diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f412086..f9abfbc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -55,7 +55,7 @@ tf-apply-public:
     - chmod 600 jamulus.pem
   script:
     - terraform init
-    - terraform apply plan.tfplan
+    - terraform apply plan.tfplan -var="broadcast_enabled=true"
   environment:
     name: Public Jammin
     url: https://ejam.vereto.net
diff --git a/broadcast.tf b/broadcast.tf
index ea711fe..4f1f63b 100644
--- a/broadcast.tf
+++ b/broadcast.tf
@@ -1,21 +1,12 @@
 resource "aws_instance" "broadcast" {
+  count           = var.broadcast_enabled ? 1 : 0
   ami             = "${data.aws_ami.image.id}"
   instance_type   = "t3.medium"
   key_name        = "jamulus"
   security_groups = [aws_security_group.ssh.name, aws_security_group.broadcast.name, aws_security_group.node-exporter.name] # Add your own IP to this group
 
-  provisioner "remote-exec" {
-    inline = ["sudo apt update", "sudo apt install python3 -y", "echo Done!"]
-    connection {
-      type        = "ssh"
-      user        = "ubuntu"
-      host        = self.public_ip
-      private_key = file("${path.module}/jamulus.pem")
-    }
-  }
-
   provisioner "local-exec" {
-    command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${self.public_ip},' --private-key ${"${path.module}/jamulus.pem"} broadcast-install.yml"
+    command = "sleep 30 && ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${self.public_ip},' --private-key ${"${path.module}/jamulus.pem"} broadcast-install.yml"
   }
 
   tags = {
diff --git a/dns.tf b/dns.tf
index 2c6ab08..e3d02aa 100644
--- a/dns.tf
+++ b/dns.tf
@@ -25,5 +25,5 @@ resource "digitalocean_record" "icecast" {
   type   = "A"
   name   = "icecast"
   ttl    = 30
-  value  = "${aws_instance.broadcast.public_ip}"
+  value  = "${aws_instance.broadcast.*.public_ip}"
 }
\ No newline at end of file
diff --git a/jamulus-install.yml b/jamulus-install.yml
index d2b4916..f11309f 100644
--- a/jamulus-install.yml
+++ b/jamulus-install.yml
@@ -1,11 +1,14 @@
 - become: yes
   hosts: all
   name: jamulus-install
+  vars:
+    aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
+    aws_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"  
   tasks:
     - name: Add jam user
       user:
         name: jam
-        
+
     - name: Wait for apt to unlock
       become: yes
       shell:  while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 5; done;
@@ -37,4 +40,6 @@
       systemd:
         state: started
         name: jamulus.service
-    
\ No newline at end of file
+
+    - name: Run cloudwatch notification SETUP COMPLETE
+      script: send-setup-finished.py '{{aws_access_key}}' '{{aws_secret_key}}' eu-west-2 '{{ ec2_id }}'
\ No newline at end of file
diff --git a/main.tf b/main.tf
index ca9d787..a215f8b 100644
--- a/main.tf
+++ b/main.tf
@@ -17,7 +17,7 @@ resource "aws_instance" "jamulus" {
   security_groups = [aws_security_group.ssh.name, aws_security_group.jamulus.name, aws_security_group.node-exporter.name] # Add your own IP to this group
 
   provisioner "local-exec" {
-    command = "sleep 30 && ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${self.public_ip},' --private-key ${"${path.module}/jamulus.pem"} jamulus-install.yml"
+    command = "sleep 30 && ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${self.public_ip},' --private-key ${"${path.module}/jamulus.pem"} jamulus-install.yml --extra-vars 'ec2_id=${self.id}'"
   }
 
   tags = {
@@ -96,5 +96,5 @@ output "jamulus_ip" {
 }
 
 output "broadcast_ip" {
-  value = "${aws_instance.broadcast.public_ip}"
+  value = "${aws_instance.broadcast.*.public_ip}"
 }
diff --git a/send-setup-finished.py b/send-setup-finished.py
new file mode 100644
index 0000000..f687c04
--- /dev/null
+++ b/send-setup-finished.py
@@ -0,0 +1,21 @@
+#!/usr/bin/python3
+
+import boto3
+from datetime import datetime
+import sys
+
+client = boto3.client('events',
+                      aws_access_key_id= sys.argv[1],
+                      aws_secret_access_key=sys.argv[2],
+                      region_name=sys.argv[3])
+                      
+response = client.put_events(
+    Entries=[
+        {
+            "DetailType": "EC2 Instance State-change Notification",
+            "Source": "net.vereto",
+            "Detail": f'{{ "instance-id": "{sys.argv[4]}", "state": "Setup-finished"}}'
+        }
+    ]
+)
+
diff --git a/variables.tf b/variables.tf
index ee1c8be..d64a723 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1 +1,6 @@
-variable "do_token" {}
\ No newline at end of file
+variable "do_token" {}
+
+variable "broadcast_enabled" {
+  type = bool
+  default = false
+}
\ No newline at end of file