diff --git a/.github/workflows/deploy-scripts.yml b/.github/workflows/deploy-scripts.yml
new file mode 100644
index 0000000..b124876
--- /dev/null
+++ b/.github/workflows/deploy-scripts.yml
@@ -0,0 +1,67 @@
+name: Deploy Scripts to S3
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'scripts/**'
+      - '.github/workflows/deploy-scripts.yml'
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy-scripts:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials using OIDC
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-session-name: icewatch-deploy-scripts
+
+      - name: Upload deployment script to S3
+        run: |
+          # Upload the main deployment script
+          aws s3 cp scripts/deploy.sh s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/deploy.sh \
+            --acl public-read \
+            --content-type "text/plain" \
+            --metadata-directive REPLACE \
+            --metadata "version=$(git rev-parse --short HEAD),updated=$(date -u +%Y-%m-%dT%H:%M:%SZ)"
+          
+          # Upload systemd service file
+          aws s3 cp scripts/icewatch.service s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/icewatch.service \
+            --acl public-read \
+            --content-type "text/plain"
+          
+          # Upload Caddyfile
+          aws s3 cp scripts/Caddyfile s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/Caddyfile \
+            --acl public-read \
+            --content-type "text/plain"
+          
+          echo "✅ Scripts uploaded successfully!"
+          echo "📁 Deploy script URL: https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/icewatch/deploy.sh"
+
+      - name: Update README with current URLs
+        run: |
+          # Update README with current S3 URLs
+          sed -i "s|curl -sSL.*deploy.sh|curl -sSL https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/icewatch/deploy.sh|g" README.md
+          
+          # Check if README was modified
+          if git diff --quiet README.md; then
+            echo "No README updates needed"
+          else
+            echo "README updated with new S3 URLs"
+            git config --local user.email "action@github.com"
+            git config --local user.name "GitHub Action"
+            git add README.md
+            git commit -m "Update deployment URLs [skip ci]"
+            git push
+          fi
diff --git a/README.md b/README.md
index 909c510..92790c3 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ PORT=3000
 
 1. **Run the deployment script on your server:**
    ```bash
-   curl -sSL https://raw.githubusercontent.com/deco/ice/main/scripts/deploy.sh | bash
+   curl -sSL https://your-bucket-name.s3.amazonaws.com/icewatch/deploy.sh | bash
    ```
 
 2. **Deploy your application:**
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
index 94d4e53..e38b464 100644
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -32,10 +32,51 @@ sudo chown $USER:$USER /opt/icewatch
 # Navigate to app directory
 cd /opt/icewatch
 
+# Create icewatch user for security
+echo "👤 Creating icewatch user..."
+sudo useradd --system --shell /bin/false --home /opt/icewatch --create-home icewatch
+
+# Download additional configuration files from S3
+echo "📥 Downloading configuration files..."
+S3_BASE_URL="https://your-bucket-name.s3.amazonaws.com/icewatch"
+
+# Download systemd service file
+echo "📥 Downloading systemd service..."
+curl -sSL "$S3_BASE_URL/icewatch.service" | sudo tee /etc/systemd/system/icewatch.service > /dev/null
+
+# Download Caddyfile template
+echo "📥 Downloading Caddy configuration..."
+curl -sSL "$S3_BASE_URL/Caddyfile" | sudo tee /etc/caddy/Caddyfile.template > /dev/null
+
 echo "✅ Server setup complete!"
-echo "Next steps:"
-echo "1. Upload your app files to /opt/icewatch"
-echo "2. Run: npm install"
-echo "3. Configure your .env file"
-echo "4. Set up systemd service"
-echo "5. Configure Caddy"
+echo ""
+echo "🚀 Next steps to deploy ICE Watch:"
+echo ""
+echo "1. Clone your repository:"
+echo "   git clone https://github.com/yourusername/icewatch.git /opt/icewatch"
+echo ""
+echo "2. Set up the application:"
+echo "   cd /opt/icewatch"
+echo "   npm install"
+echo "   cp .env.example .env"
+echo "   nano .env  # Add your MapBox token and admin password"
+echo ""
+echo "3. Configure domain in Caddyfile:"
+echo "   sudo nano /etc/caddy/Caddyfile.template"
+echo "   # Replace 'yourdomain.com' with your actual domain"
+echo "   sudo mv /etc/caddy/Caddyfile.template /etc/caddy/Caddyfile"
+echo ""
+echo "4. Set permissions:"
+echo "   sudo chown -R icewatch:icewatch /opt/icewatch"
+echo "   sudo chmod 660 /opt/icewatch/.env"
+echo ""
+echo "5. Start services:"
+echo "   sudo systemctl daemon-reload"
+echo "   sudo systemctl enable icewatch caddy"
+echo "   sudo systemctl start icewatch caddy"
+echo ""
+echo "6. Check status:"
+echo "   sudo systemctl status icewatch"
+echo "   sudo systemctl status caddy"
+echo ""
+echo "🌐 Your ICE Watch app will be available at: https://yourdomain.com"