diff --git a/.github/workflows/build_images.yaml b/.github/workflows/build_images.yaml
index 90f3db0..28af410 100644
--- a/.github/workflows/build_images.yaml
+++ b/.github/workflows/build_images.yaml
@@ -45,6 +45,9 @@ jobs:
 
   build_and_push:
     name: Build and push images
+    permissions:
+      id-token: write
+      contents: read
     runs-on:
       - self-hosted
       - dind
@@ -63,12 +66,6 @@ jobs:
         id: versions
         run: |
             echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-      - name: Check out the tembo repo to reuse some actions
-        uses: actions/checkout@v3
-        with:
-            repository: tembo-io/tembo
-            path: ./tembo
-            ref: 737713f5839bcd3f533644fe316540d890c611a8
       - name: Determine which tags to publish
         id: tags
         run: |
@@ -84,7 +81,7 @@ jobs:
             echo "tag_cargo=false" >> $GITHUB_OUTPUT
           fi
       - name: Build and upload image
-        uses: ./tembo/.github/actions/build-and-push-to-quay
+        uses: ./.github/actions/build-and-push-to-quay
         with:
             image_name: ${{ matrix.name }}
             docker_directory: ${{ matrix.path }}
@@ -95,7 +92,9 @@ jobs:
             quay_user: ${{ secrets.QUAY_USER_TEMBO }}
             quay_password: ${{ secrets.QUAY_PASSWORD_TEMBO }}  
             quay_user_tembo: ${{ secrets.QUAY_USER_TEMBO }}
-            quay_password_tembo: ${{ secrets.QUAY_PASSWORD_TEMBO }}
+            quay_password_tembo: ${{ secrets.QUAY_PASSWORD_TEMBO }} 
+            gha_iam_role: ${{ secrets.GHA_IAM_ROLE }}
+            ecr_registry: ${{ secrets.ECR_REGISTRY }}
 
   build_and_push_pg_slim:
     name: Build and push tembo-pg-slim