diff --git a/web-api/terraform/modules/dynamsoft/dynamsoft.tf b/web-api/terraform/modules/dynamsoft/dynamsoft.tf
index 09df081dd3c..b35552c2ded 100644
--- a/web-api/terraform/modules/dynamsoft/dynamsoft.tf
+++ b/web-api/terraform/modules/dynamsoft/dynamsoft.tf
@@ -10,20 +10,14 @@ resource "aws_instance" "dynamsoft" {
     Name        = "dynamsoft-${var.environment}"
     environment = var.environment
   }
-  user_data = data.template_file.setup_dynamsoft.rendered
-  user_data_replace_on_change = true
-
-  iam_instance_profile = "dynamsoft_s3_download_role"
-}
-
-data "template_file" "setup_dynamsoft" {
-  template = file("${path.module}/setup_dynamsoft.sh")
-
-  vars = {
+  user_data = templatefile("${path.module}/setup_dynamsoft.sh", {
     dynamsoft_s3_zip_path  = var.dynamsoft_s3_zip_path
     dynamsoft_url          = var.dynamsoft_url
     dynamsoft_product_keys = var.dynamsoft_product_keys
-  }
+  })
+  user_data_replace_on_change = true
+
+  iam_instance_profile = "dynamsoft_s3_download_role"
 }
 
 resource "aws_security_group" "dynamsoft_load_balancer_security_group" {
diff --git a/web-api/terraform/modules/everything-else-deprecated/cognito.tf b/web-api/terraform/modules/everything-else-deprecated/cognito.tf
index 6ce88eaa9d9..504e2659250 100644
--- a/web-api/terraform/modules/everything-else-deprecated/cognito.tf
+++ b/web-api/terraform/modules/everything-else-deprecated/cognito.tf
@@ -162,7 +162,7 @@ resource "aws_cognito_user_pool_client" "client" {
   explicit_auth_flows = ["ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH"]
 
   generate_secret                      = false
-  allowed_oauth_flows_user_pool_client = true
+  allowed_oauth_flows_user_pool_client = false
 
   token_validity_units {
     access_token  = "hours"
@@ -173,9 +173,6 @@ resource "aws_cognito_user_pool_client" "client" {
   access_token_validity  = 1
   id_token_validity      = 1
 
-  allowed_oauth_flows          = ["code", "implicit"]
-  allowed_oauth_scopes         = ["email", "openid", "profile", "phone", "aws.cognito.signin.user.admin"]
-  supported_identity_providers = ["COGNITO"]
 
   user_pool_id = aws_cognito_user_pool.pool.id
 
@@ -336,7 +333,7 @@ resource "aws_cognito_user_pool_client" "irs_client" {
   explicit_auth_flows = ["ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH"]
 
   generate_secret                      = false
-  allowed_oauth_flows_user_pool_client = true
+  allowed_oauth_flows_user_pool_client = false
   token_validity_units {
     access_token  = "hours"
     id_token      = "hours"
@@ -346,10 +343,6 @@ resource "aws_cognito_user_pool_client" "irs_client" {
   access_token_validity  = 1
   id_token_validity      = 1
 
-  allowed_oauth_flows          = ["code", "implicit"]
-  allowed_oauth_scopes         = ["email", "openid", "profile", "phone", "aws.cognito.signin.user.admin"]
-  supported_identity_providers = ["COGNITO"]
-
   user_pool_id = aws_cognito_user_pool.irs_pool.id
 
   write_attributes = [