diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
new file mode 100644
index 0000000..2bbcfc1
--- /dev/null
+++ b/.github/workflows/cleanup.yml
@@ -0,0 +1,89 @@
+# Copyright 2023 The Authors (see AUTHORS file)
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#      http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Reusable workflow that handles CLI request cleanup.
+name: 'aod-cleanup'
+
+# Support below trigger:
+# pull_request:
+#   types: 'closed'
+#   paths: 'cli.yaml'
+on:
+  workflow_call:
+    inputs:
+      aod_cli_version:
+        description: 'The version of AOD CLI.'
+        type: 'string'
+        default: 'latest'
+        required: false
+      go_version:
+        description: 'The version of Golang.'
+        type: 'string'
+        default: '1.20'
+        required: false
+
+jobs:
+  # Check the current status of this pull request with respect to code review.
+  review_status:
+    runs-on: 'ubuntu-latest'
+    outputs:
+      REVIEW_DECISION: '${{ steps.get_review_decision.outputs.REVIEW_DECISION }}'
+    steps:
+      - id: 'repo_name'
+        env:
+          REPO: '${{ github.repository }}'
+        run: 'echo "REPO_NAME=${REPO##*/}" >> $GITHUB_OUTPUT'
+      - id: 'get_review_decision'
+        env:
+          OWNER: '${{ github.repository_owner }}'
+          REPO_NAME: '${{ steps.repo_name.outputs.REPO_NAME }}'
+          PR_NUMBER: '${{ github.event.number }}'
+          GH_TOKEN: '${{ github.token }}'
+        run: |
+          reviewDecision="$(gh api graphql -F owner=$OWNER -F name=$REPO_NAME -F pr_number=$PR_NUMBER -f query='
+            query($name: String!, $owner: String!, $pr_number: Int!) {
+              repository(owner: $owner, name: $name) {
+                pullRequest(number: $pr_number) {
+                  reviewDecision
+                }
+              }
+            }
+          ' --jq '.data.repository.pullRequest.reviewDecision')"
+
+          echo REVIEW_DECISION=$reviewDecision >> $GITHUB_OUTPUT
+
+  # Only run CLI request cleanup when the pull request is approved.
+  cleanup:
+    needs: 'review_status'
+    if: '${{ needs.review_status.outputs.REVIEW_DECISION == ''APPROVED'' }}'
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    name: 'Handle CLI Request Cleanup'
+    steps:
+      - name: 'Checkout Triggering Branch'
+        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab' # ratchet:actions/checkout@v3
+        with:
+          ref: '${{ github.event.pull_request.head.ref }}'
+      - name: 'Setup Go'
+        uses: 'actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568' # ratchet:actions/setup-go@v3
+        with:
+          go-version: '${{ inputs.go_version }}'
+      - name: 'Install AOD CLI'
+        run: 'go install github.com/abcxyz/access-on-demand/cmd/aod@${{ inputs.aod_cli_version }}'
+      - name: 'Handle cleanup'
+        env:
+          FILE_PATH: '${{ github.workspace }}/cli.yaml'
+        run: 'aod cli cleanup -path $FILE_PATH'