diff --git a/services/terraform/dev/main.tf b/services/terraform/dev/main.tf
index f4e07bc84..7dd1c84ed 100644
--- a/services/terraform/dev/main.tf
+++ b/services/terraform/dev/main.tf
@@ -1,42 +1,47 @@
+variable "localstack_endpoint" {
+  type    = string
+  default = "http://localhost:4566"
+}
+
 locals {
   aws_settings = ({
     region     = "us-east-2"
     access_key = "fake"
     secret_key = "fake"
 
     skip_credentials_validation = true
     skip_metadata_api_check     = true
     skip_requesting_account_id  = true
     s3_use_path_style           = true
 
-    override_endpoint = "http://localhost:4566"
+    override_endpoint = var.localstack_endpoint
   })
 }
 
 provider "aws" {
   region     = local.aws_settings.region
   access_key = local.aws_settings.access_key
   secret_key = local.aws_settings.secret_key
 
   skip_credentials_validation = local.aws_settings.skip_credentials_validation
   skip_metadata_api_check     = local.aws_settings.skip_metadata_api_check
   skip_requesting_account_id  = local.aws_settings.skip_requesting_account_id
   s3_use_path_style           = local.aws_settings.s3_use_path_style
 
   dynamic "endpoints" {
     for_each = local.aws_settings.override_endpoint[*]
     content {
       dynamodb       = endpoints.value
       s3             = endpoints.value
       secretsmanager = endpoints.value
     }
   }
 }
 
 provider "random" {}
 
 # Shared resources between local dev environment and remote AWS
 module "shared" {
   source = "../modules/shared"
   is_dev = true
 }
diff --git a/services/terraform/modules/shared/s3.tf b/services/terraform/modules/shared/s3.tf
index 304e84e3b..ccba6c5bc 100644
--- a/services/terraform/modules/shared/s3.tf
+++ b/services/terraform/modules/shared/s3.tf
@@ -1,11 +1,12 @@
 variable "s3_bucket_names" {
   type = list(any)
   default = [
     "commapp-blob",
   ]
 }
 
 resource "aws_s3_bucket" "comm_buckets" {
-  count  = length(var.s3_bucket_names)
-  bucket = "${var.s3_bucket_names[count.index]}${var.bucket_name_suffix}"
+  count         = length(var.s3_bucket_names)
+  bucket        = "${var.s3_bucket_names[count.index]}${var.bucket_name_suffix}"
+  force_destroy = var.is_dev ? true : false
 }
diff --git a/services/terraform/modules/shared/secretsmanager.tf b/services/terraform/modules/shared/secretsmanager.tf
index a471b8e97..e95675d1c 100644
--- a/services/terraform/modules/shared/secretsmanager.tf
+++ b/services/terraform/modules/shared/secretsmanager.tf
@@ -1,21 +1,22 @@
 resource "aws_secretsmanager_secret" "services_token" {
-  name        = "servicesToken"
-  description = "Service-to-service access token"
+  name                    = "servicesToken"
+  description             = "Service-to-service access token"
+  recovery_window_in_days = var.is_dev ? 0 : 30
 }
 resource "aws_secretsmanager_secret_version" "services_token" {
   secret_id      = aws_secretsmanager_secret.services_token.id
   secret_string  = var.is_dev ? "super-secret" : random_password.services_token.result
   version_stages = ["AWSCURRENT"]
 }
 
 # Now we generate a random password for the services token in production
 # until we have rotation configured.
 resource "random_password" "services_token" {
   length           = 32
   special          = true
   override_special = "!#$%&*-_=+<>?"
 }
 
 output "services_token_id" {
   value = aws_secretsmanager_secret.services_token.id
 }