diff --git a/roles/api_call/README.md b/roles/api_call/README.md
new file mode 100644
index 00000000..83d1ab28
--- /dev/null
+++ b/roles/api_call/README.md
@@ -0,0 +1,9 @@
+# API call
+
+Making RESTful API calls to other platforms.
+
+<!--TOC-->
+<!--ENDTOC-->
+
+<!--ROLEVARS-->
+<!--ENDROLEVARS-->
diff --git a/roles/api_call/defaults/main.yml b/roles/api_call/defaults/main.yml
new file mode 100644
index 00000000..091342e8
--- /dev/null
+++ b/roles/api_call/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+api_call:
+  type: gitlab
+  base_url: https://gitlab.example.com/api/v4/
+  path: projects # see documentation - https://docs.gitlab.com/ee/api/
+  method: GET
+  token: "" # empty means anonymous action
+  token_type: trigger # options are 'trigger' or 'personal'
+  variables: []
+  status_codes:
+    - 200
+    - 201
+    - 202
\ No newline at end of file
diff --git a/roles/api_call/tasks/main.yml b/roles/api_call/tasks/main.yml
new file mode 100644
index 00000000..c837df2d
--- /dev/null
+++ b/roles/api_call/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: Ensure variables are empty.
+  ansible.builtin.set_fact:
+    _api_call_variables: ""
+    _api_call_url: ""
+
+- name: Build HTML escaped variable string.
+  ansible.builtin.set_fact:
+    _api_call_variables: "{{ _api_call_variables + ('' if ansible_loop.first else '&') + 'variables' + item }}"
+  with_items: "{{ api_call.variables }}"
+  loop_control:
+    extended: true
+  when: api_call.variables | length > 0
+
+- name: Build anonymous API call URL.
+  ansible.builtin.set_fact:
+    _api_call_url: "{{ api_call.base_url }}{{ api_call.path }}?{{ _api_call_variables }}"
+  when: api_call.token | length == 0
+
+- name: Build token authenticated API call URL.
+  ansible.builtin.set_fact:
+    _api_call_url: "{{ api_call.base_url }}{{ api_call.path }}?{% if api_call.token_type == 'trigger' %}token={% else %}private_token={% endif %}{{ api_call.token }}&{{ _api_call_variables }}"
+  when: api_call.token | length > 0
+
+- name: Display URL to call.
+  ansible.builtin.debug:
+    msg: "{{ _api_call_url }}"
+
+- name: Make API call.
+  ansible.builtin.uri:
+    url: "{{ _api_call_url }}"
+    method: "{{ api_call.method }}"
+    return_content: true
+    status_code: "{{ api_call.status_codes }}"
+  register: _api_call_return
diff --git a/roles/deploy_code/defaults/main.yml b/roles/deploy_code/defaults/main.yml
index 19e45eee..d616bf08 100644
--- a/roles/deploy_code/defaults/main.yml
+++ b/roles/deploy_code/defaults/main.yml
@@ -21,3 +21,24 @@ deploy_code:
   # Path that you want to make sure has 755 permissions. Make sure to include the webroot WITHOUT the slash.
   perms_fix_path: ""
   # perms_fix_path: "www/sites/default"
+  # Trigger an API call to rebuild infra after a deploy, e.g. if you need to repack an AMI.
+  rebuild_infra: false
+  # Details of API call to trigger. See api_call role.
+  api_call:
+    type: gitlab
+    base_url: https://gitlab.example.com/api/v4/
+    path: projects/1/ref/main/trigger/pipeline
+    method: POST
+    token: asdf-1234
+    token_type: trigger
+    variables: []
+    # example build parameters
+    #  - "[ENV]=dev"
+    #  - "[PLAY]=myserver.yml"
+    #  - "[RESOURCE]=myserver-example-com"
+    #  - "[REGION]=eu-west-1"
+    #  - "[EXTRA_PARAMS]=--force"
+    status_codes:
+      - 200
+      - 201
+      - 202
diff --git a/roles/deploy_code/tasks/cleanup.yml b/roles/deploy_code/tasks/cleanup.yml
index dc72c752..4e648d25 100644
--- a/roles/deploy_code/tasks/cleanup.yml
+++ b/roles/deploy_code/tasks/cleanup.yml
@@ -1,13 +1,13 @@
 ---
 - name: Ensure codebase is writable.
-  shell:
+  ansible.builtin.shell:
     cmd: "if [ -d {{ deploy_path_prefix }}{{ item }} ]; then chmod -R 777 {{ deploy_path_prefix }}{{ item }}; fi"
   with_sequence: start={{ [previous_build_number | int - 50, 0] | max }}  end={{ [previous_build_number | int - deploy_code.keep, 0] | max }}
   become: true
   when: "www_user != deploy_user"
 
 - name: Ensure permissions are set on directory.
-  shell:
+  ansible.builtin.shell:
     cmd: "if [ -d {{ deploy_path_prefix }}{{ item }}/{{ deploy_code.perms_fix_path }} ]; then chmod 755 {{ deploy_path_prefix }}{{ item }}/{{ deploy_code.perms_fix_path }}; fi"
   with_sequence: start={{ [previous_build_number | int - 50, 0] | max }}  end={{ [previous_build_number | int - deploy_code.keep, 0] | max }}
   when:
@@ -15,13 +15,13 @@
     - deploy_code.perms_fix_path | length > 1
 
 - name: Delete codebases.
-  file:
+  ansible.builtin.file:
     name: "{{ deploy_path_prefix }}{{ item }}"
     state: absent
   with_sequence: start={{ [previous_build_number | int - 50, 0] | max }}  end={{ [previous_build_number | int - deploy_code.keep, 0] | max }}
 
 - name: Create a tarball of the deployed codebases.
-  command:
+  ansible.builtin.command:
     cmd: "tar -cvf /tmp/{{ project_name }}_{{ build_type }}.tar {{ deploy_base_path }}"
   when:
     - deploy_code.mount_sync is defined
@@ -29,7 +29,7 @@
   run_once: true
 
 - name: Create destination folder.
-  file:
+  ansible.builtin.file:
     path: "{{ deploy_code.mount_sync }}"
     state: directory
     mode: "0755"
@@ -39,9 +39,24 @@
   run_once: true
 
 - name: Move to final destination.
-  command:
+  ansible.builtin.command:
     cmd: "mv /tmp/{{ project_name }}_{{ build_type }}.tar {{ deploy_code.mount_sync }}/{{ project_name }}_{{ build_type }}.tar"
   when:
     - deploy_code.mount_sync is defined
     - deploy_code.mount_sync | length > 1
   run_once: true
+
+- name: Trigger an infrastructure rebuild.
+  ansible.builtin.include_role:
+    name: api_call
+  vars:
+    api_call:
+      type: "{{ deploy_code.api_call.type }}"
+      base_url: "{{ deploy_code.api_call.base_url }}"
+      path: "{{ deploy_code.api_call.path }}"
+      method: "{{ deploy_code.api_call.method }}"
+      token: "{{ deploy_code.api_call.token }}"
+      token_type: "{{ deploy_code.api_call.token_type }}"
+      variables: "{{ deploy_code.api_call.variables }}"
+      status_codes: "{{ deploy_code.api_call.status_codes }}"
+  when: deploy_code.rebuild_infra
diff --git a/roles/deploy_code/tasks/deploy.yml b/roles/deploy_code/tasks/deploy.yml
index 3693eb70..0d15425c 100644
--- a/roles/deploy_code/tasks/deploy.yml
+++ b/roles/deploy_code/tasks/deploy.yml
@@ -1,6 +1,6 @@
 ---
 - name: Copy project repository.
-  synchronize:
+  ansible.posix.synchronize:
     src: "{{ _ce_deploy_build_dir }}/"
     dest: "{{ deploy_path }}"
     archive: true
@@ -8,17 +8,17 @@
       - "--exclude=.git"
 
 - name: Ensure project repository is readable.
-  file:
+  ansible.builtin.file:
     path: "{{ deploy_path }}"
     state: directory
     mode: 0755
 
 - name: Project specific tasks.
-  include_role:
+  ansible.builtin.include_role:
     name: "deploy_code/deploy_code-{{ project_type }}"
 
 - name: Generate additional templates.
-  template:
+  ansible.builtin.template:
     src: "{{ template.src }}"
     dest: "{{ deploy_path }}/{{ template.dest }}"
   with_items: "{{ deploy_code.templates }}"
@@ -29,7 +29,7 @@
     - deploy_operation == 'deploy'
 
 - name: Create additional symlinks.
-  file:
+  ansible.builtin.file:
     src: "{{ link.src }}"
     dest: "{{ deploy_path }}/{{ link.dest }}"
     state: link
diff --git a/roles/deploy_code/tasks/main.yml b/roles/deploy_code/tasks/main.yml
index a8021dcf..f4bd05af 100644
--- a/roles/deploy_code/tasks/main.yml
+++ b/roles/deploy_code/tasks/main.yml
@@ -1,2 +1,2 @@
 ---
-- include_tasks: "{{ deploy_operation }}.yml"
+- ansible.builtin.include_tasks: "{{ deploy_operation }}.yml"