diff --git a/infra/cfn/forgejo-ecs-cluster.yaml b/infra/cfn/forgejo-ecs-cluster.yaml
new file mode 100644
index 0000000..5c7f46e
--- /dev/null
+++ b/infra/cfn/forgejo-ecs-cluster.yaml
@@ -0,0 +1,33 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: ECS Cluster for Forgejo
+
+Parameters:
+
+  ClusterName:
+    Type: String
+    Default: my-forgejo-cluster
+    Description: Name of the ECS Cluster
+
+Resources:
+
+  ECSCluster:
+    Type: AWS::ECS::Cluster
+    Properties:
+      ClusterName: !Ref ClusterName
+      Tags:
+        - Key: Project
+          Value: Git-server
+
+Outputs:
+
+  ClusterArn:
+    Description: ARN of the ECS Cluster
+    Value: !GetAtt ECSCluster.Arn
+    Export:
+      Name: !Sub "${AWS::StackName}-ClusterArn"
+
+  ClusterName:
+    Description: Name of the ECS Cluster
+    Value: !Ref ClusterName
+    Export:
+      Name: !Sub "${AWS::StackName}-ClusterName"
diff --git a/infra/cfn/forgejo-ecs-service.yaml b/infra/cfn/forgejo-ecs-service.yaml
new file mode 100644
index 0000000..6401f5c
--- /dev/null
+++ b/infra/cfn/forgejo-ecs-service.yaml
@@ -0,0 +1,86 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: ECS Service for Forgejo
+
+Parameters:
+
+  ServiceName:
+    Type: String
+    Default: forgejo-service
+    Description: Name of the ECS Service
+
+  TaskDefinitionFamily:
+    Type: String
+    Default: forgejo-task
+    Description: Task definition family name
+
+  DesiredCount:
+    Type: Number
+    Default: 1
+    Description: Number of desired tasks
+
+  SubnetId1:
+    Type: String
+    Default: subnet-064c8fcfd627077ef
+    Description: First subnet ID for the service
+
+  SubnetId2:
+    Type: String
+    Default: subnet-004fa7ef9de2dfb34
+    Description: Second subnet ID for the service
+
+  SecurityGroupId:
+    Type: String
+    Default: sg-022a8622e7387dc70
+    Description: Security group ID for the service
+
+Resources:
+
+  ECSService:
+    Type: AWS::ECS::Service
+    Properties:
+      ServiceName: !Ref ServiceName
+      Cluster: !ImportValue forgejo-ecs-cluster-ClusterName
+      TaskDefinition: !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${TaskDefinitionFamily}"
+      DesiredCount: !Ref DesiredCount
+      LaunchType: FARGATE
+      PlatformVersion: LATEST
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          Subnets:
+            - !Ref SubnetId1
+            - !Ref SubnetId2
+          SecurityGroups:
+            - !Ref SecurityGroupId
+          AssignPublicIp: ENABLED
+      LoadBalancers:
+        - TargetGroupArn: !ImportValue forgejo-network-TargetGroupArn
+          ContainerName: forgejo
+          ContainerPort: 3000
+      HealthCheckGracePeriodSeconds: 0
+      DeploymentConfiguration:
+        MaximumPercent: 100
+        MinimumHealthyPercent: 0
+        DeploymentCircuitBreaker:
+          Enable: true
+          Rollback: true
+      SchedulingStrategy: REPLICA
+      EnableECSManagedTags: true
+      PropagateTags: TASK_DEFINITION
+      EnableExecuteCommand: true
+      Tags:
+        - Key: Project
+          Value: Git-server
+
+Outputs:
+
+  ServiceArn:
+    Description: ARN of the ECS Service
+    Value: !Ref ECSService
+    Export:
+      Name: !Sub "${AWS::StackName}-ServiceArn"
+
+  ServiceName:
+    Description: Name of the ECS Service
+    Value: !GetAtt ECSService.Name
+    Export:
+      Name: !Sub "${AWS::StackName}-ServiceName"
diff --git a/infra/cfn/forgejo-ecs-task.yaml b/infra/cfn/forgejo-ecs-task.yaml
new file mode 100644
index 0000000..2ec664b
--- /dev/null
+++ b/infra/cfn/forgejo-ecs-task.yaml
@@ -0,0 +1,134 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Parameters:
+
+  ForgejoRepositoryName:
+    Type: String
+    Default: forgejo-repository
+
+Resources:
+
+  IAMRoleECSTaskForgejoRole:
+    UpdateReplacePolicy: "Delete"
+    Type: "AWS::IAM::Role"
+    DeletionPolicy: "Delete"
+    Properties:
+      Path: "/"
+      MaxSessionDuration: 3600
+      RoleName: "ECSTaskForgejoRole"
+      Description: "Allows ECS tasks to call AWS services on your behalf."
+      Policies:
+      - PolicyDocument:
+          Version: "2012-10-17"
+          Statement:
+          - Resource: "*"
+            Action:
+            - "ssmmessages:CreateControlChannel"
+            - "ssmmessages:CreateDataChannel"
+            - "ssmmessages:OpenControlChannel"
+            - "ssmmessages:OpenDataChannel"
+            Effect: "Allow"
+            Sid: "ssmmessages"
+        PolicyName: "ForgejoSSM"
+      ManagedPolicyArns:
+        - !Sub "arn:aws:iam::${AWS::AccountId}:policy/ForgejoS3AccessPolicy"
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+        - Action: "sts:AssumeRole"
+          Effect: "Allow"
+          Principal:
+            Service: "ecs-tasks.amazonaws.com"
+          Sid: ""
+      Tags:
+      - Value: "Git-server"
+        Key: "Project"
+
+  ECSTaskDefinitionForgejo:
+    UpdateReplacePolicy: "Delete"
+    Type: "AWS::ECS::TaskDefinition"
+    DeletionPolicy: "Delete"
+    Properties:
+      TaskRoleArn:
+        Fn::GetAtt:
+        - "IAMRoleECSTaskForgejoRole"
+        - "Arn"
+      Memory: "512"
+      Cpu: "256"
+      RequiresCompatibilities:
+      - "FARGATE"
+      NetworkMode: "awsvpc"
+      ExecutionRoleArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole"
+      RuntimePlatform:
+        OperatingSystemFamily: "LINUX"
+        CpuArchitecture: "ARM64"
+      Volumes:
+      - EFSVolumeConfiguration:
+          FilesystemId:
+            !ImportValue forgejo-efs-EFSFileSystemId
+          TransitEncryption: "ENABLED"
+          RootDirectory: "/"
+          AuthorizationConfig:
+            IAM: "DISABLED"
+            AccessPointId:
+              !ImportValue forgejo-efs-EFSAccessPointConfig
+        Name: "forgejo-config-vol"
+      - EFSVolumeConfiguration:
+          FilesystemId:
+            !ImportValue forgejo-efs-EFSFileSystemId
+          TransitEncryption: "ENABLED"
+          RootDirectory: "/"
+          AuthorizationConfig:
+            IAM: "DISABLED"
+            AccessPointId:
+              !ImportValue forgejo-efs-EFSAccessPointData
+        Name: "forgejo-data-vol"
+      ContainerDefinitions:
+      - Memory: 512
+        Cpu: 0
+        Image: !Sub "${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ForgejoRepositoryName}@sha256:3d64f3ae3d83dbd2e2ded6bcb6fe214c449ce15be540099621d2f7919232c406"
+        Essential: true
+        LogConfiguration:
+          Options:
+            awslogs-group: "/ecs/forgejo"
+            mode: "non-blocking"
+            max-buffer-size: "25m"
+            awslogs-create-group: "true"
+            awslogs-region: "ap-northeast-1"
+            awslogs-stream-prefix: "ecs"
+          LogDriver: "awslogs"
+        Name: "forgejo"
+        LinuxParameters:
+          InitProcessEnabled: true
+        MountPoints:
+        - ReadOnly: false
+          SourceVolume: "forgejo-data-vol"
+          ContainerPath: "/var/lib/gitea"
+        - ReadOnly: false
+          SourceVolume: "forgejo-config-vol"
+          ContainerPath: "/etc/gitea"
+        PortMappings:
+        - ContainerPort: 3000
+          AppProtocol: "http"
+          Protocol: "tcp"
+          Name: "forgejo-3000-tcp"
+        - ContainerPort: 2222
+          Protocol: "tcp"
+          Name: "forgejo-2222-ssh"
+        Environment:
+        - Value: "s3.amazonaws.com"
+          Name: "FORGEJO__STORAGE__MINIO_ENDPOINT"
+        - Value: "true"
+          Name: "FORGEJO__SERVICE__DISABLE_REGISTRATION"
+        - Value: "ap-northeast-1"
+          Name: "FORGEJO__STORAGE__MINIO_LOCATION"
+        - Value: "minio"
+          Name: "FORGEJO__STORAGE__STORAGE_TYPE"
+        - Value: "true"
+          Name: "FORGEJO__STORAGE__MINIO_USE_SSL"
+        - Value: !ImportValue forgejo-s3-BucketName
+          Name: "FORGEJO__STORAGE__MINIO_BUCKET"
+      Family: "forgejo-task"
+      Tags:
+      - Value: "Git-server"
+        Key: "Project"