diff --git a/.github/actions/promote_docker_image/README.md b/.github/actions/promote_docker_image/README.md
new file mode 100644
index 0000000..61adfab
--- /dev/null
+++ b/.github/actions/promote_docker_image/README.md
@@ -0,0 +1,35 @@
+# Promote Docker Image
+
+This [composite action](./action.yml) is responsible copying docker images from one ECR registry to another (typically from jupiterone-infra to the destination environment where the app is run).
+
+## Inputs
+
+This action takes the following inputs:
+
+| Name                        | Type    | Default                      | Required  | Description                                               |
+| --------------------------- | ------- | ---------------------------- | --------- | --------------------------------------------------------- |
+| `project_name`               | String  |                              | True      | The project name
+| `codeowner`                  | String  |                              | True      | The designated project codeowners (CODEOWNERS file)
+| `image_name`                 | String  |                              | True      | The name of the image to copy
+| `source_account_id`          | String  |                              | False     | The AWS account id of the source ECR registry
+| `source_region`              | String  |                              | False     | The AWS region of the source ECR registry
+| `target_account_id`          | String  |                              | True      | The AWS account id of the target ECR registry
+| `target_region`              | String  |                              | True      | The AWS region of the target ECR registry
+| `target_environment`         | String  |                              | True      | The target Jupiterone environment to deploy to
+
+## Outputs
+
+No outputs provided.
+
+## Example Usage
+
+```yaml
+- name: promote_docker_image
+  uses: jupiterone/.github/.github/actions/promote_docker_image@main
+  if: always()
+  with:
+    image-name: builder-node18-test
+    image-tags: 4-arm64, 4.7.1-arm64, 4.7-arm64
+    destination-account-id: 564077667165
+    destination-region: us-east-1
+```
diff --git a/.github/actions/promote_docker_image/action.yml b/.github/actions/promote_docker_image/action.yml
new file mode 100644
index 0000000..8998470
--- /dev/null
+++ b/.github/actions/promote_docker_image/action.yml
@@ -0,0 +1,65 @@
+name: Promotes built Docker images to target environment registries for consumption
+
+inputs:
+  project_name:
+    required: true
+  codeowner:
+    required: true
+  image_name:
+    required: true
+  image_tags:
+    required: true
+    description: A comma separated list of image tags to promote.
+  source_account_id:
+    required: false
+    default: "081157560428"
+  source_region:
+    required: false
+    default: us-east-1
+  target_account_id:
+    required: true
+  target_region:
+    required: true
+  target_environment:
+    required: true
+    default: dev
+
+runs:
+  using: "composite"
+  steps:
+    - name: configure_source_account_aws_credentials
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        role-to-assume: arn:aws:iam::${{ inputs.source_account_id }}:role/github-main-role
+        role-session-name: main-role-session-${{ inputs.image_name }}
+        aws-region: us-east-1
+    - name: ecr_login
+      uses: aws-actions/amazon-ecr-login@v2
+    - name: pull_source_images
+      shell: bash
+      run: |
+        docker pull 081157560428.dkr.ecr.us-east-1.amazonaws.com/terraform-deploy-slim:lts-0
+        for tag in $(echo ${{ inputs.image_tags }} | sed "s/,/ /g"); do
+          docker pull ${{ inputs.source_account_id }}.dkr.ecr.${{ inputs.source_region }}.amazonaws.com/${{ inputs.image_name }}:$tag
+        done
+    - name: bootstrap_target_ecr_registry
+      uses: jupiterone/.github/.github/actions/create_ecr_repo@v3
+      with:
+        codeowner: ${{ inputs.codeowner }}
+        image_names: ${{ inputs.image_name }}
+        project_name: ${{ inputs.project_name }}
+        target_environment: ${{ inputs.target_environment }}
+    - name: configure_target_account_aws_credentials
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        role-to-assume: arn:aws:iam::${{ inputs.target_account_id }}:role/github-main-role
+        role-session-name: main-role-session-${{ inputs.image_name }}
+        aws-region: us-east-1
+    - name: copy_to_target_registry
+      shell: bash
+      run: |
+        for tag in $(echo ${{ inputs.image_tags }} | sed "s/,/ /g"); do
+          docker buildx imagetools create \
+            --tag ${{ inputs.target_account_id }}.dkr.ecr.${{ inputs.target_region }}.amazonaws.com/${{ inputs.image_name }}:$tag \
+            ${{ inputs.source_account_id }}.dkr.ecr.${{ inputs.source_region }}.amazonaws.com/${{ inputs.image_name }}:$tag
+        done