diff --git a/.github/workflows/deploy-submodule-via-ec2.yml b/.github/workflows/deploy-submodule-via-ec2.yml
new file mode 100644
index 0000000..7bbec75
--- /dev/null
+++ b/.github/workflows/deploy-submodule-via-ec2.yml
@@ -0,0 +1,80 @@
+name: "🚀 Deploy submodule"
+
+on:
+  workflow_call:
+    inputs:
+      ami-image-id:
+        required: false
+        type: string
+      instance-type:
+        required: true
+        type: string
+      folder:
+        required: true
+        type: string
+      pr-sha:
+        required: true
+        type: string
+      ref:
+        required: true
+        type: string
+      stage-override:
+        required: false
+        type: string
+
+jobs:
+  start-runner:
+    name: "🔧 Start EC2 runner"
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.start-ec2-runner.outputs.label }}
+      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
+    steps:
+      - name: "👥 Configure AWS Credentials"
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::262732185023:role/github-action-deploy-role
+          aws-region: eu-west-1
+          retry-max-attempts: 5
+      - name: "🚀 Start EC2 runner"
+        id: start-ec2-runner
+        uses: machulav/ec2-github-runner@v2
+        env:
+          GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+        with:
+          mode: start
+          github-token: ${{ env.GH_PERSONAL_ACCESS_TOKEN }}
+          ec2-image-id: ${{ inputs.ami-image-id || 'ami-034dddee671b5c88b' }}
+          ec2-instance-type: ${{ inputs.instance-type }}
+          subnet-id: subnet-008e0d55cc46af9a2
+          security-group-id: sg-07012408d5797f987
+          runner-home-dir: "/home/ubuntu/action-runner-2.311.0"
+
+  deploy-module:
+    needs: start-runner
+    uses: ./.github/workflows/deploy-submodule.yml
+    with:
+      runner-label: ${{ needs.start-runner.outputs.label }}
+      folder: ${{ inputs.folder }}
+      pr-sha: ${{ inputs.pr-sha }}
+      ref: ${{ inputs.ref }}
+
+  stop-runner:
+    name: "🔧 Stop EC2 runner"
+    runs-on: ubuntu-latest
+    needs: [start-runner, deploy-module]
+    if: "success() || failure()"
+    steps:
+      - name: "👥 Configure AWS Credentials"
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::262732185023:role/github-action-deploy-role
+          aws-region: eu-west-1
+          retry-max-attempts: 5
+      - name: "⚰️ Stop EC2 runner"
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: stop
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          label: ${{ needs.start-runner.outputs.label }}
+          ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}
diff --git a/.github/workflows/deploy-submodule.yml b/.github/workflows/deploy-submodule.yml
new file mode 100644
index 0000000..806e6bb
--- /dev/null
+++ b/.github/workflows/deploy-submodule.yml
@@ -0,0 +1,68 @@
+name: "🚀 Deploy submodule"
+
+on:
+  workflow_call:
+    inputs:
+      runner-label:
+        required: false
+        type: string
+      folder:
+        required: true
+        type: string
+      pr-sha:
+        required: true
+        type: string
+      ref:
+        required: true
+        type: string
+      stage-override:
+        required: false
+        type: string
+
+jobs:
+  deploy-aws:
+    runs-on: ${{ inputs.runner-label || 'ubuntu-latest' }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.pr-sha }}
+
+      - name: "🔨 Setup pnpm"
+        uses: pnpm/action-setup@v3
+        with:
+          run_install: false
+
+      - name: "🔨 Setup Node.js"
+        id: setup-node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "pnpm"
+
+      - name: "🔧 Setup environment"
+        shell: bash
+        run: |
+          if [[ "${{ inputs.ref }}" == "refs/heads/main" ]]; then
+            echo "STAGE=prod" >> $GITHUB_ENV
+          elif [[ "${{ inputs.ref }}" == "refs/heads/staging" ]]; then
+            echo "STAGE=dev" >> $GITHUB_ENV
+          fi
+
+      - name: "🔨 Install dependencies"
+        run: pnpm install --frozen-lockfile
+
+      - name: "👥 Configure AWS Credentials"
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::262732185023:role/github-action-deploy-role
+          aws-region: eu-west-1
+          retry-max-attempts: 5
+
+      - name: "🚀 SST Deploy"
+        working-directory: ${{ inputs.folder }}
+        env:
+          STAGE_OVERRIDE: ${{ inputs.stage-override }}
+        run: |
+          STAGE=${STAGE_OVERRIDE:-$STAGE}
+          echo "Deploying with stage: $STAGE"
+          pnpm sst deploy --stage $STAGE
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..b409783
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,37 @@
+name: 🚀 Deploy
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - staging
+      - ci/setup
+
+concurrency:
+  group: ${{ github.ref }}-deploy
+
+env:
+  CI: true
+
+permissions:
+  id-token: write
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  # Independent step, deploying all the tools infrastructure
+  deploy-indexer:
+    name: "🚀 Deploy Indexer"
+    uses: ./.github/workflows/deploy-submodule-via-ec2.yml
+    secrets: inherit
+    with:
+      # Need a custom ami image id since it's needing docker for the build process
+      ami-image-id: ami-0e2a787a966f10c15
+      instance-type: t4g.small
+      folder: ./tools
+      pr-sha: ${{ github.event.pull_request.head.sha }}
+      ref: ${{ github.ref }}