Address PR feedback

Author: peterrsongg

generator/.DevConfigs/8a48524d-da8b-4c04-b57e-ad196a51debb.json

@@ -1,7 +1,7 @@
 {
     "core": {
       "changeLogMessages": [
-        "Support Account ID based endpoints. Credential Providers will now attach the account ID to credentials if available and also read from the shared credentials file if set."
+        "Support Account ID based endpoints. Account-based endpoints help ensure high performance and scalability by using your AWS account ID to route requests for services that support this feature. For more information visit [account id based endpoints on our docs](https://docs.aws.amazon.com/sdkref/latest/guide/feature-account-endpoints.html)."
       ],
       "type": "patch",
       "updateMinimum": true

sdk/src/Core/Amazon.Runtime/CredentialManagement/AWSCredentialsFactory.cs

@@ -202,9 +202,9 @@ private static AWSCredentials GetAWSCredentialsInternal(
                 switch (profileType)
                 {
                     case CredentialProfileType.Basic:
-                        return string.IsNullOrEmpty(options.AwsAccountId) ? new BasicAWSCredentials(options.AccessKey, options.SecretKey) : new BasicAWSCredentials(options.AccessKey, options.SecretKey, options.AwsAccountId);
+                        return  new BasicAWSCredentials(options.AccessKey, options.SecretKey, options.AwsAccountId);
                     case CredentialProfileType.Session:
-                        return string.IsNullOrEmpty(options.AwsAccountId) ? new SessionAWSCredentials(options.AccessKey, options.SecretKey, options.Token) : new SessionAWSCredentials(options.AccessKey, options.SecretKey, options.Token, options.AwsAccountId); ; 
+                        return new SessionAWSCredentials(options.AccessKey, options.SecretKey, options.Token, options.AwsAccountId);
                     case CredentialProfileType.AssumeRole:
                     case CredentialProfileType.AssumeRoleExternal:
                     case CredentialProfileType.AssumeRoleMFA:

sdk/src/Core/Amazon.Runtime/Credentials/AssumeRoleAWSCredentials.cs

@@ -85,7 +85,6 @@ public AssumeRoleAWSCredentials(AWSCredentials sourceCredentials, string roleArn
             RoleArn = roleArn;
             RoleSessionName = roleSessionName;
             Options = options;
-            
 
             // Make sure to fetch new credentials well before the current credentials expire to avoid
             // any request being made with expired credentials.

sdk/src/Core/Amazon.Runtime/Credentials/AssumeRoleImmutableCredentials.cs

@@ -37,16 +37,27 @@ public class AssumeRoleImmutableCredentials : ImmutableCredentials
         /// <param name="token">The security token for the credentials.</param>
         /// <param name="expiration">The expiration time for the credentials.</param>
         public AssumeRoleImmutableCredentials(string awsAccessKeyId, string awsSecretAccessKey, string token, DateTime expiration)
-            : base(awsAccessKeyId, awsSecretAccessKey, token)
+            : this (awsAccessKeyId, awsSecretAccessKey, token, expiration, null)
         {
-            if (string.IsNullOrEmpty(token)) throw new ArgumentNullException("token");
-            Expiration = expiration;
+
 
         }
 
-        public AssumeRoleImmutableCredentials(string awsAccessKeyId, string awsSecretAccessKey, string token, DateTime expiration, string accountId) : this (awsAccessKeyId, awsSecretAccessKey, token, expiration)
+        /// <summary>
+        /// Constructs an instance with supplied keys, token, expiration, and account id. When the account id is set 
+        /// and the service supports account id based endpoints, AWS will send the request using the account-based endpoint rather
+        /// than the regional endpount. Account-based endpoints take the form https://<paramref name="accountId"/>.ddb.region.amazonaws.com
+        /// the request to 
+        /// </summary>
+        /// <param name="awsAccessKeyId">The AccessKey for the credentials</param>
+        /// <param name="awsSecretAccessKey">The SecretKey for the credentials.</param>
+        /// <param name="token">The security token for the credentials.</param>
+        /// <param name="expiration">The expiration time for the credentials.</param>
+        /// <param name="accountId">The account id for the credentials. The account id is your 12 digit account number with no hyphens. For example: 123456789012.</param>
+        public AssumeRoleImmutableCredentials(string awsAccessKeyId, string awsSecretAccessKey, string token, DateTime expiration, string accountId) : base (awsAccessKeyId, awsSecretAccessKey, token, accountId)
         {
-            AccountId = accountId;
+            if (string.IsNullOrEmpty(token)) throw new ArgumentNullException("token");
+            Expiration = expiration;
         }
         /// <summary>
         /// Get a copy of this AssumeRoleImmutableCredentials object.

sdk/src/Core/Amazon.Runtime/Credentials/AssumeRoleWithWebIdentityCredentials.cs

@@ -47,7 +47,6 @@ public partial class AssumeRoleWithWebIdentityCredentials : RefreshingAWSCredent
         public const string WebIdentityTokenFileEnvVariable = "AWS_WEB_IDENTITY_TOKEN_FILE";
         public const string RoleArnEnvVariable = "AWS_ROLE_ARN";
         public const string RoleSessionNameEnvVariable = "AWS_ROLE_SESSION_NAME";
-        public const string AwsAccountIdEnvVariable = "AWS_ACCOUNT_ID";
         private const string RoleSessionNameRegexPattern = @"^[\w+=,.@-]{2,64}$";
 
 #if NET8_0_OR_GREATER

sdk/src/Core/Amazon.Runtime/Credentials/BasicAWSCredentials.cs

@@ -36,18 +36,22 @@ public class BasicAWSCredentials : AWSCredentials
         /// <summary>
         /// Constructs a BasicAWSCredentials object for the specified accessKey and secretKey.
         /// </summary>
-        /// <param name="accessKey"></param>
-        /// <param name="secretKey"></param>
+        /// <param name="accessKey">The access key for the credentials.</param>
+        /// <param name="secretKey">The secret key for the credentials.</param>
         public BasicAWSCredentials(string accessKey, string secretKey) : this (accessKey, secretKey, null)
         {
         }
 
         /// <summary>
-        /// Constructs a BasicAWSCredentials object for the specified accessKey, secretKey, and accountId
+        /// Constructs a BasicAWSCredentials object for the specified accessKey, secretKey, and accountId.
+        /// When the account id is set and the service supports account id based endpoints, AWS will send the request 
+        /// using the account-based endpoint rather than the regional endpount. 
+        /// Account-based endpoints take the form https://<paramref name="accountId"/>.ddb.region.amazonaws.com
+        /// the request to 
         /// </summary>
-        /// <param name="accessKey"></param>
-        /// <param name="secretKey"></param>
-        /// <param name="accountId"></param>
+        /// <param name="accessKey">The access key for the credentials.</param>
+        /// <param name="secretKey">The secret key for the credentials.</param>
+        /// <param name="accountId">The account id for the credentials. The account id is your 12 digit account number with no hyphens. For example: 123456789012</param>
         public BasicAWSCredentials(string accessKey, string secretKey, string accountId)
         {
             if (!string.IsNullOrEmpty(accessKey))

sdk/src/Core/Amazon.Runtime/Credentials/GenericContainerCredentials.cs

@@ -148,7 +148,7 @@ protected override async Task<CredentialsRefreshState> GenerateNewCredentialsAsy
                 await Task.Delay(retry.Next()).ConfigureAwait(false);
             }
 
-            return new CredentialsRefreshState(new ImmutableCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.Token), credentials.Expiration);
+            return new CredentialsRefreshState(new ImmutableCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.Token, credentials.AccountId), credentials.Expiration);
         }
 
         /// <summary>

sdk/src/Core/Amazon.Runtime/Credentials/ImmutableCredentials.cs

@@ -49,8 +49,12 @@ public class ImmutableCredentials
 
         /// <summary>
         /// Gets the AccountId property for the current credentials.
+        /// The account id is your 12 digit account number with no hypens. For example: 123456789012.
+        /// When the account id is set and the service supports account id based endpoints, AWS will send the request 
+        /// using the account-based endpoint rather than the regional endpount. 
+        /// Account-based endpoints take the form https://accountid.ddb.region.amazonaws.com
         /// </summary>
-        public string AccountId { get; protected set; }
+        public string AccountId { get; private set; }
         #endregion
 
 
@@ -76,11 +80,15 @@ public ImmutableCredentials(string awsAccessKeyId, string awsSecretAccessKey, st
 
         /// <summary>
         /// Constructs an ImmutableCredentials object with supplied accessKey, secretKey, and aws account id.
+        /// When the account id is set and the service supports account id based endpoints, AWS will send the request 
+        /// using the account-based endpoint rather than the regional endpount. 
+        /// Account-based endpoints take the form https://<paramref name="accountId"/>.ddb.region.amazonaws.com
         /// </summary>
-        /// <param name="awsAccessKeyId"></param>
-        /// <param name="awsSecretAccessKey"></param>
+        /// <param name="awsAccessKeyId">The access key for the credentials.</param>
+        /// <param name="awsSecretAccessKey">The secret access key for the credentials.</param>
         /// <param name="token">Optional. Can be set to null or empty for non-session credentials.</param>
-        /// <param name="accountId">Optional. If <see cref="AccountIdEndpointMode"/> is set to preferred or required, the account id will be used in endpoint resolution.</param>
+        /// <param name="accountId">Optional. If <see cref="AccountIdEndpointMode"/> is set to preferred or required, the account id will be used in endpoint resolution.
+        /// The account id is your 12 digit account number with no hyphens. For example: 123456789012.</param>
         public ImmutableCredentials(string awsAccessKeyId, string awsSecretAccessKey, string token, string accountId) : this(awsAccessKeyId, awsSecretAccessKey, token)
         {
             AccountId = accountId;

sdk/src/Core/Amazon.Runtime/Credentials/ProcessAWSCredentials.cs

@@ -53,13 +53,23 @@ public class ProcessAWSCredentials : RefreshingAWSCredentials
         #endregion
 
         #region Public constructors
+        /// <summary>
+        /// Constructs an instance of credentials that can be retrieved by running an external process.
+        /// </summary>
+        /// <param name="processCredentialInfo">Contains the executable information to be used by the process credential retriever.</param>
         [SuppressMessage("Microsoft.Security", "CA2122:DoNotIndirectlyExposeMethodsWithLinkDemands")]
         public ProcessAWSCredentials(string processCredentialInfo) : this(processCredentialInfo, null)
         {
 
         }
 
-
+        /// <summary>
+        /// Constructs an instance of credentials that can be retrieved by running an external process.
+        /// </summary>
+        /// <param name="processCredentialInfo">Contains the executable information to be used by the process credential retriever</param>
+        /// <param name="accountId">The account id for the credentials. The account id is your 12 digit account number with no hyphens. For example: 123456789012
+        /// If account id is fetched from the executable then that will be used instead of the one set in the constructor.
+        /// </param>
         public ProcessAWSCredentials(string processCredentialInfo, string accountId)
         {
             processCredentialInfo = processCredentialInfo.Trim();

sdk/src/Core/Amazon.Runtime/Credentials/SAMLImmutableCredentials.cs

@@ -63,14 +63,17 @@ public SAMLImmutableCredentials(string awsAccessKeyId,
         }
 
         /// <summary>
-        /// Constructs an instance with supplied keys SAML assertion data, and an account id
+        /// Constructs an instance with supplied keys SAML assertion data, and an account id.
+        /// When the account id is set and the service supports account id based endpoints, AWS will send the request 
+        /// using the account-based endpoint rather than the regional endpount. 
+        /// Account-based endpoints take the form https://<paramref name="accountId"/>.ddb.region.amazonaws.com
         /// </summary>
         /// <param name="awsAccessKeyId"></param>
         /// <param name="awsSecretAccessKey"></param>
         /// <param name="token"></param>
         /// <param name="expires"></param>
         /// <param name="subject"></param>
-        /// <param name="accountId"></param>
+        /// <param name="accountId">The account id for the credentials. The account id is your 12 digit account number with no hyphens. For example: 123456789012.</param>
         public SAMLImmutableCredentials(string awsAccessKeyId,
                                         string awsSecretAccessKey,
                                         string token,
@@ -84,11 +87,14 @@ public SAMLImmutableCredentials(string awsAccessKeyId,
         }
         /// <summary>
         /// Constructs an instance with supplied keys and SAML assertion data and an account id.
+        /// When the account id is set and the service supports account id based endpoints, AWS will send the request 
+        /// using the account-based endpoint rather than the regional endpount. 
+        /// Account-based endpoints take the form https://<paramref name="accountId"/>.ddb.region.amazonaws.com
         /// </summary>
         /// <param name="credentials"></param>
         /// <param name="expires"></param>
         /// <param name="subject"></param>
-        /// <param name="accountId"></param>
+        /// <param name="accountId">The account id for the credentials. The account id is your 12 digit account number with no hyphens. For example: 123456789012.</param>
         public SAMLImmutableCredentials(ImmutableCredentials credentials,
                                         DateTime expires,
                                         string subject,

sdk/src/Core/Amazon.Runtime/Credentials/SessionAWSCredentials.cs

@@ -35,6 +35,17 @@ public SessionAWSCredentials(string awsAccessKeyId, string awsSecretAccessKey, s
         {
         }
 
+        /// <summary>
+        /// Constructs a SessionAWSCredentials object for the specified accessKey, secretKey, and account id.
+        /// When the account id is set and the service supports account id based endpoints, AWS will send the request 
+        /// using the account-based endpoint rather than the regional endpount. 
+        /// Account-based endpoints take the form https://<paramref name="accountId"/>.ddb.region.amazonaws.com
+        /// </summary>
+        /// <param name="awsAccessKeyId"></param>
+        /// <param name="awsSecretAccessKey"></param>
+        /// <param name="token"></param>
+        /// <param name="accountId">The account id for the credentials. The account id is your 12 digit account number with no hyphens. For example: 123456789012.</param>
+        /// <exception cref="ArgumentNullException"></exception>
         public SessionAWSCredentials(string awsAccessKeyId, string awsSecretAccessKey, string token, string accountId)
         {
             if (string.IsNullOrEmpty(awsAccessKeyId)) throw new ArgumentNullException("awsAccessKeyId");

sdk/src/Core/Amazon.Runtime/Credentials/_bcl+netstandard/SSOImmutableCredentials.cs

@@ -44,19 +44,21 @@ public SSOImmutableCredentials(
         }
 
         /// <summary>
-        /// Constructs an instance with supplied keys, token, expiration, and account id
+        /// Constructs an instance with supplied keys, token, expiration, and account id.
+        /// When the account id is set and the service supports account id based endpoints, 
+        /// AWS will send the request using the account-based endpoint rather than the regional endpount. 
+        /// Account-based endpoints take the form https://<paramref name="accountId"/>.ddb.region.amazonaws.com
         /// </summary>
         /// <param name="awsAccessKeyId"></param>
         /// <param name="awsSecretAccessKey"></param>
         /// <param name="token"></param>
         /// <param name="expiration"></param>
-        /// <param name="accountId"></param>
+        /// <param name="accountId">The account id for the credentials. The account id is your 12 digit account number with no hyphens. For example: 123456789012.</param>
         /// <exception cref="ArgumentNullException"></exception>
         public SSOImmutableCredentials(string awsAccessKeyId, string awsSecretAccessKey, string token, DateTime expiration, string accountId) : base(awsAccessKeyId, awsSecretAccessKey, token, accountId)
         {
             if (string.IsNullOrEmpty(token)) throw new ArgumentNullException(nameof(token));
             Expiration = expiration;
-            AccountId = accountId;
         }
 
         /// <summary>