diff --git a/.github/workflows/manual-canary.yml b/.github/workflows/manual-canary.yml
index 25200e5f95..a6be3352d9 100644
--- a/.github/workflows/manual-canary.yml
+++ b/.github/workflows/manual-canary.yml
@@ -10,6 +10,11 @@ on:
         type: string
 run-name: ${{ github.workflow }} for Pull Request ${{ inputs.pull_request_number }}
 
+# Allow one instance of this workflow per pull request, and cancel older runs when new changes are pushed
+concurrency:
+  group: manual-canary-${{ inputs.pull_request_number }}
+  cancel-in-progress: true
+
 jobs:
   get-pr-info:
     name: Get PR info
@@ -42,7 +47,7 @@ jobs:
     - uses: actions/checkout@v4
       with:
         path: smithy-rs
-          # The ref used needs to match the HEAD revision of the PR being diffed, or else
+            # The ref used needs to match the HEAD revision of the PR being diffed, or else
           # the `docker-build` action won't find the built Docker image.
         ref: ${{ fromJSON(needs.get-pr-info.outputs.pull_data).commit_sha }}
         fetch-depth: 0
@@ -56,15 +61,45 @@ jobs:
         path: smithy-rs-base-image
         retention-days: 1
 
-  invoke-canary:
+  generate:
+    name: Generate
+    needs:
+    - acquire-base-image
+    - get-pr-info
+    runs-on: smithy_ubuntu-latest_8-core
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        path: smithy-rs
+        ref: ${{ fromJSON(needs.get-pr-info.outputs.pull_data).commit_sha }}
+    - name: Generate a subset of SDKs for the canary
+      uses: ./smithy-rs/.github/actions/docker-build
+      with:
+        action: generate-aws-sdk-for-canary
+
+  canary:
     name: Canary
     needs:
+    - generate
     - get-pr-info
-    - acquire-base-image
-    uses: ./.github/workflows/canary.yml
-    with:
-      pull_request_number: ${{ inputs.pull_request_number }}
-      commit_sha: ${{ fromJSON(needs.get-pr-info.outputs.pull_data).commit_sha }}
-    secrets:
-      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
-      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}
+    runs-on: smithy_ubuntu-latest_8-core
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        path: smithy-rs
+        ref: ${{ fromJSON(needs.get-pr-info.outputs.pull_data).commit_sha }}
+    - name: Configure credentials
+      id: creds
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: us-west-2
+        role-to-assume: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
+        output-credentials: true
+    - name: Run canary
+      uses: ./smithy-rs/.github/actions/docker-build
+      with:
+        action: run-canary
+        action-arguments: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }} ${{ steps.creds.outputs.aws-access-key-id }} ${{ steps.creds.outputs.aws-secret-access-key }} ${{ steps.creds.outputs.aws-session-token }}
diff --git a/tools/ci-scripts/generate-aws-sdk-for-canary b/tools/ci-scripts/generate-aws-sdk-for-canary
new file mode 100755
index 0000000000..1d5d8bdf88
--- /dev/null
+++ b/tools/ci-scripts/generate-aws-sdk-for-canary
@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set -eux
+
+cd smithy-rs
+
+# Generate only SDKs used by canary (see BASE_MANIFEST in build_bundle.rs of canary-runner)
+./gradlew -Paws.services=+ec2,+s3,+sso,+ssooidc,+sts,+transcribestreaming :aws:sdk:assemble
+
+mv aws/sdk/build/aws-sdk ../artifacts/