diff --git a/.github/workflows/aws_deploy.yml b/.github/workflows/aws_deploy.yml
index 247efbfab..8fa267a69 100644
--- a/.github/workflows/aws_deploy.yml
+++ b/.github/workflows/aws_deploy.yml
@@ -12,6 +12,9 @@ on:
       environment:
         required: true
         type: string
+      release_tag:
+        required: false
+        type: string
 
 concurrency:
   group: deploy-${{ inputs.environment }}
@@ -45,8 +48,13 @@ jobs:
         with:
           mask-password: 'true'
 
+      - name: Check if image with tag already exists
+        run: |
+          echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV
+
       - name: Build, tag, and push docker image to ECR
         id: build-image
+        if: ${{ env.image-exists == 'false' }}
         env:
           registry: ${{ steps.ecr-login.outputs.registry }}
           commit_tag: ${{ github.sha }}
@@ -77,11 +85,16 @@ jobs:
         id: timestamp
         run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
 
+      - name: Get additional tag
+        run: |
+          echo "additional-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo ${{ inputs.release_tag }}-${{ env.timestamp }}; else echo ${{ env.timestamp }}; fi)" >> $GITHUB_ENV
+
       - name: Add environment tag to existing image
+        id: update-image-tags
         env:
           registry: ${{ steps.ecr-login.outputs.registry }}
           commit_tag: ${{ github.sha }}
-          readable_tag: ${{ inputs.environment }}-${{ env.timestamp }}
+          readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }}
         run: |
           manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
           aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
diff --git a/.github/workflows/production_pipeline.yml b/.github/workflows/production_pipeline.yml
index fd0a73b9d..76a85eca8 100644
--- a/.github/workflows/production_pipeline.yml
+++ b/.github/workflows/production_pipeline.yml
@@ -16,6 +16,8 @@ jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
+    outputs:
+      releasetag: ${{ steps.latestrelease.outputs.releasetag }}
 
     services:
       postgres:
@@ -48,7 +50,7 @@ jobs:
       - name: Get latest release with tag
         id: latestrelease
         run: |
-          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
+          echo "releasetag=$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_OUTPUT
 
       - name: Confirm release tag
         run: |
@@ -257,3 +259,15 @@ jobs:
           cf set-env $APP_NAME CSV_DOWNLOAD_PAAS_INSTANCE $CSV_DOWNLOAD_PAAS_INSTANCE
           cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
           cf push $APP_NAME --strategy rolling
+
+  aws_deploy:
+    name: AWS Deploy
+    needs: [lint, test, feature_test, audit]
+    uses: ./.github/workflows/aws_deploy.yml
+    with:
+      aws_account_id: 977287343304
+      aws_resource_prefix: core-prod
+      environment: production
+      release_tag: ${{ needs.test.outputs.releasetag }}
+    permissions:
+      id-token: write