diff --git a/.github/workflows/deploy-eventrules-org-sink.yml b/.github/workflows/deploy-eventrules-org-sink.yml
index 4e17f5b82..d26d6180e 100644
--- a/.github/workflows/deploy-eventrules-org-sink.yml
+++ b/.github/workflows/deploy-eventrules-org-sink.yml
@@ -27,13 +27,16 @@ jobs:
           role-to-assume: arn:aws:iam::048723829744:role/PRX-GHA-AccessRole
           role-session-name: gha-deploy-org-sink-rules
 
-      - name: Deploy to management account
+      # TODO Deploy stack set to management account
+
+      - name: Update stack set
         working-directory: event-rules/org-sink-rules
         run: |
-          aws cloudformation deploy \
-            --region us-east-2 \
-            --stack-name org-sink-event-rules \
-            --template-file template.yml \
+          template_body=$(cat template.yml)
+
+          aws cloudformation update-stack-set \
+            --stack-set-name org-sink-event-rules \
             --capabilities CAPABILITY_NAMED_IAM \
-            --no-fail-on-empty-changeset \
-            --role-arn arn:aws:iam::048723829744:role/PRX-GHA-ServiceRoleForCloudFormation
+            --template-body "$template_body" \
+            --operation-preferences FailureTolerancePercentage=100,MaxConcurrentPercentage=100,ConcurrencyMode=SOFT_FAILURE_TOLERANCE,RegionConcurrencyType=PARALLEL \
+            --auto-deployment Enabled=true,RetainStacksOnAccountRemoval=false