diff --git a/delocp.sh b/delocp.sh
deleted file mode 100755
index 6134c70..0000000
--- a/delocp.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/bash
-
-clusterId=$1
-
-if [ -z $clusterId ]; then
-  exit 99
-fi
-
-terraform destroy -auto-approve &
-
-sleep 10 
-workers=$(aws ec2 describe-instances --filters Name="tag:kubernetes.io/cluster/${clusterId}",Values="owned"  --query 'Reservations[].Instances[].[InstanceId, Tags[?Key==`Name`] | [0].Value]' --output text | grep worker | cut -d$'\t' -f1)
-
-aws ec2 terminate-instances --instance-ids ${workers} 
-
-vpcid=$(grep vpc terraform.tfstate | grep vpc_id | grep vpc- | head -1 | cut -d"\"" -f4)
-elbname=$(aws elb describe-load-balancers --query  'LoadBalancerDescriptions[].[LoadBalancerName,VPCId]' --output text | cut -d$'\t' -f1)
-aws elb delete-load-balancer --load-balancer-name ${elbname}
-
-sleep 300
-
-sg=$(aws ec2 describe-security-groups --filters Name="tag:kubernetes.io/cluster/${clusterId}",Values="owned" --query 'SecurityGroups[].[GroupId,GroupName]' --output text | grep "k8s-elb" | cut -d$'\t' -f1)
-
-aws ec2 delete-security-group --group-id ${sg}
-
-sleep 60
-
-aws s3 ls | grep ${clusterId} | awk '{print "aws s3 rb —force s3://"$3}' | bash
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} 
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} | awk '{print "aws iam delete-user-policy --user-name "$1" --policy-name "$1"-policy"}' | bash
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} | awk '{print "aws iam delete-access-key --user-name "$1" --access-key-id $(aws iam list-access-keys --user-name "$1" --query 'AccessKeyMetadata[].AccessKeyId' --output text)"}' | bash
-
-aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId} | awk '{print "aws iam delete-user --user-name "$1}' | bash
-
-exit 0
diff --git a/install/aws_cleanup.sh b/install/aws_cleanup.sh
new file mode 100755
index 0000000..1ec2e02
--- /dev/null
+++ b/install/aws_cleanup.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+path=$(dirname $0)
+clusterId=$(cat $path/infraID)
+
+if [ -z "$clusterId" ]; then
+  exit 99
+fi
+
+if [ -z "$AWS_ACCESS_KEY_ID" ]; then
+  exit 80
+fi
+if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
+  exit 80
+fi
+
+echo "0 - Start processing for cluster $clusterId - waiting for masters to be destroyed"
+masters=3
+while [ $masters -gt 0 ]; do
+  nodes=$(aws ec2 describe-instances --filters Name="tag:kubernetes.io/cluster/${clusterId}",Values="owned"  Name="instance-state-name",Values="running" --query 'Reservations[].Instances[].[InstanceId, Tags[?Key==`Name`] | [0].Value]' --output text)
+  masters=$(echo "$nodes" | grep master | wc -l) 
+  echo "Waiting for masters to be destroyed - $masters remaining"
+  if [ $masters -gt 0 ]; then
+    sleep 10
+  fi
+done
+
+workers=$(echo "$nodes" | cut -d$'\t' -f1)
+
+echo "1 - Deleting workers - $workers -"
+  aws ec2 terminate-instances --instance-ids ${workers} 
+
+vpcid=$(aws ec2 describe-vpcs --filters Name="tag:kubernetes.io/cluster/${clusterId}",Values="owned" --query 'Vpcs[].VpcId' --output text)
+elbname=$(aws elb describe-load-balancers --query  'LoadBalancerDescriptions[].[LoadBalancerName,VPCId]' --output text | grep $vpcid | cut -d$'\t' -f1)
+echo "2 - Deleting apps load balancers - $elbname - "
+  aws elb delete-load-balancer --load-balancer-name ${elbname}
+
+sleep 30
+
+sg=$(aws ec2 describe-security-groups --filters Name="tag:kubernetes.io/cluster/${clusterId}",Values="owned" --query 'SecurityGroups[].[GroupId,GroupName]' --output text | grep "k8s-elb" | cut -d$'\t' -f1)
+echo "3 - Deleting elb security group - $sg -"
+
+  aws ec2 delete-security-group --group-id ${sg}
+sleep 10
+
+s3imagereg=$(aws s3 ls | grep ${clusterId} | awk '{print $3}') 
+echo "4 - Deleting S3 image-registry $s3imagereg -"
+  aws s3 rb --force s3://$s3imagereg
+
+iamusers=$(aws iam list-users --query 'Users[].[UserName,UserId]' --output text | grep ${clusterId})
+echo "5 - Deleting iamusers - $iamusers"
+
+  echo "$iamusers" | awk '{print "aws iam delete-user-policy --user-name "$1" --policy-name "$1"-policy"}' | bash
+  echo "$iamusers" | awk '{print "aws iam delete-access-key --user-name "$1" --access-key-id $(aws iam list-access-keys --user-name "$1" --query 'AccessKeyMetadata[].AccessKeyId' --output text)"}' | bash
+  echo "$iamusers" | awk '{print "aws iam delete-user --user-name "$1}' | bash
+
+exit 0
diff --git a/install/installer.tf b/install/installer.tf
index 1037bba..897428e 100644
--- a/install/installer.tf
+++ b/install/installer.tf
@@ -80,7 +80,17 @@ baseDomain: ${var.domain}
 compute:
 - hyperthreading: Enabled
   name: worker
-  replicas: 1
+  replicas: 3
+  platform:
+    aws:
+      rootVolume:
+        iops: ${var.aws_worker_root_volume_iops}
+        size: ${var.aws_worker_root_volume_size}
+        type: ${var.aws_worker_root_volume_type}
+      type: ${var.aws_worker_instance_type}
+      zones:
+      %{ for zone in var.aws_worker_availability_zones}
+      - ${zone}%{ endfor }
 controlPlane:
   hyperthreading: Enabled
   name: master
@@ -161,277 +171,16 @@ resource "null_resource" "manifest_cleanup_control_plane_machineset" {
   }
 }
 
-# rewrite the domains and the infrastructure id we use in the cluster
-resource "local_file" "cluster_infrastructure_config" {
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-  file_permission = "0644"
-  filename        =  "${path.module}/temp/manifests/cluster-infrastructure-02-config.yml"
-
-  content = <<EOF
-apiVersion: config.openshift.io/v1
-kind: Infrastructure
-metadata:
-  creationTimestamp: null
-  name: cluster
-spec:
-  cloudConfig:
-    name: ""
-status:
-  apiServerInternalURI: https://api-int.${var.clustername}.${var.domain}:6443
-  apiServerURL: https://api.${var.clustername}.${var.domain}:6443
-  etcdDiscoveryDomain: ${var.clustername}.${var.domain}
-  infrastructureName: ${data.local_file.infrastructureID.content}
-  platform: AWS
-  platformStatus:
-    aws:
-      region: ${var.aws_region}
-    type: AWS
-EOF
-}
-# modify manifests/cluster-dns-02-config.yml
-resource "null_resource" "manifest_cleanup_dns_config" {
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-
-  triggers = {
-    install_config =  data.template_file.install_config_yaml.rendered
-    local_file     =  local_file.install_config.id
-  }
-
-  provisioner "local-exec" {
-    command = "rm -f ${path.module}/temp/manifests/cluster-dns-02-config.yml"
-  }
-}
-
-#redo the dns config
-resource "local_file" "dns_config" {
-  count = var.airgapped.enabled ? 0 : 1
-  depends_on = [
-    null_resource.manifest_cleanup_dns_config
-  ]
-
-  file_permission = "0644"
-  filename        = "${path.module}/temp/manifests/cluster-dns-02-config.yml"
-  content         = <<EOF
-apiVersion: config.openshift.io/v1
-kind: DNS
-metadata:
-  creationTimestamp: null
-  name: cluster
-spec:
-  baseDomain: ${var.clustername}.${var.domain}
-  privateZone:
-      tags:
-        Name: ${data.local_file.infrastructureID.content}-int
-        kubernetes.io/cluster/${data.local_file.infrastructureID.content}: owned
-  publicZone:
-    id: ${var.dns_public_id}
-status: {}
-EOF
-}
-
-# remove these machinesets, we will rewrite them using the security group and subnets that we created
-resource "null_resource" "manifest_cleanup_worker_machineset" {
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-
-  triggers = {
-    install_config =  data.template_file.install_config_yaml.rendered
-    local_file     =  local_file.install_config.id
-  }
-
-  provisioner "local-exec" {
-    command = "rm -f ${path.module}/temp/openshift/99_openshift-cluster-api_worker-machines*.yaml"
-  }
-}
-
-#redo the worker machineset
-resource "local_file" "worker_machineset" {
-  count           = length(var.aws_worker_availability_zones)
-
-  depends_on = [
-    null_resource.manifest_cleanup_worker_machineset
-  ]
-
-  file_permission = "0644"
-  filename        = "${path.module}/temp/openshift/99_openshift-cluster-api_worker-machineset-${count.index}.yaml"
-  content         = <<EOF
-apiVersion: machine.openshift.io/v1beta1
-kind: MachineSet
-metadata:
-  creationTimestamp: null
-  labels:
-    machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
-  name: ${data.local_file.infrastructureID.content}-worker-${element(var.aws_worker_availability_zones, count.index)}
-  namespace: openshift-machine-api
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
-      machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-worker-${element(var.aws_worker_availability_zones, count.index)}
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        machine.openshift.io/cluster-api-cluster: ${data.local_file.infrastructureID.content}
-        machine.openshift.io/cluster-api-machine-role: worker
-        machine.openshift.io/cluster-api-machine-type: worker
-        machine.openshift.io/cluster-api-machineset: ${data.local_file.infrastructureID.content}-worker-${element(var.aws_worker_availability_zones, count.index)}
-    spec:
-      metadata:
-        creationTimestamp: null
-      providerSpec:
-        value:
-          ami:
-            id: ${var.ami}
-          apiVersion: awsproviderconfig.openshift.io/v1beta1
-          blockDevices:
-          - ebs:
-              iops: ${var.aws_worker_root_volume_iops}
-              volumeSize: ${var.aws_worker_root_volume_size}
-              volumeType: ${var.aws_worker_root_volume_type}
-          credentialsSecret:
-            name: aws-cloud-credentials
-          deviceIndex: 0
-          iamInstanceProfile:
-            id: ${data.local_file.infrastructureID.content}-worker-profile
-          instanceType: ${var.aws_worker_instance_type}
-          kind: AWSMachineProviderConfig
-          metadata:
-            creationTimestamp: null
-          placement:
-            availabilityZone: ${element(var.aws_worker_availability_zones, count.index)}
-            region: ${var.aws_region}
-          publicIp: null
-          securityGroups:
-          - filters:
-            - name: tag:Name
-              values:
-              - ${data.local_file.infrastructureID.content}-worker-sg
-          subnet:
-            filters:
-            - name: tag:Name
-              values:
-              - ${data.local_file.infrastructureID.content}-private-${element(var.aws_worker_availability_zones, count.index)}
-          tags:
-          - name: kubernetes.io/cluster/${data.local_file.infrastructureID.content}
-            value: owned
-          userDataSecret:
-            name: worker-user-data
-EOF
-}
-
-#redo the worker machineset
-resource "local_file" "ingresscontroller" {
-  count           = var.airgapped.enabled ? 1 : 0
-
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-  file_permission = "0644"
-  filename = "${path.module}/temp/openshift/99_default_ingress_controller.yml"
-  content = <<EOF
-apiVersion: operator.openshift.io/v1
-kind: IngressController
-metadata:
-  name: default
-  namespace: openshift-ingress-operator
-spec:
-  replicas: 2
-  endpointPublishingStrategy:
-    type: Private
-EOF
-}
-
-resource "local_file" "awssecrets1" {
-  count           = var.airgapped.enabled ? 1 : 0
-
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-  file_permission = "0644"
-  filename        =  "${path.module}/temp/openshift/99_awssecrets_image_registry.yml"
-
-  content = <<EOF
-apiVersion: v1
-data:
-  aws_access_key_id: ${base64encode(var.aws_access_key_id)}
-  aws_secret_access_key: ${base64encode(var.aws_secret_access_key)}
-kind: Secret
-metadata:
-  name: installer-cloud-credentials
-  namespace: openshift-image-registry
-type: Opaque
-EOF
-}
-
-resource "local_file" "awssecrets2" {
-  count           = var.airgapped.enabled ? 1 : 0
-
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-  file_permission = "0644"
-  filename        =  "${path.module}/temp/openshift/99_awssecrets_ingress.yml"
-
-  content = <<EOF
-apiVersion: v1
-data:
-  aws_access_key_id: ${base64encode(var.aws_access_key_id)}
-  aws_secret_access_key: ${base64encode(var.aws_secret_access_key)}
-kind: Secret
-metadata:
-  name: cloud-credentials
-  namespace: openshift-ingress-operator
-type: Opaque
-EOF
-}
-
-resource "local_file" "awssecrets3" {
-  count           = var.airgapped.enabled ? 1 : 0
-
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-  file_permission = "0644"
-  filename        =  "${path.module}/temp/openshift/99_awssecrets_machine_api.yml"
-
-  content = <<EOF
-apiVersion: v1
-data:
-  aws_access_key_id: ${base64encode(var.aws_access_key_id)}
-  aws_secret_access_key: ${base64encode(var.aws_secret_access_key)}
-kind: Secret
-metadata:
-  name: aws-cloud-credentials
-  namespace: openshift-machine-api
-type: Opaque
-EOF
-}
-
 # build the bootstrap ignition config
 resource "null_resource" "generate_ignition_config" {
   depends_on = [
     null_resource.manifest_cleanup_control_plane_machineset,
-    local_file.worker_machineset,
-    local_file.dns_config,
-    local_file.ingresscontroller,
-    local_file.awssecrets1,
-    local_file.awssecrets2,
-    local_file.awssecrets3,
     local_file.airgapped_registry_upgrades,
-    local_file.cluster_infrastructure_config,
   ]
 
   triggers = {
     install_config                   =  data.template_file.install_config_yaml.rendered
     local_file_install_config        =  local_file.install_config.id
-    local_file_infrastructure_config =  local_file.cluster_infrastructure_config.id
   }
 
   provisioner "local-exec" {
@@ -480,7 +229,23 @@ data "local_file" "infrastructureID" {
 
 }
 
+resource "null_resource" "delete_aws_resources" {
+  depends_on = [
+    null_resource.cleanup
+  ]
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "${path.module}/aws_cleanup.sh"
+  }
+
+}
+
 resource "null_resource" "cleanup" {
+  depends_on = [
+    null_resource.generate_ignition_config
+  ]
+
   provisioner "local-exec" {
     when    = destroy
     command = "rm -rf ${path.module}/temp"
@@ -526,14 +291,6 @@ data "local_file" "worker_ign" {
   filename =  "${path.module}/temp/worker.ign"
 }
 
-data "local_file" "cluster_infrastructure" {
-  depends_on = [
-    null_resource.generate_manifests
-  ]
-
-  filename =  "${path.module}/temp/manifests/cluster-infrastructure-02-config.yml"
-}
-
 resource "null_resource" "get_auth_config" {
   depends_on = [null_resource.generate_ignition_config]
   provisioner "local-exec" {
diff --git a/output.tf b/output.tf
new file mode 100644
index 0000000..f8be808
--- /dev/null
+++ b/output.tf
@@ -0,0 +1,20 @@
+data "local_file" "kubeadmin-password" {
+  depends_on = [ module.installer ]
+  filename = "kubeadmin-password"
+}
+
+output "infraID" {
+    value =  module.installer.infraID
+}
+
+output "kubeadmin" {
+    value = data.local_file.kubeadmin-password.content
+}
+
+output "consoleURL" {
+    value = "https://console-openshift-console.apps.${var.cluster_name}.${var.base_domain}"
+}
+
+output "apiURL" {
+    value = "api.${var.cluster_name}.${var.base_domain}:6443"
+}
\ No newline at end of file