aws · dscpinheiro · Mar 28, 2025 · Mar 13, 2025 · Mar 19, 2025 · Mar 20, 2025
diff --git a/generator/.DevConfigs/8a48524d-da8b-4c04-b57e-ad196a51debb.json b/generator/.DevConfigs/8a48524d-da8b-4c04-b57e-ad196a51debb.json
@@ -0,0 +1,9 @@
+{
+    "core": {
+      "changeLogMessages": [
+        "Support Account ID based endpoints. Account-based endpoints help ensure high performance and scalability by using your AWS account ID to route requests for services that support this feature. For more information visit [account id based endpoints on our docs](https://docs.aws.amazon.com/sdkref/latest/guide/feature-account-endpoints.html)."
+      ],
+      "type": "patch",
+      "updateMinimum": true
+    }
+  }
diff --git a/sdk/src/Core/Amazon.Runtime/CredentialManagement/AWSCredentialsFactory.cs b/sdk/src/Core/Amazon.Runtime/CredentialManagement/AWSCredentialsFactory.cs
@@ -202,44 +202,17 @@ private static AWSCredentials GetAWSCredentialsInternal(
                 switch (profileType)
                 {
                     case CredentialProfileType.Basic:
-                    case CredentialProfileType.BasicWithServices:
-                    case CredentialProfileType.BasicWithGlobalEndpoint:
-                    case CredentialProfileType.BasicWithServicesAndGlobalEndpoint:
-                        return new BasicAWSCredentials(options.AccessKey, options.SecretKey);
+                        return  new BasicAWSCredentials(options.AccessKey, options.SecretKey, options.AwsAccountId);
                     case CredentialProfileType.Session:
-                    case CredentialProfileType.SessionWithServices:
-                    case CredentialProfileType.SessionWithGlobalEndpoint:
-                    case CredentialProfileType.SessionWithServicesAndGlobalEndpoint:
-                        return new SessionAWSCredentials(options.AccessKey, options.SecretKey, options.Token);
+                        return new SessionAWSCredentials(options.AccessKey, options.SecretKey, options.Token, options.AwsAccountId);
                     case CredentialProfileType.AssumeRole:
-                    case CredentialProfileType.AssumeRoleWithServices:
-                    case CredentialProfileType.AssumeRoleWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.AssumeRoleExternal:
-                    case CredentialProfileType.AssumeRoleExternalWithServices:
-                    case CredentialProfileType.AssumeRoleExternalWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleExternalWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.AssumeRoleMFA:
-                    case CredentialProfileType.AssumeRoleMFAWithServices:
-                    case CredentialProfileType.AssumeRoleMFAWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleMFAWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.AssumeRoleExternalMFA:
-                    case CredentialProfileType.AssumeRoleExternalMFAWithServices:
-                    case CredentialProfileType.AssumeRoleExternalMFAWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleExternalMFAWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.AssumeRoleSessionName:
-                    case CredentialProfileType.AssumeRoleSessionNameWithServices:
-                    case CredentialProfileType.AssumeRoleSessionNameWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleSessionNameWithServicesAndGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleMFASessionNameWithServices:
-                    case CredentialProfileType.AssumeRoleMFASessionNameWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleMFASessionNameWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.AssumeRoleExternalSessionName:
                     case CredentialProfileType.AssumeRoleMFASessionName:
                     case CredentialProfileType.AssumeRoleExternalMFASessionName:
-                    case CredentialProfileType.AssumeRoleExternalMFASessionNameWithServices:
-                    case CredentialProfileType.AssumeRoleExternalMFASessionNameWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleExternalMFASessionNameWithServicesAndGlobalEndpoint:
                         if (profileName != null)
                         {
                             if (profileLoopAvoidance == null)
@@ -278,13 +251,7 @@ private static AWSCredentials GetAWSCredentialsInternal(
                         };
                         return new AssumeRoleAWSCredentials(sourceCredentials, options.RoleArn, roleSessionName, assumeRoleOptions);
                     case CredentialProfileType.AssumeRoleCredentialSource:
-                    case CredentialProfileType.AssumeRoleCredentialSourceWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleCredentialSourceWithServices:
-                    case CredentialProfileType.AssumeRoleCredentialSourceWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.AssumeRoleCredentialSourceSessionName:
-                    case CredentialProfileType.AssumeRoleCredentialSourceSessionNameWithServices:
-                    case CredentialProfileType.AssumeRoleCredentialSourceSessionNameWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleCredentialSourceSessionNameWithServicesAndGlobalEndpoint:
                         // get credentials specified by credentialSource
                         try
                         {
@@ -304,13 +271,7 @@ private static AWSCredentials GetAWSCredentialsInternal(
                         assumeRoleOptions = new AssumeRoleAWSCredentialsOptions();
                         return new AssumeRoleAWSCredentials(sourceCredentials, options.RoleArn, roleSessionName, assumeRoleOptions);
                     case CredentialProfileType.AssumeRoleWithWebIdentity:
-                    case CredentialProfileType.AssumeRoleWithWebIdentityWithServices:
-                    case CredentialProfileType.AssumeRoleWithWebIdentityWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleWithWebIdentityWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.AssumeRoleWithWebIdentitySessionName:
-                    case CredentialProfileType.AssumeRoleWithWebIdentitySessionNameWithServices:
-                    case CredentialProfileType.AssumeRoleWithWebIdentitySessionNameWithGlobalEndpoint:
-                    case CredentialProfileType.AssumeRoleWithWebIdentitySessionNameWithServicesAndGlobalEndpoint:
                         return new AssumeRoleWithWebIdentityCredentials(options.WebIdentityTokenFile, options.RoleArn, options.RoleSessionName);
 
                     case CredentialProfileType.SSO:
@@ -329,13 +290,7 @@ private static AWSCredentials GetAWSCredentialsInternal(
                     }
 
                     case CredentialProfileType.SAMLRole:
-                    case CredentialProfileType.SAMLRoleWithServices:
-                    case CredentialProfileType.SAMLRoleWithGlobalEndpoint:
-                    case CredentialProfileType.SAMLRoleWithServicesAndGlobalEndpoint:
                     case CredentialProfileType.SAMLRoleUserIdentity:
-                    case CredentialProfileType.SAMLRoleUserIdentityWithServices:
-                    case CredentialProfileType.SAMLRoleUserIdentityWithGlobalEndpoint:
-                    case CredentialProfileType.SAMLRoleUserIdentityWithServicesAndGlobalEndpoint:
 
                         if (UserCrypto.IsUserCryptAvailable)
                         {
@@ -353,7 +308,7 @@ private static AWSCredentials GetAWSCredentialsInternal(
                             return ThrowOrReturnNull("Federated credentials are not available on this platform.", null, throwIfInvalid);
                         }
                     case CredentialProfileType.CredentialProcess:
-                        return new ProcessAWSCredentials(options.CredentialProcess);
+                        return new ProcessAWSCredentials(options.CredentialProcess, options.AwsAccountId);
 
                     default:
                         var defaultMessage = profileName == null

diff --git a/sdk/src/Core/Amazon.Runtime/CredentialManagement/CredentialProfile.cs b/sdk/src/Core/Amazon.Runtime/CredentialManagement/CredentialProfile.cs
@@ -161,6 +161,21 @@ internal Dictionary<string, Dictionary<string, string>> NestedProperties
         /// </summary>
         public string ClientAppId { get; set; }
 
+        /// <summary>
+        /// The name of the section which contains the custom endpoints for a service or services.
+        /// For example: 
+        /// [profile foo]
+        /// services = bar
+        /// [services bar]
+        /// s3 = 
+        ///   endpoint_url = https://custom-endpoint-s3:80
+        /// ec2 = 
+        ///   endpoint_url = https://custome-endpoint_ec2:80
+        /// This will tell the SDK to look for custom endpoints in "bar" for the profile "foo.
+        /// A single Services section can contain configurations for multiple services.
+        /// </summary>
+        public string Services { get; set; }
+
 
         /// <summary>
         /// Determines the behavior for calculating checksums for request payloads.

diff --git a/sdk/src/Core/Amazon.Runtime/CredentialManagement/CredentialProfileOptions.cs b/sdk/src/Core/Amazon.Runtime/CredentialManagement/CredentialProfileOptions.cs
@@ -89,24 +89,6 @@ public class CredentialProfileOptions
         /// Absolute path to the file on disk containing an OIDC token.
         /// </summary>
         public string WebIdentityTokenFile { get; set; }
-        /// <summary>
-        /// The name of the section which contains the custom endpoints for a service or services.
-        /// For example: 
-        /// [profile foo]
-        /// services = bar
-        /// [services bar]
-        /// s3 = 
-        ///   endpoint_url = https://custom-endpoint-s3:80
-        /// ec2 = 
-        ///   endpoint_url = https://custome-endpoint_ec2:80
-        /// This will tell the SDK to look for custom endpoints in "bar" for the profile "foo.
-        /// A single Services section can contain configurations for multiple services.
-        /// </summary>
-        public string Services { get; set; }
-        /// <summary>
-        /// The global endpoint to use for a profile. Service specific endpoints will always override this value.
-        /// </summary>
-        public string EndpointUrl { get; set; }
 
         /// <summary>
         /// The AWS account ID that temporary AWS credentials will be resolved for using AWS SSO.
@@ -139,7 +121,12 @@ public class CredentialProfileOptions
         /// Provided by the SSO service via the web console.
         /// </summary>
         public string SsoStartUrl { get; set; }
-
+
+        /// <summary>
+        /// The account id to use for account id based endpoint routing
+        /// </summary>
+        public string AwsAccountId { get; set; }
+
         /// <summary>
         /// Return true the properties are all null or empty, false otherwise.
         /// </summary>
@@ -159,15 +146,14 @@ internal bool IsEmpty
                     string.IsNullOrEmpty(SourceProfile) &&
                     string.IsNullOrEmpty(Token) &&
                     string.IsNullOrEmpty(CredentialProcess) &&
-                    string.IsNullOrEmpty(Services) &&
-                    string.IsNullOrEmpty(EndpointUrl) &&
                     string.IsNullOrEmpty(SsoAccountId) &&
                     string.IsNullOrEmpty(SsoRegion) &&
                     string.IsNullOrEmpty(SsoRegistrationScopes) &&
                     string.IsNullOrEmpty(SsoRoleName) &&
                     string.IsNullOrEmpty(SsoStartUrl) &&
                     string.IsNullOrEmpty(SsoSession) &&
-                    string.IsNullOrEmpty(WebIdentityTokenFile);
+                    string.IsNullOrEmpty(WebIdentityTokenFile) &&
+                    string.IsNullOrEmpty(AwsAccountId);
             }
         }
         public override string ToString()
@@ -181,8 +167,6 @@ public override string ToString()
                 "RoleSessionName=" + RoleSessionName + ", " +
                 "SecretKey=XXXXX, " +
                 "SourceProfile=" + SourceProfile + ", " +
-                "EndpointUrl=" + EndpointUrl + ", " +
-                "Services=" + Services + ", " +
                 "Token=" + Token +
                 ", " + "UserIdentity=" + UserIdentity +
                 ", " + "CredentialProcess=" + CredentialProcess +
@@ -193,6 +177,7 @@ public override string ToString()
                 ", " + "SsoRoleName=" + SsoRoleName +
                 ", " + "SsoStartUrl=" + SsoStartUrl +
                 ", " + "SsoSession=" + SsoSession +
+                ", " + "AwsAccountId=" + AwsAccountId +
                 "]";
         }
 
@@ -206,13 +191,13 @@ public override bool Equals(object obj)
                 return false;
 
             return AWSSDKUtils.AreEqual(
-                new object[] { AccessKey, EndpointName, ExternalID, MfaSerial, RoleArn, RoleSessionName, SecretKey, SourceProfile, Token, UserIdentity, CredentialProcess, WebIdentityTokenFile, SsoAccountId, SsoRegion, SsoRegistrationScopes, SsoRoleName, SsoStartUrl, SsoSession, Services, EndpointUrl },
-                new object[] { po.AccessKey, po.EndpointName, po.ExternalID, po.MfaSerial, po.RoleArn, po.RoleSessionName, po.SecretKey, po.SourceProfile, po.Token, po.UserIdentity, po.CredentialProcess, po.WebIdentityTokenFile, po.SsoAccountId, po.SsoRegion, po.SsoRegistrationScopes, po.SsoRoleName, po.SsoStartUrl, po.SsoSession, po.Services, po.EndpointUrl });
+                new object[] { AccessKey, EndpointName, ExternalID, MfaSerial, RoleArn, RoleSessionName, SecretKey, SourceProfile, Token, UserIdentity, CredentialProcess, WebIdentityTokenFile, SsoAccountId, SsoRegion, SsoRegistrationScopes, SsoRoleName, SsoStartUrl, SsoSession, AwsAccountId },
+                new object[] { po.AccessKey, po.EndpointName, po.ExternalID, po.MfaSerial, po.RoleArn, po.RoleSessionName, po.SecretKey, po.SourceProfile, po.Token, po.UserIdentity, po.CredentialProcess, po.WebIdentityTokenFile, po.SsoAccountId, po.SsoRegion, po.SsoRegistrationScopes, po.SsoRoleName, po.SsoStartUrl, po.SsoSession, po.AwsAccountId });
         }
 
         public override int GetHashCode()
         {
-            return Hashing.Hash(AccessKey, EndpointName, ExternalID, MfaSerial, RoleArn, RoleSessionName, SecretKey, SourceProfile, Token, UserIdentity, CredentialProcess, WebIdentityTokenFile, SsoAccountId, SsoRegion, SsoRegistrationScopes, SsoRoleName, SsoStartUrl, SsoSession, Services, EndpointUrl);
+            return Hashing.Hash(AccessKey, EndpointName, ExternalID, MfaSerial, RoleArn, RoleSessionName, SecretKey, SourceProfile, Token, UserIdentity, CredentialProcess, WebIdentityTokenFile, SsoAccountId, SsoRegion, SsoRegistrationScopes, SsoRoleName, SsoStartUrl, SsoSession, AwsAccountId);
         }
     }
 }