diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..a54006179
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,13 @@
+.idea
+buildspecs
+log/*
+spec
+test
+.rspec
+.rubocop
+babel-config.js
+docker-compose.yml
+Dockerfile
+Guardfile
+postcss.config.js
+Procfile
diff --git a/Dockerfile b/Dockerfile
index 0571ed2f0..08c9f7227 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,5 @@
-FROM ruby:2.7.2
-RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
-RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs postgresql-client yarn
+FROM public.ecr.aws/bitnami/ruby:2.7
+RUN apt-get update && apt-get install -y build-essential libpq-dev nodejs npm postgresql-client yarn && npm install --global yarn
 RUN mkdir /sample_rails_application
 WORKDIR /sample_rails_application
 COPY Gemfile /sample_rails_application/Gemfile
@@ -14,4 +12,4 @@ RUN yarn install --check-files
 COPY . /sample_rails_application
 EXPOSE 3000
 
-#CMD ["rails", "server", "-b", "0.0.0.0"]
\ No newline at end of file
+CMD ["rails", "server", "-b", "0.0.0.0"]
diff --git a/buildspecs/production-deployment.yml b/buildspecs/production-deployment.yml
new file mode 100644
index 000000000..f7075fa60
--- /dev/null
+++ b/buildspecs/production-deployment.yml
@@ -0,0 +1,14 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      ruby: 2.7
+    commands:
+      - pwd
+      - echo "Deploying to PRODUCTION"
+      - cat docker-image-to-deploy.txt
+
+  build:
+    commands:
+      - echo "Tests stage!"
diff --git a/buildspecs/sandbox-deployment.yml b/buildspecs/sandbox-deployment.yml
new file mode 100644
index 000000000..48663087c
--- /dev/null
+++ b/buildspecs/sandbox-deployment.yml
@@ -0,0 +1,14 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      ruby: 2.7
+    commands:
+      - pwd
+      - echo "Deploying to SANDBOX"
+      - cat docker-image-to-deploy.txt
+
+  build:
+    commands:
+      - echo "Tests stage!"
diff --git a/buildspecs/staging-deployment.yml b/buildspecs/staging-deployment.yml
new file mode 100644
index 000000000..9c1361126
--- /dev/null
+++ b/buildspecs/staging-deployment.yml
@@ -0,0 +1,14 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      ruby: 2.7
+    commands:
+      - pwd
+      - echo "Deploying to STAGING"
+      - cat docker-image-to-deploy.txt
+
+  build:
+    commands:
+      - echo "Tests stage!"
diff --git a/buildspecs/tests-and-build.yml b/buildspecs/tests-and-build.yml
new file mode 100644
index 000000000..756fdb4a0
--- /dev/null
+++ b/buildspecs/tests-and-build.yml
@@ -0,0 +1,31 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      ruby: 2.7
+    commands:
+#      - aws sts get-caller-identity
+#      - aws kms describe-key --key-id arn:aws:kms:eu-west-1:487483287434:key/ec84f810-ec41-45a0-ad9e-3575324d26c4
+      - curl -Lo /tmp/sops.deb https://github.com/mozilla/sops/releases/download/v3.7.1/sops_3.7.1_amd64.deb
+      - dpkg -i /tmp/sops.deb
+      - sops --decrypt deployment/secrets.staging.yaml
+      - aws eks update-kubeconfig --name grze --role-arn arn:aws:iam::487483287434:role/application-ci-cd-codepipeline-eks-access-role
+      - kubectl get ns -o wide
+
+  build:
+    commands:
+      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
+
+      - docker build -t $ECR_REPOSITORY_URL:$CODEBUILD_RESOLVED_SOURCE_VERSION .
+      - docker tag $ECR_REPOSITORY_URL:$CODEBUILD_RESOLVED_SOURCE_VERSION $ECR_REPOSITORY_URL:latest
+
+      - docker push $ECR_REPOSITORY_URL:$CODEBUILD_RESOLVED_SOURCE_VERSION
+      - docker push $ECR_REPOSITORY_URL:latest
+
+      - echo "$ECR_REPOSITORY_URL:$CODEBUILD_RESOLVED_SOURCE_VERSION" > docker-image-to-deploy.txt
+
+artifacts:
+  files:
+    - docker-image-to-deploy.txt
+    - buildspecs/**/*
diff --git a/deployment/.sops.yaml b/deployment/.sops.yaml
new file mode 100644
index 000000000..00c51ef0c
--- /dev/null
+++ b/deployment/.sops.yaml
@@ -0,0 +1,11 @@
+creation_rules:
+  - path_regex: secrets\.staging\.yaml$
+    kms: 'arn:aws:kms:eu-west-1:487483287434:key/ec84f810-ec41-45a0-ad9e-3575324d26c4'
+
+  - path_regex: secrets\.sandbox\.yaml$
+    kms: 'arn:aws:kms:eu-west-1:487483287434:key/ec84f810-ec41-45a0-ad9e-3575324d26c4'
+
+  - path_regex: secrets\.production\.yaml$
+    kms: 'arn:aws:kms:eu-west-1:487483287434:key/ec84f810-ec41-45a0-ad9e-3575324d26c4'
+
+  - kms: 'arn:aws:kms:eu-west-1:487483287434:key/ec84f810-ec41-45a0-ad9e-3575324d26c4'
diff --git a/deployment/secrets.staging.yaml b/deployment/secrets.staging.yaml
new file mode 100644
index 000000000..b0a50c023
--- /dev/null
+++ b/deployment/secrets.staging.yaml
@@ -0,0 +1,16 @@
+password: ENC[AES256_GCM,data:Xdi1H8Qe,iv:ZRkub93Rh2kulszzQFh54ogQCiPIqOUlZe/OW3eKLkE=,tag:0EMPwhZrSX39Nu4A85aQAg==,type:str]
+sops:
+    kms:
+        - arn: arn:aws:kms:eu-west-1:487483287434:key/ec84f810-ec41-45a0-ad9e-3575324d26c4
+          created_at: "2021-05-12T22:04:38Z"
+          enc: AQICAHhngOGWGoxl7TkcaQOZ44amCOQCrm1j0kB2JqvANx5FcAGPDmVCWa/TsXwLDzycUr8FAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMYMn8Cyx2GkngIo2vAgEQgDsryPTXf2KKrEoYRbJv+Vdm2weyONfiz1pYjxERZjOvkMnV2zJ7QWyJ90vqqDyh/4BEKo8x4MM+TADeXQ==
+          aws_profile: ""
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2021-05-12T22:04:49Z"
+    mac: ENC[AES256_GCM,data:ecsZVQobyx5qsRQt/fjlRFu7z44NolNhV1ss7ISXe3sPpWLq3bjxlRb0JytrZVvdHJ4EKff9L8NoRg+BSV/k9f6qigrCE15CSfa3VyLDhWpM9gmFb4bTal/tR5F2cgrsgJYvoOw5wza3rJbomIRtAjOG6s5OcCP6LbFaPTkPAnI=,iv:XSFtinrl81RspcCNTxQRnNhROoBS5zlSCODdLA3wP/o=,tag:IYlPWNDzhOyYsE/i7jLxKw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1