diff --git a/scripts/ecs-deploy.sh b/scripts/ecs-deploy.sh
index 12bbad3..7a917a3 100644
--- a/scripts/ecs-deploy.sh
+++ b/scripts/ecs-deploy.sh
@@ -3,8 +3,10 @@
 #
 # Forces a new deployment so ECS pulls the latest image for the current
 # task definition. Does NOT create new task definition revisions — that's
-# Terraform's job. This avoids drift between TF-managed task defs
-# (with security hardening, volumes, etc.) and deploy-time revisions.
+# Terraform's job.
+#
+# If a deployment is already in progress (e.g. from tf-apply), skips the
+# force and just waits for it to stabilize.
 #
 # Usage: ecs-deploy.sh
 #
@@ -12,10 +14,19 @@
 
 set -e
 
-echo "Forcing new deployment for ${SERVICE} on ${CLUSTER}..."
-aws ecs update-service \
-  --cluster "$CLUSTER" --service "$SERVICE" \
-  --force-new-deployment > /dev/null
+# Check if a deployment is already rolling out
+DEPLOYMENT_COUNT=$(aws ecs describe-services \
+  --cluster "$CLUSTER" --services "$SERVICE" \
+  --query 'length(services[0].deployments)' --output text)
+
+if [ "$DEPLOYMENT_COUNT" -gt 1 ]; then
+  echo "Deployment already in progress (${DEPLOYMENT_COUNT} deployments), waiting..."
+else
+  echo "Forcing new deployment for ${SERVICE} on ${CLUSTER}..."
+  aws ecs update-service \
+    --cluster "$CLUSTER" --service "$SERVICE" \
+    --force-new-deployment > /dev/null
+fi
 
 echo "Waiting for service to stabilize..."
 aws ecs wait services-stable --cluster "$CLUSTER" --services "$SERVICE"