From 44e4102b1a622afde153ee8ca6273a9b2a8e7fac Mon Sep 17 00:00:00 2001
From: Steven Yuan <yuasteve@amazon.com>
Date: Thu, 11 Jan 2024 07:01:07 -0800
Subject: [PATCH 1/3] chore(codegen): update smithy-typescript commit

---
 scripts/generate-clients/config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generate-clients/config.js b/scripts/generate-clients/config.js
index df3886d43330..4f395ea6077b 100644
--- a/scripts/generate-clients/config.js
+++ b/scripts/generate-clients/config.js
@@ -1,5 +1,5 @@
 // Update this commit when taking up new changes from smithy-typescript.
 module.exports = {
   // Use full commit hash as we explicitly fetch it.
-  SMITHY_TS_COMMIT: "9972041f7d31886e035ec68bffc5f0af12512dd3",
+  SMITHY_TS_COMMIT: "57e6be9a9458974beb8fc3b7508c211f893120c6",
 };

From 3e21108c84be1261323913364bc52400a7855de6 Mon Sep 17 00:00:00 2001
From: Steven Yuan <yuasteve@amazon.com>
Date: Fri, 29 Sep 2023 14:58:58 -0700
Subject: [PATCH 2/3] feat(experimentalIdentityAndAuth): release phase for
 services with customizations

Services:

- API Gateway
- Glacier
- Machine Learning
- Route 53
- S3 Control
---
 codegen/sdk-codegen/build.gradle.kts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/codegen/sdk-codegen/build.gradle.kts b/codegen/sdk-codegen/build.gradle.kts
index 2adf0678f8e7..9f50bfb0a7f7 100644
--- a/codegen/sdk-codegen/build.gradle.kts
+++ b/codegen/sdk-codegen/build.gradle.kts
@@ -113,6 +113,11 @@ tasks.register("generate-smithy-build") {
                 ShapeId.from("com.amazonaws.rds#AmazonRDSv19"),
                 ShapeId.from("com.amazonaws.ec2#AmazonEC2"),
                 ShapeId.from("com.amazonaws.polly#Parrot_v1"),
+                ShapeId.from("com.amazonaws.apigateway#BackplaneControlService"),
+                ShapeId.from("com.amazonaws.glacier#Glacier"),
+                ShapeId.from("com.amazonaws.machinelearning#AmazonML_20141212"),
+                ShapeId.from("com.amazonaws.route53#AWSDnsV20130401"),
+                ShapeId.from("com.amazonaws.s3control#AWSS3ControlServiceV20180820"),
             )
             val projectionContents = Node.objectNodeBuilder()
                     .withMember("imports", Node.fromStrings("${models.getAbsolutePath()}${File.separator}${file.name}"))

From ca0c783bffbfe6e27245c68b7c4725f7fdcf0a6a Mon Sep 17 00:00:00 2001
From: Steven Yuan <yuasteve@amazon.com>
Date: Thu, 11 Jan 2024 08:12:16 -0800
Subject: [PATCH 3/3] chore(codegen): generate clients

---
 clients/client-api-gateway/package.json       |   2 +-
 .../src/APIGatewayClient.ts                   |  59 ++--
 .../auth/httpAuthExtensionConfiguration.ts    |  72 +++++
 .../src/auth/httpAuthSchemeProvider.ts        | 137 ++++++++
 .../src/extensionConfiguration.ts             |   5 +-
 .../src/runtimeConfig.shared.ts               |  11 +
 .../src/runtimeExtensions.ts                  |   3 +
 .../src/CodeCatalystClient.ts                 |  20 +-
 .../ListSubscriptionTargetsCommand.ts         |   7 +-
 .../commands/ListTagsForResourceCommand.ts    |   2 +-
 .../src/commands/RejectPredictionsCommand.ts  |   2 +-
 .../RejectSubscriptionRequestCommand.ts       |   8 +-
 .../client-datazone/src/models/models_0.ts    | 306 ++++++++++++++++++
 .../client-datazone/src/models/models_1.ts    | 306 ------------------
 .../src/protocols/Aws_restJson1.ts            |   6 +-
 clients/client-dynamodb/src/DynamoDBClient.ts |  20 +-
 clients/client-ec2/src/EC2Client.ts           |  20 +-
 clients/client-glacier/package.json           |   2 +-
 clients/client-glacier/src/GlacierClient.ts   |  67 ++--
 .../auth/httpAuthExtensionConfiguration.ts    |  72 +++++
 .../src/auth/httpAuthSchemeProvider.ts        | 137 ++++++++
 .../src/extensionConfiguration.ts             |   5 +-
 .../src/runtimeConfig.shared.ts               |  11 +
 .../client-glacier/src/runtimeExtensions.ts   |   3 +
 clients/client-machine-learning/package.json  |   2 +-
 .../src/MachineLearningClient.ts              |  59 ++--
 .../auth/httpAuthExtensionConfiguration.ts    |  72 +++++
 .../src/auth/httpAuthSchemeProvider.ts        | 138 ++++++++
 .../src/extensionConfiguration.ts             |   5 +-
 .../src/runtimeConfig.shared.ts               |  11 +
 .../src/runtimeExtensions.ts                  |   3 +
 clients/client-polly/src/PollyClient.ts       |  20 +-
 clients/client-rds/src/RDSClient.ts           |  20 +-
 clients/client-route-53/package.json          |   2 +-
 clients/client-route-53/src/Route53Client.ts  |  59 ++--
 .../auth/httpAuthExtensionConfiguration.ts    |  72 +++++
 .../src/auth/httpAuthSchemeProvider.ts        | 137 ++++++++
 .../src/extensionConfiguration.ts             |   5 +-
 .../src/runtimeConfig.shared.ts               |  11 +
 .../client-route-53/src/runtimeExtensions.ts  |   3 +
 clients/client-s3-control/package.json        |   2 +-
 .../client-s3-control/src/S3ControlClient.ts  |  61 ++--
 .../auth/httpAuthExtensionConfiguration.ts    |  72 +++++
 .../src/auth/httpAuthSchemeProvider.ts        | 137 ++++++++
 .../src/extensionConfiguration.ts             |   5 +-
 .../src/runtimeConfig.shared.ts               |  11 +
 .../src/runtimeExtensions.ts                  |   3 +
 clients/client-sqs/src/SQSClient.ts           |  20 +-
 clients/client-sts/src/STSClient.ts           |  20 +-
 .../src/WeatherClient.ts                      |  24 +-
 50 files changed, 1738 insertions(+), 519 deletions(-)
 create mode 100644 clients/client-api-gateway/src/auth/httpAuthExtensionConfiguration.ts
 create mode 100644 clients/client-api-gateway/src/auth/httpAuthSchemeProvider.ts
 create mode 100644 clients/client-glacier/src/auth/httpAuthExtensionConfiguration.ts
 create mode 100644 clients/client-glacier/src/auth/httpAuthSchemeProvider.ts
 create mode 100644 clients/client-machine-learning/src/auth/httpAuthExtensionConfiguration.ts
 create mode 100644 clients/client-machine-learning/src/auth/httpAuthSchemeProvider.ts
 create mode 100644 clients/client-route-53/src/auth/httpAuthExtensionConfiguration.ts
 create mode 100644 clients/client-route-53/src/auth/httpAuthSchemeProvider.ts
 create mode 100644 clients/client-s3-control/src/auth/httpAuthExtensionConfiguration.ts
 create mode 100644 clients/client-s3-control/src/auth/httpAuthSchemeProvider.ts

diff --git a/clients/client-api-gateway/package.json b/clients/client-api-gateway/package.json
index 23bab3f5f828..3a7361fe75c7 100644
--- a/clients/client-api-gateway/package.json
+++ b/clients/client-api-gateway/package.json
@@ -27,7 +27,6 @@
     "@aws-sdk/middleware-logger": "*",
     "@aws-sdk/middleware-recursion-detection": "*",
     "@aws-sdk/middleware-sdk-api-gateway": "*",
-    "@aws-sdk/middleware-signing": "*",
     "@aws-sdk/middleware-user-agent": "*",
     "@aws-sdk/region-config-resolver": "*",
     "@aws-sdk/types": "*",
@@ -56,6 +55,7 @@
     "@smithy/util-defaults-mode-browser": "^2.0.24",
     "@smithy/util-defaults-mode-node": "^2.0.32",
     "@smithy/util-endpoints": "^1.0.8",
+    "@smithy/util-middleware": "^2.0.9",
     "@smithy/util-retry": "^2.0.9",
     "@smithy/util-stream": "^2.0.24",
     "@smithy/util-utf8": "^2.0.2",
diff --git a/clients/client-api-gateway/src/APIGatewayClient.ts b/clients/client-api-gateway/src/APIGatewayClient.ts
index 80888141cf57..cdea61283929 100644
--- a/clients/client-api-gateway/src/APIGatewayClient.ts
+++ b/clients/client-api-gateway/src/APIGatewayClient.ts
@@ -8,20 +8,18 @@ import {
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
 import { getAcceptHeaderPlugin } from "@aws-sdk/middleware-sdk-api-gateway";
-import {
-  AwsAuthInputConfig,
-  AwsAuthResolvedConfig,
-  getAwsAuthPlugin,
-  resolveAwsAuthConfig,
-} from "@aws-sdk/middleware-signing";
 import {
   getUserAgentPlugin,
   resolveUserAgentConfig,
   UserAgentInputConfig,
   UserAgentResolvedConfig,
 } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials } from "@aws-sdk/types";
 import { RegionInputConfig, RegionResolvedConfig, resolveRegionConfig } from "@smithy/config-resolver";
+import {
+  DefaultIdentityProviderConfig,
+  getHttpAuthSchemeEndpointRuleSetPlugin,
+  getHttpSigningPlugin,
+} from "@smithy/core";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
 import { EndpointInputConfig, EndpointResolvedConfig, resolveEndpointConfig } from "@smithy/middleware-endpoint";
 import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
@@ -33,6 +31,7 @@ import {
   SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
 } from "@smithy/smithy-client";
 import {
+  AwsCredentialIdentityProvider,
   BodyLengthCalculator as __BodyLengthCalculator,
   CheckOptionalClientConfig as __CheckOptionalClientConfig,
   ChecksumConstructor as __ChecksumConstructor,
@@ -49,6 +48,12 @@ import {
   UserAgent as __UserAgent,
 } from "@smithy/types";
 
+import {
+  defaultAPIGatewayHttpAuthSchemeParametersProvider,
+  HttpAuthSchemeInputConfig,
+  HttpAuthSchemeResolvedConfig,
+  resolveHttpAuthSchemeConfig,
+} from "./auth/httpAuthSchemeProvider";
 import { CreateApiKeyCommandInput, CreateApiKeyCommandOutput } from "./commands/CreateApiKeyCommand";
 import { CreateAuthorizerCommandInput, CreateAuthorizerCommandOutput } from "./commands/CreateAuthorizerCommand";
 import {
@@ -625,21 +630,22 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
   useFipsEndpoint?: boolean | __Provider<boolean>;
 
   /**
-   * The AWS region to which this client will send requests
+   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * @internal
    */
-  region?: string | __Provider<string>;
+  defaultUserAgentProvider?: Provider<__UserAgent>;
 
   /**
-   * Default credentials provider; Not available in browser runtime.
-   * @internal
+   * The AWS region to which this client will send requests
    */
-  credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
+  region?: string | __Provider<string>;
 
   /**
-   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * Default credentials provider; Not available in browser runtime.
+   * @deprecated
    * @internal
    */
-  defaultUserAgentProvider?: Provider<__UserAgent>;
+  credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
 
   /**
    * Value for how many times a request will be made at most in case of retry.
@@ -678,8 +684,8 @@ export type APIGatewayClientConfigType = Partial<__SmithyConfiguration<__HttpHan
   EndpointInputConfig<EndpointParameters> &
   RetryInputConfig &
   HostHeaderInputConfig &
-  AwsAuthInputConfig &
   UserAgentInputConfig &
+  HttpAuthSchemeInputConfig &
   ClientInputEndpointParameters;
 /**
  * @public
@@ -698,8 +704,8 @@ export type APIGatewayClientResolvedConfigType = __SmithyResolvedConfiguration<_
   EndpointResolvedConfig<EndpointParameters> &
   RetryResolvedConfig &
   HostHeaderResolvedConfig &
-  AwsAuthResolvedConfig &
   UserAgentResolvedConfig &
+  HttpAuthSchemeResolvedConfig &
   ClientResolvedEndpointParameters;
 /**
  * @public
@@ -731,8 +737,8 @@ export class APIGatewayClient extends __Client<
     const _config_3 = resolveEndpointConfig(_config_2);
     const _config_4 = resolveRetryConfig(_config_3);
     const _config_5 = resolveHostHeaderConfig(_config_4);
-    const _config_6 = resolveAwsAuthConfig(_config_5);
-    const _config_7 = resolveUserAgentConfig(_config_6);
+    const _config_6 = resolveUserAgentConfig(_config_5);
+    const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
     const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
     super(_config_8);
     this.config = _config_8;
@@ -742,8 +748,14 @@ export class APIGatewayClient extends __Client<
     this.middlewareStack.use(getHostHeaderPlugin(this.config));
     this.middlewareStack.use(getLoggerPlugin(this.config));
     this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
-    this.middlewareStack.use(getAwsAuthPlugin(this.config));
     this.middlewareStack.use(getUserAgentPlugin(this.config));
+    this.middlewareStack.use(
+      getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
+        httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
+        identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+      })
+    );
+    this.middlewareStack.use(getHttpSigningPlugin(this.config));
   }
 
   /**
@@ -754,4 +766,13 @@ export class APIGatewayClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultAPIGatewayHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: APIGatewayClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-api-gateway/src/auth/httpAuthExtensionConfiguration.ts b/clients/client-api-gateway/src/auth/httpAuthExtensionConfiguration.ts
new file mode 100644
index 000000000000..f7ad2ed02317
--- /dev/null
+++ b/clients/client-api-gateway/src/auth/httpAuthExtensionConfiguration.ts
@@ -0,0 +1,72 @@
+// smithy-typescript generated code
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+
+import { APIGatewayHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+  setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+  httpAuthSchemes(): HttpAuthScheme[];
+  setHttpAuthSchemeProvider(httpAuthSchemeProvider: APIGatewayHttpAuthSchemeProvider): void;
+  httpAuthSchemeProvider(): APIGatewayHttpAuthSchemeProvider;
+  setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+  credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+  httpAuthSchemes: HttpAuthScheme[];
+  httpAuthSchemeProvider: APIGatewayHttpAuthSchemeProvider;
+  credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+
+/**
+ * @internal
+ */
+export const getHttpAuthExtensionConfiguration = (
+  runtimeConfig: HttpAuthRuntimeConfig
+): HttpAuthExtensionConfiguration => {
+  const _httpAuthSchemes = runtimeConfig.httpAuthSchemes!;
+  let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider!;
+  let _credentials = runtimeConfig.credentials;
+  return {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void {
+      const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+      if (index === -1) {
+        _httpAuthSchemes.push(httpAuthScheme);
+      } else {
+        _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+      }
+    },
+    httpAuthSchemes(): HttpAuthScheme[] {
+      return _httpAuthSchemes;
+    },
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: APIGatewayHttpAuthSchemeProvider): void {
+      _httpAuthSchemeProvider = httpAuthSchemeProvider;
+    },
+    httpAuthSchemeProvider(): APIGatewayHttpAuthSchemeProvider {
+      return _httpAuthSchemeProvider;
+    },
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void {
+      _credentials = credentials;
+    },
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined {
+      return _credentials;
+    },
+  };
+};
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthRuntimeConfig = (config: HttpAuthExtensionConfiguration): HttpAuthRuntimeConfig => {
+  return {
+    httpAuthSchemes: config.httpAuthSchemes(),
+    httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+    credentials: config.credentials(),
+  };
+};
diff --git a/clients/client-api-gateway/src/auth/httpAuthSchemeProvider.ts b/clients/client-api-gateway/src/auth/httpAuthSchemeProvider.ts
new file mode 100644
index 000000000000..1af3e1a35bd7
--- /dev/null
+++ b/clients/client-api-gateway/src/auth/httpAuthSchemeProvider.ts
@@ -0,0 +1,137 @@
+// smithy-typescript generated code
+import {
+  AwsSdkSigV4AuthInputConfig,
+  AwsSdkSigV4AuthResolvedConfig,
+  AwsSdkSigV4PreviouslyResolved,
+  resolveAwsSdkSigV4Config,
+} from "@aws-sdk/core";
+import {
+  HandlerExecutionContext,
+  HttpAuthOption,
+  HttpAuthScheme,
+  HttpAuthSchemeParameters,
+  HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeProvider,
+} from "@smithy/types";
+import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
+
+import { APIGatewayClientConfig, APIGatewayClientResolvedConfig } from "../APIGatewayClient";
+
+/**
+ * @internal
+ */
+export interface APIGatewayHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+  region?: string;
+}
+
+/**
+ * @internal
+ */
+export interface APIGatewayHttpAuthSchemeParametersProvider
+  extends HttpAuthSchemeParametersProvider<
+    APIGatewayClientResolvedConfig,
+    HandlerExecutionContext,
+    APIGatewayHttpAuthSchemeParameters,
+    object
+  > {}
+
+/**
+ * @internal
+ */
+export const defaultAPIGatewayHttpAuthSchemeParametersProvider = async (
+  config: APIGatewayClientResolvedConfig,
+  context: HandlerExecutionContext,
+  input: object
+): Promise<APIGatewayHttpAuthSchemeParameters> => {
+  return {
+    operation: getSmithyContext(context).operation as string,
+    region:
+      (await normalizeProvider(config.region)()) ||
+      (() => {
+        throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+      })(),
+  };
+};
+
+function createAwsAuthSigv4HttpAuthOption(authParameters: APIGatewayHttpAuthSchemeParameters): HttpAuthOption {
+  return {
+    schemeId: "aws.auth#sigv4",
+    signingProperties: {
+      name: "apigateway",
+      region: authParameters.region,
+    },
+    propertiesExtractor: (config: APIGatewayClientConfig, context) => ({
+      /**
+       * @internal
+       */
+      signingProperties: {
+        config,
+        context,
+      },
+    }),
+  };
+}
+
+/**
+ * @internal
+ */
+export interface APIGatewayHttpAuthSchemeProvider extends HttpAuthSchemeProvider<APIGatewayHttpAuthSchemeParameters> {}
+
+/**
+ * @internal
+ */
+export const defaultAPIGatewayHttpAuthSchemeProvider: APIGatewayHttpAuthSchemeProvider = (authParameters) => {
+  const options: HttpAuthOption[] = [];
+  switch (authParameters.operation) {
+    default: {
+      options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+    }
+  }
+  return options;
+};
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  httpAuthSchemes?: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  httpAuthSchemeProvider?: APIGatewayHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  readonly httpAuthSchemes: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  readonly httpAuthSchemeProvider: APIGatewayHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthSchemeConfig = <T>(
+  config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
+): T & HttpAuthSchemeResolvedConfig => {
+  const config_0 = resolveAwsSdkSigV4Config(config);
+  return {
+    ...config_0,
+  } as T & HttpAuthSchemeResolvedConfig;
+};
diff --git a/clients/client-api-gateway/src/extensionConfiguration.ts b/clients/client-api-gateway/src/extensionConfiguration.ts
index 0ba70ef7747d..1de67c9f305c 100644
--- a/clients/client-api-gateway/src/extensionConfiguration.ts
+++ b/clients/client-api-gateway/src/extensionConfiguration.ts
@@ -3,10 +3,13 @@ import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
 
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
+
 /**
  * @internal
  */
 export interface APIGatewayExtensionConfiguration
   extends HttpHandlerExtensionConfiguration,
     DefaultExtensionConfiguration,
-    AwsRegionExtensionConfiguration {}
+    AwsRegionExtensionConfiguration,
+    HttpAuthExtensionConfiguration {}
diff --git a/clients/client-api-gateway/src/runtimeConfig.shared.ts b/clients/client-api-gateway/src/runtimeConfig.shared.ts
index dee01610f2f8..94da1ccbbb7b 100644
--- a/clients/client-api-gateway/src/runtimeConfig.shared.ts
+++ b/clients/client-api-gateway/src/runtimeConfig.shared.ts
@@ -1,10 +1,13 @@
 // smithy-typescript generated code
+import { AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { NoOpLogger } from "@smithy/smithy-client";
+import { IdentityProviderConfig } from "@smithy/types";
 import { parseUrl } from "@smithy/url-parser";
 import { fromBase64, toBase64 } from "@smithy/util-base64";
 import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
 
 import { APIGatewayClientConfig } from "./APIGatewayClient";
+import { defaultAPIGatewayHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
 import { defaultEndpointResolver } from "./endpoint/endpointResolver";
 
 /**
@@ -18,6 +21,14 @@ export const getRuntimeConfig = (config: APIGatewayClientConfig) => {
     disableHostPrefix: config?.disableHostPrefix ?? false,
     endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
     extensions: config?.extensions ?? [],
+    httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultAPIGatewayHttpAuthSchemeProvider,
+    httpAuthSchemes: config?.httpAuthSchemes ?? [
+      {
+        schemeId: "aws.auth#sigv4",
+        identityProvider: (ipc: IdentityProviderConfig) => ipc.getIdentityProvider("aws.auth#sigv4"),
+        signer: new AwsSdkSigV4Signer(),
+      },
+    ],
     logger: config?.logger ?? new NoOpLogger(),
     serviceId: config?.serviceId ?? "API Gateway",
     urlParser: config?.urlParser ?? parseUrl,
diff --git a/clients/client-api-gateway/src/runtimeExtensions.ts b/clients/client-api-gateway/src/runtimeExtensions.ts
index 11cb3e2bcdeb..d2a159b08610 100644
--- a/clients/client-api-gateway/src/runtimeExtensions.ts
+++ b/clients/client-api-gateway/src/runtimeExtensions.ts
@@ -6,6 +6,7 @@ import {
 import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
 import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
 
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
 import { APIGatewayExtensionConfiguration } from "./extensionConfiguration";
 
 /**
@@ -32,6 +33,7 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)),
     ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
     ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
+    ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)),
   };
 
   extensions.forEach((extension) => extension.configure(extensionConfiguration));
@@ -41,5 +43,6 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
     ...resolveDefaultRuntimeConfig(extensionConfiguration),
     ...resolveHttpHandlerRuntimeConfig(extensionConfiguration),
+    ...resolveHttpAuthRuntimeConfig(extensionConfiguration),
   };
 };
diff --git a/clients/client-codecatalyst/src/CodeCatalystClient.ts b/clients/client-codecatalyst/src/CodeCatalystClient.ts
index c6c29e51314e..69d5d9edd96f 100644
--- a/clients/client-codecatalyst/src/CodeCatalystClient.ts
+++ b/clients/client-codecatalyst/src/CodeCatalystClient.ts
@@ -580,17 +580,6 @@ export class CodeCatalystClient extends __Client<
    */
   readonly config: CodeCatalystClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultCodeCatalystHttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: CodeCatalystClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "smithy.api#httpBearerAuth": config.token,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<CodeCatalystClientConfig>) {
     const _config_0 = __getRuntimeConfig(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
@@ -626,4 +615,13 @@ export class CodeCatalystClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultCodeCatalystHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: CodeCatalystClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "smithy.api#httpBearerAuth": config.token,
+      });
+  }
 }
diff --git a/clients/client-datazone/src/commands/ListSubscriptionTargetsCommand.ts b/clients/client-datazone/src/commands/ListSubscriptionTargetsCommand.ts
index a3fc64c834f0..0265c9458056 100644
--- a/clients/client-datazone/src/commands/ListSubscriptionTargetsCommand.ts
+++ b/clients/client-datazone/src/commands/ListSubscriptionTargetsCommand.ts
@@ -6,8 +6,11 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { DataZoneClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../DataZoneClient";
 import { commonParams } from "../endpoint/EndpointParameters";
-import { ListSubscriptionTargetsInput } from "../models/models_0";
-import { ListSubscriptionTargetsOutput, ListSubscriptionTargetsOutputFilterSensitiveLog } from "../models/models_1";
+import {
+  ListSubscriptionTargetsInput,
+  ListSubscriptionTargetsOutput,
+  ListSubscriptionTargetsOutputFilterSensitiveLog,
+} from "../models/models_0";
 import { de_ListSubscriptionTargetsCommand, se_ListSubscriptionTargetsCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-datazone/src/commands/ListTagsForResourceCommand.ts b/clients/client-datazone/src/commands/ListTagsForResourceCommand.ts
index 859bafdd0905..f4d9cb14d239 100644
--- a/clients/client-datazone/src/commands/ListTagsForResourceCommand.ts
+++ b/clients/client-datazone/src/commands/ListTagsForResourceCommand.ts
@@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { DataZoneClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../DataZoneClient";
 import { commonParams } from "../endpoint/EndpointParameters";
-import { ListTagsForResourceRequest, ListTagsForResourceResponse } from "../models/models_1";
+import { ListTagsForResourceRequest, ListTagsForResourceResponse } from "../models/models_0";
 import { de_ListTagsForResourceCommand, se_ListTagsForResourceCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-datazone/src/commands/RejectPredictionsCommand.ts b/clients/client-datazone/src/commands/RejectPredictionsCommand.ts
index cb75aabb0f45..1d79a907d693 100644
--- a/clients/client-datazone/src/commands/RejectPredictionsCommand.ts
+++ b/clients/client-datazone/src/commands/RejectPredictionsCommand.ts
@@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { DataZoneClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../DataZoneClient";
 import { commonParams } from "../endpoint/EndpointParameters";
-import { RejectPredictionsInput, RejectPredictionsOutput } from "../models/models_1";
+import { RejectPredictionsInput, RejectPredictionsOutput } from "../models/models_0";
 import { de_RejectPredictionsCommand, se_RejectPredictionsCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-datazone/src/commands/RejectSubscriptionRequestCommand.ts b/clients/client-datazone/src/commands/RejectSubscriptionRequestCommand.ts
index cf720849a0bf..b7e89ac24a95 100644
--- a/clients/client-datazone/src/commands/RejectSubscriptionRequestCommand.ts
+++ b/clients/client-datazone/src/commands/RejectSubscriptionRequestCommand.ts
@@ -6,12 +6,8 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { DataZoneClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../DataZoneClient";
 import { commonParams } from "../endpoint/EndpointParameters";
-import {
-  RejectSubscriptionRequestInput,
-  RejectSubscriptionRequestInputFilterSensitiveLog,
-  RejectSubscriptionRequestOutput,
-  RejectSubscriptionRequestOutputFilterSensitiveLog,
-} from "../models/models_1";
+import { RejectSubscriptionRequestInput, RejectSubscriptionRequestInputFilterSensitiveLog } from "../models/models_0";
+import { RejectSubscriptionRequestOutput, RejectSubscriptionRequestOutputFilterSensitiveLog } from "../models/models_1";
 import { de_RejectSubscriptionRequestCommand, se_RejectSubscriptionRequestCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-datazone/src/models/models_0.ts b/clients/client-datazone/src/models/models_0.ts
index 73b1404d1d16..26d69d9426bf 100644
--- a/clients/client-datazone/src/models/models_0.ts
+++ b/clients/client-datazone/src/models/models_0.ts
@@ -10715,6 +10715,288 @@ export interface ListSubscriptionTargetsInput {
   nextToken?: string;
 }
 
+/**
+ * @public
+ * <p>The details of the subscription target.</p>
+ */
+export interface SubscriptionTargetSummary {
+  /**
+   * @public
+   * <p>The identifier of the subscription target.</p>
+   */
+  id: string | undefined;
+
+  /**
+   * @public
+   * <p>The authorized principals included in the subscription target.</p>
+   */
+  authorizedPrincipals: string[] | undefined;
+
+  /**
+   * @public
+   * <p>The identifier of the Amazon DataZone domain in which the subscription target exists.</p>
+   */
+  domainId: string | undefined;
+
+  /**
+   * @public
+   * <p>The identifier of the project specified in the subscription target.</p>
+   */
+  projectId: string | undefined;
+
+  /**
+   * @public
+   * <p>The identifier of the environment of the subscription target.</p>
+   */
+  environmentId: string | undefined;
+
+  /**
+   * @public
+   * <p>The name of the subscription target.</p>
+   */
+  name: string | undefined;
+
+  /**
+   * @public
+   * <p>The type of the subscription target.</p>
+   */
+  type: string | undefined;
+
+  /**
+   * @public
+   * <p>The Amazon DataZone user who created the subscription target.</p>
+   */
+  createdBy: string | undefined;
+
+  /**
+   * @public
+   * <p>The Amazon DataZone user who updated the subscription target.</p>
+   */
+  updatedBy?: string;
+
+  /**
+   * @public
+   * <p>The timestamp of when the subscription target was created.</p>
+   */
+  createdAt: Date | undefined;
+
+  /**
+   * @public
+   * <p>The timestamp of when the subscription target was updated.</p>
+   */
+  updatedAt?: Date;
+
+  /**
+   * @public
+   * <p>The manage access role specified in the subscription target.</p>
+   */
+  manageAccessRole: string | undefined;
+
+  /**
+   * @public
+   * <p>The asset types included in the subscription target.</p>
+   */
+  applicableAssetTypes: string[] | undefined;
+
+  /**
+   * @public
+   * <p>The configuration of the subscription target.</p>
+   */
+  subscriptionTargetConfig: SubscriptionTargetForm[] | undefined;
+
+  /**
+   * @public
+   * <p>The provider of the subscription target.</p>
+   */
+  provider: string | undefined;
+}
+
+/**
+ * @public
+ */
+export interface ListSubscriptionTargetsOutput {
+  /**
+   * @public
+   * <p>The results of the <code>ListSubscriptionTargets</code> action.</p>
+   */
+  items: SubscriptionTargetSummary[] | undefined;
+
+  /**
+   * @public
+   * <p>When the number of subscription targets is greater than the default value for the
+   *             <code>MaxResults</code> parameter, or if you explicitly specify a value for
+   *             <code>MaxResults</code> that is less than the number of subscription targets, the
+   *          response includes a pagination token named <code>NextToken</code>. You can specify this
+   *             <code>NextToken</code> value in a subsequent call to
+   *             <code>ListSubscriptionTargets</code> to list the next set of subscription
+   *          targets.</p>
+   */
+  nextToken?: string;
+}
+
+/**
+ * @public
+ */
+export interface ListTagsForResourceRequest {
+  /**
+   * @public
+   * <p>The ARN of the resource whose tags you want to list.</p>
+   */
+  resourceArn: string | undefined;
+}
+
+/**
+ * @public
+ */
+export interface ListTagsForResourceResponse {
+  /**
+   * @public
+   * <p>The tags of the specified resource.</p>
+   */
+  tags?: Record<string, string>;
+}
+
+/**
+ * @public
+ * <p>The details of the automatically generated business metadata that is rejected.</p>
+ */
+export interface RejectChoice {
+  /**
+   * @public
+   * <p>Specifies the target (for example, a column name) where a prediction can be
+   *          rejected.</p>
+   */
+  predictionTarget?: string;
+
+  /**
+   * @public
+   * <p>Specifies the the automatically generated business metadata that can be rejected.</p>
+   */
+  predictionChoices?: number[];
+}
+
+/**
+ * @public
+ * @enum
+ */
+export const RejectRuleBehavior = {
+  ALL: "ALL",
+  NONE: "NONE",
+} as const;
+
+/**
+ * @public
+ */
+export type RejectRuleBehavior = (typeof RejectRuleBehavior)[keyof typeof RejectRuleBehavior];
+
+/**
+ * @public
+ * <p>Specifies the rule and the threshold under which a prediction can be rejected.</p>
+ */
+export interface RejectRule {
+  /**
+   * @public
+   * <p>Specifies whether you want to reject the top prediction for all targets or none.</p>
+   */
+  rule?: RejectRuleBehavior;
+
+  /**
+   * @public
+   * <p>The confidence score that specifies the condition at which a prediction can be
+   *          rejected.</p>
+   */
+  threshold?: number;
+}
+
+/**
+ * @public
+ */
+export interface RejectPredictionsInput {
+  /**
+   * @public
+   * <p>The identifier of the Amazon DataZone domain.</p>
+   */
+  domainIdentifier: string | undefined;
+
+  /**
+   * @public
+   * <p>The identifier of the prediction.</p>
+   */
+  identifier: string | undefined;
+
+  /**
+   * @public
+   * <p/>
+   */
+  revision?: string;
+
+  /**
+   * @public
+   * <p/>
+   */
+  rejectRule?: RejectRule;
+
+  /**
+   * @public
+   * <p/>
+   */
+  rejectChoices?: RejectChoice[];
+
+  /**
+   * @public
+   * <p>A unique, case-sensitive identifier that is provided to ensure the idempotency of the
+   *          request.</p>
+   */
+  clientToken?: string;
+}
+
+/**
+ * @public
+ */
+export interface RejectPredictionsOutput {
+  /**
+   * @public
+   * <p/>
+   */
+  domainId: string | undefined;
+
+  /**
+   * @public
+   * <p/>
+   */
+  assetId: string | undefined;
+
+  /**
+   * @public
+   * <p/>
+   */
+  assetRevision: string | undefined;
+}
+
+/**
+ * @public
+ */
+export interface RejectSubscriptionRequestInput {
+  /**
+   * @public
+   * <p>The identifier of the Amazon DataZone domain in which the subscription request was
+   *          rejected.</p>
+   */
+  domainIdentifier: string | undefined;
+
+  /**
+   * @public
+   * <p>The identifier of the subscription request that was rejected.</p>
+   */
+  identifier: string | undefined;
+
+  /**
+   * @public
+   * <p>The decision comment of the rejected subscription request.</p>
+   */
+  decisionComment?: string;
+}
+
 /**
  * @internal
  */
@@ -11682,3 +11964,27 @@ export const ListSubscriptionsOutputFilterSensitiveLog = (obj: ListSubscriptions
   ...obj,
   ...(obj.items && { items: obj.items.map((item) => SubscriptionSummaryFilterSensitiveLog(item)) }),
 });
+
+/**
+ * @internal
+ */
+export const SubscriptionTargetSummaryFilterSensitiveLog = (obj: SubscriptionTargetSummary): any => ({
+  ...obj,
+  ...(obj.name && { name: SENSITIVE_STRING }),
+});
+
+/**
+ * @internal
+ */
+export const ListSubscriptionTargetsOutputFilterSensitiveLog = (obj: ListSubscriptionTargetsOutput): any => ({
+  ...obj,
+  ...(obj.items && { items: obj.items.map((item) => SubscriptionTargetSummaryFilterSensitiveLog(item)) }),
+});
+
+/**
+ * @internal
+ */
+export const RejectSubscriptionRequestInputFilterSensitiveLog = (obj: RejectSubscriptionRequestInput): any => ({
+  ...obj,
+  ...(obj.decisionComment && { decisionComment: SENSITIVE_STRING }),
+});
diff --git a/clients/client-datazone/src/models/models_1.ts b/clients/client-datazone/src/models/models_1.ts
index ba32428d42ad..d47a4dbd0cc0 100644
--- a/clients/client-datazone/src/models/models_1.ts
+++ b/clients/client-datazone/src/models/models_1.ts
@@ -46,288 +46,6 @@ import {
   UserProfileType,
 } from "./models_0";
 
-/**
- * @public
- * <p>The details of the subscription target.</p>
- */
-export interface SubscriptionTargetSummary {
-  /**
-   * @public
-   * <p>The identifier of the subscription target.</p>
-   */
-  id: string | undefined;
-
-  /**
-   * @public
-   * <p>The authorized principals included in the subscription target.</p>
-   */
-  authorizedPrincipals: string[] | undefined;
-
-  /**
-   * @public
-   * <p>The identifier of the Amazon DataZone domain in which the subscription target exists.</p>
-   */
-  domainId: string | undefined;
-
-  /**
-   * @public
-   * <p>The identifier of the project specified in the subscription target.</p>
-   */
-  projectId: string | undefined;
-
-  /**
-   * @public
-   * <p>The identifier of the environment of the subscription target.</p>
-   */
-  environmentId: string | undefined;
-
-  /**
-   * @public
-   * <p>The name of the subscription target.</p>
-   */
-  name: string | undefined;
-
-  /**
-   * @public
-   * <p>The type of the subscription target.</p>
-   */
-  type: string | undefined;
-
-  /**
-   * @public
-   * <p>The Amazon DataZone user who created the subscription target.</p>
-   */
-  createdBy: string | undefined;
-
-  /**
-   * @public
-   * <p>The Amazon DataZone user who updated the subscription target.</p>
-   */
-  updatedBy?: string;
-
-  /**
-   * @public
-   * <p>The timestamp of when the subscription target was created.</p>
-   */
-  createdAt: Date | undefined;
-
-  /**
-   * @public
-   * <p>The timestamp of when the subscription target was updated.</p>
-   */
-  updatedAt?: Date;
-
-  /**
-   * @public
-   * <p>The manage access role specified in the subscription target.</p>
-   */
-  manageAccessRole: string | undefined;
-
-  /**
-   * @public
-   * <p>The asset types included in the subscription target.</p>
-   */
-  applicableAssetTypes: string[] | undefined;
-
-  /**
-   * @public
-   * <p>The configuration of the subscription target.</p>
-   */
-  subscriptionTargetConfig: SubscriptionTargetForm[] | undefined;
-
-  /**
-   * @public
-   * <p>The provider of the subscription target.</p>
-   */
-  provider: string | undefined;
-}
-
-/**
- * @public
- */
-export interface ListSubscriptionTargetsOutput {
-  /**
-   * @public
-   * <p>The results of the <code>ListSubscriptionTargets</code> action.</p>
-   */
-  items: SubscriptionTargetSummary[] | undefined;
-
-  /**
-   * @public
-   * <p>When the number of subscription targets is greater than the default value for the
-   *             <code>MaxResults</code> parameter, or if you explicitly specify a value for
-   *             <code>MaxResults</code> that is less than the number of subscription targets, the
-   *          response includes a pagination token named <code>NextToken</code>. You can specify this
-   *             <code>NextToken</code> value in a subsequent call to
-   *             <code>ListSubscriptionTargets</code> to list the next set of subscription
-   *          targets.</p>
-   */
-  nextToken?: string;
-}
-
-/**
- * @public
- */
-export interface ListTagsForResourceRequest {
-  /**
-   * @public
-   * <p>The ARN of the resource whose tags you want to list.</p>
-   */
-  resourceArn: string | undefined;
-}
-
-/**
- * @public
- */
-export interface ListTagsForResourceResponse {
-  /**
-   * @public
-   * <p>The tags of the specified resource.</p>
-   */
-  tags?: Record<string, string>;
-}
-
-/**
- * @public
- * <p>The details of the automatically generated business metadata that is rejected.</p>
- */
-export interface RejectChoice {
-  /**
-   * @public
-   * <p>Specifies the target (for example, a column name) where a prediction can be
-   *          rejected.</p>
-   */
-  predictionTarget?: string;
-
-  /**
-   * @public
-   * <p>Specifies the the automatically generated business metadata that can be rejected.</p>
-   */
-  predictionChoices?: number[];
-}
-
-/**
- * @public
- * @enum
- */
-export const RejectRuleBehavior = {
-  ALL: "ALL",
-  NONE: "NONE",
-} as const;
-
-/**
- * @public
- */
-export type RejectRuleBehavior = (typeof RejectRuleBehavior)[keyof typeof RejectRuleBehavior];
-
-/**
- * @public
- * <p>Specifies the rule and the threshold under which a prediction can be rejected.</p>
- */
-export interface RejectRule {
-  /**
-   * @public
-   * <p>Specifies whether you want to reject the top prediction for all targets or none.</p>
-   */
-  rule?: RejectRuleBehavior;
-
-  /**
-   * @public
-   * <p>The confidence score that specifies the condition at which a prediction can be
-   *          rejected.</p>
-   */
-  threshold?: number;
-}
-
-/**
- * @public
- */
-export interface RejectPredictionsInput {
-  /**
-   * @public
-   * <p>The identifier of the Amazon DataZone domain.</p>
-   */
-  domainIdentifier: string | undefined;
-
-  /**
-   * @public
-   * <p>The identifier of the prediction.</p>
-   */
-  identifier: string | undefined;
-
-  /**
-   * @public
-   * <p/>
-   */
-  revision?: string;
-
-  /**
-   * @public
-   * <p/>
-   */
-  rejectRule?: RejectRule;
-
-  /**
-   * @public
-   * <p/>
-   */
-  rejectChoices?: RejectChoice[];
-
-  /**
-   * @public
-   * <p>A unique, case-sensitive identifier that is provided to ensure the idempotency of the
-   *          request.</p>
-   */
-  clientToken?: string;
-}
-
-/**
- * @public
- */
-export interface RejectPredictionsOutput {
-  /**
-   * @public
-   * <p/>
-   */
-  domainId: string | undefined;
-
-  /**
-   * @public
-   * <p/>
-   */
-  assetId: string | undefined;
-
-  /**
-   * @public
-   * <p/>
-   */
-  assetRevision: string | undefined;
-}
-
-/**
- * @public
- */
-export interface RejectSubscriptionRequestInput {
-  /**
-   * @public
-   * <p>The identifier of the Amazon DataZone domain in which the subscription request was
-   *          rejected.</p>
-   */
-  domainIdentifier: string | undefined;
-
-  /**
-   * @public
-   * <p>The identifier of the subscription request that was rejected.</p>
-   */
-  identifier: string | undefined;
-
-  /**
-   * @public
-   * <p>The decision comment of the rejected subscription request.</p>
-   */
-  decisionComment?: string;
-}
-
 /**
  * @public
  */
@@ -2542,30 +2260,6 @@ export interface SearchTypesInput {
   managed: boolean | undefined;
 }
 
-/**
- * @internal
- */
-export const SubscriptionTargetSummaryFilterSensitiveLog = (obj: SubscriptionTargetSummary): any => ({
-  ...obj,
-  ...(obj.name && { name: SENSITIVE_STRING }),
-});
-
-/**
- * @internal
- */
-export const ListSubscriptionTargetsOutputFilterSensitiveLog = (obj: ListSubscriptionTargetsOutput): any => ({
-  ...obj,
-  ...(obj.items && { items: obj.items.map((item) => SubscriptionTargetSummaryFilterSensitiveLog(item)) }),
-});
-
-/**
- * @internal
- */
-export const RejectSubscriptionRequestInputFilterSensitiveLog = (obj: RejectSubscriptionRequestInput): any => ({
-  ...obj,
-  ...(obj.decisionComment && { decisionComment: SENSITIVE_STRING }),
-});
-
 /**
  * @internal
  */
diff --git a/clients/client-datazone/src/protocols/Aws_restJson1.ts b/clients/client-datazone/src/protocols/Aws_restJson1.ts
index ecf7f7efa6bf..fa3bfddef834 100644
--- a/clients/client-datazone/src/protocols/Aws_restJson1.ts
+++ b/clients/client-datazone/src/protocols/Aws_restJson1.ts
@@ -282,6 +282,8 @@ import {
   RedshiftRunConfigurationInput,
   RedshiftServerlessStorage,
   RedshiftStorage,
+  RejectChoice,
+  RejectRule,
   RelationalFilterConfiguration,
   ResourceNotFoundException,
   ScheduleConfiguration,
@@ -295,6 +297,7 @@ import {
   SubscriptionRequestSummary,
   SubscriptionSummary,
   SubscriptionTargetForm,
+  SubscriptionTargetSummary,
   TermRelations,
   ThrottlingException,
   UnauthorizedException,
@@ -306,15 +309,12 @@ import {
   FormTypeData,
   GlossaryItem,
   GlossaryTermItem,
-  RejectChoice,
-  RejectRule,
   SearchInItem,
   SearchInventoryResultItem,
   SearchOutputAdditionalAttribute,
   SearchResultItem,
   SearchSort,
   SearchTypesResultItem,
-  SubscriptionTargetSummary,
 } from "../models/models_1";
 
 /**
diff --git a/clients/client-dynamodb/src/DynamoDBClient.ts b/clients/client-dynamodb/src/DynamoDBClient.ts
index 96adb0c0e5f9..36bddcdba013 100644
--- a/clients/client-dynamodb/src/DynamoDBClient.ts
+++ b/clients/client-dynamodb/src/DynamoDBClient.ts
@@ -504,17 +504,6 @@ export class DynamoDBClient extends __Client<
    */
   readonly config: DynamoDBClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultDynamoDBHttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: DynamoDBClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "aws.auth#sigv4": config.credentials,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<DynamoDBClientConfig>) {
     const _config_0 = __getRuntimeConfig(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
@@ -553,4 +542,13 @@ export class DynamoDBClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultDynamoDBHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: DynamoDBClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-ec2/src/EC2Client.ts b/clients/client-ec2/src/EC2Client.ts
index 0318230f3601..727cdb325eaa 100644
--- a/clients/client-ec2/src/EC2Client.ts
+++ b/clients/client-ec2/src/EC2Client.ts
@@ -3594,17 +3594,6 @@ export class EC2Client extends __Client<
    */
   readonly config: EC2ClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultEC2HttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: EC2ClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "aws.auth#sigv4": config.credentials,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<EC2ClientConfig>) {
     const _config_0 = __getRuntimeConfig(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
@@ -3640,4 +3629,13 @@ export class EC2Client extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultEC2HttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: EC2ClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-glacier/package.json b/clients/client-glacier/package.json
index 4a0b3461066d..92d12a6a757e 100644
--- a/clients/client-glacier/package.json
+++ b/clients/client-glacier/package.json
@@ -29,7 +29,6 @@
     "@aws-sdk/middleware-logger": "*",
     "@aws-sdk/middleware-recursion-detection": "*",
     "@aws-sdk/middleware-sdk-glacier": "*",
-    "@aws-sdk/middleware-signing": "*",
     "@aws-sdk/middleware-user-agent": "*",
     "@aws-sdk/region-config-resolver": "*",
     "@aws-sdk/types": "*",
@@ -58,6 +57,7 @@
     "@smithy/util-defaults-mode-browser": "^2.0.24",
     "@smithy/util-defaults-mode-node": "^2.0.32",
     "@smithy/util-endpoints": "^1.0.8",
+    "@smithy/util-middleware": "^2.0.9",
     "@smithy/util-retry": "^2.0.9",
     "@smithy/util-stream": "^2.0.24",
     "@smithy/util-utf8": "^2.0.2",
diff --git a/clients/client-glacier/src/GlacierClient.ts b/clients/client-glacier/src/GlacierClient.ts
index 8cc4ca505c78..576bfe6bf66c 100644
--- a/clients/client-glacier/src/GlacierClient.ts
+++ b/clients/client-glacier/src/GlacierClient.ts
@@ -8,20 +8,18 @@ import {
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
 import { getGlacierPlugin } from "@aws-sdk/middleware-sdk-glacier";
-import {
-  AwsAuthInputConfig,
-  AwsAuthResolvedConfig,
-  getAwsAuthPlugin,
-  resolveAwsAuthConfig,
-} from "@aws-sdk/middleware-signing";
 import {
   getUserAgentPlugin,
   resolveUserAgentConfig,
   UserAgentInputConfig,
   UserAgentResolvedConfig,
 } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials } from "@aws-sdk/types";
 import { RegionInputConfig, RegionResolvedConfig, resolveRegionConfig } from "@smithy/config-resolver";
+import {
+  DefaultIdentityProviderConfig,
+  getHttpAuthSchemeEndpointRuleSetPlugin,
+  getHttpSigningPlugin,
+} from "@smithy/core";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
 import { EndpointInputConfig, EndpointResolvedConfig, resolveEndpointConfig } from "@smithy/middleware-endpoint";
 import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
@@ -33,6 +31,7 @@ import {
   SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
 } from "@smithy/smithy-client";
 import {
+  AwsCredentialIdentityProvider,
   BodyLengthCalculator as __BodyLengthCalculator,
   CheckOptionalClientConfig as __CheckOptionalClientConfig,
   ChecksumConstructor as __ChecksumConstructor,
@@ -51,6 +50,12 @@ import {
   UserAgent as __UserAgent,
 } from "@smithy/types";
 
+import {
+  defaultGlacierHttpAuthSchemeParametersProvider,
+  HttpAuthSchemeInputConfig,
+  HttpAuthSchemeResolvedConfig,
+  resolveHttpAuthSchemeConfig,
+} from "./auth/httpAuthSchemeProvider";
 import {
   AbortMultipartUploadCommandInput,
   AbortMultipartUploadCommandOutput,
@@ -305,17 +310,6 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
    */
   useFipsEndpoint?: boolean | __Provider<boolean>;
 
-  /**
-   * The AWS region to which this client will send requests
-   */
-  region?: string | __Provider<string>;
-
-  /**
-   * Default credentials provider; Not available in browser runtime.
-   * @internal
-   */
-  credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
-
   /**
    * Function that returns body checksums.
    * @internal
@@ -331,6 +325,18 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
    */
   defaultUserAgentProvider?: Provider<__UserAgent>;
 
+  /**
+   * The AWS region to which this client will send requests
+   */
+  region?: string | __Provider<string>;
+
+  /**
+   * Default credentials provider; Not available in browser runtime.
+   * @deprecated
+   * @internal
+   */
+  credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
+
   /**
    * Value for how many times a request will be made at most in case of retry.
    */
@@ -374,8 +380,8 @@ export type GlacierClientConfigType = Partial<__SmithyConfiguration<__HttpHandle
   EndpointInputConfig<EndpointParameters> &
   RetryInputConfig &
   HostHeaderInputConfig &
-  AwsAuthInputConfig &
   UserAgentInputConfig &
+  HttpAuthSchemeInputConfig &
   ClientInputEndpointParameters;
 /**
  * @public
@@ -394,8 +400,8 @@ export type GlacierClientResolvedConfigType = __SmithyResolvedConfiguration<__Ht
   EndpointResolvedConfig<EndpointParameters> &
   RetryResolvedConfig &
   HostHeaderResolvedConfig &
-  AwsAuthResolvedConfig &
   UserAgentResolvedConfig &
+  HttpAuthSchemeResolvedConfig &
   ClientResolvedEndpointParameters;
 /**
  * @public
@@ -463,8 +469,8 @@ export class GlacierClient extends __Client<
     const _config_3 = resolveEndpointConfig(_config_2);
     const _config_4 = resolveRetryConfig(_config_3);
     const _config_5 = resolveHostHeaderConfig(_config_4);
-    const _config_6 = resolveAwsAuthConfig(_config_5);
-    const _config_7 = resolveUserAgentConfig(_config_6);
+    const _config_6 = resolveUserAgentConfig(_config_5);
+    const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
     const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
     super(_config_8);
     this.config = _config_8;
@@ -474,8 +480,14 @@ export class GlacierClient extends __Client<
     this.middlewareStack.use(getHostHeaderPlugin(this.config));
     this.middlewareStack.use(getLoggerPlugin(this.config));
     this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
-    this.middlewareStack.use(getAwsAuthPlugin(this.config));
     this.middlewareStack.use(getUserAgentPlugin(this.config));
+    this.middlewareStack.use(
+      getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
+        httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
+        identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+      })
+    );
+    this.middlewareStack.use(getHttpSigningPlugin(this.config));
   }
 
   /**
@@ -486,4 +498,13 @@ export class GlacierClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultGlacierHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: GlacierClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-glacier/src/auth/httpAuthExtensionConfiguration.ts b/clients/client-glacier/src/auth/httpAuthExtensionConfiguration.ts
new file mode 100644
index 000000000000..290227efece5
--- /dev/null
+++ b/clients/client-glacier/src/auth/httpAuthExtensionConfiguration.ts
@@ -0,0 +1,72 @@
+// smithy-typescript generated code
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+
+import { GlacierHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+  setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+  httpAuthSchemes(): HttpAuthScheme[];
+  setHttpAuthSchemeProvider(httpAuthSchemeProvider: GlacierHttpAuthSchemeProvider): void;
+  httpAuthSchemeProvider(): GlacierHttpAuthSchemeProvider;
+  setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+  credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+  httpAuthSchemes: HttpAuthScheme[];
+  httpAuthSchemeProvider: GlacierHttpAuthSchemeProvider;
+  credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+
+/**
+ * @internal
+ */
+export const getHttpAuthExtensionConfiguration = (
+  runtimeConfig: HttpAuthRuntimeConfig
+): HttpAuthExtensionConfiguration => {
+  const _httpAuthSchemes = runtimeConfig.httpAuthSchemes!;
+  let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider!;
+  let _credentials = runtimeConfig.credentials;
+  return {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void {
+      const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+      if (index === -1) {
+        _httpAuthSchemes.push(httpAuthScheme);
+      } else {
+        _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+      }
+    },
+    httpAuthSchemes(): HttpAuthScheme[] {
+      return _httpAuthSchemes;
+    },
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: GlacierHttpAuthSchemeProvider): void {
+      _httpAuthSchemeProvider = httpAuthSchemeProvider;
+    },
+    httpAuthSchemeProvider(): GlacierHttpAuthSchemeProvider {
+      return _httpAuthSchemeProvider;
+    },
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void {
+      _credentials = credentials;
+    },
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined {
+      return _credentials;
+    },
+  };
+};
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthRuntimeConfig = (config: HttpAuthExtensionConfiguration): HttpAuthRuntimeConfig => {
+  return {
+    httpAuthSchemes: config.httpAuthSchemes(),
+    httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+    credentials: config.credentials(),
+  };
+};
diff --git a/clients/client-glacier/src/auth/httpAuthSchemeProvider.ts b/clients/client-glacier/src/auth/httpAuthSchemeProvider.ts
new file mode 100644
index 000000000000..bb4f2b42e926
--- /dev/null
+++ b/clients/client-glacier/src/auth/httpAuthSchemeProvider.ts
@@ -0,0 +1,137 @@
+// smithy-typescript generated code
+import {
+  AwsSdkSigV4AuthInputConfig,
+  AwsSdkSigV4AuthResolvedConfig,
+  AwsSdkSigV4PreviouslyResolved,
+  resolveAwsSdkSigV4Config,
+} from "@aws-sdk/core";
+import {
+  HandlerExecutionContext,
+  HttpAuthOption,
+  HttpAuthScheme,
+  HttpAuthSchemeParameters,
+  HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeProvider,
+} from "@smithy/types";
+import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
+
+import { GlacierClientConfig, GlacierClientResolvedConfig } from "../GlacierClient";
+
+/**
+ * @internal
+ */
+export interface GlacierHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+  region?: string;
+}
+
+/**
+ * @internal
+ */
+export interface GlacierHttpAuthSchemeParametersProvider
+  extends HttpAuthSchemeParametersProvider<
+    GlacierClientResolvedConfig,
+    HandlerExecutionContext,
+    GlacierHttpAuthSchemeParameters,
+    object
+  > {}
+
+/**
+ * @internal
+ */
+export const defaultGlacierHttpAuthSchemeParametersProvider = async (
+  config: GlacierClientResolvedConfig,
+  context: HandlerExecutionContext,
+  input: object
+): Promise<GlacierHttpAuthSchemeParameters> => {
+  return {
+    operation: getSmithyContext(context).operation as string,
+    region:
+      (await normalizeProvider(config.region)()) ||
+      (() => {
+        throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+      })(),
+  };
+};
+
+function createAwsAuthSigv4HttpAuthOption(authParameters: GlacierHttpAuthSchemeParameters): HttpAuthOption {
+  return {
+    schemeId: "aws.auth#sigv4",
+    signingProperties: {
+      name: "glacier",
+      region: authParameters.region,
+    },
+    propertiesExtractor: (config: GlacierClientConfig, context) => ({
+      /**
+       * @internal
+       */
+      signingProperties: {
+        config,
+        context,
+      },
+    }),
+  };
+}
+
+/**
+ * @internal
+ */
+export interface GlacierHttpAuthSchemeProvider extends HttpAuthSchemeProvider<GlacierHttpAuthSchemeParameters> {}
+
+/**
+ * @internal
+ */
+export const defaultGlacierHttpAuthSchemeProvider: GlacierHttpAuthSchemeProvider = (authParameters) => {
+  const options: HttpAuthOption[] = [];
+  switch (authParameters.operation) {
+    default: {
+      options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+    }
+  }
+  return options;
+};
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  httpAuthSchemes?: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  httpAuthSchemeProvider?: GlacierHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  readonly httpAuthSchemes: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  readonly httpAuthSchemeProvider: GlacierHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthSchemeConfig = <T>(
+  config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
+): T & HttpAuthSchemeResolvedConfig => {
+  const config_0 = resolveAwsSdkSigV4Config(config);
+  return {
+    ...config_0,
+  } as T & HttpAuthSchemeResolvedConfig;
+};
diff --git a/clients/client-glacier/src/extensionConfiguration.ts b/clients/client-glacier/src/extensionConfiguration.ts
index 9be7ae6769df..172e2be4ce11 100644
--- a/clients/client-glacier/src/extensionConfiguration.ts
+++ b/clients/client-glacier/src/extensionConfiguration.ts
@@ -3,10 +3,13 @@ import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
 
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
+
 /**
  * @internal
  */
 export interface GlacierExtensionConfiguration
   extends HttpHandlerExtensionConfiguration,
     DefaultExtensionConfiguration,
-    AwsRegionExtensionConfiguration {}
+    AwsRegionExtensionConfiguration,
+    HttpAuthExtensionConfiguration {}
diff --git a/clients/client-glacier/src/runtimeConfig.shared.ts b/clients/client-glacier/src/runtimeConfig.shared.ts
index 36d6427a5e37..af04cf8c8ae0 100644
--- a/clients/client-glacier/src/runtimeConfig.shared.ts
+++ b/clients/client-glacier/src/runtimeConfig.shared.ts
@@ -1,10 +1,13 @@
 // smithy-typescript generated code
+import { AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { NoOpLogger } from "@smithy/smithy-client";
+import { IdentityProviderConfig } from "@smithy/types";
 import { parseUrl } from "@smithy/url-parser";
 import { fromBase64, toBase64 } from "@smithy/util-base64";
 import { sdkStreamMixin } from "@smithy/util-stream";
 import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
 
+import { defaultGlacierHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
 import { defaultEndpointResolver } from "./endpoint/endpointResolver";
 import { GlacierClientConfig } from "./GlacierClient";
 
@@ -19,6 +22,14 @@ export const getRuntimeConfig = (config: GlacierClientConfig) => {
     disableHostPrefix: config?.disableHostPrefix ?? false,
     endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
     extensions: config?.extensions ?? [],
+    httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultGlacierHttpAuthSchemeProvider,
+    httpAuthSchemes: config?.httpAuthSchemes ?? [
+      {
+        schemeId: "aws.auth#sigv4",
+        identityProvider: (ipc: IdentityProviderConfig) => ipc.getIdentityProvider("aws.auth#sigv4"),
+        signer: new AwsSdkSigV4Signer(),
+      },
+    ],
     logger: config?.logger ?? new NoOpLogger(),
     sdkStreamMixin: config?.sdkStreamMixin ?? sdkStreamMixin,
     serviceId: config?.serviceId ?? "Glacier",
diff --git a/clients/client-glacier/src/runtimeExtensions.ts b/clients/client-glacier/src/runtimeExtensions.ts
index f09c5bff2475..57a99f9f29d7 100644
--- a/clients/client-glacier/src/runtimeExtensions.ts
+++ b/clients/client-glacier/src/runtimeExtensions.ts
@@ -6,6 +6,7 @@ import {
 import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
 import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
 
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
 import { GlacierExtensionConfiguration } from "./extensionConfiguration";
 
 /**
@@ -32,6 +33,7 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)),
     ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
     ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
+    ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)),
   };
 
   extensions.forEach((extension) => extension.configure(extensionConfiguration));
@@ -41,5 +43,6 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
     ...resolveDefaultRuntimeConfig(extensionConfiguration),
     ...resolveHttpHandlerRuntimeConfig(extensionConfiguration),
+    ...resolveHttpAuthRuntimeConfig(extensionConfiguration),
   };
 };
diff --git a/clients/client-machine-learning/package.json b/clients/client-machine-learning/package.json
index d284d39301b5..7ad567615d3d 100644
--- a/clients/client-machine-learning/package.json
+++ b/clients/client-machine-learning/package.json
@@ -27,7 +27,6 @@
     "@aws-sdk/middleware-logger": "*",
     "@aws-sdk/middleware-recursion-detection": "*",
     "@aws-sdk/middleware-sdk-machinelearning": "*",
-    "@aws-sdk/middleware-signing": "*",
     "@aws-sdk/middleware-user-agent": "*",
     "@aws-sdk/region-config-resolver": "*",
     "@aws-sdk/types": "*",
@@ -56,6 +55,7 @@
     "@smithy/util-defaults-mode-browser": "^2.0.24",
     "@smithy/util-defaults-mode-node": "^2.0.32",
     "@smithy/util-endpoints": "^1.0.8",
+    "@smithy/util-middleware": "^2.0.9",
     "@smithy/util-retry": "^2.0.9",
     "@smithy/util-utf8": "^2.0.2",
     "@smithy/util-waiter": "^2.0.16",
diff --git a/clients/client-machine-learning/src/MachineLearningClient.ts b/clients/client-machine-learning/src/MachineLearningClient.ts
index 0a5ea5c0c9e0..24815fe81dea 100644
--- a/clients/client-machine-learning/src/MachineLearningClient.ts
+++ b/clients/client-machine-learning/src/MachineLearningClient.ts
@@ -7,20 +7,18 @@ import {
 } from "@aws-sdk/middleware-host-header";
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
-import {
-  AwsAuthInputConfig,
-  AwsAuthResolvedConfig,
-  getAwsAuthPlugin,
-  resolveAwsAuthConfig,
-} from "@aws-sdk/middleware-signing";
 import {
   getUserAgentPlugin,
   resolveUserAgentConfig,
   UserAgentInputConfig,
   UserAgentResolvedConfig,
 } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials } from "@aws-sdk/types";
 import { RegionInputConfig, RegionResolvedConfig, resolveRegionConfig } from "@smithy/config-resolver";
+import {
+  DefaultIdentityProviderConfig,
+  getHttpAuthSchemeEndpointRuleSetPlugin,
+  getHttpSigningPlugin,
+} from "@smithy/core";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
 import { EndpointInputConfig, EndpointResolvedConfig, resolveEndpointConfig } from "@smithy/middleware-endpoint";
 import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
@@ -32,6 +30,7 @@ import {
   SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
 } from "@smithy/smithy-client";
 import {
+  AwsCredentialIdentityProvider,
   BodyLengthCalculator as __BodyLengthCalculator,
   CheckOptionalClientConfig as __CheckOptionalClientConfig,
   ChecksumConstructor as __ChecksumConstructor,
@@ -48,6 +47,12 @@ import {
   UserAgent as __UserAgent,
 } from "@smithy/types";
 
+import {
+  defaultMachineLearningHttpAuthSchemeParametersProvider,
+  HttpAuthSchemeInputConfig,
+  HttpAuthSchemeResolvedConfig,
+  resolveHttpAuthSchemeConfig,
+} from "./auth/httpAuthSchemeProvider";
 import { AddTagsCommandInput, AddTagsCommandOutput } from "./commands/AddTagsCommand";
 import {
   CreateBatchPredictionCommandInput,
@@ -273,21 +278,22 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
   useFipsEndpoint?: boolean | __Provider<boolean>;
 
   /**
-   * The AWS region to which this client will send requests
+   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * @internal
    */
-  region?: string | __Provider<string>;
+  defaultUserAgentProvider?: Provider<__UserAgent>;
 
   /**
-   * Default credentials provider; Not available in browser runtime.
-   * @internal
+   * The AWS region to which this client will send requests
    */
-  credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
+  region?: string | __Provider<string>;
 
   /**
-   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * Default credentials provider; Not available in browser runtime.
+   * @deprecated
    * @internal
    */
-  defaultUserAgentProvider?: Provider<__UserAgent>;
+  credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
 
   /**
    * Value for how many times a request will be made at most in case of retry.
@@ -326,8 +332,8 @@ export type MachineLearningClientConfigType = Partial<__SmithyConfiguration<__Ht
   EndpointInputConfig<EndpointParameters> &
   RetryInputConfig &
   HostHeaderInputConfig &
-  AwsAuthInputConfig &
   UserAgentInputConfig &
+  HttpAuthSchemeInputConfig &
   ClientInputEndpointParameters;
 /**
  * @public
@@ -346,8 +352,8 @@ export type MachineLearningClientResolvedConfigType = __SmithyResolvedConfigurat
   EndpointResolvedConfig<EndpointParameters> &
   RetryResolvedConfig &
   HostHeaderResolvedConfig &
-  AwsAuthResolvedConfig &
   UserAgentResolvedConfig &
+  HttpAuthSchemeResolvedConfig &
   ClientResolvedEndpointParameters;
 /**
  * @public
@@ -379,8 +385,8 @@ export class MachineLearningClient extends __Client<
     const _config_3 = resolveEndpointConfig(_config_2);
     const _config_4 = resolveRetryConfig(_config_3);
     const _config_5 = resolveHostHeaderConfig(_config_4);
-    const _config_6 = resolveAwsAuthConfig(_config_5);
-    const _config_7 = resolveUserAgentConfig(_config_6);
+    const _config_6 = resolveUserAgentConfig(_config_5);
+    const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
     const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
     super(_config_8);
     this.config = _config_8;
@@ -389,8 +395,14 @@ export class MachineLearningClient extends __Client<
     this.middlewareStack.use(getHostHeaderPlugin(this.config));
     this.middlewareStack.use(getLoggerPlugin(this.config));
     this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
-    this.middlewareStack.use(getAwsAuthPlugin(this.config));
     this.middlewareStack.use(getUserAgentPlugin(this.config));
+    this.middlewareStack.use(
+      getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
+        httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
+        identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+      })
+    );
+    this.middlewareStack.use(getHttpSigningPlugin(this.config));
   }
 
   /**
@@ -401,4 +413,13 @@ export class MachineLearningClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultMachineLearningHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: MachineLearningClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-machine-learning/src/auth/httpAuthExtensionConfiguration.ts b/clients/client-machine-learning/src/auth/httpAuthExtensionConfiguration.ts
new file mode 100644
index 000000000000..6ab5665f542a
--- /dev/null
+++ b/clients/client-machine-learning/src/auth/httpAuthExtensionConfiguration.ts
@@ -0,0 +1,72 @@
+// smithy-typescript generated code
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+
+import { MachineLearningHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+  setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+  httpAuthSchemes(): HttpAuthScheme[];
+  setHttpAuthSchemeProvider(httpAuthSchemeProvider: MachineLearningHttpAuthSchemeProvider): void;
+  httpAuthSchemeProvider(): MachineLearningHttpAuthSchemeProvider;
+  setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+  credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+  httpAuthSchemes: HttpAuthScheme[];
+  httpAuthSchemeProvider: MachineLearningHttpAuthSchemeProvider;
+  credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+
+/**
+ * @internal
+ */
+export const getHttpAuthExtensionConfiguration = (
+  runtimeConfig: HttpAuthRuntimeConfig
+): HttpAuthExtensionConfiguration => {
+  const _httpAuthSchemes = runtimeConfig.httpAuthSchemes!;
+  let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider!;
+  let _credentials = runtimeConfig.credentials;
+  return {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void {
+      const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+      if (index === -1) {
+        _httpAuthSchemes.push(httpAuthScheme);
+      } else {
+        _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+      }
+    },
+    httpAuthSchemes(): HttpAuthScheme[] {
+      return _httpAuthSchemes;
+    },
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: MachineLearningHttpAuthSchemeProvider): void {
+      _httpAuthSchemeProvider = httpAuthSchemeProvider;
+    },
+    httpAuthSchemeProvider(): MachineLearningHttpAuthSchemeProvider {
+      return _httpAuthSchemeProvider;
+    },
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void {
+      _credentials = credentials;
+    },
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined {
+      return _credentials;
+    },
+  };
+};
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthRuntimeConfig = (config: HttpAuthExtensionConfiguration): HttpAuthRuntimeConfig => {
+  return {
+    httpAuthSchemes: config.httpAuthSchemes(),
+    httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+    credentials: config.credentials(),
+  };
+};
diff --git a/clients/client-machine-learning/src/auth/httpAuthSchemeProvider.ts b/clients/client-machine-learning/src/auth/httpAuthSchemeProvider.ts
new file mode 100644
index 000000000000..413f9f21d5c7
--- /dev/null
+++ b/clients/client-machine-learning/src/auth/httpAuthSchemeProvider.ts
@@ -0,0 +1,138 @@
+// smithy-typescript generated code
+import {
+  AwsSdkSigV4AuthInputConfig,
+  AwsSdkSigV4AuthResolvedConfig,
+  AwsSdkSigV4PreviouslyResolved,
+  resolveAwsSdkSigV4Config,
+} from "@aws-sdk/core";
+import {
+  HandlerExecutionContext,
+  HttpAuthOption,
+  HttpAuthScheme,
+  HttpAuthSchemeParameters,
+  HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeProvider,
+} from "@smithy/types";
+import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
+
+import { MachineLearningClientConfig, MachineLearningClientResolvedConfig } from "../MachineLearningClient";
+
+/**
+ * @internal
+ */
+export interface MachineLearningHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+  region?: string;
+}
+
+/**
+ * @internal
+ */
+export interface MachineLearningHttpAuthSchemeParametersProvider
+  extends HttpAuthSchemeParametersProvider<
+    MachineLearningClientResolvedConfig,
+    HandlerExecutionContext,
+    MachineLearningHttpAuthSchemeParameters,
+    object
+  > {}
+
+/**
+ * @internal
+ */
+export const defaultMachineLearningHttpAuthSchemeParametersProvider = async (
+  config: MachineLearningClientResolvedConfig,
+  context: HandlerExecutionContext,
+  input: object
+): Promise<MachineLearningHttpAuthSchemeParameters> => {
+  return {
+    operation: getSmithyContext(context).operation as string,
+    region:
+      (await normalizeProvider(config.region)()) ||
+      (() => {
+        throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+      })(),
+  };
+};
+
+function createAwsAuthSigv4HttpAuthOption(authParameters: MachineLearningHttpAuthSchemeParameters): HttpAuthOption {
+  return {
+    schemeId: "aws.auth#sigv4",
+    signingProperties: {
+      name: "machinelearning",
+      region: authParameters.region,
+    },
+    propertiesExtractor: (config: MachineLearningClientConfig, context) => ({
+      /**
+       * @internal
+       */
+      signingProperties: {
+        config,
+        context,
+      },
+    }),
+  };
+}
+
+/**
+ * @internal
+ */
+export interface MachineLearningHttpAuthSchemeProvider
+  extends HttpAuthSchemeProvider<MachineLearningHttpAuthSchemeParameters> {}
+
+/**
+ * @internal
+ */
+export const defaultMachineLearningHttpAuthSchemeProvider: MachineLearningHttpAuthSchemeProvider = (authParameters) => {
+  const options: HttpAuthOption[] = [];
+  switch (authParameters.operation) {
+    default: {
+      options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+    }
+  }
+  return options;
+};
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  httpAuthSchemes?: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  httpAuthSchemeProvider?: MachineLearningHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  readonly httpAuthSchemes: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  readonly httpAuthSchemeProvider: MachineLearningHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthSchemeConfig = <T>(
+  config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
+): T & HttpAuthSchemeResolvedConfig => {
+  const config_0 = resolveAwsSdkSigV4Config(config);
+  return {
+    ...config_0,
+  } as T & HttpAuthSchemeResolvedConfig;
+};
diff --git a/clients/client-machine-learning/src/extensionConfiguration.ts b/clients/client-machine-learning/src/extensionConfiguration.ts
index a6ba3923ac29..e6e5d1d59f74 100644
--- a/clients/client-machine-learning/src/extensionConfiguration.ts
+++ b/clients/client-machine-learning/src/extensionConfiguration.ts
@@ -3,10 +3,13 @@ import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
 
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
+
 /**
  * @internal
  */
 export interface MachineLearningExtensionConfiguration
   extends HttpHandlerExtensionConfiguration,
     DefaultExtensionConfiguration,
-    AwsRegionExtensionConfiguration {}
+    AwsRegionExtensionConfiguration,
+    HttpAuthExtensionConfiguration {}
diff --git a/clients/client-machine-learning/src/runtimeConfig.shared.ts b/clients/client-machine-learning/src/runtimeConfig.shared.ts
index c20b59291df9..eecd9ea147ed 100644
--- a/clients/client-machine-learning/src/runtimeConfig.shared.ts
+++ b/clients/client-machine-learning/src/runtimeConfig.shared.ts
@@ -1,9 +1,12 @@
 // smithy-typescript generated code
+import { AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { NoOpLogger } from "@smithy/smithy-client";
+import { IdentityProviderConfig } from "@smithy/types";
 import { parseUrl } from "@smithy/url-parser";
 import { fromBase64, toBase64 } from "@smithy/util-base64";
 import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
 
+import { defaultMachineLearningHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
 import { defaultEndpointResolver } from "./endpoint/endpointResolver";
 import { MachineLearningClientConfig } from "./MachineLearningClient";
 
@@ -18,6 +21,14 @@ export const getRuntimeConfig = (config: MachineLearningClientConfig) => {
     disableHostPrefix: config?.disableHostPrefix ?? false,
     endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
     extensions: config?.extensions ?? [],
+    httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultMachineLearningHttpAuthSchemeProvider,
+    httpAuthSchemes: config?.httpAuthSchemes ?? [
+      {
+        schemeId: "aws.auth#sigv4",
+        identityProvider: (ipc: IdentityProviderConfig) => ipc.getIdentityProvider("aws.auth#sigv4"),
+        signer: new AwsSdkSigV4Signer(),
+      },
+    ],
     logger: config?.logger ?? new NoOpLogger(),
     serviceId: config?.serviceId ?? "Machine Learning",
     urlParser: config?.urlParser ?? parseUrl,
diff --git a/clients/client-machine-learning/src/runtimeExtensions.ts b/clients/client-machine-learning/src/runtimeExtensions.ts
index ae337bab50f0..97164fff24a2 100644
--- a/clients/client-machine-learning/src/runtimeExtensions.ts
+++ b/clients/client-machine-learning/src/runtimeExtensions.ts
@@ -6,6 +6,7 @@ import {
 import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
 import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
 
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
 import { MachineLearningExtensionConfiguration } from "./extensionConfiguration";
 
 /**
@@ -32,6 +33,7 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)),
     ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
     ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
+    ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)),
   };
 
   extensions.forEach((extension) => extension.configure(extensionConfiguration));
@@ -41,5 +43,6 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
     ...resolveDefaultRuntimeConfig(extensionConfiguration),
     ...resolveHttpHandlerRuntimeConfig(extensionConfiguration),
+    ...resolveHttpAuthRuntimeConfig(extensionConfiguration),
   };
 };
diff --git a/clients/client-polly/src/PollyClient.ts b/clients/client-polly/src/PollyClient.ts
index fc51db10cd8e..040441990525 100644
--- a/clients/client-polly/src/PollyClient.ts
+++ b/clients/client-polly/src/PollyClient.ts
@@ -308,17 +308,6 @@ export class PollyClient extends __Client<
    */
   readonly config: PollyClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultPollyHttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: PollyClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "aws.auth#sigv4": config.credentials,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<PollyClientConfig>) {
     const _config_0 = __getRuntimeConfig(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
@@ -354,4 +343,13 @@ export class PollyClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultPollyHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: PollyClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-rds/src/RDSClient.ts b/clients/client-rds/src/RDSClient.ts
index c3d2a34e9755..54505c6d560b 100644
--- a/clients/client-rds/src/RDSClient.ts
+++ b/clients/client-rds/src/RDSClient.ts
@@ -1131,17 +1131,6 @@ export class RDSClient extends __Client<
    */
   readonly config: RDSClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultRDSHttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: RDSClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "aws.auth#sigv4": config.credentials,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<RDSClientConfig>) {
     const _config_0 = __getRuntimeConfig(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
@@ -1177,4 +1166,13 @@ export class RDSClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultRDSHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: RDSClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-route-53/package.json b/clients/client-route-53/package.json
index 594a4b9821b7..67acb8c33e11 100644
--- a/clients/client-route-53/package.json
+++ b/clients/client-route-53/package.json
@@ -27,7 +27,6 @@
     "@aws-sdk/middleware-logger": "*",
     "@aws-sdk/middleware-recursion-detection": "*",
     "@aws-sdk/middleware-sdk-route53": "*",
-    "@aws-sdk/middleware-signing": "*",
     "@aws-sdk/middleware-user-agent": "*",
     "@aws-sdk/region-config-resolver": "*",
     "@aws-sdk/types": "*",
@@ -57,6 +56,7 @@
     "@smithy/util-defaults-mode-browser": "^2.0.24",
     "@smithy/util-defaults-mode-node": "^2.0.32",
     "@smithy/util-endpoints": "^1.0.8",
+    "@smithy/util-middleware": "^2.0.9",
     "@smithy/util-retry": "^2.0.9",
     "@smithy/util-utf8": "^2.0.2",
     "@smithy/util-waiter": "^2.0.16",
diff --git a/clients/client-route-53/src/Route53Client.ts b/clients/client-route-53/src/Route53Client.ts
index 2ebb2b5f5a37..8ee9b8a5981f 100644
--- a/clients/client-route-53/src/Route53Client.ts
+++ b/clients/client-route-53/src/Route53Client.ts
@@ -7,20 +7,18 @@ import {
 } from "@aws-sdk/middleware-host-header";
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
-import {
-  AwsAuthInputConfig,
-  AwsAuthResolvedConfig,
-  getAwsAuthPlugin,
-  resolveAwsAuthConfig,
-} from "@aws-sdk/middleware-signing";
 import {
   getUserAgentPlugin,
   resolveUserAgentConfig,
   UserAgentInputConfig,
   UserAgentResolvedConfig,
 } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials } from "@aws-sdk/types";
 import { RegionInputConfig, RegionResolvedConfig, resolveRegionConfig } from "@smithy/config-resolver";
+import {
+  DefaultIdentityProviderConfig,
+  getHttpAuthSchemeEndpointRuleSetPlugin,
+  getHttpSigningPlugin,
+} from "@smithy/core";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
 import { EndpointInputConfig, EndpointResolvedConfig, resolveEndpointConfig } from "@smithy/middleware-endpoint";
 import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
@@ -32,6 +30,7 @@ import {
   SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
 } from "@smithy/smithy-client";
 import {
+  AwsCredentialIdentityProvider,
   BodyLengthCalculator as __BodyLengthCalculator,
   CheckOptionalClientConfig as __CheckOptionalClientConfig,
   ChecksumConstructor as __ChecksumConstructor,
@@ -48,6 +47,12 @@ import {
   UserAgent as __UserAgent,
 } from "@smithy/types";
 
+import {
+  defaultRoute53HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeInputConfig,
+  HttpAuthSchemeResolvedConfig,
+  resolveHttpAuthSchemeConfig,
+} from "./auth/httpAuthSchemeProvider";
 import {
   ActivateKeySigningKeyCommandInput,
   ActivateKeySigningKeyCommandOutput,
@@ -513,21 +518,22 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
   useFipsEndpoint?: boolean | __Provider<boolean>;
 
   /**
-   * The AWS region to which this client will send requests
+   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * @internal
    */
-  region?: string | __Provider<string>;
+  defaultUserAgentProvider?: Provider<__UserAgent>;
 
   /**
-   * Default credentials provider; Not available in browser runtime.
-   * @internal
+   * The AWS region to which this client will send requests
    */
-  credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
+  region?: string | __Provider<string>;
 
   /**
-   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * Default credentials provider; Not available in browser runtime.
+   * @deprecated
    * @internal
    */
-  defaultUserAgentProvider?: Provider<__UserAgent>;
+  credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
 
   /**
    * Value for how many times a request will be made at most in case of retry.
@@ -566,8 +572,8 @@ export type Route53ClientConfigType = Partial<__SmithyConfiguration<__HttpHandle
   EndpointInputConfig<EndpointParameters> &
   RetryInputConfig &
   HostHeaderInputConfig &
-  AwsAuthInputConfig &
   UserAgentInputConfig &
+  HttpAuthSchemeInputConfig &
   ClientInputEndpointParameters;
 /**
  * @public
@@ -586,8 +592,8 @@ export type Route53ClientResolvedConfigType = __SmithyResolvedConfiguration<__Ht
   EndpointResolvedConfig<EndpointParameters> &
   RetryResolvedConfig &
   HostHeaderResolvedConfig &
-  AwsAuthResolvedConfig &
   UserAgentResolvedConfig &
+  HttpAuthSchemeResolvedConfig &
   ClientResolvedEndpointParameters;
 /**
  * @public
@@ -634,8 +640,8 @@ export class Route53Client extends __Client<
     const _config_3 = resolveEndpointConfig(_config_2);
     const _config_4 = resolveRetryConfig(_config_3);
     const _config_5 = resolveHostHeaderConfig(_config_4);
-    const _config_6 = resolveAwsAuthConfig(_config_5);
-    const _config_7 = resolveUserAgentConfig(_config_6);
+    const _config_6 = resolveUserAgentConfig(_config_5);
+    const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
     const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
     super(_config_8);
     this.config = _config_8;
@@ -644,8 +650,14 @@ export class Route53Client extends __Client<
     this.middlewareStack.use(getHostHeaderPlugin(this.config));
     this.middlewareStack.use(getLoggerPlugin(this.config));
     this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
-    this.middlewareStack.use(getAwsAuthPlugin(this.config));
     this.middlewareStack.use(getUserAgentPlugin(this.config));
+    this.middlewareStack.use(
+      getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
+        httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
+        identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+      })
+    );
+    this.middlewareStack.use(getHttpSigningPlugin(this.config));
   }
 
   /**
@@ -656,4 +668,13 @@ export class Route53Client extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultRoute53HttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: Route53ClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-route-53/src/auth/httpAuthExtensionConfiguration.ts b/clients/client-route-53/src/auth/httpAuthExtensionConfiguration.ts
new file mode 100644
index 000000000000..5091c76dfaf0
--- /dev/null
+++ b/clients/client-route-53/src/auth/httpAuthExtensionConfiguration.ts
@@ -0,0 +1,72 @@
+// smithy-typescript generated code
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+
+import { Route53HttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+  setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+  httpAuthSchemes(): HttpAuthScheme[];
+  setHttpAuthSchemeProvider(httpAuthSchemeProvider: Route53HttpAuthSchemeProvider): void;
+  httpAuthSchemeProvider(): Route53HttpAuthSchemeProvider;
+  setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+  credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+  httpAuthSchemes: HttpAuthScheme[];
+  httpAuthSchemeProvider: Route53HttpAuthSchemeProvider;
+  credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+
+/**
+ * @internal
+ */
+export const getHttpAuthExtensionConfiguration = (
+  runtimeConfig: HttpAuthRuntimeConfig
+): HttpAuthExtensionConfiguration => {
+  const _httpAuthSchemes = runtimeConfig.httpAuthSchemes!;
+  let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider!;
+  let _credentials = runtimeConfig.credentials;
+  return {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void {
+      const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+      if (index === -1) {
+        _httpAuthSchemes.push(httpAuthScheme);
+      } else {
+        _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+      }
+    },
+    httpAuthSchemes(): HttpAuthScheme[] {
+      return _httpAuthSchemes;
+    },
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: Route53HttpAuthSchemeProvider): void {
+      _httpAuthSchemeProvider = httpAuthSchemeProvider;
+    },
+    httpAuthSchemeProvider(): Route53HttpAuthSchemeProvider {
+      return _httpAuthSchemeProvider;
+    },
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void {
+      _credentials = credentials;
+    },
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined {
+      return _credentials;
+    },
+  };
+};
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthRuntimeConfig = (config: HttpAuthExtensionConfiguration): HttpAuthRuntimeConfig => {
+  return {
+    httpAuthSchemes: config.httpAuthSchemes(),
+    httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+    credentials: config.credentials(),
+  };
+};
diff --git a/clients/client-route-53/src/auth/httpAuthSchemeProvider.ts b/clients/client-route-53/src/auth/httpAuthSchemeProvider.ts
new file mode 100644
index 000000000000..dc0236cdcab3
--- /dev/null
+++ b/clients/client-route-53/src/auth/httpAuthSchemeProvider.ts
@@ -0,0 +1,137 @@
+// smithy-typescript generated code
+import {
+  AwsSdkSigV4AuthInputConfig,
+  AwsSdkSigV4AuthResolvedConfig,
+  AwsSdkSigV4PreviouslyResolved,
+  resolveAwsSdkSigV4Config,
+} from "@aws-sdk/core";
+import {
+  HandlerExecutionContext,
+  HttpAuthOption,
+  HttpAuthScheme,
+  HttpAuthSchemeParameters,
+  HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeProvider,
+} from "@smithy/types";
+import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
+
+import { Route53ClientConfig, Route53ClientResolvedConfig } from "../Route53Client";
+
+/**
+ * @internal
+ */
+export interface Route53HttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+  region?: string;
+}
+
+/**
+ * @internal
+ */
+export interface Route53HttpAuthSchemeParametersProvider
+  extends HttpAuthSchemeParametersProvider<
+    Route53ClientResolvedConfig,
+    HandlerExecutionContext,
+    Route53HttpAuthSchemeParameters,
+    object
+  > {}
+
+/**
+ * @internal
+ */
+export const defaultRoute53HttpAuthSchemeParametersProvider = async (
+  config: Route53ClientResolvedConfig,
+  context: HandlerExecutionContext,
+  input: object
+): Promise<Route53HttpAuthSchemeParameters> => {
+  return {
+    operation: getSmithyContext(context).operation as string,
+    region:
+      (await normalizeProvider(config.region)()) ||
+      (() => {
+        throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+      })(),
+  };
+};
+
+function createAwsAuthSigv4HttpAuthOption(authParameters: Route53HttpAuthSchemeParameters): HttpAuthOption {
+  return {
+    schemeId: "aws.auth#sigv4",
+    signingProperties: {
+      name: "route53",
+      region: authParameters.region,
+    },
+    propertiesExtractor: (config: Route53ClientConfig, context) => ({
+      /**
+       * @internal
+       */
+      signingProperties: {
+        config,
+        context,
+      },
+    }),
+  };
+}
+
+/**
+ * @internal
+ */
+export interface Route53HttpAuthSchemeProvider extends HttpAuthSchemeProvider<Route53HttpAuthSchemeParameters> {}
+
+/**
+ * @internal
+ */
+export const defaultRoute53HttpAuthSchemeProvider: Route53HttpAuthSchemeProvider = (authParameters) => {
+  const options: HttpAuthOption[] = [];
+  switch (authParameters.operation) {
+    default: {
+      options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+    }
+  }
+  return options;
+};
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  httpAuthSchemes?: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  httpAuthSchemeProvider?: Route53HttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  readonly httpAuthSchemes: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  readonly httpAuthSchemeProvider: Route53HttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthSchemeConfig = <T>(
+  config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
+): T & HttpAuthSchemeResolvedConfig => {
+  const config_0 = resolveAwsSdkSigV4Config(config);
+  return {
+    ...config_0,
+  } as T & HttpAuthSchemeResolvedConfig;
+};
diff --git a/clients/client-route-53/src/extensionConfiguration.ts b/clients/client-route-53/src/extensionConfiguration.ts
index 43c99a0d071e..c7b8f588ee90 100644
--- a/clients/client-route-53/src/extensionConfiguration.ts
+++ b/clients/client-route-53/src/extensionConfiguration.ts
@@ -3,10 +3,13 @@ import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
 
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
+
 /**
  * @internal
  */
 export interface Route53ExtensionConfiguration
   extends HttpHandlerExtensionConfiguration,
     DefaultExtensionConfiguration,
-    AwsRegionExtensionConfiguration {}
+    AwsRegionExtensionConfiguration,
+    HttpAuthExtensionConfiguration {}
diff --git a/clients/client-route-53/src/runtimeConfig.shared.ts b/clients/client-route-53/src/runtimeConfig.shared.ts
index f33f1e6218f5..84de53d29688 100644
--- a/clients/client-route-53/src/runtimeConfig.shared.ts
+++ b/clients/client-route-53/src/runtimeConfig.shared.ts
@@ -1,9 +1,12 @@
 // smithy-typescript generated code
+import { AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { NoOpLogger } from "@smithy/smithy-client";
+import { IdentityProviderConfig } from "@smithy/types";
 import { parseUrl } from "@smithy/url-parser";
 import { fromBase64, toBase64 } from "@smithy/util-base64";
 import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
 
+import { defaultRoute53HttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
 import { defaultEndpointResolver } from "./endpoint/endpointResolver";
 import { Route53ClientConfig } from "./Route53Client";
 
@@ -18,6 +21,14 @@ export const getRuntimeConfig = (config: Route53ClientConfig) => {
     disableHostPrefix: config?.disableHostPrefix ?? false,
     endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
     extensions: config?.extensions ?? [],
+    httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultRoute53HttpAuthSchemeProvider,
+    httpAuthSchemes: config?.httpAuthSchemes ?? [
+      {
+        schemeId: "aws.auth#sigv4",
+        identityProvider: (ipc: IdentityProviderConfig) => ipc.getIdentityProvider("aws.auth#sigv4"),
+        signer: new AwsSdkSigV4Signer(),
+      },
+    ],
     logger: config?.logger ?? new NoOpLogger(),
     serviceId: config?.serviceId ?? "Route 53",
     urlParser: config?.urlParser ?? parseUrl,
diff --git a/clients/client-route-53/src/runtimeExtensions.ts b/clients/client-route-53/src/runtimeExtensions.ts
index 587b75caa422..efaa1e39d9ae 100644
--- a/clients/client-route-53/src/runtimeExtensions.ts
+++ b/clients/client-route-53/src/runtimeExtensions.ts
@@ -6,6 +6,7 @@ import {
 import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
 import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
 
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
 import { Route53ExtensionConfiguration } from "./extensionConfiguration";
 
 /**
@@ -32,6 +33,7 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)),
     ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
     ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
+    ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)),
   };
 
   extensions.forEach((extension) => extension.configure(extensionConfiguration));
@@ -41,5 +43,6 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
     ...resolveDefaultRuntimeConfig(extensionConfiguration),
     ...resolveHttpHandlerRuntimeConfig(extensionConfiguration),
+    ...resolveHttpAuthRuntimeConfig(extensionConfiguration),
   };
 };
diff --git a/clients/client-s3-control/package.json b/clients/client-s3-control/package.json
index d0fd8e6ced72..80e8b962fe9a 100644
--- a/clients/client-s3-control/package.json
+++ b/clients/client-s3-control/package.json
@@ -29,7 +29,6 @@
     "@aws-sdk/middleware-logger": "*",
     "@aws-sdk/middleware-recursion-detection": "*",
     "@aws-sdk/middleware-sdk-s3-control": "*",
-    "@aws-sdk/middleware-signing": "*",
     "@aws-sdk/middleware-user-agent": "*",
     "@aws-sdk/region-config-resolver": "*",
     "@aws-sdk/types": "*",
@@ -63,6 +62,7 @@
     "@smithy/util-defaults-mode-browser": "^2.0.24",
     "@smithy/util-defaults-mode-node": "^2.0.32",
     "@smithy/util-endpoints": "^1.0.8",
+    "@smithy/util-middleware": "^2.0.9",
     "@smithy/util-retry": "^2.0.9",
     "@smithy/util-utf8": "^2.0.2",
     "fast-xml-parser": "4.2.5",
diff --git a/clients/client-s3-control/src/S3ControlClient.ts b/clients/client-s3-control/src/S3ControlClient.ts
index cad265dd7ef0..be28a6b9add3 100644
--- a/clients/client-s3-control/src/S3ControlClient.ts
+++ b/clients/client-s3-control/src/S3ControlClient.ts
@@ -13,20 +13,18 @@ import {
   S3ControlInputConfig,
   S3ControlResolvedConfig,
 } from "@aws-sdk/middleware-sdk-s3-control";
-import {
-  AwsAuthInputConfig,
-  AwsAuthResolvedConfig,
-  getAwsAuthPlugin,
-  resolveAwsAuthConfig,
-} from "@aws-sdk/middleware-signing";
 import {
   getUserAgentPlugin,
   resolveUserAgentConfig,
   UserAgentInputConfig,
   UserAgentResolvedConfig,
 } from "@aws-sdk/middleware-user-agent";
-import { Credentials as __Credentials } from "@aws-sdk/types";
 import { RegionInputConfig, RegionResolvedConfig, resolveRegionConfig } from "@smithy/config-resolver";
+import {
+  DefaultIdentityProviderConfig,
+  getHttpAuthSchemeEndpointRuleSetPlugin,
+  getHttpSigningPlugin,
+} from "@smithy/core";
 import { getContentLengthPlugin } from "@smithy/middleware-content-length";
 import { EndpointInputConfig, EndpointResolvedConfig, resolveEndpointConfig } from "@smithy/middleware-endpoint";
 import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
@@ -38,6 +36,7 @@ import {
   SmithyResolvedConfiguration as __SmithyResolvedConfiguration,
 } from "@smithy/smithy-client";
 import {
+  AwsCredentialIdentityProvider,
   BodyLengthCalculator as __BodyLengthCalculator,
   CheckOptionalClientConfig as __CheckOptionalClientConfig,
   Checksum as __Checksum,
@@ -57,6 +56,12 @@ import {
 } from "@smithy/types";
 import { Readable } from "stream";
 
+import {
+  defaultS3ControlHttpAuthSchemeParametersProvider,
+  HttpAuthSchemeInputConfig,
+  HttpAuthSchemeResolvedConfig,
+  resolveHttpAuthSchemeConfig,
+} from "./auth/httpAuthSchemeProvider";
 import {
   AssociateAccessGrantsIdentityCenterCommandInput,
   AssociateAccessGrantsIdentityCenterCommandOutput,
@@ -636,21 +641,22 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
   useFipsEndpoint?: boolean | __Provider<boolean>;
 
   /**
-   * The AWS region to which this client will send requests
+   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * @internal
    */
-  region?: string | __Provider<string>;
+  defaultUserAgentProvider?: Provider<__UserAgent>;
 
   /**
-   * Default credentials provider; Not available in browser runtime.
-   * @internal
+   * The AWS region to which this client will send requests
    */
-  credentialDefaultProvider?: (input: any) => __Provider<__Credentials>;
+  region?: string | __Provider<string>;
 
   /**
-   * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+   * Default credentials provider; Not available in browser runtime.
+   * @deprecated
    * @internal
    */
-  defaultUserAgentProvider?: Provider<__UserAgent>;
+  credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
 
   /**
    * Value for how many times a request will be made at most in case of retry.
@@ -703,9 +709,9 @@ export type S3ControlClientConfigType = Partial<__SmithyConfiguration<__HttpHand
   EndpointInputConfig<EndpointParameters> &
   RetryInputConfig &
   HostHeaderInputConfig &
-  AwsAuthInputConfig &
   S3ControlInputConfig &
   UserAgentInputConfig &
+  HttpAuthSchemeInputConfig &
   ClientInputEndpointParameters;
 /**
  * @public
@@ -724,9 +730,9 @@ export type S3ControlClientResolvedConfigType = __SmithyResolvedConfiguration<__
   EndpointResolvedConfig<EndpointParameters> &
   RetryResolvedConfig &
   HostHeaderResolvedConfig &
-  AwsAuthResolvedConfig &
   S3ControlResolvedConfig &
   UserAgentResolvedConfig &
+  HttpAuthSchemeResolvedConfig &
   ClientResolvedEndpointParameters;
 /**
  * @public
@@ -757,9 +763,9 @@ export class S3ControlClient extends __Client<
     const _config_3 = resolveEndpointConfig(_config_2);
     const _config_4 = resolveRetryConfig(_config_3);
     const _config_5 = resolveHostHeaderConfig(_config_4);
-    const _config_6 = resolveAwsAuthConfig(_config_5);
-    const _config_7 = resolveS3ControlConfig(_config_6);
-    const _config_8 = resolveUserAgentConfig(_config_7);
+    const _config_6 = resolveS3ControlConfig(_config_5);
+    const _config_7 = resolveUserAgentConfig(_config_6);
+    const _config_8 = resolveHttpAuthSchemeConfig(_config_7);
     const _config_9 = resolveRuntimeExtensions(_config_8, configuration?.extensions || []);
     super(_config_9);
     this.config = _config_9;
@@ -768,9 +774,15 @@ export class S3ControlClient extends __Client<
     this.middlewareStack.use(getHostHeaderPlugin(this.config));
     this.middlewareStack.use(getLoggerPlugin(this.config));
     this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
-    this.middlewareStack.use(getAwsAuthPlugin(this.config));
     this.middlewareStack.use(getHostPrefixDeduplicationPlugin(this.config));
     this.middlewareStack.use(getUserAgentPlugin(this.config));
+    this.middlewareStack.use(
+      getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
+        httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
+        identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+      })
+    );
+    this.middlewareStack.use(getHttpSigningPlugin(this.config));
   }
 
   /**
@@ -781,4 +793,13 @@ export class S3ControlClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultS3ControlHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: S3ControlClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-s3-control/src/auth/httpAuthExtensionConfiguration.ts b/clients/client-s3-control/src/auth/httpAuthExtensionConfiguration.ts
new file mode 100644
index 000000000000..dfaa8dc1fb88
--- /dev/null
+++ b/clients/client-s3-control/src/auth/httpAuthExtensionConfiguration.ts
@@ -0,0 +1,72 @@
+// smithy-typescript generated code
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+
+import { S3ControlHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+  setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+  httpAuthSchemes(): HttpAuthScheme[];
+  setHttpAuthSchemeProvider(httpAuthSchemeProvider: S3ControlHttpAuthSchemeProvider): void;
+  httpAuthSchemeProvider(): S3ControlHttpAuthSchemeProvider;
+  setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+  credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+  httpAuthSchemes: HttpAuthScheme[];
+  httpAuthSchemeProvider: S3ControlHttpAuthSchemeProvider;
+  credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+
+/**
+ * @internal
+ */
+export const getHttpAuthExtensionConfiguration = (
+  runtimeConfig: HttpAuthRuntimeConfig
+): HttpAuthExtensionConfiguration => {
+  const _httpAuthSchemes = runtimeConfig.httpAuthSchemes!;
+  let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider!;
+  let _credentials = runtimeConfig.credentials;
+  return {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void {
+      const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
+      if (index === -1) {
+        _httpAuthSchemes.push(httpAuthScheme);
+      } else {
+        _httpAuthSchemes.splice(index, 1, httpAuthScheme);
+      }
+    },
+    httpAuthSchemes(): HttpAuthScheme[] {
+      return _httpAuthSchemes;
+    },
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: S3ControlHttpAuthSchemeProvider): void {
+      _httpAuthSchemeProvider = httpAuthSchemeProvider;
+    },
+    httpAuthSchemeProvider(): S3ControlHttpAuthSchemeProvider {
+      return _httpAuthSchemeProvider;
+    },
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void {
+      _credentials = credentials;
+    },
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined {
+      return _credentials;
+    },
+  };
+};
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthRuntimeConfig = (config: HttpAuthExtensionConfiguration): HttpAuthRuntimeConfig => {
+  return {
+    httpAuthSchemes: config.httpAuthSchemes(),
+    httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
+    credentials: config.credentials(),
+  };
+};
diff --git a/clients/client-s3-control/src/auth/httpAuthSchemeProvider.ts b/clients/client-s3-control/src/auth/httpAuthSchemeProvider.ts
new file mode 100644
index 000000000000..67d0233d562d
--- /dev/null
+++ b/clients/client-s3-control/src/auth/httpAuthSchemeProvider.ts
@@ -0,0 +1,137 @@
+// smithy-typescript generated code
+import {
+  AwsSdkSigV4AuthInputConfig,
+  AwsSdkSigV4AuthResolvedConfig,
+  AwsSdkSigV4PreviouslyResolved,
+  resolveAwsSdkSigV4Config,
+} from "@aws-sdk/core";
+import {
+  HandlerExecutionContext,
+  HttpAuthOption,
+  HttpAuthScheme,
+  HttpAuthSchemeParameters,
+  HttpAuthSchemeParametersProvider,
+  HttpAuthSchemeProvider,
+} from "@smithy/types";
+import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
+
+import { S3ControlClientConfig, S3ControlClientResolvedConfig } from "../S3ControlClient";
+
+/**
+ * @internal
+ */
+export interface S3ControlHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+  region?: string;
+}
+
+/**
+ * @internal
+ */
+export interface S3ControlHttpAuthSchemeParametersProvider
+  extends HttpAuthSchemeParametersProvider<
+    S3ControlClientResolvedConfig,
+    HandlerExecutionContext,
+    S3ControlHttpAuthSchemeParameters,
+    object
+  > {}
+
+/**
+ * @internal
+ */
+export const defaultS3ControlHttpAuthSchemeParametersProvider = async (
+  config: S3ControlClientResolvedConfig,
+  context: HandlerExecutionContext,
+  input: object
+): Promise<S3ControlHttpAuthSchemeParameters> => {
+  return {
+    operation: getSmithyContext(context).operation as string,
+    region:
+      (await normalizeProvider(config.region)()) ||
+      (() => {
+        throw new Error("expected `region` to be configured for `aws.auth#sigv4`");
+      })(),
+  };
+};
+
+function createAwsAuthSigv4HttpAuthOption(authParameters: S3ControlHttpAuthSchemeParameters): HttpAuthOption {
+  return {
+    schemeId: "aws.auth#sigv4",
+    signingProperties: {
+      name: "s3",
+      region: authParameters.region,
+    },
+    propertiesExtractor: (config: S3ControlClientConfig, context) => ({
+      /**
+       * @internal
+       */
+      signingProperties: {
+        config,
+        context,
+      },
+    }),
+  };
+}
+
+/**
+ * @internal
+ */
+export interface S3ControlHttpAuthSchemeProvider extends HttpAuthSchemeProvider<S3ControlHttpAuthSchemeParameters> {}
+
+/**
+ * @internal
+ */
+export const defaultS3ControlHttpAuthSchemeProvider: S3ControlHttpAuthSchemeProvider = (authParameters) => {
+  const options: HttpAuthOption[] = [];
+  switch (authParameters.operation) {
+    default: {
+      options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+    }
+  }
+  return options;
+};
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  httpAuthSchemes?: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  httpAuthSchemeProvider?: S3ControlHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
+  /**
+   * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+   * @internal
+   */
+  readonly httpAuthSchemes: HttpAuthScheme[];
+
+  /**
+   * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+   * @internal
+   */
+  readonly httpAuthSchemeProvider: S3ControlHttpAuthSchemeProvider;
+}
+
+/**
+ * @internal
+ */
+export const resolveHttpAuthSchemeConfig = <T>(
+  config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
+): T & HttpAuthSchemeResolvedConfig => {
+  const config_0 = resolveAwsSdkSigV4Config(config);
+  return {
+    ...config_0,
+  } as T & HttpAuthSchemeResolvedConfig;
+};
diff --git a/clients/client-s3-control/src/extensionConfiguration.ts b/clients/client-s3-control/src/extensionConfiguration.ts
index 9cf519153f14..a19566aecd1b 100644
--- a/clients/client-s3-control/src/extensionConfiguration.ts
+++ b/clients/client-s3-control/src/extensionConfiguration.ts
@@ -3,10 +3,13 @@ import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
 import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
 import { DefaultExtensionConfiguration } from "@smithy/types";
 
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
+
 /**
  * @internal
  */
 export interface S3ControlExtensionConfiguration
   extends HttpHandlerExtensionConfiguration,
     DefaultExtensionConfiguration,
-    AwsRegionExtensionConfiguration {}
+    AwsRegionExtensionConfiguration,
+    HttpAuthExtensionConfiguration {}
diff --git a/clients/client-s3-control/src/runtimeConfig.shared.ts b/clients/client-s3-control/src/runtimeConfig.shared.ts
index 54245cfc4536..6bb1eb6b003c 100644
--- a/clients/client-s3-control/src/runtimeConfig.shared.ts
+++ b/clients/client-s3-control/src/runtimeConfig.shared.ts
@@ -1,9 +1,12 @@
 // smithy-typescript generated code
+import { AwsSdkSigV4Signer } from "@aws-sdk/core";
 import { NoOpLogger } from "@smithy/smithy-client";
+import { IdentityProviderConfig } from "@smithy/types";
 import { parseUrl } from "@smithy/url-parser";
 import { fromBase64, toBase64 } from "@smithy/util-base64";
 import { fromUtf8, toUtf8 } from "@smithy/util-utf8";
 
+import { defaultS3ControlHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider";
 import { defaultEndpointResolver } from "./endpoint/endpointResolver";
 import { S3ControlClientConfig } from "./S3ControlClient";
 
@@ -18,6 +21,14 @@ export const getRuntimeConfig = (config: S3ControlClientConfig) => {
     disableHostPrefix: config?.disableHostPrefix ?? false,
     endpointProvider: config?.endpointProvider ?? defaultEndpointResolver,
     extensions: config?.extensions ?? [],
+    httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultS3ControlHttpAuthSchemeProvider,
+    httpAuthSchemes: config?.httpAuthSchemes ?? [
+      {
+        schemeId: "aws.auth#sigv4",
+        identityProvider: (ipc: IdentityProviderConfig) => ipc.getIdentityProvider("aws.auth#sigv4"),
+        signer: new AwsSdkSigV4Signer(),
+      },
+    ],
     logger: config?.logger ?? new NoOpLogger(),
     serviceId: config?.serviceId ?? "S3 Control",
     signingEscapePath: config?.signingEscapePath ?? false,
diff --git a/clients/client-s3-control/src/runtimeExtensions.ts b/clients/client-s3-control/src/runtimeExtensions.ts
index fc8bb53264cb..c6229b406300 100644
--- a/clients/client-s3-control/src/runtimeExtensions.ts
+++ b/clients/client-s3-control/src/runtimeExtensions.ts
@@ -6,6 +6,7 @@ import {
 import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http";
 import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
 
+import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration";
 import { S3ControlExtensionConfiguration } from "./extensionConfiguration";
 
 /**
@@ -32,6 +33,7 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)),
     ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
     ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
+    ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)),
   };
 
   extensions.forEach((extension) => extension.configure(extensionConfiguration));
@@ -41,5 +43,6 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime
     ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
     ...resolveDefaultRuntimeConfig(extensionConfiguration),
     ...resolveHttpHandlerRuntimeConfig(extensionConfiguration),
+    ...resolveHttpAuthRuntimeConfig(extensionConfiguration),
   };
 };
diff --git a/clients/client-sqs/src/SQSClient.ts b/clients/client-sqs/src/SQSClient.ts
index 47bee3ab529b..17e8ad3a35c0 100644
--- a/clients/client-sqs/src/SQSClient.ts
+++ b/clients/client-sqs/src/SQSClient.ts
@@ -428,17 +428,6 @@ export class SQSClient extends __Client<
    */
   readonly config: SQSClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultSQSHttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: SQSClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "aws.auth#sigv4": config.credentials,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<SQSClientConfig>) {
     const _config_0 = __getRuntimeConfig(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
@@ -474,4 +463,13 @@ export class SQSClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultSQSHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: SQSClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/clients/client-sts/src/STSClient.ts b/clients/client-sts/src/STSClient.ts
index b32d8b5e27a6..9a1046a55681 100644
--- a/clients/client-sts/src/STSClient.ts
+++ b/clients/client-sts/src/STSClient.ts
@@ -293,17 +293,6 @@ export class STSClient extends __Client<
    */
   readonly config: STSClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultSTSHttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: STSClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "aws.auth#sigv4": config.credentials,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<STSClientConfig>) {
     const _config_0 = __getRuntimeConfig(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
@@ -339,4 +328,13 @@ export class STSClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultSTSHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: STSClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+      });
+  }
 }
diff --git a/private/weather-experimental-identity-and-auth/src/WeatherClient.ts b/private/weather-experimental-identity-and-auth/src/WeatherClient.ts
index de55488bfbdb..876642164070 100644
--- a/private/weather-experimental-identity-and-auth/src/WeatherClient.ts
+++ b/private/weather-experimental-identity-and-auth/src/WeatherClient.ts
@@ -279,19 +279,6 @@ export class WeatherClient extends __Client<
    */
   readonly config: WeatherClientResolvedConfig;
 
-  private getDefaultHttpAuthSchemeParametersProvider() {
-    return defaultWeatherHttpAuthSchemeParametersProvider;
-  }
-
-  private getIdentityProviderConfigProvider() {
-    return async (config: WeatherClientResolvedConfig) =>
-      new DefaultIdentityProviderConfig({
-        "aws.auth#sigv4": config.credentials,
-        "smithy.api#httpApiKeyAuth": config.apiKey,
-        "smithy.api#httpBearerAuth": config.token,
-      });
-  }
-
   constructor(...[configuration]: __CheckOptionalClientConfig<WeatherClientConfig>) {
     let _config_0 = __getRuntimeConfig(configuration || {});
     let _config_1 = resolveRegionConfig(_config_0);
@@ -326,4 +313,15 @@ export class WeatherClient extends __Client<
   destroy(): void {
     super.destroy();
   }
+  private getDefaultHttpAuthSchemeParametersProvider() {
+    return defaultWeatherHttpAuthSchemeParametersProvider;
+  }
+  private getIdentityProviderConfigProvider() {
+    return async (config: WeatherClientResolvedConfig) =>
+      new DefaultIdentityProviderConfig({
+        "aws.auth#sigv4": config.credentials,
+        "smithy.api#httpApiKeyAuth": config.apiKey,
+        "smithy.api#httpBearerAuth": config.token,
+      });
+  }
 }