diff --git a/.crux_dry_run_build b/.crux_dry_run_build
new file mode 100644
index 0000000000..7256109b7e
--- /dev/null
+++ b/.crux_dry_run_build
@@ -0,0 +1,2 @@
+AUTOBUILD
+
diff --git a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml
index 002471fe6e..703d04150c 100644
--- a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml
+++ b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml
@@ -997,6 +997,29 @@ Resources:
       SecurityGroupIds:
         - !Ref InterfaceEndpointSecurityGroup
 
+  EC2Endpoint:
+    Type: 'AWS::EC2::VPCEndpoint'
+    Condition: isAppStream
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Sid: AllowPrefixListDescription
+            Effect: Allow
+            Principal: '*'
+            Action:
+              - 'ec2:DescribeManagedPrefixLists'
+              - 'ec2:DescribePrefixLists'
+            Resource: '*'
+      SubnetIds:
+        - !Ref PrivateWorkspaceSubnet
+      VpcEndpointType: Interface
+      PrivateDnsEnabled: true
+      ServiceName: !Sub 'com.amazonaws.${AWS::Region}.ec2'
+      VpcId: !Ref VPC
+      SecurityGroupIds:
+        - !Ref InterfaceEndpointSecurityGroup
+
   CfnEndpoint:
     Type: 'AWS::EC2::VPCEndpoint'
     Condition: isAppStream
diff --git a/addons/addon-base-raas/packages/base-raas-services/lib/plugins/roles-only-strategy-plugin.js b/addons/addon-base-raas/packages/base-raas-services/lib/plugins/roles-only-strategy-plugin.js
index a89370c363..99d2299ee6 100644
--- a/addons/addon-base-raas/packages/base-raas-services/lib/plugins/roles-only-strategy-plugin.js
+++ b/addons/addon-base-raas/packages/base-raas-services/lib/plugins/roles-only-strategy-plugin.js
@@ -38,15 +38,16 @@ async function onStudyRegistration(payload) {
   const studyEntityUpdated = await studyService.update(systemContext, { id: studyEntity.id, appRoleArn: appRole.arn });
 
   const vpcePolicyService = await container.find('roles-only/vpcePolicyService');
-  const ec2Client = await vpcePolicyService.getEc2ServiceForStudy(systemContext, studyEntity);
-
-  const { accountId, region } = studyEntity;
 
   // Dynamically add the BYOB fs role to the STS VPCE Policy
   const stsVpceId = await vpcePolicyService.getVpceIdFromStudy(systemContext, studyEntity, 'STS');
 
   // null means this is not appstream enabled therefore these steps can be skipped.
   if (stsVpceId !== null) {
+    const ec2Client = await vpcePolicyService.getEc2ServiceForStudy(systemContext, studyEntity);
+
+    const { accountId, region } = studyEntity;
+
     const roleArn = `arn:aws:iam::${accountId}:role/swb-*-fs-*`;
     await vpcePolicyService.addRoleToStsVpcePolicy(ec2Client, roleArn, stsVpceId, 'AllowAssumeRole');
 
diff --git a/main/cicd/cicd-pipeline/config/buildspec/buildspec-delay.yml b/main/cicd/cicd-pipeline/config/buildspec/buildspec-delay.yml
index ad66a7e2d5..a7c0e43aa6 100644
--- a/main/cicd/cicd-pipeline/config/buildspec/buildspec-delay.yml
+++ b/main/cicd/cicd-pipeline/config/buildspec/buildspec-delay.yml
@@ -4,7 +4,7 @@ phases:
   install:
     # See supported runtimes at https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
     runtime-versions:
-      nodejs: 12
+      nodejs: 14
 
   build:
     commands:
diff --git a/main/cicd/cicd-pipeline/config/buildspec/buildspec-int-tests.yml b/main/cicd/cicd-pipeline/config/buildspec/buildspec-int-tests.yml
index a0a2ca529f..a8ca9f1915 100644
--- a/main/cicd/cicd-pipeline/config/buildspec/buildspec-int-tests.yml
+++ b/main/cicd/cicd-pipeline/config/buildspec/buildspec-int-tests.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      nodejs: 12
+      nodejs: 14
 
   pre_build:
     commands:
diff --git a/main/cicd/cicd-pipeline/config/buildspec/buildspec-uninstall.yml b/main/cicd/cicd-pipeline/config/buildspec/buildspec-uninstall.yml
index 3d6852d501..02a3f9e6d1 100644
--- a/main/cicd/cicd-pipeline/config/buildspec/buildspec-uninstall.yml
+++ b/main/cicd/cicd-pipeline/config/buildspec/buildspec-uninstall.yml
@@ -4,7 +4,7 @@ phases:
   install:
     # See supported runtimes at https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
     runtime-versions:
-      nodejs: 12
+      nodejs: 14
 
   pre_build:
     commands:
diff --git a/main/cicd/cicd-pipeline/config/buildspec/buildspec.yml b/main/cicd/cicd-pipeline/config/buildspec/buildspec.yml
index 348d99824c..becfbaf84a 100644
--- a/main/cicd/cicd-pipeline/config/buildspec/buildspec.yml
+++ b/main/cicd/cicd-pipeline/config/buildspec/buildspec.yml
@@ -4,8 +4,7 @@ phases:
   install:
     # See supported runtimes at https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
     runtime-versions:
-      nodejs: 12
-      golang: 1.13
+      nodejs: 14
 
   pre_build:
     commands:
diff --git a/main/cicd/cicd-pipeline/config/infra/cloudformation.yml b/main/cicd/cicd-pipeline/config/infra/cloudformation.yml
index 53afb35a8b..ed7800bca1 100644
--- a/main/cicd/cicd-pipeline/config/infra/cloudformation.yml
+++ b/main/cicd/cicd-pipeline/config/infra/cloudformation.yml
@@ -815,7 +815,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -844,7 +844,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -871,7 +871,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -898,7 +898,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -926,7 +926,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -953,7 +953,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
       ServiceRole: !GetAtt AppDeployerRole.Arn
       QueuedTimeoutInMinutes: 180
       TimeoutInMinutes: 90
diff --git a/scripts/app-stream/start-image-builder.js b/scripts/app-stream/start-image-builder.js
index 4fb45ce5bb..1611c3323b 100644
--- a/scripts/app-stream/start-image-builder.js
+++ b/scripts/app-stream/start-image-builder.js
@@ -23,7 +23,7 @@ const StartImageBuilder = class StartImageBuilder {
     this.imageBuilderName = `SWBImageBuilder-${Date.now()}`;
     this.imageName =
       imageName === "default"
-        ? "AppStream-WinServer2019-07-12-2022"
+        ? "AppStream-WinServer2019-06-12-2023"
         : imageName;
     this.imageSize =
       imageSize === "default" ? "stream.standard.medium" : imageSize;