diff --git a/templates/.ci_cd/.templates/.github/workflows/cd.yaml b/templates/.ci_cd/.templates/.github/workflows/cd.yaml
index ee137aa8..bfa551c0 100644
--- a/templates/.ci_cd/.templates/.github/workflows/cd.yaml
+++ b/templates/.ci_cd/.templates/.github/workflows/cd.yaml
@@ -5,7 +5,6 @@ on:
     inputs:
       terraform_action:
         description: 'Terraform Action to perform'
-        required: true
         default: 'apply'
         type: string
 
diff --git a/templates/.ci_cd/.templates/.github/workflows/ci.yaml b/templates/.ci_cd/.templates/.github/workflows/ci.yaml
index c4b3f355..098929a5 100644
--- a/templates/.ci_cd/.templates/.github/workflows/ci.yaml
+++ b/templates/.ci_cd/.templates/.github/workflows/ci.yaml
@@ -30,7 +30,11 @@ jobs:
     concurrency: ${environment_name_plan}
     environment: ${environment_name_plan}
     permissions:
-      id-token: write #NOTE: When modifying the token subject claims, if this permission is not granted inside the scope of a job with an environment, then the action will fail with an unspecified internal error.
+      # NOTE: When modifying the token subject claims and adding `environment`.
+      # If the `id-token` permission is granted at the workflow level
+      # and the workflow has at least one job that does not specify an environemnt
+      # then the action will fail with an internal error.
+      id-token: write
       contents: read
       pull-requests: write
     env:
diff --git a/templates/complete/config.yaml b/templates/complete/config.yaml
index e6ad107a..9b76bbfb 100644
--- a/templates/complete/config.yaml
+++ b/templates/complete/config.yaml
@@ -1,4 +1,5 @@
-archetypes: # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary.
+---
+archetypes:  # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary.
   root_name: es
   root_id: Enterprise-Scale
   deploy_corp_landing_zones: true
@@ -24,7 +25,7 @@ archetypes: # `caf-enterprise-scale` module, add inputs as listed on the module
           management:
             name: aa-management
 connectivity:
-  hubnetworking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
+  hubnetworking:  # `hubnetworking` module, add inputs as listed on the module registry where necessary.
     hub_virtual_networks:
       primary:
         name: vnet-hub
@@ -37,7 +38,7 @@ connectivity:
           sku_name: AZFW_VNet
           sku_tier: Standard
           subnet_address_prefix: 10.0.1.0/24
-        virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
+        virtual_network_gateway:  # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
           name: vgw-hub
           sku: VpnGw1
           type: Vpn