diff --git a/.github/actions/configure-aws-credentials/action.yml b/.github/actions/configure-aws-credentials/action.yml
new file mode 100644
index 00000000000..cca5f4fae04
--- /dev/null
+++ b/.github/actions/configure-aws-credentials/action.yml
@@ -0,0 +1,27 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+name: 'configure-aws-credentials'
+description: 'A helper for configure AWS credentials for AWS-LC GitHub actions'
+inputs:
+  roleName:
+    description: "The target IAM role to assume using the OIDC role credentials"
+    required: true
+    default: 'AwsLcGitHubActionStandardRole'
+runs:
+  using: 'composite'
+  steps:
+    - name: Query Environment
+      id: env
+      shell: bash
+      run: |
+        echo aws_account_id=${AWS_ACCOUNT_ID} >> "$GITHUB_OUTPUT"
+    - name: Retrieve OIDC Role Credentials
+      uses: aws-actions/configure-aws-credentials@v5
+      with:
+        role-to-assume: arn:aws:iam::${{ steps.env.outputs.aws_account_id }}:role/AwsLcGitHubActionsOidcRole
+    - name: Retrieve GitHub Actions Role Credentials
+      uses: aws-actions/configure-aws-credentials@v5
+      with:
+        role-to-assume: arn:aws:iam::${{ steps.env.outputs.aws_account_id }}:role/${{ inputs.roleName }}
+        role-chaining: true
diff --git a/.github/docker_images/aws-lc/android/Dockerfile b/.github/docker_images/aws-lc/android/Dockerfile
new file mode 100644
index 00000000000..1c85cd77409
--- /dev/null
+++ b/.github/docker_images/aws-lc/android/Dockerfile
@@ -0,0 +1,94 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+FROM public.ecr.aws/ubuntu/ubuntu:24.04 AS base
+
+SHELL ["/bin/bash", "-c"]
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+
+ENV ANDROID_SDK_URL=commandlinetools-linux-13114758_latest
+ENV ANDROID_HOME=/opt/sdk
+ENV ANDROID_SDK_ROOT=/opt/sdk
+ENV GRADLE_VERSION=gradle-7.6.4
+ENV GOROOT=/usr/local/go
+ENV PATH="$GOROOT/bin:/opt/sdk/cmdline-tools/latest/bin:$PATH"
+# ------------------------------------------------------
+# --- Android SDK
+
+RUN <<EOF
+set -ex
+apt-get update -y
+apt-get -y --no-install-recommends upgrade
+apt-get -y --no-install-recommends install \
+    git \
+    libunwind-dev \
+    openjdk-17-jdk \
+    perl \
+    python3.12 \
+    python3.12-venv \
+    python3-pip \
+    unzip \
+    wget
+EOF
+
+# Setup Android SDK
+RUN <<EOF
+# Set Java 17 as default
+export JAVA17_ALT=$(update-alternatives --list java | grep java-17 | head -1)
+update-alternatives --set java $JAVA17_ALT
+
+# Set Java 17 for SDK manager compatibility
+export JAVA_HOME=$(find /usr/lib/jvm -name "*java-17*" -type d | head -1)
+export PATH=$JAVA_HOME/bin:$PATH
+
+# install android-sdk from url source
+mkdir /opt/sdk
+mkdir /opt/sdk/cmdline-tools
+mkdir /opt/cmdline-tools-tmp
+cd /opt/cmdline-tools-tmp
+wget -q https://dl.google.com/android/repository/${ANDROID_SDK_URL}.zip
+unzip ${ANDROID_SDK_URL}.zip
+
+# move to its final location and export path
+mv ./cmdline-tools ${ANDROID_HOME}/cmdline-tools/latest
+cd $ANDROID_HOME/cmdline-tools/latest/bin
+./sdkmanager --update
+yes | ./sdkmanager --licenses
+
+# Preinstall AWSLCAndroidTestRunner android dependencies, so they don't need to be
+# rebuilt for each new gradle build run.
+./sdkmanager "ndk;28.2.13676358" \
+    "build-tools;33.0.3" \
+    "cmake;3.18.1" \
+    "platforms;android-30"
+
+cd /opt
+wget -q https://services.gradle.org/distributions/${GRADLE_VERSION}-all.zip
+rm -rf /opt/cmdline-tools-tmp
+rm -rf /tmp/*
+EOF
+
+# Preinstall gradle dependencies, so they don't need to be redownloaded in the CI.
+COPY . /tmp/triggerGradleDownloads/
+
+RUN <<EOF
+cd /tmp/triggerGradleDownloads
+echo "JAVA_HOME=$JAVA_HOME"
+java -version
+echo "PATH=$PATH"
+./gradlew --no-daemon --refresh-dependencies androidDependencies lint
+EOF
+
+# Install Go
+ENV GOENV_ROOT="/.goenv"
+ENV PATH="${GOENV_ROOT}/shims:${GOENV_ROOT}/bin:/go/bin:$PATH"
+
+COPY --from=scripts setup-go-compiler.sh /tmp
+RUN <<EOF
+setup_script="/tmp/setup-go-compiler.sh"
+${setup_script}
+EOF
+
+RUN rm -rf /tmp/*
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/build.gradle b/.github/docker_images/aws-lc/android/build.gradle
similarity index 100%
rename from tests/ci/docker_images/linux-x86/ubuntu-24.04_android/build.gradle
rename to .github/docker_images/aws-lc/android/build.gradle
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradle.properties b/.github/docker_images/aws-lc/android/gradle.properties
similarity index 100%
rename from tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradle.properties
rename to .github/docker_images/aws-lc/android/gradle.properties
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradle/wrapper/gradle-wrapper.jar b/.github/docker_images/aws-lc/android/gradle/wrapper/gradle-wrapper.jar
similarity index 100%
rename from tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradle/wrapper/gradle-wrapper.jar
rename to .github/docker_images/aws-lc/android/gradle/wrapper/gradle-wrapper.jar
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradle/wrapper/gradle-wrapper.properties b/.github/docker_images/aws-lc/android/gradle/wrapper/gradle-wrapper.properties
similarity index 100%
rename from tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradle/wrapper/gradle-wrapper.properties
rename to .github/docker_images/aws-lc/android/gradle/wrapper/gradle-wrapper.properties
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradlew b/.github/docker_images/aws-lc/android/gradlew
similarity index 100%
rename from tests/ci/docker_images/linux-x86/ubuntu-24.04_android/gradlew
rename to .github/docker_images/aws-lc/android/gradlew
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/settings.gradle b/.github/docker_images/aws-lc/android/settings.gradle
similarity index 100%
rename from tests/ci/docker_images/linux-x86/ubuntu-24.04_android/settings.gradle
rename to .github/docker_images/aws-lc/android/settings.gradle
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/src/main/AndroidManifest.xml b/.github/docker_images/aws-lc/android/src/main/AndroidManifest.xml
similarity index 100%
rename from tests/ci/docker_images/linux-x86/ubuntu-24.04_android/src/main/AndroidManifest.xml
rename to .github/docker_images/aws-lc/android/src/main/AndroidManifest.xml
diff --git a/.github/workflows/image-build-android.yml b/.github/workflows/image-build-android.yml
new file mode 100644
index 00000000000..3ab9a07c498
--- /dev/null
+++ b/.github/workflows/image-build-android.yml
@@ -0,0 +1,102 @@
+name: image-build-android
+on:
+  workflow_call:
+    inputs:
+      concurrency_prefix:
+        default: image-build-android
+        required: false
+        type: string
+  workflow_dispatch:
+  push:
+    branches: [main]
+    paths:
+      - .github/docker_images/aws-lc/android/Dockerfile
+      - .github/docker_images/scripts/**
+  pull_request_target:
+    branches: [main]
+    paths:
+      - .github/docker_images/aws-lc/android/Dockerfile
+      - .github/docker_images/scripts/**
+concurrency:
+  group: ${{ inputs.concurrency_prefix || github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+env:
+  GOPROXY: https://proxy.golang.org,direct
+  DOCKER_BUILD_RECORD_UPLOAD: false
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build:
+    runs-on:
+      codebuild-aws-lc-ci-github-actions-${{ github.run_id }}-${{ github.run_attempt }}
+      image:linux-5.0
+      instance-size:small
+    outputs:
+      android: ${{ steps.images.outputs.latest }}
+    steps:
+      - uses: actions/checkout@v5
+      - name: Query Environment
+        id: env
+        run: |
+          echo staging_url=${ECR_STAGING_REPO} >> "$GITHUB_OUTPUT"
+      - name: Retrieve Credentials
+        uses: ./.github/actions/configure-aws-credentials
+        with:
+          roleName: AwsLcGitHubActionDockerImageBuildRole
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Generate Staging Image Names
+        id: images
+        run: |
+          echo latest=${{ steps.env.outputs.staging_url }}:$(uuidgen) >> "$GITHUB_OUTPUT"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - uses: docker/build-push-action@v6
+        with:
+          file: ./.github/docker_images/aws-lc/android/Dockerfile
+          context: ./.github/docker_images/aws-lc/android
+          build-contexts: |
+            scripts=./.github/docker_images/scripts
+          tags: ${{ steps.images.outputs.latest }}
+          push: true
+      - uses: ./.github/actions/codebuild-docker-run
+        name: Validate Container
+        with:
+          image: ${{ steps.images.outputs.latest }}
+          run: |
+            ./.github/docker_images/scripts/verify-go-version.sh 1.25
+
+  push:
+    if: ${{ github.event_name != 'pull_request' }}
+    runs-on:
+      codebuild-aws-lc-ci-github-actions-${{ github.run_id }}-${{ github.run_attempt }}
+      image:linux-5.0
+      instance-size:small
+    needs:
+      - build
+    outputs:
+      android: ${{ steps.images.outputs.android }}
+    steps:
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Get ECR Registry & Repository Details
+        id: ecr
+        run: |
+          echo registry_url=${ECR_REGISTRY_URL} >> "$GITHUB_OUTPUT"
+      - name: Generate Staging Image Names
+        id: images
+        run: |
+          echo latest=${{ steps.ecr.outputs.registry_url }}/aws-lc/android:latest >> "$GITHUB_OUTPUT"
+      - name: Pull Images From Staging
+        run: |
+          docker pull ${{ needs.build.outputs.android }}
+      - name: Tag Images
+        run: |
+          docker tag ${{ needs.build.outputs.android }} ${{ steps.images.outputs.latest }}
+      - name: Push Images
+        run: |
+          docker push ${{ steps.images.outputs.latest }}
diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml
index 0f3f66565ae..830b3eef932 100644
--- a/.github/workflows/image-build.yml
+++ b/.github/workflows/image-build.yml
@@ -49,3 +49,5 @@ jobs:
     uses: ./.github/workflows/image-build-windows.yml
   verification:
     uses: ./.github/workflows/image-build-formal-verification.yml
+  android:
+    uses: ./.github/workflows/image-build-android.yml
\ No newline at end of file
diff --git a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/Dockerfile b/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/Dockerfile
deleted file mode 100644
index dd64b609952..00000000000
--- a/tests/ci/docker_images/linux-x86/ubuntu-24.04_android/Dockerfile
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0 OR ISC
-
-FROM ubuntu:24.04
-
-SHELL ["/bin/bash", "-c"]
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-
-ENV ANDROID_SDK_URL=commandlinetools-linux-13114758_latest
-ENV ANDROID_HOME=/opt/sdk
-ENV ANDROID_SDK_ROOT=/opt/sdk
-ENV GRADLE_VERSION=gradle-7.6.4
-ENV GOROOT=/usr/local/go
-ENV PATH="$GOROOT/bin:/opt/sdk/cmdline-tools/latest/bin:$PATH"
-# ------------------------------------------------------
-# --- Android SDK
-
-RUN set -ex && \
-    apt-get update -y && \
-    apt-get -y --no-install-recommends upgrade && \
-    apt-get -y --no-install-recommends install \
-    python3.12 \
-    python3.12-venv \
-    python3-pip \
-    openjdk-17-jdk \
-    perl \
-    libunwind-dev \
-    wget \
-    unzip && \
-# Set Java 17 as default
-    export JAVA17_ALT=$(update-alternatives --list java | grep java-17 | head -1) && \
-    update-alternatives --set java $JAVA17_ALT && \
-# Set Java 17 for SDK manager compatibility
-    export JAVA_HOME=$(find /usr/lib/jvm -name "*java-17*" -type d | head -1) && \
-    export PATH=$JAVA_HOME/bin:$PATH && \
-# install android-sdk from url source
-    mkdir /opt/sdk && \
-    mkdir /opt/sdk/cmdline-tools && \
-    mkdir /opt/cmdline-tools-tmp && \
-    cd /opt/cmdline-tools-tmp && \
-    wget -q https://dl.google.com/android/repository/${ANDROID_SDK_URL}.zip && \
-    unzip  ${ANDROID_SDK_URL}.zip && \
-# move to its final location and export path
-    mv ./cmdline-tools ${ANDROID_HOME}/cmdline-tools/latest && \
-    cd $ANDROID_HOME/cmdline-tools/latest/bin && \
-    ./sdkmanager --update && \
-    yes | ./sdkmanager --licenses && \
-# Preinstall AWSLCAndroidTestRunner android dependencies, so they don't need to be
-# rebuilt for each new gradle build run.
-    ./sdkmanager "ndk;28.2.13676358" \
-    "build-tools;33.0.3" \
-    "cmake;3.18.1" \
-    "platforms;android-30" && \
-    cd /opt && \
-    wget -q https://services.gradle.org/distributions/${GRADLE_VERSION}-all.zip && \
-    rm -rf /opt/cmdline-tools-tmp && \
-    rm -rf /tmp/*
-# Preinstall gradle dependencies, so they don't need to be redownloaded in the CI.
-COPY linux-x86/ubuntu-24.04_android /tmp/triggerGradleDownloads/
-RUN  cd /tmp/triggerGradleDownloads && \
-     echo "JAVA_HOME=$JAVA_HOME" && \
-     java -version && \
-     echo "PATH=$PATH" && \
-     ./gradlew --no-daemon --refresh-dependencies androidDependencies lint && \
-     rm -rf /tmp/triggerGradleDownloads
-
-COPY dependencies/install_common_dependencies.sh /
-RUN set -ex && /install_common_dependencies.sh && rm install_common_dependencies.sh