diff --git a/.github/workflows/crc-cloud.yml b/.github/workflows/crc-cloud.yml
new file mode 100644
index 0000000..6426f56
--- /dev/null
+++ b/.github/workflows/crc-cloud.yml
@@ -0,0 +1,58 @@
+name: crc-cloud
+
+on:
+  pull_request:
+    branches:
+      - main
+
+  workflow_dispatch:
+
+jobs:
+  crc-cloud:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: write
+
+    steps:
+      - name: Write pullsecret
+        env:
+          PULLSECRET_BASE64: ${{ secrets.PS_64 }}
+        run: |
+          echo $PULLSECRET_BASE64 | base64 --decode > pullsecret.txt
+
+      - name: Write boot key
+        run: echo "${{ secrets.KEY }}" > key.txt
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.ROLE }}
+          aws-region: eu-west-2
+
+      - run: |
+          docker run \
+          -v ${PWD}:/workspace:z \
+          -e AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \
+          -e AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \
+          -e AWS_DEFAULT_REGION=eu-west-2 quay.io/crcont/crc-cloud:v0.0.2 \
+          create aws \
+          --project-name "crc-ocp412" \
+          --backed-url "file:///workspace" \
+          --output "/workspace" \
+          --aws-ami-id "ami-019669c0960dbcf14" \
+          --pullsecret-filepath /workspace/pullsecret.txt \
+          --key-filepath /workspace/key.txt
+
+      - run: |
+          docker run \
+          -v ${PWD}:/workspace:z \
+          -e AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \
+          -e AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \
+          -e AWS_DEFAULT_REGION=eu-west-2 \
+          quay.io/crcont/crc-cloud:v0.0.2 \
+          destroy \
+          --project-name "crc-ocp412" \
+          --backed-url "file:///workspace" \
+          --provider "aws"