diff --git a/catalogs/data/dagster/terraform/aws/iam.tf b/catalogs/data/dagster/terraform/aws/iam.tf
index cd56c6bc..c35ab5ab 100644
--- a/catalogs/data/dagster/terraform/aws/iam.tf
+++ b/catalogs/data/dagster/terraform/aws/iam.tf
@@ -1,15 +1,27 @@
-module "assumable_role_airflow" {
-  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
-  version                       = "3.14.0"
-  create_role                   = true
-  role_name                     = "${data.plural_cluster.cluster.name}-${var.role_name}"
-  provider_url                  = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")
-  role_policy_arns              = [module.s3_buckets.policy_arn]
-  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.dagster_serviceaccount}"]
+data "aws_iam_policy_document" "dagster" {
+  statement {
+    sid    = "admin"
+    effect = "Allow"
+    actions = ["s3:*"]
+
+    resources = [
+      "arn:aws:s3:::${var.dagster_bucket}",
+      "arn:aws:s3:::${var.dagster_bucket}/*",
+    ]
+  }
+}
+
+resource "aws_iam_policy" "dagster" {
+  name_prefix = "dagster"
+  description = "policy for the plural admin dagster"
+  policy      = data.aws_iam_policy_document.dagster.json
 }
 
 resource "aws_iam_user" "dagster" {
   name = "${data.plural_cluster.cluster.name}-dagster"
+
+  depends_on = [ data.plural_cluster.cluster ]
+
 }
 
 resource "aws_iam_access_key" "dagster" {
@@ -19,7 +31,17 @@ resource "aws_iam_access_key" "dagster" {
 resource "aws_iam_policy_attachment" "dagster-user" {
   name = "${data.plural_cluster.cluster.name}-dagster-policy"
   users = [aws_iam_user.dagster.name]
-  policy_arn = module.s3_buckets.policy_arn
+  policy_arn = aws_iam_policy.dagster.arn
+}
+
+resource "kubernetes_namespace" "dagster" {
+  metadata {
+    name = var.namespace
+    labels = {
+      "app.kubernetes.io/managed-by" = "plural"
+      "app.plural.sh/name" = "dagster"
+    }
+  }
 }
 
 resource "kubernetes_secret" "dagster_s3_secret" {
diff --git a/catalogs/data/dagster/terraform/aws/main.tf b/catalogs/data/dagster/terraform/aws/main.tf
deleted file mode 100644
index a4df2656..00000000
--- a/catalogs/data/dagster/terraform/aws/main.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-resource "kubernetes_namespace" "dagster" {
-  metadata {
-    name = var.namespace
-    labels = {
-      "app.kubernetes.io/managed-by" = "plural"
-      "app.plural.sh/name" = "dagster"
-      "platform.plural.sh/sync-target" = "pg"
-    }
-  }
-}
-
-module "s3_buckets" {
-  source        = "github.com/pluralsh/module-library//terraform/s3-buckets?ref=bucket-protection"
-  bucket_names  = [var.dagster_bucket]
-  policy_prefix = "dagster"
-  force_destroy = var.force_destroy_bucket
-}
-
-data "aws_eks_cluster" "cluster" {
-  name = data.plural_cluster.cluster.name
-}
diff --git a/catalogs/data/dagster/terraform/aws/oidc.tf b/catalogs/data/dagster/terraform/aws/oidc.tf
new file mode 100644
index 00000000..5425c2bd
--- /dev/null
+++ b/catalogs/data/dagster/terraform/aws/oidc.tf
@@ -0,0 +1,15 @@
+resource "random_password" "oidc_cookie" {
+  length      = 24
+  min_lower   = 1
+  min_numeric = 1
+  min_upper   = 1
+  special     = false
+}
+
+resource "plural_oidc_provider" "dagster" {
+  name = "dagster-{{ context.cluster }}"
+  auth_method = "BASIC"
+  type = "PLURAL"
+  description = "OIDC provider for Dagster deployed to the {{ context.cluster }} cluster"
+  redirect_uris = ["https://{{ context.hostname }}/oauth2/callback"]
+}
diff --git a/catalogs/data/dagster/terraform/aws/outputs.tf b/catalogs/data/dagster/terraform/aws/outputs.tf
index bd43df7c..076908be 100644
--- a/catalogs/data/dagster/terraform/aws/outputs.tf
+++ b/catalogs/data/dagster/terraform/aws/outputs.tf
@@ -3,11 +3,11 @@ output "iam_user" {
 }
 
 output "access_key_id" {
-  value = aws_iam_access_key.airbyte.id
+  value = aws_iam_access_key.dagster.id
 }
 
 output "secret_access_key" {
-  value = aws_iam_access_key.airbyte.secret
+  value = aws_iam_access_key.dagster.secret
   sensitive = true
 }
 
@@ -26,11 +26,11 @@ output "oidc_cookie_secret" {
 }
 
 output "oidc_client_id" {
-  value = plural_oidc_provider.airbyte.client_id
+  value = plural_oidc_provider.dagster.client_id
   sensitive = true
 }
 
 output "oidc_client_secret" {
-  value = plural_oidc_provider.airbyte.client_secret
+  value = plural_oidc_provider.dagster.client_secret
   sensitive = true
 }
diff --git a/catalogs/data/dagster/terraform/aws/s3.tf b/catalogs/data/dagster/terraform/aws/s3.tf
new file mode 100644
index 00000000..2f2fb32e
--- /dev/null
+++ b/catalogs/data/dagster/terraform/aws/s3.tf
@@ -0,0 +1,14 @@
+resource "aws_s3_bucket" "dagster" {
+  bucket         = var.dagster_bucket
+  force_destroy  = var.force_destroy_bucket
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "dagster" {
+  bucket = aws_s3_bucket.dagster.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
diff --git a/catalogs/data/dagster/terraform/aws/variables.tf b/catalogs/data/dagster/terraform/aws/variables.tf
index e1f0e847..38c1e755 100644
--- a/catalogs/data/dagster/terraform/aws/variables.tf
+++ b/catalogs/data/dagster/terraform/aws/variables.tf
@@ -13,16 +13,6 @@ variable "dagster_bucket" {
   default = "{{ context.bucket }}"
 }
 
-variable "dagster_serviceaccount" {
-  type = string
-  default = "dagster"
-}
-
-variable "role_name" {
-  type = string
-  default = "dagster"
-}
-
 variable "force_destroy_bucket" {
   type        = bool
   default     = true
@@ -30,7 +20,7 @@ variable "force_destroy_bucket" {
 }
 
 variable "db_name" {
-  default = "plrl-{{ context.cluster }}-airbyte"
+  default = "plrl-{{ context.cluster }}-dagster"
 }
 
 variable "postgres_vsn" {