diff --git a/.drone.yml b/.drone.yml
index dcf4d9e78..2574f240b 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -509,16 +509,9 @@ volumes:
 
 ---
 kind: pipeline
-type: exec
+type: kubernetes
 name: tag-build-terraform-darwin
 
-concurrency:
-  limit: 1
-
-platform:
-  os: darwin
-  arch: amd64
-
 trigger:
   event:
     - tag
@@ -527,35 +520,25 @@ trigger:
       - refs/tags/terraform-provider-teleport-v*
 
 steps:
-  - name: Install Go Toolchain
-    environment:
-      GO_VERSION: go1.21.1
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
-    commands:
-      - set -u
-      - mkdir -p $TOOLCHAIN_DIR
-      - curl --no-progress-meter -O https://dl.google.com/go/$GO_VERSION.darwin-amd64.tar.gz
-      - tar -C  $TOOLCHAIN_DIR -xzf $GO_VERSION.darwin-amd64.tar.gz
-      - rm -rf $GO_VERSION.darwin-amd64.tar.gz
-
   - name: Build artifacts
-    environment:
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
-      GOPATH: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains/go
-      GOCACHE: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains/go/cache
+    image: golang:1.21.1
     commands:
-      - export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
       - mkdir -p build/
       - go version
-      - make ARCH=amd64 release/terraform
-      - make ARCH=arm64 release/terraform
-      - make ARCH=universal release/terraform
+      - go install github.com/konoui/lipo@latest
+      - make OS=darwin ARCH=amd64 release/terraform
+      - make OS=darwin ARCH=arm64 release/terraform
+      - make OS=darwin ARCH=universal release/terraform
       - find terraform/ -iname "*.tar.gz" -print -exec cp {} build/ \;
       - cd build
       - for FILE in *.tar.gz; do shasum -a 256 $FILE > $FILE.sha256; done
       - ls -l .
 
   - name: Assume AWS Role
+    image: amazon/aws-cli
+    volumes:
+    - name: awsconfig
+      path: /root/.aws
     environment:
       AWS_ACCESS_KEY_ID:
         from_secret: AWS_ACCESS_KEY_ID
@@ -563,10 +546,8 @@ steps:
         from_secret: AWS_SECRET_ACCESS_KEY
       AWS_ROLE:
         from_secret: AWS_ROLE
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
     commands:
     - aws sts get-caller-identity
-    - export AWS_SHARED_CREDENTIALS_FILE="$TOOLCHAIN_DIR/credentials"
     - |-
         printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \
           $(aws sts assume-role \
@@ -574,32 +555,26 @@ steps:
             --role-session-name $(echo "drone-${DRONE_REPO}/${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
             --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
             --output text) \
-            > "$AWS_SHARED_CREDENTIALS_FILE"
+            > /root/.aws/credentials
     - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
     - aws sts get-caller-identity
 
   - name: Upload to S3
+    image: amazon/aws-cli
+    volumes:
+    - name: awsconfig
+      path: /root/.aws
     environment:
       AWS_S3_BUCKET:
         from_secret: AWS_S3_BUCKET
       AWS_REGION: us-west-2
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
     commands:
-      - export AWS_SHARED_CREDENTIALS_FILE="$TOOLCHAIN_DIR/credentials"
       - cd build
       - aws s3 sync . s3://$AWS_S3_BUCKET/teleport-plugins/tag/${DRONE_TAG}/
 
-  - name: Clean up toolchains (post)
-    environment:
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
-    when:
-      status:
-      - success
-      - failure
-    commands:
-      - set -u
-      - chmod -R u+rw $TOOLCHAIN_DIR
-      - rm -rf $TOOLCHAIN_DIR
+volumes:
+  - name: awsconfig
+    temp: {}
 
 ---
 kind: pipeline
@@ -746,16 +721,9 @@ volumes:
 
 ---
 kind: pipeline
-type: exec
+type: kubernetes
 name: tag-build-event-handler-darwin
 
-concurrency:
-  limit: 1
-
-platform:
-  os: darwin
-  arch: amd64
-
 trigger:
   event:
     - tag
@@ -764,32 +732,21 @@ trigger:
       - refs/tags/teleport-event-handler-v*
 
 steps:
-  - name: Install Go Toolchain
-    environment:
-      GO_VERSION: go1.21.1
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
-    commands:
-      - set -u
-      - mkdir -p $TOOLCHAIN_DIR
-      - curl --no-progress-meter -O https://dl.google.com/go/$GO_VERSION.darwin-amd64.tar.gz
-      - tar -C  $TOOLCHAIN_DIR -xzf $GO_VERSION.darwin-amd64.tar.gz
-      - rm -rf $GO_VERSION.darwin-amd64.tar.gz
-
   - name: Build artifacts
-    environment:
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
-      GOPATH: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains/go
-      GOCACHE: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains/go/cache
+    image: golang:1.21.1
     commands:
-      - export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
       - mkdir -p build/
-      - make release/event-handler
+      - make OS=darwin ARCH=amd64 release/event-handler
       - find event-handler/ -iname "*.tar.gz" -print -exec cp {} build/ \;
       - cd build
       - for FILE in *.tar.gz; do shasum -a 256 $FILE > $FILE.sha256; done
       - ls -l .
 
   - name: Assume AWS Role
+    image: amazon/aws-cli
+    volumes:
+      - name: awsconfig
+        path: /root/.aws
     environment:
       AWS_ACCESS_KEY_ID:
         from_secret: AWS_ACCESS_KEY_ID
@@ -797,10 +754,8 @@ steps:
         from_secret: AWS_SECRET_ACCESS_KEY
       AWS_ROLE:
         from_secret: AWS_ROLE
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
     commands:
     - aws sts get-caller-identity
-    - export AWS_SHARED_CREDENTIALS_FILE="$TOOLCHAIN_DIR/credentials"
     - |-
         printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \
           $(aws sts assume-role \
@@ -808,33 +763,26 @@ steps:
             --role-session-name $(echo "drone-${DRONE_REPO}/${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
             --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
             --output text) \
-            > "$AWS_SHARED_CREDENTIALS_FILE"
+            > /root/.aws/credentials
     - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
     - aws sts get-caller-identity
 
   - name: Upload to S3
+    image: amazon/aws-cli
+    volumes:
+      - name: awsconfig
+        path: /root/.aws
     environment:
       AWS_S3_BUCKET:
         from_secret: AWS_S3_BUCKET
       AWS_REGION: us-west-2
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
     commands:
-      - export AWS_SHARED_CREDENTIALS_FILE="$TOOLCHAIN_DIR/credentials"
       - cd build
       - aws s3 sync . s3://$AWS_S3_BUCKET/teleport-plugins/tag/${DRONE_TAG}/
 
-  - name: Clean up toolchains (post)
-    environment:
-      TOOLCHAIN_DIR: /tmp/teleport-plugins/${DRONE_BUILD_NUMBER}-${DRONE_BUILD_CREATED}-${DRONE_STAGE_NAME}/toolchains
-    when:
-      status:
-      - success
-      - failure
-    commands:
-      - set -u
-      - chmod -R u+rw $TOOLCHAIN_DIR
-      - rm -rf $TOOLCHAIN_DIR
-
+volumes:
+  - name: awsconfig
+    temp: {}
 ---
 kind: pipeline
 type: kubernetes
@@ -1406,6 +1354,6 @@ steps:
         from_secret: PRODUCTION_TERRAFORM_REGISTRY_SIGNING_KEY
 ---
 kind: signature
-hmac: 425a71127807e20a715648d0ab87f362c204dcc7dbc986771815dd3082697641
+hmac: a7975ebf8fec0ac0df356da35309c6c1ae076b5e51226f86b96dfa9ac2ad4936
 
 ...