diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index 5c1b01789..5357ff35f 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -353,7 +353,16 @@ jobs:
         profile: ${{fromJSON(needs.prepare.outputs.profiles)}}
         otp:
           - 24.1.5-3
-
+        registry:
+          - 'docker.io'
+          - 'public.ecr.aws'
+        exclude:
+          # we don't have an aws ecr repo for enterprise and edge yet
+          - profile: emqx-edge
+            registry: 'public.ecr.aws'
+          - profile: emqx-ee
+            registry: 'public.ecr.aws'
+        
     steps:
     - uses: actions/download-artifact@v2
       with:
@@ -366,10 +375,24 @@ jobs:
       with:
         image: tonistiigi/binfmt:latest
         platforms: all
+    - uses: aws-actions/configure-aws-credentials@v1
+      if: matrix.registry == 'public.ecr.aws'
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+    - name: Docker login for aws ecr
+      if: matrix.registry == 'public.ecr.aws'
+      run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
+    - uses: docker/login-action@v1
+      if: matrix.registry == 'docker.io'
+      with:
+        username: ${{ secrets.DOCKER_HUB_USER }}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
     - uses: docker/metadata-action@v3
       id: meta
       with:
-        images: ${{ github.repository_owner }}/${{ matrix.profile }}
+        images: ${{ matrix.registry }}/${{ github.repository_owner }}/${{ matrix.profile }}
         flavor: |
           latest=${{ !github.event.release.prerelease }}
         tags: |
@@ -378,11 +401,6 @@ jobs:
           type=match,pattern=[v|e](.*),group=1
         labels:
           org.opencontainers.image.otp.version=${{ matrix.otp }}
-    - uses: docker/login-action@v1
-      if: github.event_name == 'release'
-      with:
-        username: ${{ secrets.DOCKER_HUB_USER }}
-        password: ${{ secrets.DOCKER_HUB_TOKEN }}
     - uses: docker/build-push-action@v2
       if: matrix.profile != 'emqx-ee'
       with:
@@ -413,20 +431,6 @@ jobs:
           EMQX_NAME=${{ matrix.profile }}
         file: source/deploy/docker/Dockerfile.enterprise
         context: source
-    - uses: aws-actions/configure-aws-credentials@v1
-      if: github.event_name == 'release' && !github.event.release.prerelease && matrix.profile == 'emqx'
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-    - name: Push image to aws ecr
-      if: github.event_name == 'release' && !github.event.release.prerelease && matrix.profile == 'emqx'
-      run: |
-        version=${GITHUB_REF##*/}
-        docker pull emqx/emqx:${version#v}
-        docker tag emqx/emqx:${version#v} public.ecr.aws/emqx/emqx:${version#v}
-        aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
-        docker push public.ecr.aws/emqx/emqx:${version#v}
 
   delete-artifact:
     runs-on: ubuntu-20.04