diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0f79c31e1a8d73293de53d814a90c04a7505d908..726a6097deb39f3d7cfb00d1c0ba3bd290777754 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -70,6 +70,7 @@ include:
     ref: m18-pipeline-update-mm
 
   - local: "devops/gc/pipeline/override-stages.yml"
+  - local: "devops/aws/pipeline/override-stages.yml"
 
 aws-test-java:
   tags: ["aws-internal-test"]
diff --git a/devops/aws/pipeline/override-stages.yml b/devops/aws/pipeline/override-stages.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7a9dcad541df7c71b484aff9b63c3d5b713df595
--- /dev/null
+++ b/devops/aws/pipeline/override-stages.yml
@@ -0,0 +1,39 @@
+aws-update-tf:
+  extends:
+    - .aws
+    - .aws_variables
+    - .aws_common_variables
+  stage: deploy
+  needs: ['aws-containerize']
+  retry: 1
+  script:
+    - echo os-indexer override
+    - export KUBECONFIG=/tmp/kubeconfig-${RANDOM}.yaml
+    - aws eks update-kubeconfig --region $AWS_REGION --name $EKS_CLUSTER_NAME --role-arn $EKS_CLUSTER_MGMT_ROLE
+
+    - localPort=$ELASTIC_PORT
+    - |
+      while netstat -an | grep $localPort | grep -i listen ; do
+          echo "$localPort Port in use"
+          ((localPort++))
+      done
+    - echo "Using local port: $localPort"
+    - kubectl port-forward -n $TENANT_GROUP_NAME-tenant-$EKS_TENANT_NAME-elasticsearch svc/elasticsearch-es-http $localPort:$ELASTIC_PORT
+    - export ELASTIC_PORT=$localPort
+    - pid=$!
+    - |
+      trap '{
+          echo killing "Port forward process: "$pid
+          kill $pid
+          rm $KUBECONFIG
+      }' EXIT
+
+    - chmod 600 $KUBECONFIG
+    - export CONTAINER_IMAGE=`kubectl -n ${AWS_SERVICE_NAMESPACE}-${AWS_SERVICE_NAMESPACE_SUFFIX:-core} get deployment/${AWS_EKS_DEPLOYMENT_NAME} -o jsonpath='{.spec.template.spec.containers[0].name}'`
+
+    - kubectl -n ${AWS_SERVICE_NAMESPACE}-${AWS_SERVICE_NAMESPACE_SUFFIX:-core} set image deployment/${AWS_EKS_DEPLOYMENT_NAME} $CONTAINER_IMAGE=$AWS_IMAGE_TAG_BASE:$CI_COMMIT_SHA
+    - kubectl -n ${AWS_SERVICE_NAMESPACE}-${AWS_SERVICE_NAMESPACE_SUFFIX:-core} rollout restart deployment/${AWS_EKS_DEPLOYMENT_NAME}
+    - kubectl -n ${AWS_SERVICE_NAMESPACE}-${AWS_SERVICE_NAMESPACE_SUFFIX:-core} rollout status -w deployment/${AWS_EKS_DEPLOYMENT_NAME} --timeout=300s
+  only:
+    variables:
+      - $AWS_SKIP_DEPLOY != 'true' && $AWS == '1' && $AWS_DEPLOY_TARGET == 'TF'
\ No newline at end of file