diff --git a/.github/workflows/deploy-backend.yml b/.github/workflows/deploy-backend.yml
index 6e6fbd027..278ed1b35 100644
--- a/.github/workflows/deploy-backend.yml
+++ b/.github/workflows/deploy-backend.yml
@@ -78,7 +78,13 @@ jobs:
 
       - name: Terraform Plan
         working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
-        run: make plan apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
+        run: make plan-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
+
+      - name: Save Terraform Plan
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: tfplan
+          path: ${{ vars.TERRAFORM_DIR_PATH }}/tfplan
 
   terraform-apply:
     needs: terraform-plan
@@ -106,6 +112,12 @@ jobs:
         with:
           terraform_version: "1.12.2"
 
+      - name: Retrieve Terraform Plan
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
+        with:
+          name: tfplan
+          path: ${{ vars.TERRAFORM_DIR_PATH }}
+
       - name: Terraform Init
         working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
         run: make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
@@ -113,7 +125,7 @@ jobs:
       - name: Terraform Apply
         working-directory: ${{ vars.TERRAFORM_DIR_PATH }}
         run: |
-          make apply apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
+          make apply-ci apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT
           echo "ID_SYNC_QUEUE_ARN=$(make -s output name=id_sync_queue_arn)" >> $GITHUB_ENV
 
       - name: Install poetry
diff --git a/terraform/Makefile b/terraform/Makefile
index b997c2471..4483f9f9d 100644
--- a/terraform/Makefile
+++ b/terraform/Makefile
@@ -32,11 +32,18 @@ init-reconfigure:
 plan: workspace
 	 $(tf_cmd) plan $(tf_vars)
 
+plan-ci: workspace
+	 $(tf_cmd) plan $(tf_vars) -out=tfplan -input=false
+
 plan-changes: workspace
 	 $(tf_cmd) plan $(tf_vars) -out=plan && $(tf_cmd) show -no-color -json plan | jq -r '.resource_changes[] | select(.change.actions[0]=="update" or .change.actions[0]=="create" or .change.actions[0]=="add") | .address'
 
+# TODO - remove --auto-approve once we've switched to the new deployment pipeline in GitHub Actions
 apply: workspace
-	$(tf_cmd) apply $(tf_vars) -auto-approve
+	$(tf_cmd) apply $(tf_vars) --auto-approve
+
+apply-ci: workspace
+	$(tf_cmd) apply $(tf_vars) -input=false tfplan
 
 clean:
 	rm -rf build .terraform upload-key