aws · S-Saranya1 · Mar 27, 2026 · Mar 27, 2026 · Fred1155 · Mar 30, 2026
@@ -20,7 +20,6 @@
 import software.amazon.awssdk.codegen.emitters.GeneratorTask;
 import software.amazon.awssdk.codegen.emitters.GeneratorTaskParams;
 import software.amazon.awssdk.codegen.emitters.PoetGeneratorTask;
-import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeInterceptorSpec;
 import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeParamsSpec;
 import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeProviderSpec;
 import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeSpecUtils;
@@ -85,10 +84,6 @@ private GeneratorTask generateEndpointAwareAuthSchemeParams() {
 
     }
 
-    private GeneratorTask generateAuthSchemeInterceptor() {
-        return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(), new AuthSchemeInterceptorSpec(model));
-    }
-
     private String authSchemeDir() {
         return generatorTaskParams.getPathProvider().getAuthSchemeDirectory();
     }

@@ -32,9 +32,8 @@
 import software.amazon.awssdk.codegen.poet.rules.EndpointProviderInterfaceSpec;
 import software.amazon.awssdk.codegen.poet.rules.EndpointProviderSpec;
 import software.amazon.awssdk.codegen.poet.rules.EndpointProviderTestSpec;
-import software.amazon.awssdk.codegen.poet.rules.EndpointResolverInterceptorSpec;
+import software.amazon.awssdk.codegen.poet.rules.EndpointResolverUtilsSpec;
 import software.amazon.awssdk.codegen.poet.rules.EndpointRulesClientTestSpec;
-import software.amazon.awssdk.codegen.poet.rules.RequestEndpointInterceptorSpec;
 import software.amazon.awssdk.codegen.poet.rules2.EndpointProviderSpec2;
 
 public final class EndpointProviderTasks extends BaseGeneratorTasks {
@@ -103,8 +102,7 @@ private boolean shouldGenerateCompiledEndpointRules() {
 
     private Collection<GeneratorTask> generateInterceptors() {
         return Arrays.asList(
-            new PoetGeneratorTask(endpointRulesInternalDir(), model.getFileHeader(), new EndpointResolverInterceptorSpec(model)),
-            new PoetGeneratorTask(endpointRulesInternalDir(), model.getFileHeader(), new RequestEndpointInterceptorSpec(model)));
+            new PoetGeneratorTask(endpointRulesInternalDir(), model.getFileHeader(), new EndpointResolverUtilsSpec(model)));
     }
 
     private GeneratorTask generateClientTests() {

@@ -370,9 +370,6 @@ private MethodSpec finalizeServiceConfigurationMethod() {
 
         List<ClassName> builtInInterceptors = new ArrayList<>();
 
-        builtInInterceptors.add(endpointRulesSpecUtils.resolverInterceptorName());
-        builtInInterceptors.add(endpointRulesSpecUtils.requestModifierInterceptorName());
-
         for (String interceptor : model.getCustomizationConfig().getInterceptors()) {
             builtInInterceptors.add(ClassName.bestGuess(interceptor));
         }

@@ -172,7 +172,8 @@ protected void addAdditionalMethods(TypeSpec.Builder type) {
             .addMethods(protocolSpec.additionalMethods())
             .addMethod(protocolSpec.initProtocolFactory(model))
             .addMethod(resolveMetricPublishersMethod())
-            .addMethod(ClientClassUtils.resolveAuthSchemeOptionsMethod(authSchemeSpecUtils, endpointRulesSpecUtils));
+            .addMethod(ClientClassUtils.resolveAuthSchemeOptionsMethod(authSchemeSpecUtils, endpointRulesSpecUtils))
+            .addMethod(ClientClassUtils.resolveEndpointMethod(authSchemeSpecUtils, endpointRulesSpecUtils));
 
         type.addMethod(ClientClassUtils.updateRetryStrategyClientConfigurationMethod());
         type.addMethod(updateSdkClientConfigurationMethod(configurationUtils.serviceClientConfigurationBuilderClassName(),

@@ -25,11 +25,13 @@
 import com.squareup.javapoet.ParameterizedTypeName;
 import com.squareup.javapoet.TypeName;
 import com.squareup.javapoet.TypeVariableName;
+import com.squareup.javapoet.WildcardTypeName;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
+import java.util.concurrent.CompletionException;
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
 import javax.lang.model.element.Modifier;
@@ -51,11 +53,16 @@
 import software.amazon.awssdk.core.SdkClient;
 import software.amazon.awssdk.core.SdkPlugin;
 import software.amazon.awssdk.core.SdkRequest;
+import software.amazon.awssdk.core.SelectedAuthScheme;
 import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
 import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
 import software.amazon.awssdk.core.client.config.SdkClientOption;
+import software.amazon.awssdk.core.exception.SdkClientException;
+import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
+import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
 import software.amazon.awssdk.core.retry.RetryMode;
 import software.amazon.awssdk.core.signer.Signer;
+import software.amazon.awssdk.endpoints.Endpoint;
 import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
 import software.amazon.awssdk.retries.api.RetryStrategy;
 import software.amazon.awssdk.utils.AttributeMap;
@@ -406,9 +413,6 @@ private static void addSimpleAuthSchemeResolution(MethodSpec.Builder builder,
                                  ClassName.get(Set.class), awsClientOption);
             builder.beginControlFlow("if (!$T.isNullOrEmpty(sigv4aRegionSet))", CollectionUtils.class);
             builder.addStatement("paramsBuilder.regionSet($T.create(sigv4aRegionSet))", regionSet);
-            builder.nextControlFlow("else");
-            builder.addStatement("paramsBuilder.regionSet($T.create(clientConfiguration.option($T.AWS_REGION).id()))",
-                                 regionSet, awsClientOption);
             builder.endControlFlow();
         }
 
@@ -422,7 +426,7 @@ private static void addEndpointBasedAuthSchemeResolution(MethodSpec.Builder buil
         ClassName paramsInterface = authSchemeSpecUtils.parametersInterfaceName();
         ClassName awsClientOption = ClassName.get("software.amazon.awssdk.awscore.client.config", "AwsClientOption");
         ClassName endpointParamsClass = endpointRulesSpecUtils.parametersClassName();
-        ClassName resolverInterceptor = endpointRulesSpecUtils.resolverInterceptorName();
+        ClassName endpointResolverUtils = endpointRulesSpecUtils.endpointResolverUtilsName();
         ClassName executionAttributesClass = ClassName.get("software.amazon.awssdk.core.interceptor", "ExecutionAttributes");
         ClassName awsExecutionAttribute = ClassName.get("software.amazon.awssdk.awscore", "AwsExecutionAttribute");
         ClassName sdkExecutionAttribute = ClassName.get("software.amazon.awssdk.core.interceptor", "SdkExecutionAttribute");
@@ -447,7 +451,7 @@ private static void addEndpointBasedAuthSchemeResolution(MethodSpec.Builder buil
                              sdkInternalExecutionAttribute, SdkClientOption.class);
 
         builder.addStatement("$T endpointParams = $T.ruleParams(request, executionAttributes)",
-                             endpointParamsClass, resolverInterceptor);
+                             endpointParamsClass, endpointResolverUtils);
 
         builder.addStatement("$T.Builder paramsBuilder = $T.builder()", paramsInterface, paramsInterface);
 
@@ -467,6 +471,15 @@ private static void addEndpointBasedAuthSchemeResolution(MethodSpec.Builder buil
             builder.addStatement("paramsBuilder.region(clientConfiguration.option($T.AWS_REGION))", awsClientOption);
         }
 
+        if (authSchemeSpecUtils.hasSigV4aSupport()) {
+            ClassName regionSet = ClassName.get("software.amazon.awssdk.http.auth.aws.signer", "RegionSet");
+            builder.addStatement("$T<String> sigv4aRegionSet = clientConfiguration.option($T.AWS_SIGV4A_SIGNING_REGION_SET)",
+                                 ClassName.get(Set.class), awsClientOption);
+            builder.beginControlFlow("if (!$T.isNullOrEmpty(sigv4aRegionSet))", CollectionUtils.class);
+            builder.addStatement("paramsBuilder.regionSet($T.create(sigv4aRegionSet))", regionSet);
+            builder.endControlFlow();
+        }
+
         ClassName paramsBuilderClass = authSchemeSpecUtils.parametersEndpointAwareDefaultImplName().nestedClass("Builder");
         ClassName endpointProviderInterface = endpointRulesSpecUtils.providerInterfaceName();
 
@@ -482,4 +495,86 @@ private static void addEndpointBasedAuthSchemeResolution(MethodSpec.Builder buil
         builder.addStatement("$T<$T> options = authSchemeProvider.resolveAuthScheme(paramsBuilder.build())",
                              List.class, AuthSchemeOption.class);
     }
+
+    static MethodSpec resolveEndpointMethod(AuthSchemeSpecUtils authSchemeSpecUtils,
+                                            EndpointRulesSpecUtils endpointRulesSpecUtils) {
+        ClassName utilsClass = endpointRulesSpecUtils.endpointResolverUtilsName();
+        ClassName endpointParamsClass = endpointRulesSpecUtils.parametersClassName();
+        ClassName providerInterface = endpointRulesSpecUtils.providerInterfaceName();
+        ClassName awsEndpointProviderUtils = endpointRulesSpecUtils.sharedAwsEndpointProviderUtilsName();
+        ClassName awsEndpointAttribute = ClassName.get("software.amazon.awssdk.awscore.endpoints", "AwsEndpointAttribute");
+        ClassName endpointAuthScheme = ClassName.get("software.amazon.awssdk.awscore.endpoints.authscheme", "EndpointAuthScheme");
+
+        MethodSpec.Builder b = MethodSpec.methodBuilder("resolveEndpoint")
+                         .addModifiers(PRIVATE)
+                         .returns(Endpoint.class)
+                         .addParameter(SdkRequest.class, "request")
+                         .addParameter(ExecutionAttributes.class, "executionAttributes")
+                         .addParameter(String.class, "operationName");
+
+        b.addStatement("$1T provider = ($1T) executionAttributes.getAttribute($2T.ENDPOINT_PROVIDER)",
+                       providerInterface, SdkInternalExecutionAttribute.class);
+
+        b.beginControlFlow("try");
+        b.addStatement("$T endpointParams = $T.ruleParams(request, executionAttributes)",
+                       endpointParamsClass, utilsClass);
+        b.addStatement("$T endpoint = provider.resolveEndpoint(endpointParams).join()", Endpoint.class);
+
+        b.beginControlFlow("if (!$T.disableHostPrefixInjection(executionAttributes))", awsEndpointProviderUtils);
+        b.addStatement("$T hostPrefix = $T.hostPrefix(operationName, request)",
+                       ParameterizedTypeName.get(Optional.class, String.class), utilsClass);
+        b.beginControlFlow("if (hostPrefix.isPresent())");
+        b.addStatement("endpoint = $T.addHostPrefix(endpoint, hostPrefix.get())", awsEndpointProviderUtils);
+        b.endControlFlow();
+        b.endControlFlow();
+
+        b.addStatement("$T endpointAuthSchemes = endpoint.attribute($T.AUTH_SCHEMES)",
+                       ParameterizedTypeName.get(ClassName.get(List.class), endpointAuthScheme),
+                       awsEndpointAttribute);
+        b.addStatement("$T selectedAuthScheme = executionAttributes.getAttribute($T.SELECTED_AUTH_SCHEME)",
+                       ParameterizedTypeName.get(ClassName.get(SelectedAuthScheme.class),
+                                                WildcardTypeName.subtypeOf(Object.class)),
+                       SdkInternalExecutionAttribute.class);
+        b.beginControlFlow("if (endpointAuthSchemes != null && selectedAuthScheme != null)");
+        b.addStatement("selectedAuthScheme = $T.authSchemeWithEndpointSignerProperties(endpointAuthSchemes, selectedAuthScheme)",
+                       utilsClass);
+
+        if (authSchemeSpecUtils.usesSigV4a() || authSchemeSpecUtils.generateEndpointBasedParams()) {
+            ClassName awsV4aAuthScheme = ClassName.get("software.amazon.awssdk.http.auth.aws.scheme", "AwsV4aAuthScheme");
+            ClassName awsV4aHttpSigner = ClassName.get("software.amazon.awssdk.http.auth.aws.signer", "AwsV4aHttpSigner");
+            ClassName regionSet = ClassName.get("software.amazon.awssdk.http.auth.aws.signer", "RegionSet");
+            ClassName authSchemeOption = ClassName.get("software.amazon.awssdk.http.auth.spi.scheme", "AuthSchemeOption");
+
+            b.addComment("Precedence of SigV4a RegionSet is set according to multi-auth SigV4a specifications");
+            b.beginControlFlow("if (selectedAuthScheme.authSchemeOption().schemeId().equals($T.SCHEME_ID) "
+                               + "&& selectedAuthScheme.authSchemeOption().signerProperty($T.REGION_SET) == null)",
+                               awsV4aAuthScheme, awsV4aHttpSigner);
+            b.addStatement("$T optionBuilder = selectedAuthScheme.authSchemeOption().toBuilder()",
+                           authSchemeOption.nestedClass("Builder"));
+            b.addStatement("$1T rs = $1T.create(endpointParams.region().id())", regionSet);
+            b.addStatement("optionBuilder.putSignerProperty($T.REGION_SET, rs)", awsV4aHttpSigner);
+            b.addStatement("selectedAuthScheme = new $T(selectedAuthScheme.identity(), selectedAuthScheme.signer(), "
+                           + "optionBuilder.build())", SelectedAuthScheme.class);
+            b.endControlFlow();
+        }
+
+        b.addStatement("executionAttributes.putAttribute($T.SELECTED_AUTH_SCHEME, selectedAuthScheme)",
+                       SdkInternalExecutionAttribute.class);
+        b.endControlFlow();
+
+        b.addStatement("$T.setMetricValues(endpoint, executionAttributes)", utilsClass);
+
+        b.addStatement("return endpoint");
+
+        b.nextControlFlow("catch ($T e)", CompletionException.class);
+        b.addStatement("$T cause = e.getCause()", Throwable.class);
+        b.beginControlFlow("if (cause instanceof $T)", SdkClientException.class);
+        b.addStatement("throw ($T) cause", SdkClientException.class);
+        b.endControlFlow();
+        b.addStatement("throw $T.create($S + cause.getMessage(), cause)",
+                       SdkClientException.class, "Endpoint resolution failed: ");
+        b.endControlFlow();
+
+        return b.build();
+    }
 }
@@ -140,7 +140,8 @@ protected void addAdditionalMethods(TypeSpec.Builder type) {
             .addMethod(nameMethod())
             .addMethods(protocolSpec.additionalMethods())
             .addMethod(resolveMetricPublishersMethod())
-            .addMethod(ClientClassUtils.resolveAuthSchemeOptionsMethod(authSchemeSpecUtils, endpointRulesSpecUtils));
+            .addMethod(ClientClassUtils.resolveAuthSchemeOptionsMethod(authSchemeSpecUtils, endpointRulesSpecUtils))
+            .addMethod(ClientClassUtils.resolveEndpointMethod(authSchemeSpecUtils, endpointRulesSpecUtils));
 
         protocolSpec.createErrorResponseHandler().ifPresent(type::addMethod);
         type.addMethod(ClientClassUtils.updateRetryStrategyClientConfigurationMethod());

@@ -224,6 +224,8 @@ public CodeBlock executionHandler(OperationModel opModel) {
                      .add(".withMetricCollector(apiCallMetricCollector)\n")
                      .add(".withAuthSchemeOptionsResolver(r -> resolveAuthSchemeOptions(r, $S, clientConfiguration))\n",
                           opModel.getOperationName())
+                     .add(".withEndpointResolver((r, a) -> resolveEndpoint(r, a, $S))\n",
+                          opModel.getOperationName())
                      .add(HttpChecksumRequiredTrait.putHttpChecksumAttribute(opModel))
                      .add(HttpChecksumTrait.create(opModel));
 
@@ -299,6 +301,8 @@ public CodeBlock asyncExecutionHandler(IntermediateModel intermediateModel, Oper
                .add(".withMetricCollector(apiCallMetricCollector)\n")
                .add(".withAuthSchemeOptionsResolver(r -> resolveAuthSchemeOptions(r, $S, clientConfiguration))\n",
                     opModel.getOperationName())
+               .add(".withEndpointResolver((r, a) -> resolveEndpoint(r, a, $S))\n",
+                    opModel.getOperationName())
                .add(hostPrefixExpression(opModel))
                .add(discoveredEndpoint(opModel))
                .add(credentialType(opModel, model))

@@ -118,6 +118,8 @@ public CodeBlock executionHandler(OperationModel opModel) {
                      .add(".withMetricCollector(apiCallMetricCollector)")
                      .add(".withAuthSchemeOptionsResolver(r -> resolveAuthSchemeOptions(r, $S, clientConfiguration))\n",
                           opModel.getOperationName())
+                     .add(".withEndpointResolver((r, a) -> resolveEndpoint(r, a, $S))\n",
+                          opModel.getOperationName())
                      .add(HttpChecksumRequiredTrait.putHttpChecksumAttribute(opModel))
                      .add(HttpChecksumTrait.create(opModel));
 
@@ -159,6 +161,8 @@ public CodeBlock asyncExecutionHandler(IntermediateModel intermediateModel, Oper
                      .add(".withMetricCollector(apiCallMetricCollector)\n")
                      .add(".withAuthSchemeOptionsResolver(r -> resolveAuthSchemeOptions(r, $S, clientConfiguration))\n",
                           opModel.getOperationName())
+                     .add(".withEndpointResolver((r, a) -> resolveEndpoint(r, a, $S))\n",
+                          opModel.getOperationName())
                      .add(HttpChecksumRequiredTrait.putHttpChecksumAttribute(opModel))
                      .add(HttpChecksumTrait.create(opModel));
 

@@ -136,6 +136,8 @@ public CodeBlock executionHandler(OperationModel opModel) {
                                                .add(".withRequestConfiguration(clientConfiguration)")
                      .add(".withInput($L)", opModel.getInput().getVariableName())
                      .add(".withAuthSchemeOptionsResolver(r -> resolveAuthSchemeOptions(r, $S, clientConfiguration))\n",
+                          opModel.getOperationName())
+                     .add(".withEndpointResolver((r, a) -> resolveEndpoint(r, a, $S))\n",
                           opModel.getOperationName())
                                                .add(HttpChecksumRequiredTrait.putHttpChecksumAttribute(opModel))
                                                .add(HttpChecksumTrait.create(opModel));
@@ -217,6 +219,8 @@ public CodeBlock asyncExecutionHandler(IntermediateModel intermediateModel, Oper
                      .add(".withMetricCollector(apiCallMetricCollector)\n")
                      .add(".withAuthSchemeOptionsResolver(r -> resolveAuthSchemeOptions(r, $S, clientConfiguration))\n",
                           opModel.getOperationName())
+                     .add(".withEndpointResolver((r, a) -> resolveEndpoint(r, a, $S))\n",
+                          opModel.getOperationName())
                .add(asyncRequestBody(opModel))
                .add(HttpChecksumRequiredTrait.putHttpChecksumAttribute(opModel))
                .add(HttpChecksumTrait.create(opModel));