBBkQ==,type:str]",
+	"arbgoerli_alchemy_key_0": "ENC[AES256_GCM,data:68ITTHB2K4ENYUserZiFLp5spE8vqPEr7VhKAGTPQy4=,iv:5qIXaTVycbJBVCwlq768qhWv5MLoyV0RabMLqQ3KwHk=,tag:dd6ubCahF9UiAS4klBY5lQ==,type:str]",
 	"arbgoerli_alchemy_key_1": "ENC[AES256_GCM,data:RkENJZPkuPT/Lb4sfY/1IUGdpGYWZ167acoWVWjP0ww=,iv:rznmPAbXaujoUUc/9L1Y7RwJ7TDxRKXWjiUvTRm0DBE=,tag:HFX0K5oEW88BOtHq/Na47g==,type:str]",
-	"mumbai_alchemy_key_0": "ENC[AES256_GCM,data:3roireSflhY69Nc7a7iN7vZl3XOlfSGUcoXXQUM6Q9o=,iv:p/vwiWYAuU/kW287lHAmzQTL/6eaUAQhbvVyhF7M+js=,tag:ta+HAca5ohMizSmD5Tapuw==,type:str]",
 	"blast_key": "ENC[AES256_GCM,data:hpLxIagHQcTrTTGjLh92R+7/R8KvWHy45eCV1vYkfdYve4Dr,iv:tM11VtOjKc+KHpd0PEkgmcLK0lEw4fI2y7CQYLE+afY=,tag:cdhEzbUnkTd7z09DcUP01Q==,type:str]",
-	"infura_key": "ENC[AES256_GCM,data:SCBjO1DDN/bk8t1+ET7TXANbhgoaKYnXhkoVdXVraBY=,iv:5FkRlSFgEXa/6JKcaiU50x1s7OKmTvJ2A8E4mLiT7jw=,tag:STmv7wfTZig5Js9PtJbSGw==,type:str]",
 	"admin_token_router": "ENC[AES256_GCM,data:0wnIxq6DHe0=,iv:Mwb4AXNF5l2mFXJZ7emfRLRg3bZZWk0j9UtgqYOyL2Q=,tag:JGBJron0GZVRIp75/Lx98A==,type:str]",
 	"admin_token_relayer": "ENC[AES256_GCM,data:FW0wINsA/+n4+J5w,iv:TK+ajUjvRJ5dTcXcnbIc5JNh6PW9UXnHc2Pu8fYEfx8=,tag:z3PVS01IUt/2PLVEhZuYqA==,type:str]",
 	"router_web3_signer_private_key": "ENC[AES256_GCM,data:FAhI5hUlOE9as4/tdFrI07B+MC1YvyZWn1kW5K/16+eYUWc4RhAORmWaE0gRWvoufRVt/ORHRErK8Rh09WNIDYWE,iv:DIwSCl0PeAPUEe94MI2og9x/FvFxKZKAw2VDVWkrDqw=,tag:/L09atM1jSssXig+Ar6CUA==,type:str]",
 	"sequencer_web3_signer_private_key": "ENC[AES256_GCM,data:Pr/XG1/mYaEUjnYS93u//07l0BQhm5rYRPoora0ueLxA4i6azJcyGYDwYUR+k27vz0SkrCwwO1D+LsxUWuC5lW3D,iv:zbrZb89ONwyL0w0fCs4N58QMuK8Y4kAXE3CwpW7nxuo=,tag:Zrbtz+RfBr6vKpnIwmenFQ==,type:str]",
 	"rmq_mgt_password": "ENC[AES256_GCM,data:7Vd3omH0cn3ucGGxmX2G,iv:iODSARAiWiJmhAc4XxsQjtj4mXmWOXYyFGX7if52zWY=,tag:qwQzyHgf6aKzXGV1Khew1g==,type:str]",
 	"dd_api_key": "ENC[AES256_GCM,data:nxtkHnCTowSHV2Tykj/ZUgLTqo5b75BnFwFAKQwJgFc=,iv:+50W3/jCdUTdvytBMaCd4zTQ1Yj9/4B/r4scCnSG9GM=,tag:G/C8wcG7gPBG0d4TC8hHoQ==,type:str]",
-	"gelato_api_key": "ENC[AES256_GCM,data:V6V1pEP6dcVAaIE/0zITEbb4L+45ArJNrAHKeSnKFPRrh+jwhoKR4SL/bOE=,iv:JZF3p5R834ah+a4gjiPhX8yG4ejDKlgFlqWn7sUgb4w=,tag:aI+RW007Bgl6+Ire92G8DQ==,type:str]",
+	"gelato_api_key": "ENC[AES256_GCM,data:8i+pK7EdyJBD25ly8N5gmNAZP/t7pOtq/bftTooZScZJ9CfPs76b5HGiCL4=,iv:GTbSZR9jwfkC/5e44qDeQaw708hiPsE4BbWz7GOv62M=,tag:IB68U48ZaPXm80GuP6T2Hg==,type:str]",
 	"postgres_password": "ENC[AES256_GCM,data:T5qV9VwiICMS7DxYOyTN,iv:7C9qKO7gE8RDF+F8QvXzUKr7/odpQl2Pl0PaEvE41Yc=,tag:WLVdJBudoSfR7mt7KQ38vw==,type:str]",
 	"discord_webhook_key": "ENC[AES256_GCM,data:dapCWM7pfnOyapCFKegHj5dPBftlOjHD3QCgAaERsXiRIsTSSpT5MqOLuMJ5r/Zq7ez8JzJO536Y1QftbMZVz+NWFGOmJRqszvE9xFFjnirRLQTlVJUXNQ==,iv:CAbEIRTxkaf51G5SSmlrJcawqws7GdFiqEw46EHvBes=,tag:/TssqwqPjkHW0q2lAqKi4g==,type:str]",
 	"telegram_api_key": "ENC[AES256_GCM,data:k4eMYvbGI27VrUDkK6oeFjeuLbRPg+9YrxfeAJJ92fbiD/HRC/1Sz//gOBkSrQ==,iv:4lYSd8V+itGRM/BRCtYaOmV8zGE3kYW35dTkQ9ijp3A=,tag:Hs8TY3QqO9+uklnxJCnvsA==,type:str]",
@@ -22,8 +20,6 @@
 	"betteruptime_api_key": "ENC[AES256_GCM,data:xJ/0QQozmfVedcNK2ZDmgjyVWQ+HDT1b,iv:wa4oOgvLeHi8C0X6vNIhhQuqDS8r1R9wRPMxWhKTscg=,tag:7BdsxpKjtoByUv/LTslDMQ==,type:str]",
 	"relayer_web3_signer_private_key": "ENC[AES256_GCM,data:wRSzd7JmCfXc6925dQjqyjXEIi2yACitVxKAdtNoK1vmties3LZ/7VQgHSngfneLmFDpbV43A5buU4wVnAFkTwMC,iv:OwPp02yQr3WCMGCp5fK0ksWXg8U6YmATapH529lDurA=,tag:gLg2gmT5G91325oug/nkvA==,type:str]",
 	"watcher_web3_signer_private_key": "ENC[AES256_GCM,data:g/8wZFvwuZeCq8pnnhNVt/UTNe5Fcnf2of7Ts8yEvRwR8AgVT5sR1GIpB1XrTqsHqSN8XOOyurLvwJXyFGkpUGMY,iv:9Qbxq6FJMbJIy9BAW2pA7GRq/nq1+YCVi+v90b0+/84=,tag:xD1AuxLPSEONP5gvfTOHJQ==,type:str]",
-	"linea_node": "ENC[AES256_GCM,data:P0vDWrBM+SlPbtSzdC/hRcjz4ClurVRGTIU=,iv:KAMr1IRv2mvEeXNgu7qT0wL2wDLy/rUpNXeW1pomJBw=,tag:REAj5TpcoHD4I7dS1VVjaw==,type:str]",
-	"optgoerli_alchemy_key_for_lh": "ENC[AES256_GCM,data:rSFyCLjXeBX9eXuxCA9eZ+eXaISmCFDZwzx/LlFyWoM=,iv:AFnmspH6VWoGhzZnFebVrcQscjhkXledbPAuCGRWy4k=,tag:vWssSwP3R1ye/ja1WKHhCw==,type:str]",
 	"sops": {
 		"kms": [
 			{
@@ -37,8 +33,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2023-10-12T18:10:24Z",
-		"mac": "ENC[AES256_GCM,data:YcLs2iBxe1D1GQb15vcy2k2LKy4gTxEYGIwxpfILIvbZApygBwqFx7sTSAdRd2fmS4BqT+mO7zqPbGCqINv+QH/bQB0KUXaQSks+2oe0G/Rs8UOq9XWi6SU15+JJY6OqQ1qoSqALyQ87ME2OZcbgMdjDRj70lT6+3zd8xV2Xoo8=,iv:cBTNs+hFCarWz9A/QJO2IFAh06E9ktTOAt/TEm4MLRc=,tag:MwrRlxqR1kOPcNHCW3T/aw==,type:str]",
+		"lastmodified": "2023-01-30T09:37:19Z",
+		"mac": "ENC[AES256_GCM,data:0gMMVf7AmF1bXwqNBcs4AprVXQ0WH8dXWN5/7Bjfvj93bwdkfpxtKmguMqMLZGPb9RvqB9KssfbuwDdwNNn4XBEoBEyhhdc+JTLEuuzUAhherK4ADrpCiNaF/qRxoKLLbxXOAiOjB47nbjajY+3Jm6MInsyPX3DPccJBxsANeqc=,iv:rl4OAIqMMHJLzIqlVO+drHcWbLRgxiBErcmczHcUIgg=,tag:0RET/h14fJ9hwV8sNmXKcg==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.7.3"
diff --git a/ops/infra/.terraform-version b/ops/infra/.terraform-version
index f5a0d9d92b..f01291b87f 100644
--- a/ops/infra/.terraform-version
+++ b/ops/infra/.terraform-version
@@ -1 +1 @@
-1.5.7
\ No newline at end of file
+1.5.7
diff --git a/ops/infra/outputs.tf b/ops/infra/outputs.tf
index e7eeb0640d..8551ae7f29 100644
--- a/ops/infra/outputs.tf
+++ b/ops/infra/outputs.tf
@@ -1,4 +1,7 @@
-
 output "ecr_admin_role" {
   value = module.iam.execution_role_arn
 }
+
+output "vpc_flow_logs_role" {
+  value = module.iam.vpc_flow_logs_role_arn
+}
diff --git a/ops/mainnet/prod/backend/.terraform-version b/ops/mainnet/prod/backend/.terraform-version
index f5a0d9d92b..f01291b87f 100644
--- a/ops/mainnet/prod/backend/.terraform-version
+++ b/ops/mainnet/prod/backend/.terraform-version
@@ -1 +1 @@
-1.5.7
\ No newline at end of file
+1.5.7
diff --git a/ops/mainnet/prod/backend/main.tf b/ops/mainnet/prod/backend/main.tf
index 4f9f4abb8d..de202329b3 100755
--- a/ops/mainnet/prod/backend/main.tf
+++ b/ops/mainnet/prod/backend/main.tf
@@ -121,7 +121,6 @@ module "postgrest" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = "postgrest/postgrest:v10.0.0.20221011"
@@ -150,7 +149,6 @@ module "sdk-server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_sdk_server
@@ -304,7 +302,4 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
diff --git a/ops/mainnet/prod/core/.terraform-version b/ops/mainnet/prod/core/.terraform-version
index f5a0d9d92b..f01291b87f 100644
--- a/ops/mainnet/prod/core/.terraform-version
+++ b/ops/mainnet/prod/core/.terraform-version
@@ -1 +1 @@
-1.5.7
\ No newline at end of file
+1.5.7
diff --git a/ops/mainnet/prod/core/config.tf b/ops/mainnet/prod/core/config.tf
index 02a4dd1fa7..bcc77423cb 100644
--- a/ops/mainnet/prod/core/config.tf
+++ b/ops/mainnet/prod/core/config.tf
@@ -337,7 +337,6 @@ locals {
       processor        = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_processor_heartbeat}"
       propagate        = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_propagate_heartbeat}"
       sendOutboundRoot = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_send_outbound_root_heartbeat}"
-      propose          = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_propose_heartbeat}"
     }
     hubDomain = "6648936"
     proverBatchSize = {
diff --git a/ops/mainnet/prod/core/main.tf b/ops/mainnet/prod/core/main.tf
index 09d5186f51..ce96035080 100755
--- a/ops/mainnet/prod/core/main.tf
+++ b/ops/mainnet/prod/core/main.tf
@@ -34,7 +34,6 @@ module "router_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_subscriber
@@ -64,7 +63,6 @@ module "router_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_publisher
@@ -94,7 +92,6 @@ module "router_executor" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_executor
@@ -124,8 +121,7 @@ module "router_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "router-web3signer"
   health_check_path        = "/upcheck"
@@ -167,7 +163,6 @@ module "sequencer_server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_server
   container_family         = "sequencer"
@@ -196,7 +191,6 @@ module "sequencer_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_publisher
   container_family         = "sequencer-publisher"
@@ -236,7 +230,6 @@ module "sequencer_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_sequencer_subscriber
@@ -278,8 +271,7 @@ module "sequencer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "sequencer-web3signer"
   health_check_path        = "/upcheck"
@@ -311,7 +303,7 @@ module "lighthouse_prover_cron" {
   timeout                = 300
   memory_size            = 10240
   lambda_in_vpc          = true
-  private_subnets        = module.network.private_subnets
+  subnet_ids             = module.network.private_subnets
   lambda_security_groups = flatten([module.network.allow_all_sg, module.network.ecs_task_sg])
 
 }
@@ -327,7 +319,6 @@ module "lighthouse_prover_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_lighthouse_prover_subscriber
@@ -395,19 +386,6 @@ module "lighthouse_sendoutboundroot_cron" {
   memory_size         = 2048
 }
 
-module "lighthouse_propose_cron" {
-  source              = "../../../modules/lambda"
-  ecr_repository_name = "nxtp-lighthouse"
-  docker_image_tag    = var.lighthouse_image_tag
-  container_family    = "lighthouse-propose"
-  environment         = var.environment
-  stage               = var.stage
-  container_env_vars  = merge(local.lighthouse_env_vars, { LIGHTHOUSE_SERVICE = "propose" })
-  schedule_expression = "rate(30 minutes)"
-  memory_size         = 512
-}
-
-
 
 module "relayer" {
   source                   = "../../../modules/service"
@@ -420,7 +398,6 @@ module "relayer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_relayer
   container_family         = "relayer"
@@ -450,8 +427,7 @@ module "relayer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "relayer-web3signer"
   health_check_path        = "/upcheck"
@@ -480,7 +456,6 @@ module "watcher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_watcher
   container_family         = "watcher"
@@ -510,8 +485,7 @@ module "watcher_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "watcher-web3signer"
   health_check_path        = "/upcheck"
@@ -555,9 +529,6 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
 
 module "sequencer_cache" {
@@ -606,3 +577,8 @@ module "lighthouse_cache" {
   cache_subnet_group_subnet_ids = module.network.public_subnets
   node_type                     = "cache.r4.large"
 }
+
+module "ecr-lcp" {
+  source           = "../../../modules/ecr-lcp"
+  repository_names = ["nxtp-cartographer", "nxtp-lighthouse", "postgrest"]
+}
diff --git a/ops/mainnet/prod/core/variables.tf b/ops/mainnet/prod/core/variables.tf
index c660be6e4b..0f5b042619 100755
--- a/ops/mainnet/prod/core/variables.tf
+++ b/ops/mainnet/prod/core/variables.tf
@@ -188,10 +188,6 @@ variable "lighthouse_send_outbound_root_heartbeat" {
   type = string
 }
 
-variable "lighthouse_propose_heartbeat" {
-  type = string
-}
-
 variable "full_image_name_relayer" {
   type        = string
   description = "relayer image name"
diff --git a/ops/modules/ecr-lcp/main.tf b/ops/modules/ecr-lcp/main.tf
new file mode 100644
index 0000000000..eee1523c9c
--- /dev/null
+++ b/ops/modules/ecr-lcp/main.tf
@@ -0,0 +1,77 @@
+resource "aws_ecr_lifecycle_policy" "remove_old_images" {
+  for_each   = toset(var.repository_names)
+  repository = each.value
+
+  policy = <<EOF
+{
+    "rules": [
+        {
+            "rulePriority": 1,
+            "description": "Expire main images that are not the last 50",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["main-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 50
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 2,
+            "description": "Expire staging images that are not the last 20",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["staging-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 20
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 3,
+            "description": "Expire testnet-prod images that are not the last 10",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["testnet-prod-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 10
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 4,
+            "description": "Expire prod images that are not the last 5",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["prod-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 5
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 6,
+            "description": "Expire images older than 60 days",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["main-", "staging-", "testnet-prod", "prod-"],
+                "countType": "sinceImagePushed",
+                "countUnit": "days",
+                "countNumber": 180
+            },
+            "action": {
+                "type": "expire"
+            }
+        }
+    ]
+}
+EOF
+}
diff --git a/ops/modules/ecr-lcp/variables.tf b/ops/modules/ecr-lcp/variables.tf
new file mode 100644
index 0000000000..548f62d059
--- /dev/null
+++ b/ops/modules/ecr-lcp/variables.tf
@@ -0,0 +1,4 @@
+variable "repository_names" {
+  description = "ECR repository names"
+  type        = list(string)
+}
diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf
index 11fc928801..79ef3cb043 100644
--- a/ops/modules/ecr/main.tf
+++ b/ops/modules/ecr/main.tf
@@ -3,32 +3,6 @@ resource "aws_ecr_repository" "name" {
   name     = each.value
 }
 
-resource "aws_ecr_lifecycle_policy" "remove_old_images" {
-  for_each   = aws_ecr_repository.name
-  repository = each.value.name
-
-  policy = <<EOF
-{
-    "rules": [
-        {
-            "rulePriority": 1,
-            "description": "Expire images older than 20 days",
-            "selection": {
-                "tagStatus": "any",
-                "countType": "sinceImagePushed",
-                "countUnit": "days",
-                "countNumber": 20
-            },
-            "action": {
-                "type": "expire"
-            }
-        }
-    ]
-}
-EOF
-}
-
-
 resource "aws_ecr_replication_configuration" "this" {
   replication_configuration {
 
diff --git a/ops/modules/ecs/variables.tf b/ops/modules/ecs/variables.tf
index 314f5b1417..072313a89b 100755
--- a/ops/modules/ecs/variables.tf
+++ b/ops/modules/ecs/variables.tf
@@ -1,16 +1,6 @@
 variable "ecs_cluster_name_prefix" {
 }
 
-variable "private_subnets" {
-  type = list(string)
-}
-
-variable "public_subnets" {
-  type = list(string)
-}
-
-variable "vpc_id" {}
-
 variable "domain" {
   description = "domain of deployment"
 }
diff --git a/ops/modules/iam/outputs.tf b/ops/modules/iam/outputs.tf
index 21345e30fb..903eb56e64 100755
--- a/ops/modules/iam/outputs.tf
+++ b/ops/modules/iam/outputs.tf
@@ -1,3 +1,7 @@
 output "execution_role_arn" {
   value = aws_iam_role.ecr_admin_role.arn
 }
+
+output "vpc_flow_logs_role_arn" {
+  value = aws_iam_role.vpc_flow_logs_role.arn
+}
diff --git a/ops/modules/iam/vpc.tf b/ops/modules/iam/vpc.tf
new file mode 100644
index 0000000000..622fbf6f42
--- /dev/null
+++ b/ops/modules/iam/vpc.tf
@@ -0,0 +1,39 @@
+data "aws_iam_policy_document" "assume_role_policy_document" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["vpc-flow-logs.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "vpc_flow_logs_role" {
+  name               = "vpc_flow_logs_role"
+  assume_role_policy = data.aws_iam_policy_document.assume_role_policy_document.json
+}
+
+data "aws_iam_policy_document" "aws_logs_policy" {
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:DescribeLogGroups",
+      "logs:DescribeLogStreams",
+    ]
+
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_role_policy" "vpc_flow_logs_policy" {
+  name   = "vpc_flow_logs_policy"
+  role   = aws_iam_role.vpc_flow_logs_role.id
+  policy = data.aws_iam_policy_document.aws_logs_policy.json
+}
diff --git a/ops/modules/lambda/main.tf b/ops/modules/lambda/main.tf
index 359290d2ad..e741c99240 100644
--- a/ops/modules/lambda/main.tf
+++ b/ops/modules/lambda/main.tf
@@ -55,7 +55,7 @@ resource "aws_lambda_function" "executable" {
   dynamic "vpc_config" {
     for_each = var.lambda_in_vpc ? [1] : []
     content {
-      subnet_ids         = var.private_subnets
+      subnet_ids         = var.subnet_ids
       security_group_ids = var.lambda_security_groups
     }
   }
diff --git a/ops/modules/lambda/variables.tf b/ops/modules/lambda/variables.tf
index f155f9f0c3..2ba41c7634 100644
--- a/ops/modules/lambda/variables.tf
+++ b/ops/modules/lambda/variables.tf
@@ -56,12 +56,7 @@ variable "lambda_in_vpc" {
   default     = false
 }
 
-variable "public_subnets" {
-  type    = list(string)
-  default = []
-}
-
-variable "private_subnets" {
+variable "subnet_ids" {
   type    = list(string)
   default = []
 }
diff --git a/ops/modules/networking/main.tf b/ops/modules/networking/main.tf
index 3dfc7ad361..abd6f52b3c 100755
--- a/ops/modules/networking/main.tf
+++ b/ops/modules/networking/main.tf
@@ -1,5 +1,9 @@
 data "aws_availability_zones" "available" {}
 
+data "aws_iam_role" "vpc_flow_logs" {
+  name = "vpc_flow_logs_role"
+}
+
 resource "aws_vpc" "main" {
   cidr_block           = var.cidr_block
   enable_dns_hostnames = true
@@ -117,3 +121,29 @@ resource "aws_security_group" "allow_tls" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
+
+resource "aws_cloudwatch_log_group" "flow_logs_log_group_private_subnets" {
+  count = var.az_count
+  name  = "vpc-flow-logs-${var.environment}-${var.stage}-${var.domain}-private-${count.index}"
+}
+
+resource "aws_cloudwatch_log_group" "flow_logs_log_group_public_subnets" {
+  count = var.az_count
+  name  = "vpc-flow-logs-${var.environment}-${var.stage}-${var.domain}-public-${count.index}"
+}
+
+resource "aws_flow_log" "vpc_flow_logs_private_subnets" {
+  count           = var.az_count
+  iam_role_arn    = data.aws_iam_role.vpc_flow_logs.arn
+  log_destination = aws_cloudwatch_log_group.flow_logs_log_group_private_subnets[count.index].arn
+  traffic_type    = "ALL"
+  subnet_id       = aws_subnet.private[count.index].id
+}
+
+resource "aws_flow_log" "vpc_flow_logs_public_subnets" {
+  count           = var.az_count
+  iam_role_arn    = data.aws_iam_role.vpc_flow_logs.arn
+  log_destination = aws_cloudwatch_log_group.flow_logs_log_group_public_subnets[count.index].arn
+  traffic_type    = "ALL"
+  subnet_id       = aws_subnet.main[count.index].id
+}
diff --git a/ops/modules/service/main.tf b/ops/modules/service/main.tf
index 4a31cb0377..de8272bccf 100755
--- a/ops/modules/service/main.tf
+++ b/ops/modules/service/main.tf
@@ -125,8 +125,9 @@ resource "aws_ecs_service" "service" {
   task_definition = "${aws_ecs_task_definition.service.family}:${max("${aws_ecs_task_definition.service.revision}", "${aws_ecs_task_definition.service.revision}")}"
 
   network_configuration {
-    security_groups = flatten([var.service_security_groups, aws_security_group.lb.id])
-    subnets         = var.private_subnets
+    security_groups  = flatten([var.service_security_groups, aws_security_group.lb.id])
+    subnets          = var.lb_subnets
+    assign_public_ip = var.internal_lb ? false : true
   }
 
   load_balancer {
diff --git a/ops/modules/service/variables.tf b/ops/modules/service/variables.tf
index 2a4486560f..5f7137a8f2 100755
--- a/ops/modules/service/variables.tf
+++ b/ops/modules/service/variables.tf
@@ -2,10 +2,6 @@ variable "execution_role_arn" {}
 variable "cluster_id" {}
 variable "vpc_id" {}
 
-variable "private_subnets" {
-  type = list(string)
-}
-
 variable "lb_subnets" {
   type = list(string)
 }
diff --git a/ops/testnet/prod/backend/.terraform-version b/ops/testnet/prod/backend/.terraform-version
index f5a0d9d92b..f01291b87f 100644
--- a/ops/testnet/prod/backend/.terraform-version
+++ b/ops/testnet/prod/backend/.terraform-version
@@ -1 +1 @@
-1.5.7
\ No newline at end of file
+1.5.7
diff --git a/ops/testnet/prod/backend/config.tf b/ops/testnet/prod/backend/config.tf
index 45d1c410e1..2811cb8d23 100644
--- a/ops/testnet/prod/backend/config.tf
+++ b/ops/testnet/prod/backend/config.tf
@@ -68,8 +68,8 @@ locals {
       "1735353714" = { confirmations = 10 }
       "9991"       = { confirmations = 200 }
       "1734439522" = { confirmations = 1 }
-      "2053862260" = { confirmations = 1 }
-      "1668247156" = { confirmations = 1 }
+      # "2053862260" = { confirmations = 1 }
+      # "1668247156" = { confirmations = 1 }
     }
     environment = var.stage
     healthUrls = {
diff --git a/ops/testnet/prod/backend/main.tf b/ops/testnet/prod/backend/main.tf
index 83802a1e2f..6ad4eff0b8 100755
--- a/ops/testnet/prod/backend/main.tf
+++ b/ops/testnet/prod/backend/main.tf
@@ -123,7 +123,6 @@ module "postgrest" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = "postgrest/postgrest:v10.0.0.20221011"
@@ -152,7 +151,6 @@ module "sdk-server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_sdk_server
@@ -306,7 +304,4 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
diff --git a/ops/testnet/prod/core/.terraform-version b/ops/testnet/prod/core/.terraform-version
index f5a0d9d92b..f01291b87f 100644
--- a/ops/testnet/prod/core/.terraform-version
+++ b/ops/testnet/prod/core/.terraform-version
@@ -1 +1 @@
-1.5.7
\ No newline at end of file
+1.5.7
diff --git a/ops/testnet/prod/core/config.tf b/ops/testnet/prod/core/config.tf
index 09571bcd46..8c220f3263 100644
--- a/ops/testnet/prod/core/config.tf
+++ b/ops/testnet/prod/core/config.tf
@@ -94,12 +94,12 @@ locals {
       "1734439522" = {
         providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}", "https://goerli-rollup.arbitrum.io/rpc"]
       }
-      "1668247156" = {
-        providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "${var.linea_node}"]
-      }
-      "2053862260" = {
-        providers = ["https://testnet.era.zksync.dev"]
-      }
+      # "1668247156" = {
+      #   providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "${var.linea_node}"]
+      # }
+      # "2053862260" = {
+      #   providers = ["https://zksync-era-testnet.blockpi.network/v1/rpc/public", "https://testnet.era.zksync.dev"]
+      # }
     }
     web3SignerUrl = "https://${module.sequencer_web3signer.service_endpoint}"
     relayers = [
@@ -162,18 +162,18 @@ locals {
           queueLimit = 1000000
           subscribe  = true
         },
-        {
-          name       = "1668247156"
-          limit      = 1
-          queueLimit = 1000000
-          subscribe  = true
-        },
-        {
-          name       = "2053862260"
-          limit      = 1
-          queueLimit = 1000000
-          subscribe  = true
-        },
+        # {
+        #   name       = "1668247156"
+        #   limit      = 1
+        #   queueLimit = 1000000
+        #   subscribe  = true
+        # },
+        # {
+        #   name       = "2053862260"
+        #   limit      = 1
+        #   queueLimit = 1000000
+        #   subscribe  = true
+        # },
       ]
       bindings = [
         {
@@ -200,17 +200,17 @@ locals {
           exchange = "sequencerX"
           target   = "1734439522"
           keys     = ["1734439522"]
-        },
-        {
-          exchange = "sequencerX"
-          target   = "1668247156"
-          keys     = ["1668247156"]
-        },
-        {
-          exchange = "sequencerX"
-          target   = "2053862260"
-          keys     = ["2053862260"]
         }
+        # {
+        #   exchange = "sequencerX"
+        #   target   = "1668247156"
+        #   keys     = ["1668247156"]
+        # },
+        # {
+        #   exchange = "sequencerX"
+        #   target   = "2053862260"
+        #   keys     = ["2053862260"]
+        # }
       ]
       executerTimeout = 300000
       prefetch        = 1
@@ -250,12 +250,9 @@ locals {
       "1734439522" = {
         providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}", "https://goerli-rollup.arbitrum.io/rpc"]
       }
-      "1668247156" = {
-        providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "${var.linea_node}"]
-      }
-      "2053862260" = {
-        providers = ["https://testnet.era.zksync.dev"]
-      }
+      # "1668247156" = {
+      #   providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "${var.linea_node}"]
+      # }
     }
     cartographerUrl = "https://postgrest.testnet.connext.ninja"
     web3SignerUrl   = "https://${module.router_web3signer.service_endpoint}"
@@ -284,11 +281,11 @@ locals {
       "1734439522" = {
         providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}"]
       }
-      "1668247156" = {
-        providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "https://rpc.goerli.linea.build", "${var.linea_node}"]
-      }
+      # "1668247156" = {
+      #   providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "https://rpc.goerli.linea.build", "${var.linea_node}"]
+      # }
       "2053862260" = {
-        providers = ["https://testnet.era.zksync.dev"]
+        providers = ["https://zksync-era-testnet.blockpi.network/v1/rpc/public", "https://testnet.era.zksync.dev"]
       }
     }
     gelatoApiKey = "${var.gelato_api_key}"
@@ -316,14 +313,13 @@ locals {
       processor        = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_processor_heartbeat}"
       propagate        = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_propagate_heartbeat}"
       sendOutboundRoot = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_send_outbound_root_heartbeat}"
-      propose          = "https://betteruptime.com/api/v1/heartbeat/${var.lighthouse_propose_heartbeat}"
     }
     hubDomain = "1735353714"
     proverBatchSize = {
-      "1668247156" = 10,
+      # "1668247156" = 10,
       "9991"       = 10,
       "1735353714" = 10,
-      "2053862260" = 10,
+      # "2053862260" = 10,
       "1734439522" = 10,
       "1735356532" = 10
     }
@@ -364,11 +360,11 @@ locals {
       "1734439522" = {
         providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}", "https://goerli-rollup.arbitrum.io/rpc"]
       }
-      "1668247156" = {
-        providers = ["https://rpc.goerli.linea.build/"]
-      }
+      # "1668247156" = {
+      #   providers = ["https://rpc.goerli.linea.build/"]
+      # }
       # "2053862260" = {
-      #  providers = ["https://testnet.era.zksync.dev"]
+      #  providers = ["https://zksync-era-testnet.blockpi.network/v1/rpc/public", "https://testnet.era.zksync.dev"]
       # }
     }
     environment   = var.stage
diff --git a/ops/testnet/prod/core/main.tf b/ops/testnet/prod/core/main.tf
index 41e0203e21..87cae9b330 100755
--- a/ops/testnet/prod/core/main.tf
+++ b/ops/testnet/prod/core/main.tf
@@ -35,7 +35,6 @@ module "router_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_subscriber
@@ -65,7 +64,6 @@ module "router_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_publisher
@@ -95,7 +93,6 @@ module "router_executor" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_executor
@@ -125,8 +122,7 @@ module "router_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "router-web3signer"
   health_check_path        = "/upcheck"
@@ -169,7 +165,6 @@ module "sequencer_server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_server
   container_family         = "sequencer"
@@ -198,7 +193,6 @@ module "sequencer_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_publisher
   container_family         = "sequencer-publisher"
@@ -238,7 +232,6 @@ module "sequencer_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_sequencer_subscriber
@@ -280,8 +273,7 @@ module "sequencer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "sequencer-web3signer"
   health_check_path        = "/upcheck"
@@ -313,9 +305,8 @@ module "lighthouse_prover_cron" {
   timeout                = 300
   memory_size            = 10240
   lambda_in_vpc          = true
-  private_subnets        = module.network.private_subnets
+  subnet_ids             = module.network.private_subnets
   lambda_security_groups = flatten([module.network.allow_all_sg, module.network.ecs_task_sg])
-
 }
 
 module "lighthouse_prover_subscriber" {
@@ -329,7 +320,6 @@ module "lighthouse_prover_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_lighthouse_prover_subscriber
@@ -397,18 +387,6 @@ module "lighthouse_sendoutboundroot_cron" {
   memory_size         = 512
 }
 
-module "lighthouse_propose_cron" {
-  source              = "../../../modules/lambda"
-  ecr_repository_name = "nxtp-lighthouse"
-  docker_image_tag    = var.lighthouse_image_tag
-  container_family    = "lighthouse-propose"
-  environment         = var.environment
-  stage               = var.stage
-  container_env_vars  = merge(local.lighthouse_env_vars, { LIGHTHOUSE_SERVICE = "propose" })
-  schedule_expression = "rate(30 minutes)"
-  memory_size         = 512
-}
-
 
 module "relayer" {
   source                   = "../../../modules/service"
@@ -421,7 +399,6 @@ module "relayer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_relayer
   container_family         = "relayer"
@@ -451,8 +428,7 @@ module "relayer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "relayer-web3signer"
   health_check_path        = "/upcheck"
@@ -495,9 +471,6 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
 
 module "sequencer_cache" {
@@ -546,3 +519,8 @@ module "lighthouse_cache" {
   cache_subnet_group_subnet_ids = module.network.public_subnets
   node_type                     = "cache.r4.large"
 }
+
+module "ecr-lcp" {
+  source           = "../../../modules/ecr-lcp"
+  repository_names = ["nxtp-cartographer", "nxtp-lighthouse", "postgrest"]
+}
diff --git a/ops/testnet/prod/core/variables.tf b/ops/testnet/prod/core/variables.tf
index 1bc668bc5a..a7e2817ec5 100755
--- a/ops/testnet/prod/core/variables.tf
+++ b/ops/testnet/prod/core/variables.tf
@@ -180,10 +180,6 @@ variable "lighthouse_send_outbound_root_heartbeat" {
   type = string
 }
 
-variable "lighthouse_propose_heartbeat" {
-  type = string
-}
-
 variable "full_image_name_relayer" {
   type        = string
   description = "relayer image name"
diff --git a/ops/testnet/staging/backend/.terraform-version b/ops/testnet/staging/backend/.terraform-version
index f5a0d9d92b..f01291b87f 100644
--- a/ops/testnet/staging/backend/.terraform-version
+++ b/ops/testnet/staging/backend/.terraform-version
@@ -1 +1 @@
-1.5.7
\ No newline at end of file
+1.5.7
diff --git a/ops/testnet/staging/backend/config.tf b/ops/testnet/staging/backend/config.tf
index d61c4786fe..c2bd94961b 100644
--- a/ops/testnet/staging/backend/config.tf
+++ b/ops/testnet/staging/backend/config.tf
@@ -61,13 +61,14 @@ locals {
       }
     }
   })
+
   local_cartographer_config = jsonencode({
     logLevel = "debug"
     chains = {
-      "1735356532" = { confirmations = 1 }
-      "1735353714" = { confirmations = 10 }
-      "9991"       = { confirmations = 200 }
-      "1734439522" = { confirmations = 1 }
+      "1735356532" = {}
+      "1735353714" = {}
+      "9991"       = {}
+      "1734439522" = {}
     }
     environment = var.stage
   })
diff --git a/ops/testnet/staging/backend/main.tf b/ops/testnet/staging/backend/main.tf
index 22feae8ed3..b0d78caab4 100755
--- a/ops/testnet/staging/backend/main.tf
+++ b/ops/testnet/staging/backend/main.tf
@@ -22,10 +22,6 @@ data "aws_route53_zone" "primary" {
   zone_id = "Z03634792TWUEHHQ5L0YX"
 }
 
-locals {
-  db_alarm_emails = ["carlo@connext.network", "rahul@proximalabs.io", "preetham@proximalabs.io", "sanchay@proximalabs.io"]
-}
-
 module "cartographer_db" {
   domain                = "cartographer"
   source                = "../../../modules/db"
@@ -66,54 +62,7 @@ module "cartographer-db-alarms" {
   enable_free_storage_space_too_low_alarm = true
   stage                                   = var.stage
   environment                             = var.environment
-  sns_topic_subscription_emails           = local.db_alarm_emails
-}
-
-module "cartographer_db_replica" {
-  domain              = "cartographer"
-  source              = "../../../modules/db-replica"
-  replicate_source_db = module.cartographer_db.db_instance_identifier
-  depends_on          = [module.cartographer_db]
-  replica_identifier  = "rds-postgres-cartographer-replica-${var.environment}-${var.stage}"
-  instance_class      = "db.t4g.2xlarge"
-  allocated_storage   = 150
-
-  name     = module.cartographer_db.db_instance_name
-  username = module.cartographer_db.db_instance_username
-  password = module.cartographer_db.db_instance_password
-  port     = module.cartographer_db.db_instance_port
-
-  engine_version = module.cartographer_db.db_instance_engine_version
-
-  maintenance_window      = module.cartographer_db.db_maintenance_window
-  backup_retention_period = module.cartographer_db.db_backup_retention_period
-  backup_window           = module.cartographer_db.db_backup_window
-
-  tags = {
-    Environment = var.environment
-    Domain      = var.domain
-  }
-
-  parameter_group_name = "default.postgres14"
-
-  hosted_zone_id        = data.aws_route53_zone.primary.zone_id
-  stage                 = var.stage
-  environment           = var.environment
-  db_security_group_ids = module.cartographer_db.db_instance_vpc_security_group_ids
-  db_subnet_group_name  = module.cartographer_db.db_subnet_group_name
-  publicly_accessible   = module.cartographer_db.db_publicly_accessible
-}
-
-module "cartographer-db-replica-alarms" {
-  source                                  = "../../../modules/db-alarms"
-  db_instance_name                        = module.cartographer_db.db_instance_name
-  db_instance_id                          = module.cartographer_db.db_instance_id
-  is_replica                              = true
-  enable_cpu_utilization_alarm            = true
-  enable_free_storage_space_too_low_alarm = true
-  stage                                   = var.stage
-  environment                             = var.environment
-  sns_topic_subscription_emails           = local.db_alarm_emails
+  sns_topic_subscription_emails           = ["carlo@connext.network", "rahul@connext.network"]
 }
 
 module "postgrest" {
@@ -124,9 +73,7 @@ module "postgrest" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
-  internal_lb              = false
   docker_image             = "postgrest/postgrest:v10.0.0.20221011"
   container_family         = "postgrest"
   container_port           = 3000
@@ -153,9 +100,7 @@ module "sdk-server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
-  internal_lb              = false
   docker_image             = var.full_image_name_sdk_server
   container_family         = "sdk-server"
   health_check_path        = "/ping"
@@ -305,7 +250,4 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
diff --git a/ops/testnet/staging/core/.terraform-version b/ops/testnet/staging/core/.terraform-version
index f5a0d9d92b..f01291b87f 100644
--- a/ops/testnet/staging/core/.terraform-version
+++ b/ops/testnet/staging/core/.terraform-version
@@ -1 +1 @@
-1.5.7
\ No newline at end of file
+1.5.7
diff --git a/ops/testnet/staging/core/config.tf b/ops/testnet/staging/core/config.tf
index 90336f7b66..c5f844ae3e 100644
--- a/ops/testnet/staging/core/config.tf
+++ b/ops/testnet/staging/core/config.tf
@@ -104,12 +104,9 @@ locals {
       "1734439522" = {
         providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}", "https://goerli-rollup.arbitrum.io/rpc"]
       }
-      # "1668247156" = {
-      #   providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "${var.linea_node}"]
-      # }
-      # "2053862260" = {
-      #   providers = ["https://testnet.era.zksync.dev"]
-      # }
+      "2053862260" = {
+        providers = ["https://zksync2-testnet.zksync.dev"]
+      }
     }
     web3SignerUrl = "https://${module.sequencer_web3signer.service_endpoint}"
     relayers = [
@@ -145,45 +142,39 @@ locals {
         {
           name       = "http"
           limit      = 100
-          queueLimit = 1000000
+          queueLimit = 100000
           subscribe  = true
         },
         {
-          name       = "1735356532"
+          name       = "1735353714"
           limit      = 1
-          queueLimit = 1000000
+          queueLimit = 100000
           subscribe  = true
         },
         {
-          name       = "1735353714"
+          name       = "1735356532"
           limit      = 1
-          queueLimit = 1000000
+          queueLimit = 100000
           subscribe  = true
         },
         {
           name       = "9991"
           limit      = 1
-          queueLimit = 1000000
+          queueLimit = 100000
+          subscribe  = true
+        },
+        {
+          name       = "2053862260"
+          limit      = 1
+          queueLimit = 100000
           subscribe  = true
         },
         {
           name       = "1734439522"
           limit      = 1
-          queueLimit = 1000000
+          queueLimit = 100000
           subscribe  = true
         },
-        # {
-        #   name       = "1668247156"
-        #   limit      = 1
-        #   queueLimit = 1000000
-        #   subscribe  = true
-        # },
-        # {
-        #   name       = "2053862260"
-        #   limit      = 1
-        #   queueLimit = 1000000
-        #   subscribe  = true
-        # },
       ]
       bindings = [
         {
@@ -193,37 +184,31 @@ locals {
         },
         {
           exchange = "sequencerX"
-          target   = "1735356532"
-          keys     = ["1735356532"]
+          target   = "1735353714"
+          keys     = ["1735353714"]
         },
         {
           exchange = "sequencerX"
-          target   = "1735353714"
-          keys     = ["1735353714"]
+          target   = "1735356532"
+          keys     = ["1735356532"]
         },
         {
           exchange = "sequencerX"
           target   = "9991"
           keys     = ["9991"]
         },
+        {
+          exchange = "sequencerX"
+          target   = "2053862260"
+          keys     = ["2053862260"]
+        },
         {
           exchange = "sequencerX"
           target   = "1734439522"
           keys     = ["1734439522"]
-        },
-        # {
-        #   exchange = "sequencerX"
-        #   target   = "1668247156"
-        #   keys     = ["1668247156"]
-        # },
-        # {
-        #   exchange = "sequencerX"
-        #   target   = "2053862260"
-        #   keys     = ["2053862260"]
-        # }
+        }
       ]
       executerTimeout = 300000
-      prefetch        = 1
       publisher       = "sequencerX"
     }
   })
@@ -232,7 +217,7 @@ locals {
     redis = {
       host = module.router_cache.redis_instance_address,
       port = module.router_cache.redis_instance_port
-    }
+    },
     logLevel     = "debug"
     sequencerUrl = "https://${module.sequencer_server.service_endpoint}"
     server = {
@@ -260,12 +245,9 @@ locals {
       "1734439522" = {
         providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}", "https://goerli-rollup.arbitrum.io/rpc"]
       }
-      # "1668247156" = {
-      #   providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "${var.linea_node}"]
-      # }
-      # "2053862260" = {
-      #   providers = ["https://testnet.era.zksync.dev"]
-      # }
+      "2053862260" = {
+        providers = ["https://zksync2-testnet.zksync.dev"]
+      }
     }
     cartographerUrl = "https://postgrest.testnet.staging.connext.ninja"
     web3SignerUrl   = "https://${module.router_web3signer.service_endpoint}"
@@ -283,32 +265,22 @@ locals {
     logLevel = "debug"
     chains = {
       "1735356532" = {
-        providers = ["https://opt-goerli.g.alchemy.com/v2/${var.optgoerli_alchemy_key_for_lh}"]
+        providers = ["https://optimism-goerli.blastapi.io/${var.blast_key}", "https://goerli.optimism.io"]
       }
       "1735353714" = {
-        providers = ["https://eth-goerli.g.alchemy.com/v2/${var.goerli_alchemy_key_0}"]
+        providers = ["https://eth-goerli.blastapi.io/${var.blast_key}", "https://rpc.ankr.com/eth_goerli"]
       }
       "9991" = {
-        providers = ["https://polygon-mumbai.g.alchemy.com/v2/${var.mumbai_alchemy_key_0}"]
+        providers = ["https://rpc.ankr.com/polygon_mumbai", "https://polygon-testnet.blastapi.io/${var.blast_key}"]
       }
       "1734439522" = {
-        providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}"]
+        providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}", "https://goerli-rollup.arbitrum.io/rpc"]
+      }
+      "2053862260" = {
+        providers = ["https://zksync2-testnet.zksync.dev"]
       }
-      # "1668247156" = {
-      #   providers = ["https://linea-goerli.infura.io/v3/${var.infura_key}", "https://rpc.goerli.linea.build", "${var.linea_node}"]
-      # }
-      # "2053862260" = {
-      #   providers = ["https://testnet.era.zksync.dev"]
-      # }
     }
     gelatoApiKey = "${var.gelato_api_key}"
-    environment  = var.stage
-    database = {
-      url = local.read_replica_db_url
-    }
-    databaseWriter = {
-      url = local.default_db_url
-    }
     relayers = [
       {
         type   = "Gelato",
@@ -321,28 +293,15 @@ locals {
         url    = "https://${module.relayer.service_endpoint}"
       }
     ]
-    hubDomain = "1735353714"
-    proverBatchSize = {
-      "1668247156" = 10,
-      "9991"       = 10,
-      "1735353714" = 10,
-      "2053862260" = 10,
-      "1734439522" = 10,
-      "1735356532" = 10
+    environment = var.stage
+    database = {
+      url = local.read_replica_db_url
     }
-    messageQueue = {
-      connection = {
-        uri = "amqps://${var.rmq_mgt_user}:${var.rmq_mgt_password}@${module.centralised_message_queue.aws_mq_amqp_endpoint}"
-      }
-      exchange = {
-        name           = "proverX"
-        type           = "direct"
-        publishTimeout = 1000
-        persistent     = true
-        durable        = true
-      }
-      prefetchSize = 1
+    databaseWriter = {
+      url = local.default_db_url
     }
+    main            = "1735353714"
+    proverBatchSize = 1
   })
 
   local_relayer_config = jsonencode({
@@ -367,12 +326,9 @@ locals {
       "1734439522" = {
         providers = ["https://arb-goerli.g.alchemy.com/v2/${var.arbgoerli_alchemy_key_0}", "https://goerli-rollup.arbitrum.io/rpc"]
       }
-      # "1668247156" = {
-      #   providers = ["https://rpc.goerli.linea.build/"]
-      # }
-      # "2053862260" = {
-      #  providers = ["https://testnet.era.zksync.dev"]
-      # }
+      "2053862260" = {
+        providers = ["https://zksync2-testnet.zksync.dev"]
+      }
     }
     environment   = var.stage
     web3SignerUrl = "https://${module.relayer_web3signer.service_endpoint}"
diff --git a/ops/testnet/staging/core/main.tf b/ops/testnet/staging/core/main.tf
index 7c771c8b70..7b407983e3 100755
--- a/ops/testnet/staging/core/main.tf
+++ b/ops/testnet/staging/core/main.tf
@@ -10,7 +10,6 @@ provider "aws" {
   region = var.region
 }
 
-
 # Fetch AZs in the current region
 data "aws_availability_zones" "available" {}
 
@@ -18,12 +17,10 @@ data "aws_iam_role" "ecr_admin_role" {
   name = "erc_admin_role"
 }
 
-
 data "aws_route53_zone" "primary" {
   zone_id = "Z03634792TWUEHHQ5L0YX"
 }
 
-
 module "router_subscriber" {
   source                   = "../../../modules/service"
   stage                    = var.stage
@@ -35,7 +32,6 @@ module "router_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_subscriber
@@ -65,7 +61,6 @@ module "router_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_publisher
@@ -95,7 +90,6 @@ module "router_executor" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_executor
@@ -125,8 +119,7 @@ module "router_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "router-web3signer"
   health_check_path        = "/upcheck"
@@ -170,7 +163,6 @@ module "sequencer_server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_server
   container_family         = "sequencer-server"
@@ -199,7 +191,6 @@ module "sequencer_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_publisher
   container_family         = "sequencer-publisher"
@@ -239,7 +230,6 @@ module "sequencer_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_sequencer_subscriber
@@ -247,9 +237,9 @@ module "sequencer_subscriber" {
   health_check_path        = "/ping"
   container_port           = 8083
   loadbalancer_port        = 80
-  cpu                      = 256
-  memory                   = 1024
-  instance_count           = 5
+  cpu                      = 2048
+  memory                   = 4096
+  instance_count           = 3
   timeout                  = 180
   ingress_cdir_blocks      = ["0.0.0.0/0"]
   ingress_ipv6_cdir_blocks = []
@@ -265,11 +255,10 @@ module "sequencer_subscriber_auto_scaling" {
   domain           = var.domain
   ecs_service_name = module.sequencer_subscriber.service_name
   ecs_cluster_name = module.ecs.ecs_cluster_name
-  min_capacity     = 5 
-  max_capacity     = 5 
+  min_capacity     = 3
+  max_capacity     = 10
 }
 
-
 module "sequencer_web3signer" {
   source                   = "../../../modules/service"
   stage                    = var.stage
@@ -281,8 +270,7 @@ module "sequencer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "sequencer-web3signer"
   health_check_path        = "/upcheck"
@@ -301,22 +289,21 @@ module "sequencer_web3signer" {
 }
 
 module "lighthouse_prover_cron" {
-  source              = "../../../modules/lambda"
-  ecr_repository_name = "nxtp-lighthouse"
-  docker_image_tag    = var.lighthouse_image_tag
-  container_family    = "lighthouse-prover"
-  environment         = var.environment
-  stage               = var.stage
-  container_env_vars = merge(local.lighthouse_env_vars, {
-    LIGHTHOUSE_SERVICE = "prover-pub"
+  source                 = "../../../modules/lambda"
+  ecr_repository_name    = "nxtp-lighthouse"
+  docker_image_tag       = var.lighthouse_image_tag
+  container_family       = "lighthouse-prover"
+  environment            = var.environment
+  stage                  = var.stage
+  container_env_vars     = merge(local.lighthouse_env_vars, { 
+    LIGHTHOUSE_SERVICE = "prover-pub" 
   })
-  schedule_expression    = "rate(5 minutes)"
+  schedule_expression    = "rate(30 minutes)"
   timeout                = 300
-  memory_size            = 10240
+  memory_size            = 512
   lambda_in_vpc          = true
-  private_subnets        = module.network.private_subnets
+  subnet_ids             = module.network.private_subnets
   lambda_security_groups = flatten([module.network.allow_all_sg, module.network.ecs_task_sg])
-
 }
 
 module "lighthouse_prover_subscriber" {
@@ -330,7 +317,6 @@ module "lighthouse_prover_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_lighthouse_prover_subscriber
@@ -348,17 +334,16 @@ module "lighthouse_prover_subscriber" {
   cert_arn                 = var.certificate_arn_testnet
   container_env_vars       = concat(local.lighthouse_prover_subscriber_env_vars, [{ name = "LIGHTHOUSE_SERVICE", value = "prover-sub" }])
 }
+
 module "lighthouse_prover_subscriber_auto_scaling" {
-  source                     = "../../../modules/auto-scaling"
-  stage                      = var.stage
-  environment                = var.environment
-  domain                     = var.domain
-  ecs_service_name           = module.lighthouse_prover_subscriber.service_name
-  ecs_cluster_name           = module.ecs.ecs_cluster_name
-  min_capacity               = 2 
-  max_capacity               = 5 
-  avg_cpu_utilization_target = 10
-  avg_mem_utilization_target = 15
+  source           = "../../../modules/auto-scaling"
+  stage            = var.stage
+  environment      = var.environment
+  domain           = var.domain
+  ecs_service_name = module.lighthouse_prover_subscriber.service_name
+  ecs_cluster_name = module.ecs.ecs_cluster_name
+  min_capacity     = 10
+  max_capacity     = 300
 }
 
 module "lighthouse_process_from_root_cron" {
@@ -382,8 +367,8 @@ module "lighthouse_propagate_cron" {
   environment         = var.environment
   stage               = var.stage
   container_env_vars  = merge(local.lighthouse_env_vars, { LIGHTHOUSE_SERVICE = "propagate" })
-  memory_size         = 2048
   schedule_expression = "rate(30 minutes)"
+  memory_size         = 1024
 }
 
 module "lighthouse_sendoutboundroot_cron" {
@@ -398,19 +383,6 @@ module "lighthouse_sendoutboundroot_cron" {
   memory_size         = 512
 }
 
-module "lighthouse_propose_cron" {
-  source              = "../../../modules/lambda"
-  ecr_repository_name = "nxtp-lighthouse"
-  docker_image_tag    = var.lighthouse_image_tag
-  container_family    = "lighthouse-propose"
-  environment         = var.environment
-  stage               = var.stage
-  container_env_vars  = merge(local.lighthouse_env_vars, { LIGHTHOUSE_SERVICE = "propose" })
-  schedule_expression = "rate(30 minutes)"
-  memory_size         = 512
-}
-
-
 module "relayer" {
   source                   = "../../../modules/service"
   stage                    = var.stage
@@ -422,7 +394,6 @@ module "relayer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_relayer
   container_family         = "relayer"
@@ -452,8 +423,7 @@ module "relayer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "relayer-web3signer"
   health_check_path        = "/upcheck"
@@ -482,7 +452,6 @@ module "watcher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_watcher
   container_family         = "watcher"
@@ -512,8 +481,7 @@ module "watcher_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "watcher-web3signer"
   health_check_path        = "/upcheck"
@@ -556,9 +524,6 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
 
 module "sequencer_cache" {
@@ -603,3 +568,9 @@ module "lighthouse_cache" {
   vpc_id                        = module.network.vpc_id
   cache_subnet_group_subnet_ids = module.network.public_subnets
 }
+
+
+module "ecr-lcp" {
+  source           = "../../../modules/ecr-lcp"
+  repository_names = ["nxtp-cartographer", "nxtp-lighthouse", "postgrest"]
+}
diff --git a/ops/testnet/staging/core/outputs.tf b/ops/testnet/staging/core/outputs.tf
index b545d3cdf4..985d10614d 100755
--- a/ops/testnet/staging/core/outputs.tf
+++ b/ops/testnet/staging/core/outputs.tf
@@ -16,6 +16,19 @@ output "router-publisher-dns" {
   value = module.router_publisher.dns_name
 }
 
+output "lighthouse-prover-service-name" {
+  value = module.lighthouse_prover_cron.lambda_cron_service_name
+}
+
+output "lighthouse-process-from-root-service-name" {
+  value = module.lighthouse_process_from_root_cron.lambda_cron_service_name
+}
+
+output "lighthouse-propagate-service-name" {
+  value = module.lighthouse_propagate_cron.lambda_cron_service_name
+}
+
+
 output "sequencer-server-service-endpoint" {
   value = module.sequencer_server.service_endpoint
 }
@@ -32,26 +45,10 @@ output "router-publisher-service-endpoint" {
   value = module.router_publisher.service_endpoint
 }
 
-output "router-executor-service-endpoint" {
-  value = module.router_executor.service_endpoint
-}
-
 output "router-subscriber-service-endpoint" {
   value = module.router_subscriber.service_endpoint
 }
 
-output "lighthouse-prover-service-name" {
-  value = module.lighthouse_prover_cron.lambda_cron_service_name
-}
-
-output "lighthouse-process-from-root-service-name" {
-  value = module.lighthouse_process_from_root_cron.lambda_cron_service_name
-}
-
-output "lighthouse-propagate-service-name" {
-  value = module.lighthouse_propagate_cron.lambda_cron_service_name
-}
-
 output "relayer-service-endpoint" {
   value = module.relayer.service_endpoint
 }
diff --git a/ops/testnet/staging/core/variables.tf b/ops/testnet/staging/core/variables.tf
index 41af61a6c9..615a6222a7 100755
--- a/ops/testnet/staging/core/variables.tf
+++ b/ops/testnet/staging/core/variables.tf
@@ -37,15 +37,9 @@ variable "full_image_name_router_subscriber" {
   default     = "ghcr.io/connext/router-subscriber:sha-b5bb49a"
 }
 
-variable "full_image_name_router_executor" {
-  type        = string
-  description = "router executor image name"
-  default     = "ghcr.io/connext/router-executor:sha-b5bb49a"
-}
-
 variable "full_image_name_lighthouse_prover_subscriber" {
   type        = string
-  description = "lighthouse subscriber image name"
+  description = "router image name"
   default     = "ghcr.io/connext/lighthouse-subscriber:sha-b5bb49a"
 }
 
@@ -67,6 +61,12 @@ variable "full_image_name_sequencer_subscriber" {
   default     = "ghcr.io/connext/sequencer-subscriber:sha-b5bb49a"
 }
 
+variable "full_image_name_router_executor" {
+  type        = string
+  description = "executor image name"
+  default     = "ghcr.io/connext/router-executor:sha-7855c40"
+}
+
 variable "full_image_name_relayer" {
   type        = string
   description = "relayer image name"
@@ -108,7 +108,6 @@ variable "rmq_mgt_user" {
 }
 
 
-
 variable "certificate_arn_testnet" {
   default = "arn:aws:acm:us-east-1:679752396206:certificate/45908dc4-137b-4366-8538-4f59ee6a914e"
 }
@@ -125,14 +124,6 @@ variable "optgoerli_alchemy_key_0" {
   type = string
 }
 
-variable "optgoerli_alchemy_key_for_lh" {
-  type = string
-}
-
-variable "mumbai_alchemy_key_0" {
-  type = string
-}
-
 variable "optgoerli_alchemy_key_1" {
   type = string
 }
@@ -149,7 +140,7 @@ variable "blast_key" {
   type = string
 }
 
-variable "infura_key" {
+variable "dd_api_key" {
   type = string
 }
 
@@ -161,10 +152,6 @@ variable "sequencer_web3_signer_private_key" {
   type = string
 }
 
-variable "dd_api_key" {
-  type = string
-}
-
 variable "gelato_api_key" {
   type = string
 }
@@ -187,9 +174,6 @@ variable "admin_token_relayer" {
   default = "blahblah"
 }
 
-variable "linea_node" {
-  type = string
-}
 variable "watcher_web3_signer_private_key" {
   type = string
 }
@@ -216,5 +200,5 @@ variable "betteruptime_api_key" {
 
 variable "betteruptime_requester_email" {
   type    = string
-  default = "layne@proximalabs.io"
+  default = "layne@connext.network"
 }