diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d1d4b6e9..eaf20194 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -21,7 +21,7 @@ on:
 
 jobs:
   analyze:
-    runs-on: ubuntu-latest
+    runs-on: codebuild-cdap-${{ github.ref_name =='main' && 'prod' || 'non-prod' }}-${{github.run_id}}-${{github.run_attempt}}
     permissions:
       actions: read
       contents: read
@@ -30,17 +30,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'TypeScript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+        language: [ 'javascript-typescript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java-kotlin', 'javascript', 'python', 'ruby', 'swift' ]
+        # Learn more about CodeQL language support at https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         source-root: actions/aws-params-env-action/src
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,6 @@ jobs:
     #   make release
 
     - name: Perform CodeQL analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:$${{ matrix.language }}"
diff --git a/.github/workflows/python-checks.yml b/.github/workflows/python-checks.yml
index b69623db..c97df3ea 100644
--- a/.github/workflows/python-checks.yml
+++ b/.github/workflows/python-checks.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   python-checks:
-    runs-on: codebuild-cdap-${{github.run_id}}-${{github.run_attempt}}
+    runs-on: codebuild-cdap-${{ github.ref_name =='main' && 'prod' || 'non-prod' }}-${{github.run_id}}-${{github.run_attempt}}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47
diff --git a/.github/workflows/test-codebuild-projects.yml b/.github/workflows/test-codebuild-projects.yml
index e046f7ff..2803fd64 100644
--- a/.github/workflows/test-codebuild-projects.yml
+++ b/.github/workflows/test-codebuild-projects.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   smoke-test:
-    runs-on: codebuild-cdap-${{ contains(fromJSON('["dev", "test"]'), matrix.env) && 'non-prod' || 'prod'}}-${{github.run_id}}-${{github.run_attempt}}
+    runs-on: codebuild-cdap-${{ contains(fromJSON('["prod", "sandbox"]'), matrix.env) && 'prod' || 'non-prod'}}-${{github.run_id}}-${{github.run_attempt}}
     strategy:
       matrix:
         env: [dev, test, sandbox, prod]
diff --git a/.github/workflows/tofu-apply.yml b/.github/workflows/tofu-apply.yml
index 7a364f82..b58421c3 100644
--- a/.github/workflows/tofu-apply.yml
+++ b/.github/workflows/tofu-apply.yml
@@ -21,7 +21,7 @@ jobs:
     permissions:
       contents: read
       id-token: write
-    runs-on: codebuild-cdap-${{ contains(fromJSON('["dev", "test"]'), matrix.env) && 'non-prod' || 'prod'}}-${{github.run_id}}-${{github.run_attempt}}
+    runs-on: codebuild-cdap-${{ contains(fromJSON('["prod", "sandbox"]'), matrix.env) && 'prod' || 'non-prod'}}-${{github.run_id}}-${{github.run_attempt}}
     strategy:
       fail-fast: false
       matrix:
diff --git a/.github/workflows/tofu-plan.yml b/.github/workflows/tofu-plan.yml
index 9c926312..933d8ed4 100644
--- a/.github/workflows/tofu-plan.yml
+++ b/.github/workflows/tofu-plan.yml
@@ -17,7 +17,7 @@ jobs:
     permissions:
       contents: read
       id-token: write
-    runs-on: codebuild-cdap-${{ contains(fromJSON('["dev", "test"]'), matrix.env) && 'non-prod' || 'prod'}}-${{github.run_id}}-${{github.run_attempt}}
+    runs-on: codebuild-cdap-${{ contains(fromJSON('["prod", "sandbox"]'), matrix.env) && 'prod' || 'non-prod'}}-${{github.run_id}}-${{github.run_attempt}}
     strategy:
       fail-fast: false
       matrix: