From 5c95c9e70ae967b0a55599d0aa38c8a25cdc5e21 Mon Sep 17 00:00:00 2001
From: Andy <qinandy@amazon.com>
Date: Thu, 14 Aug 2025 17:39:33 -0700
Subject: [PATCH] Use AwsV4HttpSigner instead of Aws4Signer (#4102)

Signed-off-by: Andy Qin <qinandy@amazon.com>
(cherry picked from commit 71d47e9c73f79933c15fd744f3b015053b2f5415)
---
 .../algorithms/remote/ConnectorUtils.java     | 27 ++++++++++---------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/ml-algorithms/src/main/java/org/opensearch/ml/engine/algorithms/remote/ConnectorUtils.java b/ml-algorithms/src/main/java/org/opensearch/ml/engine/algorithms/remote/ConnectorUtils.java
index f2c93ef5fd..bb573d8fa4 100644
--- a/ml-algorithms/src/main/java/org/opensearch/ml/engine/algorithms/remote/ConnectorUtils.java
+++ b/ml-algorithms/src/main/java/org/opensearch/ml/engine/algorithms/remote/ConnectorUtils.java
@@ -50,24 +50,23 @@
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
-import software.amazon.awssdk.auth.signer.Aws4Signer;
-import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
 import software.amazon.awssdk.core.sync.RequestBody;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.SdkHttpMethod;
-import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.http.auth.aws.signer.AwsV4HttpSigner;
+import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
 
 @Log4j2
 public class ConnectorUtils {
 
-    private static final Aws4Signer signer;
+    private static final AwsV4HttpSigner signer;
     public static final String SKIP_VALIDATE_MISSING_PARAMETERS = "skip_validating_missing_parameters";
 
     public static final List<String> SUPPORTED_REMOTE_SERVERS_FOR_DEFAULT_ACTION_TYPES = List
         .of("sagemaker", "openai", "bedrock", "cohere");
 
     static {
-        signer = Aws4Signer.create();
+        signer = AwsV4HttpSigner.create();
     }
 
     public static RemoteInferenceInputDataSet processInput(
@@ -268,14 +267,16 @@ public static SdkHttpFullRequest signRequest(
             ? AwsBasicCredentials.create(accessKey, secretKey)
             : AwsSessionCredentials.create(accessKey, secretKey, sessionToken);
 
-        Aws4SignerParams params = Aws4SignerParams
-            .builder()
-            .awsCredentials(credentials)
-            .signingName(signingName)
-            .signingRegion(Region.of(region))
-            .build();
-
-        return signer.sign(request, params);
+        SignedRequest signedRequest = signer
+            .sign(
+                r -> r
+                    .identity(credentials)
+                    .request(request)
+                    .payload(request.contentStreamProvider().orElse(null))
+                    .putProperty(AwsV4HttpSigner.SERVICE_SIGNING_NAME, signingName)
+                    .putProperty(AwsV4HttpSigner.REGION_NAME, region)
+            );
+        return (SdkHttpFullRequest) signedRequest.request();
     }
 
     public static SdkHttpFullRequest buildSdkRequest(