diff --git a/devops/aws/chart/Chart.yaml b/devops/aws/chart/Chart.yaml
index 4281add8d0cfcca9ab405108b08bbd6e3588262d..b919f0be0fbddcd7efc8a5e3031789447155bedc 100644
--- a/devops/aws/chart/Chart.yaml
+++ b/devops/aws/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: "os-schema"
-version:
+version: __CHART_VERSION__
 kubeVersion: "v1.21.x-x-x"
 description: Schema Helm Chart for Kubernetes
 type: application
diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index a1bd05774e16571dbd370f0d3db4bb833b7f56c0..4d195f1e3a99120e77f87db761199b6bb8a02e7c 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -44,7 +44,7 @@ autoscaling:
   # targetMemoryUtilizationPercentage: 80
 
 # Security Config
-serviceAccountRole: arn:aws:iam::{{ .Values.global.accountID }}:role/{{ .Values.global.resourcePrefix }}-{{ include "common.name" . }}
+serviceAccountRole: arn:aws:iam::{{ .Values.global.accountID }}:role/osdu-{{ .Values.global.resourcePrefix }}-{{ .Values.global.region }}-{{ include "common.name" . }}
 cors:
   maxAge: "60m"
   allowCredentials: true
diff --git a/provider/schema-aws/build-aws/buildspec.yaml b/provider/schema-aws/build-aws/buildspec.yaml
index 605414979bb826a8defe8e4fdbc343247ce87951..ed9315779d68d04baaa5526fcf0ee2a1f2b2bac1 100644
--- a/provider/schema-aws/build-aws/buildspec.yaml
+++ b/provider/schema-aws/build-aws/buildspec.yaml
@@ -41,10 +41,13 @@ phases:
       - mvn -version
       - mkdir -p /root/.m2
       - cp ./provider/schema-aws/maven/settings.xml /root/.m2/settings.xml # copy the AWS-specific settings.xml to the CodeBuild instance's .m2 folder
-      - wget https://github.com/mikefarah/yq/releases/download/v4.27.2/yq_linux_amd64 -q -O /usr/bin/yq && chmod +x /usr/bin/yq
       # Get the AWS Maven Auth Token
       - export AWS_ACCOUNT_ID=`aws sts get-caller-identity | grep Account | cut -d':' -f 2 | cut -d'"' -f 2`
       - export AWS_OSDU_DEV_MAVEN_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain $AWS_OSDU_DEV_MAVEN_DOMAIN --domain-owner $AWS_ACCOUNT_ID --query authorizationToken --output text`
+      # Install git secrets
+      - git clone https://github.com/awslabs/git-secrets.git
+      - cd git-secrets && make install && cd ..
+      - git secrets --install && git secrets --register-aws
   pre_build:
     commands:
       - echo "Logging in to Amazon ECR..."
@@ -66,6 +69,9 @@ phases:
       - export VERSION=${pom_version%-*}
       - printenv
 
+      - GIT_SECRETS_SCAN_RESULT=$(git secrets --scan 2> ${OUTPUT_DIR}/git_secrets.out.txt && echo OK || echo FAILED)
+      - if [ "$GIT_SECRETS_SCAN_RESULT" = "FAILED" ]; then echo "Secrets detected!" && exit 1; fi
+
       - echo "Building primary service assemblies..."
       - mvn install -N # required for this service to install the parent pom so that the integration tests will find it
       - mvn -B test install sonar:sonar -pl .,schema-core,provider/schema-aws -Ddeployment.environment=prod -Dsonar.login=${SONAR_USERNAME} -Dsonar.password=${SONAR_PASSWORD} -Dsonar.branch.name=${BRANCH_NAME} 
@@ -79,7 +85,8 @@ phases:
       - chmod +x ./deployments/scripts/aws/prepare-dist.sh
       - ./deployments/scripts/aws/prepare-dist.sh
 
-      - yq -i '.version = strenv(VERSION)' devops/aws/chart/Chart.yaml
+      - sed -i "s|__CHART_VERSION__|$VERSION|"  devops/aws/chart/Chart.yaml
+      - sed -i "s|__CONTAINER__|$ECR_IMAGE|"  devops/aws/chart/values.yaml
       - echo "--Copying Helm Charts to ${OUTPUT_DIR:-dist}--"
       - rsync -r devops/aws/* "${OUTPUT_DIR:-dist}"