diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
new file mode 100644
index 0000000..a8bf875
--- /dev/null
+++ b/.github/workflows/auto-approve.yml
@@ -0,0 +1,32 @@
+name: auto-approve
+on:
+  pull_request_target:
+    types:
+      - opened
+      - labeled
+      - ready_for_review
+      - reopened
+concurrency: ${{ github.workflow }}-${{ github.ref }}
+jobs:
+  approve:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+      - name: Auto-approve PRs by other users as team-tf-cdk
+        if: github.event.pull_request.user.login != 'team-tf-cdk' && (contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]')
+        env:
+          GH_TOKEN: ${{ secrets.GH_COMMENT_TOKEN }}
+        run: gh pr review ${{ github.event.pull_request.number }} --approve
+      - name: Auto-approve PRs by team-tf-cdk as github-actions[bot]
+        if: github.event.pull_request.user.login == 'team-tf-cdk'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh pr review ${{ github.event.pull_request.number }} --approve
diff --git a/.github/workflows/deploy-cdktf-stacks.yml b/.github/workflows/deploy-cdktf-stacks.yml
index 37e0dc6..3ee551c 100644
--- a/.github/workflows/deploy-cdktf-stacks.yml
+++ b/.github/workflows/deploy-cdktf-stacks.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
         with:
-          terraform_version: 1.6.4
+          terraform_version: 1.6.5
           cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}
           terraform_wrapper: false
 
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 4d5d1ec..184db41 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -6,6 +6,8 @@ on:
     branches:
       - main
 
+concurrency: ${{ github.workflow }}-${{ github.ref }}
+
 jobs:
   build-shard-matrix:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/diff-cdktf-stacks.yml b/.github/workflows/diff-cdktf-stacks.yml
index 26e4c0a..75b5c0d 100644
--- a/.github/workflows/diff-cdktf-stacks.yml
+++ b/.github/workflows/diff-cdktf-stacks.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
         with:
-          terraform_version: 1.6.4
+          terraform_version: 1.6.5
           cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}
           terraform_wrapper: false
 
diff --git a/lib/repository.ts b/lib/repository.ts
index 4a05540..712bc7f 100644
--- a/lib/repository.ts
+++ b/lib/repository.ts
@@ -59,6 +59,15 @@ export class RepositorySetup extends Construct {
       })
     );
 
+    setOldId(
+      new IssueLabel(this, `no-auto-close-label`, {
+        color: "EE2222",
+        name: "no-auto-close",
+        repository: repository.name,
+        provider,
+      })
+    );
+
     if (protectMain) {
       setOldId(
         new BranchProtection(this, "main-protection", {