diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf
index a2d151c..24e8e18 100644
--- a/aws/ec2-instances/amis.tf
+++ b/aws/ec2-instances/amis.tf
@@ -317,7 +317,7 @@ data "aws_ami" "debian11" {
 
   filter {
     name   = "name"
-    values = ["debian-11-amd64-2023*"]
+    values = ["debian-11-amd64-*"]
   }
 
   filter {
@@ -349,7 +349,7 @@ data "aws_ami" "debian12" {
 
   filter {
     name   = "name"
-    values = ["debian-12-amd64-2023*"]
+    values = ["debian-12-amd64-*"]
   }
 
   filter {
@@ -376,6 +376,39 @@ data "aws_ami" "debian12_cis" {
   owners = ["679593333241"]
 }
 
+data "aws_ami" "debian13" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["debian-13-amd64-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["136693071363"]
+}
+
+// CIS Debian 13 - uncomment when CIS image is available
+// data "aws_ami" "debian13_cis" {
+//   most_recent = true
+//
+//   filter {
+//     name   = "name"
+//     values = ["CIS Debian Linux 13*"]
+//   }
+//
+//   filter {
+//     name   = "virtualization-type"
+//     values = ["hvm"]
+//   }
+//
+//   owners = ["679593333241"]
+// }
+
 data "aws_ami" "suse15" {
   most_recent = true
 
diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf
index 862d4ce..b8e0e4d 100644
--- a/aws/ec2-instances/main.tf
+++ b/aws/ec2-instances/main.tf
@@ -333,7 +333,68 @@ module "debian12_cis_cnspec" {
   user_data_replace_on_change = true
 }
 
+// Debian 13
 
+module "debian13" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  version = "~> 5.7.1"
+
+  create                      = var.create_debian13
+  name                        = "${var.prefix}-debian13-${random_id.instance_id.id}"
+  ami                         = data.aws_ami.debian13.id
+  instance_type               = var.linux_instance_type
+  vpc_security_group_ids      = [module.linux_sg.security_group_id]
+  subnet_id                   = module.vpc.public_subnets[0]
+  key_name                    = var.aws_key_pair_name
+  associate_public_ip_address = true
+}
+
+module "debian13_cnspec" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  version = "~> 5.7.1"
+
+  create                      = var.create_debian13_cnspec
+  name                        = "${var.prefix}-debian13-${random_id.instance_id.id}"
+  ami                         = data.aws_ami.debian13.id
+  instance_type               = var.linux_instance_type
+  vpc_security_group_ids      = [module.linux_sg.security_group_id]
+  subnet_id                   = module.vpc.public_subnets[0]
+  key_name                    = var.aws_key_pair_name
+  associate_public_ip_address = true
+  user_data                   = base64encode(local.linux_user_data)
+  user_data_replace_on_change = true
+}
+
+// CIS Debian 13 - uncomment when CIS image is available
+// module "debian13_cis" {
+//   source  = "terraform-aws-modules/ec2-instance/aws"
+//   version = "~> 5.7.1"
+//
+//   create                      = var.create_debian13_cis
+//   name                        = "${var.prefix}-debian13-cis-${random_id.instance_id.id}"
+//   ami                         = data.aws_ami.debian13_cis.id
+//   instance_type               = var.linux_instance_type
+//   vpc_security_group_ids      = [module.linux_sg.security_group_id]
+//   subnet_id                   = module.vpc.public_subnets[0]
+//   key_name                    = var.aws_key_pair_name
+//   associate_public_ip_address = true
+// }
+
+// module "debian13_cis_cnspec" {
+//   source  = "terraform-aws-modules/ec2-instance/aws"
+//   version = "~> 5.7.1"
+//
+//   create                      = var.create_debian13_cis_cnspec
+//   name                        = "${var.prefix}-debian13-cis-cnspec-${random_id.instance_id.id}"
+//   ami                         = data.aws_ami.debian13_cis.id
+//   instance_type               = var.linux_instance_type
+//   vpc_security_group_ids      = [module.linux_sg.security_group_id]
+//   subnet_id                   = module.vpc.public_subnets[0]
+//   key_name                    = var.aws_key_pair_name
+//   associate_public_ip_address = true
+//   user_data                   = base64encode(local.linux_user_data)
+//   user_data_replace_on_change = true
+// }
 
 // Oracle 7
 
@@ -1508,7 +1569,7 @@ module "private_ami" {
 
   create                      = var.create_private_ami
   name                        = "${var.prefix}-${var.private_ami_name}-${random_id.instance_id.id}"
-  ami                         = data.aws_ami.private_ami.id
+  ami                         = one(data.aws_ami.private_ami[*].id)
   instance_type               = var.private_ami_instance_type
   vpc_security_group_ids      = [module.linux_sg.security_group_id]
   subnet_id                   = module.vpc.public_subnets[0]
@@ -1522,7 +1583,7 @@ module "private_ami_cnspec" {
 
   create                      = var.create_private_ami_cnspec
   name                        = "${var.prefix}-${var.private_ami_name}-cnspec-${random_id.instance_id.id}"
-  ami                         = data.aws_ami.private_ami.id
+  ami                         = one(data.aws_ami.private_ami[*].id)
   instance_type               = var.private_ami_instance_type
   vpc_security_group_ids      = [module.linux_sg.security_group_id]
   subnet_id                   = module.vpc.public_subnets[0]
diff --git a/aws/ec2-instances/outputs.tf b/aws/ec2-instances/outputs.tf
index 70a9cac..a052a22 100644
--- a/aws/ec2-instances/outputs.tf
+++ b/aws/ec2-instances/outputs.tf
@@ -176,6 +176,24 @@ output "debian12_cis_cnspec" {
   value = module.debian12_cis_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} admin@${module.debian12_cis_cnspec.public_ip}"
 }
 
+# debian13
+output "debian13" {
+  value = module.debian13.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} admin@${module.debian13.public_ip}"
+}
+
+output "debian13_cnspec" {
+  value = module.debian13_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} admin@${module.debian13_cnspec.public_ip}"
+}
+
+// CIS Debian 13 - uncomment when CIS image is available
+// output "debian13_cis" {
+//   value = module.debian13_cis.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} admin@${module.debian13_cis.public_ip}"
+// }
+
+// output "debian13_cis_cnspec" {
+//   value = module.debian13_cis_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} admin@${module.debian13_cis_cnspec.public_ip}"
+// }
+
 # suse15
 output "suse15" {
   value = module.suse15.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.suse15.public_ip}"
diff --git a/aws/ec2-instances/variables.tf b/aws/ec2-instances/variables.tf
index 639409d..e9f0c7c 100644
--- a/aws/ec2-instances/variables.tf
+++ b/aws/ec2-instances/variables.tf
@@ -236,6 +236,23 @@ variable "create_debian12_cis_cnspec" {
   default = false
 }
 
+variable "create_debian13" {
+  default = false
+}
+
+variable "create_debian13_cnspec" {
+  default = false
+}
+
+// CIS Debian 13 - uncomment when CIS image is available
+// variable "create_debian13_cis" {
+//   default = false
+// }
+
+// variable "create_debian13_cis_cnspec" {
+//   default = false
+// }
+
 variable "create_suse15" {
   default = false
 }