diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..1d67fd5
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,49 @@
+name: Deploy
+
+on: [push]
+  # push:
+  #   branches:
+  #     - main
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    name: Deploy
+    environment: deploy-to-aws
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_ROLE_NAME }}
+          aws-region: ${{ vars.AWS_REGION }}
+      - uses: aws-actions/amazon-ecr-login@v2
+        id: log-into-ecr
+      - name: Build, tag, and push Docker image to Amazon ECR
+        id: build-tag-and-push-docker-image
+        env:
+          ECR_REGISTRY: ${{ steps.log-into-ecr.outputs.registry }}
+          ECR_REPOSITORY: atoti-project-template
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build --tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image={$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG}" >> $GITHUB_OUTPUT
+      - name: Inline variables in the task definition
+        run: sed -i -e 's/AWS_ACCOUNT_ID/${{ secrets.AWS_ACCOUNT_ID }}/g' -e 's/AWS_DATABASE_URL_SECRET_NAME/${{ vars.AWS_DATABASE_URL_SECRET_NAME }}/g' -e 's/AWS_ROLE_NAME/${{ vars.AWS_ROLE_NAME }}/g' task-definition.json
+      - uses: aws-actions/amazon-ecs-render-task-definition@v1
+        id: render-task-definition
+        with:
+          task-definition: task-definition.json
+          container-name: atoti-session
+          image: ${{ steps.build-tag-and-push-docker-image.outputs.image }}
+      - uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+        with:
+          task-definition: ${{ steps.render-task-definition.outputs.task-definition }}
+          service: atoti-project-template
+          cluster: atoti-project-template
+          wait-for-service-stability: true
diff --git a/README.md b/README.md
index 6c1c875..f0fd20b 100644
--- a/README.md
+++ b/README.md
@@ -34,5 +34,5 @@ Other useful commands can be found in [`test.yml`](.github/workflows/test.yml).
 
 ## Deployment
 
-This repository is configured to continuously deploy to AWS ECS.
+This repository automatically deploys to [AWS ECS](https://aws.amazon.com/ecs/).
 To deploy somewhere else, delete [`task-definition.json`][task-definition.json] and adapt [`deploy.yml`](.github/workflows/deploy.yml).
diff --git a/task-definition.json b/task-definition.json
new file mode 100644
index 0000000..e0a34c8
--- /dev/null
+++ b/task-definition.json
@@ -0,0 +1,37 @@
+{
+    "executionRoleArn": "AWS_ROLE_NAME",
+    "containerDefinitions": [
+        {
+            "name": "atoti-session",
+            "essential": true,
+            "logConfiguration": {
+                "logDriver": "awslogs",
+                "options": {
+                    "awslogs-group": "/ecs/atoti-project-template",
+                    "awslogs-region": "AWS_REGION",
+                    "awslogs-stream-prefix": "ecs"
+                }
+            },
+            "portMappings": [
+                {
+                    "hostPort": 80,
+                    "protocol": "tcp",
+                    "containerPort": 80
+                }
+            ],
+            "secrets": [
+                {
+                    "name": "DATABASE_URL",
+                    "valueFrom": "arn:aws:secretsmanager:AWS_REGION:AWS_ACCOUNT_ID:secret:atoti-project-template/AWS_DATABASE_URL_SECRET_NAME"
+                }
+            ]
+        }
+    ],
+    "family": "atoti-project-template",
+    "cpu": "1024",
+    "memory": "2048",
+    "requiresCompatibilities": [
+        "FARGATE"
+    ],
+    "networkMode": "awsvpc"
+}