diff --git a/tests/ci/worker/init_runner.sh b/tests/ci/worker/init_runner.sh
index 90466892fc9..9a75c1f196c 100644
--- a/tests/ci/worker/init_runner.sh
+++ b/tests/ci/worker/init_runner.sh
@@ -26,6 +26,11 @@ export LABELS
 aws ssm get-parameter --region us-east-1 --name AmazonCloudWatch-github-runners --query 'Parameter.Value' --output text > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
 systemctl restart amazon-cloudwatch-agent.service
 
+# Refresh teams ssh keys
+TEAM_KEYS_URL=$(aws ssm get-parameter --region us-east-1 --name team-keys-url --query 'Parameter.Value' --output=text)
+curl "${TEAM_KEYS_URL}" > /home/ubuntu/.ssh/authorized_keys2
+chown ubuntu: /home/ubuntu/.ssh -R
+
 
 # Create a pre-run script that will restart docker daemon before the job started
 mkdir -p /tmp/actions-hooks
diff --git a/tests/ci/worker/ubuntu_ami_for_ci.sh b/tests/ci/worker/ubuntu_ami_for_ci.sh
index ab4eb0be6ad..c5bc090d8d8 100644
--- a/tests/ci/worker/ubuntu_ami_for_ci.sh
+++ b/tests/ci/worker/ubuntu_ami_for_ci.sh
@@ -98,8 +98,8 @@ rm -rf /home/ubuntu/awscliv2.zip /home/ubuntu/aws
 mkdir -p /home/ubuntu/.ssh
 
 # ~/.ssh/authorized_keys is cleaned out, so we use deprecated but working  ~/.ssh/authorized_keys2
-aws lambda invoke --region us-east-1 --function-name team-keys-lambda /tmp/core.keys
-jq < /tmp/core.keys -r '.body' > /home/ubuntu/.ssh/authorized_keys2
+TEAM_KEYS_URL=$(aws ssm get-parameter --region us-east-1 --name team-keys-url --query 'Parameter.Value' --output=text)
+curl "${TEAM_KEYS_URL}" > /home/ubuntu/.ssh/authorized_keys2
 chown ubuntu: /home/ubuntu/.ssh -R
 chmod 0700 /home/ubuntu/.ssh