diff --git a/.github/workflows/base-deployment.yml b/.github/workflows/base-deployment.yml
new file mode 100644
index 00000000..cd4a40be
--- /dev/null
+++ b/.github/workflows/base-deployment.yml
@@ -0,0 +1,92 @@
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: "Which Environment settings to use"
+        required: true
+        type: string
+        default: "dev"
+      is_deployment:
+        description: "Do you want to run Terraform Apply"
+        type: boolean
+        default: false
+
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Which Environment settings to use"
+        required: true
+        type: choice
+        options: 
+          - dev 
+          - pre-prod
+          - prod
+      is_deployment:
+        description: "Do you want to run Terraform Apply"
+        type: boolean
+        default: false
+
+name: Base Plan and Apply
+permissions:
+  contents: read       
+  id-token: write      
+  pull-requests: write
+
+jobs:
+  plan:
+    name: ${{ inputs.environment }} - Plan and Apply
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    defaults:
+      run:
+        working-directory: ./terraform
+    steps:
+      - name: Set up git repo
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.IAM_ROLE }}
+          aws-region: eu-west-2
+          mask-aws-account-id: true
+
+      - name: terraform init
+        id: init
+        run: terraform init -no-color -upgrade -backend-config="bucket=${{ secrets.TF_BACKEND_BUCKET }}" -backend-config="key=${{ secrets.TF_BACKEND_KEY }}" -backend-config="dynamodb_table=${{ secrets.TF_BACKEND_DYNAMODB_TABLE }}"
+
+      - name: terraform validate
+        id: validate
+        run: terraform validate -no-color
+
+        ## REPOSITORY SPECIFIC ##
+      - name: Setup Terraform variables
+        id: vars
+        run: |
+          COMMON_ACCOUNT_ID=$(aws ssm get-parameter --name /repo/ci/user-input/external/aws-account-id --with-decryption | jq -r .Parameter.Value)
+          cat > pipeline.auto.tfvars <<EOF
+          common_account_id=$COMMON_ACCOUNT_ID
+          common_account_role="CiReadOnly"
+          EOF
+
+          mkdir ../generate-cost-report-lambda/build
+          touch ../generate-cost-report-lambda/build/generate-cost-report-lambda.zip
+          mkdir ../notification-lambda/build
+          touch ../notification-lambda/build/alarm.zip
+          mkdir ../ehr-hard-deletion-lambda/build
+          touch ../ehr-hard-deletion-lambda/build/ehr-hard-deletion-lambda.zip
+          
+      - name: terraform plan
+        id: plan
+        run: |
+          terraform plan -var-file="${{ inputs.environment }}.tfvars" -no-color -out=${{ inputs.environment }}.tfplan
+
+      - name: terraform apply
+        if: ${{ inputs.is_deployment }}
+        id: apply
+        run: |
+          terraform apply -auto-approve -input=false ${{ inputs.environment }}.tfplan
+          working-directory: ./terraform
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000..8a2e1858
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,20 @@
+name: Build
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
new file mode 100644
index 00000000..3f44cd46
--- /dev/null
+++ b/.github/workflows/ci-cd.yml
@@ -0,0 +1,21 @@
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - '**'
+     
+      
+name: CI/CD
+
+permissions:
+  pull-requests: write
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
+jobs:
+  automated-dev-deployment:
+      uses: ./.github/workflows/base-deployment.yml
+      with:
+        environment: dev
+        is_deployment: ${{ github.ref == 'refs/heads/main' }}
+      secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 897c8960..8b392568 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -92,6 +92,8 @@ jobs:
           touch ../generate-cost-report-lambda/build/generate-cost-report-lambda.zip
           mkdir ../notification-lambda/build
           touch ../notification-lambda/build/alarm.zip
+          mkdir ../ehr-hard-deletion-lambda/build
+          touch ../ehr-hard-deletion-lambda/build/ehr-hard-deletion-lambda.zip
 
       - name: terraform plan
         id: plan