diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf
index 615f92670..5f3f8525e 100644
--- a/terraform/demo/main.tf
+++ b/terraform/demo/main.tf
@@ -1,38 +1,46 @@
 locals {
-  cf_org_name      = "gsa-tts-benefits-studio"
-  cf_space_name    = "notify-demo"
-  env              = "demo"
-  app_name         = "notify-api"
-  recursive_delete = false
+  cf_org_name              = "gsa-tts-benefits-studio"
+  cf_space_name            = "notify-demo"
+  env                      = "demo"
+  app_name                 = "notify-api"
+  delete_recursive_allowed = false
+}
+
+data "cloudfoundry_space" "demo" {
+  org_name = local.cf_org_name
+  name     = local.cf_space_name
+}
+
+resource "cloudfoundry_space" "notify-demo" {
+  delete_recursive_allowed = local.delete_recursive_allowed
+  name                     = local.cf_space_name
+  org                      = data.cloudfoundry_org.org.id
 }
 
 module "database" {
   source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-rds-${local.env}"
-  recursive_delete = local.recursive_delete
-  rds_plan_name    = "micro-psql"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-rds-${local.env}"
+  rds_plan_name = "micro-psql"
 }
 
 module "redis" {
   source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-redis-${local.env}"
-  recursive_delete = local.recursive_delete
-  redis_plan_name  = "redis-dev"
+  cf_org_name     = local.cf_org_name
+  cf_space_name   = local.cf_space_name
+  name            = "${local.app_name}-redis-${local.env}"
+  redis_plan_name = "redis-dev"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  recursive_delete = local.recursive_delete
-  name             = "${local.app_name}-csv-upload-bucket-${local.env}"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
 module "egress-space" {
@@ -40,6 +48,7 @@ module "egress-space" {
 
   cf_org_name              = local.cf_org_name
   cf_restricted_space_name = local.cf_space_name
+  delete_recursive_allowed = local.delete_recursive_allowed
   deployers = [
     var.cf_user,
     "steven.reilly@gsa.gov"
@@ -49,22 +58,22 @@ module "egress-space" {
 module "ses_email" {
   source = "../shared/ses"
 
-  cf_org_name         = local.cf_org_name
-  cf_space_name       = local.cf_space_name
-  name                = "${local.app_name}-ses-${local.env}"
-  recursive_delete    = local.recursive_delete
-  aws_region          = "us-west-2"
-  email_domain        = "notify.sandbox.10x.gsa.gov"
-  email_receipt_error = "notify-support@gsa.gov"
+  cf_org_name              = local.cf_org_name
+  cf_space_name            = local.cf_space_name
+  name                     = "${local.app_name}-ses-${local.env}"
+  aws_region               = "us-west-2"
+  email_domain             = "notify.sandbox.10x.gsa.gov"
+  email_receipt_error      = "notify-support@gsa.gov"
+  delete_recursive_allowed = local.delete_recursive_allowed
 }
 
 module "sns_sms" {
   source = "../shared/sns"
 
-  cf_org_name         = local.cf_org_name
-  cf_space_name       = local.cf_space_name
-  name                = "${local.app_name}-sns-${local.env}"
-  recursive_delete    = local.recursive_delete
-  aws_region          = "us-east-1"
-  monthly_spend_limit = 25
+  cf_org_name              = local.cf_org_name
+  cf_space_name            = local.cf_space_name
+  name                     = "${local.app_name}-sns-${local.env}"
+  aws_region               = "us-east-1"
+  monthly_spend_limit      = 25
+  delete_recursive_allowed = local.delete_recursive_allowed
 }
diff --git a/terraform/demo/providers.tf b/terraform/demo/providers.tf
index f13333d3e..34ba30a62 100644
--- a/terraform/demo/providers.tf
+++ b/terraform/demo/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.0"
+      version = "0.53.1"
     }
   }
 
diff --git a/terraform/production/main.tf b/terraform/production/main.tf
index 5a2c520b1..c4ca005f5 100644
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -1,38 +1,46 @@
 locals {
-  cf_org_name      = "gsa-tts-benefits-studio"
-  cf_space_name    = "notify-production"
-  env              = "production"
-  app_name         = "notify-api"
-  recursive_delete = false
+  cf_org_name              = "gsa-tts-benefits-studio"
+  cf_space_name            = "notify-production"
+  env                      = "production"
+  app_name                 = "notify-api"
+  delete_recursive_allowed = false
+}
+
+data "cloudfoundry_space" "production" {
+  org_name = local.cf_org_name
+  name     = local.cf_space_name
+}
+
+resource "cloudfoundry_space" "notify-production" {
+  delete_recursive_allowed = local.delete_recursive_allowed
+  name                     = local.cf_space_name
+  org                      = data.cloudfoundry_org.org.id
 }
 
 module "database" {
   source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-rds-${local.env}"
-  recursive_delete = local.recursive_delete
-  rds_plan_name    = "small-psql-redundant"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-rds-${local.env}"
+  rds_plan_name = "small-psql-redundant"
 }
 
 module "redis" {
   source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-redis-${local.env}"
-  recursive_delete = local.recursive_delete
-  redis_plan_name  = "redis-3node-large"
+  cf_org_name     = local.cf_org_name
+  cf_space_name   = local.cf_space_name
+  name            = "${local.app_name}-redis-${local.env}"
+  redis_plan_name = "redis-3node-large"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  recursive_delete = local.recursive_delete
-  name             = "${local.app_name}-csv-upload-bucket-${local.env}"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
 module "egress-space" {
@@ -40,6 +48,7 @@ module "egress-space" {
 
   cf_org_name              = local.cf_org_name
   cf_restricted_space_name = local.cf_space_name
+  delete_recursive_allowed = local.delete_recursive_allowed
   deployers = [
     var.cf_user
   ]
@@ -48,25 +57,25 @@ module "egress-space" {
 module "ses_email" {
   source = "../shared/ses"
 
-  cf_org_name         = local.cf_org_name
-  cf_space_name       = local.cf_space_name
-  name                = "${local.app_name}-ses-${local.env}"
-  recursive_delete    = local.recursive_delete
-  aws_region          = "us-gov-west-1"
-  email_domain        = "notify.gov"
-  mail_from_subdomain = "mail"
-  email_receipt_error = "notify-support@gsa.gov"
+  cf_org_name              = local.cf_org_name
+  cf_space_name            = local.cf_space_name
+  name                     = "${local.app_name}-ses-${local.env}"
+  aws_region               = "us-gov-west-1"
+  email_domain             = "notify.gov"
+  mail_from_subdomain      = "mail"
+  email_receipt_error      = "notify-support@gsa.gov"
+  delete_recursive_allowed = local.delete_recursive_allowed
 }
 
 module "sns_sms" {
   source = "../shared/sns"
 
-  cf_org_name         = local.cf_org_name
-  cf_space_name       = local.cf_space_name
-  name                = "${local.app_name}-sns-${local.env}"
-  recursive_delete    = local.recursive_delete
-  aws_region          = "us-gov-west-1"
-  monthly_spend_limit = 1000
+  cf_org_name              = local.cf_org_name
+  cf_space_name            = local.cf_space_name
+  name                     = "${local.app_name}-sns-${local.env}"
+  aws_region               = "us-gov-west-1"
+  monthly_spend_limit      = 1000
+  delete_recursive_allowed = local.delete_recursive_allowed
 }
 
 ###########################################################################
diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf
index 499759f48..b5c45f63e 100644
--- a/terraform/production/providers.tf
+++ b/terraform/production/providers.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.0"
+      version = "0.53.1"
     }
   }
 
diff --git a/terraform/shared/egress_space/main.tf b/terraform/shared/egress_space/main.tf
index 5d4b53354..066f0ba58 100644
--- a/terraform/shared/egress_space/main.tf
+++ b/terraform/shared/egress_space/main.tf
@@ -11,7 +11,7 @@ data "cloudfoundry_org" "org" {
 ###
 
 resource "cloudfoundry_space" "public_egress" {
-  delete_recursive_allowed = false
+  delete_recursive_allowed = var.delete_recursive_allowed
   name                     = "${var.cf_restricted_space_name}-egress"
   org                      = data.cloudfoundry_org.org.id
 }
diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf
index 4c1bb54b9..1bee9a74a 100644
--- a/terraform/shared/ses/main.tf
+++ b/terraform/shared/ses/main.tf
@@ -7,6 +7,15 @@ data "cloudfoundry_space" "space" {
   name     = var.cf_space_name
 }
 
+###
+# SES Space
+###
+resource "cloudfoundry_space" "cf_ses_service_space" {
+  delete_recursive_allowed = var.delete_recursive_allowed
+  name                     = data.cloudfoundry_space.space.name
+  org                      = data.cloudfoundry_org.org.id
+}
+
 ###
 # SES instance
 ###
diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf
index a92261656..35e8cad8c 100644
--- a/terraform/shared/ses/variables.tf
+++ b/terraform/shared/ses/variables.tf
@@ -34,3 +34,9 @@ variable "mail_from_subdomain" {
   description = "Subdomain of email_domain to set as the mail-from header"
   default     = ""
 }
+
+variable "delete_recursive_allowed" {
+  type        = bool
+  default     = true
+  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
+}
diff --git a/terraform/shared/sns/main.tf b/terraform/shared/sns/main.tf
index aa0079f92..2df89907d 100644
--- a/terraform/shared/sns/main.tf
+++ b/terraform/shared/sns/main.tf
@@ -7,6 +7,15 @@ data "cloudfoundry_space" "space" {
   name     = var.cf_space_name
 }
 
+###
+# SNS Space
+###
+resource "cloudfoundry_space" "cf_sns_service_space" {
+  delete_recursive_allowed = var.delete_recursive_allowed
+  name                     = data.cloudfoundry_space.space.name
+  org                      = data.cloudfoundry_org.org.id
+}
+
 ###
 # SES instance
 ###
diff --git a/terraform/shared/sns/variables.tf b/terraform/shared/sns/variables.tf
index acf7c5010..801e41504 100644
--- a/terraform/shared/sns/variables.tf
+++ b/terraform/shared/sns/variables.tf
@@ -22,3 +22,9 @@ variable "monthly_spend_limit" {
   type        = number
   description = "SMS budget limit in USD. Support request must be made before raising above 1"
 }
+
+variable "delete_recursive_allowed" {
+  type        = bool
+  default     = true
+  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
+}