diff --git a/src/common/_modules/apim/data.tf b/src/common/_modules/apim/data.tf
new file mode 100644
index 000000000..fc8777142
--- /dev/null
+++ b/src/common/_modules/apim/data.tf
@@ -0,0 +1,26 @@
+data "azurerm_key_vault_secret" "apim_publisher_email" {
+  name         = "apim-publisher-email"
+  key_vault_id = var.key_vault.id
+}
+
+data "azurerm_key_vault_certificate" "api_internal_io_italia_it" {
+  name         = replace(local.apim_hostname_api_internal, ".", "-")
+  key_vault_id = var.key_vault_common.id
+}
+
+data "azurerm_key_vault_certificate" "api_app_internal_io_pagopa_it" {
+  name         = replace(local.apim_hostname_api_app_internal, ".", "-")
+  key_vault_id = var.key_vault.id
+}
+
+data "azurerm_api_management_group" "api_v2_lollipop_assertion_read" {
+  name                = "apilollipopassertionread"
+  api_management_name = module.apim_v2.name
+  resource_group_name = module.apim_v2.resource_group_name
+}
+
+data "azurerm_api_management_product" "apim_v2_product_lollipop" {
+  product_id          = "io-lollipop-api"
+  api_management_name = module.apim_v2.name
+  resource_group_name = module.apim_v2.resource_group_name
+}
diff --git a/src/common/_modules/apim/locals.tf b/src/common/_modules/apim/locals.tf
new file mode 100644
index 000000000..7e8b19a25
--- /dev/null
+++ b/src/common/_modules/apim/locals.tf
@@ -0,0 +1,13 @@
+locals {
+  nonstandard = {
+    weu = {
+      snet_name = "apimv2api"
+      nsg_name  = "${var.project}-apim-v2-nsg"
+      pip_name  = "${var.project}-apim-v2-public-ip"
+      apim_name = "${var.project}-apim-v2-api"
+    }
+  }
+
+  apim_hostname_api_internal     = "api-internal.io.italia.it"
+  apim_hostname_api_app_internal = "api-app.internal.io.pagopa.it"
+}
diff --git a/src/common/_modules/apim/main.tf b/src/common/_modules/apim/main.tf
new file mode 100644
index 000000000..cad36b673
--- /dev/null
+++ b/src/common/_modules/apim/main.tf
@@ -0,0 +1,153 @@
+module "apim_v2" {
+  source = "github.com/pagopa/terraform-azurerm-v3//api_management?ref=v8.27.0"
+
+  subnet_id                 = azurerm_subnet.apim.id
+  location                  = var.location
+  name                      = try(local.nonstandard[var.location_short].apim_name, "${var.project}-apim-01")
+  resource_group_name       = var.resource_group_internal
+  publisher_name            = "IO"
+  publisher_email           = data.azurerm_key_vault_secret.apim_publisher_email.value
+  notification_sender_email = data.azurerm_key_vault_secret.apim_publisher_email.value
+  sku_name                  = "Premium_2"
+  virtual_network_type      = "Internal"
+  zones                     = ["1", "2"]
+
+  redis_cache_id       = null
+  public_ip_address_id = azurerm_public_ip.apim.id
+
+  hostname_configuration = {
+    proxy = [
+      {
+        # io-p-apim-api.azure-api.net
+        default_ssl_binding = false
+        host_name           = "io-p-apim-v2-api.azure-api.net"
+        key_vault_id        = null
+      },
+      {
+        # api-internal.io.italia.it
+        default_ssl_binding = true
+        host_name           = local.apim_hostname_api_internal
+        key_vault_id = replace(
+          data.azurerm_key_vault_certificate.api_internal_io_italia_it.secret_id,
+          "/${data.azurerm_key_vault_certificate.api_internal_io_italia_it.version}",
+          ""
+        )
+      },
+      {
+        # api-app.internal.io.pagopa.it
+        default_ssl_binding = false
+        host_name           = local.apim_hostname_api_app_internal
+        key_vault_id = replace(
+          data.azurerm_key_vault_certificate.api_app_internal_io_pagopa_it.secret_id,
+          "/${data.azurerm_key_vault_certificate.api_app_internal_io_pagopa_it.version}",
+          ""
+        )
+      },
+    ]
+    developer_portal = null
+    management       = null
+    portal           = null
+  }
+
+  management_logger_applicaiton_insight_enabled = true
+  application_insights = {
+    enabled             = true
+    instrumentation_key = var.ai_instrumentation_key
+  }
+
+  autoscale = {
+    enabled                       = true
+    default_instances             = 3
+    minimum_instances             = 2
+    maximum_instances             = 6
+    scale_out_capacity_percentage = 50
+    scale_out_time_window         = "PT3M"
+    scale_out_value               = "1"
+    scale_out_cooldown            = "PT5M"
+    scale_in_capacity_percentage  = 20
+    scale_in_time_window          = "PT5M"
+    scale_in_value                = "1"
+    scale_in_cooldown             = "PT5M"
+  }
+
+  action = [
+    {
+      action_group_id    = var.action_group_id
+      webhook_properties = null
+    }
+  ]
+
+  # https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftapimanagementservice
+  metric_alerts = {
+    capacity = {
+      description   = "Apim used capacity is too high. Runbook: https://pagopa.atlassian.net/wiki/spaces/IC/pages/791642113/APIM+Capacity"
+      frequency     = "PT5M"
+      window_size   = "PT5M"
+      severity      = 1
+      auto_mitigate = true
+
+      criteria = [{
+        metric_namespace       = "Microsoft.ApiManagement/service"
+        metric_name            = "Capacity"
+        aggregation            = "Average"
+        operator               = "GreaterThan"
+        threshold              = 60
+        skip_metric_validation = false
+        dimension              = []
+      }]
+      dynamic_criteria = []
+    }
+
+    duration = {
+      description   = "Apim abnormal response time"
+      frequency     = "PT5M"
+      window_size   = "PT5M"
+      severity      = 2
+      auto_mitigate = true
+
+      criteria = []
+
+      dynamic_criteria = [{
+        metric_namespace         = "Microsoft.ApiManagement/service"
+        metric_name              = "Duration"
+        aggregation              = "Average"
+        operator                 = "GreaterThan"
+        alert_sensitivity        = "High"
+        evaluation_total_count   = 2
+        evaluation_failure_count = 2
+        skip_metric_validation   = false
+        ignore_data_before       = "2021-01-01T00:00:00Z" # sample data
+        dimension                = []
+      }]
+    }
+
+    requests_failed = {
+      description   = "Apim abnormal failed requests"
+      frequency     = "PT5M"
+      window_size   = "PT5M"
+      severity      = 2
+      auto_mitigate = true
+
+      criteria = []
+
+      dynamic_criteria = [{
+        metric_namespace         = "Microsoft.ApiManagement/service"
+        metric_name              = "Requests"
+        aggregation              = "Total"
+        operator                 = "GreaterThan"
+        alert_sensitivity        = "High"
+        evaluation_total_count   = 2
+        evaluation_failure_count = 2
+        skip_metric_validation   = false
+        ignore_data_before       = "2021-01-01T00:00:00Z" # sample data
+        dimension = [{
+          name     = "BackendResponseCode"
+          operator = "Include"
+          values   = ["5xx"]
+        }]
+      }]
+    }
+  }
+
+  tags = var.tags
+}
diff --git a/src/common/_modules/apim/networking.tf b/src/common/_modules/apim/networking.tf
new file mode 100644
index 000000000..4e8ba503d
--- /dev/null
+++ b/src/common/_modules/apim/networking.tf
@@ -0,0 +1,49 @@
+resource "azurerm_subnet" "apim" {
+  name                 = try(local.nonstandard[var.location_short].snet_name, "${var.project}-apim-snet-01")
+  resource_group_name  = var.vnet_common.resource_group_name
+  virtual_network_name = var.vnet_common.name
+  address_prefixes     = [var.cidr_subnet]
+
+  private_endpoint_network_policies = "Enabled"
+
+  service_endpoints = [
+    "Microsoft.Web",
+  ]
+}
+
+resource "azurerm_network_security_group" "apim" {
+  name                = try(local.nonstandard[var.location_short].nsg_name, "${var.project}-apim-nsg-01")
+  resource_group_name = var.resource_group_common
+  location            = var.location
+
+  security_rule {
+    name                       = "managementapim"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "3443"
+    source_address_prefix      = "ApiManagement"
+    destination_address_prefix = "VirtualNetwork"
+  }
+
+  tags = var.tags
+}
+
+resource "azurerm_subnet_network_security_group_association" "apim" {
+  subnet_id                 = azurerm_subnet.apim.id
+  network_security_group_id = azurerm_network_security_group.apim.id
+}
+
+resource "azurerm_public_ip" "apim" {
+  name                = try(local.nonstandard[var.location_short].pip_name, "${var.project}-apim-pip-01")
+  resource_group_name = var.resource_group_common
+  location            = var.location
+  allocation_method   = "Static"
+  sku                 = "Standard"
+  domain_name_label   = "apimio"
+  zones               = ["1", "2", "3"]
+
+  tags = var.tags
+}
diff --git a/src/common/_modules/apim/rbac.tf b/src/common/_modules/apim/rbac.tf
new file mode 100644
index 000000000..0623918e7
--- /dev/null
+++ b/src/common/_modules/apim/rbac.tf
@@ -0,0 +1,21 @@
+resource "azurerm_key_vault_access_policy" "apim_v2_kv_policy" {
+  key_vault_id = var.key_vault.id
+  tenant_id    = var.datasources.azurerm_client_config.tenant_id
+  object_id    = module.apim_v2.principal_id
+
+  key_permissions         = []
+  secret_permissions      = ["Get", "List"]
+  certificate_permissions = ["Get", "List"]
+  storage_permissions     = []
+}
+
+resource "azurerm_key_vault_access_policy" "v2_common" {
+  key_vault_id = var.key_vault_common.id
+  tenant_id    = var.datasources.azurerm_client_config.tenant_id
+  object_id    = module.apim_v2.principal_id
+
+  key_permissions         = []
+  secret_permissions      = ["Get", "List"]
+  certificate_permissions = ["Get", "List"]
+  storage_permissions     = []
+}
diff --git a/src/common/_modules/apim/subscriptions.tf b/src/common/_modules/apim/subscriptions.tf
new file mode 100644
index 000000000..5c88a8756
--- /dev/null
+++ b/src/common/_modules/apim/subscriptions.tf
@@ -0,0 +1,10 @@
+
+resource "azurerm_api_management_subscription" "pn_lc_subscription_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.id
+  api_management_name = module.apim_v2.name
+  resource_group_name = module.apim_v2.resource_group_name
+  product_id          = data.azurerm_api_management_product.apim_v2_product_lollipop.id
+  display_name        = "PN LC"
+  state               = "active"
+  allow_tracing       = false
+}
diff --git a/src/common/_modules/apim/users.tf b/src/common/_modules/apim/users.tf
new file mode 100644
index 000000000..e6077c59c
--- /dev/null
+++ b/src/common/_modules/apim/users.tf
@@ -0,0 +1,17 @@
+
+resource "azurerm_api_management_user" "pn_user_v2" {
+  user_id             = "pnapimuser"
+  api_management_name = module.apim_v2.name
+  resource_group_name = module.apim_v2.resource_group_name
+  first_name          = "PNAPIMuser"
+  last_name           = "PNAPIMuser"
+  email               = "pn-apim-user@pagopa.it"
+  state               = "active"
+}
+
+resource "azurerm_api_management_group_user" "pn_user_group_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.user_id
+  api_management_name = module.apim_v2.name
+  resource_group_name = module.apim_v2.resource_group_name
+  group_name          = data.azurerm_api_management_group.api_v2_lollipop_assertion_read.name
+}
diff --git a/src/common/_modules/apim/variables.tf b/src/common/_modules/apim/variables.tf
new file mode 100644
index 000000000..cbcc9b4f4
--- /dev/null
+++ b/src/common/_modules/apim/variables.tf
@@ -0,0 +1,86 @@
+variable "resource_group_common" {
+  type        = string
+  description = "Name of common resource group"
+}
+
+variable "resource_group_internal" {
+  type        = string
+  description = "Name of internal resource group"
+}
+
+variable "project" {
+  type        = string
+  description = "IO prefix, short environment and short location"
+}
+
+variable "prefix" {
+  type    = string
+  default = "io"
+  validation {
+    condition = (
+      length(var.prefix) < 6
+    )
+    error_message = "Max length is 6 chars."
+  }
+}
+
+variable "location" {
+  type        = string
+  description = "Azure region"
+}
+
+variable "location_short" {
+  type        = string
+  description = "Azure region short name"
+}
+
+variable "tags" {
+  type        = map(any)
+  description = "Resource tags"
+}
+
+variable "vnet_common" {
+  type = object({
+    id                  = string
+    name                = string
+    address_space       = list(string)
+    resource_group_name = string
+  })
+  description = "Information of the common VNet"
+}
+
+variable "cidr_subnet" {
+  type        = string
+  description = "APIM subnet CIDR block"
+}
+
+variable "action_group_id" {
+  type = string
+}
+
+variable "ai_instrumentation_key" {
+  type = string
+}
+
+variable "key_vault" {
+  type = object({
+    id                  = string
+    name                = string
+    resource_group_name = string
+  })
+  description = "Information of the Key Vault"
+}
+
+variable "key_vault_common" {
+  type = object({
+    id                  = string
+    name                = string
+    resource_group_name = string
+  })
+  description = "Information of the Key Vault Common"
+}
+
+variable "datasources" {
+  type        = map(any)
+  description = "Common datasources"
+}
diff --git a/src/common/_modules/assets_cdn/cdn_endpoints.tf b/src/common/_modules/assets_cdn/cdn_endpoints.tf
new file mode 100644
index 000000000..a30cfcc1d
--- /dev/null
+++ b/src/common/_modules/assets_cdn/cdn_endpoints.tf
@@ -0,0 +1,98 @@
+resource "azurerm_cdn_endpoint" "assets_cdn_endpoint" {
+  name                          = try(local.nonstandard[var.location_short].cdne, "${var.project}-assets-cdne-01")
+  resource_group_name           = azurerm_resource_group.assets_cdn_rg.name
+  location                      = var.location
+  profile_name                  = azurerm_cdn_profile.assets_cdn_profile.name
+  is_https_allowed              = true
+  is_http_allowed               = false
+  querystring_caching_behaviour = "IgnoreQueryString"
+  origin_host_header            = var.assets_cdn_fn.hostname
+
+  origin {
+    name      = "primary"
+    host_name = var.assets_cdn_fn.hostname
+  }
+
+  global_delivery_rule {
+    cache_expiration_action {
+      behavior = "Override"
+      duration = "08:00:00"
+    }
+
+    modify_request_header_action {
+      action = "Append"
+      name   = "x-functions-key"
+      value  = data.azurerm_key_vault_secret.assets_cdn_fn_key_cdn.value
+    }
+  }
+
+  delivery_rule {
+    name  = "servicesdata"
+    order = 1
+    url_path_condition {
+      operator     = "BeginsWith"
+      match_values = ["/services-data"]
+    }
+    cache_expiration_action {
+      behavior = "Override"
+      duration = "00:15:00"
+    }
+  }
+
+  delivery_rule {
+    name  = "bonus"
+    order = 2
+    url_path_condition {
+      operator     = "BeginsWith"
+      match_values = ["/bonus"]
+    }
+    cache_expiration_action {
+      behavior = "Override"
+      duration = "00:15:00"
+    }
+  }
+
+  delivery_rule {
+    name  = "status"
+    order = 3
+    url_path_condition {
+      operator     = "BeginsWith"
+      match_values = ["/status"]
+    }
+    cache_expiration_action {
+      behavior = "Override"
+      duration = "00:05:00"
+    }
+  }
+
+  delivery_rule {
+    name  = "assistancetoolszendesk"
+    order = 4
+    url_path_condition {
+      operator     = "BeginsWith"
+      match_values = ["/assistanceTools/zendesk.json"]
+    }
+    cache_expiration_action {
+      behavior = "Override"
+      duration = "00:05:00"
+    }
+  }
+
+  delivery_rule {
+    name  = "sign"
+    order = 5
+    url_path_condition {
+      operator     = "BeginsWith"
+      match_values = ["/sign"]
+      transforms   = ["Lowercase"]
+    }
+    modify_response_header_action {
+      action = "Append"
+      name   = "Access-Control-Allow-Origin"
+      value  = "*"
+    }
+  }
+
+  tags = var.tags
+}
+
diff --git a/src/common/_modules/assets_cdn/custom_domains.tf b/src/common/_modules/assets_cdn/custom_domains.tf
new file mode 100644
index 000000000..059d7a93f
--- /dev/null
+++ b/src/common/_modules/assets_cdn/custom_domains.tf
@@ -0,0 +1,50 @@
+
+resource "azurerm_dns_cname_record" "assets_cdn_io_pagopa_it" {
+  name                = "assets.cdn"
+  zone_name           = var.public_dns_zones.io.name
+  resource_group_name = var.resource_groups.external
+  ttl                 = var.dns_default_ttl_sec
+  record              = azurerm_cdn_endpoint.assets_cdn_endpoint.fqdn
+
+  tags = var.tags
+}
+
+resource "azurerm_cdn_endpoint_custom_domain" "assets_cdn" {
+  depends_on = [
+    azurerm_dns_cname_record.assets_cdn_io_pagopa_it,
+  ]
+
+  name            = replace("${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${var.public_dns_zones.io.name}", ".", "-")
+  cdn_endpoint_id = azurerm_cdn_endpoint.assets_cdn_endpoint.id
+  host_name       = "${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${var.public_dns_zones.io.name}"
+  cdn_managed_https {
+    certificate_type = "Dedicated"
+    protocol_type    = "ServerNameIndication"
+    tls_version      = "TLS12"
+  }
+}
+
+resource "azurerm_dns_cname_record" "assets_cdn_io_italia_it" {
+  name                = "assets.cdn"
+  zone_name           = var.public_dns_zones.io_italia_it.name
+  resource_group_name = var.resource_groups.external
+  ttl                 = var.dns_default_ttl_sec
+  record              = azurerm_cdn_endpoint.assets_cdn_endpoint.fqdn
+
+  tags = var.tags
+}
+
+resource "azurerm_cdn_endpoint_custom_domain" "assets_cdn_io_italia_it" {
+  depends_on = [
+    azurerm_dns_cname_record.assets_cdn_io_italia_it,
+  ]
+
+  name            = replace("${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${var.public_dns_zones.io_italia_it.name}", ".", "-")
+  cdn_endpoint_id = azurerm_cdn_endpoint.assets_cdn_endpoint.id
+  host_name       = "${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${var.public_dns_zones.io_italia_it.name}"
+  cdn_managed_https {
+    certificate_type = "Dedicated"
+    protocol_type    = "ServerNameIndication"
+    tls_version      = "TLS12"
+  }
+}
diff --git a/src/common/_modules/assets_cdn/data.tf b/src/common/_modules/assets_cdn/data.tf
new file mode 100644
index 000000000..4179ca7e7
--- /dev/null
+++ b/src/common/_modules/assets_cdn/data.tf
@@ -0,0 +1,4 @@
+data "azurerm_key_vault_secret" "assets_cdn_fn_key_cdn" {
+  name         = "${var.assets_cdn_fn.name}-KEY-CDN"
+  key_vault_id = var.key_vault_common.id
+}
\ No newline at end of file
diff --git a/src/common/_modules/assets_cdn/locals.tf b/src/common/_modules/assets_cdn/locals.tf
new file mode 100644
index 000000000..8db73de9d
--- /dev/null
+++ b/src/common/_modules/assets_cdn/locals.tf
@@ -0,0 +1,10 @@
+locals {
+  nonstandard = {
+    weu = {
+      cdne = "${var.project}-assets-cdn-endpoint"
+      rg   = "${var.project}-assets-cdn-rg"
+      st   = "${var.project}-stcdnassets"
+      cdnp = "${var.project}-assets-cdn-profile"
+    }
+  }
+}
\ No newline at end of file
diff --git a/src/common/_modules/assets_cdn/main.tf b/src/common/_modules/assets_cdn/main.tf
new file mode 100644
index 000000000..d4be3fc3d
--- /dev/null
+++ b/src/common/_modules/assets_cdn/main.tf
@@ -0,0 +1,36 @@
+resource "azurerm_resource_group" "assets_cdn_rg" {
+  name     = try(local.nonstandard[var.location_short].rg, "${var.project}-assets-cdn-rg-01")
+  location = var.location
+
+  tags = var.tags
+}
+
+module "assets_cdn" {
+  source = "github.com/pagopa/terraform-azurerm-v3//storage_account?ref=v8.27.0"
+
+  name                            = replace(try(local.nonstandard[var.location_short].st, "${var.project}-assets-st-01"), "-", "")
+  account_kind                    = "StorageV2"
+  account_tier                    = "Standard"
+  access_tier                     = "Hot"
+  blob_versioning_enabled         = true
+  account_replication_type        = "GZRS"
+  resource_group_name             = var.resource_groups.common
+  location                        = var.location
+  advanced_threat_protection      = false
+  allow_nested_items_to_be_public = true
+  public_network_access_enabled   = true
+
+  index_document     = "index.html"
+  error_404_document = "index.html"
+
+  tags = var.tags
+}
+
+resource "azurerm_cdn_profile" "assets_cdn_profile" {
+  name                = try(local.nonstandard[var.location_short].cdnp, "${var.project}-assets-cdnp-01")
+  resource_group_name = azurerm_resource_group.assets_cdn_rg.name
+  location            = var.location
+  sku                 = "Standard_Microsoft"
+
+  tags = var.tags
+}
\ No newline at end of file
diff --git a/src/common/_modules/assets_cdn/variables.tf b/src/common/_modules/assets_cdn/variables.tf
new file mode 100644
index 000000000..5244ce1ff
--- /dev/null
+++ b/src/common/_modules/assets_cdn/variables.tf
@@ -0,0 +1,56 @@
+variable "project" {
+  type        = string
+  description = "IO prefix, short environment and short location"
+}
+
+variable "location" {
+  type        = string
+  description = "Azure region"
+}
+
+variable "location_short" {
+  type        = string
+  description = "Azure region short name"
+}
+
+variable "tags" {
+  type        = map(any)
+  description = "Resource tags"
+}
+
+variable "resource_groups" {
+  type        = map(string)
+  description = "Resource group names"
+}
+
+variable "dns_default_ttl_sec" {
+  type        = number
+  description = "Default TTL of DNS records"
+}
+
+variable "public_dns_zones" {
+  type        = map(any)
+  description = "Public dns zones information"
+}
+
+variable "external_domain" {
+  type        = string
+  description = "Domain for delegation"
+}
+
+variable "assets_cdn_fn" {
+  type = object({
+    name     = string
+    hostname = string
+  })
+  description = "Name of the assets CDN function"
+}
+
+variable "key_vault_common" {
+  type = object({
+    id                  = string
+    name                = string
+    resource_group_name = string
+  })
+  description = "Information of the Key Vault Common"
+}
\ No newline at end of file
diff --git a/src/common/_modules/global/modules/dns/outputs.tf b/src/common/_modules/global/modules/dns/outputs.tf
index 0fedf3972..a281b0458 100644
--- a/src/common/_modules/global/modules/dns/outputs.tf
+++ b/src/common/_modules/global/modules/dns/outputs.tf
@@ -40,3 +40,7 @@ output "private_dns_zones" {
 output "external_domain" {
   value = var.external_domain
 }
+
+output "dns_default_ttl_sec" {
+  value = var.dns_default_ttl_sec
+}
\ No newline at end of file
diff --git a/src/common/_modules/global/modules/dns/variables.tf b/src/common/_modules/global/modules/dns/variables.tf
index 1619cb0ac..70eac2178 100644
--- a/src/common/_modules/global/modules/dns/variables.tf
+++ b/src/common/_modules/global/modules/dns/variables.tf
@@ -23,7 +23,7 @@ variable "vnets" {
 
 variable "dns_default_ttl_sec" {
   type        = number
-  description = "value"
+  description = "Default TTL of DNS records"
   default     = 3600
 }
 
diff --git a/src/common/_modules/monitoring/outputs.tf b/src/common/_modules/monitoring/outputs.tf
index d088152f5..6021b1e81 100644
--- a/src/common/_modules/monitoring/outputs.tf
+++ b/src/common/_modules/monitoring/outputs.tf
@@ -6,4 +6,17 @@ output "action_groups" {
     email              = azurerm_monitor_action_group.email.id
     slack              = azurerm_monitor_action_group.slack.id
   }
-}
\ No newline at end of file
+}
+
+output "appi" {
+  value = {
+    id                  = azurerm_application_insights.appi.id
+    name                = azurerm_application_insights.appi.name
+    resource_group_name = azurerm_application_insights.appi.resource_group_name
+  }
+}
+
+output "appi_instrumentation_key" {
+  value     = azurerm_application_insights.appi.instrumentation_key
+  sensitive = true
+}
diff --git a/src/common/prod/.terraform.lock.hcl b/src/common/prod/.terraform.lock.hcl
index a3a57669e..0da24a0e3 100644
--- a/src/common/prod/.terraform.lock.hcl
+++ b/src/common/prod/.terraform.lock.hcl
@@ -25,7 +25,7 @@ provider "registry.terraform.io/hashicorp/azuread" {
 
 provider "registry.terraform.io/hashicorp/azurerm" {
   version     = "3.114.0"
-  constraints = "~> 3.30, <= 3.114.0"
+  constraints = "~> 3.30, ~> 3.33, ~> 3.76, != 3.97.0, != 3.97.1, <= 3.114.0"
   hashes = [
     "h1:9gfR0VCUpoynii31LxsLaK9fV1blcnJQi3vnjJLSiaI=",
     "h1:af8gzp2nuiJVXGW2v3Ch9+W/SjbwFCTpWaylAhbiby4=",
@@ -45,3 +45,25 @@ provider "registry.terraform.io/hashicorp/azurerm" {
     "zh:f807554e5e08e38e6526e363641219e89ad9eda0b24ec09f25e61c74eece2490",
   ]
 }
+
+provider "registry.terraform.io/hashicorp/null" {
+  version = "3.2.3"
+  hashes = [
+    "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=",
+    "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=",
+    "h1:nKUqWEza6Lcv3xRlzeiRQrHtqvzX1BhIzjaOVXRYQXQ=",
+    "h1:zxoDtu918XPWJ/Y6s4aFrZydn6SfqkRc5Ax1ZLnC6Ew=",
+    "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2",
+    "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d",
+    "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3",
+    "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f",
+    "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301",
+    "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670",
+    "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed",
+    "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65",
+    "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd",
+    "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5",
+  ]
+}
diff --git a/src/common/prod/README.md b/src/common/prod/README.md
index afdc083c6..4f2f5cfb5 100644
--- a/src/common/prod/README.md
+++ b/src/common/prod/README.md
@@ -10,7 +10,9 @@
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_apim_weu"></a> [apim\_weu](#module\_apim\_weu) | ../_modules/apim | n/a |
 | <a name="module_application_gateway_weu"></a> [application\_gateway\_weu](#module\_application\_gateway\_weu) | ../_modules/application_gateway | n/a |
+| <a name="module_assets_cdn_weu"></a> [assets\_cdn\_weu](#module\_assets\_cdn\_weu) | ../_modules/assets_cdn | n/a |
 | <a name="module_event_hubs_weu"></a> [event\_hubs\_weu](#module\_event\_hubs\_weu) | ../_modules/event_hubs | n/a |
 | <a name="module_global"></a> [global](#module\_global) | ../_modules/global | n/a |
 | <a name="module_monitoring_weu"></a> [monitoring\_weu](#module\_monitoring\_weu) | ../_modules/monitoring | n/a |
@@ -21,10 +23,12 @@
 |------|------|
 | [azurerm_api_management.apim_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+| [azurerm_linux_function_app.function_assets_cdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_web_app.app_backendl1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
 | [azurerm_linux_web_app.app_backendl2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
 | [azurerm_linux_web_app.firmaconio_selfcare_web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
 | [azurerm_resource_group.common_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_resource_group.internal_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_virtual_network.weu_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 | [azurerm_virtual_network.weu_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 | [terraform_remote_state.core](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
diff --git a/src/common/prod/data.tf b/src/common/prod/data.tf
index 746ec9192..3b831ff5b 100644
--- a/src/common/prod/data.tf
+++ b/src/common/prod/data.tf
@@ -43,3 +43,9 @@ data "azurerm_linux_web_app" "app_backendl2" {
   name                = "${local.project_weu_legacy}-app-appbackendl2"
   resource_group_name = "${local.project_weu_legacy}-rg-linux"
 }
+
+# CDN
+data "azurerm_linux_function_app" "function_assets_cdn" {
+  name                = "${local.project_weu_legacy}-assets-cdn-fn"
+  resource_group_name = "${local.project_weu_legacy}-assets-cdn-rg"
+}
\ No newline at end of file
diff --git a/src/common/prod/westeurope.tf b/src/common/prod/westeurope.tf
index 0063be87d..16faa024e 100644
--- a/src/common/prod/westeurope.tf
+++ b/src/common/prod/westeurope.tf
@@ -2,6 +2,10 @@ data "azurerm_resource_group" "common_weu" {
   name = format("%s-rg-common", local.project_weu_legacy)
 }
 
+data "azurerm_resource_group" "internal_weu" {
+  name = format("%s-rg-internal", local.project_weu_legacy)
+}
+
 module "event_hubs_weu" {
   source = "../_modules/event_hubs"
 
@@ -281,6 +285,7 @@ module "monitoring_weu" {
 
   tags = local.tags
 }
+
 module "application_gateway_weu" {
   source = "../_modules/application_gateway"
 
@@ -330,3 +335,50 @@ module "application_gateway_weu" {
 
   tags = merge(local.tags, { Source = "https://github.com/pagopa/io-infra" })
 }
+
+module "apim_weu" {
+  source = "../_modules/apim"
+
+  location       = data.azurerm_resource_group.common_weu.location
+  location_short = local.location_short[data.azurerm_resource_group.common_weu.location]
+  project        = local.project_weu_legacy
+  prefix         = local.prefix
+
+  resource_group_common   = data.azurerm_resource_group.common_weu.name
+  resource_group_internal = data.azurerm_resource_group.internal_weu.name
+
+  vnet_common = local.core.networking.weu.vnet_common
+  cidr_subnet = "10.0.100.0/24"
+
+  datasources = {
+    azurerm_client_config = data.azurerm_client_config.current
+  }
+
+  key_vault        = local.core.key_vault.weu.kv
+  key_vault_common = local.core.key_vault.weu.kv_common
+
+  action_group_id        = module.monitoring_weu.action_groups.error
+  ai_instrumentation_key = module.monitoring_weu.appi_instrumentation_key
+
+  tags = local.tags
+}
+
+module "assets_cdn_weu" {
+  source = "../_modules/assets_cdn"
+
+  location       = data.azurerm_resource_group.common_weu.location
+  location_short = local.location_short[data.azurerm_resource_group.common_weu.location]
+  project        = local.project_weu_legacy
+
+  resource_groups     = local.resource_groups[local.location_short[data.azurerm_resource_group.common_weu.location]]
+  key_vault_common    = local.core.key_vault.weu.kv_common
+  external_domain     = module.global.dns.external_domain
+  public_dns_zones    = module.global.dns.public_dns_zones
+  dns_default_ttl_sec = module.global.dns.dns_default_ttl_sec
+  assets_cdn_fn = {
+    name     = data.azurerm_linux_function_app.function_assets_cdn.name
+    hostname = data.azurerm_linux_function_app.function_assets_cdn.default_hostname
+  }
+
+  tags = local.tags
+}
\ No newline at end of file
diff --git a/src/core/.terraform.lock.hcl b/src/core/.terraform.lock.hcl
index 24f6680d0..c22ce9583 100644
--- a/src/core/.terraform.lock.hcl
+++ b/src/core/.terraform.lock.hcl
@@ -49,7 +49,7 @@ provider "registry.terraform.io/hashicorp/azuread" {
 
 provider "registry.terraform.io/hashicorp/azurerm" {
   version     = "3.110.0"
-  constraints = "~> 3.30, ~> 3.33, ~> 3.76, ~> 3.95, != 3.97.0, != 3.97.1, <= 3.110.0"
+  constraints = "~> 3.30, ~> 3.76, ~> 3.95, != 3.97.0, != 3.97.1, <= 3.110.0"
   hashes = [
     "h1:4QrrAcbVTUzX2xQIywvAZeM+lrCgcFbFGoADvTAXdhk=",
     "h1:EY+IRabj+4NJ3tqB4kVg7dTjoTdwOMHUhIvIoddgRTI=",
@@ -95,7 +95,7 @@ provider "registry.terraform.io/hashicorp/local" {
 
 provider "registry.terraform.io/hashicorp/null" {
   version     = "3.2.1"
-  constraints = "~> 3.2, <= 3.2.1"
+  constraints = "<= 3.2.1"
   hashes = [
     "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=",
     "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=",
@@ -141,7 +141,7 @@ provider "registry.terraform.io/hashicorp/random" {
 
 provider "registry.terraform.io/hashicorp/tls" {
   version     = "4.0.4"
-  constraints = "~> 4.0, <= 4.0.4"
+  constraints = "<= 4.0.4"
   hashes = [
     "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=",
     "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=",
diff --git a/src/core/99_outputs.tf b/src/core/99_outputs.tf
deleted file mode 100644
index e69de29bb..000000000
diff --git a/src/core/README.md b/src/core/README.md
index edc74fd30..119b683c7 100644
--- a/src/core/README.md
+++ b/src/core/README.md
@@ -16,10 +16,8 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_api_v2_admin"></a> [api\_v2\_admin](#module\_api\_v2\_admin) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
 | <a name="module_api_v2_public"></a> [api\_v2\_public](#module\_api\_v2\_public) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
 | <a name="module_api_v2_services"></a> [api\_v2\_services](#module\_api\_v2\_services) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
-| <a name="module_apim_v2"></a> [apim\_v2](#module\_apim\_v2) | github.com/pagopa/terraform-azurerm-v3//api_management | v8.27.0 |
 | <a name="module_apim_v2_io_backend_app_api_v1"></a> [apim\_v2\_io\_backend\_app\_api\_v1](#module\_apim\_v2\_io\_backend\_app\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
 | <a name="module_apim_v2_io_backend_auth_api_v1"></a> [apim\_v2\_io\_backend\_auth\_api\_v1](#module\_apim\_v2\_io\_backend\_auth\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
 | <a name="module_apim_v2_io_backend_bpd_api_v1"></a> [apim\_v2\_io\_backend\_bpd\_api\_v1](#module\_apim\_v2\_io\_backend\_bpd\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
@@ -32,10 +30,8 @@
 | <a name="module_apim_v2_io_backend_product"></a> [apim\_v2\_io\_backend\_product](#module\_apim\_v2\_io\_backend\_product) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
 | <a name="module_apim_v2_io_backend_public_api_v1"></a> [apim\_v2\_io\_backend\_public\_api\_v1](#module\_apim\_v2\_io\_backend\_public\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
 | <a name="module_apim_v2_io_backend_session_api_v1"></a> [apim\_v2\_io\_backend\_session\_api\_v1](#module\_apim\_v2\_io\_backend\_session\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
-| <a name="module_apim_v2_product_admin"></a> [apim\_v2\_product\_admin](#module\_apim\_v2\_product\_admin) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
 | <a name="module_apim_v2_product_public"></a> [apim\_v2\_product\_public](#module\_apim\_v2\_product\_public) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
 | <a name="module_apim_v2_product_services"></a> [apim\_v2\_product\_services](#module\_apim\_v2\_product\_services) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
-| <a name="module_apim_v2_snet"></a> [apim\_v2\_snet](#module\_apim\_v2\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.27.0 |
 | <a name="module_app_backend_web_test_api"></a> [app\_backend\_web\_test\_api](#module\_app\_backend\_web\_test\_api) | github.com/pagopa/terraform-azurerm-v3//application_insights_web_test_preview | v8.29.1 |
 | <a name="module_app_backendl1_snet"></a> [app\_backendl1\_snet](#module\_app\_backendl1\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.27.0 |
 | <a name="module_app_backendl2_snet"></a> [app\_backendl2\_snet](#module\_app\_backendl2\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.27.0 |
@@ -46,10 +42,6 @@
 | <a name="module_appservice_app_backendl2_slot_staging"></a> [appservice\_app\_backendl2\_slot\_staging](#module\_appservice\_app\_backendl2\_slot\_staging) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v8.31.0 |
 | <a name="module_appservice_app_backendli"></a> [appservice\_app\_backendli](#module\_appservice\_app\_backendli) | github.com/pagopa/terraform-azurerm-v3//app_service | v8.31.0 |
 | <a name="module_appservice_app_backendli_slot_staging"></a> [appservice\_app\_backendli\_slot\_staging](#module\_appservice\_app\_backendli\_slot\_staging) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v8.31.0 |
-| <a name="module_assets_cdn"></a> [assets\_cdn](#module\_assets\_cdn) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
-| <a name="module_azdoa_li_infra"></a> [azdoa\_li\_infra](#module\_azdoa\_li\_infra) | github.com/pagopa/terraform-azurerm-v3//azure_devops_agent | v8.27.0 |
-| <a name="module_azdoa_loadtest_li"></a> [azdoa\_loadtest\_li](#module\_azdoa\_loadtest\_li) | github.com/pagopa/terraform-azurerm-v3//azure_devops_agent | v8.27.0 |
-| <a name="module_azdoa_snet"></a> [azdoa\_snet](#module\_azdoa\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.27.0 |
 | <a name="module_locked_profiles_storage"></a> [locked\_profiles\_storage](#module\_locked\_profiles\_storage) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
 | <a name="module_redis_common_backup_zrs"></a> [redis\_common\_backup\_zrs](#module\_redis\_common\_backup\_zrs) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
 | <a name="module_redis_common_snet"></a> [redis\_common\_snet](#module\_redis\_common\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.27.0 |
@@ -74,27 +66,13 @@
 | [azurerm_api_management_api_version_set.io_backend_pagopa_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_api_version_set.io_backend_public_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_api_version_set.io_backend_session_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
-| [azurerm_api_management_group_user.pn_user_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
 | [azurerm_api_management_named_value.api_gad_client_certificate_verified_header_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
-| [azurerm_api_management_named_value.io_fn3_admin_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
-| [azurerm_api_management_named_value.io_fn3_admin_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn3_eucovidcert_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn3_eucovidcert_url_alt_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn3_public_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn3_public_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn3_services_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn3_services_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
-| [azurerm_api_management_subscription.pn_lc_subscription_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
-| [azurerm_api_management_user.pn_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
-| [azurerm_cdn_endpoint.assets_cdn_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint) | resource |
-| [azurerm_cdn_endpoint_custom_domain.assets_cdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint_custom_domain) | resource |
-| [azurerm_cdn_endpoint_custom_domain.assets_cdn_io_italia_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint_custom_domain) | resource |
-| [azurerm_cdn_profile.assets_cdn_profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_profile) | resource |
-| [azurerm_dashboard_grafana.grafana_dashboard](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dashboard_grafana) | resource |
-| [azurerm_dns_cname_record.assets_cdn_io_italia_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record) | resource |
-| [azurerm_dns_cname_record.assets_cdn_io_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record) | resource |
-| [azurerm_key_vault_access_policy.apim_v2_kv_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_access_policy.v2_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_secret.appbackend-NORIFICATIONS-STORAGE](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.appbackend-PUSH-NOTIFICATIONS-STORAGE](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.appbackend-REDIS-PASSWORD](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
@@ -108,14 +86,9 @@
 | [azurerm_monitor_metric_alert.cosmos_api_throttling_alert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
 | [azurerm_monitor_metric_alert.iopstapi_throttling_low_availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
 | [azurerm_monitor_metric_alert.too_many_http_5xx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
-| [azurerm_network_security_group.nsg_apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource |
 | [azurerm_private_endpoint.locked_profiles_storage_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
-| [azurerm_public_ip.public_ip_apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
-| [azurerm_resource_group.assets_cdn_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_resource_group.azdo_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.default_roleassignment_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_resource_group.grafana_dashboard_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.rg_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.rg_external](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.rg_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -130,10 +103,8 @@
 | [azurerm_subnet_nat_gateway_association.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_nat_gateway_association.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_nat_gateway_association.app_backendli_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
-| [azurerm_subnet_network_security_group_association.snet_nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
+| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
 | [azurerm_api_management.trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
-| [azurerm_api_management_group.api_v2_lollipop_assertion_read](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_group) | data source |
-| [azurerm_api_management_product.apim_v2_product_lollipop](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
 | [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 | [azurerm_cosmosdb_account.cosmos_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
@@ -158,10 +129,7 @@
 | [azurerm_eventhub_authorization_rule.io-p-payments-weu-prod01-evh-ns_payment-updates_io-fn-messages-cqrs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
 | [azurerm_key_vault.key_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
 | [azurerm_key_vault.key_vault_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
-| [azurerm_key_vault_certificate.api_app_internal_io_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source |
-| [azurerm_key_vault_certificate.api_internal_io_italia_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source |
 | [azurerm_key_vault_secret.api_gad_client_certificate_verified_header_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.apim_publisher_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.apim_services_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.app_backend_ALLOW_MYPORTAL_IP_SOURCE_RANGE](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.app_backend_API_KEY](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
@@ -190,21 +158,17 @@
 | [azurerm_key_vault_secret.app_backend_TEST_CGN_FISCAL_CODES](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.app_backend_TRIAL_SYSTEM_API_KEY](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.app_backend_UNIQUE_EMAIL_ENFORCEMENT_USER](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.assets_cdn_fn_key_cdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.fn_eucovidcert_API_KEY_APPBACKEND](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.fn_eucovidcert_API_KEY_PUBLICIOEVENTDISPATCHER](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.io_fn3_admin_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.io_fn3_eucovidcert_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.io_fn3_public_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.io_fn3_services_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.smtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_linux_function_app.app_messages_1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.app_messages_2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.citizen_func_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.citizen_func_02](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.eucovidcert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.function_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
-| [azurerm_linux_function_app.function_assets_cdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.function_cgn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.lollipop_function](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.services_app_backend_function_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
@@ -228,7 +192,9 @@
 | [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.storage_apievents](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_subnet.admin_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
+| [azurerm_subnet.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.appgateway_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
+| [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.function_let_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.functions_fast_login_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.functions_service_messages_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
diff --git a/src/core/_modules/azure_devops_agent/locals.tf b/src/core/_modules/azure_devops_agent/locals.tf
new file mode 100644
index 000000000..b0b41bb02
--- /dev/null
+++ b/src/core/_modules/azure_devops_agent/locals.tf
@@ -0,0 +1,12 @@
+locals {
+  nonstandard = {
+    weu = {
+      rg          = "${var.project}-azdoa-rg"
+      snet        = "azure-devops"
+      li_infra    = "${var.project}-azdoa-vmss-li-infra"
+      li_loadtest = "${var.project}-azdoa-vmss-loadtest-li"
+    }
+  }
+
+  image_name = "azdo-agent-ubuntu2204-image-v2"
+}
\ No newline at end of file
diff --git a/src/core/_modules/azure_devops_agent/main.tf b/src/core/_modules/azure_devops_agent/main.tf
new file mode 100644
index 000000000..aa965f729
--- /dev/null
+++ b/src/core/_modules/azure_devops_agent/main.tf
@@ -0,0 +1,46 @@
+resource "azurerm_resource_group" "azdoa_rg" {
+  name     = try(local.nonstandard[var.location_short].rg, "${var.project}-azdoa-rg-01")
+  location = var.location
+
+  tags = var.tags
+}
+
+module "azdoa_snet" {
+  source = "github.com/pagopa/terraform-azurerm-v3//subnet?ref=v8.27.0"
+
+  name                                      = try(local.nonstandard[var.location_short].snet, "${var.project}-azdoa-snet-01")
+  address_prefixes                          = var.cidr_subnet
+  resource_group_name                       = var.resource_groups.common
+  virtual_network_name                      = var.vnet_common.name
+  private_endpoint_network_policies_enabled = false
+
+  service_endpoints = [
+    "Microsoft.Web",
+  ]
+}
+
+module "azdoa_li_infra" {
+  source              = "github.com/pagopa/terraform-azurerm-v3//azure_devops_agent?ref=v8.27.0"
+  name                = try(local.nonstandard[var.location_short].li_infra, "${var.project}-azdoa-infra-vmss-01")
+  resource_group_name = azurerm_resource_group.azdoa_rg.name
+  subnet_id           = module.azdoa_snet.id
+  subscription_id     = var.datasources.azurerm_client_config.subscription_id
+  location            = var.location
+  source_image_name   = local.image_name
+  vm_sku              = "Standard_B2als_v2"
+
+  tags = var.tags
+}
+
+module "azdoa_loadtest_li" {
+  source              = "github.com/pagopa/terraform-azurerm-v3//azure_devops_agent?ref=v8.27.0"
+  name                = try(local.nonstandard[var.location_short].li_loadtest, "${var.project}-azdoa-loadtest-vmss-01")
+  resource_group_name = azurerm_resource_group.azdoa_rg.name
+  subnet_id           = module.azdoa_snet.id
+  subscription_id     = var.datasources.azurerm_client_config.subscription_id
+  location            = var.location
+  source_image_name   = local.image_name
+  vm_sku              = "Standard_D8ds_v5"
+
+  tags = var.tags
+}
diff --git a/src/core/_modules/azure_devops_agent/outputs.tf b/src/core/_modules/azure_devops_agent/outputs.tf
new file mode 100644
index 000000000..6036d86d1
--- /dev/null
+++ b/src/core/_modules/azure_devops_agent/outputs.tf
@@ -0,0 +1,7 @@
+output "snet" {
+  value = {
+    id               = module.azdoa_snet.id
+    name             = module.azdoa_snet.name
+    address_prefixes = module.azdoa_snet.address_prefixes
+  }
+}
\ No newline at end of file
diff --git a/src/core/_modules/azure_devops_agent/variables.tf b/src/core/_modules/azure_devops_agent/variables.tf
new file mode 100644
index 000000000..b4a8d5f83
--- /dev/null
+++ b/src/core/_modules/azure_devops_agent/variables.tf
@@ -0,0 +1,49 @@
+variable "project" {
+  type        = string
+  description = "IO prefix, short environment and short location"
+}
+
+variable "location" {
+  type        = string
+  description = "Azure region"
+}
+
+variable "location_short" {
+  type        = string
+  description = "Azure region short name"
+}
+
+variable "tags" {
+  type        = map(any)
+  description = "Resource tags"
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "Resource group name for VNet"
+}
+
+variable "cidr_subnet" {
+  type        = list(string)
+  description = "Azure DevOps agent network address space"
+}
+
+variable "vnet_common" {
+  type = object({
+    id                  = string
+    name                = string
+    address_space       = list(string)
+    resource_group_name = string
+  })
+  description = "Information of the common VNet"
+}
+
+variable "resource_groups" {
+  type        = map(string)
+  description = "Resource group names"
+}
+
+variable "datasources" {
+  type        = map(any)
+  description = "Common datasources"
+}
\ No newline at end of file
diff --git a/src/core/api/io_admin/v1/_swagger.json.tpl b/src/core/api/io_admin/v1/_swagger.json.tpl
deleted file mode 100644
index 78522905b..000000000
--- a/src/core/api/io_admin/v1/_swagger.json.tpl
+++ /dev/null
@@ -1,1358 +0,0 @@
-{
-  "swagger": "2.0",
-  "info": {
-    "version": "1.1.0",
-    "title": "IO API for administration purpose",
-    "contact": {
-      "name": "Digital Transformation Team",
-      "url": "https://forum.italia.it/c/progetto-io"
-    },
-    "x-logo": {
-      "url": "https://io.italia.it/assets/img/io-logo-blue.svg"
-    },
-    "description": "# Warning\n**This is an experimental API that is (most probably) going to change as we evolve the IO platform.**\n# Introduction\nThis is the documentation of the IO API for administration purpose of the platform.\n"
-  },
-  "host": "${host}",
-  "basePath": "/adm",
-  "schemes": [
-    "https"
-  ],
-  "security": [
-    {
-      "SubscriptionKey": []
-    }
-  ],
-  "paths": {
-    "/services/{service_id}": {
-      "parameters": [
-        {
-          "name": "service_id",
-          "in": "path",
-          "type": "string",
-          "required": true,
-          "description": "The ID of an existing Service."
-        }
-      ],
-      "get": {
-        "operationId": "getService",
-        "summary": "Get Service",
-        "description": "A previously created service with the provided service ID is returned.",
-        "responses": {
-          "200": {
-            "description": "Service found.",
-            "schema": {
-              "$ref": "#/definitions/Service"
-            },
-            "examples": {
-              "application/json": {
-                "id": "2b3e728c1a5d1efa035c-0000000000000001",
-                "authorized_recipients": [
-                  "XXXYYY79A95Y000X"
-                ],
-                "department_name": "dept",
-                "organization_name": "org",
-                "service_id": "2b3e728c1a5d1efa035c",
-                "service_name": "service",
-                "version": 1,
-                "authorized_cidrs": []
-              }
-            }
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "404": {
-            "description": "No service found for the provided ID."
-          }
-        },
-        "parameters": []
-      },
-      "put": {
-        "responses": {
-          "200": {
-            "description": "Service updated.",
-            "schema": {
-              "$ref": "#/definitions/Service"
-            },
-            "examples": {
-              "application/json": {
-                "id": "2b3e728c1a5d1efa035c-0000000000000001",
-                "authorized_recipients": [
-                  "XXXYYY79A95Y000X"
-                ],
-                "department_name": "dept",
-                "organization_name": "org",
-                "service_id": "2b3e728c1a5d1efa035c",
-                "service_name": "service",
-                "version": 1,
-                "authorized_cidrs": []
-              }
-            }
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "404": {
-            "description": "No service found for the provided ID."
-          }
-        },
-        "summary": "Update Service",
-        "operationId": "updateService",
-        "description": "Update an existing service with the attributes provided in the\nrequest payload.",
-        "parameters": [
-          {
-            "in": "body",
-            "name": "body",
-            "schema": {
-              "$ref": "#/definitions/Service"
-            },
-            "description": "The Service payload.",
-            "x-examples": {
-              "application/json": {
-                "authorized_recipients": [
-                  "XXXYYY79A95Y000X"
-                ],
-                "department_name": "dept",
-                "organization_name": "org",
-                "service_id": "2b3e728c1a5d1efa035c",
-                "service_name": "service",
-                "authorized_cidrs": []
-              }
-            }
-          }
-        ]
-      }
-    },
-    "/services/{service_id}/logo": {
-      "parameters": [
-        {
-          "name": "service_id",
-          "in": "path",
-          "type": "string",
-          "required": true,
-          "description": "The ID of a existing Service."
-        }
-      ],
-      "put": {
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/Logo"
-            },
-            "description": "The logo payload"
-          }
-        ],
-        "responses": {
-          "201": {
-            "description": "Logo uploaded.",
-            "headers": {
-              "Location": {
-                "description": "Link to the uploaded logo",
-                "type": "string"
-              }
-            }
-          },
-          "400": {
-            "description": "Invalid payload.",
-            "schema": {
-              "$ref": "#/definitions/ProblemJson"
-            }
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "No service found for the provided ID."
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        },
-        "summary": "Upload service logo.",
-        "operationId": "uploadServiceLogo"
-      }
-    },
-    "/services": {
-      "get": {
-        "summary": "Get Services",
-        "operationId": "getServices",
-        "description": "Gets the list of all existing services.",
-        "responses": {
-          "200": {
-            "description": "The list of server.",
-            "schema": {
-              "$ref": "#/definitions/ServiceCollection"
-            }
-          },
-          "500": {
-            "description": "Internal server error."
-          }
-        }
-      },
-      "post": {
-        "responses": {
-          "200": {
-            "description": "Service created.",
-            "schema": {
-              "$ref": "#/definitions/Service"
-            },
-            "examples": {
-              "application/json": {
-                "id": "2b3e728c1a5d1efa035c-0000000000000001",
-                "authorized_recipients": [
-                  "XXXYYY79A95Y000X"
-                ],
-                "department_name": "dept",
-                "organization_name": "org",
-                "service_id": "2b3e728c1a5d1efa035c",
-                "service_name": "service",
-                "version": 1,
-                "authorized_cidrs": []
-              }
-            }
-          },
-          "401": {
-            "description": "Unauthorized"
-          }
-        },
-        "summary": "Create Service",
-        "description": "Create a new Service with the attributes provided in the requst\npayload.",
-        "operationId": "createService",
-        "parameters": [
-          {
-            "in": "body",
-            "name": "body",
-            "schema": {
-              "$ref": "#/definitions/Service"
-            },
-            "description": "The Service payload.",
-            "x-examples": {
-              "application/json": {
-                "authorized_recipients": [
-                  "XXXYYY79A95Y000X"
-                ],
-                "department_name": "dept",
-                "organization_name": "org",
-                "service_id": "2b3e728c1a5d1efa035c",
-                "service_name": "service",
-                "authorized_cidrs": []
-              }
-            }
-          }
-        ]
-      }
-    },
-    "/organizations/{organization_fiscal_code}/logo": {
-      "parameters": [
-        {
-          "name": "organization_fiscal_code",
-          "in": "path",
-          "type": "string",
-          "required": true,
-          "description": "The organization's fiscal code"
-        }
-      ],
-      "put": {
-        "summary": "Upload Organization Logo",
-        "description": "Upload an organization logo for the given organization fiscal code.",
-        "operationId": "uploadOrganizationLogo",
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/Logo"
-            },
-            "description": "The logo payload"
-          }
-        ],
-        "responses": {
-          "201": {
-            "description": "Logo uploaded.",
-            "headers": {
-              "Location": {
-                "description": "Link to the uploaded logo",
-                "type": "string"
-              }
-            }
-          },
-          "400": {
-            "description": "Invalid payload.",
-            "schema": {
-              "$ref": "#/definitions/ProblemJson"
-            }
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    },
-    "/development-profiles/{fiscal_code}": {
-      "post": {
-        "tags": [
-          "restricted"
-        ],
-        "description": "Create a development profile for the user identified by the\nprovided fiscal code.",
-        "operationId": "createDevelopmentProfile",
-        "summary": "Create DevelopmentProfile",
-        "parameters": [
-          {
-            "$ref": "#/parameters/SandboxFiscalCode"
-          },
-          {
-            "in": "body",
-            "name": "body",
-            "schema": {
-              "$ref": "#/definitions/DevelopmentProfile"
-            },
-            "x-examples": {
-              "application/json": {
-                "email": "foobar@example.com"
-              }
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "Profile updated.",
-            "schema": {
-              "$ref": "#/definitions/ExtendedProfile"
-            },
-            "examples": {
-              "application/json": {
-                "email": "foobar@example.com",
-                "version": 0
-              }
-            }
-          },
-          "400": {
-            "description": "Invalid payload.",
-            "schema": {
-              "$ref": "#/definitions/ProblemJson"
-            }
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "409": {
-            "description": "Conflict.",
-            "schema": {
-              "$ref": "#/definitions/ProblemJson"
-            }
-          },
-          "429": {
-            "description": "Too many requests"
-          }
-        }
-      }
-    },
-    "/services/{service_id}/keys": {
-      "get": {
-        "summary": "Gets the subscription keys for the Service identified by the provided service_id",
-        "operationId": "getSubscriptionKeys",
-        "parameters": [
-          {
-            "name": "service_id",
-            "in": "path",
-            "type": "string",
-            "required": true,
-            "description": "The ID of an existing Service."
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "The subscription keys for the service",
-            "schema": {
-              "$ref": "#/definitions/SubscriptionKeys"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "Subscription not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      },
-      "put": {
-        "summary": "Regenerate a subscription key for the Service identified by the provided service_id",
-        "operationId": "RegenerateSubscriptionKeys",
-        "parameters": [
-          {
-            "name": "service_id",
-            "in": "path",
-            "type": "string",
-            "required": true,
-            "description": "The ID of an existing Service."
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/SubscriptionKeyTypePayload"
-            },
-            "description": "The type of the key to be regenerated"
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "The subscription keys for the service",
-            "schema": {
-              "$ref": "#/definitions/SubscriptionKeys"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "Subscription not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    },
-    "/impersonate-service/{serviceId}": {
-      "get": {
-        "summary": "Gets the data to impersonate a service",
-        "operationId": "getImpersonatedService",
-        "parameters": [
-          {
-            "name": "serviceId",
-            "description": "the serviceId of the target service.",
-            "in": "path",
-            "type": "string",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "data required to impersonte a service",
-            "schema": {
-              "$ref": "#/definitions/ImpersonatedService"
-            }
-          },
-          "404": {
-            "description": "service or service owner not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    },
-    "/users": {
-      "get": {
-        "summary": "Gets the list of users",
-        "operationId": "getUsers",
-        "parameters": [
-          {
-            "name": "cursor",
-            "description": "the number of items to skip.",
-            "in": "query",
-            "type": "integer",
-            "minimum": 1
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "List of users",
-            "schema": {
-              "$ref": "#/definitions/UserCollection"
-            }
-          }
-        }
-      },
-      "post": {
-        "summary": "Create user",
-        "description": "Create a new user with a random password in the Active Directory Azure B2C, then create a corresponding user on the API management resource.",
-        "operationId": "createUser",
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/UserPayload"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "The new User",
-            "schema": {
-              "$ref": "#/definitions/UserCreated"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    },
-    "/users/{email}": {
-      "get": {
-        "summary": "Get user",
-        "description": "Gets the user information, that is the complete list of subscription and the complete list of groups for the User identified by the provided email",
-        "operationId": "getUser",
-        "parameters": [
-          {
-            "name": "email",
-            "in": "path",
-            "type": "string",
-            "format": "email",
-            "required": true,
-            "description": "The email of the User"
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "User subscriptions and groups",
-            "schema": {
-              "$ref": "#/definitions/UserInfo"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "User not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      },
-      "put": {
-        "summary": "Update user",
-        "description": "Update an existing ADB2C User.",
-        "operationId": "updateUser",
-        "parameters": [
-          {
-            "name": "email",
-            "in": "path",
-            "type": "string",
-            "format": "email",
-            "required": true,
-            "description": "The email of the User"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/UserUpdatePayload"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "The updated User",
-            "schema": {
-              "$ref": "#/definitions/UserUpdated"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    },
-    "/users/{email}/groups": {
-      "put": {
-        "summary": "Update user groups",
-        "description": "Update the list of groups (permissions) associated to the User identified by the provided email",
-        "operationId": "updateGroups",
-        "parameters": [
-          {
-            "name": "email",
-            "in": "path",
-            "type": "string",
-            "format": "email",
-            "required": true,
-            "description": "The email of the User"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/UserGroupsPayload"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "The list of groups associated to the User",
-            "schema": {
-              "$ref": "#/definitions/GroupCollection"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "Resource (User or Product) not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    },
-    "/users/{email}/subscriptions/{subscription_id}": {
-      "put": {
-        "summary": "Create subscription",
-        "description": "Create a Subscription identified by the provided subscription id for the User identified by the provided email",
-        "operationId": "createSubscription",
-        "parameters": [
-          {
-            "name": "email",
-            "in": "path",
-            "type": "string",
-            "format": "email",
-            "required": true,
-            "description": "The email of the User"
-          },
-          {
-            "name": "subscription_id",
-            "in": "path",
-            "type": "string",
-            "required": true,
-            "description": "The id of the Subscription"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/ProductNamePayload"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "The subscription created",
-            "schema": {
-              "$ref": "#/definitions/Subscription"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "Resource (User or Product) not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    },
-    "/subscriptions/{subscription_id}": {
-      "get": {
-        "operationId": "getSubscription",
-        "summary": "Get Subscription",
-        "description": "Get a specific subscription information, that belongs to a particular subscription Id",
-        "responses": {
-          "200": {
-            "description": "Retrieved Subscription information.",
-            "schema": {
-              "$ref": "#/definitions/SubscriptionWithoutKeys"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "Subscription not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        },
-        "parameters": [
-          {
-            "name": "subscription_id",
-            "in": "path",
-            "type": "string",
-            "required": true,
-            "description": "The ID of an existing Subscription."
-          }
-        ]
-      }
-    },
-    "/subscriptions/{subscription_id}/cidrs": {
-      "put": {
-        "summary": "Update Subscription CIDRs",
-        "description": "Update authorized cidrs for a Subscription",
-        "operationId": "updateSubscriptionCidrs",
-        "parameters": [
-          {
-            "name": "subscription_id",
-            "in": "path",
-            "type": "string",
-            "required": true,
-            "description": "The id of the Subscription"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/CIDRsPayload"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "The updated CIDRs",
-            "schema": {
-              "$ref": "#/definitions/SubscriptionCIDRs"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "Resource (User or Product) not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      },
-      "get": {
-        "summary": "Get Subscription CIDRs",
-        "description": "Get authorized cidrs for a Subscription",
-        "operationId": "getSubscriptionCidrs",
-        "parameters": [
-          {
-            "name": "subscription_id",
-            "in": "path",
-            "type": "string",
-            "required": true,
-            "description": "The id of the Subscription"
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "CIDRs",
-            "schema": {
-              "$ref": "#/definitions/SubscriptionCIDRs"
-            }
-          },
-          "400": {
-            "description": "Bad request"
-          },
-          "401": {
-            "description": "Unauthorized"
-          },
-          "403": {
-            "description": "Forbidden"
-          },
-          "404": {
-            "description": "Resource (User or Product) not found"
-          },
-          "500": {
-            "description": "Internal server error"
-          }
-        }
-      }
-    }
-  },
-  "definitions": {
-    "DevelopmentProfile": {
-      "type": "object",
-      "properties": {
-        "email": {
-          "$ref": "#/definitions/EmailAddress"
-        }
-      },
-      "required": [
-        "email"
-      ]
-    },
-    "EmailAddress": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/EmailAddress"
-    },
-    "ServiceCollection": {
-      "type": "object",
-      "properties": {
-        "items": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/ServiceIdWithVersion"
-          }
-        },
-        "page_size": {
-          "type": "number"
-        }
-      },
-      "required": [
-        "items",
-        "page_size"
-      ]
-    },
-    "ProblemJson": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ProblemJson"
-    },
-    "Service": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/Service"
-    },
-    "ServiceMetadata": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ServiceMetadata"
-    },
-    "CommonServiceMetadata": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/CommonServiceMetadata"
-    },
-    "StandardServiceMetadata": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/StandardServiceMetadata"
-    },
-    "SpecialServiceMetadata": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/SpecialServiceMetadata"
-    },
-    "ServiceScope": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ServiceScope"
-    },
-    "ServiceCategory": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ServiceCategory"
-    },
-    "SpecialServiceCategory": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/SpecialServiceCategory"
-    },
-    "StandardServiceCategory": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/StandardServiceCategory"
-    },
-    "ServicePayload": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ServicePayload"
-    },
-    "ExtendedServicePayload": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ExtendedServicePayload"
-    },
-    "HiddenServicePayload": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/HiddenServicePayload"
-    },
-    "VisibleServicePayload": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/VisibleServicePayload"
-    },
-    "CommonServicePayload": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/CommonServicePayload"
-    },
-    "ServiceId": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ServiceId"
-    },
-    "ServiceName": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ServiceName"
-    },
-    "OrganizationName": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/OrganizationName"
-    },
-    "DepartmentName": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/DepartmentName"
-    },
-    "CIDR": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/CIDR"
-    },
-    "MaxAllowedPaymentAmount": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/MaxAllowedPaymentAmount"
-    },
-    "OrganizationFiscalCode": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/OrganizationFiscalCode"
-    },
-    "FiscalCode": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/FiscalCode"
-    },
-    "ExtendedProfile": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ExtendedProfile"
-    },
-    "ImpersonatedService": {
-      "$ref": "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/ImpersonatedService"
-    },
-    "UserGroupsPayload": {
-      "description": "All the groups with which the user must be associated.\nThe already existing associations with groups which are not included in this object will be deleted.",
-      "type": "object",
-      "properties": {
-        "groups": {
-          "type": "array",
-          "items": {
-            "description": "The value of `displayName` property of the group on the APIM",
-            "type": "string",
-            "minLength": 1
-          }
-        }
-      },
-      "required": [
-        "groups"
-      ],
-      "example": {
-        "groups": [
-          "ApiInfoRead",
-          "ApiLimitedMessageWrite",
-          "ApiMessageRead"
-        ]
-      }
-    },
-    "UserPayload": {
-      "type": "object",
-      "properties": {
-        "email": {
-          "$ref": "#/definitions/EmailAddress"
-        },
-        "first_name": {
-          "type": "string",
-          "minLength": 1
-        },
-        "last_name": {
-          "type": "string",
-          "minLength": 1
-        },
-        "token_name": {
-          "type": "string",
-          "minLength": 1
-        }
-      },
-      "required": [
-        "email",
-        "first_name",
-        "last_name"
-      ]
-    },
-    "UserUpdatePayload": {
-      "type": "object",
-      "properties": {
-        "first_name": {
-          "type": "string",
-          "minLength": 1
-        },
-        "last_name": {
-          "type": "string",
-          "minLength": 1
-        },
-        "token_name": {
-          "type": "string",
-          "minLength": 1
-        }
-      }
-    },
-    "UserCreated": {
-      "allOf": [
-        {
-          "$ref": "#/definitions/UserPayload"
-        },
-        {
-          "type": "object",
-          "properties": {
-            "id": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "id"
-          ]
-        }
-      ]
-    },
-    "UserUpdated": {
-      "allOf": [
-        {
-          "$ref": "#/definitions/UserUpdatePayload"
-        },
-        {
-          "type": "object",
-          "properties": {
-            "email": {
-              "$ref": "#/definitions/EmailAddress"
-            },
-            "id": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "id",
-            "email"
-          ]
-        }
-      ]
-    },
-    "GroupCollection": {
-      "type": "object",
-      "properties": {
-        "items": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/Group"
-          }
-        }
-      },
-      "required": [
-        "items"
-      ]
-    },
-    "Logo": {
-      "type": "object",
-      "properties": {
-        "logo": {
-          "type": "string",
-          "format": "byte",
-          "minLength": 1
-        }
-      },
-      "required": [
-        "logo"
-      ]
-    },
-    "ProductNamePayload": {
-      "type": "object",
-      "properties": {
-        "product_name": {
-          "type": "string",
-          "minLength": 1
-        }
-      },
-      "required": [
-        "product_name"
-      ]
-    },
-    "SubscriptionKeyTypePayload": {
-      "type": "object",
-      "properties": {
-        "key_type": {
-          "$ref": "#/definitions/SubscriptionKeyType"
-        }
-      },
-      "required": [
-        "key_type"
-      ]
-    },
-    "SubscriptionKeyType": {
-      "type": "string",
-      "x-extensible-enum": [
-        "PRIMARY_KEY",
-        "SECONDARY_KEY"
-      ]
-    },
-    "SubscriptionKeys": {
-      "type": "object",
-      "properties": {
-        "primary_key": {
-          "type": "string"
-        },
-        "secondary_key": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "primary_key",
-        "secondary_key"
-      ]
-    },
-    "User": {
-      "type": "object",
-      "properties": {
-        "email": {
-          "$ref": "#/definitions/EmailAddress"
-        },
-        "id": {
-          "type": "string"
-        },
-        "identities": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/UserIdentityContract"
-          }
-        },
-        "first_name": {
-          "type": "string"
-        },
-        "last_name": {
-          "type": "string"
-        },
-        "name": {
-          "type": "string"
-        },
-        "note": {
-          "type": "string"
-        },
-        "registration_date": {
-          "type": "string",
-          "format": "date-time"
-        },
-        "state": {
-          "$ref": "#/definitions/UserState"
-        },
-        "type": {
-          "type": "string"
-        }
-      }
-    },
-    "UserCollection": {
-      "type": "object",
-      "properties": {
-        "items": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/User"
-          }
-        },
-        "next": {
-          "description": "The link to the next page of results",
-          "type": "string",
-          "format": "url"
-        }
-      },
-      "required": [
-        "items"
-      ]
-    },
-    "Group": {
-      "type": "object",
-      "properties": {
-        "display_name": {
-          "type": "string"
-        },
-        "id": {
-          "type": "string"
-        },
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "display_name"
-      ]
-    },
-    "Subscription": {
-      "allOf": [
-        {
-          "$ref": "#/definitions/SubscriptionKeys"
-        },
-        {
-          "type": "object",
-          "properties": {
-            "id": {
-              "type": "string"
-            },
-            "scope": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "scope"
-          ]
-        }
-      ]
-    },
-    "SubscriptionWithoutKeys": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        },
-        "scope": {
-          "type": "string"
-        },
-        "owner_id": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "scope"
-      ]
-    },
-    "SubscriptionCIDRs": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        },
-        "cidrs": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/CIDR"
-          }
-        }
-      },
-      "required": [
-        "id",
-        "cidrs"
-      ]
-    },
-    "CIDRsPayload": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/CIDR"
-      }
-    },
-    "SubscriptionState": {
-      "type": "string",
-      "x-extensible-enum": [
-        "active",
-        "cancelled",
-        "expired",
-        "rejected",
-        "submitted",
-        "suspended"
-      ]
-    },
-    "UserInfo": {
-      "type": "object",
-      "properties": {
-        "groups": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/Group"
-          }
-        },
-        "subscriptions": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/Subscription"
-          }
-        },
-        "token_name": {
-          "type": "string",
-          "minLength": 1
-        }
-      }
-    },
-    "UserIdentityContract": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        },
-        "provider": {
-          "type": "string"
-        }
-      }
-    },
-    "UserState": {
-      "type": "string",
-      "x-extensible-enum": [
-        "active",
-        "blocked",
-        "pending",
-        "deleted"
-      ]
-    },
-    "ServiceIdWithVersion": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        },
-        "version": {
-          "type": "integer"
-        }
-      }
-    },
-    "ServerInfo": {
-      "type": "object",
-      "title": "Server information",
-      "properties": {
-        "version": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "version"
-      ]
-    }
-  },
-  "responses": {},
-  "parameters": {
-    "SandboxFiscalCode": {
-      "name": "fiscal_code",
-      "in": "path",
-      "type": "string",
-      "maxLength": 16,
-      "minLength": 16,
-      "required": true,
-      "description": "The user's sandbox fiscal code, all upper case.",
-      "pattern": "[A-Z]{6}[0-9]{2}A[0-9]{2}Y[0-9]{3}X",
-      "x-example": "SPNDNL80A13Y555X"
-    }
-  },
-  "consumes": [
-    "application/json"
-  ],
-  "produces": [
-    "application/json"
-  ],
-  "securityDefinitions": {
-    "SubscriptionKey": {
-      "type": "apiKey",
-      "name": "Ocp-Apim-Subscription-Key",
-      "in": "header",
-      "description": "The API key obtained through the developer portal."
-    }
-  }
-}
diff --git a/src/core/api/io_admin/v1/policy.xml b/src/core/api/io_admin/v1/policy.xml
deleted file mode 100644
index d98212595..000000000
--- a/src/core/api/io_admin/v1/policy.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<policies>
-    <inbound>
-        <base />
-        <set-backend-service id="apim-generated-policy" base-url="{{io-fn3-admin-url}}/adm" />
-        <set-header name="x-functions-key" exists-action="override">
-            <value>{{io-fn3-admin-key}}</value>
-        </set-header>
-        <set-header name="x-user-id" exists-action="override">
-            <value>@(context.User.Id)</value>
-        </set-header>
-        <set-header name="x-user-groups" exists-action="override">
-            <value>@(String.Join(",", context.User.Groups.Select(g => g.Name)))</value>
-        </set-header>
-        <set-header name="x-subscription-id" exists-action="override">
-            <value>@(context.Subscription.Id)</value>
-        </set-header>
-        <set-header name="x-user-email" exists-action="override">
-            <value>@(context.User.Email)</value>
-        </set-header>
-        <cors>
-            <allowed-origins>
-                <origin>*</origin>
-            </allowed-origins>
-            <allowed-methods>
-                <method>*</method>
-            </allowed-methods>
-            <allowed-headers>
-                <header>*</header>
-            </allowed-headers>
-            <expose-headers>
-                <header>*</header>
-            </expose-headers>
-        </cors>
-    </inbound>
-    <outbound>
-        <base />
-    </outbound>
-    <backend>
-        <base />
-    </backend>
-    <on-error>
-        <base />
-    </on-error>
-</policies>
diff --git a/src/core/api/io_admin/v1/temp_mock_response_500_policy/policy.xml b/src/core/api/io_admin/v1/temp_mock_response_500_policy/policy.xml
deleted file mode 100644
index eec097884..000000000
--- a/src/core/api/io_admin/v1/temp_mock_response_500_policy/policy.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<policies>
-    <inbound>
-        <!--Temporary policy to mock a 500 internal server error response during the time needed for the migration to apim v2.-->
-        <mock-response status-code="500"/>
-    </inbound>
-    <outbound>
-        <base />
-    </outbound>
-    <backend>
-        <base />
-    </backend>
-    <on-error>
-        <base />
-    </on-error>
-</policies>
\ No newline at end of file
diff --git a/src/core/api_product/io_admin/_base_policy.xml b/src/core/api_product/io_admin/_base_policy.xml
deleted file mode 100644
index ce18a3743..000000000
--- a/src/core/api_product/io_admin/_base_policy.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<policies>
-    <inbound>
-        <base />
-    </inbound>
-    <backend>
-        <base />
-    </backend>
-    <outbound>
-        <base />
-    </outbound>
-    <on-error>
-        <base />
-    </on-error>
-</policies>
diff --git a/src/core/apim_v2.tf b/src/core/apim_v2.tf
deleted file mode 100644
index 136301f19..000000000
--- a/src/core/apim_v2.tf
+++ /dev/null
@@ -1,287 +0,0 @@
-data "azurerm_key_vault_secret" "apim_publisher_email" {
-  name         = "apim-publisher-email"
-  key_vault_id = data.azurerm_key_vault.key_vault.id
-}
-
-data "azurerm_key_vault_certificate" "api_internal_io_italia_it" {
-  name         = replace(local.apim_hostname_api_internal, ".", "-")
-  key_vault_id = data.azurerm_key_vault.key_vault_common.id
-}
-
-data "azurerm_key_vault_certificate" "api_app_internal_io_pagopa_it" {
-  name         = replace(local.apim_hostname_api_app_internal, ".", "-")
-  key_vault_id = data.azurerm_key_vault.key_vault.id
-}
-
-# APIM subnet
-module "apim_v2_snet" {
-  source               = "github.com/pagopa/terraform-azurerm-v3//subnet?ref=v8.27.0"
-  name                 = "apimv2api"
-  resource_group_name  = azurerm_resource_group.rg_common.name
-  virtual_network_name = data.azurerm_virtual_network.common.name
-  address_prefixes     = var.cidr_subnet_apim_v2
-
-  private_endpoint_network_policies_enabled = true
-
-  service_endpoints = [
-    "Microsoft.Web",
-  ]
-}
-
-resource "azurerm_network_security_group" "nsg_apim" {
-  name                = format("%s-apim-v2-nsg", local.project)
-  resource_group_name = azurerm_resource_group.rg_common.name
-  location            = azurerm_resource_group.rg_common.location
-
-  security_rule {
-    name                       = "managementapim"
-    priority                   = 100
-    direction                  = "Inbound"
-    access                     = "Allow"
-    protocol                   = "Tcp"
-    source_port_range          = "*"
-    destination_port_range     = "3443"
-    source_address_prefix      = "ApiManagement"
-    destination_address_prefix = "VirtualNetwork"
-  }
-
-  tags = var.tags
-}
-
-resource "azurerm_subnet_network_security_group_association" "snet_nsg" {
-  subnet_id                 = module.apim_v2_snet.id
-  network_security_group_id = azurerm_network_security_group.nsg_apim.id
-}
-
-resource "azurerm_public_ip" "public_ip_apim" {
-  name                = format("%s-apim-v2-public-ip", local.project)
-  resource_group_name = azurerm_resource_group.rg_common.name
-  location            = azurerm_resource_group.rg_common.location
-  allocation_method   = "Static"
-  sku                 = "Standard"
-  domain_name_label   = "apimio"
-  zones               = ["1", "2", "3"]
-
-  tags = var.tags
-}
-
-
-# ###########################
-# ## Api Management (apim) ##
-# ###########################
-module "apim_v2" {
-  source = "github.com/pagopa/terraform-azurerm-v3//api_management?ref=v8.27.0"
-
-  subnet_id                 = module.apim_v2_snet.id
-  location                  = azurerm_resource_group.rg_internal.location
-  name                      = format("%s-apim-v2-api", local.project)
-  resource_group_name       = azurerm_resource_group.rg_internal.name
-  publisher_name            = var.apim_publisher_name
-  publisher_email           = data.azurerm_key_vault_secret.apim_publisher_email.value
-  notification_sender_email = data.azurerm_key_vault_secret.apim_publisher_email.value
-  sku_name                  = var.apim_v2_sku
-  virtual_network_type      = "Internal"
-  zones                     = ["1", "2"]
-
-  public_ip_address_id = azurerm_public_ip.public_ip_apim.id
-
-  # not used at the moment
-  redis_connection_string = null # module.redis_apim.primary_connection_string
-  redis_cache_id          = null # module.redis_apim.id
-
-  # This enables the Username and Password Identity Provider
-  sign_up_enabled = false
-
-  hostname_configuration = {
-    proxy = [
-      {
-        # io-p-apim-api.azure-api.net
-        default_ssl_binding = false
-        host_name           = "io-p-apim-v2-api.azure-api.net"
-        key_vault_id        = null
-      },
-      {
-        # api-internal.io.italia.it
-        default_ssl_binding = true
-        host_name           = local.apim_hostname_api_internal
-        key_vault_id = replace(
-          data.azurerm_key_vault_certificate.api_internal_io_italia_it.secret_id,
-          "/${data.azurerm_key_vault_certificate.api_internal_io_italia_it.version}",
-          ""
-        )
-      },
-      {
-        # api-app.internal.io.pagopa.it
-        default_ssl_binding = false
-        host_name           = local.apim_hostname_api_app_internal
-        key_vault_id = replace(
-          data.azurerm_key_vault_certificate.api_app_internal_io_pagopa_it.secret_id,
-          "/${data.azurerm_key_vault_certificate.api_app_internal_io_pagopa_it.version}",
-          ""
-        )
-      },
-    ]
-    developer_portal = null
-    management       = null
-    portal           = null
-  }
-
-  application_insights = {
-    enabled             = true
-    instrumentation_key = data.azurerm_application_insights.application_insights.instrumentation_key
-  }
-
-  lock_enable = false # no lock
-
-  autoscale = var.apim_autoscale
-
-  alerts_enabled = var.apim_alerts_enabled
-
-  action = [
-    {
-      action_group_id    = data.azurerm_monitor_action_group.error_action_group.id
-      webhook_properties = null
-    }
-  ]
-
-  # metrics docs
-  # https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftapimanagementservice
-  metric_alerts = {
-    capacity = {
-      description   = "Apim used capacity is too high. Runbook: https://pagopa.atlassian.net/wiki/spaces/IC/pages/791642113/APIM+Capacity"
-      frequency     = "PT5M"
-      window_size   = "PT5M"
-      severity      = 1
-      auto_mitigate = true
-
-      criteria = [{
-        metric_namespace       = "Microsoft.ApiManagement/service"
-        metric_name            = "Capacity"
-        aggregation            = "Average"
-        operator               = "GreaterThan"
-        threshold              = 60
-        skip_metric_validation = false
-        dimension              = []
-      }]
-      dynamic_criteria = []
-    }
-
-    duration = {
-      description   = "Apim abnormal response time"
-      frequency     = "PT5M"
-      window_size   = "PT5M"
-      severity      = 2
-      auto_mitigate = true
-
-      criteria = []
-
-      dynamic_criteria = [{
-        metric_namespace         = "Microsoft.ApiManagement/service"
-        metric_name              = "Duration"
-        aggregation              = "Average"
-        operator                 = "GreaterThan"
-        alert_sensitivity        = "High"
-        evaluation_total_count   = 2
-        evaluation_failure_count = 2
-        skip_metric_validation   = false
-        ignore_data_before       = "2021-01-01T00:00:00Z" # sample data
-        dimension                = []
-      }]
-    }
-
-    requests_failed = {
-      description   = "Apim abnormal failed requests"
-      frequency     = "PT5M"
-      window_size   = "PT5M"
-      severity      = 2
-      auto_mitigate = true
-
-      criteria = []
-
-      dynamic_criteria = [{
-        metric_namespace         = "Microsoft.ApiManagement/service"
-        metric_name              = "Requests"
-        aggregation              = "Total"
-        operator                 = "GreaterThan"
-        alert_sensitivity        = "High"
-        evaluation_total_count   = 2
-        evaluation_failure_count = 2
-        skip_metric_validation   = false
-        ignore_data_before       = "2021-01-01T00:00:00Z" # sample data
-        dimension = [{
-          name     = "BackendResponseCode"
-          operator = "Include"
-          values   = ["5xx"]
-        }]
-      }]
-    }
-  }
-
-  tags = var.tags
-}
-
-# ## api management key vault policy ##
-resource "azurerm_key_vault_access_policy" "apim_v2_kv_policy" {
-  key_vault_id = data.azurerm_key_vault.key_vault.id
-  tenant_id    = data.azurerm_client_config.current.tenant_id
-  object_id    = module.apim_v2.principal_id
-
-  key_permissions         = []
-  secret_permissions      = ["Get", "List"]
-  certificate_permissions = ["Get", "List"]
-  storage_permissions     = []
-}
-
-resource "azurerm_key_vault_access_policy" "v2_common" {
-  key_vault_id = data.azurerm_key_vault.key_vault_common.id
-  tenant_id    = data.azurerm_client_config.current.tenant_id
-  object_id    = module.apim_v2.principal_id
-
-  key_permissions         = []
-  secret_permissions      = ["Get", "List"]
-  certificate_permissions = ["Get", "List"]
-  storage_permissions     = []
-}
-
-##################################################################
-# PN APIM User
-##################################################################
-data "azurerm_api_management_product" "apim_v2_product_lollipop" {
-  product_id          = "io-lollipop-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
-
-data "azurerm_api_management_group" "api_v2_lollipop_assertion_read" {
-  name                = "apilollipopassertionread"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
-
-resource "azurerm_api_management_user" "pn_user_v2" {
-  user_id             = "pnapimuser"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  first_name          = "PNAPIMuser"
-  last_name           = "PNAPIMuser"
-  email               = "pn-apim-user@pagopa.it"
-  state               = "active"
-}
-
-resource "azurerm_api_management_group_user" "pn_user_group_v2" {
-  user_id             = azurerm_api_management_user.pn_user_v2.user_id
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  group_name          = data.azurerm_api_management_group.api_v2_lollipop_assertion_read.name
-}
-
-resource "azurerm_api_management_subscription" "pn_lc_subscription_v2" {
-  user_id             = azurerm_api_management_user.pn_user_v2.id
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  product_id          = data.azurerm_api_management_product.apim_v2_product_lollipop.id
-  display_name        = "PN LC"
-  state               = "active"
-  allow_tracing       = false
-}
-##################################################################
diff --git a/src/core/apim_v2_io_admin_api.tf b/src/core/apim_v2_io_admin_api.tf
deleted file mode 100644
index 6d3f4dc46..000000000
--- a/src/core/apim_v2_io_admin_api.tf
+++ /dev/null
@@ -1,65 +0,0 @@
-module "apim_v2_product_admin" {
-  source = "github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.27.0"
-
-  product_id            = "io-admin-api"
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
-  display_name          = "IO ADMIN API"
-  description           = "ADMIN API for IO platform."
-  subscription_required = true
-  approval_required     = false
-  published             = true
-
-  policy_xml = file("./api_product/io_admin/_base_policy.xml")
-}
-
-# Named Value fn3-admin
-resource "azurerm_api_management_named_value" "io_fn3_admin_url_v2" {
-  name                = "io-fn3-admin-url"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  display_name        = "io-fn3-admin-url"
-  value               = "https://io-p-admin-fn.azurewebsites.net"
-}
-
-data "azurerm_key_vault_secret" "io_fn3_admin_key_secret_v2" {
-  name         = "fn3admin-KEY-APIM"
-  key_vault_id = data.azurerm_key_vault.key_vault_common.id
-}
-
-resource "azurerm_api_management_named_value" "io_fn3_admin_key_v2" {
-  name                = "io-fn3-admin-key"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  display_name        = "io-fn3-admin-key"
-  value               = data.azurerm_key_vault_secret.io_fn3_admin_key_secret_v2.value
-  secret              = "true"
-}
-
-module "api_v2_admin" {
-  source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
-
-  name                = "io-admin-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  revision            = "1"
-  display_name        = "IO ADMIN API"
-  description         = "ADMIN API for IO platform."
-
-  path        = "adm"
-  protocols   = ["http", "https"]
-  product_ids = [module.apim_v2_product_admin.product_id]
-
-  service_url = null
-
-  subscription_required = true
-
-  content_format = "swagger-json"
-  content_value = templatefile("./api/io_admin/v1/_swagger.json.tpl",
-    {
-      host = "api.io.pagopa.it"
-    }
-  )
-
-  xml_content = file("./api/io_admin/v1/policy.xml")
-}
diff --git a/src/core/apim_v2_io_backend_v1.tf b/src/core/apim_v2_io_backend_v1.tf
index b848a9d5e..e98f7dbfb 100644
--- a/src/core/apim_v2_io_backend_v1.tf
+++ b/src/core/apim_v2_io_backend_v1.tf
@@ -9,8 +9,8 @@ module "apim_v2_io_backend_product" {
   display_name = "IO BACKEND"
   description  = "Product for IO backend"
 
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
 
   published             = true
   subscription_required = true
@@ -33,8 +33,8 @@ locals {
 ## BPD
 resource "azurerm_api_management_api_version_set" "io_backend_bpd_api_v2" {
   name                = format("%s-io-backend-bpd-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - bpd"
   versioning_scheme   = "Segment"
 }
@@ -43,8 +43,8 @@ module "apim_v2_io_backend_bpd_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-bpd-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_bpd_api_v2.id
@@ -68,8 +68,8 @@ module "apim_v2_io_backend_bpd_api_v1" {
 ## MYPORTAL
 resource "azurerm_api_management_api_version_set" "io_backend_myportal_api_v2" {
   name                = format("%s-io-backend-myportal-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - myportal"
   versioning_scheme   = "Segment"
 }
@@ -78,8 +78,8 @@ module "apim_v2_io_backend_myportal_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-myportal-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_myportal_api_v2.id
@@ -103,8 +103,8 @@ module "apim_v2_io_backend_myportal_api_v1" {
 ## PAGOPA
 resource "azurerm_api_management_api_version_set" "io_backend_pagopa_api_v2" {
   name                = format("%s-io-backend-pagopa-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - pagopa"
   versioning_scheme   = "Segment"
 }
@@ -113,8 +113,8 @@ module "apim_v2_io_backend_pagopa_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-pagopa-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_pagopa_api_v2.id
@@ -138,8 +138,8 @@ module "apim_v2_io_backend_pagopa_api_v1" {
 ## APP
 resource "azurerm_api_management_api_version_set" "io_backend_app_api_v2" {
   name                = format("%s-io-backend-app-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - app"
   versioning_scheme   = "Segment"
 }
@@ -148,8 +148,8 @@ module "apim_v2_io_backend_app_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-app-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_app_api_v2.id
@@ -179,8 +179,8 @@ module "apim_v2_io_backend_app_api_v1" {
 ## AUTH
 resource "azurerm_api_management_api_version_set" "io_backend_auth_api_v2" {
   name                = format("%s-io-backend-auth-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - auth"
   versioning_scheme   = "Segment"
 }
@@ -189,8 +189,8 @@ module "apim_v2_io_backend_auth_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-auth-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_auth_api_v2.id
@@ -213,8 +213,8 @@ module "apim_v2_io_backend_auth_api_v1" {
 ## CGN
 resource "azurerm_api_management_api_version_set" "io_backend_cgn_api_v2" {
   name                = format("%s-io-backend-cgn-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - cgn"
   versioning_scheme   = "Segment"
 }
@@ -223,8 +223,8 @@ module "apim_v2_io_backend_cgn_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-cgn-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_cgn_api_v2.id
@@ -248,8 +248,8 @@ module "apim_v2_io_backend_cgn_api_v1" {
 ## EUCOVIDCERT
 resource "azurerm_api_management_api_version_set" "io_backend_eucovidcert_api_v2" {
   name                = format("%s-io-backend-eucovidcert-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - eucovidcert"
   versioning_scheme   = "Segment"
 }
@@ -258,8 +258,8 @@ module "apim_v2_io_backend_eucovidcert_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-eucovidcert-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_eucovidcert_api_v2.id
@@ -283,8 +283,8 @@ module "apim_v2_io_backend_eucovidcert_api_v1" {
 ## MITVOUCHER
 resource "azurerm_api_management_api_version_set" "io_backend_mitvoucher_api_v2" {
   name                = format("%s-io-backend-mitvoucher-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - mitvoucher"
   versioning_scheme   = "Segment"
 }
@@ -293,8 +293,8 @@ module "apim_v2_io_backend_mitvoucher_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-mitvoucher-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_mitvoucher_api_v2.id
@@ -318,8 +318,8 @@ module "apim_v2_io_backend_mitvoucher_api_v1" {
 ## NOTIFICATIONS
 resource "azurerm_api_management_api_version_set" "io_backend_notifications_api_v2" {
   name                = format("%s-io-backend-notifications-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - notifications"
   versioning_scheme   = "Segment"
 }
@@ -328,8 +328,8 @@ module "apim_v2_io_backend_notifications_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-notifications-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_notifications_api_v2.id
@@ -353,8 +353,8 @@ module "apim_v2_io_backend_notifications_api_v1" {
 ## PUBLIC
 resource "azurerm_api_management_api_version_set" "io_backend_public_api_v2" {
   name                = format("%s-io-backend-public-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - public"
   versioning_scheme   = "Segment"
 }
@@ -363,8 +363,8 @@ module "apim_v2_io_backend_public_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-public-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_public_api_v2.id
@@ -388,8 +388,8 @@ module "apim_v2_io_backend_public_api_v1" {
 ## SESSION
 resource "azurerm_api_management_api_version_set" "io_backend_session_api_v2" {
   name                = format("%s-io-backend-session-api", var.env_short)
-  resource_group_name = module.apim_v2.resource_group_name
-  api_management_name = module.apim_v2.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
   display_name        = "${local.apim_v2_io_backend_api.display_name} - session"
   versioning_scheme   = "Segment"
 }
@@ -398,8 +398,8 @@ module "apim_v2_io_backend_session_api_v1" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                  = format("%s-io-backend-session-api", var.env_short)
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   product_ids           = [module.apim_v2_io_backend_product.product_id]
   subscription_required = local.apim_v2_io_backend_api.subscription_required
   version_set_id        = azurerm_api_management_api_version_set.io_backend_session_api_v2.id
diff --git a/src/core/apim_v2_io_public_api.tf b/src/core/apim_v2_io_public_api.tf
index 101932846..ec36b7a52 100644
--- a/src/core/apim_v2_io_public_api.tf
+++ b/src/core/apim_v2_io_public_api.tf
@@ -2,8 +2,8 @@ module "apim_v2_product_public" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.27.0"
 
   product_id            = "io-public-api"
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   display_name          = "IO PUBLIC API"
   description           = "PUBLIC API for IO platform."
   subscription_required = false
@@ -16,8 +16,8 @@ module "apim_v2_product_public" {
 # Named Value io_fn3_public_url
 resource "azurerm_api_management_named_value" "io_fn3_public_url_v2" {
   name                = "io-fn3-public-url"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "io-fn3-public-url"
   value               = "https://io-p-public-fn.azurewebsites.net"
 }
@@ -29,8 +29,8 @@ data "azurerm_key_vault_secret" "io_fn3_public_key_secret_v2" {
 
 resource "azurerm_api_management_named_value" "io_fn3_public_key_v2" {
   name                = "io-fn3-public-key"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "io-fn3-public-key"
   value               = data.azurerm_key_vault_secret.io_fn3_public_key_secret_v2.value
   secret              = "true"
@@ -40,8 +40,8 @@ module "api_v2_public" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                = "io-public-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   revision            = "1"
   display_name        = "IO PUBLIC API"
   description         = "PUBLIC API for IO platform."
diff --git a/src/core/apim_v2_io_services_api.tf b/src/core/apim_v2_io_services_api.tf
index 48eb0d734..5b339d5fc 100644
--- a/src/core/apim_v2_io_services_api.tf
+++ b/src/core/apim_v2_io_services_api.tf
@@ -2,8 +2,8 @@ module "apim_v2_product_services" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.27.0"
 
   product_id            = "io-services-api"
-  api_management_name   = module.apim_v2.name
-  resource_group_name   = module.apim_v2.resource_group_name
+  api_management_name   = data.azurerm_api_management.apim.name
+  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
   display_name          = "IO SERVICES API"
   description           = "SERVICES API for IO platform."
   subscription_required = true
@@ -15,8 +15,8 @@ module "apim_v2_product_services" {
 
 resource "azurerm_api_management_api_operation_policy" "submit_message_for_user_policy_v2" {
   api_name            = "io-services-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   operation_id        = "submitMessageforUser"
 
   xml_content = file("./api/io_services/v1/post_submitmessageforuser_policy/policy.xml")
@@ -24,8 +24,8 @@ resource "azurerm_api_management_api_operation_policy" "submit_message_for_user_
 
 resource "azurerm_api_management_api_operation_policy" "submit_message_for_user_with_fiscalcode_in_body_policy_v2" {
   api_name            = "io-services-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   operation_id        = "submitMessageforUserWithFiscalCodeInBody"
 
   xml_content = file("./api/io_services/v1/post_submitmessageforuserwithfiscalcodeinbody_policy/policy.xml")
@@ -34,8 +34,8 @@ resource "azurerm_api_management_api_operation_policy" "submit_message_for_user_
 # Named Value fn3-services
 resource "azurerm_api_management_named_value" "io_fn3_services_url_v2" {
   name                = "io-fn3-services-url"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "io-fn3-services-url"
   value               = "https://io-p-fn3-services.azurewebsites.net"
 }
@@ -47,8 +47,8 @@ data "azurerm_key_vault_secret" "io_fn3_services_key_secret_v2" {
 
 resource "azurerm_api_management_named_value" "io_fn3_services_key_v2" {
   name                = "io-fn3-services-key"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "io-fn3-services-key"
   value               = data.azurerm_key_vault_secret.io_fn3_services_key_secret_v2.value
   secret              = "true"
@@ -63,8 +63,8 @@ data "azurerm_key_vault_secret" "io_fn3_eucovidcert_key_secret_v2" {
 
 resource "azurerm_api_management_named_value" "io_fn3_eucovidcert_key_v2" {
   name                = "io-fn3-eucovidcert-key"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "io-fn3-eucovidcert-key"
   value               = data.azurerm_key_vault_secret.io_fn3_eucovidcert_key_secret_v2.value
   secret              = "true"
@@ -73,8 +73,8 @@ resource "azurerm_api_management_named_value" "io_fn3_eucovidcert_key_v2" {
 # alternative url, for differential routing (example: progressive rollout)
 resource "azurerm_api_management_named_value" "io_fn3_eucovidcert_url_alt_v2" {
   name                = "io-fn3-eucovidcert-url-alt"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "io-fn3-eucovidcert-url-alt"
   value               = "https://io-p-eucovidcert-fn.azurewebsites.net"
 }
@@ -87,8 +87,8 @@ data "azurerm_key_vault_secret" "api_gad_client_certificate_verified_header_secr
 
 resource "azurerm_api_management_named_value" "api_gad_client_certificate_verified_header_v2" {
   name                = "apigad-gad-client-certificate-verified-header"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "apigad-gad-client-certificate-verified-header"
   value               = data.azurerm_key_vault_secret.api_gad_client_certificate_verified_header_secret_v2.value
   secret              = "true"
@@ -98,8 +98,8 @@ module "api_v2_services" {
   source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
 
   name                = "io-services-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
   revision            = "1"
   display_name        = "IO SERVICES API"
   description         = "SERVICES API for IO platform."
diff --git a/src/core/app_backend.tf b/src/core/app_backend.tf
index be93112ab..50d99c7bd 100644
--- a/src/core/app_backend.tf
+++ b/src/core/app_backend.tf
@@ -42,7 +42,7 @@ locals {
       CGN_OPERATOR_SEARCH_API_KEY = data.azurerm_key_vault_secret.app_backend_CGN_OPERATOR_SEARCH_API_KEY_PROD.value
       EUCOVIDCERT_API_URL         = "https://${data.azurerm_linux_function_app.eucovidcert.default_hostname}/api/v1"
       EUCOVIDCERT_API_KEY         = data.azurerm_key_vault_secret.fn_eucovidcert_API_KEY_APPBACKEND.value
-      APP_MESSAGES_API_KEY        = data.azurerm_key_vault_secret.app_backend_APP_CITIZEN_APIM_KEY.value
+      APP_MESSAGES_API_KEY        = data.azurerm_key_vault_secret.app_backend_APP_MESSAGES_API_KEY.value
       LOLLIPOP_API_URL            = "https://${data.azurerm_linux_function_app.lollipop_function.default_hostname}"
       LOLLIPOP_API_KEY            = data.azurerm_key_vault_secret.app_backend_LOLLIPOP_ITN_API_KEY.value
       TRIAL_SYSTEM_API_URL        = "https://ts-p-itn-api-func-01.azurewebsites.net" # PROD-TRIAL subscription
@@ -71,7 +71,7 @@ locals {
       ALLOW_NOTIFY_IP_SOURCE_RANGE = "127.0.0.0/0"
 
       // LOCK / UNLOCK SESSION ENDPOINTS
-      ALLOW_SESSION_HANDLER_IP_SOURCE_RANGE = module.apim_v2_snet.address_prefixes[0]
+      ALLOW_SESSION_HANDLER_IP_SOURCE_RANGE = data.azurerm_subnet.apim.address_prefixes[0]
 
       // PAGOPA
       PAGOPA_API_URL_PROD = "https://api.platform.pagopa.it/checkout/auth/payments/v1"
@@ -279,19 +279,19 @@ locals {
       IS_APPBACKENDLI = "false"
       // FUNCTIONS
       API_URL              = "https://${data.azurerm_linux_function_app.function_app[1].default_hostname}/api/v1"
-      APP_MESSAGES_API_URL = "https://api-app.internal.io.pagopa.it/messages/l1/api/v1"
+      APP_MESSAGES_API_URL = "https://io-p-itn-msgs-citizen-func-01.azurewebsites.net/api/v1"
     }
     app_settings_l2 = {
       IS_APPBACKENDLI = "false"
       // FUNCTIONS
       API_URL              = "https://${data.azurerm_linux_function_app.function_app[1].default_hostname}/api/v1"
-      APP_MESSAGES_API_URL = "https://api-app.internal.io.pagopa.it/messages/l2/api/v1"
+      APP_MESSAGES_API_URL = "https://io-p-itn-msgs-citizen-func-02.azurewebsites.net/api/v1"
     }
     app_settings_li = {
       IS_APPBACKENDLI = "true"
       // FUNCTIONS
       API_URL              = "https://${data.azurerm_linux_function_app.function_app[1].default_hostname}/api/v1" # not used
-      APP_MESSAGES_API_URL = "https://api-app.internal.io.pagopa.it/messages/l1/api/v1"                           # not used
+      APP_MESSAGES_API_URL = "https://io-p-itn-msgs-citizen-func-01.azurewebsites.net/api/v1"                     # not used
     }
   }
 
@@ -670,7 +670,7 @@ module "appservice_app_backendl1" {
     data.azurerm_subnet.services_snet[0].id,
     data.azurerm_subnet.services_snet[1].id,
     data.azurerm_subnet.appgateway_snet.id,
-    module.apim_v2_snet.id,
+    data.azurerm_subnet.apim.id,
   ]
 
   allowed_ips = concat(
@@ -717,11 +717,11 @@ module "appservice_app_backendl1_slot_staging" {
   ip_restriction_default_action = "Deny"
 
   allowed_subnets = [
-    module.azdoa_snet[0].id,
+    data.azurerm_subnet.azdoa_snet.id,
     data.azurerm_subnet.services_snet[0].id,
     data.azurerm_subnet.services_snet[1].id,
     data.azurerm_subnet.appgateway_snet.id,
-    module.apim_v2_snet.id,
+    data.azurerm_subnet.apim.id,
   ]
 
   allowed_ips = concat(
@@ -800,7 +800,7 @@ module "appservice_app_backendl2" {
     data.azurerm_subnet.services_snet[0].id,
     data.azurerm_subnet.services_snet[1].id,
     data.azurerm_subnet.appgateway_snet.id,
-    module.apim_v2_snet.id,
+    data.azurerm_subnet.apim.id,
   ]
 
   allowed_ips = concat(
@@ -847,11 +847,11 @@ module "appservice_app_backendl2_slot_staging" {
   ip_restriction_default_action = "Deny"
 
   allowed_subnets = [
-    module.azdoa_snet[0].id,
+    data.azurerm_subnet.azdoa_snet.id,
     data.azurerm_subnet.services_snet[0].id,
     data.azurerm_subnet.services_snet[1].id,
     data.azurerm_subnet.appgateway_snet.id,
-    module.apim_v2_snet.id,
+    data.azurerm_subnet.apim.id,
   ]
 
   allowed_ips = concat(
@@ -964,7 +964,7 @@ module "appservice_app_backendli_slot_staging" {
   ip_restriction_default_action = "Deny"
 
   allowed_subnets = [
-    module.azdoa_snet[0].id,
+    data.azurerm_subnet.azdoa_snet.id,
     data.azurerm_subnet.services_snet[0].id,
     data.azurerm_subnet.services_snet[1].id,
     data.azurerm_subnet.admin_snet.id,
diff --git a/src/core/assets_cdn.tf b/src/core/assets_cdn.tf
deleted file mode 100644
index 6ada88a72..000000000
--- a/src/core/assets_cdn.tf
+++ /dev/null
@@ -1,189 +0,0 @@
-resource "azurerm_resource_group" "assets_cdn_rg" {
-  name     = "${local.project}-assets-cdn-rg"
-  location = var.location
-
-  tags = var.tags
-}
-
-module "assets_cdn" {
-  source = "github.com/pagopa/terraform-azurerm-v3//storage_account?ref=v8.27.0"
-
-  name                            = replace(format("%s-stcdnassets", local.project), "-", "")
-  account_kind                    = "StorageV2"
-  account_tier                    = "Standard"
-  access_tier                     = "Hot"
-  blob_versioning_enabled         = true
-  account_replication_type        = "GZRS"
-  resource_group_name             = azurerm_resource_group.rg_common.name
-  location                        = azurerm_resource_group.rg_common.location
-  advanced_threat_protection      = false
-  allow_nested_items_to_be_public = true
-  public_network_access_enabled   = true
-
-  index_document     = "index.html"
-  error_404_document = "index.html"
-
-  tags = var.tags
-}
-
-resource "azurerm_cdn_profile" "assets_cdn_profile" {
-  name                = "${local.project}-assets-cdn-profile"
-  resource_group_name = azurerm_resource_group.assets_cdn_rg.name
-  location            = var.location
-  sku                 = "Standard_Microsoft"
-
-  tags = var.tags
-}
-
-data "azurerm_key_vault_secret" "assets_cdn_fn_key_cdn" {
-  name         = "${data.azurerm_linux_function_app.function_assets_cdn.name}-KEY-CDN"
-  key_vault_id = data.azurerm_key_vault.key_vault_common.id
-}
-
-resource "azurerm_cdn_endpoint" "assets_cdn_endpoint" {
-  name                          = "${local.project}-assets-cdn-endpoint"
-  resource_group_name           = azurerm_resource_group.assets_cdn_rg.name
-  location                      = var.location
-  profile_name                  = azurerm_cdn_profile.assets_cdn_profile.name
-  is_https_allowed              = true
-  is_http_allowed               = false
-  querystring_caching_behaviour = "IgnoreQueryString"
-  origin_host_header            = data.azurerm_linux_function_app.function_assets_cdn.default_hostname
-
-  origin {
-    name      = "primary"
-    host_name = data.azurerm_linux_function_app.function_assets_cdn.default_hostname
-  }
-
-  global_delivery_rule {
-    cache_expiration_action {
-      behavior = "Override"
-      duration = "08:00:00"
-    }
-
-    modify_request_header_action {
-      action = "Append"
-      name   = "x-functions-key"
-      value  = data.azurerm_key_vault_secret.assets_cdn_fn_key_cdn.value
-    }
-  }
-
-  delivery_rule {
-    name  = "servicesdata"
-    order = 1
-    url_path_condition {
-      operator     = "BeginsWith"
-      match_values = ["/services-data"]
-    }
-    cache_expiration_action {
-      behavior = "Override"
-      duration = "00:15:00"
-    }
-  }
-
-  delivery_rule {
-    name  = "bonus"
-    order = 2
-    url_path_condition {
-      operator     = "BeginsWith"
-      match_values = ["/bonus"]
-    }
-    cache_expiration_action {
-      behavior = "Override"
-      duration = "00:15:00"
-    }
-  }
-
-  delivery_rule {
-    name  = "status"
-    order = 3
-    url_path_condition {
-      operator     = "BeginsWith"
-      match_values = ["/status"]
-    }
-    cache_expiration_action {
-      behavior = "Override"
-      duration = "00:05:00"
-    }
-  }
-
-  delivery_rule {
-    name  = "assistancetoolszendesk"
-    order = 4
-    url_path_condition {
-      operator     = "BeginsWith"
-      match_values = ["/assistanceTools/zendesk.json"]
-    }
-    cache_expiration_action {
-      behavior = "Override"
-      duration = "00:05:00"
-    }
-  }
-
-  delivery_rule {
-    name  = "sign"
-    order = 5
-    url_path_condition {
-      operator     = "BeginsWith"
-      match_values = ["/sign"]
-      transforms   = ["Lowercase"]
-    }
-    modify_response_header_action {
-      action = "Append"
-      name   = "Access-Control-Allow-Origin"
-      value  = "*"
-    }
-  }
-
-  tags = var.tags
-}
-
-resource "azurerm_dns_cname_record" "assets_cdn_io_pagopa_it" {
-  name                = "assets.cdn"
-  zone_name           = data.azurerm_dns_zone.io_pagopa_it[0].name
-  resource_group_name = azurerm_resource_group.rg_external.name
-  ttl                 = var.dns_default_ttl_sec
-  record              = azurerm_cdn_endpoint.assets_cdn_endpoint.fqdn
-
-  tags = var.tags
-}
-
-resource "azurerm_cdn_endpoint_custom_domain" "assets_cdn" {
-  depends_on = [
-    azurerm_dns_cname_record.assets_cdn_io_pagopa_it,
-  ]
-
-  name            = replace("${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${join(".", [var.dns_zone_io, var.external_domain])}", ".", "-")
-  cdn_endpoint_id = azurerm_cdn_endpoint.assets_cdn_endpoint.id
-  host_name       = "${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${join(".", [var.dns_zone_io, var.external_domain])}"
-  cdn_managed_https {
-    certificate_type = "Dedicated"
-    protocol_type    = "ServerNameIndication"
-    tls_version      = "TLS12"
-  }
-}
-
-resource "azurerm_dns_cname_record" "assets_cdn_io_italia_it" {
-  name                = "assets.cdn"
-  zone_name           = data.azurerm_dns_zone.io_italia_it.name
-  resource_group_name = azurerm_resource_group.rg_external.name
-  ttl                 = var.dns_default_ttl_sec
-  record              = azurerm_cdn_endpoint.assets_cdn_endpoint.fqdn
-
-  tags = var.tags
-}
-
-resource "azurerm_cdn_endpoint_custom_domain" "assets_cdn_io_italia_it" {
-  depends_on = [
-    azurerm_dns_cname_record.assets_cdn_io_italia_it,
-  ]
-
-  name            = replace("${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${join(".", [var.dns_zone_io, "italia.it"])}", ".", "-")
-  cdn_endpoint_id = azurerm_cdn_endpoint.assets_cdn_endpoint.id
-  host_name       = "${azurerm_dns_cname_record.assets_cdn_io_pagopa_it.name}.${join(".", [var.dns_zone_io, "italia.it"])}"
-  cdn_managed_https {
-    certificate_type = "Dedicated"
-    protocol_type    = "ServerNameIndication"
-    tls_version      = "TLS12"
-  }
-}
diff --git a/src/core/azure_devops_agent.tf b/src/core/azure_devops_agent.tf
deleted file mode 100644
index 646a962d7..000000000
--- a/src/core/azure_devops_agent.tf
+++ /dev/null
@@ -1,50 +0,0 @@
-resource "azurerm_resource_group" "azdo_rg" {
-  count    = var.enable_azdoa ? 1 : 0
-  name     = format("%s-azdoa-rg", local.project)
-  location = var.location
-
-  tags = var.tags
-}
-
-module "azdoa_snet" {
-  count  = var.enable_azdoa ? 1 : 0
-  source = "github.com/pagopa/terraform-azurerm-v3//subnet?ref=v8.27.0"
-
-  name                                      = "azure-devops"
-  address_prefixes                          = var.cidr_subnet_azdoa
-  resource_group_name                       = azurerm_resource_group.rg_common.name
-  virtual_network_name                      = data.azurerm_virtual_network.common.name
-  private_endpoint_network_policies_enabled = false
-
-  service_endpoints = [
-    "Microsoft.Web",
-  ]
-}
-
-module "azdoa_li_infra" {
-  source              = "github.com/pagopa/terraform-azurerm-v3//azure_devops_agent?ref=v8.27.0"
-  count               = var.enable_azdoa ? 1 : 0
-  name                = "${local.project}-azdoa-vmss-li-infra"
-  resource_group_name = azurerm_resource_group.azdo_rg[0].name
-  subnet_id           = module.azdoa_snet[0].id
-  subscription_id     = data.azurerm_subscription.current.subscription_id
-  location            = var.location
-  source_image_name   = var.azdoa_image_name
-  vm_sku              = "Standard_B2als_v2"
-
-  tags = var.tags
-}
-
-module "azdoa_loadtest_li" {
-  source              = "github.com/pagopa/terraform-azurerm-v3//azure_devops_agent?ref=v8.27.0"
-  count               = var.enable_azdoa ? 1 : 0
-  name                = format("%s-azdoa-vmss-loadtest-li", local.project)
-  resource_group_name = azurerm_resource_group.azdo_rg[0].name
-  subnet_id           = module.azdoa_snet[0].id
-  subscription_id     = data.azurerm_subscription.current.subscription_id
-  location            = var.location
-  source_image_name   = var.azdoa_image_name
-  vm_sku              = "Standard_D8ds_v5"
-
-  tags = var.tags
-}
diff --git a/src/core/data.tf b/src/core/data.tf
index b1e1570de..ee0695fca 100644
--- a/src/core/data.tf
+++ b/src/core/data.tf
@@ -15,6 +15,20 @@ data "azurerm_cosmosdb_account" "cosmos_remote_content" {
   resource_group_name = "io-p-messages-data-rg"
 }
 
+#
+# APIM
+#
+data "azurerm_subnet" "apim" {
+  name                 = "apimv2api"
+  resource_group_name  = azurerm_resource_group.rg_common.name
+  virtual_network_name = data.azurerm_virtual_network.common.name
+}
+
+data "azurerm_api_management" "apim" {
+  name                = "io-p-apim-v2-api"
+  resource_group_name = "io-p-rg-internal"
+}
+
 #
 # Logs resources
 #
@@ -311,11 +325,6 @@ data "azurerm_linux_function_app" "function_app" {
   resource_group_name = format("%s-app-rg-%d", local.project, count.index + 1)
 }
 
-data "azurerm_linux_function_app" "function_assets_cdn" {
-  name                = format("%s-assets-cdn-fn", local.project)
-  resource_group_name = format("%s-assets-cdn-rg", local.project)
-}
-
 data "azurerm_api_management" "trial_system" {
   provider            = azurerm.prod-trial
   name                = "ts-p-itn-apim-01"
@@ -447,4 +456,14 @@ data "azurerm_subnet" "appgateway_snet" {
   name                 = "${local.project}-appgateway-snet"
   resource_group_name  = azurerm_resource_group.rg_common.name
   virtual_network_name = data.azurerm_virtual_network.common.name
+}
+
+#
+# Azure DevOps Agent
+#
+
+data "azurerm_subnet" "azdoa_snet" {
+  name                 = "azure-devops"
+  resource_group_name  = azurerm_resource_group.rg_common.name
+  virtual_network_name = data.azurerm_virtual_network.common.name
 }
\ No newline at end of file
diff --git a/src/core/grafana.tf b/src/core/grafana.tf
deleted file mode 100644
index 7706306a7..000000000
--- a/src/core/grafana.tf
+++ /dev/null
@@ -1,52 +0,0 @@
-resource "azurerm_resource_group" "grafana_dashboard_rg" {
-  name     = "${local.project}-grafana-dashboard-rg"
-  location = var.location
-
-  tags = var.tags
-}
-
-data "azurerm_key_vault_secret" "smtp" {
-  name         = "${local.project}-grafana-smtp-password"
-  key_vault_id = data.azurerm_key_vault.key_vault.id
-}
-
-resource "azurerm_dashboard_grafana" "grafana_dashboard" {
-  name                              = "${local.project}-grafana"
-  resource_group_name               = azurerm_resource_group.grafana_dashboard_rg.name
-  location                          = var.location
-  api_key_enabled                   = true
-  deterministic_outbound_ip_enabled = true
-  public_network_access_enabled     = true
-  zone_redundancy_enabled           = true
-  grafana_major_version             = 10
-
-  identity {
-    type = "SystemAssigned"
-  }
-
-  smtp {
-    enabled                   = true
-    from_address              = "io-service-management@pagopa.it"
-    from_name                 = "Service Management di IO"
-    host                      = "smtp.gmail.com:587"
-    start_tls_policy          = "OpportunisticStartTLS"
-    user                      = "io-service-management@pagopa.it"
-    verification_skip_enabled = false
-    password                  = data.azurerm_key_vault_secret.smtp.value
-  }
-
-  tags = var.tags
-}
-
-# TODO: review pipeline permissions
-# resource "azurerm_role_assignment" "grafana_dashboard_monitoring_reader" {
-#   scope                = data.azurerm_subscription.current.id
-#   role_definition_name = "Monitoring Reader"
-#   principal_id         = azurerm_dashboard_grafana.grafana_dashboard.identity[0].principal_id
-# }
-
-# resource "azurerm_role_assignment" "grafana_dashboard_monitoring_contributor" {
-#   scope                = data.azurerm_subscription.current.id
-#   role_definition_name = "Monitoring Contributor"
-#   principal_id         = azurerm_dashboard_grafana.grafana_dashboard.identity[0].principal_id
-# }
diff --git a/src/core/prod/.terraform.lock.hcl b/src/core/prod/.terraform.lock.hcl
index 98d5d78c0..a2c505b48 100644
--- a/src/core/prod/.terraform.lock.hcl
+++ b/src/core/prod/.terraform.lock.hcl
@@ -47,69 +47,93 @@ provider "registry.terraform.io/hashicorp/azurerm" {
 }
 
 provider "registry.terraform.io/hashicorp/local" {
-  version     = "2.5.1"
+  version     = "2.5.2"
   constraints = "~> 2.3"
   hashes = [
-    "h1:/GAVA/xheGQcbOZEq0qxANOg+KVLCA7Wv8qluxhTjhU=",
-    "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=",
-    "h1:Np4kERf9SMrqUi7DJ1rK3soMK14k49nfgE7l/ipQ5xw=",
-    "h1:tjcGlQAFA0kmQ4vKkIPPUC4it1UYxLbg4YvHOWRAJHA=",
-    "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561",
-    "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561",
-    "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5",
-    "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24",
-    "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667",
-    "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8",
-    "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
+    "h1:6NIiHWMbE9bFZaUiqC+OokdWSbW7g3+yQYnO4yvgtuY=",
+    "h1:IyFbOIO6mhikFNL/2h1iZJ6kyN3U00jgkpCLUCThAfE=",
+    "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
+    "h1:p99F1AoV9z51aJ4EdItxz/vLwWIyhx/0Iw7L7sWSH1o=",
+    "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
+    "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
+    "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
+    "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
+    "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
+    "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0",
-    "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867",
-    "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4",
-    "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520",
+    "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
+    "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
+    "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
+    "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
+    "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/null" {
-  version = "3.2.2"
+  version     = "3.2.3"
+  constraints = "~> 3.2"
   hashes = [
-    "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
-    "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=",
-    "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=",
-    "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=",
-    "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
-    "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
-    "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
-    "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
-    "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
-    "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
-    "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
+    "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=",
+    "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=",
+    "h1:nKUqWEza6Lcv3xRlzeiRQrHtqvzX1BhIzjaOVXRYQXQ=",
+    "h1:zxoDtu918XPWJ/Y6s4aFrZydn6SfqkRc5Ax1ZLnC6Ew=",
+    "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2",
+    "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d",
+    "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3",
+    "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f",
+    "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
-    "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
-    "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
-    "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
+    "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301",
+    "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670",
+    "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed",
+    "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65",
+    "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd",
+    "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/random" {
-  version     = "3.6.2"
+  version     = "3.6.3"
   constraints = "~> 3.4"
   hashes = [
-    "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=",
-    "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=",
-    "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=",
-    "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=",
-    "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
-    "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
-    "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
-    "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
-    "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
-    "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
-    "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
+    "h1:+UItZOLue/moJfnI3tqZBQbXUYR4ZnqPYfJDJPgLZy0=",
+    "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=",
+    "h1:f6jXn4MCv67kgcofx9D49qx1ZEBv8oyvwKDMPBr0A24=",
+    "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=",
+    "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451",
+    "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8",
+    "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe",
+    "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1",
+    "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36",
+    "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
-    "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
-    "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
-    "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
+    "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30",
+    "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615",
+    "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad",
+    "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556",
+    "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+  version     = "4.0.6"
+  constraints = "~> 4.0"
+  hashes = [
+    "h1:/sSdjHoiykrPdyBP1JE03V/KDgLXnHZhHcSOYIdDH/A=",
+    "h1:17Y+vdYNKgphpe1/SU5PBnGuYKEJkJZ7MZCnmAwsAGQ=",
+    "h1:dYSb3V94K5dDMtrBRLPzBpkMTPn+3cXZ/kIJdtFL+2M=",
+    "h1:n3M50qfWfRSpQV9Pwcvuse03pEizqrmYEryxKky4so4=",
+    "zh:10de0d8af02f2e578101688fd334da3849f56ea91b0d9bd5b1f7a243417fdda8",
+    "zh:37fc01f8b2bc9d5b055dc3e78bfd1beb7c42cfb776a4c81106e19c8911366297",
+    "zh:4578ca03d1dd0b7f572d96bd03f744be24c726bfd282173d54b100fd221608bb",
+    "zh:6c475491d1250050765a91a493ef330adc24689e8837a0f07da5a0e1269e11c1",
+    "zh:81bde94d53cdababa5b376bbc6947668be4c45ab655de7aa2e8e4736dfd52509",
+    "zh:abdce260840b7b050c4e401d4f75c7a199fafe58a8b213947a258f75ac18b3e8",
+    "zh:b754cebfc5184873840f16a642a7c9ef78c34dc246a8ae29e056c79939963c7a",
+    "zh:c928b66086078f9917aef0eec15982f2e337914c5c4dbc31dd4741403db7eb18",
+    "zh:cded27bee5f24de6f2ee0cfd1df46a7f88e84aaffc2ecbf3ff7094160f193d50",
+    "zh:d65eb3867e8f69aaf1b8bb53bd637c99c6b649ba3db16ded50fa9a01076d1a27",
+    "zh:ecb0c8b528c7a619fa71852bb3fb5c151d47576c5aab2bf3af4db52588722eeb",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
diff --git a/src/core/prod/README.md b/src/core/prod/README.md
index ab8256be5..16539a539 100644
--- a/src/core/prod/README.md
+++ b/src/core/prod/README.md
@@ -10,6 +10,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_azdoa_weu"></a> [azdoa\_weu](#module\_azdoa\_weu) | ../_modules/azure_devops_agent | n/a |
 | <a name="module_container_registry"></a> [container\_registry](#module\_container\_registry) | ../_modules/container_registry | n/a |
 | <a name="module_key_vault_weu"></a> [key\_vault\_weu](#module\_key\_vault\_weu) | ../_modules/key_vaults | n/a |
 | <a name="module_networking_itn"></a> [networking\_itn](#module\_networking\_itn) | ../_modules/networking | n/a |
diff --git a/src/core/prod/locals.tf b/src/core/prod/locals.tf
index 91ccbf5af..1662a4a10 100644
--- a/src/core/prod/locals.tf
+++ b/src/core/prod/locals.tf
@@ -14,4 +14,23 @@ locals {
     Owner       = "IO"
     Source      = "https://github.com/pagopa/io-infra/blob/main/src/core/prod"
   }
+
+  # TODO: edit this block when resource groups module is implemented
+  resource_groups = {
+    weu = {
+      common   = "${local.project_weu_legacy}-rg-common"
+      internal = "${local.project_weu_legacy}-rg-internal"
+      external = "${local.project_weu_legacy}-rg-external"
+      event    = "${local.project_weu_legacy}-evt-rg"
+      sec      = "${local.project_weu_legacy}-sec-rg"
+    }
+
+    itn = {
+      common   = "${local.project_itn}-common-rg-01"
+      internal = "${local.project_itn}-common-rg-01"
+      external = "${local.project_itn}-common-rg-01"
+      event    = "${local.project_itn}-common-rg-01"
+      sec      = "${local.project_itn}-sec-rg-01"
+    }
+  }
 }
diff --git a/src/core/prod/westeurope.tf b/src/core/prod/westeurope.tf
index ed3d74085..ead5d6fea 100644
--- a/src/core/prod/westeurope.tf
+++ b/src/core/prod/westeurope.tf
@@ -108,3 +108,22 @@ module "vpn_weu" {
 
   tags = local.tags
 }
+
+module "azdoa_weu" {
+  source = "../_modules/azure_devops_agent"
+
+  location            = data.azurerm_resource_group.common_weu.location
+  location_short      = local.location_short[data.azurerm_resource_group.common_weu.location]
+  resource_group_name = data.azurerm_resource_group.common_weu.name
+  project             = local.project_weu_legacy
+
+  vnet_common     = module.networking_weu.vnet_common
+  resource_groups = local.resource_groups[local.location_short[data.azurerm_resource_group.common_weu.location]]
+  datasources = {
+    azurerm_client_config = data.azurerm_client_config.current
+  }
+
+  cidr_subnet = ["10.0.250.0/24"]
+
+  tags = local.tags
+}
\ No newline at end of file