diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 000000000..b9efc0d80
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# Restrict Test Environment Deployment Workflows to be Approved by Cloud Team
+.github/workflows/test-env* @mirumee/saleor-cloud
\ No newline at end of file
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 7135688da..8f975f497 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -20,3 +20,10 @@ greatly reduce the amount of work needed to review your work. -->
 1. [ ] The changes are tested.
 1. [ ] Type definitions are up to date.
 1. [ ] Changes are mentioned in the changelog.
+
+### Test environment config
+
+<!-- Do not remove this section. It is required to properly setup test instance.
+Modify API_URI if you want test instance to use custom backend. -->
+
+API_URI=https://master.staging.saleor.rocks/graphql/
diff --git a/.github/workflows/test-env-cleanup.yml b/.github/workflows/test-env-cleanup.yml
new file mode 100644
index 000000000..a0216056d
--- /dev/null
+++ b/.github/workflows/test-env-cleanup.yml
@@ -0,0 +1,37 @@
+name: TEST-ENV-CLEANUP
+# Remove test instance for closed pull requests
+
+on:
+  pull_request:
+    types: [closed]
+    branches: ["*"]
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: rlespinasse/github-slug-action@2.0.0
+      - name: Set domain
+        # Set test instance domain based on branch name slug
+        run: |
+          echo "::set-env name=domain::${{ env.GITHUB_HEAD_REF_SLUG }}.dashboard.saleor.rocks"
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+      - name: Remove S3 directory
+        run: aws s3 rm --recursive s3://${{ secrets.AWS_TEST_DEPLOYMENT_BUCKET }}/${{ env.domain }}/
+
+      - name: Invalidate cache
+        run: aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_TEST_CF_DIST_ID }} --paths "/${{ env.domain }}/*"
+
+      - name: Mark deployment as deactivated
+        uses: bobheadxi/deployments@v0.4.2
+        with:
+          step: deactivate-env
+          token: ${{ secrets.GITHUB_TOKEN }}
+          env: ${{ env.GITHUB_HEAD_REF_SLUG }}
diff --git a/.github/workflows/test-env-deploy.yml b/.github/workflows/test-env-deploy.yml
new file mode 100644
index 000000000..34b74ffb1
--- /dev/null
+++ b/.github/workflows/test-env-deploy.yml
@@ -0,0 +1,89 @@
+name: TEST-ENV-DEPLOYMENT
+# Build and deploy test instance for every pull request
+
+on:
+  pull_request:
+    # trigger on "edited" to update instance when configuration changes in PR description
+    types: [opened, reopened, edited, synchronize]
+    branches: ["*"]
+
+jobs:
+  deploy:
+    if: github.event.pull_request.head.repo.full_name == 'mirumee/saleor-dashboard'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: rlespinasse/github-slug-action@2.0.0
+
+      - name: Start deployment
+        uses: bobheadxi/deployments@v0.4.2
+        id: deployment
+        with:
+          step: start
+          token: ${{ secrets.GITHUB_TOKEN }}
+          env: ${{ env.GITHUB_HEAD_REF_SLUG }}
+          ref: ${{ github.head_ref }}
+
+      - name: Cache node modules
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-node-modules
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-qa-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-qa-${{ env.cache-name }}-
+            ${{ runner.os }}-qa-
+            ${{ runner.os }}-
+
+      - name: Install deps
+        run: |
+          npm ci
+
+      - name: Get custom API_URI
+        id: api_uri
+        # Search for API_URI in PR description
+        env:
+          pull_request_body: ${{ github.event.pull_request.body }}
+          prefix: API_URI=
+          pattern: (http|https)://[a-zA-Z0-9.]+/graphql/?
+        run: |
+          echo "::set-output name=custom_api_uri::$(echo $pull_request_body | grep -Eo "$prefix$pattern" | sed s/$prefix// | head -n 1)"
+
+      - name: Run build
+        env:
+          # Use custom API_URI or the default one
+          API_URI: ${{ steps.api_uri.outputs.custom_api_uri || 'https://master.staging.saleor.rocks/graphql/' }}
+          APP_MOUNT_URI: /
+          STATIC_URL: /
+        run: |
+          npm run build
+
+      - name: Set domain
+        # Set test instance domain based on branch name slug
+        run: |
+          echo "::set-env name=domain::${{ env.GITHUB_HEAD_REF_SLUG }}.dashboard.saleor.rocks"
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+      - name: Deploy to S3
+        run: aws s3 sync ./build/dashboard s3://${{ secrets.AWS_TEST_DEPLOYMENT_BUCKET }}/${{ env.domain }}
+
+      - name: Invalidate cache
+        run: aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_TEST_CF_DIST_ID }} --paths "/${{ env.domain }}/*"
+
+      - name: Update deployment status
+        uses: bobheadxi/deployments@v0.4.2
+        if: always()
+        with:
+          step: finish
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: ${{ job.status }}
+          env_url: https://${{ env.domain }}/
+          deployment_id: ${{ steps.deployment.outputs.deployment_id }}