diff --git a/.github/workflows/cloud-sdk-qa-deployment.yaml b/.github/workflows/cloud-sdk-qa-deployment.yaml
new file mode 100644
index 0000000000..a1a6b85ec5
--- /dev/null
+++ b/.github/workflows/cloud-sdk-qa-deployment.yaml
@@ -0,0 +1,163 @@
+name: New Deploy QA01 OpenWIFI Cloud SDK
+
+defaults:
+  run:
+    shell: bash
+
+env:
+  AWS_EKS_NAME: tip-openlan-lab
+  K8S_VERSION: "1.36.1"
+  AWS_DEFAULT_OUTPUT: json
+  AWS_DEFAULT_REGION: ap-south-1
+  AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_CLIENT_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_CLIENT_KEY }}
+
+  WEBSOCKET_CERT: ${{ secrets.INSTA_WEBSOCKET_CERT }}
+  WEBSOCKET_KEY: ${{ secrets.INSTA_WEBSOCKET_KEY }}
+
+  # https://stackoverflow.com/questions/59977364/github-actions-how-use-strategy-matrix-with-script
+  # Required object fiels per environment:
+  # - namespace - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'openwifi-test')
+  # - deploy_method - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0
+  # - chart_version - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)
+  # - owgw_version - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owsec_version - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owfms_version - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owprov_version - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owanalytics_version - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owsub_version - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owrrm_version - OpenWIFI radio resource management service version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owgwui_version - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  # - owprovui_version - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+  testbeds: '[
+    {
+      "namespace": "qa01",
+      "deploy_method": "git",
+      "chart_version": "${{ github.event.inputs.chart_version }}",
+      "owgw_version": "master",
+      "owsec_version": "main",
+      "owfms_version": "main",
+      "owprov_version": "main",
+      "owanalytics_version": "main",
+      "owsub_version": "main",
+      "owrrm_version": "main",
+      "owgwui_version": "main",
+      "owprovui_version": "main"
+    }
+  ]'
+
+on:
+  workflow_dispatch:
+    inputs:
+      chart_version:
+        description: 'Chart version to deploy eg: v3.1.0'
+        required: true
+        default: 'main'
+
+jobs:
+  generate-matrix:
+    name: Generate matrix for build
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+    - name: generate-matrix
+      id: set-matrix
+      run: |
+        cat >> $GITHUB_OUTPUT << EOF
+        matrix={"include":${{ env.testbeds }}}
+        EOF
+
+  deploy:
+    name: Update OpenWIFI Cloud SDK instances
+    runs-on: ubuntu-latest
+    needs: [ generate-matrix ]
+    strategy:
+      matrix: ${{ fromJson( needs.generate-matrix.outputs.matrix ) }}
+      fail-fast: false
+    steps:
+
+    - name: Checkout repo with Helm values
+      uses: actions/checkout@v4
+      with:
+        repository: Telecominfraproject/wlan-cloud-ucentral-deploy
+        path: wlan-cloud-ucentral-deploy
+        ref: ${{ matrix.chart_version }}
+
+    - name: Prepare certificates from secrets
+      working-directory: wlan-cloud-ucentral-deploy/chart/environment-values
+      run: |
+        echo "${{ env.WEBSOCKET_CERT }}" | base64 -d > cert.pem
+        echo "${{ env.WEBSOCKET_KEY }}" | base64 -d > key.pem
+
+    - name: Fetch kubeconfig
+      run: |
+        aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
+
+    - name: Install kubectl
+      run: |
+        curl -s -LO "https://dl.k8s.io/release/${{ env.K8S_VERSION }}/bin/linux/amd64/kubectl"
+        sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+    - name: Deploy OpenWIFI Cloud SDK
+      working-directory: wlan-cloud-ucentral-deploy/chart/environment-values
+      run: |
+        export NAMESPACE=${{ matrix.namespace }}
+        export DEPLOY_METHOD=${{ matrix.deploy_method }}
+        export CHART_VERSION=${{ matrix.chart_version }}
+        export OWGW_VERSION=${{ matrix.owgw_version }}
+        export OWGWUI_VERSION=${{ matrix.owgwui_version }}
+        export OWSEC_VERSION=${{ matrix.owsec_version }}
+        export OWFMS_VERSION=${{ matrix.owfms_version }}
+        export OWPROV_VERSION=${{ matrix.owprov_version }}
+        export OWPROVUI_VERSION=${{ matrix.owprovui_version }}
+        export OWANALYTICS_VERSION=${{ matrix.owanalytics_version }}
+        export OWSUB_VERSION=${{ matrix.owsub_version }}
+        export OWRRM_VERSION=${{ matrix.owrrm_version }}
+        export DOMAIN=lab.open-lan.org
+        export CERTIFICATE_ARN=arn:aws:acm:ap-south-1:289708231103:certificate/2da39707-c340-48ec-a819-0014126548af
+        # use insta only chaincerts here
+        export VALUES_FILE_LOCATION=values.openwifi-qa-insta.yaml,values.openwifi-qa.single-external-db.yaml,values.openwifi-qa.separate-lbs.yaml
+        export RTTY_TOKEN=${{ secrets.RTTY_TOKEN }}
+        export OWGW_AUTH_USERNAME=${{ secrets.UCENTRALGW_AUTH_USERNAME }}
+        export OWGW_AUTH_PASSWORD=${{ secrets.UCENTRALGW_AUTH_PASSWORD }}
+        export OWFMS_S3_SECRET=${{ secrets.UCENTRALFMS_S3_SECRET }}
+        export OWFMS_S3_KEY=${{ secrets.UCENTRALFMS_S3_KEY }}
+        export CERT_LOCATION=cert.pem
+        export KEY_LOCATION=key.pem
+        export OWSEC_NEW_PASSWORD=${{ secrets.OWSEC_NEW_PASSWORD }}
+        export MAILER_USERNAME=${{ secrets.MAILER_USERNAME }}
+        export MAILER_PASSWORD=${{ secrets.MAILER_PASSWORD }}
+        export IPTOCOUNTRY_IPINFO_TOKEN=${{ secrets.IPTOCOUNTRY_IPINFO_TOKEN }}
+        export EXTRA_VALUES='owgw.configProperties.logging\.level=information'
+        ./deploy.sh
+
+    - name: Show resource state on deployment failure
+      if: failure()
+      run: |
+        kubectl get pods --namespace openwifi-${{ matrix.namespace }}
+        kubectl get services --namespace openwifi-${{ matrix.namespace }}
+        kubectl get persistentvolumeclaims --namespace openwifi-${{ matrix.namespace }}
+
+    - name: Describe pods on deployment failure
+      if: failure()
+      run: |
+        kubectl describe pods --namespace openwifi-${{ matrix.namespace }}
+
+    - name: Describe services on deployment failure
+      if: failure()
+      run: |
+        kubectl describe services --namespace openwifi-${{ matrix.namespace }}
+
+    - name: Describe persistentvolumeclaims on deployment failure
+      if: failure()
+      run: |
+        kubectl describe persistentvolumeclaims --namespace openwifi-${{ matrix.namespace }}
+
+    - name: Rollback Cloud SDK
+      #if: failure()
+      # don't roll back so easier to diagnose issues
+      if: false
+      run: |
+        helm rollback tip-openwifi --namespace openwifi-${{ matrix.namespace }} --wait --timeout 20m