diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index 6a47fedd34d..a274e2dea08 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -2,17 +2,21 @@ name: Monthly roadmap reminder
 
 on:
     workflow_dispatch: {}
-#   schedule:
-#     - cron: '0 0 1 * *'
+    schedule:
+      - cron: '0 0 1 * *'  # runs first day of the month
 
 permissions:
     contents: read
-    pull-requests: read
-    issues: read
 
 
 jobs:
     call-workflow-passing-data:
-        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@fd4575466e5c2ac10703ac16f5aa9fb8890f532a
-        with:
-            token: ${{ github.token }}
+        permissions:
+            contents: read
+            pull-requests: read
+            issues: write  # create monthly roadmap report
+
+        # setting to `@main` until we have releases and governance installed
+        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
+        secrets:
+            token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/secure_workflows.yml b/.github/workflows/secure_workflows.yml
index 296452b49fe..99c59cff754 100644
--- a/.github/workflows/secure_workflows.yml
+++ b/.github/workflows/secure_workflows.yml
@@ -34,4 +34,6 @@ jobs:
       - name: Ensure 3rd party workflows have SHA pinned
         uses: zgosalvez/github-actions-ensure-sha-pinned-actions@19ebcb0babbd282ae1822a0b9c28f3f1f25cea45 # v3.0.4
         with:
-          allowlist: slsa-framework/slsa-github-generator
+          allowlist: |
+            slsa-framework/slsa-github-generator
+            aws-powertools/actions