diff --git a/scripts/deploy/medic-deploy.md b/scripts/deploy/medic-deploy.md
new file mode 100644
index 00000000..839b91aa
--- /dev/null
+++ b/scripts/deploy/medic-deploy.md
@@ -0,0 +1,79 @@
+## Medic Deployment
+
+This readme talks about how to use `helm` and `kubect`  running locally on your workstation to create, update and delete instances of the CHT User Management tool.  These will be running in Medic's [EKS](https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html) and these instructions are meant to be followed by Medic teammates who have access to EKS.
+
+General public is welcome to look at these instructions for who they might use them in their own infrastructure. 
+
+### Key/Value pairs used 
+| Key       | Value                                                   |
+|-----------|---------------------------------------------------------|
+| context   | arn:aws:eks:eu-west-2:720541322708:cluster/prod-cht-eks |
+| namespace | users-chis-prod                                         |
+
+### Requirements:
+-  Have both [Helm](https://helm.sh/) and  [Kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/) installed on your local workstation
+- Check out [helm chart repository](https://github.com/medic/helm-charts/tree/main#usage) so you can reference it locally
+- Be able to [authenticate to Medic kubernetes cluster (EKS)](https://github.com/medic/medic-infrastructure/blob/master/terraform/aws/dev/eks/access/README.md)
+
+
+### Deploy new version
+
+These commands should be run in the `./scripts/deploy` directory in this repo. Also note you may need to replace `medic/cht-user-management` with the full path to the helm chart repository you checked out above.
+
+#### KE
+```shell
+# Edit tag in users-chis-ke.yaml and then run:
+
+helm upgrade \
+      --kube-context arn:aws:eks:eu-west-2:720541322708:cluster/prod-cht-eks \
+      --namespace users-chis-prod \
+      --values values/users-chis-ke.yaml \
+      users-chis-ke medic/cht-user-management
+```
+#### UG
+```shell
+# Edit tag in users-chis-ug.yaml and then run:
+
+helm upgrade \
+      --kube-context arn:aws:eks:eu-west-2:720541322708:cluster/prod-cht-eks \
+      --namespace users-chis-prod \
+      --values values/users-chis-ug.yaml \
+      users-chis-ug medic/cht-user-management
+```
+### How to
+
+#### List all helm deployments
+```shell
+helm --kube-context $context --namespace $namespace list --all
+```
+
+#### Check history of a deployment
+```shell
+helm --kube-context $context --namespace $namespace history $deployment_name
+```
+_You can get `deployment_name` from the helm list command above_
+
+#### Get current configuration of a deployment
+```shell
+helm --kube-context $context --namespace $namespace get values $deployment_name
+```
+
+#### List all resources in a namespace
+```shell
+kubectl --context $context --namespace $namespace get all
+```
+
+#### View logs of a deployment
+```shell
+kubectl --context $context --namespace $namespace logs deploy/users-chis-ke-cht-user-management
+# or
+kubectl --context $context --namespace $namespace logs deploy/users-chis-ug-cht-user-management
+```
+_You can replace `deploy/x` with for example `pods/y` from the get all command above_
+
+#### Get more details of a deployment
+```shell
+kubectl --context $context --namespace $namespace describe deploy/users-chis-ke-cht-user-management
+# or
+kubectl --context $context --namespace $namespace describe deploy/users-chis-ug-cht-user-management
+```
diff --git a/scripts/deploy/values/users-chis-ke.yaml b/scripts/deploy/values/users-chis-ke.yaml
new file mode 100644
index 00000000..70b76a61
--- /dev/null
+++ b/scripts/deploy/values/users-chis-ke.yaml
@@ -0,0 +1,25 @@
+cht-user-management:
+  image:
+    tag: 1.0.0
+  env:
+    CONFIG_NAME: chis-ke
+
+  # EKS prod ELB
+  ingress:
+    enabled: true
+    annotations:
+      alb.ingress.kubernetes.io/scheme: internet-facing
+      alb.ingress.kubernetes.io/tags: Environment=prod,Team=SRE
+      alb.ingress.kubernetes.io/group.name: prod-cht-alb
+      alb.ingress.kubernetes.io/ssl-redirect: '443'
+      alb.ingress.kubernetes.io/target-type: ip
+      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+      alb.ingress.kubernetes.io/certificate-arn: arn:aws:iam::720541322708:server-certificate/2023-wildcard-app-medicmobile-org-chain
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+
+    className: alb
+    hosts:
+      - host: users-chis-ke.app.medicmobile.org
+        paths:
+          - path: /
+            pathType: Prefix
diff --git a/scripts/deploy/values/users-chis-ug.yaml b/scripts/deploy/values/users-chis-ug.yaml
new file mode 100644
index 00000000..d3af0efc
--- /dev/null
+++ b/scripts/deploy/values/users-chis-ug.yaml
@@ -0,0 +1,25 @@
+cht-user-management:
+  image:
+    tag: 1.0.0
+  env:
+    CONFIG_NAME: chis-ug
+
+  # EKS prod ELB
+  ingress:
+    enabled: true
+    annotations:
+      alb.ingress.kubernetes.io/scheme: internet-facing
+      alb.ingress.kubernetes.io/tags: Environment=prod,Team=SRE
+      alb.ingress.kubernetes.io/group.name: prod-cht-alb
+      alb.ingress.kubernetes.io/ssl-redirect: '443'
+      alb.ingress.kubernetes.io/target-type: ip
+      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+      alb.ingress.kubernetes.io/certificate-arn: arn:aws:iam::720541322708:server-certificate/2023-wildcard-app-medicmobile-org-chain
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+
+    className: alb
+    hosts:
+      - host: users-chis-ug.app.medicmobile.org
+        paths:
+          - path: /
+            pathType: Prefix