diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh
new file mode 100755
index 0000000..72c4303
--- /dev/null
+++ b/.github/scripts/build.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -ex
+
+aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 490752553772.dkr.ecr.eu-central-1.amazonaws.com
+
+docker build -t tlsnotary-explorer -f apps/Dockerfile .
+docker tag tlsnotary-explorer:latest 490752553772.dkr.ecr.eu-central-1.amazonaws.com/tlsnotary-explorer:latest
+docker push 490752553772.dkr.ecr.eu-central-1.amazonaws.com/tlsnotary-explorer:latest
+
+exit 0
diff --git a/.github/scripts/deploy.sh b/.github/scripts/deploy.sh
new file mode 100755
index 0000000..a3bfef3
--- /dev/null
+++ b/.github/scripts/deploy.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -ex
+
+ecs_cluster="tlsnotary-explorer"
+services="tlsnotary-explorer"
+
+for service in $services; do
+  tlsnotary_explorer_revision=$(aws ecs describe-task-definition --task-definition $service --query "taskDefinition.revision")
+  aws ecs update-service --cluster $ecs_cluster --service $service --force-new-deployment --task-definition $service:$tlsnotary_explorer_revision
+done
+
+aws ecs wait services-stable --cluster $ecs_cluster --services $services && break || continue
+
+exit 0
diff --git a/.github/workflows/cd-deploy.yml b/.github/workflows/cd-deploy.yml
new file mode 100644
index 0000000..e762b6a
--- /dev/null
+++ b/.github/workflows/cd-deploy.yml
@@ -0,0 +1,37 @@
+name: cd-deploy
+on:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::490752553772:role/tlsnotary-explorer-ecs-deploy-slc
+          role-duration-seconds: 2700
+          aws-region: eu-central-1
+
+      - name: Build and Push images to ECR
+        run: |
+          .github/scripts/build.sh 
+
+      - name: Trigger Deployment
+        run: |
+          .github/scripts/deploy.sh
diff --git a/apps/Dockerfile b/apps/Dockerfile
new file mode 100644
index 0000000..3de050d
--- /dev/null
+++ b/apps/Dockerfile
@@ -0,0 +1,26 @@
+# Build app
+FROM node:latest as builder
+
+ENV PATH="${PATH}:/root/.cargo/bin"
+WORKDIR /builder
+
+COPY . .
+
+RUN curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh -s -- -y
+RUN npm i
+RUN npm i --prefix rs/verifier/
+RUN npm run build
+
+# Create image for the app by copying build artifacts from builder
+FROM node:latest as runner
+
+RUN apt-get update; apt-get install netcat-openbsd -y
+USER node
+
+ARG PORT=3000
+
+WORKDIR /home/node/explorer
+COPY --from=builder /builder/build ./build
+
+EXPOSE ${PORT}
+CMD ["node", "build/server/index.bundle.js"]