diff --git a/.gitignore b/.gitignore
index f4e8521..78114dc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,8 @@
 *.tfvars
 openshift_pull_secret.json
 .terraform.lock.hcl
+*.pem
+installer-files/**
 
 # OS X files
 .DS_Store
\ No newline at end of file
diff --git a/README.md b/README.md
index 8570140..04def0d 100644
--- a/README.md
+++ b/README.md
@@ -30,17 +30,6 @@ This project uses mainly Terraform as infrastructure management and installation
    git --version
    ```
 
-3. Install OpenShift command line `oc` cli:
-
-   ```bash
-   wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-4.x.xx.tar.gz
-   tar -xvf openshift-client-linux-4.x.xx.tar.gz
-   chmod u+x oc kubectl
-   sudo mv oc /usr/local/bin
-   sudo mv kubectl /usr/local/bin
-   oc version
-   ```
-
 4. Install wget command:
 
     - MacOS:
@@ -54,8 +43,6 @@ This project uses mainly Terraform as infrastructure management and installation
       zypper install wget
       ```
 
-5. Install jq: see [https://stedolan.github.io/jq/download/](https://stedolan.github.io/jq/download/)
-
 6. Get the Terraform code
 
    ```bash
@@ -123,37 +110,33 @@ This project installs the OpenShift 4 in several stages where each stage automat
 cluster_name = "ocp4"
 base_domain = "example.com"
 openshift_pull_secret = "./openshift_pull_secret.json"
-openshift_installer_url = "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.6.28"
+openshift_version = "4.6.28"
 
-aws_access_key_id = "AAAA"
-aws_secret_access_key = "AbcDefGhiJkl"
-aws_ami = "ami-06f85a7940faa3217"
 aws_extra_tags = {
   "owner" = "admin"
   }
-aws_azs = [
-  "us-east-1a",
-  "us-east-1b",
-  "us-east-1c"
-  ]
 aws_region = "us-east-1"
 aws_publish_strategy = "External"
 ```
 
 |name | required  | description and value        |
 |----------------|------------|--------------|
-| `cluster_name`     | yes  | The name of the OpenShift cluster you will install     |
-| `base_domain` | yes | The domain that has been created in Route53 public hosted zone |
+| `cluster_name` | yes  | The name of the OpenShift cluster you will install     |
+| `base_domain`  | yes | The domain that has been created in Route53 public hosted zone |
 | `openshift_pull_secret` | no | The value refers to a file name that contain downloaded pull secret from https://cloud.redhat.com/openshift/pull-secret; the default name is `openshift_pull_secret.json` |
-| `openshift_installer_url` | no | The URL to the download site for Red Hat OpenShift installation and client codes.  |
+| `openshift_version` | yes | The openshift version to be installed.  |
 | `aws_region`   | yes  | AWS region that the VPC will be created in.  By default, uses `us-east-2`.  Note that for an HA installation, the AWS selected region should have at least 3 availability zones. |
 | `aws_extra_tags`  | no  | AWS tag to identify a resource for example owner:myname     |
-| `aws_ami` | yes | Red Hat CoreOS ami for your region (see [here](https://docs.openshift.com/container-platform/4.6/installing/installing_aws/installing-aws-user-infra.html#installation-aws-user-infra-rhcos-ami_installing-aws-user-infra)). Other platforms images information can be found [here](https://github.com/openshift/installer/blob/master/data/data/rhcos.json) |
-| `aws_secret_access_key` | yes | adding aws_secret_access_key to the cluster |
-| `aws_access_key_id` | yes | adding aws_access_key_id to the cluster |
-| `aws_azs` | yes | list of availability zones to deploy VMs |
+| `aws_azs` | no | list of availability zones to deploy VMs - default to the [`a`, `b`, `c`] |
+| `openshift_byo_dns` | no | whether to ignore DNS resources (you still need a public zone defined) |
+| `openshift_ssh_key` | no | whether to use a specific public key  |
+| `openshift_additional_trust_bundle` | no | additional trust bundle for accessing resources - ie proxy or repo | 
 | `aws_publish_strategy` | no | Whether to publish the API endpoint externally - Default: "External" |
 | `airgapped` | no | A map with enabled (true/false) and repository name - This must be used with `aws_publish_strategy` of `Internal` |
+| `proxy_config` | no | To be implemented  |
+| `use_ipv4` | no | To be implemented  |
+| `use_ipv6` | no | To be implemented  |
+
 
 
 See [Terraform documentation](https://www.terraform.io/intro/getting-started/variables.html) for the format of this file.
diff --git a/config.tf b/config.tf
index 276a936..e9706a6 100644
--- a/config.tf
+++ b/config.tf
@@ -43,7 +43,56 @@ variable "openshift_pull_secret" {
   description = "File containing pull secret - get it from https://cloud.redhat.com/openshift/install/pull-secret"
 }
 
-variable "openshift_installer_url" {
-  type = string
-  description = "URL of the appropriate OpenShift installer under https://mirror.openshift.com/pub/openshift-v4/clients/ocp/"
+variable "use_ipv4" {
+  type    = bool
+  default = true
+  description = "not implemented"
+}
+
+variable "use_ipv6" {
+  type    = bool
+  default = false
+  description = "not implemented"
+}
+
+variable "openshift_version" {
+  type    = string
+  default = "4.6.28"
+}
+
+variable "airgapped" {
+  type = map(string)
+  default = {
+    enabled  = false
+    repository = ""
+  }
+}
+
+variable "proxy_config" {
+  type = map(string)
+  description = "Not implemented"
+  default = {
+    enabled    = false
+    httpProxy  = "http://user:password@ip:port"
+    httpsProxy = "http://user:password@ip:port"
+    noProxy    = "ip1,ip2,ip3,.example.com,cidr/mask"
+  }
+}
+
+variable "openshift_additional_trust_bundle" {
+  description = "path to a file with all your additional ca certificates"
+  type        = string
+  default     = ""
+}
+
+variable "openshift_ssh_key" {
+  description = "Path to SSH Public Key file to use for OpenShift Installation"
+  type        = string
+  default     = ""
+}
+
+variable "openshift_byo_dns" {
+  description = "Do not deploy any public or private DNS zone into Azure"
+  type        = bool
+  default     = false
 }
\ No newline at end of file
diff --git a/delocp.sh b/delocp.sh
deleted file mode 100755
index 6134c70..0000000
--- a/delocp.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/bash
-
-clusterId=$1
-
-if [ -z $clusterId ]; then
-  exit 99
-fi
-
-terraform destroy -auto-approve &
-
-sleep 10 
-workers=$(aws ec2 describe-instances --filters Name="tag:kubernetes.io/cluster/${clusterId}",Values="owned"  --query 'Reservations[].Instances[].[InstanceId, Tags[?Key==`Name`] | [0].Value]' --output text | grep worker | cut -d$'\t' -f1)
-
-aws ec2 terminate-instances --instance-ids ${workers} 
-
-vpcid=$(grep vpc terraform.tfstate | grep vpc_id | grep vpc- | head -1 | cut -d"\"" -f4)
-elbname=$(aws elb describe-load-balancers --query  'LoadBalancerDescriptions[].[LoadBalancerName,VPCId]' --output text | cut -d$'\t' -f1)
-aws elb delete-load-balancer --load-balancer-name ${elbname}
-
-sleep 300
-
-sg=$(aws ec2 describe-security-groups --filters Name="tag:kubernetes.io/cluster/${clusterId}",Values="owned" --query 'SecurityGroups[].[GroupId,GroupName]' --output text | grep "k8s-elb" | cut -d$'\t' -f1)
-
-aws ec2 delete-security-group --group-id ${sg}
-
-sleep 60
-
-aws s3 ls | grep ${clusterId} | awk '{print "aws s3 rb —force s3://"$3}' | bash
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} 
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} | awk '{print "aws iam delete-user-policy --user-name "$1" --policy-name "$1"-policy"}' | bash
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} | awk '{print "aws iam delete-access-key --user-name "$1" --access-key-id $(aws iam list-access-keys --user-name "$1" --query 'AccessKeyMetadata[].AccessKeyId' --output text)"}' | bash
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} | awk '{print "aws iam delete-user --user-name "$1}' | bash
-
-exit 0
diff --git a/helper.tf b/helper.tf
new file mode 100644
index 0000000..9b29b5d
--- /dev/null
+++ b/helper.tf
@@ -0,0 +1,12 @@
+locals {
+  major_version   = join(".", slice(split(".", var.openshift_version), 0, 2))
+  aws_azs         = (var.aws_azs != null) ? var.aws_azs : tolist([join("",[var.aws_region,"a"]),join("",[var.aws_region,"b"]),join("",[var.aws_region,"c"])])
+  rhcos_image     = lookup(lookup(lookup(jsondecode(data.http.images.body), "amis"), "${var.aws_region}"),"hvm")
+}
+
+data "http" "images" {
+  url = "https://raw.githubusercontent.com/openshift/installer/release-${local.major_version}/data/data/rhcos.json"
+  request_headers = {
+    Accept = "application/json"
+  }
+}
\ No newline at end of file
diff --git a/install/aws_cleanup.sh b/install/aws_cleanup.sh
index ca56244..9b023a8 100755
--- a/install/aws_cleanup.sh
+++ b/install/aws_cleanup.sh
@@ -1,10 +1,10 @@
 #!/bin/bash
 
-path=$(dirname $0)
-clusterId=$(cat $path/infraID)
+path=$(dirname $0) 
+clusterId=$(cat $path/../installer-files/infraID)
 
 if [ -z "$clusterId" ]; then
-  exit 99
+  exit 
 fi
 
 if [ -z "$AWS_ACCESS_KEY_ID" ]; then
@@ -13,6 +13,10 @@ fi
 if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
   exit 80
 fi
+if [ -z "$AWS_DEFAULT_REGION" ]; then
+  exit 80
+fi
+
 
 echo "0 - Start processing for cluster $clusterId - waiting for masters to be destroyed"
 masters=3
@@ -24,7 +28,6 @@ while [ $masters -gt 0 ]; do
     sleep 10
   fi
 done
-
 workers=$(echo "$nodes" | cut -d$'\t' -f1)
 
 echo "1 - Deleting workers - $workers -"
diff --git a/install/installer.tf b/install/installer.tf
index 685c384..9e82395 100644
--- a/install/installer.tf
+++ b/install/installer.tf
@@ -1,17 +1,12 @@
-#locals {
-#  infrastructure_id = "${var.infrastructure_id != "" ? "${var.infrastructure_id}" : "${var.clustername}-${random_id.clusterid.hex}"}"
-#  infrastructure_id = 
-#}
-
 resource "null_resource" "openshift_installer" {
   provisioner "local-exec" {
     command = <<EOF
 case $(uname -s) in
   Linux)
-    wget -r -l1 -np -nd ${var.openshift_installer_url} -P ${path.module} -A 'openshift-install-linux-4*.tar.gz'
+    wget -r -l1 -np -nd ${var.openshift_installer_url} -q -P ${path.root}/installer-files/ -A 'openshift-install-linux-4*.tar.gz'
     ;;
   Darwin)
-    wget -r -l1 -np -nd ${var.openshift_installer_url} -P ${path.module} -A 'openshift-install-mac-4*.tar.gz'
+    wget -r -l1 -np -nd ${var.openshift_installer_url} -q -P ${path.root}/installer-files/ -A 'openshift-install-mac-4*.tar.gz'
     ;;
   *) exit 1
     ;;
@@ -20,11 +15,11 @@ EOF
   }
 
   provisioner "local-exec" {
-    command = "tar zxvf ${path.module}/openshift-install-*-4*.tar.gz -C ${path.module}"
+    command = "tar zxvf ${path.root}/installer-files//openshift-install-*-4*.tar.gz -C ${path.root}/installer-files/"
   }
 
   provisioner "local-exec" {
-    command = "rm -f ${path.module}/openshift-install-*-4*.tar.gz ${path.module}/robots*.txt* ${path.module}/README.md"
+    command = "rm -f ${path.root}/installer-files//openshift-install-*-4*.tar.gz ${path.root}/installer-files//robots*.txt* ${path.root}/installer-files//README.md"
   }
 }
 
@@ -33,10 +28,10 @@ resource "null_resource" "openshift_client" {
     command = <<EOF
 case $(uname -s) in
   Linux)
-    wget -r -l1 -np -nd ${var.openshift_installer_url} -P ${path.module} -A 'openshift-client-linux-4*.tar.gz'
+    wget -r -l1 -np -nd ${var.openshift_installer_url} -q -P ${path.root}/installer-files/ -A 'openshift-client-linux-4*.tar.gz'
     ;;
   Darwin)
-    wget -r -l1 -np -nd ${var.openshift_installer_url} -P ${path.module} -A 'openshift-client-mac-4*.tar.gz'
+    wget -r -l1 -np -nd ${var.openshift_installer_url} -q -P ${path.root}/installer-files/ -A 'openshift-client-mac-4*.tar.gz'
     ;;
   *)
     exit 1
@@ -46,94 +41,14 @@ EOF
   }
 
   provisioner "local-exec" {
-    command = "tar zxvf ${path.module}/openshift-client-*-4*.tar.gz -C ${path.module}"
-  }
-
-  provisioner "local-exec" {
-    command = "rm -f ${path.module}/openshift-client-*-4*.tar.gz ${path.module}/robots*.txt* ${path.module}/README.md"
-  }
-}
-
-resource "null_resource" "aws_credentials" {
-  provisioner "local-exec" {
-    command = "mkdir -p ~/.aws"
+    command = "tar zxvf ${path.root}/installer-files//openshift-client-*-4*.tar.gz -C ${path.root}/installer-files/"
   }
 
   provisioner "local-exec" {
-    command = "echo '${data.template_file.aws_credentials.rendered}' > ~/.aws/credentials"
+    command = "rm -f ${path.root}/installer-files//openshift-client-*-4*.tar.gz ${path.root}/installer-files//robots*.txt* ${path.root}/installer-files//README.md"
   }
 }
 
-data "template_file" "aws_credentials" {
-  template = <<-EOF
-[default]
-aws_access_key_id = ${var.aws_access_key_id}
-aws_secret_access_key = ${var.aws_secret_access_key}
-EOF
-}
-
-data "local_file" "cabundle" {
-  count = var.airgapped["enabled"] ? 1 : 0
-  filename = "${var.airgapped.cabundle}"
-}
-
-
-data "template_file" "install_config_yaml" {
-  template = <<-EOF
-apiVersion: v1
-baseDomain: ${var.domain}
-compute:
-- hyperthreading: Enabled
-  name: worker
-  replicas: 3
-  platform:
-    aws:
-      rootVolume:
-        iops: ${var.aws_worker_root_volume_iops}
-        size: ${var.aws_worker_root_volume_size}
-        type: ${var.aws_worker_root_volume_type}
-      type: ${var.aws_worker_instance_type}
-      zones:
-      %{ for zone in var.aws_worker_availability_zones}
-      - ${zone}%{ endfor }
-controlPlane:
-  hyperthreading: Enabled
-  name: master
-  replicas: ${var.master_count}
-metadata:
-  name: ${var.clustername}
-networking:
-  clusterNetworks:
-  - cidr: ${var.cluster_network_cidr}
-    hostPrefix: ${var.cluster_network_host_prefix}
-  machineCIDR:  ${var.vpc_cidr_block}
-  networkType: OpenShiftSDN
-  serviceNetwork:
-  - ${var.service_network_cidr}
-platform:
-  aws:
-    region: ${var.aws_region}
-pullSecret: '${file(var.openshift_pull_secret)}'
-sshKey: '${tls_private_key.installkey.public_key_openssh}'
-%{if var.airgapped["enabled"]}imageContentSources:
-- mirrors:
-  - ${var.airgapped["repository"]}
-  source: quay.io/openshift-release-dev/ocp-release
-- mirrors:
-  - ${var.airgapped["repository"]}
-  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-additionalTrustBundle: | 
-  ${indent(2,data.local_file.cabundle[0].content)}
-%{endif}
-EOF
-}
-
-
-resource "local_file" "install_config" {
-  content  =  data.template_file.install_config_yaml.rendered
-  filename =  "${path.module}/install-config.yaml"
-}
-
 resource "null_resource" "generate_manifests" {
   triggers = {
     install_config =  data.template_file.install_config_yaml.rendered
@@ -141,24 +56,24 @@ resource "null_resource" "generate_manifests" {
 
   depends_on = [
     local_file.install_config,
-    null_resource.aws_credentials,
+    # null_resource.aws_credentials,
     null_resource.openshift_installer,
   ]
 
   provisioner "local-exec" {
-    command = "rm -rf ${path.module}/temp"
+    command = "rm -rf ${path.root}/installer-files//temp"
   }
 
   provisioner "local-exec" {
-    command = "mkdir -p ${path.module}/temp"
+    command = "mkdir -p ${path.root}/installer-files//temp"
   }
 
   provisioner "local-exec" {
-    command = "mv ${path.module}/install-config.yaml ${path.module}/temp"
+    command = "mv ${path.root}/installer-files//install-config.yaml ${path.root}/installer-files//temp"
   }
 
   provisioner "local-exec" {
-    command = "${path.module}/openshift-install --dir=${path.module}/temp create manifests"
+    command = "${path.root}/installer-files//openshift-install --dir=${path.root}/installer-files//temp create manifests"
   }
 }
 
@@ -174,7 +89,7 @@ resource "null_resource" "manifest_cleanup_control_plane_machineset" {
   }
 
   provisioner "local-exec" {
-    command = "rm -f ${path.module}/temp/openshift/99_openshift-cluster-api_master-machines-*.yaml"
+    command = "rm -f ${path.root}/installer-files//temp/openshift/99_openshift-cluster-api_master-machines-*.yaml"
   }
 }
 
@@ -183,6 +98,19 @@ resource "null_resource" "generate_ignition_config" {
   depends_on = [
     null_resource.manifest_cleanup_control_plane_machineset,
     local_file.airgapped_registry_upgrades,
+    local_file.create_worker_machineset,
+    local_file.airgapped_registry_upgrades,
+    local_file.cluster-dns-02-config,
+    local_file.create_infra_machineset,
+    local_file.cluster-monitoring-configmap,
+    local_file.configure-image-registry-job-serviceaccount,
+    local_file.configure-image-registry-job-clusterrole,
+    local_file.configure-image-registry-job-clusterrolebinding,
+    local_file.configure-image-registry-job,
+    local_file.configure-ingress-job-serviceaccount,
+    local_file.configure-ingress-job-clusterrole,
+    local_file.configure-ingress-job-clusterrolebinding,
+    local_file.configure-ingress-job,
   ]
 
   triggers = {
@@ -191,51 +119,26 @@ resource "null_resource" "generate_ignition_config" {
   }
 
   provisioner "local-exec" {
-    command = "mkdir -p ${path.module}/temp"
+    command = "mkdir -p ${path.root}/installer-files//temp"
   }
 
   provisioner "local-exec" {
-    command = "rm -rf ${path.module}/temp/_manifests ${path.module}/temp/_openshift"
+    command = "rm -rf ${path.root}/installer-files//temp/_manifests ${path.root}/installer-files//temp/_openshift"
   }
 
   provisioner "local-exec" {
-    command = "cp -r ${path.module}/temp/manifests ${path.module}/temp/_manifests"
+    command = "cp -r ${path.root}/installer-files//temp/manifests ${path.root}/installer-files//temp/_manifests"
   }
 
   provisioner "local-exec" {
-    command = "cp -r ${path.module}/temp/openshift ${path.module}/temp/_openshift"
+    command = "cp -r ${path.root}/installer-files//temp/openshift ${path.root}/installer-files//temp/_openshift"
   }
 
   provisioner "local-exec" {
-    command = "${path.module}/openshift-install --dir=${path.module}/temp create ignition-configs"
+    command = "${path.root}/installer-files//openshift-install --dir=${path.root}/installer-files//temp create ignition-configs"
   }
 }
 
-resource "null_resource" "extractInfrastructureID" {
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-
-  provisioner "local-exec" {
-    when    = create
-    command = "cat ${path.module}/temp/.openshift_install_state.json | jq -r '.\"*installconfig.ClusterID\".InfraID' | tr -d '\n' > ${path.module}/infraID"
-  }
-
-  provisioner "local-exec" {
-    when    = destroy
-    command = "rm -rf ${path.module}/infraID"
-  }
-}
-
-
-data "local_file" "infrastructureID" {
-  depends_on = [
-    null_resource.extractInfrastructureID
-  ]
-  filename        =  "${path.module}/infraID"
-
-}
-
 resource "null_resource" "delete_aws_resources" {
   depends_on = [
     null_resource.cleanup
@@ -244,6 +147,7 @@ resource "null_resource" "delete_aws_resources" {
   provisioner "local-exec" {
     when    = destroy
     command = "${path.module}/aws_cleanup.sh"
+    #command = "${path.root}/installer-files//openshift-install --dir=${path.root}/installer-files/temp destroy cluster"
   }
 
 }
@@ -255,22 +159,22 @@ resource "null_resource" "cleanup" {
 
   provisioner "local-exec" {
     when    = destroy
-    command = "rm -rf ${path.module}/temp"
+    command = "rm -rf ${path.root}/installer-files//temp"
   }
 
   provisioner "local-exec" {
     when    = destroy
-    command = "rm -f ${path.module}/openshift-install"
+    command = "rm -f ${path.root}/installer-files//openshift-install"
   }
 
   provisioner "local-exec" {
     when    = destroy
-    command = "rm -f ${path.module}/oc"
+    command = "rm -f ${path.root}/installer-files//oc"
   }
 
   provisioner "local-exec" {
     when    = destroy
-    command = "rm -f ${path.module}/kubectl"
+    command = "rm -f ${path.root}/installer-files//kubectl"
   }
 }
 
@@ -279,7 +183,7 @@ data "local_file" "bootstrap_ign" {
     null_resource.generate_ignition_config
   ]
 
-  filename =  "${path.module}/temp/bootstrap.ign"
+  filename =  "${path.root}/installer-files//temp/bootstrap.ign"
 }
 
 data "local_file" "master_ign" {
@@ -287,7 +191,7 @@ data "local_file" "master_ign" {
     null_resource.generate_ignition_config
   ]
 
-  filename =  "${path.module}/temp/master.ign"
+  filename =  "${path.root}/installer-files//temp/master.ign"
 }
 
 data "local_file" "worker_ign" {
@@ -295,39 +199,17 @@ data "local_file" "worker_ign" {
     null_resource.generate_ignition_config
   ]
 
-  filename =  "${path.module}/temp/worker.ign"
+  filename =  "${path.root}/installer-files//temp/worker.ign"
 }
 
 resource "null_resource" "get_auth_config" {
   depends_on = [null_resource.generate_ignition_config]
   provisioner "local-exec" {
     when    = create
-    command = "cp ${path.module}/temp/auth/* ${path.root}/ "
+    command = "cp ${path.root}/installer-files//temp/auth/* ${path.root}/ "
   }
   provisioner "local-exec" {
     when    = destroy
     command = "rm ${path.root}/kubeconfig ${path.root}/kubeadmin-password "
   }
 }
-
-resource "local_file" "airgapped_registry_upgrades" {
-  count    = var.airgapped["enabled"] ? 1 : 0
-  filename = "${path.module}/temp/openshift/99_airgapped_registry_upgrades.yaml"
-  depends_on = [
-    null_resource.generate_manifests,
-  ]
-  content  = <<EOF
-apiVersion: operator.openshift.io/v1alpha1
-kind: ImageContentSourcePolicy
-metadata:
-  name: airgapped
-spec:
-  repositoryDigestMirrors:
-  - mirrors:
-    - ${var.airgapped["repository"]}
-    source: quay.io/openshift-release-dev/ocp-release
-  - mirrors:
-    - ${var.airgapped["repository"]}
-    source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
-EOF
-}
diff --git a/install/output.tf b/install/output.tf
index 6cb4ea2..d61e02c 100644
--- a/install/output.tf
+++ b/install/output.tf
@@ -14,13 +14,13 @@ output "worker_ign_64" {
     value =  base64encode(data.local_file.worker_ign.content)
 }
 
-output "private_ssh_key" {
-    value =  tls_private_key.installkey.private_key_pem
-}
+# output "private_ssh_key" {
+#     value =  tls_private_key.installkey.private_key_pem
+# }
 
-output "public_ssh_key" {
-    value =  tls_private_key.installkey.public_key_openssh
-}
+# output "public_ssh_key" {
+#     value =  tls_private_key.installkey.public_key_openssh
+# }
 
 output "infraID" {
     value =  data.local_file.infrastructureID.content
diff --git a/install/ssh_key.tf b/install/ssh_key.tf
index 44a7b57..9d42cb0 100644
--- a/install/ssh_key.tf
+++ b/install/ssh_key.tf
@@ -1,4 +1,10 @@
+locals {
+    public_ssh_key = var.openshift_ssh_key == "" ? tls_private_key.installkey[0].public_key_openssh : file(var.openshift_ssh_key)
+}
+
 resource "tls_private_key" "installkey" {
+  count     = var.openshift_ssh_key == "" ? 1 : 0
+
   algorithm   = "RSA"
   rsa_bits = 4096
 }
diff --git a/install/templates.tf b/install/templates.tf
new file mode 100644
index 0000000..addf482
--- /dev/null
+++ b/install/templates.tf
@@ -0,0 +1,589 @@
+# resource "null_resource" "aws_credentials" {
+#   provisioner "local-exec" {
+#     command = "mkdir -p ~/.aws"
+#   }
+
+#   provisioner "local-exec" {
+#     command = "echo '${data.template_file.aws_credentials.rendered}' > ~/.aws/credentials"
+#   }
+# }
+
+# data "template_file" "aws_credentials" {
+#   template = <<-EOF
+# [default]
+# aws_access_key_id = ${var.aws_access_key_id}
+# aws_secret_access_key = ${var.aws_secret_access_key}
+# EOF
+# }
+
+locals {
+  zone_infra_replicas = [for idx in range(length(var.aws_worker_availability_zones)) : floor(var.infra_count / length(var.aws_worker_availability_zones)) + (idx + 1 > (var.infra_count % length(var.aws_worker_availability_zones)) ? 0 : 1)]
+}
+
+data "local_file" "cabundle" {
+  count = var.openshift_additional_trust_bundle == "" ? 0 : 1
+  filename = "${var.openshift_additional_trust_bundle}"
+}
+
+
+data "template_file" "install_config_yaml" {
+  template = <<-EOF
+apiVersion: v1
+baseDomain: ${var.domain}
+compute:
+- hyperthreading: Enabled
+  name: worker
+  replicas: 3
+  platform:
+    aws:
+      rootVolume:
+        iops: ${var.aws_worker_root_volume_iops}
+        size: ${var.aws_worker_root_volume_size}
+        type: ${var.aws_worker_root_volume_type}
+      type: ${var.aws_worker_instance_type}
+      zones:
+      %{ for zone in var.aws_worker_availability_zones}
+      - ${zone}%{ endfor }
+controlPlane:
+  hyperthreading: Enabled
+  name: master
+  replicas: ${var.master_count}
+metadata:
+  name: ${var.clustername}
+networking:
+  clusterNetworks:
+  - cidr: ${var.cluster_network_cidr}
+    hostPrefix: ${var.cluster_network_host_prefix}
+  machineCIDR:  ${var.vpc_cidr_block}
+  networkType: OpenShiftSDN
+  serviceNetwork:
+  - ${var.service_network_cidr}
+platform:
+  aws:
+    region: ${var.aws_region}
+pullSecret: '${file(var.openshift_pull_secret)}'
+sshKey: '${local.public_ssh_key}'
+%{if var.airgapped["enabled"]}imageContentSources:
+- mirrors:
+  - ${var.airgapped["repository"]}
+  source: quay.io/openshift-release-dev/ocp-release
+- mirrors:
+  - ${var.airgapped["repository"]}
+  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev%{endif}
+%{if var.proxy_config["enabled"]}proxy:
+  httpProxy: ${var.proxy_config["httpProxy"]}
+  httpsProxy: ${var.proxy_config["httpsProxy"]}
+  noProxy: ${var.proxy_config["noProxy"]}%{endif}
+%{if var.openshift_additional_trust_bundle != ""}additionalTrustBundle: | 
+  ${indent(2,data.local_file.cabundle[0].content)}%{endif}
+EOF
+}
+
+
+resource "local_file" "install_config" {
+  content  =  data.template_file.install_config_yaml.rendered
+  filename =  "${path.root}/installer-files/install-config.yaml"
+}
+
+# when the subnets are provided, modify the worker machinesets 
+resource "null_resource" "manifest_cleanup_worker_machineset" {
+  depends_on = [
+    null_resource.generate_manifests
+  ]
+  count  = var.aws_private_subnets != null ? length(var.aws_private_subnets) : 0
+  provisioner "local-exec" {
+    command = "rm -f ${path.root}/installer-files/temp/openshift/99_openshift-cluster-api_worker-machineset-${count.index}.yaml"
+  }
+}
+
+resource "local_file" "create_worker_machineset" {
+  depends_on = [
+    null_resource.manifest_cleanup_worker_machineset
+  ]
+  count  = var.aws_private_subnets != null ? length(var.aws_private_subnets) : 0
+  file_permission = "0644"
+  filename        = "${path.root}/installer-files/temp/openshift/99_openshift-cluster-api_worker-machineset-${count.index}.yaml"
+  content         = <<EOF
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata:
+  creationTimestamp: null
+  labels:
+    machine.openshift.io/cluster-api-machine-role: worker
+    machine.openshift.io/cluster-api-machine-type: worker
+    machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+  name: ${data.local_file.infrastructureID.content}-worker-${var.aws_worker_availability_zones[count.index]}
+  namespace: openshift-machine-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+      machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-worker-${var.aws_worker_availability_zones[count.index]}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+        machine.openshift.io/cluster-api-machine-role: worker
+        machine.openshift.io/cluster-api-machine-type: worker
+        machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-worker-${var.aws_worker_availability_zones[count.index]}
+    spec:
+      metadata:
+        creationTimestamp: null
+      providerSpec:
+        value:
+          ami:
+            id: ${var.ami}
+          apiVersion: awsproviderconfig.openshift.io/v1beta1
+          blockDevices:
+          - ebs:
+              encrypted: true
+              iops: ${var.aws_worker_root_volume_iops}
+              volumeSize: ${var.aws_worker_root_volume_size}
+              volumeType: ${var.aws_worker_root_volume_type}
+              kmsKey:
+                arn: ""
+          credentialsSecret:
+            name: aws-cloud-credentials
+          deviceIndex: 0
+          iamInstanceProfile:
+            id: ${data.local_file.infrastructureID.content}-worker-profile
+          instanceType: ${var.aws_worker_instance_type}
+          kind: AWSMachineProviderConfig
+          metadata:
+            creationTimestamp: null
+          placement:
+            availabilityZone: ${var.aws_worker_availability_zones[count.index]}
+            region: ${var.aws_region}
+          securityGroups:
+          - filters:
+            - name: tag:Name
+              values:
+              - ${data.local_file.infrastructureID.content}-worker-sg
+          subnet:
+            filters:
+            - name: subnet-id
+              values:
+              - ${var.aws_private_subnets[count.index]}
+          tags:
+          - name: kubernetes.io/cluster/${data.local_file.infrastructureID.content}
+            value: owned
+          userDataSecret:
+            name: worker-user-data
+EOF
+}
+
+resource "null_resource" "extractInfrastructureID" {
+  depends_on = [
+    null_resource.generate_manifests
+  ]
+
+  provisioner "local-exec" {
+    when    = create
+    command = "cat ${path.root}/installer-files/temp/.openshift_install_state.json | jq -r '.\"*installconfig.ClusterID\".InfraID' | tr -d '\n' > ${path.root}/installer-files/infraID"
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "rm -rf ${path.root}/installer-files/infraID"
+  }
+}
+
+
+data "local_file" "infrastructureID" {
+  depends_on = [
+    null_resource.extractInfrastructureID
+  ]
+  filename        =  "${path.root}/installer-files/infraID"
+
+}
+
+resource "local_file" "airgapped_registry_upgrades" {
+  count    = var.airgapped["enabled"] ? 1 : 0
+  filename = "${path.root}/installer-files/temp/openshift/99_airgapped_registry_upgrades.yaml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+  content  = <<EOF
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: airgapped
+spec:
+  repositoryDigestMirrors:
+  - mirrors:
+    - ${var.airgapped["repository"]}
+    source: quay.io/openshift-release-dev/ocp-release
+  - mirrors:
+    - ${var.airgapped["repository"]}
+    source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+EOF
+}
+
+data "template_file" "cluster-dns-02-config" {
+  template = <<EOF
+apiVersion: config.openshift.io/v1
+kind: DNS
+metadata:
+  creationTimestamp: null
+  name: cluster
+spec:
+  baseDomain: ${var.clustername}.${var.domain}
+status: {}
+EOF
+}
+
+resource "local_file" "cluster-dns-02-config" {
+  count = var.byo_dns ? 1 : 0
+  content  = data.template_file.cluster-dns-02-config.rendered
+  filename = "${path.root}/installer-files/temp/manifests/cluster-dns-02-config.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+
+##
+## The rest of this file is for infrastructure node designation without taints
+##
+
+resource "local_file" "create_infra_machineset" {
+  depends_on = [
+    null_resource.generate_manifests
+  ]
+
+  count  = var.infra_count > 0 ? length(var.aws_worker_availability_zones) : 0
+  file_permission = "0644"
+  filename        = "${path.root}/installer-files/temp/openshift/99_openshift-cluster-api_infra-machineset-${count.index}.yaml"
+  content         = <<EOF
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata:
+  creationTimestamp: null
+  labels:
+    machine.openshift.io/cluster-api-machine-role: infra
+    machine.openshift.io/cluster-api-machine-type: infra
+    machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+  name: ${data.local_file.infrastructureID.content}-infra-${var.aws_worker_availability_zones[count.index]}
+  namespace: openshift-machine-api
+spec:
+  replicas: ${local.zone_infra_replicas[count.index]}
+  selector:
+    matchLabels:
+      machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+      machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-infra-${var.aws_worker_availability_zones[count.index]}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
+        machine.openshift.io/cluster-api-machine-role: infra
+        machine.openshift.io/cluster-api-machine-type: infra
+        machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-infra-${var.aws_worker_availability_zones[count.index]}
+    spec:
+      metadata:
+        creationTimestamp: null
+        labels:
+          node-role.kubernetes.io/infra: ""
+      providerSpec:
+        value:
+          ami:
+            id: ${var.ami}
+          apiVersion: awsproviderconfig.openshift.io/v1beta1
+          blockDevices:
+          - ebs:
+              encrypted: true
+              iops: ${var.aws_infra_root_volume_iops}
+              volumeSize: ${var.aws_infra_root_volume_size}
+              volumeType: ${var.aws_infra_root_volume_type}
+              kmsKey:
+                arn: ""
+          credentialsSecret:
+            name: aws-cloud-credentials
+          deviceIndex: 0
+          iamInstanceProfile:
+            id: ${data.local_file.infrastructureID.content}-worker-profile
+          instanceType: ${var.aws_infra_instance_type}
+          kind: AWSMachineProviderConfig
+          metadata:
+            creationTimestamp: null
+          placement:
+            availabilityZone: ${var.aws_worker_availability_zones[count.index]}
+            region: ${var.aws_region}
+          securityGroups:
+          - filters:
+            - name: tag:Name
+              values:
+              - ${data.local_file.infrastructureID.content}-worker-sg
+          subnet:
+            filters:
+            %{if var.aws_private_subnets != null}- name: subnet-id
+              values:
+              - ${var.aws_private_subnets[count.index]}%{endif}
+            %{if var.aws_private_subnets == null}- name: tag:Name
+              values:
+              - ${data.local_file.infrastructureID.content}-private-${var.aws_worker_availability_zones[count.index]}%{endif}
+          tags:
+          - name: kubernetes.io/cluster/${data.local_file.infrastructureID.content}
+            value: owned
+          userDataSecret:
+            name: worker-user-data
+EOF
+}
+
+data "template_file" "cluster-monitoring-configmap" {
+  template = <<EOF
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-monitoring-config
+  namespace: openshift-monitoring
+data:
+  config.yaml: |+
+    alertmanagerMain:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    prometheusK8s:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    prometheusOperator:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    grafana:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    k8sPrometheusAdapter:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    kubeStateMetrics:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    telemeterClient:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    openshiftStateMetrics:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    thanosQuerier:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+EOF
+}
+
+resource "local_file" "cluster-monitoring-configmap" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.cluster-monitoring-configmap.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_cluster-monitoring-configmap.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+
+data "template_file" "configure-image-registry-job-serviceaccount" {
+  template = <<EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: infra
+  namespace: openshift-image-registry
+EOF
+}
+
+resource "local_file" "configure-image-registry-job-serviceaccount" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-image-registry-job-serviceaccount.rendered
+  filename = "${path.root}/installer-files/openshift/99_configure-image-registry-job-serviceaccount.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+data "template_file" "configure-image-registry-job-clusterrole" {
+  template = <<EOF
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:ibm-patch-cluster-storage
+rules:
+- apiGroups: ['imageregistry.operator.openshift.io']
+  resources: ['configs']
+  verbs:     ['get','patch']
+  resourceNames: ['cluster']
+EOF
+}
+
+resource "local_file" "configure-image-registry-job-clusterrole" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-image-registry-job-clusterrole.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_configure-image-registry-job-clusterrole.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+data "template_file" "configure-image-registry-job-clusterrolebinding" {
+  template = <<EOF
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:ibm-patch-cluster-storage
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:ibm-patch-cluster-storage
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: openshift-image-registry
+EOF
+}
+
+resource "local_file" "configure-image-registry-job-clusterrolebinding" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-image-registry-job-clusterrolebinding.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_configure-image-registry-job-clusterrolebinding.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+data "template_file" "configure-image-registry-job" {
+  template = <<EOF
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: ibm-configure-image-registry
+  namespace: openshift-image-registry
+spec:
+  parallelism: 1
+  completions: 1
+  template:
+    metadata:
+      name: configure-image-registry
+      labels:
+        app: configure-image-registry
+    serviceAccountName: infra
+    spec:
+      containers:
+      - name:  client
+        image: quay.io/openshift/origin-cli:latest
+        command: ["/bin/sh","-c"]
+        args: ["while ! /usr/bin/oc get configs.imageregistry.operator.openshift.io cluster >/dev/null 2>&1; do sleep 1;done;/usr/bin/oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{\"spec\": {\"nodeSelector\": {\"node-role.kubernetes.io/infra\": \"\"}}}'"]
+      restartPolicy: Never
+EOF
+}
+
+resource "local_file" "configure-image-registry-job" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-image-registry-job.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_configure-image-registry-job.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+data "template_file" "configure-ingress-job-serviceaccount" {
+  template = <<EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: infra
+  namespace: openshift-ingress-operator
+EOF
+}
+
+resource "local_file" "configure-ingress-job-serviceaccount" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-ingress-job-serviceaccount.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_configure-ingress-job-serviceaccount.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+data "template_file" "configure-ingress-job-clusterrole" {
+  template = <<EOF
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:ibm-patch-ingress
+rules:
+- apiGroups:     ['operator.openshift.io']
+  resources:     ['ingresscontrollers']
+  verbs:         ['get','patch']
+  resourceNames: ['default']
+EOF
+}
+
+resource "local_file" "configure-ingress-job-clusterrole" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-ingress-job-clusterrole.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_configure-ingress-job-clusterrole.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+data "template_file" "configure-ingress-job-clusterrolebinding" {
+  template = <<EOF
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:ibm-patch-ingress
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:ibm-patch-ingress
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: openshift-ingress-operator
+EOF
+}
+
+resource "local_file" "configure-ingress-job-clusterrolebinding" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-ingress-job-clusterrolebinding.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_configure-ingress-job-clusterrolebinding.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
+data "template_file" "configure-ingress-job" {
+  template = <<EOF
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: ibm-configure-ingress
+  namespace: openshift-ingress-operator
+spec:
+  parallelism: 1
+  completions: 1
+  template:
+    metadata:
+      name: configure-ingress
+      labels:
+        app: configure-ingress
+    serviceAccountName: infra
+    spec:
+      containers:
+      - name:  client
+        image: quay.io/openshift/origin-cli:latest
+        command: ["/bin/sh","-c"]
+        args: ["while ! /usr/bin/oc get ingresscontrollers.operator.openshift.io default -n openshift-ingress-operator >/dev/null 2>&1; do sleep 1;done;/usr/bin/oc patch ingresscontrollers.operator.openshift.io default -n openshift-ingress-operator --type merge --patch '{\"spec\": {\"nodePlacement\": {\"nodeSelector\": {\"matchLabels\": {\"node-role.kubernetes.io/infra\": \"\"}}}}}'"]
+      restartPolicy: Never
+EOF
+}
+
+resource "local_file" "configure-ingress-job" {
+  count    = var.infra_count > 0 ? 1 : 0
+  content  = data.template_file.configure-ingress-job.rendered
+  filename = "${path.root}/installer-files/temp/openshift/99_configure-ingress-job.yml"
+  depends_on = [
+    null_resource.generate_manifests,
+  ]
+}
+
diff --git a/install/variables.tf b/install/variables.tf
index 4e0ac09..6fac988 100644
--- a/install/variables.tf
+++ b/install/variables.tf
@@ -58,13 +58,45 @@ EOF
 
 }
 
-
 variable "master_count" {
   type        = number
   description = "The number of master nodes."
   default     = 3
 }
 
+variable "infra_count" {
+  type        = number
+  description = "The number of infra nodes."
+  default     = 0
+}
+
+variable "aws_infra_instance_type" {
+  type = string
+  description = "Instance type for the infra node(s). Example: `m4.large`."
+  default = "m5.xlarge"
+}
+
+variable "aws_infra_root_volume_type" {
+  type        = string
+  description = "The type of volume for the root block device of infra nodes."
+}
+
+variable "aws_infra_root_volume_size" {
+  type        = string
+  description = "The size of the volume in gigabytes for the root block device of infra nodes."
+}
+
+variable "aws_infra_root_volume_iops" {
+  type = string
+
+  description = <<EOF
+The amount of provisioned IOPS for the root block device of infra nodes.
+Ignored if the volume type is not io1.
+EOF
+
+}
+
+
 variable "openshift_pull_secret" {
   type        = string
   default     = "./openshift_pull_secret.json"
@@ -76,15 +108,15 @@ variable "openshift_installer_url" {
   default     = "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest"
 }
 
-variable "aws_access_key_id" {
-  type        = string
-  description = "AWS access key"
-}
+# variable "aws_access_key_id" {
+#   type        = string
+#   description = "AWS access key"
+# }
 
-variable "aws_secret_access_key" {
-  type        = string
-  description = "AWS Secret"
-}
+# variable "aws_secret_access_key" {
+#   type        = string
+#   description = "AWS Secret"
+# }
 
 variable "aws_region" {
   type        = string
@@ -97,9 +129,9 @@ variable "aws_worker_availability_zones" {
   description = "The availability zones to provision for workers.  Worker instances are created by the machine-API operator, but this variable controls their supporting infrastructure (subnets, routing, etc.)."
 }
 
-variable "dns_public_id" {
-  type = string
-  description = "public route53 id"
+variable "aws_private_subnets" {
+  type = list(string)
+  description = "The private subnets for workers. This is used when the subnets are preconfigured."
 }
 
 variable "airgapped" {
@@ -107,6 +139,25 @@ variable "airgapped" {
   default = {
     airgapped  = false
     repository = ""
-    cabundle = ""
   }
 }
+
+variable "openshift_ssh_key" {
+  type    = string
+  default = ""
+}
+
+variable "openshift_additional_trust_bundle" {
+  type = string
+}
+
+variable "byo_dns" {
+  type = bool
+}
+
+variable "proxy_config" {
+  type = map(string)
+  default = {
+    enabled = false
+  }
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 224cace..fdb8e13 100644
--- a/main.tf
+++ b/main.tf
@@ -5,6 +5,7 @@ locals {
     },
     var.aws_extra_tags,
   )
+  openshift_installer_url = "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${var.openshift_version}"
 }
 
 provider "aws" {
@@ -26,12 +27,12 @@ provider "aws" {
 module "bootstrap" {
   source = "./bootstrap"
 
-  ami                      = var.aws_ami
+  ami                      = local.rhcos_image
   instance_type            = var.aws_bootstrap_instance_type
   cluster_id               = module.installer.infraID
   ignition                 = module.installer.bootstrap_ign
   # ignition_bucket          = var.aws_ignition_bucket
-  subnet_id                = var.aws_publish_strategy == "External" ? module.vpc.az_to_public_subnet_id[var.aws_azs[0]] : module.vpc.az_to_private_subnet_id[var.aws_azs[0]]
+  subnet_id                = var.aws_publish_strategy == "External" ? module.vpc.az_to_public_subnet_id[local.aws_azs[0]] : module.vpc.az_to_private_subnet_id[local.aws_azs[0]]
   target_group_arns        = module.vpc.aws_lb_target_group_arns
   target_group_arns_length = module.vpc.aws_lb_target_group_arns_length
   vpc_id                   = module.vpc.vpc_id
@@ -51,9 +52,9 @@ module "masters" {
 
   tags = local.tags
 
-  availability_zones       = var.aws_azs
+  availability_zones       = local.aws_azs
   az_to_subnet_id          = module.vpc.az_to_private_subnet_id
-  instance_count           = length(var.aws_azs)
+  instance_count           = length(local.aws_azs)
   master_sg_ids            = [module.vpc.master_sg_id]
   root_volume_iops         = var.aws_master_root_volume_iops
   root_volume_size         = var.aws_master_root_volume_size
@@ -62,7 +63,7 @@ module "masters" {
   root_volume_kms_key_id   = var.aws_master_root_volume_kms_key_id
   target_group_arns        = module.vpc.aws_lb_target_group_arns
   target_group_arns_length = module.vpc.aws_lb_target_group_arns_length
-  ec2_ami                  = var.aws_ami
+  ec2_ami                  = local.rhcos_image
   user_data_ign            = module.installer.master_ign
   publish_strategy         = var.aws_publish_strategy
 }
@@ -77,6 +78,8 @@ module "iam" {
 
 
 module "dns" {
+  count                    = var.openshift_byo_dns ? 0 : 1
+
   source = "./route53"
 
   api_external_lb_dns_name = module.vpc.aws_lb_api_external_dns_name
@@ -103,7 +106,7 @@ module "vpc" {
   private_subnets  = var.aws_private_subnets
   publish_strategy = var.aws_publish_strategy
   airgapped = var.airgapped
-  availability_zones = var.aws_azs
+  availability_zones = local.aws_azs
 
   tags = local.tags
 }
@@ -111,22 +114,30 @@ module "vpc" {
 module "installer" {
   source = "./install"
 
-  ami = var.aws_ami
-  dns_public_id = module.dns.public_dns_id
+  ami = local.rhcos_image
   clustername = var.cluster_name
   domain = var.base_domain
   aws_region = var.aws_region
-  aws_access_key_id = var.aws_access_key_id
-  aws_secret_access_key = var.aws_secret_access_key
+  # aws_access_key_id = var.aws_access_key_id
+  # aws_secret_access_key = var.aws_secret_access_key
   vpc_cidr_block = var.machine_cidr
-  master_count = length(var.aws_azs)
+  master_count = length(local.aws_azs)
+  infra_count = var.infra_count
   openshift_pull_secret = var.openshift_pull_secret
-  openshift_installer_url = var.openshift_installer_url
+  openshift_installer_url = local.openshift_installer_url
   aws_worker_root_volume_iops = var.aws_worker_root_volume_iops
   aws_worker_root_volume_size = var.aws_worker_root_volume_size
   aws_worker_root_volume_type = var.aws_worker_root_volume_type
-  aws_worker_availability_zones = var.aws_azs
+  aws_infra_root_volume_iops = var.aws_infra_root_volume_iops
+  aws_infra_root_volume_size = var.aws_infra_root_volume_size
+  aws_infra_root_volume_type = var.aws_infra_root_volume_type
+  aws_worker_availability_zones = local.aws_azs
   aws_worker_instance_type = var.aws_worker_instance_type
+  aws_infra_instance_type = var.aws_infra_instance_type
+  aws_private_subnets = var.aws_private_subnets
   airgapped = var.airgapped
+  proxy_config = var.proxy_config
+  openshift_ssh_key  = var.openshift_ssh_key 
+  openshift_additional_trust_bundle = var.openshift_additional_trust_bundle
+  byo_dns = var.openshift_byo_dns
 }
-
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
index c1075ce..7787ec1 100644
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -1,18 +1,10 @@
 cluster_name = "ocp4"
 base_domain = "example.com"
 openshift_pull_secret = "./openshift_pull_secret.json"
-openshift_installer_url = "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.6.28"
+openshift_version = "4.6.28"
 
-aws_access_key_id = "AAAA"
-aws_secret_access_key = "AbcDefGhiJkl"
-aws_ami = "ami-06f85a7940faa3217"
 aws_extra_tags = {
   "owner" = "admin"
   }
-aws_azs = [
-  "us-east-1a",
-  "us-east-1b",
-  "us-east-1c"
-  ]
 aws_region = "us-east-1"
 aws_publish_strategy = "External"
diff --git a/variables-aws.tf b/variables-aws.tf
index 8d8e872..09a66f4 100644
--- a/variables-aws.tf
+++ b/variables-aws.tf
@@ -16,20 +16,26 @@ variable "aws_bootstrap_instance_type" {
 variable "aws_master_instance_type" {
   type        = string
   description = "Instance type for the master node(s). Default: `m4.xlarge`."
-  default     = "m4.xlarge"
+  default     = "m5.xlarge"
 }
 
 variable "aws_worker_instance_type" {
   type        = string
   description = "Instance type for the worker node(s). Default: `m4.2xlarge`."
-  default     = "m4.2xlarge"
+  default     = "m5.2xlarge"
 }
 
-variable "aws_ami" {
+variable "aws_infra_instance_type" {
   type        = string
-  description = "AMI for all nodes.  An encrypted copy of this AMI will be used.  Example: `ami-foobar123`."
+  description = "Instance type for the worker node(s). Default: `m4.2xlarge`."
+  default     = "m5.xlarge"
 }
 
+# variable "aws_ami" {
+#   type        = string
+#   description = "AMI for all nodes.  An encrypted copy of this AMI will be used.  Example: `ami-foobar123`."
+# }
+
 variable "aws_extra_tags" {
   type = map(string)
 
@@ -88,6 +94,34 @@ EOF
 
 }
 
+variable "infra_count" {
+  type    = string
+  default = 0
+}
+
+variable "aws_infra_root_volume_type" {
+  type        = string
+  description = "The type of volume for the root block device of infra nodes."
+  default = "gp2"
+}
+
+variable "aws_infra_root_volume_size" {
+  type        = string
+  description = "The size of the volume in gigabytes for the root block device of infra nodes."
+  default = 200
+}
+
+variable "aws_infra_root_volume_iops" {
+  type = string
+
+  description = <<EOF
+The amount of provisioned IOPS for the root block device of infra nodes.
+Ignored if the volume type is not io1.
+EOF
+  default = 0
+
+}
+
 variable "aws_master_root_volume_encrypted" {
   type = bool
   default = true
@@ -115,8 +149,9 @@ variable "aws_region" {
 }
 
 variable "aws_azs" {
-  type = list(string)
-  description = "The availability zones in which to create the nodes."
+ type = list(string)
+ description = "The availability zones in which to create the nodes."
+ default = null
 }
 
 variable "aws_vpc" {
@@ -149,22 +184,12 @@ variable "aws_skip_region_validation" {
   description = "This decides if the AWS provider should validate if the region is known."
 }
 
+# variable "aws_access_key_id" {
+#   type        = string
+#   description = "AWS Key"
+# }
 
-variable "aws_access_key_id" {
-  type        = string
-  description = "AWS Key"
-}
-
-variable "aws_secret_access_key" {
-  type        = string
-  description = "AWS Secret"
-}
-
-variable "airgapped" {
-  type = map(string)
-  default = {
-    enabled  = false
-    repository = ""
-    cabundle = ""
-  }
-}
+# variable "aws_secret_access_key" {
+#   type        = string
+#   description = "AWS Secret"
+# }