diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index d79eb0474..dab060299 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -322,6 +322,37 @@ jobs:
           IMAGE=$(cat release/IMAGE)
           docker push "$IMAGE"
           cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE")
+
+      # https://github.com/aws-actions/configure-aws-credentials?tab=readme-ov-file#assumerole-with-static-iam-credentials-in-repository-secrets
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-central-1
+          #role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          #role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
+          role-duration-seconds: 1200
+          role-session-name: AWSCIPush
+      - name: Build and push AWS image
+        if: matrix.flavor == 'ubuntu' && matrix.flavorRelease == '24.04' && matrix.variant == 'core' && matrix.model == 'generic' && matrix.arch == 'amd64'
+        env:
+          AWS_S3_BUCKET: kairos-cloud-images
+          AWS_REGION: eu-central-1
+        run: |
+          containerImage=$(cat release/IMAGE)
+          docker run -v /var/run/docker.sock:/var/run/docker.sock --net host \
+            --privileged \
+            -v $PWD:/aurora --rm quay.io/kairos/auroraboot \
+            --debug \
+            --set "disable_http_server=true" \
+            --set "container_image=docker:${containerImage}" \
+            --set "disable_netboot=true" \
+            --set "disk.raw=true" \
+            --set "state_dir=/aurora"
+
+          .github/upload-image-to-aws.sh $(ls *.raw)
+
       - name: Prepare files for release
         run: |
           mkdir sarif
@@ -340,94 +371,3 @@ jobs:
         with:
           files: |
             release/*
-
-  build-aws-image:
-    runs-on: ubuntu-latest
-    needs:
-      - get-standard-matrix
-      - build-standard
-    permissions:
-      id-token: write  # OIDC support
-      contents: write
-      actions: read
-      security-events: write
-    strategy:
-      matrix:
-        include:
-          # We don't publish AWS images for all combinations so we go hardcoded here
-          - flavor: ubuntu
-            flavor_release: 24.04
-            family: ubuntu
-            base_image: ubuntu:24.04
-            variant: standard
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - run: |
-          git fetch --prune --unshallow
-      - name: Install kairos-agent (for versioneer)
-        uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
-        with:
-          repository: quay.io/kairos/packages
-          packages: system/kairos-agent
-      - name: Build 🔧
-        run: |
-          # Keep maximum k3s version (by semver)
-          # add a "v" in front and a "-k3s1" at the end to match the k3s versioning
-          k3s_version=$(echo '${{ needs.get-standard-matrix.outputs.matrix }}' | \
-            jq -r '.include | map(.k3s_version | split("+")[0]) | unique |
-            map(
-              capture("^(?<major>[0-9]+)\\.(?<minor>[0-9]+)\\.(?<patch>[0-9]+)(-(?<pre>.*))?$") |
-              {
-                major: (.major | tonumber),
-                minor: (.minor | tonumber),
-                patch: (.patch | tonumber),
-                is_stable: (if .pre == null then 1 else 0 end),
-                pre: (.pre // "")
-              }
-            ) | max_by(.major, .minor, .patch, .is_stable, .pre) |
-              "\(.major).\(.minor).\(.patch)\(.pre | if . == "" then "" else "-"+. end)"' | \
-            sed -E 's/^/v/; s/$/-k3s1/')
-
-          version=$(git describe --always --tags --dirty)
-
-          containerImage=$(kairos-agent versioneer container-artifact-name \
-            --flavor ${{ matrix.flavor }} \
-            --flavor-release ${{ matrix.flavor_release }} \
-            --variant ${{ matrix.variant }} \
-            --model generic \
-            --arch amd64 \
-            --software-version-prefix k3s \
-            --registry-and-org quay.io/kairos \
-            --software-version "$k3s_version" \
-            --version "$version"
-          )
-          echo "Using $containerImage to build a cloud image"
-
-          docker run -v /var/run/docker.sock:/var/run/docker.sock --net host \
-            --privileged \
-            -v $PWD:/aurora --rm quay.io/kairos/auroraboot \
-            --debug \
-            --set "disable_http_server=true" \
-            --set "container_image=docker:${containerImage}" \
-            --set "disable_netboot=true" \
-            --set "disk.raw=true" \
-            --set "state_dir=/aurora"
-
-      # https://github.com/aws-actions/configure-aws-credentials?tab=readme-ov-file#assumerole-with-static-iam-credentials-in-repository-secrets
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-central-1
-          #role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
-          #role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
-          role-duration-seconds: 1200
-          role-session-name: AWSCIPush
-
-      - name: Push to AWS
-        env:
-          AWS_S3_BUCKET: kairos-cloud-images
-          AWS_REGION: eu-central-1
-        run: |
-          .github/upload-image-to-aws.sh $(ls *.raw)