diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 13cba5f79..b755be3e3 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -20,7 +20,6 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    # --- AWS Login & Push ---
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
@@ -32,7 +31,6 @@ jobs:
       id: login-ecr
       uses: aws-actions/amazon-ecr-login@v2
 
-
     - name: Build and push Backend to ECR
       if: steps.login-ecr.outcome == 'success'
       uses: docker/build-push-action@v5
@@ -53,7 +51,6 @@ jobs:
           ${{ steps.login-ecr.outputs.registry }}/devops-frontend:${{ github.sha }}
           ${{ steps.login-ecr.outputs.registry }}/devops-frontend:latest
 
-    # --- GCP Login & Push ---
     - name: Google Auth
       uses: google-github-actions/auth@v2
       with:
@@ -65,7 +62,7 @@ jobs:
       continue-on-error: true
 
     - name: Enable GCP Services
-      run: gcloud services enable artifactregistry.googleapis.com compute.googleapis.com secretmanager.googleapis.com
+      run: gcloud services enable artifactregistry.googleapis.com compute.googleapis.com secretmanager.googleapis.com run.googleapis.com
       continue-on-error: true
 
     - name: Configure Docker for GCP
@@ -100,16 +97,25 @@ jobs:
       
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
-        
-      - name: Create Backend Bucket
+
+      - name: Google Auth
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Create State Bucket
         run: |
-          gcloud storage buckets create gs://devops-assignment-tf-state --location=us-central1 || true
-        continue-on-error: true
+          gcloud storage buckets create gs://devops-assignment-tf-state --location=us-central1 2>/dev/null || echo "Bucket already exists"
 
       - name: Terraform Init GCP
         run: |
           cd terraform/gcp
           terraform init
+        env:
+          GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}
           
       - name: Terraform Apply GCP
         run: |
@@ -121,6 +127,13 @@ jobs:
           TF_VAR_database_secret: ${{ secrets.DATABASE_SECRET }}
           GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}
 
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
       - name: Terraform Init AWS
         run: |
           cd terraform/aws
@@ -136,4 +149,3 @@ jobs:
           TF_VAR_db_password: ${{ secrets.DB_PASSWORD }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
diff --git a/frontend/__tests__/__snapshots__/snapshot.test.js.snap b/frontend/__tests__/__snapshots__/snapshot.test.js.snap
index bd921250e..44257211b 100644
--- a/frontend/__tests__/__snapshots__/snapshot.test.js.snap
+++ b/frontend/__tests__/__snapshots__/snapshot.test.js.snap
@@ -1,55 +1,3 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`Home Snapshot matches snapshot 1`] = `
-<div>
-  <div
-    class="jsx-7beb89c88c7fe92c container"
-  >
-    <main
-      class="jsx-7beb89c88c7fe92c"
-    >
-      <h1
-        class="jsx-7beb89c88c7fe92c"
-      >
-        DevOps Assignment
-      </h1>
-      <div
-        class="jsx-7beb89c88c7fe92c status"
-      >
-        <p
-          class="jsx-7beb89c88c7fe92c"
-        >
-          Status: 
-          <span
-            class="jsx-7beb89c88c7fe92c error"
-          />
-        </p>
-      </div>
-      <div
-        class="jsx-7beb89c88c7fe92c message-box"
-      >
-        <h2
-          class="jsx-7beb89c88c7fe92c"
-        >
-          Backend Message:
-        </h2>
-        <p
-          class="jsx-7beb89c88c7fe92c"
-        >
-          Loading...
-        </p>
-      </div>
-      <div
-        class="jsx-7beb89c88c7fe92c info"
-      >
-        <p
-          class="jsx-7beb89c88c7fe92c"
-        >
-          Backend URL: 
-          http://localhost:8000
-        </p>
-      </div>
-    </main>
-  </div>
-</div>
-`;
+exports[`Home Snapshot matches snapshot (normalized) 1`] = `"<div class="jsx-HASH container"><main class="jsx-HASH"><h1 class="jsx-HASH">DevOps Assignment</h1><div class="jsx-HASH status"><p class="jsx-HASH">Status: <span class="jsx-HASH error"></span></p></div><div class="jsx-HASH message-box"><h2 class="jsx-HASH">Backend Message:</h2><p class="jsx-HASH">Loading...</p></div><div class="jsx-HASH info"><p class="jsx-HASH">Backend URL: http://localhost:8000</p></div></main></div>"`;
diff --git a/frontend/__tests__/snapshot.test.js b/frontend/__tests__/snapshot.test.js
index f0d7fc5d5..04f29577d 100644
--- a/frontend/__tests__/snapshot.test.js
+++ b/frontend/__tests__/snapshot.test.js
@@ -3,8 +3,10 @@ import Home from '../pages/index'
 import '@testing-library/jest-dom'
 
 describe('Home Snapshot', () => {
-  it('matches snapshot', () => {
+  it('matches snapshot (normalized)', () => {
     const { container } = render(<Home apiBaseUrl="http://localhost:8000" />)
-    expect(container).toMatchSnapshot()
+    // Normalize styled-jsx / CSS-module hashes (e.g. "jsx-abc123") to avoid flaky snapshots.
+    const normalizedHtml = container.innerHTML.replace(/jsx-[a-f0-9]+/g, 'jsx-HASH')
+    expect(normalizedHtml).toMatchSnapshot()
   })
 })
diff --git a/terraform/gcp/cloudrun.tf b/terraform/gcp/cloudrun.tf
index 7c34a99ac..25c1431b3 100644
--- a/terraform/gcp/cloudrun.tf
+++ b/terraform/gcp/cloudrun.tf
@@ -1,5 +1,5 @@
 resource "google_cloud_run_v2_service" "backend" {
-  name     = "devops-backend-v4"
+  name     = "devops-backend-v5"
   location = var.region
   ingress = "INGRESS_TRAFFIC_ALL"
 
@@ -28,7 +28,7 @@ resource "google_cloud_run_v2_service_iam_member" "backend_public" {
 }
 
 resource "google_cloud_run_v2_service" "frontend" {
-  name     = "devops-frontend-v4"
+  name     = "devops-frontend-v5"
   location = var.region
   ingress = "INGRESS_TRAFFIC_ALL"
 
diff --git a/terraform/gcp/secrets.tf b/terraform/gcp/secrets.tf
index bf0052d79..a7e535e88 100644
--- a/terraform/gcp/secrets.tf
+++ b/terraform/gcp/secrets.tf
@@ -1,5 +1,5 @@
 resource "google_secret_manager_secret" "app_secret" {
-  secret_id = "devops-app-secret-v4"
+  secret_id = "devops-app-secret-v5"
   replication {
     auto {}
   }
@@ -10,8 +10,7 @@ resource "google_secret_manager_secret_version" "app_secret_val" {
   secret_data = var.database_secret
 }
 
-# Grant access to Cloud Run service account (default compute SA for simplicity, or creating a new one is better)
-# For this assignment, we will assume default compute service account for Cloud Run
+# Grant access to Cloud Run service account
 data "google_compute_default_service_account" "default" {
 }