diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index efae501e6..faa04db49 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -338,6 +338,11 @@ jobs:
     strategy:
       matrix:
         profile: ${{fromJSON(needs.prepare.outputs.profiles)}}
+        registry:
+          - 'docker.io'
+        include:
+          - profile: emqx
+            registry: 'public.ecr.aws'
 
     steps:
     - uses: actions/download-artifact@v2
@@ -351,10 +356,24 @@ jobs:
       with:
         image: tonistiigi/binfmt:latest
         platforms: all
+    - uses: aws-actions/configure-aws-credentials@v1
+      if: matrix.repository == 'public.ecr.aws'
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+    - name: Push image to aws ecr
+      if: matrix.repository == 'public.ecr.aws'
+      run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
+    - uses: docker/login-action@v1
+      if: matrix.repository == 'docker.io'
+      with:
+        username: ${{ secrets.DOCKER_HUB_USER }}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
     - uses: docker/metadata-action@v3
       id: meta
       with:
-        images: ${{ github.repository_owner }}/${{ matrix.profile }}
+        images: ${{ matrix.registry }}/${{ github.repository_owner }}/${{ matrix.profile }}
         flavor: |
           latest=${{ !github.event.release.prerelease }}
         tags: |
@@ -363,11 +382,6 @@ jobs:
           type=match,pattern=[v|e](.*),group=1
         labels:
           org.opencontainers.image.otp.version=${{ matrix.otp }}
-    - uses: docker/login-action@v1
-      if: github.event_name == 'release'
-      with:
-        username: ${{ secrets.DOCKER_HUB_USER }}
-        password: ${{ secrets.DOCKER_HUB_TOKEN }}
     - uses: docker/build-push-action@v2
       if: matrix.profile != 'emqx-ee'
       with:
@@ -398,20 +412,6 @@ jobs:
           EMQX_NAME=${{ matrix.profile }}
         file: source/deploy/docker/Dockerfile.enterprise
         context: source
-    - uses: aws-actions/configure-aws-credentials@v1
-      if: github.event_name == 'release' && !github.event.release.prerelease && matrix.profile == 'emqx'
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-    - name: Push image to aws ecr
-      if: github.event_name == 'release' && !github.event.release.prerelease && matrix.profile == 'emqx'
-      run: |
-        version=${GITHUB_REF##*/}
-        docker pull emqx/emqx:${version#v}
-        docker tag emqx/emqx:${version#v} public.ecr.aws/emqx/emqx:${version#v}
-        aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
-        docker push public.ecr.aws/emqx/emqx:${version#v}
 
   delete-artifact:
     runs-on: ubuntu-20.04