diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf
index e345c74103..7362884e6b 100644
--- a/enos/modules/aws_boundary/boundary-instances.tf
+++ b/enos/modules/aws_boundary/boundary-instances.tf
@@ -96,8 +96,9 @@ resource "enos_remote_exec" "update_path_controller" {
 }
 
 locals {
-  audit_log_directory = "/var/log/boundary"
-  service_user        = "boundary"
+  audit_log_directory    = "/var/log/boundary"
+  auth_storage_directory = "/var/lib/boundary"
+  service_user           = "boundary"
 }
 
 resource "enos_file" "controller_config" {
@@ -176,11 +177,11 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" {
   for_each = toset([for idx in range(var.controller_count) : tostring(idx)])
 
   environment = {
-    LOG_DIR      = local.audit_log_directory
+    NEW_DIR      = local.audit_log_directory
     SERVICE_USER = local.service_user
   }
 
-  scripts = [abspath("${path.module}/scripts/create-audit-log-dir.sh")]
+  scripts = [abspath("${path.module}/scripts/create-dir.sh")]
 
   transport = {
     ssh = {
@@ -235,6 +236,7 @@ resource "enos_file" "worker_config" {
     region                  = var.aws_region
     type                    = jsonencode(var.worker_type_tags)
     recording_storage_path  = var.recording_storage_path
+    auth_storage_path       = local.auth_storage_directory
     audit_log_dir           = local.audit_log_directory
     hcp_boundary_cluster_id = var.hcp_boundary_cluster_id
     vault_address           = local.network_stack[var.ip_version].vault_address
@@ -273,11 +275,31 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" {
   for_each = toset([for idx in range(var.worker_count) : tostring(idx)])
 
   environment = {
-    LOG_DIR      = local.audit_log_directory
+    NEW_DIR      = local.audit_log_directory
     SERVICE_USER = local.service_user
   }
 
-  scripts = [abspath("${path.module}/scripts/create-audit-log-dir.sh")]
+  scripts = [abspath("${path.module}/scripts/create-dir.sh")]
+
+  transport = {
+    ssh = {
+      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+    }
+  }
+}
+
+resource "enos_remote_exec" "create_worker_auth_storage_dir" {
+  depends_on = [
+    enos_boundary_start.worker_start,
+  ]
+  for_each = toset([for idx in range(var.worker_count) : tostring(idx)])
+
+  environment = {
+    NEW_DIR      = local.auth_storage_directory
+    SERVICE_USER = local.service_user
+  }
+
+  scripts = [abspath("${path.module}/scripts/create-dir.sh")]
 
   transport = {
     ssh = {
diff --git a/enos/modules/aws_boundary/scripts/create-audit-log-dir.sh b/enos/modules/aws_boundary/scripts/create-dir.sh
similarity index 77%
rename from enos/modules/aws_boundary/scripts/create-audit-log-dir.sh
rename to enos/modules/aws_boundary/scripts/create-dir.sh
index a2028de1e3..f906a5b788 100644
--- a/enos/modules/aws_boundary/scripts/create-audit-log-dir.sh
+++ b/enos/modules/aws_boundary/scripts/create-dir.sh
@@ -9,7 +9,7 @@ fail() {
   exit 1
 }
 
-[[ -z "$LOG_DIR" ]] && fail "LOG_DIR env variable has not been set"
+[[ -z "$NEW_DIR" ]] && fail "NEW_DIR env variable has not been set"
 [[ -z "$SERVICE_USER" ]] && fail "SERVICE_USER env variable has not been set"
 
 function retry {
@@ -34,5 +34,5 @@ function retry {
 
 retry 7 id -a "$SERVICE_USER"
 
-sudo mkdir -p "$LOG_DIR"
-sudo chown -R "$SERVICE_USER":"$SERVICE_USER" "$LOG_DIR"
+sudo mkdir -p "$NEW_DIR"
+sudo chown -R "$SERVICE_USER":"$SERVICE_USER" "$NEW_DIR"
diff --git a/enos/modules/aws_boundary/templates/worker_hcp_bsr.hcl b/enos/modules/aws_boundary/templates/worker_hcp_bsr.hcl
index 80f5d17287..bdf7b399e8 100644
--- a/enos/modules/aws_boundary/templates/worker_hcp_bsr.hcl
+++ b/enos/modules/aws_boundary/templates/worker_hcp_bsr.hcl
@@ -17,7 +17,7 @@ worker {
     region = ["${region}"]
   }
 
-  auth_storage_path = "/tmp/boundary/worker"
+  auth_storage_path = "${auth_storage_path}/worker"
   recording_storage_path = "${recording_storage_path}"
 }
 
diff --git a/enos/modules/aws_worker/main.tf b/enos/modules/aws_worker/main.tf
index 27910cc3c4..a7ba4d11e1 100644
--- a/enos/modules/aws_worker/main.tf
+++ b/enos/modules/aws_worker/main.tf
@@ -246,11 +246,11 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" {
   ]
 
   environment = {
-    LOG_DIR      = local.audit_log_directory
+    NEW_DIR      = local.audit_log_directory
     SERVICE_USER = local.service_user
   }
 
-  scripts = [abspath("${path.module}/scripts/create-audit-log-dir.sh")]
+  scripts = [abspath("${path.module}/scripts/create-dir.sh")]
 
   transport = {
     ssh = {
diff --git a/enos/modules/aws_worker/scripts/create-audit-log-dir.sh b/enos/modules/aws_worker/scripts/create-dir.sh
similarity index 77%
rename from enos/modules/aws_worker/scripts/create-audit-log-dir.sh
rename to enos/modules/aws_worker/scripts/create-dir.sh
index a2028de1e3..f906a5b788 100644
--- a/enos/modules/aws_worker/scripts/create-audit-log-dir.sh
+++ b/enos/modules/aws_worker/scripts/create-dir.sh
@@ -9,7 +9,7 @@ fail() {
   exit 1
 }
 
-[[ -z "$LOG_DIR" ]] && fail "LOG_DIR env variable has not been set"
+[[ -z "$NEW_DIR" ]] && fail "NEW_DIR env variable has not been set"
 [[ -z "$SERVICE_USER" ]] && fail "SERVICE_USER env variable has not been set"
 
 function retry {
@@ -34,5 +34,5 @@ function retry {
 
 retry 7 id -a "$SERVICE_USER"
 
-sudo mkdir -p "$LOG_DIR"
-sudo chown -R "$SERVICE_USER":"$SERVICE_USER" "$LOG_DIR"
+sudo mkdir -p "$NEW_DIR"
+sudo chown -R "$SERVICE_USER":"$SERVICE_USER" "$NEW_DIR"