diff --git a/fast/stages/00-bootstrap/automation.tf b/fast/stages/00-bootstrap/automation.tf
index 0874fc4f..11a8b34d 100644
--- a/fast/stages/00-bootstrap/automation.tf
+++ b/fast/stages/00-bootstrap/automation.tf
@@ -36,7 +36,8 @@ module "automation-project" {
   # machine (service accounts) IAM bindings
   iam = {
     "roles/owner" = [
-      module.automation-tf-bootstrap-sa.iam_email
+      module.automation-tf-bootstrap-sa.iam_email,
+      module.automation-tf-resman-sa.iam_email
     ]
     "roles/iam.serviceAccountAdmin" = [
       module.automation-tf-resman-sa.iam_email
diff --git a/fast/stages/01-resman/cicd-networking.tf b/fast/stages/01-resman/cicd-networking.tf
index 541d8bda..9bb96f79 100644
--- a/fast/stages/01-resman/cicd-networking.tf
+++ b/fast/stages/01-resman/cicd-networking.tf
@@ -35,7 +35,7 @@ module "branch-network-cicd-repo" {
     fast-02-networking = {
       filename        = ".cloudbuild/workflow.yaml"
       included_files  = ["**/*tf", ".cloudbuild/workflow.yaml"]
-      service_account = module.branch-network-sa.id
+      service_account = module.branch-network-sa-cicd.0.id
       substitutions   = {}
       template = {
         project_id  = null
diff --git a/fast/stages/01-resman/cicd-security.tf b/fast/stages/01-resman/cicd-security.tf
index d6b0b869..ff456166 100644
--- a/fast/stages/01-resman/cicd-security.tf
+++ b/fast/stages/01-resman/cicd-security.tf
@@ -35,7 +35,7 @@ module "branch-security-cicd-repo" {
     fast-02-security = {
       filename        = ".cloudbuild/workflow.yaml"
       included_files  = ["**/*tf", ".cloudbuild/workflow.yaml"]
-      service_account = module.branch-security-sa.id
+      service_account = module.branch-security-sa-cicd.0.id
       substitutions   = {}
       template = {
         project_id  = null
diff --git a/fast/stages/01-resman/cicd-teams.tf b/fast/stages/01-resman/cicd-teams.tf
index 2766e301..931b0a7c 100644
--- a/fast/stages/01-resman/cicd-teams.tf
+++ b/fast/stages/01-resman/cicd-teams.tf
@@ -37,7 +37,7 @@ module "branch-teams-dev-pf-cicd-repo" {
       included_files = [
         "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
       ]
-      service_account = module.branch-teams-dev-pf-sa.iam_email
+      service_account = module.branch-teams-dev-pf-sa-cicd.0.id
       substitutions   = {}
       template = {
         project_id  = null
@@ -68,7 +68,7 @@ module "branch-teams-prod-pf-cicd-repo" {
       included_files = [
         "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
       ]
-      service_account = module.branch-teams-prod-pf-sa.iam_email
+      service_account = module.branch-teams-prod-pf-sa-cicd.0.id
       substitutions   = {}
       template = {
         project_id  = null
diff --git a/fast/stages/01-resman/outputs.tf b/fast/stages/01-resman/outputs.tf
index f91a843d..b7de5240 100644
--- a/fast/stages/01-resman/outputs.tf
+++ b/fast/stages/01-resman/outputs.tf
@@ -144,9 +144,11 @@ output "cicd_repositories" {
   description = "WIF configuration for CI/CD repositories."
   value = {
     for k, v in local.cicd_repositories : k => {
-      branch          = v.branch
-      name            = v.name
-      provider        = local.identity_providers[v.identity_provider].name
+      branch = v.branch
+      name   = v.name
+      provider = try(
+        local.identity_providers[v.identity_provider].name, null
+      )
       service_account = local.cicd_workflow_attrs[k].service_account
     } if v != null
   }