diff --git a/Jenkinsfile b/Jenkinsfile
index be34b4d..11d760d 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -22,7 +22,8 @@ pipeline {
     TF_VAR_public_subnets  = '10.0.1.0/24,10.0.2.0/24'
     TF_VAR_instance_type   = 't2.micro'
     TF_VAR_key_pair_name   = 'nvhi-atsila-deployer'
-    TF_VAR_jenkins_ip_cidr = "${JENKINS_SSH_CIDR}"
+    // ensure we pass a valid CIDR (/32)
+    TF_VAR_jenkins_ip_cidr = "${JENKINS_SSH_CIDR}/32"
 
     IMAGE_NAME             = "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPO}"
     IMAGE_TAG              = "v1.0.${BUILD_NUMBER}"
@@ -30,9 +31,7 @@ pipeline {
 
   stages {
     stage('Checkout') {
-      steps {
-        checkout scm
-      }
+      steps { checkout scm }
     }
 
     stage('SonarQube Scan') {
@@ -82,44 +81,29 @@ pipeline {
           sh '''
             set -e
 
-            # 1) Ensure S3 bucket exists
+            # Ensure S3 bucket exists
             if ! aws s3api head-bucket --bucket $TF_BACKEND_BUCKET 2>/dev/null; then
-              echo "Creating S3 bucket $TF_BACKEND_BUCKET..."
-              aws s3api create-bucket \
-                --bucket $TF_BACKEND_BUCKET \
-                --region $AWS_REGION \
+              aws s3api create-bucket --bucket $TF_BACKEND_BUCKET --region $AWS_REGION \
                 --create-bucket-configuration LocationConstraint=$AWS_REGION
-
-              echo "Enabling encryption & versioning..."
               aws s3api put-bucket-encryption \
                 --bucket $TF_BACKEND_BUCKET \
                 --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'
-
               aws s3api put-bucket-versioning \
                 --bucket $TF_BACKEND_BUCKET \
                 --versioning-configuration Status=Enabled
-            else
-              echo "S3 bucket $TF_BACKEND_BUCKET already exists."
             fi
 
-            # 2) Ensure DynamoDB table exists
+            # Ensure DynamoDB table exists and is ready
             if ! aws dynamodb describe-table --table-name $TF_DDB_TABLE 2>/dev/null; then
-              echo "Creating DynamoDB table $TF_DDB_TABLE..."
               aws dynamodb create-table \
                 --table-name $TF_DDB_TABLE \
                 --attribute-definitions AttributeName=LockID,AttributeType=S \
                 --key-schema AttributeName=LockID,KeyType=HASH \
                 --billing-mode PAY_PER_REQUEST
-
-              echo "Waiting for DynamoDB table to become ACTIVE..."
               aws dynamodb wait table-exists --table-name $TF_DDB_TABLE
-
-              echo "Enabling point‑in‑time recovery..."
               aws dynamodb update-continuous-backups \
                 --table-name $TF_DDB_TABLE \
                 --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
-            else
-              echo "DynamoDB table $TF_DDB_TABLE already exists."
             fi
           '''
         }