aws
diff --git a/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoint_provider_class.rb
Lines changed: 9 additions & 0 deletions b/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoint_provider_class.rb
Lines changed: 9 additions & 0 deletions
diff --git a/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_module.rb
Lines changed: 4 additions & 0 deletions b/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_module.rb
Lines changed: 4 additions & 0 deletions
diff --git a/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_plugin.rb
Lines changed: 46 additions & 4 deletions b/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/endpoints_plugin.rb
Lines changed: 46 additions & 4 deletions
diff --git a/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/rbs/client_class.rb
Lines changed: 1 addition & 1 deletion b/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/rbs/client_class.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/spec/endpoint_provider_spec_class.rb
Lines changed: 13 additions & 5 deletions b/‎build_tools/aws-sdk-code-generator/lib/aws-sdk-code-generator/views/spec/endpoint_provider_spec_class.rb
Lines changed: 13 additions & 5 deletions
diff --git a/‎build_tools/aws-sdk-code-generator/spec/fixtures/interfaces/endpoints_built_ins/endpoint-rule-set.json
Lines changed: 6 additions & 0 deletions b/‎build_tools/aws-sdk-code-generator/spec/fixtures/interfaces/endpoints_built_ins/endpoint-rule-set.json
Lines changed: 6 additions & 0 deletions
diff --git a/‎build_tools/aws-sdk-code-generator/spec/interfaces/plugins/endpoints_spec.rb
Lines changed: 21 additions & 1 deletion b/‎build_tools/aws-sdk-code-generator/spec/interfaces/plugins/endpoints_spec.rb
Lines changed: 21 additions & 1 deletion
diff --git a/‎build_tools/aws-sdk-code-generator/templates/endpoints_plugin.mustache
Lines changed: 23 additions & 7 deletions b/‎build_tools/aws-sdk-code-generator/templates/endpoints_plugin.mustache
Lines changed: 23 additions & 7 deletions
diff --git a/‎build_tools/services.rb
Lines changed: 2 additions & 2 deletions b/‎build_tools/services.rb
Lines changed: 2 additions & 2 deletions
diff --git a/‎gems/aws-sdk-core/CHANGELOG.md
Lines changed: 5 additions & 0 deletions b/‎gems/aws-sdk-core/CHANGELOG.md
Lines changed: 5 additions & 0 deletions
@@ -9,6 +9,11 @@ class EndpointProviderClass < View
       def initialize(options)
         @service = options.fetch(:service)
         @endpoint_rules = @service.endpoint_rules
+        # Used to collect metrics in the generated endpoint provider
+        @has_account_id_endpoint_mode =
+          @endpoint_rules['parameters'].find do |_, param|
+            param['builtIn'] == 'AWS::Auth::AccountIdEndpointMode'
+          end
 
         version = @endpoint_rules['version']
         return if version&.match(/^\d+\.\d+$/) # && version == '1.0'
@@ -76,6 +81,10 @@ def endpoint(endpoint, levels)
         if endpoint['properties']
           res << ", properties: #{templated_hash_to_s(endpoint['properties'])}"
         end
+        if @has_account_id_endpoint_mode
+          account_id_endpoint = endpoint['url'].include?('{AccountId}')
+          res << ", metadata: { account_id_endpoint: #{account_id_endpoint} }"
+        end
         res << ")\n"
         indent(res.string, levels)
       end
 
@@ -134,6 +134,10 @@ def built_in_client_context_param_value(param_data)
           else
             'context.config.use_dualstack_endpoint'
           end
+        when 'AWS::Auth::AccountId'
+          'context.config.credentials.credentials.account_id'
+        when 'AWS::Auth::AccountIdEndpointMode'
+          'context.config.account_id_endpoint_mode'
         when 'AWS::STS::UseGlobalEndpoint'
           "context.config.sts_regional_endpoints == 'legacy'"
         when 'AWS::S3::UseGlobalEndpoint'
 
@@ -6,22 +6,33 @@ class EndpointsPlugin < View
       # @option options [required, Service] :service
       def initialize(options)
         @service = options.fetch(:service)
-        if (client_options = @service.api['clientContextParams'])
-          endpoint_parameters = @service.endpoint_rules.fetch('parameters', {})
+        endpoint_parameters = @service.endpoint_rules.fetch('parameters', {})
+
+        # HACK: AccountIdEndpointMode should likely be a client context
+        # param, but it's a built in that should be per-service.
+        @endpoint_options = []
+        endpoint_parameters.each do |_key, data|
+          next unless data['builtIn'] == 'AWS::Auth::AccountIdEndpointMode'
 
-          @endpoint_options = client_options.each.with_object([]) do |(name, _data), array|
+          @endpoint_options << account_id_endpoint_mode_option
+          @account_id_endpoint_mode = true
+        end
+
+        if (client_options = @service.api['clientContextParams'])
+          client_options.each do |name, _data|
             param_data = endpoint_parameters[name]
 
             next if param_data['builtIn']
 
-            array << EndpointOption.new(
+            @endpoint_options << EndpointOption.new(
               name: Underscore.underscore(name),
               docstring: param_data['documentation'],
               doc_type: param_data['type'],
               default: param_data['default']
             )
           end
         end
+
         @endpoint_classes = @service.api['operations'].each.with_object([]) do
           |(op, _api), array|
           array << EndpointClass.new(
@@ -47,6 +58,37 @@ def module_name
         @service.module_name
       end
 
+      def has_account_id_endpoint_mode?
+        @account_id_endpoint_mode
+      end
+
+      private
+
+      def account_id_endpoint_mode_option
+        docstring = <<-DOCSTRING.chomp
+The account ID endpoint mode to use. This can be one of the following values:
+* `preferred` - The default behavior. Use the account ID endpoint if
+  available, otherwise use the standard endpoint.
+* `disabled` - Never use the account ID endpoint. Only use the standard
+  endpoint.
+* `required` - Always use the account ID endpoint. If the account ID
+  cannot be retrieved from credentials, an error is raised.
+        DOCSTRING
+
+        default = <<-DEFAULT.chomp
+value = ENV['AWS_ACCOUNT_ID_ENDPOINT_MODE']
+        value ||= Aws.shared_config.account_id_endpoint_mode(profile: cfg.profile)
+        value || 'preferred'
+        DEFAULT
+
+        EndpointOption.new(
+          name: 'account_id_endpoint_mode',
+          docstring: docstring,
+          doc_type: 'String',
+          default: default
+        )
+      end
+
       class EndpointClass
         def initialize(options)
           @operation_name = options[:operation_name]
 
@@ -138,7 +138,7 @@ def build_keyword_arguments(plugins)
           grouped = buffer.group_by { |name, _| name }
           grouped.transform_values(&:count).find_all { |_, c| 1 < c }.each do |name,|
             case name
-            when :endpoint, :endpoint_provider, :retry_limit, :disable_s3_express_session_auth
+            when :endpoint, :endpoint_provider, :retry_limit, :disable_s3_express_session_auth, :account_id_endpoint_mode
               # ok
             else
               warn("Duplicate client option in #{@service_name}: `#{grouped[name].map { |g| g.values_at(0, 2) }}`", uplevel: 0)
 
@@ -159,6 +159,14 @@ def built_in_to_param(built_in, value)
               Param.new('use_fips_endpoint', value)
             when 'AWS::UseDualStack'
               Param.new('use_dualstack_endpoint', value)
+            when 'AWS::Auth::AccountId'
+              Param.new(
+                'credentials',
+                "Aws::Credentials.new('stubbed-akid', 'stubbed-secret', account_id: '#{value}')",
+                true
+              )
+            when 'AWS::Auth::AccountIdEndpointMode'
+              Param.new('account_id_endpoint_mode', value)
             when 'AWS::STS::UseGlobalEndpoint'
               Param.new('sts_regional_endpoints', value ? 'legacy' : 'regional')
             when 'AWS::S3::UseGlobalEndpoint'
@@ -167,9 +175,7 @@ def built_in_to_param(built_in, value)
               Param.new('use_accelerate_endpoint', value)
             when 'AWS::S3::ForcePathStyle'
               Param.new('force_path_style', value)
-            when 'AWS::S3::UseArnRegion'
-              Param.new('s3_use_arn_region', value)
-            when 'AWS::S3Control::UseArnRegion'
+            when 'AWS::S3::UseArnRegion', 'AWS::S3Control::UseArnRegion'
               Param.new('s3_use_arn_region', value)
             when 'AWS::S3::DisableMultiRegionAccessPoints'
               Param.new('s3_disable_multiregion_access_points', value)
@@ -182,14 +188,16 @@ def built_in_to_param(built_in, value)
         end
 
         class Param
-          def initialize(param, value)
+          def initialize(param, value, literal = false)
             @param = param
             @value = value
+            @literal = literal
           end
+
           attr_accessor :param
 
           def value
-            if @value.is_a? String
+            if @value.is_a?(String) && !@literal
               "'#{@value}'"
             else
               @value
 
@@ -26,6 +26,12 @@
             "required": false,
             "documentation": "Override the endpoint used to send this request",
             "type": "String"
+        },
+        "AccountIdEndpointMode": {
+            "builtIn": "AWS::Auth::AccountIdEndpointMode",
+            "required": false,
+            "documentation": "The AccountId Endpoint Mode.",
+            "type": "String"
         }
     },
     "rules": [
 
@@ -75,7 +75,8 @@
             region: region,
             endpoint: endpoint,
             use_fips: true,
-            use_dual_stack: true
+            use_dual_stack: true,
+            account_id_endpoint_mode: 'preferred'
           ).and_call_original
 
         client.operation
@@ -93,6 +94,25 @@
         expect(params.use_fips).to eq(false)
         expect(params.endpoint).to be_nil
       end
+
+      describe 'account id endpoint mode option' do
+        it 'is configured to use preferred by default' do
+          expect(client.config.account_id_endpoint_mode).to eq 'preferred'
+        end
+
+        it 'can be configured using shared config' do
+          allow_any_instance_of(Aws::SharedConfig)
+            .to receive(:account_id_endpoint_mode).and_return('disabled')
+          expect(client.config.account_id_endpoint_mode).to eq 'disabled'
+        end
+
+        it 'can be configured using ENV with precedence over shared config' do
+          allow_any_instance_of(Aws::SharedConfig)
+            .to receive(:account_id_endpoint_mode).and_return('disabled')
+          ENV['AWS_ACCOUNT_ID_ENDPOINT_MODE'] = 'required'
+          expect(client.config.account_id_endpoint_mode).to eq 'required'
+        end
+      end
     end
 
     context 'Param Precedence' do
 
@@ -11,20 +11,23 @@ module {{module_name}}
         :endpoint_provider,
         doc_type: '{{module_name}}::EndpointProvider',
         rbs_type: 'untyped',
-        docstring: 'The endpoint provider used to resolve endpoints. Any '\
-                   'object that responds to `#resolve_endpoint(parameters)` '\
-                   'where `parameters` is a Struct similar to '\
-                   '`{{module_name}}::EndpointParameters`'
-      ) do |cfg|
+        docstring: <<~DOCS) do |_cfg|
+The endpoint provider used to resolve endpoints. Any object that responds to
+`#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+`{{module_name}}::EndpointParameters`.
+        DOCS
         {{module_name}}::EndpointProvider.new
       end
 
       {{#endpoint_options}}
       option(
         :{{name}},
         doc_type: '{{doc_type}}',
-        default: {{{default}}},
-        docstring: "{{{docstring}}}")
+        docstring: <<~DOCS) do |cfg|
+{{{docstring}}}
+        DOCS
+        {{{default}}}
+      end
 
       {{/endpoint_options}}
       # @api private
@@ -55,6 +58,19 @@ module {{module_name}}
           if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
             metrics << 'SIGV4A_SIGNING'
           end
+          {{#has_account_id_endpoint_mode?}}
+          case context.config.account_id_endpoint_mode
+          when 'preferred'
+            metrics << 'ACCOUNT_ID_MODE_PREFERRED'
+          when 'disabled'
+            metrics << 'ACCOUNT_ID_MODE_DISABLED'
+          when 'required'
+            metrics << 'ACCOUNT_ID_MODE_REQUIRED'
+          end
+          {{/has_account_id_endpoint_mode?}}
+          if context.config.credentials&.credentials&.account_id
+            metrics << 'RESOLVED_ACCOUNT_ID'
+          end
           Aws::Plugins::UserAgent.metric(*metrics, &block)
         end
 
 
@@ -10,10 +10,10 @@ class ServiceEnumerator
     MANIFEST_PATH = File.expand_path('../../services.json', __FILE__)
 
     # Minimum `aws-sdk-core` version for new gem builds
-    MINIMUM_CORE_VERSION = "3.205.0"
+    MINIMUM_CORE_VERSION = "3.207.0"
 
     # Minimum `aws-sdk-core` version for new S3 gem builds
-    MINIMUM_CORE_VERSION_S3 = "3.205.0"
+    MINIMUM_CORE_VERSION_S3 = "3.207.0"
 
     EVENTSTREAM_PLUGIN = "Aws::Plugins::EventStreamConfiguration"
 
 
@@ -1,6 +1,10 @@
 Unreleased Changes
 ------------------
 
+* Feature - Support Account ID credentials using `ENV['AWS_ACCOUNT_ID']`, `aws_account_id` shared config, or the `account_id` Client configuration option.
+
+* Feature - Support Account ID endpoint mode using `ENV['AWS_ACCOUNT_ID_ENDPOINT_MODE']`, `aws_account_id_endpoint_mode` shared config, or the `account_id_endpoint_mode` Client configuration option. Defaults to `preferred`, which will use the account id endpoint if available. Set to `disabled` to disable account id endpoints. Set to `required` to require account id endpoint usage; an error is raised if credentials do not have an account id.
+
 3.206.0 (2024-09-17)
 ------------------
 
@@ -64,6 +68,7 @@ Unreleased Changes
 ------------------
 
 * Issue - Allow legacy/undocumented `sigv4_signer` configuration to override resolved signer.
+
 * Issue - Consider sigv4a supported without crt check.
 
 3.201.4 (2024-08-08)