diff --git a/.github/workflows/release_authenticator.yml b/.github/workflows/release_authenticator.yml
index 0dbb3f5..dff4f17 100644
--- a/.github/workflows/release_authenticator.yml
+++ b/.github/workflows/release_authenticator.yml
@@ -1,15 +1,40 @@
 name: Release Authenticator
 on:
   push:
-    branches: [ release ]
+    branches: [ ruisebas/main ]
 
 permissions:
   id-token: write
   contents: write
 
 jobs:
+  determine-next-version:
+    name: Determine the next release version
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.extract-release-version.outputs.result }}
+    if: "${{ github.event.head_commit.author == 'aws-amplify-ops' && startsWith(github.event.head_commit.message, 'chore: Release ') }}"
+    steps:
+      - name: Extract release version
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+        id: extract-release-version
+        with:
+          result-encoding: string
+          script: |
+            const matches = `${{ github.event.head_commit.message }}`.match(/[0-9]+\.[0-9]+\.[0-9]+/) ?? []
+            return matches.length > 0 ? matches[0] : ""
+
+  validate-version-format:
+    name: Validate Version Format
+    needs: [determine-next-version]
+    if: ${{ needs.determine-next-version.outputs.version != '' }}
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Releasing new version ${{ needs.determine-next-version.outputs.version }}"
+
   unit-tests:
     name: Run Unit Tests
+    needs: [validate-version-format]
     uses: ./.github/workflows/unit_tests.yml
     with:
       identifier: 'workflow-call-unit-test'
@@ -17,7 +42,7 @@ jobs:
   release:
     environment: Release
     name: Release new Authenticator version
-    needs: [unit-tests]
+    needs: [unit-tests, determine-next-version]
     runs-on: macos-latest
     env:
       GITHUB_EMAIL: aws-amplify-ops@amazon.com
@@ -54,4 +79,6 @@ jobs:
           bundler-cache: true
 
       - name:  Release Authenticator
-        run: bundle exec fastlane release
\ No newline at end of file
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: bundle exec fastlane perform_release version:${{ needs.determine-next-version.outputs.version }}
\ No newline at end of file
diff --git a/.github/workflows/release_kickoff.yml b/.github/workflows/release_kickoff.yml
index 908a0ee..941e3eb 100644
--- a/.github/workflows/release_kickoff.yml
+++ b/.github/workflows/release_kickoff.yml
@@ -1,18 +1,53 @@
 name: Release - Kick-off
 on:
   workflow_dispatch:
+  push:
+    branches: [ dev ]
 
 permissions:
+  id-token: write
   pull-requests: write
 
 jobs:
   release:
-    name: Release
-    runs-on: ubuntu-latest
-
+    environment: Release
+    name: Kick off new Authenticator release
+    runs-on: macos-latest
+    env:
+      GITHUB_EMAIL: aws-amplify-ops@amazon.com
+      GITHUB_USER: aws-amplify-ops
     steps:
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
-      - name: Create PR to push main to release branch
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: ${{ format('{0}.release', github.run_id) }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - id: retrieve-token
+        name: Retrieve Token
+        env:
+          DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }}
+        run: |
+          PAT=$(aws secretsmanager get-secret-value \
+          --secret-id "$DEPLOY_SECRET_ARN" \
+          | jq -r ".SecretString | fromjson | .Credential")
+          echo "token=$PAT" >> $GITHUB_OUTPUT
+
+      - name: Checkout repo
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          fetch-depth: 10
+          token: ${{steps.retrieve-token.outputs.token}}
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
+        with:
+          ruby-version: '3.2.1'
+          bundler-cache: true
+
+      - name:  Kick off Authenticator release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: "gh pr create --title 'chore: kickoff release' --body 'kickoff release' --head main --base release"
\ No newline at end of file
+          GH_TOKEN: ${{ github.token }}
+        run: bundle exec fastlane prepare_release
\ No newline at end of file
diff --git a/fastlane/Fastfile b/fastlane/Fastfile
index 8130dfc..355d19f 100644
--- a/fastlane/Fastfile
+++ b/fastlane/Fastfile
@@ -9,12 +9,11 @@ platform :swift do
     sh('git', 'fetch')
   end
 
-  desc "Create a release version by building and committing a changelog, pushing a tag to GitHub"
-  lane :release do
+  desc "Preparing next release by building and committing a changelog, updating the component version, and creating a PR to main"
+  lane :prepare_release do
     next_version, commits = calculate_next_release_version
 
-    UI.message("Releasing version: #{next_version}")
-
+    UI.message("Kicking off new release for version: #{next_version}")
     # Increment all specs and plists
     increment_versions(version: next_version)
 
@@ -25,11 +24,16 @@ platform :swift do
     # Update Package dependencies
     sh('bundle', 'exec', 'swift', 'package', 'update')
 
+    # Create and push the new branch
+    release_branch = "release/#{next_version}"
+    sh('git', 'checkout', '-b', release_branch)
+    sh('git', 'push', '--set-upstream', 'origin', release_branch)
+
     # Commit and push
-    release_commit(version: next_version)
+    pr_title = release_commit(version: next_version).to_s
 
-    # Create tag and push to origin
-    add_tag(version: next_version)
+    # Open the PR to main
+    sh('gh', 'pr', 'create', '--title', pr_title, '--body', 'Kicking off new release', '--base', 'ruisebas/main', '--head', release_branch)
   end
 
   desc "Increment versions"
@@ -45,20 +49,29 @@ platform :swift do
     sh('git', 'config', '--global', 'user.email', ENV['GITHUB_EMAIL'])
     sh('git', 'config', '--global', 'user.name', ENV['GITHUB_USER'])
 
-    commit_message = "chore: Release #{next_version} [skip ci]"
+    commit_message = "chore: Release #{next_version}"
     sh('git', 'commit', '-am', commit_message)
+    sh('git', 'push')
+    commit_message
+  end
 
-    # push to origin
-    sh('git', 'push', 'origin', 'release')
-    sh('git', 'push', 'origin', 'release:main')
+  desc "Push a new tag to GitHub and creating a new draft release"
+  lane :perform_release do |options|
+    next_version = options[:version]
+    # Create and push the new tag
+    add_tag(version: next_version)
+
+    # Create draft release   
+    release_title = sh("echo $(date +%F)")
+    sh('gh', 'release', 'create', '--draft', '--verify-tag', '--title', release_title)
   end
 
   desc "Tag in git and push to GitHub"
   private_lane :add_tag do |options|
-    next_version = options[:version]
-    next_tag = "#{next_version}"
+    next_tag = options[:version].to_s
 
-    add_git_tag(tag: next_tag)
-    push_git_tags(tag: next_tag)
+    puts "Creating new tag #{next_tag}"
+    #add_git_tag(tag: next_tag)
+    #push_git_tags(tag: next_tag)
   end
 end