diff --git a/.github/aws-config b/.github/aws-config
new file mode 100644
index 0000000..12ea531
--- /dev/null
+++ b/.github/aws-config
@@ -0,0 +1,7 @@
+[default]
+region = eu-west-3
+output = json
+
+[profile ippon-sandbox]
+aws_access_key_id = __AWS_ACCESS_KEY_ID__
+aws_secret_access_key = __AWS_SECRET_ACCESS_KEY__
diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
new file mode 100644
index 0000000..332e3b4
--- /dev/null
+++ b/.github/workflows/deployment.yml
@@ -0,0 +1,85 @@
+---
+
+name: Deployment
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+defaults:
+  run:
+    shell: bash
+
+env:
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+jobs:
+  terraform:
+    name: Terraform
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: terraform
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: ~1.0
+
+      - name: Setup Terragrunt
+        uses: autero1/action-terragrunt@v1.2.0
+        with:
+          terragrunt_version: 0.40.2
+
+      - name: Set up AWS configuration file
+        run: |
+          sed -i "s/__AWS_ACCESS_KEY_ID__/${{ secrets.AWS_ACCESS_KEY_ID }}/g" ${{ github.workspace }}/.github/aws-config
+          sed -i "s/__AWS_SECRET_ACCESS_KEY__/${{ secrets.AWS_SECRET_ACCESS_KEY }}/g" ${{ github.workspace }}/.github/aws-config
+          echo "AWS_CONFIG_FILE=${{ github.workspace }}/.github/aws-config" >> $GITHUB_ENV
+
+      - name: Terragrunt run-all init
+        run: terragrunt run-all init
+
+      - name: Terragrunt run-all plan
+        run: terragrunt run-all plan
+
+      - name: Terragrunt run-all apply
+        if: github.ref == 'refs/heads/main'
+        run: terragrunt run-all apply
+
+  helm:
+    name: Helm
+    runs-on: ubuntu-latest
+    needs: terraform
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Helm
+        uses: azure/setup-helm@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup AWS CLI
+        uses: unfor19/install-aws-cli-action@v1
+        with:
+          version: 2
+
+      - name: Get kubernetes configuration file
+        run: |
+          aws eks --region eu-west-3 update-kubeconfig --name aws-eks-irsa
+
+      - name: Helm install AWS CLI chart
+        run: |
+          helm upgrade \
+                --install \
+                --create-namespace \
+                --namespace aws-eks-irsa \
+                --set awsAccountId=${{ secrets.AWS_ACCOUNT_ID }} \
+                aws-cli helm/aws-cli
diff --git a/README.md b/README.md
index 85538b8..100bf31 100644
--- a/README.md
+++ b/README.md
@@ -59,7 +59,7 @@ kubectl get pods -n kube-system
 
 You can install the `aws-cli` Helm chart as such (after replacing `<YOUR_AWS_ACCOUNT_ID>` with your account ID):
 ```bash
-helm install --create-namespace --namespace aws-eks-irsa --set awsAccountId=<YOUR_AWS_ACCOUNT_ID> aws-cli helm/aws-cli
+helm upgrade --install --create-namespace --namespace aws-eks-irsa --set awsAccountId=<YOUR_AWS_ACCOUNT_ID> aws-cli helm/aws-cli
 ```
 
 Then, you can check your resources were created into the EKS cluster: