diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
new file mode 100644
index 00000000..8eca9037
--- /dev/null
+++ b/.github/workflows/automerge.yml
@@ -0,0 +1,20 @@
+name: Auto-merge dependency PRs
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  dependencies:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Approve
+        run: gh pr review "${{ github.event.pull_request.html_url }}" --approve --body "Auto-approving dependency bump."
+        env:
+          GH_TOKEN: ${{ secrets.CFN_CI_PAT }}
+      - name: Enable auto-merge
+        run: gh pr merge "${{ github.event.pull_request.html_url }}" --auto --rebase
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}