diff --git a/terraform/environments/ccms-ebs-upgrade/iam.tf b/terraform/environments/ccms-ebs-upgrade/iam.tf
index f57a522fb20..b35bbd63146 100644
--- a/terraform/environments/ccms-ebs-upgrade/iam.tf
+++ b/terraform/environments/ccms-ebs-upgrade/iam.tf
@@ -276,3 +276,36 @@ resource "aws_iam_role_policy_attachment" "ec2_operations_policy_att" {
   role       = aws_iam_role.role_stsassume_oracle_base.name
   policy_arn = aws_iam_policy.ec2_operations_policy.arn
 }
+
+# S3 shared bucket
+
+data "aws_iam_policy_document" "ccms_ebs_shared_s3" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:CopyObject",
+      "s3:DeleteObject",
+      "s3:DeleteObjects",
+      "s3:GetObject",
+      "s3:ListObjects",
+      "s3:ListObjectsV2",
+      "s3:ListBucket",
+      "s3:PutObject"
+    ]
+    resources = [
+      aws_s3_bucket.ccms_ebs_shared.arn,
+      "${aws_s3_bucket.ccms_ebs_shared.arn}/*"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "ccms_ebs_shared_s3" {
+  description = "Policy to allow operations in ${aws_s3_bucket.ccms_ebs_shared.id}"
+  name        = "ccms_ebs_shared_s3-${local.environment}"
+  policy      = data.aws_iam_policy_document.ccms_ebs_shared_s3.json
+}
+
+resource "aws_iam_role_policy_attachment" "ccms_ebs_shared_s3" {
+  role       = aws_iam_role.role_stsassume_oracle_base.name
+  policy_arn = aws_iam_policy.ccms_ebs_shared_s3.arn
+}
diff --git a/terraform/environments/ccms-ebs-upgrade/s3.tf b/terraform/environments/ccms-ebs-upgrade/s3.tf
index 83148792a49..7be816cd670 100644
--- a/terraform/environments/ccms-ebs-upgrade/s3.tf
+++ b/terraform/environments/ccms-ebs-upgrade/s3.tf
@@ -276,3 +276,7 @@ data "aws_iam_policy_document" "dbbackup_s3_policy" {
     resources = ["${module.s3-bucket-dbbackup.bucket.arn}/*"]
   }
 }
+
+resource "aws_s3_bucket" "ccms_ebs_shared" {
+  bucket = "${local.application_name}-${local.environment}-shared"
+}
diff --git a/terraform/environments/ccms-ebs-upgrade/ssm.tf b/terraform/environments/ccms-ebs-upgrade/ssm.tf
new file mode 100644
index 00000000000..998822fc365
--- /dev/null
+++ b/terraform/environments/ccms-ebs-upgrade/ssm.tf
@@ -0,0 +1,7 @@
+resource "aws_ssm_document" "oracle_lms_cpuq" {
+  name            = "Oracle-lms-cpuq"
+  document_type   = "Command"
+  document_format = "YAML"
+
+  content = file("ssm_oracle_lms_cpuq.yaml")
+}
\ No newline at end of file
diff --git a/terraform/environments/ccms-ebs-upgrade/ssm_oracle_lms_cpuq.yaml b/terraform/environments/ccms-ebs-upgrade/ssm_oracle_lms_cpuq.yaml
new file mode 100644
index 00000000000..34c48983324
--- /dev/null
+++ b/terraform/environments/ccms-ebs-upgrade/ssm_oracle_lms_cpuq.yaml
@@ -0,0 +1,15 @@
+# ssm_oracle_lms_cpuq.yaml
+---
+schemaVersion: "2.2"
+description: Run the lms_cpuq.sh script.
+mainSteps:
+  - name: OracleLMScpuq
+    action: aws:runShellScript
+    isEnd: true
+    precondition:
+      StringEquals:
+        - platformType
+        - Linux
+    inputs:
+      runCommand:
+        - "bash /mnt/s3-shared/lms_cpuq.sh"
\ No newline at end of file
diff --git a/terraform/environments/ccms-ebs/ccms-iam.tf b/terraform/environments/ccms-ebs/ccms-iam.tf
index a3c08d3e62b..f6aef0762c2 100644
--- a/terraform/environments/ccms-ebs/ccms-iam.tf
+++ b/terraform/environments/ccms-ebs/ccms-iam.tf
@@ -311,3 +311,35 @@ data "aws_iam_policy_document" "email" {
     resources = ["*"]
   }
 }
+
+# S3 shared bucket
+data "aws_iam_policy_document" "ccms_ebs_shared_s3" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:CopyObject",
+      "s3:DeleteObject",
+      "s3:DeleteObjects",
+      "s3:GetObject",
+      "s3:ListObjects",
+      "s3:ListObjectsV2",
+      "s3:ListBucket",
+      "s3:PutObject"
+    ]
+    resources = [
+      aws_s3_bucket.ccms_ebs_shared.arn,
+      "${aws_s3_bucket.ccms_ebs_shared.arn}/*"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "ccms_ebs_shared_s3" {
+  description = "Policy to allow operations in ${aws_s3_bucket.ccms_ebs_shared.id}"
+  name        = "ccms_ebs_shared_s3-${local.environment}"
+  policy      = data.aws_iam_policy_document.ccms_ebs_shared_s3.json
+}
+
+resource "aws_iam_role_policy_attachment" "ccms_ebs_shared_s3" {
+  role       = aws_iam_role.role_stsassume_oracle_base.name
+  policy_arn = aws_iam_policy.ccms_ebs_shared_s3.arn
+}
diff --git a/terraform/environments/ccms-ebs/ccms-s3.tf b/terraform/environments/ccms-ebs/ccms-s3.tf
index fff2c34a842..068692ea2e9 100644
--- a/terraform/environments/ccms-ebs/ccms-s3.tf
+++ b/terraform/environments/ccms-ebs/ccms-s3.tf
@@ -281,4 +281,8 @@ data "aws_iam_policy_document" "dbbackup_s3_policy" {
     ]
     resources = ["${module.s3-bucket-dbbackup.bucket.arn}/*"]
   }
+}
+
+resource "aws_s3_bucket" "ccms_ebs_shared" {
+  bucket = "${local.application_name}-${local.environment}-shared"
 }
\ No newline at end of file
diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-oracle-lms-cpuq.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-oracle-lms-cpuq.yaml
new file mode 100644
index 00000000000..6572f6751a2
--- /dev/null
+++ b/terraform/environments/ccms-ebs/ccms-ssm-document-oracle-lms-cpuq.yaml
@@ -0,0 +1,15 @@
+# ccms-ssm-document-oracle-lms-cpuq.yaml
+---
+schemaVersion: "2.2"
+description: Run the lms_cpuq.sh script.
+mainSteps:
+  - name: OracleLMScpuq
+    action: aws:runShellScript
+    isEnd: true
+    precondition:
+      StringEquals:
+        - platformType
+        - Linux
+    inputs:
+      runCommand:
+        - "bash /mnt/s3-shared/lms_cpuq.sh"
\ No newline at end of file
diff --git a/terraform/environments/ccms-ebs/ccms-ssm-documents.tf b/terraform/environments/ccms-ebs/ccms-ssm-documents.tf
index 81f3f3d5353..8d3d96b2276 100644
--- a/terraform/environments/ccms-ebs/ccms-ssm-documents.tf
+++ b/terraform/environments/ccms-ebs/ccms-ssm-documents.tf
@@ -4,4 +4,12 @@ resource "aws_ssm_document" "service_actions" {
   document_format = "YAML"
 
   content = file("ccms-ssm-document-service-actions.yaml")
+}
+
+resource "aws_ssm_document" "oracle_lms_cpuq" {
+  name            = "Oracle-lms-cpuq"
+  document_type   = "Command"
+  document_format = "YAML"
+
+  content = file("ccms-ssm-document-oracle-lms-cpuq.yaml")
 }
\ No newline at end of file
diff --git a/terraform/environments/laa-oem/oem_iam.tf b/terraform/environments/laa-oem/oem_iam.tf
index e1572bff755..1531c48089b 100644
--- a/terraform/environments/laa-oem/oem_iam.tf
+++ b/terraform/environments/laa-oem/oem_iam.tf
@@ -99,3 +99,34 @@ resource "aws_iam_instance_profile" "iam_instace_profile_oem_base" {
     { Name = lower(format("IamProfile-%s-%s-OEM-Base", local.application_name, local.environment)) }
   )
 }
+
+data "aws_iam_policy_document" "laa_oem_shared_s3" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:CopyObject",
+      "s3:DeleteObject",
+      "s3:DeleteObjects",
+      "s3:GetObject",
+      "s3:ListObjects",
+      "s3:ListObjectsV2",
+      "s3:ListBucket",
+      "s3:PutObject"
+    ]
+    resources = [
+      aws_s3_bucket.laa_oem_shared.arn,
+      "${aws_s3_bucket.laa_oem_shared.arn}/*"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "laa_oem_shared_s3" {
+  description = "Policy to allow operations in ${aws_s3_bucket.laa_oem_shared.id}"
+  name        = "laa_oem_shared_s3-${local.environment}"
+  policy      = data.aws_iam_policy_document.laa_oem_shared_s3.json
+}
+
+resource "aws_iam_role_policy_attachment" "laa_oem_shared_s3" {
+  role       = aws_iam_role.role_stsassume_oem_base.name
+  policy_arn = aws_iam_policy.laa_oem_shared_s3.arn
+}
diff --git a/terraform/environments/laa-oem/oem_s3.tf b/terraform/environments/laa-oem/oem_s3.tf
new file mode 100644
index 00000000000..636794292c2
--- /dev/null
+++ b/terraform/environments/laa-oem/oem_s3.tf
@@ -0,0 +1,3 @@
+resource "aws_s3_bucket" "laa_oem_shared" {
+  bucket = "${local.application_name}-${local.environment}-shared"
+}
\ No newline at end of file
diff --git a/terraform/environments/laa-oem/oem_ssm.tf b/terraform/environments/laa-oem/oem_ssm.tf
new file mode 100644
index 00000000000..9a7ee423b0e
--- /dev/null
+++ b/terraform/environments/laa-oem/oem_ssm.tf
@@ -0,0 +1,7 @@
+resource "aws_ssm_document" "oracle_lms_cpuq" {
+  name            = "Oracle-lms-cpuq"
+  document_type   = "Command"
+  document_format = "YAML"
+
+  content = file("oem_ssm_oracle_lms_cpuq.yaml")
+}
\ No newline at end of file
diff --git a/terraform/environments/laa-oem/oem_ssm_oracle_lms_cpuq.yaml b/terraform/environments/laa-oem/oem_ssm_oracle_lms_cpuq.yaml
new file mode 100644
index 00000000000..e92d589485c
--- /dev/null
+++ b/terraform/environments/laa-oem/oem_ssm_oracle_lms_cpuq.yaml
@@ -0,0 +1,15 @@
+# oem_ssm_oracle_lms_cpuq.yaml
+---
+schemaVersion: "2.2"
+description: Run the lms_cpuq.sh script.
+mainSteps:
+  - name: OracleLMScpuq
+    action: aws:runShellScript
+    isEnd: true
+    precondition:
+      StringEquals:
+        - platformType
+        - Linux
+    inputs:
+      runCommand:
+        - "bash /mnt/s3-shared/lms_cpuq.sh"
\ No newline at end of file