diff --git a/assets/packer/perforce/helix-core/p4_configure.sh b/assets/packer/perforce/helix-core/p4_configure.sh
index e307ded..95c5a44 100644
--- a/assets/packer/perforce/helix-core/p4_configure.sh
+++ b/assets/packer/perforce/helix-core/p4_configure.sh
@@ -126,10 +126,10 @@ prepare_site_tags() {
 set_unicode() {
     log_message "Setting unicode flag for p4d."
     log_message "sourcing p4_vars"
-    
+
     # Capture the command output
     output=$(su - perforce -c "source /p4/common/bin/p4_vars && /p4/common/bin/p4d -xi" 2>&1)
-    
+
     # Check if the output matches exactly what we expect
     if [ "$output" = "Server switched to Unicode mode." ]; then
         log_message "Successfully switched server to Unicode mode"
@@ -164,11 +164,12 @@ print_help() {
     echo "  --case_sensitive <0/1>   Set the case sensitivity of the Helix Core server"
     echo "  --unicode <true/false>   Set the Helix Core Server with -xi flag for Unicode"
     echo "  --selinux <true/false>   Update labels for SELinux"
+    echo "  --plaintext <true/false> Remove the SSL prefix and do not create self signed certificate"
     echo "  --help                   Display this help and exit"
 }
 
 # Parse command-line options
-OPTS=$(getopt -o '' --long p4d_type:,username:,password:,auth:,fqdn:,hx_logs:,hx_metadata:,hx_depots:,case_sensitive:,unicode:,selinux:,help -n 'parse-options' -- "$@")
+OPTS=$(getopt -o '' --long p4d_type:,username:,password:,auth:,fqdn:,hx_logs:,hx_metadata:,hx_depots:,case_sensitive:,unicode:,selinux:,plaintext:,help -n 'parse-options' -- "$@")
 
 if [ $? != 0 ]; then
     log_message "Failed to parse options"
@@ -248,6 +249,16 @@ while true; do
                 exit 1
             fi
             ;;
+        --plaintext)
+            if [ "${2,,}" = "true" ] || [ "${2,,}" = "false" ]; then
+                PLAINTEXT="$2"
+                log_message "PLAINTEXT: $PLAINTEXT"
+                shift 2
+            else
+                log_message "Error: --plaintext flag must be either 'true' or 'false'"
+                exit 1
+            fi
+            ;;
         --help)
             print_help
             exit 0
@@ -407,10 +418,18 @@ sed -i "s/^P4MASTERHOST=.*/P4MASTERHOST=$EC2_DNS_PRIVATE/" "$SDP_Setup_Script_Co
 log_message "Updated P4MASTERHOST to $EC2_DNS_PRIVATE in $SDP_Setup_Script_Config."
 
 # Update Perforce case_sensitivity in configuration
-sed -i "s/^CASE_SENSITIVE=.*/CASE_SENSITIVE=CASE_SENSITIVE/" "$SDP_Setup_Script_Config"
+sed -i "s/^CASE_SENSITIVE=.*/CASE_SENSITIVE=$CASE_SENSITIVE/" "$SDP_Setup_Script_Config"
 
 log_message "Updated CASE_SENSITIVE in $SDP_Setup_Script_Config."
 
+# Update SSL prefix in configuration if plaintext is true
+if [ "${PLAINTEXT,,}" = "true" ]; then
+  sed -i "s/^SSL_PREFIX=.*/SSL_PREFIX=/" "$SDP_Setup_Script_Config"
+  log_message "SSL_PREFIX removed from $SDP_Setup_Script_Config. Server will be configured to use plaintext."
+else
+  log_message "Skipping SSL_PREFIX removal from $SDP_Setup_Script_Config. Server will be configured to use SSL."
+fi
+
 log_message "Mounting done ok - continue to the install"
 
 # Execute mkdirs.sh from the package
@@ -421,37 +440,32 @@ else
   log_message "Setup script (mkdirs.sh) not found or P4D Type: $P4D_TYPE not provided."
 fi
 
-# update cert config with ec2 DNS name
-FILE_PATH="/p4/ssl/config.txt"
-
-# Retrieve the EC2 instance DNS name
-if [ -z $FQDN ]; then
-  log_message "FQDN was not provided. Retrieving from EC2 metadata."
-  EC2_DNS_NAME=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname --header "X-aws-ec2-metadata-token: $TOKEN")
-else
-  log_message "FQDN was provided: $FQDN"
-  EC2_DNS_NAME=$FQDN
-fi
+I=1
 
-# Check if the DNS name was successfully retrieved
-if [ -z "$EC2_DNS_NAME" ]; then
-  echo "Failed to retrieve EC2 instance DNS name."
-  exit 1
-fi
+# Create self signed certificate if plaintext is false
+if [ "${PLAINTEXT,,}" = "false" ]; then
+  log_message "Generating self signed certificate"
+  # update cert config with ec2 DNS name
+  FILE_PATH="/p4/ssl/config.txt"
 
-# Replace REPL_DNSNAME with the EC2 instance DNS name for ssl certificate generation
-sed -i "s/REPL_DNSNAME/$EC2_DNS_NAME/" "$FILE_PATH"
+  # Check if the DNS name was successfully retrieved
+  if [ -z "$EC2_DNS_NAME" ]; then
+    log_message "Failed to retrieve EC2 instance DNS name."
+    exit 1
+  fi
 
-echo "File updated successfully."
+  # Replace REPL_DNSNAME with the EC2 instance DNS name for ssl certificate generation
+  sed -i "s/REPL_DNSNAME/$EC2_DNS_NAME/" "$FILE_PATH"
 
-I=1
-# generate certificate
+  echo "File updated successfully."
 
-/p4/common/bin/p4master_run ${I} /p4/${I}/bin/p4d_${I} -Gc
+  # generate certificate
+  /p4/common/bin/p4master_run ${I} /p4/${I}/bin/p4d_${I} -Gc
+else
+  log_message "Skipping self signed certificate generation due to --plaintext true"
+fi
 
 # Configure systemd service to start p4d
-
-
 cd /etc/systemd/system
 sed -e "s:__INSTANCE__:$I:g" -e "s:__OSUSER__:perforce:g" $SDP/Server/Unix/p4/common/etc/systemd/system/p4d_N.service.t > p4d_${I}.service
 chmod 644 p4d_${I}.service
@@ -470,19 +484,23 @@ systemctl start p4d_1
 # Wait for the p4d service to start before continuing
 wait_for_service "p4d_1"
 
-P4PORT=ssl:1666
+# Set P4PORT depending on plaintext variable
+if [ "${PLAINTEXT,,}" = "true" ]; then
+  P4PORT=:1666
+else
+  P4PORT=ssl:1666
+fi
+
 P4USER=$P4D_ADMIN_USERNAME
 
 #probably need to copy p4 binary to the /usr/bin or add to the path variable to avoid running with a full path adding:
 #permissions for lal users:
 
-
 chmod +x /hxdepots/sdp/helix_binaries/p4
 ln -s $SDP_Client_Binary /usr/bin/p4
 
-# now can test:
-p4 -p ssl:$HOSTNAME:1666 trust -y
-
+# now can test depending on plaintext
+p4 -p $P4PORT -u $P4USER info
 
 # Execute new server setup from the extracted package
 if [ -f "$SDP_New_Server_Script" ]; then
@@ -492,8 +510,6 @@ else
   echo "Setup script (configure_new_server.sh) not found."
 fi
 
-
-
 # create a live checkpoint and restore offline db
 # switching to user perforce
 
diff --git a/docs/media/diagrams/perforce_complete_example.drawio b/docs/media/diagrams/perforce_complete_example.drawio
new file mode 100644
index 0000000..5459899
--- /dev/null
+++ b/docs/media/diagrams/perforce_complete_example.drawio
@@ -0,0 +1,103 @@
+<mxfile host="Electron" modified="2024-12-12T23:19:31.827Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/22.0.2 Chrome/114.0.5735.289 Electron/25.8.4 Safari/537.36" etag="BnUOjSSJ1oD5UVPat3Zl" version="22.0.2" type="device">
+  <diagram name="Page-1" id="q_XiVphevz-c0kLlP5f9">
+    <mxGraphModel dx="1103" dy="698" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1654" pageHeight="1169" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-1" value="Perforce VPC" style="points=[[0,0],[0.25,0],[0.5,0],[0.75,0],[1,0],[1,0.25],[1,0.5],[1,0.75],[1,1],[0.75,1],[0.5,1],[0.25,1],[0,1],[0,0.75],[0,0.5],[0,0.25]];outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_vpc;strokeColor=#248814;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#AAB7B8;dashed=0;" vertex="1" parent="1">
+          <mxGeometry x="480" y="240" width="880" height="560" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-2" value="Private Subnet 1" style="points=[[0,0],[0.25,0],[0.5,0],[0.75,0],[1,0],[1,0.25],[1,0.5],[1,0.75],[1,1],[0.75,1],[0.5,1],[0.25,1],[0,1],[0,0.75],[0,0.5],[0,0.25]];outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_security_group;grStroke=0;strokeColor=#147EBA;fillColor=#E6F2F8;verticalAlign=top;align=left;spacingLeft=30;fontColor=#147EBA;dashed=0;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="40" y="280" width="320" height="170" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-6" value="Helix Core" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#ED7100;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.ec2_c7g_instance;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-2">
+          <mxGeometry x="240" y="61" width="48" height="48" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-43" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="z3quKmZYuvxo1gOoUY7u-2" source="z3quKmZYuvxo1gOoUY7u-16" target="z3quKmZYuvxo1gOoUY7u-6">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-16" value="Helix Swarm" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#ED7100;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.ecs_service;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-2">
+          <mxGeometry x="70" y="31.5" width="31.69" height="39" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-20" value="Helix Authentication Service" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#ED7100;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.ecs_service;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-2">
+          <mxGeometry x="70" y="99.5" width="31.69" height="39" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-11" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://plugins.jetbrains.com/files/69/372238/icon/pluginIcon.png;clipPath=inset(0% 18% 0% 17.33%);" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-2">
+          <mxGeometry x="248.24" y="68.75" width="31.53" height="32.5" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-3" value="Private Subnet 2" style="points=[[0,0],[0.25,0],[0.5,0],[0.75,0],[1,0],[1,0.25],[1,0.5],[1,0.75],[1,1],[0.75,1],[0.5,1],[0.25,1],[0,1],[0,0.75],[0,0.5],[0,0.25]];outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_security_group;grStroke=0;strokeColor=#147EBA;fillColor=#E6F2F8;verticalAlign=top;align=left;spacingLeft=30;fontColor=#147EBA;dashed=0;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="400" y="280" width="320" height="170" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-21" value="Helix Swarm" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#ED7100;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.ecs_service;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-3">
+          <mxGeometry x="220" y="26" width="31.69" height="39" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-22" value="Helix Authentication Service" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#ED7100;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.ecs_service;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-3">
+          <mxGeometry x="220" y="99.5" width="31.69" height="39" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-35" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="z3quKmZYuvxo1gOoUY7u-3" source="z3quKmZYuvxo1gOoUY7u-28" target="z3quKmZYuvxo1gOoUY7u-21">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-36" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="z3quKmZYuvxo1gOoUY7u-3" source="z3quKmZYuvxo1gOoUY7u-28" target="z3quKmZYuvxo1gOoUY7u-22">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-28" value="Perforce ALB" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#8C4FFF;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.application_load_balancer;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-3">
+          <mxGeometry x="60" y="65" width="40" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-4" value="Public Subnet 1" style="points=[[0,0],[0.25,0],[0.5,0],[0.75,0],[1,0],[1,0.25],[1,0.5],[1,0.75],[1,1],[0.75,1],[0.5,1],[0.25,1],[0,1],[0,0.75],[0,0.5],[0,0.25]];outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_security_group;grStroke=0;strokeColor=#248814;fillColor=#E9F3E6;verticalAlign=top;align=left;spacingLeft=30;fontColor=#248814;dashed=0;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="40" y="80" width="320" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-37" value="Perforce NLB" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#8C4FFF;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.network_load_balancer;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-4">
+          <mxGeometry x="90" y="39" width="39" height="39" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-5" value="Public Subnet 2" style="points=[[0,0],[0.25,0],[0.5,0],[0.75,0],[1,0],[1,0.25],[1,0.5],[1,0.75],[1,1],[0.75,1],[0.5,1],[0.25,1],[0,1],[0,0.75],[0,0.5],[0,0.25]];outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;container=1;pointerEvents=0;collapsible=0;recursiveResize=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_security_group;grStroke=0;strokeColor=#248814;fillColor=#E9F3E6;verticalAlign=top;align=left;spacingLeft=30;fontColor=#248814;dashed=0;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="400" y="80" width="320" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-44" value="Perforce NLB" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#8C4FFF;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.network_load_balancer;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-5">
+          <mxGeometry x="140.5" y="39" width="39" height="39" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-15" value="AWS Fargate" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#ED7100;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.fargate;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="350" y="470" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-34" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="z3quKmZYuvxo1gOoUY7u-1" source="z3quKmZYuvxo1gOoUY7u-6" target="z3quKmZYuvxo1gOoUY7u-28">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-38" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="z3quKmZYuvxo1gOoUY7u-1" source="z3quKmZYuvxo1gOoUY7u-37" target="z3quKmZYuvxo1gOoUY7u-6">
+          <mxGeometry relative="1" as="geometry">
+            <Array as="points">
+              <mxPoint x="380" y="138" />
+              <mxPoint x="380" y="240" />
+              <mxPoint x="304" y="240" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-41" value="perforce.example.com" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="z3quKmZYuvxo1gOoUY7u-38">
+          <mxGeometry x="0.3939" relative="1" as="geometry">
+            <mxPoint x="-47" y="-10" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-39" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="z3quKmZYuvxo1gOoUY7u-1" source="z3quKmZYuvxo1gOoUY7u-37" target="z3quKmZYuvxo1gOoUY7u-28">
+          <mxGeometry relative="1" as="geometry">
+            <Array as="points">
+              <mxPoint x="380" y="138" />
+              <mxPoint x="380" y="365" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-40" value="swarm.perforce.example.com&lt;br&gt;auth.perforce.example.com" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="z3quKmZYuvxo1gOoUY7u-39">
+          <mxGeometry x="-0.679" y="-1" relative="1" as="geometry">
+            <mxPoint x="9" y="-20" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-45" value="Amazon Route 53" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#8C4FFF;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.route_53;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="460" y="470" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-46" value="AWS Secrets Manager" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.secrets_manager;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="770" y="170" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="z3quKmZYuvxo1gOoUY7u-47" value="AWS Certificate Manager" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.certificate_manager_3;" vertex="1" parent="z3quKmZYuvxo1gOoUY7u-1">
+          <mxGeometry x="770" y="270" width="60" height="60" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>
diff --git a/docs/media/images/perforce-complete-example.png b/docs/media/images/perforce-complete-example.png
new file mode 100644
index 0000000..65c03b0
Binary files /dev/null and b/docs/media/images/perforce-complete-example.png differ
diff --git a/docs/modules/perforce/examples/complete.md b/docs/modules/perforce/examples/complete.md
index c40b6c4..e27e5ce 100644
--- a/docs/modules/perforce/examples/complete.md
+++ b/docs/modules/perforce/examples/complete.md
@@ -5,14 +5,70 @@ description: Automated deployment of Helix Core, Helix Swarm, and Helix Authenti
 
 # Perforce Complete Example
 
-This example provisions [Helix Core](https://www.perforce.com/products/helix-core), [Helix Swarm](https://www.perforce.com/products/helix-swarm), and the [Helix Authentication Service](https://www.perforce.com/downloads/helix-authentication-service). It also configures security groups for each of these modules to allow inter-service communication. This example takes a single input variable:`root_domain_name` is expected to correspond to an existing [AWS Route53 hosted zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-concepts.html#route-53-concepts-hosted-zone). This hosted zone is used for provisioning DNS records used for external and internal routing, and enables this example to create validated SSL certificates on your behalf.
+This complete example configuration deploys [**Perforce Helix Core**](https://www.perforce.com/products/helix-core),
+[**Perforce Helix Swarm**](https://www.perforce.com/products/helix-swarm), and [**Perforce
+Helix Authentication Service**](https://www.perforce.com/downloads/helix-authentication-service) into a new Virtual
+Private Cloud. It is designed to be used as a starting point for
+your Perforce Helix Core deployment.
 
-If you do not have a domain yet you can [register one through Route53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html#domain-register-procedure-section).
+## Architecture
 
-If you already have a domain with a different domain registrar you can leverage Route53 for DNS services. [Please review the documentation for migrating to Route53 as your DNS provider.](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html)
+![Perforce Example Architecture](../../../media/images/perforce-complete-example.png)
 
-If you own the domain: "example.com" this example will deploy Helix Core to "core.helix.example.com" and Helix Swarm to "swarm.helix.example.com" - this can be modified from the `dns.tf` file.
+## Deployment
 
-## Deployment Architecture
+This example configuration can be used out of the box and takes only a single variable: `root_domain_name` corresponds
+to the fully qualified domain name of an existing public hosted zone in the AWS account where you are deploying this
+reference architecture. The deployment steps below will get you up and running.
 
-![Perforce Example Architecture](../../../media/images/perforce-complete-example.jpg)
+1. You will need the Cloud Game Development Toolkit's Perforce Helix Core Amazon Machine Image. This Amazon Machine
+   Image (AMI) can be built using
+   our [provided Packer template](../../../assets/packer/helix-core.md).
+   This example uses the ARM64 version of this AMI, and
+   leverages Amazon Graviton for the Helix Core instance. Follow our documentation for provisioning this AMI in your AWS
+   account.
+2. Next, you will need to ensure you have an [Amazon Route 53](https://aws.amazon.com/route53/) hosted zone created in
+   your account for a domain name
+   that you already own. This example configuration creates DNS records and a private hosted zone for you, but this
+   pre-requisite hosted zone is necessary for certificate creation. If you do not wish to use the provided DNS resources
+   you will need to customize this example.
+3. Once you have completed these pre-requisites you are ready to deploy the infrastructure:
+
+    ```shell
+    terraform apply -var "root_domain_name=<YOUR ROOT HOSTED ZONE NAME>"
+    ```
+
+4. Review the plan provided by the above command. When you are ready to deploy you can confirm by typing "yes" on the
+   command line. Terraform will take a few minutes to provision everything. When it completes, you are ready to proceed
+   with testing.
+5. By default, none of the deployed resources are available on the public internet. This is to prevent unintended
+   security violations. You can update the security group for the Perforce Network Load balancer through the console, or
+   add the following rules to the example configuration in [
+   `security.tf`](https://github.com/aws-games/cloud-game-development-toolkit/blob/main/modules/perforce/examples/complete/security.tf):
+
+    ```terraform
+   # Grants access on HTTPS port for Helix Swarm and Helix Authentication
+   resource "aws_vpc_security_group_ingress_rule" "private_perforce_https_ingress" {
+      security_group_id = aws_security_group.perforce_network_load_balancer.id
+      description = "Enables private access to Perforce web services."
+      from_port = 443
+      to_port = 443
+      ip_protocol = "TCP"
+      cidr_ipv4 = "<YOUR IP>/32"
+   }
+
+   # Grants access on Helix Core port
+   resource "aws_vpc_security_group_ingress_rule" "private_perforce_https_ingress" {
+      security_group_id = aws_security_group.perforce_network_load_balancer.id
+      description = "Enables private access to Perforce Helix Core."
+      from_port = 1666
+      to_port = 1666
+      ip_protocol = "TCP"
+      cidr_ipv4 = "<YOUR IP>/32"
+
+   }
+    ```
+6. You should now have access to your deployed resources. The URLs for Helix Swarm and Helix Authentication Service are
+   provided as Terraform outputs and should be visible in your console after a successful deployment. The connection
+   string for Helix Core is also provided as an output. Use the Helix Core CLI or the P4V application to connect to your
+   Helix Core server.
diff --git a/modules/perforce/examples/complete/dns.tf b/modules/perforce/examples/complete/dns.tf
index a3d9a10..02fa1c6 100644
--- a/modules/perforce/examples/complete/dns.tf
+++ b/modules/perforce/examples/complete/dns.tf
@@ -1,4 +1,3 @@
-
 ##########################################
 # Route53 Hosted Zone for FQDN
 ##########################################
@@ -8,10 +7,10 @@ data "aws_route53_zone" "root" {
 }
 
 ##########################################
-# Perforce Helix DNS
+# Perforce DNS
 ##########################################
-resource "aws_route53_zone" "helix_private_zone" {
-  name = "helix.perforce.internal"
+resource "aws_route53_zone" "perforce_private_hosted_zone" {
+  name = "perforce.${data.aws_route53_zone.root.name}"
   #checkov:skip=CKV2_AWS_38: Hosted zone is private (vpc association)
   #checkov:skip=CKV2_AWS_39: Query logging disabled by design
   vpc {
@@ -19,54 +18,57 @@ resource "aws_route53_zone" "helix_private_zone" {
   }
 }
 
-
-resource "aws_route53_record" "helix_swarm" {
+# Route all external web service traffic to the NLB
+resource "aws_route53_record" "external_perforce_web_services" {
   zone_id = data.aws_route53_zone.root.id
-  name    = "swarm.helix.${data.aws_route53_zone.root.name}"
+  name    = "*.perforce.${data.aws_route53_zone.root.name}"
   type    = "A"
   alias {
-    name                   = module.perforce_helix_swarm.alb_dns_name
-    zone_id                = module.perforce_helix_swarm.alb_zone_id
+    name                   = aws_lb.perforce.dns_name
+    zone_id                = aws_lb.perforce.zone_id
     evaluate_target_health = true
   }
 }
 
-resource "aws_route53_record" "helix_authentication_service" {
-  zone_id = data.aws_route53_zone.root.zone_id
-  name    = "auth.helix.${data.aws_route53_zone.root.name}"
+# Route all internal web service traffic to the ALB
+resource "aws_route53_record" "internal_perforce_web_services" {
+  zone_id = aws_route53_zone.perforce_private_hosted_zone.id
+  name    = "*.${aws_route53_zone.perforce_private_hosted_zone.name}"
   type    = "A"
   alias {
-    name                   = module.perforce_helix_authentication_service.alb_dns_name
-    zone_id                = module.perforce_helix_authentication_service.alb_zone_id
+    name                   = aws_lb.perforce_web_services.dns_name
+    zone_id                = aws_lb.perforce_web_services.zone_id
     evaluate_target_health = true
   }
 }
 
-resource "aws_route53_record" "perforce_helix_core" {
+# Route all external Helix Core traffic to the NLB
+resource "aws_route53_record" "external_helix_core" {
   zone_id = data.aws_route53_zone.root.zone_id
-  name    = "core.helix.${data.aws_route53_zone.root.name}"
+  name    = "perforce.${data.aws_route53_zone.root.name}"
   type    = "A"
-  ttl     = 300
-  #checkov:skip=CKV2_AWS_23:The attached resource is managed by CGD Toolkit
-  records = [module.perforce_helix_core.helix_core_eip_public_ip]
+  alias {
+    name                   = aws_lb.perforce.dns_name
+    zone_id                = aws_lb.perforce.zone_id
+    evaluate_target_health = true
+  }
 }
 
-resource "aws_route53_record" "perforce_helix_core_pvt" {
-  zone_id = aws_route53_zone.helix_private_zone.zone_id
-  name    = "core.${aws_route53_zone.helix_private_zone.name}"
+# Route all internal Helix Core traffic to the instance
+resource "aws_route53_record" "internal_helix_core" {
+  zone_id = aws_route53_zone.perforce_private_hosted_zone.zone_id
+  name    = aws_route53_zone.perforce_private_hosted_zone.name
   type    = "A"
+  records = [module.perforce_helix_core.helix_core_private_ip]
   ttl     = 300
-  #checkov:skip=CKV2_AWS_23:The attached resource is managed by CGD Toolkit
-  records = [module.perforce_helix_core.helix_core_eip_private_ip]
 }
 
 ##########################################
 # Helix Certificate Management
 ##########################################
-
-resource "aws_acm_certificate" "helix" {
-  domain_name               = "helix.${var.root_domain_name}"
-  subject_alternative_names = ["*.helix.${var.root_domain_name}"]
+resource "aws_acm_certificate" "perforce" {
+  domain_name               = "perforce.${var.root_domain_name}"
+  subject_alternative_names = ["*.perforce.${var.root_domain_name}"]
 
   validation_method = "DNS"
 
@@ -79,9 +81,9 @@ resource "aws_acm_certificate" "helix" {
   }
 }
 
-resource "aws_route53_record" "helix_cert" {
+resource "aws_route53_record" "perforce_cert" {
   for_each = {
-    for dvo in aws_acm_certificate.helix.domain_validation_options : dvo.domain_name => {
+    for dvo in aws_acm_certificate.perforce.domain_validation_options : dvo.domain_name => {
       name   = dvo.resource_record_name
       record = dvo.resource_record_value
       type   = dvo.resource_record_type
@@ -96,10 +98,10 @@ resource "aws_route53_record" "helix_cert" {
   zone_id         = data.aws_route53_zone.root.id
 }
 
-resource "aws_acm_certificate_validation" "helix" {
+resource "aws_acm_certificate_validation" "perforce" {
   timeouts {
     create = "15m"
   }
-  certificate_arn         = aws_acm_certificate.helix.arn
-  validation_record_fqdns = [for record in aws_route53_record.helix_cert : record.fqdn]
+  certificate_arn         = aws_acm_certificate.perforce.arn
+  validation_record_fqdns = [for record in aws_route53_record.perforce_cert : record.fqdn]
 }
diff --git a/modules/perforce/examples/complete/main.tf b/modules/perforce/examples/complete/main.tf
index 674c516..556a051 100644
--- a/modules/perforce/examples/complete/main.tf
+++ b/modules/perforce/examples/complete/main.tf
@@ -28,21 +28,27 @@ resource "aws_ecs_cluster_capacity_providers" "providers" {
 ##########################################
 
 module "perforce_helix_core" {
-  source                = "../../helix-core"
-  vpc_id                = aws_vpc.perforce_vpc.id
-  server_type           = "p4d_commit"
-  instance_subnet_id    = aws_subnet.public_subnets[0].id
-  instance_type         = "c6g.large"
-  instance_architecture = "arm64"
-
-  storage_type         = "EBS"
-  depot_volume_size    = 64
-  metadata_volume_size = 32
-  logs_volume_size     = 32
+  source = "../../helix-core"
 
+  # Networking
+  vpc_id                      = aws_vpc.perforce_vpc.id
+  instance_subnet_id          = aws_subnet.private_subnets[0].id
+  internal                    = true
   fully_qualified_domain_name = "core.helix.perforce.${var.root_domain_name}"
 
-  helix_authentication_service_url = "https://${aws_route53_record.helix_authentication_service.name}"
+
+  # Compute and Storage
+  instance_type         = "c8g.large"
+  instance_architecture = "arm64"
+  storage_type          = "EBS"
+  depot_volume_size     = 64
+  metadata_volume_size  = 32
+  logs_volume_size      = 32
+
+  # Configuration
+  plaintext                        = true # We will use the Perforce NLB to handle TLS termination
+  server_type                      = "p4d_commit"
+  helix_authentication_service_url = "https://auth.${aws_route53_zone.perforce_private_hosted_zone.name}"
 }
 
 ##########################################
@@ -50,39 +56,179 @@ module "perforce_helix_core" {
 ##########################################
 
 module "perforce_helix_authentication_service" {
-  source                                   = "../../helix-authentication-service"
-  vpc_id                                   = aws_vpc.perforce_vpc.id
-  cluster_name                             = aws_ecs_cluster.perforce_cluster.name
-  helix_authentication_service_alb_subnets = aws_subnet.public_subnets[*].id
-  helix_authentication_service_subnets     = aws_subnet.private_subnets[*].id
-  certificate_arn                          = aws_acm_certificate.helix.arn
+  source = "../../helix-authentication-service"
+
+  # Networking
+  vpc_id                               = aws_vpc.perforce_vpc.id
+  create_application_load_balancer     = false # Shared Perforce web services application load balancer
+  helix_authentication_service_subnets = aws_subnet.private_subnets[*].id
+  fully_qualified_domain_name          = "auth.perforce.${var.root_domain_name}"
 
+  # Compute
+  cluster_name = aws_ecs_cluster.perforce_cluster.name
+
+  # Configuration
   enable_web_based_administration = true
-  fully_qualified_domain_name     = "auth.helix.${var.root_domain_name}"
 
-  depends_on = [aws_ecs_cluster.perforce_cluster, aws_acm_certificate_validation.helix]
+  depends_on = [aws_ecs_cluster.perforce_cluster]
 }
 
 ##########################################
 # Perforce Helix Swarm
 ##########################################
-
 module "perforce_helix_swarm" {
-  source                      = "../../helix-swarm"
-  vpc_id                      = aws_vpc.perforce_vpc.id
-  cluster_name                = aws_ecs_cluster.perforce_cluster.name
-  helix_swarm_alb_subnets     = aws_subnet.public_subnets[*].id
-  helix_swarm_service_subnets = aws_subnet.private_subnets[*].id
-  certificate_arn             = aws_acm_certificate.helix.arn
-  p4d_port                    = "ssl:${aws_route53_record.perforce_helix_core_pvt.name}:1666"
+  source = "../../helix-swarm"
+
+  # Networking
+  vpc_id                           = aws_vpc.perforce_vpc.id
+  create_application_load_balancer = false # Shared Perforce web services application load balancer
+  helix_swarm_service_subnets      = aws_subnet.private_subnets[*].id
+  fully_qualified_domain_name      = "swarm.perforce.${var.root_domain_name}"
+
+  # Compute
+  cluster_name = aws_ecs_cluster.perforce_cluster.name
+
+  # Configuration
+  p4d_port                    = "${aws_route53_record.internal_helix_core.name}:1666"
   p4d_super_user_arn          = module.perforce_helix_core.helix_core_super_user_username_secret_arn
   p4d_super_user_password_arn = module.perforce_helix_core.helix_core_super_user_password_secret_arn
   p4d_swarm_user_arn          = module.perforce_helix_core.helix_core_super_user_username_secret_arn
   p4d_swarm_password_arn      = module.perforce_helix_core.helix_core_super_user_password_secret_arn
+  enable_sso                  = true
+
+  depends_on = [aws_ecs_cluster.perforce_cluster]
+}
+
+##########################################
+# Perforce Network Load Balancer
+##########################################
+resource "aws_lb" "perforce" {
+  name                             = "perforce"
+  load_balancer_type               = "network"
+  subnets                          = aws_subnet.public_subnets[*].id
+  security_groups                  = [aws_security_group.perforce_network_load_balancer.id]
+  drop_invalid_header_fields       = true
+  enable_cross_zone_load_balancing = true
+  #checkov:skip=CKV_AWS_91: Access logging not required for example deployment
+  #checkov:skip=CKV_AWS_150: Load balancer deletion protection disabled for example deployment
+}
 
-  enable_sso = true
+###################################################
+# Perforce Web Services Application Load Balancer
+###################################################
+resource "aws_lb" "perforce_web_services" {
+  name                       = "perforce-web-services"
+  load_balancer_type         = "application"
+  subnets                    = aws_subnet.private_subnets[*].id
+  internal                   = true
+  security_groups            = [aws_security_group.perforce_web_services_alb.id]
+  drop_invalid_header_fields = true
+  #checkov:skip=CKV_AWS_91: Access logging not required for example deployment
+  #checkov:skip=CKV_AWS_150: Load balancer deletion protection disabled for example deployment
+}
 
-  fully_qualified_domain_name = "swarm.helix.${var.root_domain_name}"
+##########################################
+# Helix Core Target Group
+##########################################
+resource "aws_lb_target_group" "helix_core" {
+  name        = "helix-core"
+  target_type = "instance"
+  port        = 1666
+  protocol    = "TCP"
+  vpc_id      = aws_vpc.perforce_vpc.id
+}
 
-  depends_on = [aws_ecs_cluster.perforce_cluster, aws_acm_certificate_validation.helix]
+resource "aws_lb_target_group_attachment" "helix_core" {
+  target_group_arn = aws_lb_target_group.helix_core.arn
+  target_id        = module.perforce_helix_core.helix_core_instance_id
+  port             = 1666
+}
+
+##########################################
+# Web Services Target Group
+##########################################
+resource "aws_lb_target_group" "perforce_web_services" {
+  name        = "perforce-web-services"
+  target_type = "alb"
+  port        = 443
+  protocol    = "TCP"
+  vpc_id      = aws_vpc.perforce_vpc.id
+}
+
+# Default rule redirects to Helix Swarm
+resource "aws_lb_listener" "perforce_web_services" {
+  load_balancer_arn = aws_lb.perforce_web_services.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  certificate_arn   = aws_acm_certificate_validation.perforce.certificate_arn
+
+  default_action {
+    type = "redirect"
+    redirect {
+      host        = "swarm.perforce.${var.root_domain_name}"
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+# Helix Swarm listener rule
+resource "aws_lb_listener_rule" "perforce_helix_swarm" {
+  listener_arn = aws_lb_listener.perforce_web_services.arn
+  priority     = 100
+  action {
+    type             = "forward"
+    target_group_arn = module.perforce_helix_swarm.target_group_arn
+  }
+  condition {
+    host_header {
+      values = ["swarm.perforce.${var.root_domain_name}"]
+    }
+  }
+}
+
+# Helix Authentication Service listener rule
+resource "aws_lb_listener_rule" "perforce_helix_authentication_service" {
+  listener_arn = aws_lb_listener.perforce_web_services.arn
+  priority     = 200
+  action {
+    type             = "forward"
+    target_group_arn = module.perforce_helix_authentication_service.target_group_arn
+  }
+  condition {
+    host_header {
+      values = ["auth.perforce.${var.root_domain_name}"]
+    }
+  }
+}
+
+##########################################
+# Helix Core Listener
+##########################################
+resource "aws_lb_listener" "helix_core" {
+  load_balancer_arn = aws_lb.perforce.arn
+  port              = 1666
+  protocol          = "TLS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  certificate_arn   = aws_acm_certificate_validation.perforce.certificate_arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.helix_core.arn
+  }
+}
+
+##########################################
+# Perforce Web Services Listener
+##########################################
+resource "aws_lb_listener" "perforce_web_services_alb" {
+  load_balancer_arn = aws_lb.perforce.arn
+  port              = 443
+  protocol          = "TCP"
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.perforce_web_services.arn
+  }
 }
diff --git a/modules/perforce/examples/complete/outputs.tf b/modules/perforce/examples/complete/outputs.tf
new file mode 100644
index 0000000..84c0c2b
--- /dev/null
+++ b/modules/perforce/examples/complete/outputs.tf
@@ -0,0 +1,14 @@
+output "helix_core_connection_string" {
+  value       = "ssl:perforce.${var.root_domain_name}:1666"
+  description = "The connection string for the Helix Core server. Set your P4PORT environment variable to this value."
+}
+
+output "helix_swarm_url" {
+  value       = "https://swarm.perforce.${var.root_domain_name}"
+  description = "The URL for the Helix Swarm server."
+}
+
+output "helix_authentication_service_admin_url" {
+  value       = "https://auth.perforce.${var.root_domain_name}/admin"
+  description = "The URL for the Helix Authentication Service admin page."
+}
diff --git a/modules/perforce/examples/complete/security.tf b/modules/perforce/examples/complete/security.tf
index a682b04..b76f4ae 100644
--- a/modules/perforce/examples/complete/security.tf
+++ b/modules/perforce/examples/complete/security.tf
@@ -1,33 +1,131 @@
 ##########################################
-# Internal Access - service to service
+# Perforce NLB Security Group
 ##########################################
+resource "aws_security_group" "perforce_network_load_balancer" {
+  name        = "perforce_network_load_balancer"
+  description = "Perforce Network Load Balancer"
+  vpc_id      = aws_vpc.perforce_vpc.id
+  #checkov:skip=CKV2_AWS_5:Security group is attached to Perforce NLB
+}
+
+# Egress for Perforce NLB to Helix Core instance
+resource "aws_vpc_security_group_egress_rule" "perforce_nlb_outbound_helix_core" {
+  security_group_id            = aws_security_group.perforce_network_load_balancer.id
+  description                  = "Perforce NLB outbound to Helix Core"
+  from_port                    = 1666
+  to_port                      = 1666
+  ip_protocol                  = "TCP"
+  referenced_security_group_id = module.perforce_helix_core.security_group_id
+}
 
-# Helix Swarm -> Helix Core
-resource "aws_vpc_security_group_ingress_rule" "helix_core_inbound_swarm" {
+# Ingress from Perforce NLB to Helix Core instance
+resource "aws_vpc_security_group_ingress_rule" "perforce_nlb_inbound_helix_core" {
   security_group_id            = module.perforce_helix_core.security_group_id
+  description                  = "Perforce NLB inbound to Helix Core"
   ip_protocol                  = "TCP"
   from_port                    = 1666
   to_port                      = 1666
+  referenced_security_group_id = aws_security_group.perforce_network_load_balancer.id
+}
+
+# Egress for Perforce NLB to Perforce Web Services ALB
+resource "aws_vpc_security_group_egress_rule" "perforce_nlb_outbound_web_alb" {
+  security_group_id            = aws_security_group.perforce_network_load_balancer.id
+  description                  = "Perforce NLB outbound to Web ALB"
+  from_port                    = 443
+  to_port                      = 443
+  ip_protocol                  = "TCP"
+  referenced_security_group_id = aws_security_group.perforce_web_services_alb.id
+}
+
+##########################################
+# Perforce Web Services ALB Security Group
+##########################################
+resource "aws_security_group" "perforce_web_services_alb" {
+  name        = "perforce_web_services_alb"
+  description = "Perforce Web Services ALB"
+  vpc_id      = aws_vpc.perforce_vpc.id
+  #checkov:skip=CKV2_AWS_5:Security group is attached to Perforce Web Services ALB
+}
+
+# HTTPS Ingress from Perforce NLB to Perforce Web Services ALB
+resource "aws_vpc_security_group_ingress_rule" "perforce_nlb_inbound_web_alb_https" {
+  security_group_id            = aws_security_group.perforce_web_services_alb.id
+  description                  = "Perforce NLB inbound HTTPS to Web ALB"
+  ip_protocol                  = "TCP"
+  from_port                    = 443
+  to_port                      = 443
+  referenced_security_group_id = aws_security_group.perforce_network_load_balancer.id
+}
+
+# HTTPS Ingress from Helix Core server (needed for Helix Authentication Service extension)
+resource "aws_vpc_security_group_ingress_rule" "perforce_helix_core_inbound_web_alb_https" {
+  security_group_id            = aws_security_group.perforce_web_services_alb.id
+  description                  = "Helix Core inbound HTTPS to Web ALB"
+  ip_protocol                  = "TCP"
+  from_port                    = 443
+  to_port                      = 443
+  referenced_security_group_id = module.perforce_helix_core.security_group_id
+}
+
+# Egress for Perforce Web Services ALB to Helix Swarm service
+resource "aws_vpc_security_group_egress_rule" "perforce_alb_outbound_helix_swarm" {
+  security_group_id            = aws_security_group.perforce_web_services_alb.id
+  description                  = "Perforce ALB outbound to Helix Swarm"
+  from_port                    = 80
+  to_port                      = 80
+  ip_protocol                  = "TCP"
   referenced_security_group_id = module.perforce_helix_swarm.service_security_group_id
-  description                  = "Enables Helix Swarm to access Helix Core."
-}
-
-# Helix Core -> Helix Swarm
-resource "aws_vpc_security_group_ingress_rule" "helix_swarm_inbound_core" {
-  security_group_id = module.perforce_helix_swarm.alb_security_group_id
-  ip_protocol       = "TCP"
-  from_port         = 443
-  to_port           = 443
-  cidr_ipv4         = "${module.perforce_helix_core.helix_core_eip_public_ip}/32"
-  description       = "Enables Helix Core to access Helix Swarm"
-}
-
-# Helix Core -> Helix Authentication Service
-resource "aws_vpc_security_group_ingress_rule" "helix_auth_inbound_core" {
-  security_group_id = module.perforce_helix_authentication_service.alb_security_group_id
-  ip_protocol       = "TCP"
-  from_port         = 443
-  to_port           = 443
-  cidr_ipv4         = "${module.perforce_helix_core.helix_core_eip_public_ip}/32"
-  description       = "Enables Helix Core to access Helix Authentication Service"
+}
+
+# Ingress from Perforce Web Services ALB to Helix Swarm service
+resource "aws_vpc_security_group_ingress_rule" "perforce_alb_inbound_helix_swarm" {
+  security_group_id            = module.perforce_helix_swarm.service_security_group_id
+  description                  = "Perforce ALB inbound to Helix Swarm"
+  ip_protocol                  = "TCP"
+  from_port                    = 80
+  to_port                      = 80
+  referenced_security_group_id = aws_security_group.perforce_web_services_alb.id
+  #checkov:skip=CKV_AWS_260:Access restricted to Perforce Web Services ALB
+}
+
+# Egress for Perforce Web Services ALB to Helix Authentication service
+resource "aws_vpc_security_group_egress_rule" "perforce_alb_outbound_helix_auth" {
+  security_group_id            = aws_security_group.perforce_web_services_alb.id
+  description                  = "Perforce ALB outbound to Helix Auth"
+  from_port                    = 3000
+  to_port                      = 3000
+  ip_protocol                  = "TCP"
+  referenced_security_group_id = module.perforce_helix_authentication_service.service_security_group_id
+}
+
+# Ingress from Perforce Web Services ALB to Helix Authentication service
+resource "aws_vpc_security_group_ingress_rule" "perforce_alb_inbound_helix_auth" {
+  security_group_id            = module.perforce_helix_authentication_service.service_security_group_id
+  description                  = "Perforce ALB inbound to Helix Auth"
+  ip_protocol                  = "TCP"
+  from_port                    = 3000
+  to_port                      = 3000
+  referenced_security_group_id = aws_security_group.perforce_web_services_alb.id
+}
+
+##########################################
+# Helix Swarm to Helix Core
+##########################################
+resource "aws_vpc_security_group_ingress_rule" "perforce_helix_core_inbound_helix_swarm" {
+  security_group_id            = module.perforce_helix_core.security_group_id
+  description                  = "Helix Core inbound to Helix Swarm"
+  ip_protocol                  = "TCP"
+  from_port                    = 1666
+  to_port                      = 1666
+  referenced_security_group_id = module.perforce_helix_swarm.service_security_group_id
+}
+
+resource "aws_vpc_security_group_egress_rule" "perforce_helix_swarm_outbound_helix_core" {
+  security_group_id            = module.perforce_helix_swarm.service_security_group_id
+  description                  = "Helix Swarm outbound to Helix Core"
+  from_port                    = 1666
+  to_port                      = 1666
+  ip_protocol                  = "TCP"
+  referenced_security_group_id = module.perforce_helix_core.security_group_id
 }
diff --git a/modules/perforce/examples/complete/versions.tf b/modules/perforce/examples/complete/versions.tf
index a49b9ed..58167ef 100644
--- a/modules/perforce/examples/complete/versions.tf
+++ b/modules/perforce/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "5.66.0"
+      version = "5.81.0"
     }
   }
 }
diff --git a/modules/perforce/examples/complete/vpc.tf b/modules/perforce/examples/complete/vpc.tf
index 9e0645c..7370674 100644
--- a/modules/perforce/examples/complete/vpc.tf
+++ b/modules/perforce/examples/complete/vpc.tf
@@ -109,9 +109,9 @@ resource "aws_route_table" "private_rt" {
 
 # route to the internet through NAT gateway
 resource "aws_route" "private_rt_nat_gateway" {
-  route_table_id            = aws_route_table.private_rt.id
-  destination_cidr_block    = "0.0.0.0/0"
-  nat_gateway_id            = aws_nat_gateway.nat_gateway.id
+  route_table_id         = aws_route_table.private_rt.id
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.nat_gateway.id
 }
 
 resource "aws_route_table_association" "private_rt_asso" {
diff --git a/modules/perforce/helix-authentication-service/README.md b/modules/perforce/helix-authentication-service/README.md
index f1ed3d9..8427f88 100644
--- a/modules/perforce/helix-authentication-service/README.md
+++ b/modules/perforce/helix-authentication-service/README.md
@@ -6,8 +6,8 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.72.1 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | 1.20.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.78.0 |
+| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | 1.22.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.3 |
 
 ## Providers
@@ -26,50 +26,51 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_log_group.helix_authentication_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/cloudwatch_log_group) | resource |
-| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster) | resource |
-| [aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster_capacity_providers) | resource |
-| [aws_ecs_service.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_service) | resource |
-| [aws_ecs_task_definition.helix_authentication_service_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_task_definition) | resource |
-| [aws_iam_policy.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource |
-| [aws_iam_role.helix_authentication_service_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource |
-| [aws_iam_role.helix_authentication_service_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource |
-| [aws_lb.helix_authentication_service_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb) | resource |
-| [aws_lb_listener.helix_authentication_service_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_listener) | resource |
-| [aws_lb_target_group.helix_authentication_service_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_target_group) | resource |
-| [aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_lifecycle_configuration) | resource |
-| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_policy) | resource |
-| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_security_group.helix_authentication_service_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource |
-| [aws_security_group.helix_authentication_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource |
-| [aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_ingress_rule) | resource |
-| [awscc_secretsmanager_secret.helix_authentication_service_admin_password](https://registry.terraform.io/providers/hashicorp/awscc/1.20.0/docs/resources/secretsmanager_secret) | resource |
-| [awscc_secretsmanager_secret.helix_authentication_service_admin_username](https://registry.terraform.io/providers/hashicorp/awscc/1.20.0/docs/resources/secretsmanager_secret) | resource |
+| [aws_cloudwatch_log_group.helix_authentication_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/cloudwatch_log_group) | resource |
+| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster) | resource |
+| [aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster_capacity_providers) | resource |
+| [aws_ecs_service.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_service) | resource |
+| [aws_ecs_task_definition.helix_authentication_service_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_task_definition) | resource |
+| [aws_iam_policy.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource |
+| [aws_iam_role.helix_authentication_service_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource |
+| [aws_iam_role.helix_authentication_service_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource |
+| [aws_lb.helix_authentication_service_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb) | resource |
+| [aws_lb_listener.helix_authentication_service_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_listener) | resource |
+| [aws_lb_target_group.helix_authentication_service_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_target_group) | resource |
+| [aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_security_group.helix_authentication_service_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource |
+| [aws_security_group.helix_authentication_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource |
+| [aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [awscc_secretsmanager_secret.helix_authentication_service_admin_password](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource |
+| [awscc_secretsmanager_secret.helix_authentication_service_admin_username](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource |
 | [random_string.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource |
 | [random_string.helix_authentication_service_alb_access_logs_bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource |
-| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/ecs_cluster) | data source |
-| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/elb_service_account) | data source |
-| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/region) | data source |
+| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/ecs_cluster) | data source |
+| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/elb_service_account) | data source |
+| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Authentication Service load balancer. | `string` | n/a | yes |
+| <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Authentication Service load balancer. | `string` | `null` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster to deploy the Helix Authentication Service into. Defaults to null and a cluster will be created. | `string` | `null` | no |
 | <a name="input_container_cpu"></a> [container\_cpu](#input\_container\_cpu) | The CPU allotment for the Helix Authentication Service container. | `number` | `1024` | no |
 | <a name="input_container_memory"></a> [container\_memory](#input\_container\_memory) | The memory allotment for the Helix Authentication Service container. | `number` | `4096` | no |
 | <a name="input_container_name"></a> [container\_name](#input\_container\_name) | The name of the Helix Authentication Service container. | `string` | `"helix-auth-container"` | no |
 | <a name="input_container_port"></a> [container\_port](#input\_container\_port) | The container port that Helix Authentication Service runs on. | `number` | `3000` | no |
+| <a name="input_create_application_load_balancer"></a> [create\_application\_load\_balancer](#input\_create\_application\_load\_balancer) | This flag controls the creation of an application load balancer as part of the module. | `bool` | `true` | no |
 | <a name="input_create_helix_authentication_service_default_policy"></a> [create\_helix\_authentication\_service\_default\_policy](#input\_create\_helix\_authentication\_service\_default\_policy) | Optional creation of Helix Authentication Service default IAM Policy. Default is set to true. | `bool` | `true` | no |
 | <a name="input_create_helix_authentication_service_default_role"></a> [create\_helix\_authentication\_service\_default\_role](#input\_create\_helix\_authentication\_service\_default\_role) | Optional creation of Helix Authentication Service default IAM Role. Default is set to true. | `bool` | `true` | no |
 | <a name="input_custom_helix_authentication_service_role"></a> [custom\_helix\_authentication\_service\_role](#input\_custom\_helix\_authentication\_service\_role) | ARN of the custom IAM Role you wish to use with Helix Authentication Service. | `string` | `null` | no |
@@ -85,7 +86,7 @@ No modules.
 | <a name="input_helix_authentication_service_admin_username_secret_arn"></a> [helix\_authentication\_service\_admin\_username\_secret\_arn](#input\_helix\_authentication\_service\_admin\_username\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the Helix Authentication Service Administrator username. | `string` | `null` | no |
 | <a name="input_helix_authentication_service_alb_access_logs_bucket"></a> [helix\_authentication\_service\_alb\_access\_logs\_bucket](#input\_helix\_authentication\_service\_alb\_access\_logs\_bucket) | ID of the S3 bucket for Helix Authentication Service ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no |
 | <a name="input_helix_authentication_service_alb_access_logs_prefix"></a> [helix\_authentication\_service\_alb\_access\_logs\_prefix](#input\_helix\_authentication\_service\_alb\_access\_logs\_prefix) | Log prefix for Helix Authentication Service ALB access logs. If null the project prefix and module name are used. | `string` | `null` | no |
-| <a name="input_helix_authentication_service_alb_subnets"></a> [helix\_authentication\_service\_alb\_subnets](#input\_helix\_authentication\_service\_alb\_subnets) | A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended. | `list(string)` | n/a | yes |
+| <a name="input_helix_authentication_service_alb_subnets"></a> [helix\_authentication\_service\_alb\_subnets](#input\_helix\_authentication\_service\_alb\_subnets) | A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended. | `list(string)` | `[]` | no |
 | <a name="input_helix_authentication_service_cloudwatch_log_retention_in_days"></a> [helix\_authentication\_service\_cloudwatch\_log\_retention\_in\_days](#input\_helix\_authentication\_service\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for Helix Authentication Service. | `string` | `365` | no |
 | <a name="input_helix_authentication_service_subnets"></a> [helix\_authentication\_service\_subnets](#input\_helix\_authentication\_service\_subnets) | A list of subnets to deploy the Helix Authentication Service into. Private subnets are recommended. | `list(string)` | n/a | yes |
 | <a name="input_internal"></a> [internal](#input\_internal) | Set this flag to true if you do not want the Helix Authentication Service load balancer to have a public IP. | `bool` | `false` | no |
diff --git a/modules/perforce/helix-authentication-service/alb.tf b/modules/perforce/helix-authentication-service/alb.tf
index 795c310..1b34aa4 100644
--- a/modules/perforce/helix-authentication-service/alb.tf
+++ b/modules/perforce/helix-authentication-service/alb.tf
@@ -2,6 +2,7 @@
 # Load Balancer
 ################################################################################
 resource "aws_lb" "helix_authentication_service_alb" {
+  count              = var.create_application_load_balancer ? 1 : 0
   name               = "${local.name_prefix}-alb"
   internal           = var.internal
   load_balancer_type = "application"
@@ -9,11 +10,15 @@ resource "aws_lb" "helix_authentication_service_alb" {
   security_groups    = concat(var.existing_security_groups, [aws_security_group.helix_authentication_service_alb_sg.id])
 
   dynamic "access_logs" {
-    for_each = var.enable_helix_authentication_service_alb_access_logs ? [1] : []
+    for_each = (var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs ? [1] :
+    [])
     content {
       enabled = var.enable_helix_authentication_service_alb_access_logs
-      bucket  = var.helix_authentication_service_alb_access_logs_bucket != null ? var.helix_authentication_service_alb_access_logs_bucket : aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id
-      prefix  = var.helix_authentication_service_alb_access_logs_prefix != null ? var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb"
+      bucket = (var.helix_authentication_service_alb_access_logs_bucket != null ?
+        var.helix_authentication_service_alb_access_logs_bucket :
+      aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id)
+      prefix = (var.helix_authentication_service_alb_access_logs_prefix != null ?
+      var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb")
     }
   }
   enable_deletion_protection = var.enable_helix_authentication_service_alb_deletion_protection
@@ -26,14 +31,18 @@ resource "aws_lb" "helix_authentication_service_alb" {
 }
 
 resource "random_string" "helix_authentication_service_alb_access_logs_bucket_suffix" {
-  count   = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null
+  ? 1 : 0)
   length  = 8
   special = false
   upper   = false
 }
 
 resource "aws_s3_bucket" "helix_authentication_service_alb_access_logs_bucket" {
-  count  = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null
+  ? 1 : 0)
   bucket = "${local.name_prefix}-alb-access-logs-${random_string.helix_authentication_service_alb_access_logs_bucket_suffix[0].result}"
 
   #checkov:skip=CKV_AWS_21: Versioning not necessary for access logs
@@ -50,7 +59,9 @@ resource "aws_s3_bucket" "helix_authentication_service_alb_access_logs_bucket" {
 data "aws_elb_service_account" "main" {}
 
 data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
-  count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null
+  ? 1 : 0)
   statement {
     effect  = "Allow"
     actions = ["s3:PutObject"]
@@ -58,19 +69,26 @@ data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
       type        = "AWS"
       identifiers = [data.aws_elb_service_account.main.arn]
     }
-    resources = ["${var.helix_authentication_service_alb_access_logs_bucket != null ? var.helix_authentication_service_alb_access_logs_bucket : aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].arn}/${var.helix_authentication_service_alb_access_logs_prefix != null ? var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*"
+    resources = [
+      "${var.helix_authentication_service_alb_access_logs_bucket != null ? var.helix_authentication_service_alb_access_logs_bucket : aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].arn}/${var.helix_authentication_service_alb_access_logs_prefix != null ? var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*"
     ]
   }
 }
 
 resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
-  count  = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0
-  bucket = var.helix_authentication_service_alb_access_logs_bucket == null ? aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id : var.helix_authentication_service_alb_access_logs_bucket
+  count = (
+    var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null
+  ? 1 : 0)
+  bucket = (var.helix_authentication_service_alb_access_logs_bucket == null ?
+    aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id :
+  var.helix_authentication_service_alb_access_logs_bucket)
   policy = data.aws_iam_policy_document.access_logs_bucket_alb_write[0].json
 }
 
 resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
-  count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null
+  ? 1 : 0)
   depends_on = [
     aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0]
   ]
@@ -92,7 +110,9 @@ resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_c
 }
 
 resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
-  count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null
+  ? 1 : 0)
   depends_on = [
     aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0]
   ]
@@ -127,7 +147,8 @@ resource "aws_lb_target_group" "helix_authentication_service_alb_target_group" {
 
 # HTTPS listener for helix_authentication_service ALB
 resource "aws_lb_listener" "helix_authentication_service_alb_https_listener" {
-  load_balancer_arn = aws_lb.helix_authentication_service_alb.arn
+  count             = var.create_application_load_balancer ? 1 : 0
+  load_balancer_arn = aws_lb.helix_authentication_service_alb[0].arn
   port              = "443"
   protocol          = "HTTPS"
   ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
diff --git a/modules/perforce/helix-authentication-service/outputs.tf b/modules/perforce/helix-authentication-service/outputs.tf
index 108f896..e908577 100644
--- a/modules/perforce/helix-authentication-service/outputs.tf
+++ b/modules/perforce/helix-authentication-service/outputs.tf
@@ -16,12 +16,12 @@ output "cluster_name" {
 
 output "alb_dns_name" {
   description = "The DNS name of the Helix Authentication Service ALB"
-  value       = aws_lb.helix_authentication_service_alb.dns_name
+  value       = var.create_application_load_balancer ? aws_lb.helix_authentication_service_alb[0].dns_name : null
 }
 
 output "alb_zone_id" {
   description = "The hosted zone ID of the Helix Authentication Service ALB"
-  value       = aws_lb.helix_authentication_service_alb.zone_id
+  value       = var.create_application_load_balancer ? aws_lb.helix_authentication_service_alb[0].zone_id : null
 }
 
 output "target_group_arn" {
diff --git a/modules/perforce/helix-authentication-service/variables.tf b/modules/perforce/helix-authentication-service/variables.tf
index e365b2b..f2d60fd 100644
--- a/modules/perforce/helix-authentication-service/variables.tf
+++ b/modules/perforce/helix-authentication-service/variables.tf
@@ -106,9 +106,21 @@ variable "enable_web_based_administration" {
 }
 
 # - Load Balancer -
+variable "create_application_load_balancer" {
+  type        = bool
+  default     = true
+  description = "This flag controls the creation of an application load balancer as part of the module."
+}
+
 variable "helix_authentication_service_alb_subnets" {
   type        = list(string)
   description = "A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended."
+  default     = []
+  validation {
+    condition     = (length(var.helix_authentication_service_alb_subnets) > 0) == var.create_application_load_balancer
+    error_message = "Subnets are only necessary if the create_application_load_balancer variable is set."
+  }
+
 }
 
 variable "enable_helix_authentication_service_alb_access_logs" {
@@ -155,6 +167,11 @@ variable "internal" {
 variable "certificate_arn" {
   type        = string
   description = "The TLS certificate ARN for the Helix Authentication Service load balancer."
+  default     = null
+  validation {
+    condition     = var.create_application_load_balancer == (var.certificate_arn != null)
+    error_message = "The certificate_arn variable must be set if and only if the create_application_load_balancer variable is set."
+  }
 }
 
 # - Logging -
diff --git a/modules/perforce/helix-core/README.md b/modules/perforce/helix-core/README.md
index fd40f79..9369be3 100644
--- a/modules/perforce/helix-core/README.md
+++ b/modules/perforce/helix-core/README.md
@@ -6,16 +6,16 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.69.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | 1.16.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.78.0 |
+| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | 1.22.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.3 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.69.0 |
-| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 1.16.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.72.1 |
+| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 1.20.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | 3.6.3 |
 
 ## Modules
@@ -26,26 +26,26 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_ebs_volume.depot](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ebs_volume) | resource |
-| [aws_ebs_volume.logs](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ebs_volume) | resource |
-| [aws_ebs_volume.metadata](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ebs_volume) | resource |
-| [aws_eip.helix_core_eip](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/eip) | resource |
-| [aws_iam_instance_profile.helix_core_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_instance_profile) | resource |
-| [aws_iam_policy.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_policy) | resource |
-| [aws_iam_role.helix_core_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_role) | resource |
-| [aws_instance.helix_core_instance](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/instance) | resource |
-| [aws_security_group.helix_core_security_group](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/security_group) | resource |
-| [aws_volume_attachment.depot_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/volume_attachment) | resource |
-| [aws_volume_attachment.logs_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/volume_attachment) | resource |
-| [aws_volume_attachment.metadata_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/volume_attachment) | resource |
-| [aws_vpc_security_group_egress_rule.helix_core_internet](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/vpc_security_group_egress_rule) | resource |
-| [awscc_secretsmanager_secret.helix_core_super_user_password](https://registry.terraform.io/providers/hashicorp/awscc/1.16.1/docs/resources/secretsmanager_secret) | resource |
-| [awscc_secretsmanager_secret.helix_core_super_user_username](https://registry.terraform.io/providers/hashicorp/awscc/1.16.1/docs/resources/secretsmanager_secret) | resource |
+| [aws_ebs_volume.depot](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ebs_volume) | resource |
+| [aws_ebs_volume.logs](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ebs_volume) | resource |
+| [aws_ebs_volume.metadata](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ebs_volume) | resource |
+| [aws_eip.helix_core_eip](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/eip) | resource |
+| [aws_iam_instance_profile.helix_core_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_instance_profile) | resource |
+| [aws_iam_policy.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource |
+| [aws_iam_role.helix_core_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource |
+| [aws_instance.helix_core_instance](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/instance) | resource |
+| [aws_security_group.helix_core_security_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource |
+| [aws_volume_attachment.depot_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/volume_attachment) | resource |
+| [aws_volume_attachment.logs_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/volume_attachment) | resource |
+| [aws_volume_attachment.metadata_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/volume_attachment) | resource |
+| [aws_vpc_security_group_egress_rule.helix_core_internet](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [awscc_secretsmanager_secret.helix_core_super_user_password](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource |
+| [awscc_secretsmanager_secret.helix_core_super_user_username](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource |
 | [random_string.helix_core](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource |
-| [aws_ami.helix_core_ami](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/ami) | data source |
-| [aws_iam_policy_document.ec2_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_subnet.instance_subnet](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/subnet) | data source |
+| [aws_ami.helix_core_ami](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/ami) | data source |
+| [aws_iam_policy_document.ec2_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_subnet.instance_subnet](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/subnet) | data source |
 
 ## Inputs
 
@@ -69,10 +69,13 @@ No modules.
 | <a name="input_logs_volume_size"></a> [logs\_volume\_size](#input\_logs\_volume\_size) | The size of the logs volume in GiB. Defaults to 32 GiB. | `number` | `32` | no |
 | <a name="input_metadata_volume_size"></a> [metadata\_volume\_size](#input\_metadata\_volume\_size) | The size of the metadata volume in GiB. Defaults to 32 GiB. | `number` | `32` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name attached to swarm module resources. | `string` | `"helix-core"` | no |
+| <a name="input_plaintext"></a> [plaintext](#input\_plaintext) | Whether to enable plaintext authentication for Helix Core. This is not recommended for production environments unless you are using a load balancer for TLS termination. | `bool` | `false` | no |
 | <a name="input_project_prefix"></a> [project\_prefix](#input\_project\_prefix) | The project prefix for this workload. This is appeneded to the beginning of most resource names. | `string` | `"cgd"` | no |
+| <a name="input_selinux"></a> [selinux](#input\_selinux) | Whether to apply SELinux label updates for Helix Core. Don't enable this if SELinux is disabled on your target operating system. | `bool` | `false` | no |
 | <a name="input_server_type"></a> [server\_type](#input\_server\_type) | The Perforce Helix Core server type. | `string` | n/a | yes |
 | <a name="input_storage_type"></a> [storage\_type](#input\_storage\_type) | The type of backing store [EBS, FSxZ] | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | <pre>{<br/>  "iac-management": "CGD-Toolkit",<br/>  "iac-module": "helix-core",<br/>  "iac-provider": "Terraform"<br/>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | <pre>{<br>  "iac-management": "CGD-Toolkit",<br>  "iac-module": "helix-core",<br>  "iac-provider": "Terraform"<br>}</pre> | no |
+| <a name="input_unicode"></a> [unicode](#input\_unicode) | Whether to enable Unicode configuration for Helix Core the -xi flag for p4d. Set to true to enable Unicode support. | `bool` | `false` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC where Helix Core should be deployed | `string` | n/a | yes |
 
 ## Outputs
@@ -80,9 +83,9 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_helix_core_eip_id"></a> [helix\_core\_eip\_id](#output\_helix\_core\_eip\_id) | The ID of the Elastic IP associated with your Helix Core instance. |
-| <a name="output_helix_core_eip_private_ip"></a> [helix\_core\_eip\_private\_ip](#output\_helix\_core\_eip\_private\_ip) | The private IP of your Helix Core instance. |
 | <a name="output_helix_core_eip_public_ip"></a> [helix\_core\_eip\_public\_ip](#output\_helix\_core\_eip\_public\_ip) | The public IP of your Helix Core instance. |
 | <a name="output_helix_core_instance_id"></a> [helix\_core\_instance\_id](#output\_helix\_core\_instance\_id) | Instance ID for the Helix Core instance |
+| <a name="output_helix_core_private_ip"></a> [helix\_core\_private\_ip](#output\_helix\_core\_private\_ip) | Private IP for the Helix Core instance |
 | <a name="output_helix_core_super_user_password_secret_arn"></a> [helix\_core\_super\_user\_password\_secret\_arn](#output\_helix\_core\_super\_user\_password\_secret\_arn) | The ARN of the AWS Secrets Manager secret holding your Helix Core super user's password. |
 | <a name="output_helix_core_super_user_username_secret_arn"></a> [helix\_core\_super\_user\_username\_secret\_arn](#output\_helix\_core\_super\_user\_username\_secret\_arn) | The ARN of the AWS Secrets Manager secret holding your Helix Core super user's username. |
 | <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | The default security group of your Helix Core instance. |
diff --git a/modules/perforce/helix-core/main.tf b/modules/perforce/helix-core/main.tf
index 1f37aa7..8046a62 100644
--- a/modules/perforce/helix-core/main.tf
+++ b/modules/perforce/helix-core/main.tf
@@ -43,11 +43,13 @@ resource "aws_instance" "helix_core_instance" {
      ${var.helix_authentication_service_url == null ? "" : "--auth ${var.helix_authentication_service_url}"} \
      --case_sensitive ${var.helix_case_sensitive ? 1 : 0} \
      --unicode ${var.unicode ? "true" : "false"} \
-     --selinux ${var.selinux ? "true" : "false"}
+     --selinux ${var.selinux ? "true" : "false"} \
+     --plaintext ${var.plaintext ? "true" : "false"}
   EOT
 
-
-  vpc_security_group_ids = var.create_default_sg ? concat(var.existing_security_groups, [aws_security_group.helix_core_security_group[0].id]) : var.existing_security_groups
+  vpc_security_group_ids = (var.create_default_sg ?
+    concat(var.existing_security_groups, [aws_security_group.helix_core_security_group[0].id]) :
+  var.existing_security_groups)
 
   metadata_options {
     http_endpoint               = "enabled"
diff --git a/modules/perforce/helix-core/outputs.tf b/modules/perforce/helix-core/outputs.tf
index d86bdf0..f7311d9 100644
--- a/modules/perforce/helix-core/outputs.tf
+++ b/modules/perforce/helix-core/outputs.tf
@@ -1,15 +1,10 @@
-output "helix_core_eip_private_ip" {
-  value       = aws_eip.helix_core_eip[0].private_ip
-  description = "The private IP of your Helix Core instance."
-}
-
 output "helix_core_eip_public_ip" {
-  value       = aws_eip.helix_core_eip[0].public_ip
+  value       = var.internal ? null : aws_eip.helix_core_eip[0].public_ip
   description = "The public IP of your Helix Core instance."
 }
 
 output "helix_core_eip_id" {
-  value       = aws_eip.helix_core_eip[0].id
+  value       = var.internal ? null : aws_eip.helix_core_eip[0].id
   description = "The ID of the Elastic IP associated with your Helix Core instance."
 }
 
@@ -19,16 +14,25 @@ output "security_group_id" {
 }
 
 output "helix_core_super_user_username_secret_arn" {
-  value       = var.helix_core_super_user_username_secret_arn == null ? awscc_secretsmanager_secret.helix_core_super_user_username[0].secret_id : var.helix_core_super_user_username_secret_arn
+  value = (var.helix_core_super_user_username_secret_arn == null ?
+    awscc_secretsmanager_secret.helix_core_super_user_username[0].secret_id :
+  var.helix_core_super_user_username_secret_arn)
   description = "The ARN of the AWS Secrets Manager secret holding your Helix Core super user's username."
 }
 
 output "helix_core_super_user_password_secret_arn" {
-  value       = var.helix_core_super_user_password_secret_arn == null ? awscc_secretsmanager_secret.helix_core_super_user_password[0].secret_id : var.helix_core_super_user_password_secret_arn
+  value = (var.helix_core_super_user_password_secret_arn == null ?
+    awscc_secretsmanager_secret.helix_core_super_user_password[0].secret_id :
+  var.helix_core_super_user_password_secret_arn)
   description = "The ARN of the AWS Secrets Manager secret holding your Helix Core super user's password."
 }
 
 output "helix_core_instance_id" {
   value       = aws_instance.helix_core_instance.id
   description = "Instance ID for the Helix Core instance"
-}
\ No newline at end of file
+}
+
+output "helix_core_private_ip" {
+  value       = aws_instance.helix_core_instance.private_ip
+  description = "Private IP for the Helix Core instance"
+}
diff --git a/modules/perforce/helix-core/variables.tf b/modules/perforce/helix-core/variables.tf
index c430b7e..a15b855 100644
--- a/modules/perforce/helix-core/variables.tf
+++ b/modules/perforce/helix-core/variables.tf
@@ -157,7 +157,6 @@ variable "create_helix_core_default_role" {
 }
 
 
-
 ########################################
 # Super User Credentials
 ########################################
@@ -187,3 +186,9 @@ variable "helix_case_sensitive" {
   description = "Whether or not the server should be case insensitive (Server will run '-C1' mode), or if the server will run with case sensitivity default of the underlying platform. False enables '-C1' mode"
   default     = true
 }
+
+variable "plaintext" {
+  type        = bool
+  description = "Whether to enable plaintext authentication for Helix Core. This is not recommended for production environments unless you are using a load balancer for TLS termination."
+  default     = false
+}
diff --git a/modules/perforce/helix-swarm/README.md b/modules/perforce/helix-swarm/README.md
index 5197473..ae3c151 100644
--- a/modules/perforce/helix-swarm/README.md
+++ b/modules/perforce/helix-swarm/README.md
@@ -6,7 +6,7 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.72.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.78.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.3 |
 
 ## Providers
@@ -24,49 +24,50 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_log_group.helix_swarm_redis_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/cloudwatch_log_group) | resource |
-| [aws_cloudwatch_log_group.helix_swarm_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/cloudwatch_log_group) | resource |
-| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster) | resource |
-| [aws_ecs_cluster_capacity_providers.helix_swarm_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster_capacity_providers) | resource |
-| [aws_ecs_service.helix_swarm_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_service) | resource |
-| [aws_ecs_task_definition.helix_swarm_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_task_definition) | resource |
-| [aws_elasticache_cluster.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/elasticache_cluster) | resource |
-| [aws_elasticache_subnet_group.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/elasticache_subnet_group) | resource |
-| [aws_iam_policy.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource |
-| [aws_iam_role.helix_swarm_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource |
-| [aws_iam_role.helix_swarm_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource |
-| [aws_lb.helix_swarm_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb) | resource |
-| [aws_lb_listener.swarm_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_listener) | resource |
-| [aws_lb_target_group.helix_swarm_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_target_group) | resource |
-| [aws_s3_bucket.helix_swarm_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_lifecycle_configuration) | resource |
-| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_policy) | resource |
-| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_security_group.helix_swarm_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource |
-| [aws_security_group.helix_swarm_elasticache_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource |
-| [aws_security_group.helix_swarm_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource |
-| [aws_vpc_security_group_egress_rule.helix_swarm_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_ingress_rule.helix_swarm_elasticache_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_ingress_rule) | resource |
-| [aws_vpc_security_group_ingress_rule.helix_swarm_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_cloudwatch_log_group.helix_swarm_redis_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_group.helix_swarm_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/cloudwatch_log_group) | resource |
+| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster) | resource |
+| [aws_ecs_cluster_capacity_providers.helix_swarm_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster_capacity_providers) | resource |
+| [aws_ecs_service.helix_swarm_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_service) | resource |
+| [aws_ecs_task_definition.helix_swarm_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_task_definition) | resource |
+| [aws_elasticache_cluster.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/elasticache_cluster) | resource |
+| [aws_elasticache_subnet_group.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/elasticache_subnet_group) | resource |
+| [aws_iam_policy.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource |
+| [aws_iam_role.helix_swarm_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource |
+| [aws_iam_role.helix_swarm_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource |
+| [aws_lb.helix_swarm_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb) | resource |
+| [aws_lb_listener.swarm_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_listener) | resource |
+| [aws_lb_target_group.helix_swarm_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_target_group) | resource |
+| [aws_s3_bucket.helix_swarm_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_security_group.helix_swarm_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource |
+| [aws_security_group.helix_swarm_elasticache_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource |
+| [aws_security_group.helix_swarm_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource |
+| [aws_vpc_security_group_egress_rule.helix_swarm_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.helix_swarm_elasticache_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.helix_swarm_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_ingress_rule) | resource |
 | [random_string.helix_swarm](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource |
 | [random_string.helix_swarm_alb_access_logs_bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource |
-| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/ecs_cluster) | data source |
-| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/elb_service_account) | data source |
-| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/region) | data source |
+| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/ecs_cluster) | data source |
+| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/elb_service_account) | data source |
+| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Swarm service load balancer. | `string` | n/a | yes |
+| <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Swarm service load balancer. | `string` | `null` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster to deploy the Helix Swarm service into. Defaults to null and a cluster will be created. | `string` | `null` | no |
+| <a name="input_create_application_load_balancer"></a> [create\_application\_load\_balancer](#input\_create\_application\_load\_balancer) | This flag controls the creation of an application load balancer as part of the module. | `bool` | `true` | no |
 | <a name="input_create_helix_swarm_default_policy"></a> [create\_helix\_swarm\_default\_policy](#input\_create\_helix\_swarm\_default\_policy) | Optional creation of Helix Swarm default IAM Policy. Default is set to true. | `bool` | `true` | no |
 | <a name="input_create_helix_swarm_default_role"></a> [create\_helix\_swarm\_default\_role](#input\_create\_helix\_swarm\_default\_role) | Optional creation of Helix Swarm Default IAM Role. Default is set to true. | `bool` | `true` | no |
 | <a name="input_custom_helix_swarm_role"></a> [custom\_helix\_swarm\_role](#input\_custom\_helix\_swarm\_role) | ARN of the custom IAM Role you wish to use with Helix Swarm. | `string` | `null` | no |
@@ -82,7 +83,7 @@ No modules.
 | <a name="input_fully_qualified_domain_name"></a> [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The fully qualified domain name that Swarm should use for internal URLs. | `string` | `null` | no |
 | <a name="input_helix_swarm_alb_access_logs_bucket"></a> [helix\_swarm\_alb\_access\_logs\_bucket](#input\_helix\_swarm\_alb\_access\_logs\_bucket) | ID of the S3 bucket for Helix Swarm ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no |
 | <a name="input_helix_swarm_alb_access_logs_prefix"></a> [helix\_swarm\_alb\_access\_logs\_prefix](#input\_helix\_swarm\_alb\_access\_logs\_prefix) | Log prefix for Helix Swarm ALB access logs. If null the project prefix and module name are used. | `string` | `null` | no |
-| <a name="input_helix_swarm_alb_subnets"></a> [helix\_swarm\_alb\_subnets](#input\_helix\_swarm\_alb\_subnets) | A list of subnets to deploy the Helix Swarm load balancer into. Public subnets are recommended. | `list(string)` | n/a | yes |
+| <a name="input_helix_swarm_alb_subnets"></a> [helix\_swarm\_alb\_subnets](#input\_helix\_swarm\_alb\_subnets) | A list of subnets to deploy the Helix Swarm load balancer into. Public subnets are recommended. | `list(string)` | `[]` | no |
 | <a name="input_helix_swarm_cloudwatch_log_retention_in_days"></a> [helix\_swarm\_cloudwatch\_log\_retention\_in\_days](#input\_helix\_swarm\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for Helix Swarm. | `string` | `365` | no |
 | <a name="input_helix_swarm_container_cpu"></a> [helix\_swarm\_container\_cpu](#input\_helix\_swarm\_container\_cpu) | The CPU allotment for the swarm container. | `number` | `1024` | no |
 | <a name="input_helix_swarm_container_memory"></a> [helix\_swarm\_container\_memory](#input\_helix\_swarm\_container\_memory) | The memory allotment for the swarm container. | `number` | `2048` | no |
diff --git a/modules/perforce/helix-swarm/alb.tf b/modules/perforce/helix-swarm/alb.tf
index 3c32771..7fb825a 100644
--- a/modules/perforce/helix-swarm/alb.tf
+++ b/modules/perforce/helix-swarm/alb.tf
@@ -2,18 +2,21 @@
 # Load Balancer
 ################################################################################
 resource "aws_lb" "helix_swarm_alb" {
+  count              = var.create_application_load_balancer ? 1 : 0
   name               = "${local.name_prefix}-alb"
   internal           = var.internal
   load_balancer_type = "application"
   subnets            = var.helix_swarm_alb_subnets
-  security_groups    = concat(var.existing_security_groups, [aws_security_group.helix_swarm_alb_sg.id])
+  security_groups    = concat(var.existing_security_groups, [aws_security_group.helix_swarm_alb_sg[0].id])
 
   dynamic "access_logs" {
-    for_each = var.enable_helix_swarm_alb_access_logs ? [1] : []
+    for_each = (var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs ? [1] : [])
     content {
       enabled = var.enable_helix_swarm_alb_access_logs
-      bucket  = var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket : aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id
-      prefix  = var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix : "${local.name_prefix}-alb"
+      bucket = (var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket :
+      aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id)
+      prefix = (var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix :
+      "${local.name_prefix}-alb")
     }
   }
 
@@ -27,14 +30,18 @@ resource "aws_lb" "helix_swarm_alb" {
 }
 
 resource "random_string" "helix_swarm_alb_access_logs_bucket_suffix" {
-  count   = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null
+  ? 1 : 0)
   length  = 8
   special = false
   upper   = false
 }
 
 resource "aws_s3_bucket" "helix_swarm_alb_access_logs_bucket" {
-  count  = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null
+  ? 1 : 0)
   bucket = "${local.name_prefix}-alb-access-logs-${random_string.helix_swarm_alb_access_logs_bucket_suffix[0].result}"
 
   #checkov:skip=CKV_AWS_21: Versioning not necessary for access logs
@@ -51,7 +58,9 @@ resource "aws_s3_bucket" "helix_swarm_alb_access_logs_bucket" {
 data "aws_elb_service_account" "main" {}
 
 data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
-  count = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null
+  ? 1 : 0)
   statement {
     effect  = "Allow"
     actions = ["s3:PutObject"]
@@ -59,20 +68,26 @@ data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
       type        = "AWS"
       identifiers = [data.aws_elb_service_account.main.arn]
     }
-    resources = ["${var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket : aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].arn}/${var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*"
+    resources = [
+      "${var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket : aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].arn}/${var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*"
     ]
   }
 }
 
 resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
-  count  = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0
-  bucket = var.helix_swarm_alb_access_logs_bucket == null ? aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id : var.helix_swarm_alb_access_logs_bucket
+  count = (
+    var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null
+  ? 1 : 0)
+  bucket = (var.helix_swarm_alb_access_logs_bucket == null ? aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id :
+  var.helix_swarm_alb_access_logs_bucket)
   policy = data.aws_iam_policy_document.access_logs_bucket_alb_write[0].json
 }
 
 
 resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
-  count  = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null
+  ? 1 : 0)
   bucket = aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id
   rule {
     id     = "access-logs-lifecycle"
@@ -91,7 +106,10 @@ resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_c
 }
 
 resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
-  count                   = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0
+  count = (
+    var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null
+    ? 1
+  : 0)
   bucket                  = aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id
   block_public_acls       = true
   block_public_policy     = true
@@ -123,7 +141,8 @@ resource "aws_lb_target_group" "helix_swarm_alb_target_group" {
 
 # HTTPS listener for swarm ALB
 resource "aws_lb_listener" "swarm_alb_https_listener" {
-  load_balancer_arn = aws_lb.helix_swarm_alb.arn
+  count             = var.create_application_load_balancer ? 1 : 0
+  load_balancer_arn = aws_lb.helix_swarm_alb[0].arn
   port              = "443"
   protocol          = "HTTPS"
   ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
diff --git a/modules/perforce/helix-swarm/outputs.tf b/modules/perforce/helix-swarm/outputs.tf
index f629048..16e43a9 100644
--- a/modules/perforce/helix-swarm/outputs.tf
+++ b/modules/perforce/helix-swarm/outputs.tf
@@ -5,7 +5,7 @@ output "service_security_group_id" {
 
 output "alb_security_group_id" {
   description = "Security group associated with the swarm load balancer"
-  value       = aws_security_group.helix_swarm_alb_sg.id
+  value       = var.create_application_load_balancer ? aws_security_group.helix_swarm_alb_sg[0].id : null
 }
 
 output "cluster_name" {
@@ -15,12 +15,12 @@ output "cluster_name" {
 
 output "alb_dns_name" {
   description = "The DNS name of the Swarm ALB"
-  value       = aws_lb.helix_swarm_alb.dns_name
+  value       = var.create_application_load_balancer ? aws_lb.helix_swarm_alb[0].dns_name : null
 }
 
 output "alb_zone_id" {
   description = "The hosted zone ID of the Swarm ALB"
-  value       = aws_lb.helix_swarm_alb.zone_id
+  value       = var.create_application_load_balancer ? aws_lb.helix_swarm_alb[0].zone_id : null
 }
 
 output "target_group_arn" {
diff --git a/modules/perforce/helix-swarm/sg.tf b/modules/perforce/helix-swarm/sg.tf
index 09bdff2..8babb70 100644
--- a/modules/perforce/helix-swarm/sg.tf
+++ b/modules/perforce/helix-swarm/sg.tf
@@ -28,10 +28,11 @@ resource "aws_vpc_security_group_egress_rule" "helix_swarm_service_outbound_ipv6
 
 # Inbound access to Containers from ALB
 resource "aws_vpc_security_group_ingress_rule" "helix_swarm_service_inbound_alb" {
+  count = var.create_application_load_balancer ? 1 : 0
   #checkov:skip=CKV_AWS_260: "This restricts inbound access on port 80 to the ALB."
   security_group_id            = aws_security_group.helix_swarm_service_sg.id
   description                  = "Allow inbound traffic from Helix Swarm ALB to Helix Swarm service"
-  referenced_security_group_id = aws_security_group.helix_swarm_alb_sg.id
+  referenced_security_group_id = aws_security_group.helix_swarm_alb_sg[0].id
   from_port                    = var.helix_swarm_container_port
   to_port                      = var.helix_swarm_container_port
   ip_protocol                  = "tcp"
@@ -43,6 +44,8 @@ resource "aws_vpc_security_group_ingress_rule" "helix_swarm_service_inbound_alb"
 
 # swarm Load Balancer Security Group (attached to ALB)
 resource "aws_security_group" "helix_swarm_alb_sg" {
+  #checkov:skip=CKV2_AWS_5:Security group is attached to Application Load Balancer
+  count       = var.create_application_load_balancer ? 1 : 0
   name        = "${local.name_prefix}-ALB"
   vpc_id      = var.vpc_id
   description = "Helix Swarm ALB Security Group"
@@ -51,7 +54,8 @@ resource "aws_security_group" "helix_swarm_alb_sg" {
 
 # Outbound access from ALB to Containers
 resource "aws_vpc_security_group_egress_rule" "helix_swarm_alb_outbound_service" {
-  security_group_id            = aws_security_group.helix_swarm_alb_sg.id
+  count                        = var.create_application_load_balancer ? 1 : 0
+  security_group_id            = aws_security_group.helix_swarm_alb_sg[0].id
   description                  = "Allow outbound traffic from Helix Swarm ALB to Helix Swarm service"
   referenced_security_group_id = aws_security_group.helix_swarm_service_sg.id
   from_port                    = var.helix_swarm_container_port
diff --git a/modules/perforce/helix-swarm/variables.tf b/modules/perforce/helix-swarm/variables.tf
index b054dc3..130d8a6 100644
--- a/modules/perforce/helix-swarm/variables.tf
+++ b/modules/perforce/helix-swarm/variables.tf
@@ -106,9 +106,20 @@ variable "cluster_name" {
 }
 
 # - Load Balancer -
+variable "create_application_load_balancer" {
+  type        = bool
+  default     = true
+  description = "This flag controls the creation of an application load balancer as part of the module."
+}
+
 variable "helix_swarm_alb_subnets" {
   type        = list(string)
   description = "A list of subnets to deploy the Helix Swarm load balancer into. Public subnets are recommended."
+  default     = []
+  validation {
+    condition     = length(var.helix_swarm_alb_subnets) > 0 == var.create_application_load_balancer
+    error_message = "Subnets are only necessary if the create_application_load_balancer variable is set."
+  }
 }
 
 variable "enable_helix_swarm_alb_access_logs" {
@@ -155,6 +166,11 @@ variable "internal" {
 variable "certificate_arn" {
   type        = string
   description = "The TLS certificate ARN for the Helix Swarm service load balancer."
+  default     = null
+  validation {
+    condition     = var.create_application_load_balancer == (var.certificate_arn != null)
+    error_message = "The certificate_arn variable must be set if and only if the create_application_load_balancer variable is set."
+  }
 }
 
 # - Logging -