diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml
new file mode 100644
index 00000000..c729c96c
--- /dev/null
+++ b/codebuild/release/prod-release.yml
@@ -0,0 +1,41 @@
+version: 0.2
+
+env:
+  variables:
+    BRANCH: "master"
+  secrets-manager:
+    TWINE_USERNAME: PyPiAdmin:username 
+    TWINE_PASSWORD: PyPiAdmin:password
+
+phases:
+  install:
+    commands:
+      - pip install tox
+      - pip install --upgrade pip
+    runtime-versions:
+      python: latest
+  pre_build:
+    commands:
+      - git checkout $COMMIT_ID
+      - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/dynamodb_encryption_sdk/identifiers.py)
+      - |
+        if expr ${FOUND_VERSION} != ${VERSION}; then
+          echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
+          exit 1;
+        fi
+  build:
+    commands:
+      - tox -e park
+      - tox -e release
+
+batch:
+  fast-fail: true 
+  build-graph:
+    - identifier: release_to_prod
+    - identifier: validate_prod_release
+      depend-on:
+        - release_to_prod
+      buildspec: codebuild/release/validate.yml
+      env:
+        variables:
+          PIP_INDEX_URL: https://pypi.python.org/simple/
diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml
new file mode 100644
index 00000000..1dc9feae
--- /dev/null
+++ b/codebuild/release/test-release.yml
@@ -0,0 +1,43 @@
+version: 0.2
+
+env:
+  variables:
+    BRANCH: "master"
+  secrets-manager:
+    TWINE_USERNAME: TestPyPiCryptoTools:username 
+    TWINE_PASSWORD: TestPyPiCryptoTools:password
+
+phases:
+  install:
+    commands:
+      - pip install tox
+      - pip install --upgrade pip
+    runtime-versions:
+      python: latest
+  pre_build:
+    commands:
+      - git checkout $COMMIT_ID
+      - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/dynamodb_encryption_sdk/identifiers.py)
+      - |
+        if expr ${FOUND_VERSION} != ${VERSION}; then
+          echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
+          exit 1;
+        fi
+  build:
+    commands:
+      - tox -e park
+      - tox -e test-release
+
+
+batch:
+  fast-fail: true
+  build-graph:
+    - identifier: release_to_staging
+    - identifier: validate_staging_release
+      depend-on:
+        - release_to_staging
+      buildspec: codebuild/release/validate.yml
+      env:
+        variables:
+          PIP_INDEX_URL: https://test.pypi.org/simple/
+          PIP_EXTRA_INDEX_URL: https://pypi.python.org/simple/
diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml
new file mode 100644
index 00000000..9c242630
--- /dev/null
+++ b/codebuild/release/validate.yml
@@ -0,0 +1,39 @@
+version: 0.2
+
+env:
+  variables:
+    BRANCH: "master"
+    AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
+      arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
+    DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME: ddbec-release-validation
+    
+
+phases:
+  install:
+    commands:
+      - pip install tox
+    runtime-versions:
+      python: latest
+  pre_build:
+    commands:
+      - cd examples
+      - sed -i "s/dynamodb-encryption-sdk/dynamodb-encryption-sdk==$VERSION/" test/requirements.txt
+  build:
+    commands:
+      - NUM_RETRIES=3
+      - |
+        while [ $NUM_RETRIES -gt 0 ]
+        do
+          tox -re py38-examples
+          if [ $? -eq 0 ]; then
+            break
+          fi
+          NUM_RETRIES=$((NUM_RETRIES-1))
+          if [ $NUM_RETRIES -eq 0 ]; then
+            echo "All validation attempts failed, stopping"
+            exit 1;
+          else
+            echo "Validation failed, retrying in 60 seconds; will retry $NUM_RETRIES more times" && sleep 60
+          fi
+        done
+
diff --git a/examples/setup.py b/examples/setup.py
index ceb22c19..8f1fa53d 100644
--- a/examples/setup.py
+++ b/examples/setup.py
@@ -36,7 +36,7 @@ def get_requirements():
     author_email="aws-cryptools@amazon.com",
     maintainer="Amazon Web Services",
     description="DynamoDB Encryption Client for Python examples",
-    long_description=read("README.rst"),
+    long_description=read("README.md"),
     keywords="dynamodb-encryption-sdk aws kms encryption dynamodb",
     data_files=["requirements.txt"],
     license="Apache License 2.0",
diff --git a/examples/tox.ini b/examples/tox.ini
index 5f6ce4be..261df1b9 100644
--- a/examples/tox.ini
+++ b/examples/tox.ini
@@ -16,7 +16,10 @@ passenv =
     # Pass through AWS credentials
     AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \
     # AWS Role access in CodeBuild is via the container URI
-    AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
+    AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \
+    # Pass through the default AWS region
+    AWS_DEFAULT_REGION
+
 sitepackages = False
 deps = -rtest/requirements.txt
 # 'download' forces tox to always upgrade pip to the latest