diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b3d603f6f..afe17905d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,6 +19,10 @@ jobs:
       packages: write
       id-token: write
 
+    env:
+      KITU_ENV: dev
+      ACCOUNT_ID: "682033502734"
+
     steps:
     - uses: actions/checkout@v4
     - name: Build and push Docker image
@@ -28,11 +32,11 @@ jobs:
         echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
     - run: docker push ghcr.io/opetushallitus/koto-rekisteri:$GITHUB_SHA
       if: github.ref_name == 'main'
-    - name: Log in to dev
+    - name: Log in to $KITU_ENV
       uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: eu-west-1
-        role-to-assume: arn:aws:iam::682033502734:role/kitu-github-actions-role
+        role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/kitu-github-actions-role
     - name: Diff
       if: github.ref_name != 'main'
       run: |
diff --git a/infra/bin/infra.ts b/infra/bin/infra.ts
index d86e115bb..596000d12 100644
--- a/infra/bin/infra.ts
+++ b/infra/bin/infra.ts
@@ -8,25 +8,45 @@ import { InfraStack } from "../lib/infra-stack";
 // VPCs: 10.15.0.0/18, 10.15.64.0/18, 10.15.128.0/18, 10.15.192.0/18 (16382 addresses)
 // Subnets: (let AWS calculate these for us)
 
-const accounts = {
+const environments = {
   dev: {
     account: "682033502734",
     region: "eu-west-1",
-  },
-  network: {
-    cidrs: {
-      dev: "10.15.0.0/18",
+    network: {
+      cidr: "10.15.0.0/18",
+      maxAzs: 2,
     },
-    maxAzs: {
-      dev: 2,
+  },
+  test: {
+    account: "682033502734",
+    region: "eu-west-1",
+    network: {
+      cidr: "10.15.64.0/18",
+      maxAzs: 3,
     },
   },
 };
 
+type EnvName = keyof typeof environments;
+
 const app = new cdk.App();
 
-const devStack = new InfraStack(app, "InfraStack", {
-  env: accounts.dev,
-  cidrBlock: accounts.network.cidrs.dev,
-  maxAzs: accounts.network.maxAzs.dev,
+const envName = process.env.KITU_ENV;
+
+if (envName === undefined) {
+  throw new Error("KITU_ENV required");
+}
+
+if (environments[envName as EnvName] === undefined) {
+  throw new Error(
+    `KITU_ENV invalid value ${envName}, expected one of ${Object.keys(environments).join(", ")}`,
+  );
+}
+
+const env = environments[envName as EnvName];
+
+new InfraStack(app, "InfraStack", {
+  env,
+  cidrBlock: env.network.cidr,
+  maxAzs: env.network.maxAzs,
 });