diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index c5c0d31..9e2fdc0 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -1,39 +1,54 @@
 name: Workflow
 on: push
 jobs:
-  docker:
+  image:
     strategy:
       matrix:
-        include:
-          - { ghc: 9.0.2 }
-          - { ghc: 9.2.4 }
-          - { ghc: 9.4.2 }
-    name: Docker with GHC ${{ matrix.ghc }}
+        arch:
+          - amd64
+          - arm64
+        ghc:
+          - 9.0.2
+          - 9.2.4
+          - 9.4.2
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - id: meta
-        uses: docker/metadata-action@v4
+
+      - uses: aws-actions/configure-aws-credentials@v1
         with:
-          images: ghcr.io/${{ github.repository }}
-          flavor: latest=false
-          tags: |
-            type=sha,format=long,prefix=${{ matrix.ghc }}-
-            type=raw,value=${{ matrix.ghc }},enable={{ is_default_branch }}
-      - uses: docker/login-action@v2
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      - uses: aws-actions/aws-codebuild-run-build@v1
         with:
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io
-          username: ${{ github.actor }}
-      - uses: docker/build-push-action@v3
+          project-name: docker-haskell-${{ matrix.arch }}
+          buildspec-override: aws/image.yaml
+          env-vars-for-codebuild: GHC_VERSION
+        env:
+          GHC_VERSION: ${{ matrix.ghc }}
+
+  manifest:
+    needs: image
+    strategy:
+      matrix:
+        ghc:
+          - 9.0.2
+          - 9.2.4
+          - 9.4.2
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      - uses: aws-actions/aws-codebuild-run-build@v1
         with:
-          build-args: |
-            GHC_VERSION=${{ matrix.ghc }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          project-name: docker-haskell-amd64
+          buildspec-override: aws/manifest.yaml
+          env-vars-for-codebuild: GHC_VERSION
+        env:
+          GHC_VERSION: ${{ matrix.ghc }}
diff --git a/Dockerfile b/Dockerfile
index c75dd58..7c75dd0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG DEBIAN_VERSION=11.4
+ARG DEBIAN_VERSION=11.5
 FROM "debian:$DEBIAN_VERSION-slim"
 
 # Install dependencies.
@@ -47,7 +47,7 @@ ARG GHCUP_VERSION=0.1.18.0
 RUN \
   set -o errexit -o xtrace; \
   if test -n "$GHCUP_VERSION"; then \
-  curl --output ~/.ghcup/bin/ghcup "https://downloads.haskell.org/~ghcup/$GHCUP_VERSION/$( uname --machine )-linux-ghcup-$GHCUP_VERSION"; \
+  curl --output ~/.ghcup/bin/ghcup "https://downloads.haskell.org/ghcup/$GHCUP_VERSION/$( uname --machine )-linux-ghcup-$GHCUP_VERSION"; \
   chmod --verbose +x ~/.ghcup/bin/ghcup; \
   ghcup --version; \
   fi
@@ -75,7 +75,7 @@ RUN \
 
 # Install Stack.
 
-ARG STACK_VERSION=2.7.5
+ARG STACK_VERSION=2.9.1
 RUN \
   set -o errexit -o xtrace; \
   if test -n "$STACK_VERSION"; then \
diff --git a/aws/image.yaml b/aws/image.yaml
new file mode 100644
index 0000000..b35f625
--- /dev/null
+++ b/aws/image.yaml
@@ -0,0 +1,29 @@
+version: 0.2
+env:
+  secrets-manager:
+    DOCKER_PASSWORD: docker-hub-read-only:DOCKER_PASSWORD
+    DOCKER_USERNAME: docker-hub-read-only:DOCKER_USERNAME
+  variables:
+    AWS_REGION: us-east-1
+    GHC_VERSION: 9.2.4
+phases:
+  build:
+    commands:
+
+      - echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin
+
+      - server=public.ecr.aws/v6m6o3k4
+
+      - aws ecr-public get-login-password --region "$AWS_REGION" | docker login --username AWS --password-stdin "$server"
+
+      - case $( uname -m ) in ( aarch64 ) arch=arm64 ;; ( x86_64 ) arch=amd64 ;; ( * ) exit 1 ;; esac
+
+      - echo "$arch"
+
+      - tag="$server/haskell:$GHC_VERSION-$CODEBUILD_RESOLVED_SOURCE_VERSION-$arch"
+
+      - echo "$tag"
+
+      - docker build --build-arg GHC_VERSION="$GHC_VERSION" --tag "$tag" .
+
+      - docker push "$tag"
diff --git a/aws/manifest.yaml b/aws/manifest.yaml
new file mode 100644
index 0000000..770c8ad
--- /dev/null
+++ b/aws/manifest.yaml
@@ -0,0 +1,20 @@
+version: 0.2
+env:
+  variables:
+    AWS_REGION: us-east-1
+    GHC_VERSION: 9.2.4
+phases:
+  build:
+    commands:
+
+      - server=public.ecr.aws/v6m6o3k4
+
+      - aws ecr-public get-login-password --region "$AWS_REGION" | docker login --username AWS --password-stdin "$server"
+
+      - tag="$server/haskell:$GHC_VERSION-$CODEBUILD_RESOLVED_SOURCE_VERSION"
+
+      - echo "$tag"
+
+      - docker manifest create "$tag" "$tag-amd64" "$tag-arm64"
+
+      - docker manifest push "$tag"