diff --git a/deployment/api_transparency_dev/main.tf b/deployment/api_transparency_dev/main.tf
index 78b30711..12c23ee1 100644
--- a/deployment/api_transparency_dev/main.tf
+++ b/deployment/api_transparency_dev/main.tf
@@ -51,14 +51,36 @@ module "lb-http" {
   enable_ipv6         = true
 
   backends = {
-    default = {
-      description = "Distributor API backend"
+    prod = {
+      description = "Distributor API backend (prod)"
       protocol    = "HTTPS"
       port_name   = "https"
       port        = 443
       groups = [
         {
-          group = google_compute_global_network_endpoint_group.distributor.id
+          group = google_compute_global_network_endpoint_group.distributor_prod.id
+        }
+      ]
+
+      health_check = null
+
+      enable_cdn = false
+
+      iap_config = {
+        enable = false
+      }
+      log_config = {
+        enable = false
+      }
+    }
+    ci = {
+      description = "Distributor API backend (ci)"
+      protocol    = "HTTPS"
+      port_name   = "https"
+      port        = 443
+      groups = [
+        {
+          group = google_compute_global_network_endpoint_group.distributor_ci.id
         }
       ]
 
@@ -114,10 +136,22 @@ resource "google_compute_url_map" "default" {
       ]
       route_action {
         url_rewrite {
-          host_rewrite = var.distributor_host
+          host_rewrite = var.distributor_prod_host
+        }
+      }
+      service = module.lb-http.backend_services["prod"].id
+    }
+    path_rule {
+      paths = [
+        "/distributor-ci/*"
+      ]
+      route_action {
+        url_rewrite {
+          path_prefix_rewrite = "/distributor/"
+          host_rewrite        = var.distributor_ci_host
         }
       }
-      service = module.lb-http.backend_services["default"].id
+      service = module.lb-http.backend_services["ci"].id
     }
 
     #####
@@ -204,18 +238,30 @@ resource "google_compute_backend_bucket" "firmware_artefacts_ci_1" {
 }
 
 
-resource "google_compute_global_network_endpoint_group" "distributor" {
-  name                  = "distributor"
+resource "google_compute_global_network_endpoint_group" "distributor_prod" {
+  name                  = "distributor-prod"
+  project               = var.project_id
+  provider              = google-beta
+  default_port          = var.distributor_prod_port
+  network_endpoint_type = "INTERNET_FQDN_PORT"
+}
+resource "google_compute_global_network_endpoint_group" "distributor_ci" {
+  name                  = "distributor-ci"
   project               = var.project_id
   provider              = google-beta
-  default_port          = var.distributor_port
+  default_port          = var.distributor_ci_port
   network_endpoint_type = "INTERNET_FQDN_PORT"
 }
 
-resource "google_compute_global_network_endpoint" "distributor" {
-  global_network_endpoint_group = google_compute_global_network_endpoint_group.distributor.name
-  port                          = var.distributor_port
-  fqdn                          = var.distributor_host
+resource "google_compute_global_network_endpoint" "distributor_prod" {
+  global_network_endpoint_group = google_compute_global_network_endpoint_group.distributor_prod.name
+  port                          = var.distributor_prod_port
+  fqdn                          = var.distributor_prod_host
+}
+resource "google_compute_global_network_endpoint" "distributor_ci" {
+  global_network_endpoint_group = google_compute_global_network_endpoint_group.distributor_ci.name
+  port                          = var.distributor_ci_port
+  fqdn                          = var.distributor_ci_host
 }
 
 ## Terraform keys
@@ -242,4 +288,4 @@ resource "google_compute_global_network_endpoint" "distributor" {
 #    default_kms_key_name = google_kms_crypto_key.terraform_state_bucket.id
 #  }
 #  uniform_bucket_level_access = true
-#}
\ No newline at end of file
+#}
diff --git a/deployment/api_transparency_dev/terraform.tfvars b/deployment/api_transparency_dev/terraform.tfvars
index 311d8b63..b92a14c3 100644
--- a/deployment/api_transparency_dev/terraform.tfvars
+++ b/deployment/api_transparency_dev/terraform.tfvars
@@ -7,5 +7,10 @@ serve_domain = "api.transparency.dev"
 
 lb_name = "transparency-dev-lb"
 
-distributor_host = "distributor-service-oxxl2d5jeq-uc.a.run.app"
-distributor_port = 443
+# TODO(mhutchinson): this is the old env and should be switched to the following
+# distributor_prod_host = "distributor-service-prod-oxxl2d5jeq-uc.a.run.app"
+distributor_prod_host = "distributor-service-oxxl2d5jeq-uc.a.run.app"
+distributor_prod_port = 443
+
+distributor_ci_host = "distributor-service-ci-oxxl2d5jeq-uc.a.run.app"
+distributor_ci_port = 443
diff --git a/deployment/api_transparency_dev/variables.tf b/deployment/api_transparency_dev/variables.tf
index 17056c73..483adefb 100644
--- a/deployment/api_transparency_dev/variables.tf
+++ b/deployment/api_transparency_dev/variables.tf
@@ -20,11 +20,18 @@ variable "tls" {
   type        = bool
 }
 
-variable "distributor_host" {
-  description = "Host name serving distributor service API"
+variable "distributor_prod_host" {
+  description = "Host name serving distributor service API (prod)"
 }
-variable "distributor_port" {
-  description = "Port on distributor_host where distributor service API is served"
+variable "distributor_prod_port" {
+  description = "Port on distributor_host where distributor service API is served (prod)"
+  type        = number
+}
+variable "distributor_ci_host" {
+  description = "Host name serving distributor service API (ci)"
+}
+variable "distributor_ci_port" {
+  description = "Port on distributor_host where distributor service API is served (ci)"
   type        = number
 }