diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf
index 38b0e967..75ec2c6c 100644
--- a/tf/environments/dev/main.tf
+++ b/tf/environments/dev/main.tf
@@ -256,6 +256,8 @@ module "ooni_backendproxy" {
   key_name      = module.adm_iam_roles.oonidevops_key_name
   instance_type = "t2.micro"
 
+  backend_url = "https://backend-hel.ooni.org/"
+
   tags = merge(
     local.tags,
     { Name = "ooni-tier0-backendproxy" }
diff --git a/tf/modules/network/main.tf b/tf/modules/network/main.tf
index 4e60e031..8ead91cb 100644
--- a/tf/modules/network/main.tf
+++ b/tf/modules/network/main.tf
@@ -167,6 +167,8 @@ resource "aws_subnet" "cloudhsm" {
 }
 
 resource "aws_route_table" "cloudhsm" {
+  count = var.enable_codesign_network ? 1 : 0
+
   vpc_id = aws_vpc.main.id
 
   route {
@@ -182,5 +184,5 @@ resource "aws_route_table" "cloudhsm" {
 resource "aws_route_table_association" "cloudhsm" {
   count          = var.enable_codesign_network ? 1 : 0
   subnet_id      = element(aws_subnet.cloudhsm[*].id, count.index)
-  route_table_id = aws_route_table.cloudhsm.id
+  route_table_id = aws_route_table.cloudhsm[count.index].id
 }
diff --git a/tf/modules/ooni_backendproxy/main.tf b/tf/modules/ooni_backendproxy/main.tf
index a36e911a..27ade3ad 100644
--- a/tf/modules/ooni_backendproxy/main.tf
+++ b/tf/modules/ooni_backendproxy/main.tf
@@ -47,7 +47,9 @@ resource "aws_launch_template" "ooni_backendproxy" {
   instance_type = var.instance_type
   key_name      = var.key_name
 
-  user_data = filebase64("${path.module}/templates/setup-backend-proxy.sh")
+  user_data = base64encode(templatefile("${path.module}/templates/setup-backend-proxy.sh", {
+    backend_url = var.backend_url
+  }))
 
   lifecycle {
     create_before_destroy = true
diff --git a/tf/modules/ooni_backendproxy/templates/setup-backend-proxy.sh b/tf/modules/ooni_backendproxy/templates/setup-backend-proxy.sh
index 5a6ddd09..d3f2e23e 100644
--- a/tf/modules/ooni_backendproxy/templates/setup-backend-proxy.sh
+++ b/tf/modules/ooni_backendproxy/templates/setup-backend-proxy.sh
@@ -12,7 +12,7 @@ server {
     server_name _;
 
     location / {
-        proxy_pass https://backend-fsn.ooni.org/;
+        proxy_pass ${backend_url};
         proxy_http_version 1.1;
         proxy_set_header Host \$host;
     }
diff --git a/tf/modules/ooni_backendproxy/variables.tf b/tf/modules/ooni_backendproxy/variables.tf
index e5a3e6dd..181337e6 100644
--- a/tf/modules/ooni_backendproxy/variables.tf
+++ b/tf/modules/ooni_backendproxy/variables.tf
@@ -24,3 +24,8 @@ variable "name" {
 variable "instance_type" {
   default = "t2.micro"
 }
+
+variable "backend_url" {
+  type = string
+  default = "https://backend-fsn.ooni.org/"
+}
\ No newline at end of file