diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index a8b091f4aa5ecbb5223c37ae940532020b22a75c..074aadecf947a833305a72ae6b0d97849f373bcf 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -27,6 +27,10 @@ environmentVariables:
     value: "http://os-entitlements:8080"
   - name: REGISTER_BASE_URL
     value: http://os-register:8080
+  - name: TMP_VOLUME_PATH
+    value: "/tmp"
+  - name: PARTITION_BASE_URL
+    value: http://os-partition:8080
 
 # Resource Config
 replicaCount: 1
@@ -62,7 +66,7 @@ cors:
 securityContext: 
   runAsUser: 10001
   runAsNonRoot: true
-  readOnlyRootFilesystem: false
+  readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
   capabilities:
     drop:
diff --git a/provider/notification-aws/build-aws/Dockerfile b/provider/notification-aws/build-aws/Dockerfile
index bacdf23dcc2d3acf06a71d04dbd2ca9830c9efc3..07b035a53cfe282396db1095e69996e612ad9e23 100644
--- a/provider/notification-aws/build-aws/Dockerfile
+++ b/provider/notification-aws/build-aws/Dockerfile
@@ -19,12 +19,9 @@ ARG JAR_FILE=provider/notification-aws/target/*spring-boot.jar
 # Harcoding this value since Notification-core requires this variable. AWS does not use it. Might change in future
 ENV ENVIRONMENT=DEV
 
-#Default to using self signed generated TLS cert
-ENV USE_SELF_SIGNED_SSL_CERT true
 
 WORKDIR /
 COPY ${JAR_FILE} app.jar
-COPY /provider/notification-aws/build-aws/ssl.sh /ssl.sh
 COPY /provider/notification-aws/build-aws/entrypoint.sh /entrypoint.sh
 EXPOSE 8080
 
diff --git a/provider/notification-aws/build-aws/entrypoint.sh b/provider/notification-aws/build-aws/entrypoint.sh
index 9bd3ec69d01fba69f4bece2162e7faba5cc0f0cb..412f71afd92e9c2ed3e50a2863cb5675c8a69b43 100755
--- a/provider/notification-aws/build-aws/entrypoint.sh
+++ b/provider/notification-aws/build-aws/entrypoint.sh
@@ -1,15 +1,4 @@
 
 
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then    
-    export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
-    export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
-    export SSL_KEY_STORE_DIR=/tmp/certs;
-    export SSL_KEY_STORE_NAME=osduonaws.p12;
-    export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
-    export SSL_KEY_ALIAS=osduonaws;
-    
-    ./ssl.sh;
-fi
 
 java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
diff --git a/provider/notification-aws/build-aws/ssl.sh b/provider/notification-aws/build-aws/ssl.sh
deleted file mode 100755
index 9ede565684bdd46cb09e56fce721ced55206ca07..0000000000000000000000000000000000000000
--- a/provider/notification-aws/build-aws/ssl.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2021 Amazon Web Services
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/usr/bin/env bash
-
-#Future: Support for using Amazon Cert Manager
-# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
-# then
-
-#   aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
-#   openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
-#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
-
-# fi
-
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then
-    mkdir -p $SSL_KEY_STORE_DIR
-    pushd $SSL_KEY_STORE_DIR
-    keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
-    popd
-fi
diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index fa011611f8ebcb9c4f4a638118c28f45fbaf63ba..e5f3ecb146a3cb6b47671b7360a78d1292abc3fb 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -76,7 +76,7 @@
         <dependency>
             <groupId>org.opengroup.osdu.core.aws</groupId>
             <artifactId>os-core-lib-aws</artifactId>
-            <version>0.19.0-rc3</version>
+            <version>0.21.0-rc1</version>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
diff --git a/provider/notification-aws/src/main/resources/application.properties b/provider/notification-aws/src/main/resources/application.properties
index 476714e0d2e4c37fee01a61125079f30fdcf454b..57c8d48c43d1f3beb3d70747393c7a9f53cd55f9 100644
--- a/provider/notification-aws/src/main/resources/application.properties
+++ b/provider/notification-aws/src/main/resources/application.properties
@@ -18,7 +18,7 @@ server.servlet.contextPath=/api/notification/v1
 server.port=${APPLICATION_PORT:8080}
 
 AUTHORIZE_API=${ENTITLEMENTS_BASE_URL}/api/entitlements/v2
-PARTITION_API=${ENTITLEMENTS_BASE_URL}/api/partition/v1
+PARTITION_API=${PARTITION_BASE_URL}/api/partition/v1
 REGISTER_SERVICE_URL=${REGISTER_BASE_URL}/api/register/v1
 
 aws.ssm=${SSM_ENABLED:True}
diff --git a/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java b/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
index eefe15dbb03971d47479e269be582120533c52b3..5627cbc10ce458d23c6a11096f1dc39318835dae 100644
--- a/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
+++ b/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
@@ -73,7 +73,7 @@ public class TestPubsubEndpointHMAC extends PubsubEndpointHMACTests {
     @Override
     public void should_return401_when_noAccessOnCustomerTenant() throws Exception {
         ClientResponse response = descriptor.runOnCustomerTenant(getArg(), getOsduTenantAdminCredentials());
-        assertEquals(error(	response.getEntity(String.class)), 403, response.getStatus());
+        assertEquals(error(	response.getEntity(String.class)), 401, response.getStatus());
     }
 
     @Test