diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 69db5d2..46630d5 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -13,10 +13,15 @@ on:
         - 'true'
         - 'false'
 
+permissions:
+  id-token: write
+  contents: read
+
 env:
   AWS_PUBLIC_ECR_REGION: us-east-1
   AWS_PRIVATE_ECR_REGION: us-west-2
   PUBLIC_REGISTRY: public.ecr.aws
+  PUBLIC_REPO: aws-observability
   STAGING_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com
   RELEASE_IMAGE_NAME: aws-sigv4-proxy
   STAGING_IMAGE_NAME: aws-sigv4-proxy-staging
@@ -66,10 +71,10 @@ jobs:
         if: ${{ inputs.dryrunMode == 'true' }}
         run: |
           docker buildx imagetools create \
-            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \
-            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \
-            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \
-            ${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }}
+            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_REPO }}/${{ env.RELEASE_IMAGE_NAME }}:latest \
+            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_REPO }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \
+            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_REPO }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \
+            ${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \
             --dry-run
 
       - name: Create release - dryrun
@@ -78,15 +83,15 @@ jobs:
           echo gh release create --target "$GITHUB_REF_NAME" \
              --title "Release v${{ steps.release-info.outputs.release-version }}" \
              --draft \
-             "v${{ steps.release-info.outputs.release-version }}" \
+             "v${{ steps.release-info.outputs.release-version }}"
 
       - name: Push image to public ecr
         if: ${{ inputs.dryrunMode == 'false' }}
         run: |
           docker buildx imagetools create \
-            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \
-            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \
-            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \
+            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_REPO }}/${{ env.RELEASE_IMAGE_NAME }}:latest \
+            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_REPO }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \
+            --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_REPO }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \
             ${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }}
 
       - name: Create release
@@ -97,4 +102,4 @@ jobs:
           gh release create --target "$GITHUB_REF_NAME" \
              --title "Release v${{ steps.release-info.outputs.release-version }}" \
              --draft \
-             "v${{ steps.release-info.outputs.release-version }}" \
+             "v${{ steps.release-info.outputs.release-version }}"
diff --git a/VERSION b/VERSION
index 6259340..2e0e38c 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.8
+1.9