diff --git a/operations/terraform/common.tf b/operations/terraform/common.tf
index e58481d..2c3cc98 100644
--- a/operations/terraform/common.tf
+++ b/operations/terraform/common.tf
@@ -7,5 +7,5 @@ variable "aws_region" {
 
 variable "app_root_url" {
   description = "Name of the S3 bucket to store deployed artifacts, logs, etc."
-  default = "pm.jdb-labs.com"
+  default = "pm.jdb-software.com"
 }
diff --git a/operations/terraform/deployed_env/main.tf b/operations/terraform/deployed_env/cloudfront.tf
similarity index 92%
rename from operations/terraform/deployed_env/main.tf
rename to operations/terraform/deployed_env/cloudfront.tf
index 38f25dc..773e4a5 100644
--- a/operations/terraform/deployed_env/main.tf
+++ b/operations/terraform/deployed_env/cloudfront.tf
@@ -26,10 +26,6 @@ output "oai_access_policy" {
  value = data.aws_iam_policy_document.bucket_access_policy
 }
 
-locals {
-  env_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-labs.com"
-}
-
 resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
   comment = "OAI for Personal Measure {$var.environment} environment."
 }
@@ -56,7 +52,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
     prefix          = "${var.environment}/logs/cloudfront"
   }
 
-  aliases = ["${local.env_domain_name}"]
+  aliases = ["${local.app_domain_name}"]
 
   default_cache_behavior {
     allowed_methods   = ["GET", "HEAD", "OPTIONS"]
@@ -96,7 +92,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
   }
 
   viewer_certificate {
-    acm_certificate_arn = "${var.cloudfront_ssl_certificate_arn}"
+    acm_certificate_arn = "${var.domain_cert_arn}"
     ssl_support_method  = "sni-only"
   }
 }
diff --git a/operations/terraform/deployed_env/domain.tf b/operations/terraform/deployed_env/domain.tf
new file mode 100644
index 0000000..76ec478
--- /dev/null
+++ b/operations/terraform/deployed_env/domain.tf
@@ -0,0 +1,65 @@
+# provider "aws" {
+#   alias   = "cert"
+#   region  = "us-east-1"
+# }
+#
+# resource "aws_acm_certificate" "cert" {
+#   provider          = aws.cert
+#   domain_name       = local.app_domain_name
+#   validation_method = "DNS"
+#
+#   subject_alternative_names = [local.api_domain_name]
+#
+#   tags = {
+#     Environment = var.environment
+#   }
+#
+#   lifecycle {
+#     create_before_destroy = true
+#   }
+# }
+#
+# resource "aws_route53_record" "cert_validation" {
+#   for_each {
+#     for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
+#       name    = dvo.resource_record_name
+#       type    = dvo.resource_record_type
+#       record  = dvo.resource_record_value
+#     }
+#   }
+#
+#   allow_overwrite = true
+#   name            = each.value.name
+#   records         = [ each.value.record ]
+#   ttl             = 60
+#   type            = each.value.type
+#   zone_id         = var.route53_zone.zone_id
+# }
+#
+# resource "aws_acm_certificate_validation" "cert" {
+#   provider                = aws.cert
+#   certificate_arn         = aws_acm_certificate.cert.arn
+#   validation_record_fqdns = [ for record in aws_route53_record.cert_validation : record.fqdn ]
+# }
+
+resource "aws_route53_record" "app_domain" {
+  zone_id   = var.route53_zone.zone_id
+  name      = local.app_domain_name
+  type      = "A"
+
+  alias {
+    name    = aws_cloudfront_distribution.s3_distribution.name
+    zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
+    evaluate_target_health = false
+  }
+
+  depends_on  = [aws_cloudfront_distribution.cdn ]
+}
+
+resource "aws_route53_record" "api_domain" {
+  zone_id   = var.route53_zone.zone_id
+  name      = local.api_domain_name
+  type      = "A"
+
+  # TODO: alias configuration
+}
diff --git a/operations/terraform/deployed_env/ecs.tf b/operations/terraform/deployed_env/ecs.tf
new file mode 100644
index 0000000..fb5896c
--- /dev/null
+++ b/operations/terraform/deployed_env/ecs.tf
@@ -0,0 +1,2 @@
+resource "aws_ecs_task_definition" "pmapi" {
+}
diff --git a/operations/terraform/deployed_env/variables.tf b/operations/terraform/deployed_env/variables.tf
index dac8aae..ebbf73a 100644
--- a/operations/terraform/deployed_env/variables.tf
+++ b/operations/terraform/deployed_env/variables.tf
@@ -8,6 +8,15 @@ variable "artifact_bucket" {
   description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
 }
 
-variable "cloudfront_ssl_certificate_arn" {
-  description = "ARN of the managed SSL certificate to use for this environment."
+variable "domain_cert_arn" {
+  description = "ARN for the SSL certificate to use for this environment's configuration."
+}
+
+variable "route53_zone" {
+  description = "Route53 hosted zone for the deployed environments."
+}
+
+locals {
+  app_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-software.com"
+  api_domain_name = "api.pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-software.com"
 }
diff --git a/operations/terraform/main.tf b/operations/terraform/main.tf
index 028ffb5..e2c42f4 100644
--- a/operations/terraform/main.tf
+++ b/operations/terraform/main.tf
@@ -7,36 +7,32 @@ resource "aws_s3_bucket" "personal_measure" {
   acl    = "log-delivery-write"
 }
 
-resource "aws_dynamodb_table" "dynamodb_terraform-state-lock" {
-  name = "terraform-state-lock.${var.app_root_url}"
-  hash_key = "LockID"
-  read_capacity = 20
-  write_capacity = 20
 
-  attribute {
-    name = "LockID"
-    type = "S"
-  }
+resource "aws_ecr_repository" "personal_measure_api" {
+  name                  = "personal_measure_api"
+  image_tag_mutability  = "IMMUTABLE"
 
-  tags = {
-    Name = "Terraform DynamoDB State Lock Table"
+  image_scanning_configuration {
+    scan_on_push  = true
   }
 }
 
 module "dev_env" {
   source = "./deployed_env"
-  
-  environment = "dev"
+
+  environment     = "dev"
   artifact_bucket = aws_s3_bucket.personal_measure
-  cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c"
+  route53_zone    = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
+  domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
 }
 
 module "prod_env" {
   source = "./deployed_env"
-  
-  environment = "prod"
+
+  environment     = "prod"
   artifact_bucket = aws_s3_bucket.personal_measure
-  cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c"
+  route53_zone    = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
+  domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
 }
 
 data "aws_iam_policy_document" "cloudfront_access_policy" {
diff --git a/operations/terraform/terraform.tf b/operations/terraform/terraform.tf
index 0c1518f..510c717 100644
--- a/operations/terraform/terraform.tf
+++ b/operations/terraform/terraform.tf
@@ -3,6 +3,17 @@ terraform {
     bucket = "pm.jdb-labs.com"
     region = "us-west-2"
     key    = "terraform.tfstate"
-    dynamodb_table = "terraform-state-lock.pm.jdb-labs.com"
+    dynamodb_table = "terraform-state-lock.jdb-software.com"
+  }
+}
+
+data "terraform_remote_state" "jdbsoft" {
+  backend = "s3"
+
+  config = {
+    bucket = "operations.jdb-software.com"
+    region = "us-east-2"
+    key    = "terraform/operations.tfstate"
+    dynamodb_table = "terraform-state-lock.jdb-software.com"
   }
 }