diff --git a/.github/workflows/step-deploy.yml b/.github/workflows/step-deploy.yml
index 5a2bb718..76e28a78 100644
--- a/.github/workflows/step-deploy.yml
+++ b/.github/workflows/step-deploy.yml
@@ -34,6 +34,15 @@ jobs:
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       
+      # Run Bicep deployment to provision nevironment resources if needed
+      - name: Run Bicep
+        run: |
+          az deployment group create \
+            --name ${{ inputs.env }}-deployment-${{ github.run_number }} \
+            --template-file infrastructure/main.bicep \
+            --resource-group ${{ inputs.resource_group_name }} \
+            --verbose
+
       # Deploy to Azure Web apps
       - name: 'Deploy to  Azure App Service'
         uses: azure/webapps-deploy@v2
diff --git a/infrastructure/appservice.bicep b/infrastructure/appservice.bicep
new file mode 100644
index 00000000..1dd587fe
--- /dev/null
+++ b/infrastructure/appservice.bicep
@@ -0,0 +1,70 @@
+param appName string
+@allowed(['dev', 'prod'])
+param environment string
+param location string
+
+// This is reused between the App Service and the Slot
+var appServiceProperties = {
+  serverFarmId: appServicePlan.id
+  httpsOnly: true
+  siteConfig: {
+    http20Enabled: true
+    linuxFxVersion: 'DOTNETCORE|8.0'
+    alwaysOn: true
+    ftpsState: 'Disabled'
+    minTlsVersion: '1.2'
+    webSocketsEnabled: true
+    requestTracingEnabled: true
+    detailedErrorLoggingEnabled: true
+    httpLoggingEnabled: true
+  }
+}
+
+resource appServicePlan 'Microsoft.Web/serverfarms@2022-09-01' = {
+  name: 'asp-${appName}-${environment}'
+  location: location
+  sku: {
+    name: 'P0V3'
+  }
+  kind: 'linux'
+  properties: {
+    reserved: true
+  }
+}
+
+resource appService 'Microsoft.Web/sites@2022-09-01' = {
+  name: 'app-${appName}-${environment}'
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: appServiceProperties
+}
+
+resource appSettings 'Microsoft.Web/sites/config@2022-09-01' = {
+  name: 'appsettings'
+  kind: 'string'
+  parent: appService
+  properties: {
+    ASPNETCORE_ENVIRONMENT: environment
+  }
+}
+
+resource appServiceSlot 'Microsoft.Web/sites/slots@2022-09-01' = {
+  location: location
+  parent: appService
+  name: 'slot'
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: appServiceProperties
+}
+
+resource appServiceSlotSetting 'Microsoft.Web/sites/slots/config@2022-09-01' = {
+  name: 'appsettings'
+  kind: 'string'
+  parent: appServiceSlot
+  properties: {
+    ASPNETCORE_ENVIRONMENT: environment
+  }
+}
diff --git a/infrastructure/main.bicep b/infrastructure/main.bicep
new file mode 100644
index 00000000..0fb2fec3
--- /dev/null
+++ b/infrastructure/main.bicep
@@ -0,0 +1,15 @@
+param location string = 'eastus'
+@allowed(['dev', 'prod'])
+param environment string
+
+// Normally I like creating the Resource Groups too in Bicep, but for this workshop that would require more permissions to give people than I'd like
+targetScope = 'resourceGroup'
+
+module app './appservice.bicep' = {
+  name: 'appservice'
+  params: {
+    appName: 'dometrain-github-actions-scottsauber'
+    environment: environment
+    location: location
+  }
+}