diff --git a/.terraform-version b/.terraform-version
new file mode 100644
index 0000000..e516bb9
--- /dev/null
+++ b/.terraform-version
@@ -0,0 +1 @@
+1.4.5
diff --git a/Makefile b/Makefile
index 8772eaa..33d0b4f 100644
--- a/Makefile
+++ b/Makefile
@@ -17,58 +17,58 @@ git-hooks: ## Set up hooks in .githooks
 
 .PHONY: test
 test: ## Build, test, and destroy default scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "test default --destroy=always"
+	@ci/scripts/run-kitchen.sh --action test --args "default --destroy=always"
 
 .PHONY: test-hybrid-external-database
 test-hybrid-external-database: ## Build, test, and destroy hybrid-external-database scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "test hybrid-external-database --destroy=always"
+	@ci/scripts/run-kitchen.sh --action test --args "hybrid-external-database --destroy=always"
 
 .PHONY: build
 build: ## Build default scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "test default converge"
+	@ci/scripts/run-kitchen.sh --action test --args "default converge"
 
 .PHONY: build-al
 build-al: ## Build hybrid_amazon_linux scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "converge hybrid-amazon-linux"
+	@ci/scripts/run-kitchen.sh --action converge --args "hybrid-amazon-linux"
 
 .PHONY: verify-al
 verify-al: ## Verify hybrid_amazon_linux scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "verify hybrid-amazon-linux"
+	@ci/scripts/run-kitchen.sh --action verify --args "hybrid-amazon-linux"
 
 .PHONY: destroy-al
 destroy-al: ## Destroy hybrid_amazon_linux scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "destroy hybrid-amazon-linux"
+	@ci/scripts/run-kitchen.sh --action destroy --args "hybrid-amazon-linux"
 
 .PHONY: test-al
 test-al: ## Test hybrid_amazon_linux scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "test hybrid-amazon-linux --destroy=always"
+	@ci/scripts/run-kitchen.sh --action test --args "hybrid-amazon-linux --destroy=always"
 
 .PHONY: build-ecs
 build-ecs: ## Build hybrid_ecs scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "converge hybrid-ecs"
+	@ci/scripts/run-kitchen.sh --action converge --args "hybrid-ecs"
 
 .PHONY: verify-ecs
 verify-ecs: ## Verify hybrid_ecs scenario with Kitchen Terraform
 	@if [ -z '${KONG_EE_LICENSE}' ]; then echo "You must set the KONG_EE_LICENSE variable with a valid license before running this step." ; exit 1 ; fi
-	@docker run --rm -e AWS_PROFILE=default -e KONG_EE_LICENSE='${KONG_EE_LICENSE}' -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "verify hybrid-ecs"
+	@ci/scripts/run-kitchen.sh --action verify --args "hybrid-ecs"
 
 .PHONY: destroy-ecs
 destroy-ecs: ## Destroy hybrid_ecs scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "destroy hybrid-ecs"
+	@ci/scripts/run-kitchen.sh --action destroy --args "hybrid-ecs"
 
 .PHONY: test-ecs
 test-ecs: ## Test hybrid_ecs scenario with Kitchen Terraform
 	@if [ -z '${KONG_EE_LICENSE}' ]; then echo "You must set the KONG_EE_LICENSE variable with a valid license before running this step." ; exit 1 ; fi
-	@docker run --rm -e AWS_PROFILE=default -e KONG_EE_LICENSE='${KONG_EE_LICENSE}' -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "test hybrid-ecs --destroy=always"
+	@ci/scripts/run-kitchen.sh --action test --args "hybrid-ecs --destroy=always"
 
 .PHONY: build-hybrid-external-database
 build-hybrid-external-database: ## Test hybrid-external-database scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "converge hybrid-external-database"
+	@ci/scripts/run-kitchen.sh --action converge --args "hybrid-external-database"
 
 .PHONY: destroy
 destroy: ## Build default scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "test default destroy"
+	@ci/scripts/run-kitchen.sh --action test --args "default destroy"
 
 .PHONY: destroy-hybrid-external-database
 destroy-hybrid-external-database: ## Destroy hybrid-external-database scenario with Kitchen Terraform
-	docker run --rm -e AWS_PROFILE=default -v $(shell pwd):/usr/action -v ~/.aws:/root/.aws -v /etc/ssl/certs/:/usr/local/share/ca-certificates/ quay.io/dwp/kitchen-terraform:0.14.7 "destroy hybrid-external-database"
+	@ci/scripts/run-kitchen.sh --action destroy --args "hybrid-external-database"
diff --git a/ci/scripts/run-kitchen.sh b/ci/scripts/run-kitchen.sh
new file mode 100755
index 0000000..9ec1011
--- /dev/null
+++ b/ci/scripts/run-kitchen.sh
@@ -0,0 +1,55 @@
+DEFAULT_KITCHEN_TERRAFORM_TAG=2.0.1
+
+# Parse parameters
+while [[ "$#" > 0 ]]; do case $1 in
+  --tag) TAG="$2"; shift; shift;;
+  --aws-profile) AWS_PROFILE="$2"; shift; shift;;
+  --action) ACTION="$2"; shift; shift;;
+  --args) ARGS="$2"; shift; shift;;
+  *) usage "Unknown parameter passed: $1"; shift; shift;;
+esac; done
+
+# Default version of Terraform when not specified a tag
+TAG="${TAG:-$DEFAULT_KITCHEN_TERRAFORM_TAG}"
+IMAGE="quay.io/dwp/kitchen-terraform:${TAG}"
+
+# Default AWS Profile
+AWS_PROFILE="${AWS_PROFILE:-"default"}"
+
+printf "\n*************************************************************\n"
+printf "  Running Kitchen Terraform using the following parameters:\n"
+printf "  %-22s %s\n" "- Terraform version:" $TAG
+printf "  %-22s %s\n" "- AWS Profile:" $AWS_PROFILE
+printf "  %-22s %s\n" "- Kitchen action:" ${ACTION:-"(not set)"}
+printf "  %-22s %s\n" "- Kitchen arguments:" ${ARGS:-"(not set)"}
+printf "*************************************************************\n\n"
+
+if [[ -n "$ACTION" ]]; then
+
+  if [[ ${ACTION} == "debug" ]]; then
+    docker run -ti --rm \
+      --env AWS_PROFILE=$AWS_PROFILE \
+      --env CUSTOM_CA_DIR=/usr/share/ca-certificates/custom \
+      --volume /etc/ssl/certs/:/usr/share/ca-certificates/custom \
+      --volume $(pwd):/usr/action \
+      --volume ~/.aws:/root/.aws \
+      --user root \
+      --workdir /usr/action/ \
+      --entrypoint bash \
+      ${IMAGE}
+  else
+    docker run --rm \
+      --env AWS_PROFILE=$AWS_PROFILE \
+      $(if [[ ${ARGS} == *"ecs"* && -n ${KONG_EE_LICENSE} && ${ACTION} == "verify" || ${ACTION} == "test" ]]; then echo "--env KONG_EE_LICENSE=${KONG_EE_LICENSE}"; fi) \
+      --env CUSTOM_CA_DIR=/usr/share/ca-certificates/custom \
+      --volume /etc/ssl/certs/:/usr/share/ca-certificates/custom \
+      --volume $(pwd):/usr/action \
+      --volume ~/.aws:/root/.aws \
+      --user root \
+      --workdir /usr/action/ \
+      ${IMAGE} "${ACTION}  ${ARGS}"
+  fi
+
+else
+  echo "The following arguments are required: \`--action\`."
+fi
diff --git a/scripts/run-kitchen.sh b/scripts/run-kitchen.sh
deleted file mode 100644
index e69de29..0000000