diff --git a/aws/docker-pull.sh b/aws/docker-pull.sh
index 7e6da69e..ff39434a 100755
--- a/aws/docker-pull.sh
+++ b/aws/docker-pull.sh
@@ -9,7 +9,6 @@ IMAGES=(
   mozilla/fxa-auth-server
   mozilla/fxa-content-server
   mozilla/fxa-customs-server
-  mozilla/fxa-oauth-server
   mozilla/syncserver
   mozilla/fxa-profile-server
   mozilla/pushbox
diff --git a/aws/environments/aet.yml b/aws/environments/aet.yml
new file mode 100644
index 00000000..ea1b826f
--- /dev/null
+++ b/aws/environments/aet.yml
@@ -0,0 +1,11 @@
+---
+region: us-west-2
+subdomain: aet.dev
+hosted_zone: lcip.org
+ssl_certificate_arn: arn:aws:acm:us-west-2:927034868273:certificate/74e4edea-7418-40d5-9f6f-3a76fdf44341
+
+owner: "rfkelly@mozilla.com"
+reaper_spare_me: "true"
+
+auth_docker_tag: dockerpush.aet
+fxadev_git_version: aet-dev-environment
diff --git a/roles/content/tasks/main.yml b/roles/content/tasks/main.yml
index 1c574994..7592e54a 100644
--- a/roles/content/tasks/main.yml
+++ b/roles/content/tasks/main.yml
@@ -55,6 +55,7 @@
       ANSIBLE_RESTART_FIVE: 'true'
       SCOPED_KEYS_VALIDATION: "{{ content_scoped_keys_validation }}"
       ALLOWED_METRICS_FLOW_ORIGINS: "null,http://localhost:8001,http://localhost:8000,http://localhost:8000,https://www.mozilla.org,https://www.allizom.org,https://www-demo5.allizom.org,https://www-demo4.allizom.org,https://www-demo3.allizom.org,https://www-dev.allizom.org,https://fx-breach-alerts.herokuapp.com,https://monitor-v2.herokuapp.com"
+      ECOSYSTEM_ANON_ID_KEYS_FILE: "/tmp/ecosystem_keys.json"
   register: container
 
 - debug: var=container
diff --git a/roles/oauth/templates/config.json.j2 b/roles/oauth/templates/config.json.j2
index 5f848ce5..a7418c6b 100644
--- a/roles/oauth/templates/config.json.j2
+++ b/roles/oauth/templates/config.json.j2
@@ -188,7 +188,9 @@
       "imageUri": "{{ oauth_public_url }}/img/logo@2x.png",
       "redirectUri": "urn:ietf:wg:oauth:2.0:oob",
       "trusted": true,
-      "canGrant": true
+      "publicClient": true,
+      "canGrant": true,
+      "allowedScopes": "https://identity.mozilla.com/apps/oldsync https://identity.mozilla.com/tokens/session"
     },
     {
       "id": "3332a18d142636cb",