diff --git a/.github/workflows/k8s_traefik_init_setup.yml b/.github/workflows/k8s_traefik_init_setup.yml
index 6a2ff6d..dab5d61 100644
--- a/.github/workflows/k8s_traefik_init_setup.yml
+++ b/.github/workflows/k8s_traefik_init_setup.yml
@@ -62,6 +62,18 @@ jobs:
           kubectl config set-credentials runner --token="$SA_TOKEN"
           kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
           kubectl config use-context runner-context
+        
+      # -----------------------------------------------------
+      # ⭐ Inject AWS secrets needed for Traefik Route53 DNS
+      # -----------------------------------------------------
+      - name: Apply AWS Secrets
+        run: |
+          kubectl create secret generic aws-secrets \
+            --namespace=default \
+            --from-literal=AWS_ACCESS_KEY_ID='${{ secrets.AWS_ACCESS_KEY_ID }}' \
+            --from-literal=AWS_SECRET_ACCESS_KEY='${{ secrets.AWS_SECRET_ACCESS_KEY }}' \
+            --from-literal=AWS_REGION='${{ secrets.AWS_REGION }}' \
+            --dry-run=client -o yaml | kubectl apply -f -
 
       # Apply storage classes + PVs
       - name: Apply StorageClass + PV