diff --git a/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml b/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
index 8868ff67..143a69df 100644
--- a/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
+++ b/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
@@ -59,6 +59,12 @@ jobs:
       - name: Get current date to determine if secrets need to be rotated
         run: echo "TF_VAR_password_change_id=$(date +'%Y-%m')" >> $GITHUB_ENV
 
+      - name: Build Lambda archive
+        if: ${{ steps.filter.outputs.cloud_asset_inventory == 'true' || steps.filter.outputs.common == 'true' }}
+        working-directory: terragrunt/aws/cloud_asset_inventory/src/sentinel_ingestor
+        run: |
+          ./build.sh
+
       - name: Terragrunt plan cloud_asset_inventory
         if: ${{ steps.filter.outputs.cloud_asset_inventory == 'true' || steps.filter.outputs.common == 'true' }}
         uses: cds-snc/terraform-plan@v2
diff --git a/terragrunt/aws/cloud_asset_inventory/lambda.tf b/terragrunt/aws/cloud_asset_inventory/lambda.tf
index 74f3601e..2dc5ca9a 100644
--- a/terragrunt/aws/cloud_asset_inventory/lambda.tf
+++ b/terragrunt/aws/cloud_asset_inventory/lambda.tf
@@ -3,12 +3,8 @@
 #
 data "archive_file" "neo4j_to_sentinel" {
   type        = "zip"
-  source_dir  = "src/sentinel_ingestor/dist"
+  source_dir  = "${path.module}/src/sentinel_ingestor/dist"
   output_path = "/tmp/neo4j_to_sentinel.py.zip"
-
-  depends_on = [
-    null_resource.lambda_build
-  ]
 }
 
 resource "aws_lambda_function" "neo4j_to_sentinel" {
diff --git a/terragrunt/aws/cloud_asset_inventory/state-machines/cartography.json.tmpl b/terragrunt/aws/cloud_asset_inventory/state-machines/cartography.json.tmpl
index f9f6d41d..b26e4c5f 100644
--- a/terragrunt/aws/cloud_asset_inventory/state-machines/cartography.json.tmpl
+++ b/terragrunt/aws/cloud_asset_inventory/state-machines/cartography.json.tmpl
@@ -72,7 +72,7 @@
               "NetworkConfiguration": {
                 "AwsvpcConfiguration": {
                   "SecurityGroups": ["${SECURITY_GROUPS}"],
-                  "Subnets":["${SUBNETS}"]
+                  "Subnets":[${SUBNETS}]
                 }
               }
             },
diff --git a/terragrunt/aws/cloud_asset_inventory/state_machine.tf b/terragrunt/aws/cloud_asset_inventory/state_machine.tf
index d24e5a79..2127b0e2 100644
--- a/terragrunt/aws/cloud_asset_inventory/state_machine.tf
+++ b/terragrunt/aws/cloud_asset_inventory/state_machine.tf
@@ -27,7 +27,7 @@ data "template_file" "asset_inventory_cartography_state_machine" {
     MIN_ECS_CAPACITY         = var.min_ecs_capacity
     MAX_ECS_CAPACITY         = var.max_ecs_capacity
     SECURITY_GROUPS          = aws_security_group.cartography.id
-    SUBNETS                  = join(", ", [for subnet in var.vpc_private_subnet_ids : subnet])
+    SUBNETS                  = join(", ", [for subnet in var.vpc_private_subnet_ids : format("%q", subnet)])
   }
 }