diff --git a/.github/workflows/cms.yaml b/.github/workflows/cms.yaml
index adcb01a..b3f9bf4 100644
--- a/.github/workflows/cms.yaml
+++ b/.github/workflows/cms.yaml
@@ -21,10 +21,10 @@ jobs:
     environment: production
     outputs:
       containerRegistryName: ${{ steps.deployinfra.outputs.containerRegistryName }}
-      containerAppEnvironmentName: ${{ steps.deployinfra.outputs.containerAppEnvironmentName }}
-      containerAppName: ${{ steps.deployinfra.outputs.containerAppName }}
       resourceGroupName: ${{ steps.deployinfra.outputs.resourceGroupName }}
       resourceLocation: ${{ steps.deployinfra.outputs.resourceLocation }}
+      containerAppEnvironmentName: ${{ steps.deploycms.outputs.containerAppEnvironmentName }}
+      containerAppName: ${{ steps.deploycms.outputs.containerAppName }}
     steps:
       - uses: actions/checkout@v4
 
@@ -41,8 +41,22 @@ jobs:
         with:
           subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           scope: "subscription"
-          template: ./infrastructure/cms/cms.bicep
-          parameters: "environment=production databaseClient=${{ vars.CMS_DATABASE_CLIENT }}"
+          template: ./infrastructure/cms/infrastructure.bicep
+          parameters: "environment=production"
+          region: ${{ vars.AZURE_REGION }}
+
+      - name: Deploy CMS application
+        id: deploycms
+        uses: azure/arm-deploy@v2
+        with:
+          scope: "resourcegroup"
+          resourceGroupName: ${{ steps.deployinfra.outputs.resourceGroupName }}
+          template: ./infrastructure/cms/main.bicep
+          parameters: >
+            databaseClient=${{ vars.CMS_DATABASE_CLIENT }} 
+            logAnalyticsWorkspaceName=${{ steps.deployinfra.outputs.logAnalyticsWorkspaceName }}
+            keyVaultName=${{ steps.deployinfra.outputs.keyVaultName }}
+            identityResourceId=${{ steps.deployinfra.outputs.identityResourceId }}
           region: ${{ vars.AZURE_REGION }}
 
   push_image_to_acr:
diff --git a/infrastructure/cms/cms.bicep b/infrastructure/cms/cms.bicep
deleted file mode 100644
index 2df5415..0000000
--- a/infrastructure/cms/cms.bicep
+++ /dev/null
@@ -1,84 +0,0 @@
-import { appendHash } from '../utilities.bicep'
-
-targetScope = 'subscription'
-
-param environment string
-param databaseClient string
-
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = {
-  name: 'rg-strapi-playground-${environment}'
-  location: deployment().location
-}
-
-module cmsIdentity '../modules/identity.bicep' = {
-  scope: resourceGroup
-  name: 'deployCmsIdentity'
-  params: {
-    identityName: 'id-cms'
-  }
-}
-
-module keyVault '../modules/keyVault.bicep' = {
-  scope: resourceGroup
-  name: 'deployCmsKeyVault'
-  params: {
-    keyVaultName: 'kv-cms'
-    cmsIdentityPrincipalId: cmsIdentity.outputs.cmsIdentityPrincipalId
-  }
-}
-
-module containerRegistry '../modules/registry.bicep' = {
-  scope: resourceGroup
-  name: 'deployContainerRegistry'
-}
-
-module logAnalyticsWorkspace '../modules/logAnalytics.bicep' = {
-  scope: resourceGroup
-  name: 'deployLogAnalytics'
-}
-
-module cmsContainerApp '../modules/containerApp.bicep' = {
-  scope: resourceGroup
-  name: 'deployCmsContainer'
-  params: {
-    containerAppEnvironmentName: 'cae-cms'
-    containerAppName: 'ca-cms'
-    imageName: 'nginx:latest'
-    logAnalyicsWorkspaceName: logAnalyticsWorkspace.outputs.resourceName
-    keyVaultName: keyVault.outputs.resourceName
-    targetPort: 1337
-    cmsIdentityResourceId: cmsIdentity.outputs.cmsIdentityResourceId
-    environmentVariables: [
-      {
-        name: 'DATABASE_CLIENT'
-        value: databaseClient
-      }
-    ]
-    secrets: [
-      'APP_KEYS'
-      'API_TOKEN_SALT'
-      'ADMIN_JWT_SECRET'
-      'TRANSFER_TOKEN_SALT'
-      'JWT_SECRET'
-      'DATABASE_USERNAME'
-      'DATABASE_PASSWORD'
-    ]
-  }
-}
-
-module mysql '../modules/sql.bicep' = {
-  scope: resourceGroup
-  name: 'deployMysql'
-  params: {
-    cmsIdentityPrincipalId: cmsIdentity.outputs.cmsIdentityPrincipalId
-    cmsIdentityResourceId: cmsIdentity.outputs.cmsIdentityResourceId
-    cmsIdentityTenantId: cmsIdentity.outputs.cmsIdentityTenantId
-    cmsIdentityName: cmsIdentity.outputs.cmsIdentityName
-  }
-}
-
-output containerRegistryName string = containerRegistry.outputs.containerRegistryName
-output containerAppEnvironmentName string = cmsContainerApp.outputs.containerAppEnvironmentName
-output containerAppName string = cmsContainerApp.outputs.containerAppName
-output resourceGroupName string = resourceGroup.name
-output resourceLocation string = resourceGroup.location
diff --git a/infrastructure/cms/infrastructure.bicep b/infrastructure/cms/infrastructure.bicep
new file mode 100644
index 0000000..c5b2870
--- /dev/null
+++ b/infrastructure/cms/infrastructure.bicep
@@ -0,0 +1,53 @@
+targetScope = 'subscription'
+
+param environment string
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = {
+  name: 'rg-strapi-playground-${environment}'
+  location: deployment().location
+}
+
+module cmsIdentity '../modules/identity.bicep' = {
+  scope: resourceGroup
+  name: 'deployCmsIdentity'
+  params: {
+    identityName: 'id-cms'
+  }
+}
+
+module keyVault '../modules/keyVault.bicep' = {
+  scope: resourceGroup
+  name: 'deployCmsKeyVault'
+  params: {
+    keyVaultName: 'kv-cms'
+    cmsIdentityPrincipalId: cmsIdentity.outputs.principalId
+  }
+}
+
+module containerRegistry '../modules/registry.bicep' = {
+  scope: resourceGroup
+  name: 'deployContainerRegistry'
+}
+
+module logAnalyticsWorkspace '../modules/logAnalytics.bicep' = {
+  scope: resourceGroup
+  name: 'deployLogAnalytics'
+}
+
+module mysql '../modules/sql.bicep' = {
+  scope: resourceGroup
+  name: 'deployMysql'
+  params: {
+    cmsIdentityPrincipalId: cmsIdentity.outputs.principalId
+    cmsIdentityResourceId: cmsIdentity.outputs.resourceId
+    cmsIdentityTenantId: cmsIdentity.outputs.tenantId
+    cmsIdentityName: cmsIdentity.outputs.resourceName
+  }
+}
+
+output resourceGroupName string = resourceGroup.name
+output resourceLocation string = resourceGroup.location
+output containerRegistryName string = containerRegistry.outputs.registryName
+output logAnalyticsWorkspaceName string = logAnalyticsWorkspace.outputs.resourceName
+output keyVaultName string = keyVault.outputs.resourceName
+output identityResourceId string = cmsIdentity.outputs.resourceId
diff --git a/infrastructure/cms/main.bicep b/infrastructure/cms/main.bicep
new file mode 100644
index 0000000..24d4b8c
--- /dev/null
+++ b/infrastructure/cms/main.bicep
@@ -0,0 +1,37 @@
+import { appendHash } from '../utilities.bicep'
+
+param databaseClient string
+param logAnalyticsWorkspaceName string
+param keyVaultName string
+param identityResourceId string
+
+module cmsContainerApp '../modules/containerApp.bicep' = {
+  name: 'deployCmsContainer'
+  params: {
+    containerAppEnvironmentName: 'cae-cms'
+    containerAppName: 'ca-cms'
+    imageName: 'nginx:latest'
+    logAnalyicsWorkspaceName: logAnalyticsWorkspaceName
+    keyVaultName: keyVaultName
+    targetPort: 1337
+    cmsIdentityResourceId: identityResourceId
+    environmentVariables: [
+      {
+        name: 'DATABASE_CLIENT'
+        value: databaseClient
+      }
+    ]
+    secrets: [
+      'APP_KEYS'
+      'API_TOKEN_SALT'
+      'ADMIN_JWT_SECRET'
+      'TRANSFER_TOKEN_SALT'
+      'JWT_SECRET'
+      'DATABASE_USERNAME'
+      'DATABASE_PASSWORD'
+    ]
+  }
+}
+
+output containerAppEnvironmentName string = cmsContainerApp.outputs.containerAppEnvironmentName
+output containerAppName string = cmsContainerApp.outputs.containerAppName
diff --git a/infrastructure/modules/identity.bicep b/infrastructure/modules/identity.bicep
index 056e4a0..044077b 100644
--- a/infrastructure/modules/identity.bicep
+++ b/infrastructure/modules/identity.bicep
@@ -7,7 +7,7 @@ resource cmsIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-3
   location: resourceGroup().location
 }
 
-output cmsIdentityResourceId string = cmsIdentity.id
-output cmsIdentityPrincipalId string = cmsIdentity.properties.principalId
-output cmsIdentityTenantId string = cmsIdentity.properties.tenantId
-output cmsIdentityName string = cmsIdentity.name
+output resourceId string = cmsIdentity.id
+output principalId string = cmsIdentity.properties.principalId
+output tenantId string = cmsIdentity.properties.tenantId
+output resourceName string = cmsIdentity.name
diff --git a/infrastructure/modules/registry.bicep b/infrastructure/modules/registry.bicep
index 3c962ba..a58786f 100644
--- a/infrastructure/modules/registry.bicep
+++ b/infrastructure/modules/registry.bicep
@@ -10,4 +10,4 @@ resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' =
   }
 }
 
-output containerRegistryName string = containerRegistry.name
+output registryName string = containerRegistry.name