aws
diff --git a/‎core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/crt/internal/signer/DefaultAwsCrtV4aHttpSigner.java‎
Lines changed: 13 additions & 1 deletion b/‎core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/crt/internal/signer/DefaultAwsCrtV4aHttpSigner.java‎
Lines changed: 13 additions & 1 deletion
@@ -269,7 +269,13 @@ private static CompletableFuture<AsyncSignedRequest> doSignAsync(AsyncSignReques
  // We disallow unknown content length on the async path
  long contentLength = getDecodedContentLengthOrThrow(requestToSign);
 
- HttpRequest crtRequest = toCrtRequest(requestToSign, requestPayload, contentLength);
+ HttpRequest crtRequest;
+ // If it's a streaming payload, don't pass the payload to CRT. We're handling streaming signing.
+ if (isStreamingSha256(requestToSign)) {
+ crtRequest = toCrtRequest(requestToSign, null, 0L);
+ } else {
+ crtRequest = toCrtRequest(requestToSign, requestPayload, contentLength);
+ }
 
  V4aRequestSigningResult requestSigningResult = sign(requestToSign, crtRequest, signingConfig);
 
@@ -324,4 +330,10 @@ private static PayloadChecksumStore checksumStore(BaseSignRequest<?, ?> request)
  }
  return cache;
  }
+
+ private static boolean isStreamingSha256(SdkHttpRequest request) {
+ return request.firstMatchingHeader("x-amz-content-sha256")
+ .map(s -> s.startsWith("STREAMING"))
+ .orElse(false);
+ }
 }