diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
new file mode 100644
index 00000000..8408cb19
--- /dev/null
+++ b/.github/workflows/deploy-prod.yml
@@ -0,0 +1,76 @@
+name: deploy
+permissions:
+  id-token: write
+  contents: read
+on:
+  push:
+    tags:
+      - "*"
+jobs:
+  deploy-prod:
+    environment:
+      name: production
+      url: https://api.string-api.xyz
+    if: startsWith(github.ref, 'refs/tags/')
+    name: deploy to ECS - Production
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: setup go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: go.mod
+          cache: true
+          cache-dependency-path: go.sum
+      - name: install deps
+        run: |
+          go mod download
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v1.7.0
+        with:
+          aws-region: us-west-2
+          role-to-assume: ${{ secrets.PROD_ASSUME_ROLE }}
+
+      - name: login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Extract tag
+        id: extract_tag
+        run: |
+          echo ::set-output name=tag::${GITHUB_REF#refs/tags/}
+
+      - name: build,tag and push to Amazon ECR
+        id: image-builder
+        env:
+          ECR_REPO: ${{ secrets.PROD_AWS_ACCT }}.dkr.ecr.us-west-2.amazonaws.com
+          SERVICE: api
+          IMAGE_TAG: ${{ steps.extract_tag.tag }}
+        run: |
+          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ./cmd/app/main ./cmd/app/main.go
+          docker build --platform linux/amd64 -t $ECR_REPO/$SERVICE:$IMAGE_TAG ./cmd/app/
+          docker push $ECR_REPO/$SERVICE:$IMAGE_TAG
+          echo "image=$ECR_REPO/$SERVICE:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+      - name: get latest task definition
+        run: |
+          aws ecs describe-task-definition --task-definition api --query taskDefinition > task-definition.json
+
+      - name: update task definition
+        id: task
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: task-definition.json
+          container-name: api
+          image: ${{ steps.image-builder.outputs.image }}
+
+      - name: deploy
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.task.outputs.task-definition }}
+          cluster: core
+          service: api
+          wait-for-service-stability: true