diff --git a/terraform/deployments/datagovuk-infrastructure/main.tf b/terraform/deployments/datagovuk-infrastructure/main.tf
index 5a7dd13f3..e6d689b42 100644
--- a/terraform/deployments/datagovuk-infrastructure/main.tf
+++ b/terraform/deployments/datagovuk-infrastructure/main.tf
@@ -55,3 +55,5 @@ provider "helm" {
 }
 
 provider "fastly" { api_key = "test" }
+
+data "fastly_ip_ranges" "fastly" {}
diff --git a/terraform/deployments/datagovuk-infrastructure/organogram_bucket.tf b/terraform/deployments/datagovuk-infrastructure/organogram_bucket.tf
index 65e1b0674..21cf0b3f2 100644
--- a/terraform/deployments/datagovuk-infrastructure/organogram_bucket.tf
+++ b/terraform/deployments/datagovuk-infrastructure/organogram_bucket.tf
@@ -1,5 +1,3 @@
-data "fastly_ip_ranges" "fastly" {}
-
 data "aws_iam_policy_document" "s3_fastly_read_policy_doc" {
   statement {
     sid     = "S3FastlyReadBucket"
diff --git a/terraform/deployments/datagovuk-infrastructure/static_data_bucket.tf b/terraform/deployments/datagovuk-infrastructure/static_data_bucket.tf
new file mode 100644
index 000000000..9a2301d4b
--- /dev/null
+++ b/terraform/deployments/datagovuk-infrastructure/static_data_bucket.tf
@@ -0,0 +1,57 @@
+resource "aws_s3_bucket" "datagovuk_static" {
+  bucket = "datagovuk-${var.govuk_environment}-ckan-static-data"
+}
+
+resource "aws_s3_bucket_versioning" "datagovuk_static" {
+  bucket = aws_s3_bucket.datagovuk_static.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_logging" "datagovuk_static" {
+  bucket        = aws_s3_bucket.datagovuk_static.id
+  target_bucket = "govuk-${var.govuk_environment}-aws-logging"
+  target_prefix = "s3/datagovuk-${var.govuk_environment}-ckan-static-data/"
+}
+
+data "aws_iam_policy_document" "datagovuk_static" {
+  statement {
+    sid     = "S3FastlyReadBucket"
+    actions = ["s3:GetObject"]
+
+    resources = [
+      "arn:aws:s3:::${aws_s3_bucket.datagovuk_static.id}",
+      "arn:aws:s3:::${aws_s3_bucket.datagovuk_static.id}/*",
+    ]
+
+    condition {
+      test     = "IpAddress"
+      variable = "aws:SourceIp"
+
+      values = data.fastly_ip_ranges.fastly.cidr_blocks
+    }
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "govuk_datagovuk_static_read_policy" {
+  bucket = aws_s3_bucket.datagovuk_static.id
+  policy = data.aws_iam_policy_document.datagovuk_static.json
+}
+
+// Imports (temporary)
+
+import {
+  to = aws_s3_bucket.datagovuk_static
+  id = "datagovuk-${var.govuk_environment}-ckan-static-data"
+}
+
+import {
+  to = aws_s3_bucket_policy.govuk_datagovuk_static_read_policy
+  id = "datagovuk-${var.govuk_environment}-ckan-static-data"
+}
diff --git a/terraform/deployments/vpc/root_dns_zones.tf b/terraform/deployments/vpc/root_dns_zones.tf
index 3ab15c106..b99ec7690 100644
--- a/terraform/deployments/vpc/root_dns_zones.tf
+++ b/terraform/deployments/vpc/root_dns_zones.tf
@@ -9,24 +9,3 @@ resource "aws_route53_zone" "internal_zone" {
 resource "aws_route53_zone" "external_zone" {
   name = "${var.govuk_environment}.govuk.digital."
 }
-
-// Imports (temporary)
-
-data "aws_route53_zone" "internal" {
-  name         = "${var.govuk_environment}.govuk-internal.digital."
-  private_zone = true
-}
-
-data "aws_route53_zone" "external" {
-  name = "${var.govuk_environment}.govuk.digital."
-}
-
-import {
-  to = aws_route53_zone.external_zone
-  id = data.aws_route53_zone.external.zone_id
-}
-
-import {
-  to = aws_route53_zone.internal_zone
-  id = data.aws_route53_zone.internal.zone_id
-}