Skip to content

Remove ServiceMetadata usage from RDS/Neptune/DocDB presigning interceptors#7105

Open
S-Saranya1 wants to merge 2 commits into
feature/master/remove-service-metadata-usagefrom
somepal/presign-interceptors-remove-servicemetadata
Open

Remove ServiceMetadata usage from RDS/Neptune/DocDB presigning interceptors#7105
S-Saranya1 wants to merge 2 commits into
feature/master/remove-service-metadata-usagefrom
somepal/presign-interceptors-remove-servicemetadata

Conversation

@S-Saranya1

@S-Saranya1 S-Saranya1 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Motivation and Context

This is part of the ServiceMetadata removal effort to eliminate 350-500ms cold start latency caused by GeneratedServiceMetadataProvider initialization.

RDS, Neptune, and DocDB each have a RdsPresignInterceptor that generates presigned URLs for cross-region operations (e.g., CopyDBClusterSnapshot, CreateDBCluster). These interceptors call AwsClientEndpointProvider with serviceEndpointPrefix("rds") to resolve the endpoint for the source region. This triggers ServiceMetadata.of("rds"), which eagerly loads all 310 service metadata classes — adding 350-500ms of unnecessary initialization on every presigning call path.

This PR replaces that ServiceMetadata-based resolution with each service's Endpoints 2.0 provider, which resolves the same endpoint without triggering the expensive static initialization.

The endpoint resolved here is used as the host in the final presigned URL that gets sent to the service. The service validates this host when processing the presigned URL, so it must be the correct regional RDS endpoint, not a placeholder.

Modifications

  • Replaced AwsClientEndpointProvider usage in createEndpoint() with direct calls to each service's Endpoints 2.0 provider:

    • RDS → RdsEndpointProvider.defaultProvider().resolveEndpoint(...)
    • Neptune → NeptuneEndpointProvider.defaultProvider().resolveEndpoint(...)
    • DocDB → DocDbEndpointProvider.defaultProvider().resolveEndpoint(...)
  • The endpoint params passed are region, useDualStack, and useFips — the same inputs the old code used. Null values for dualstack/fips are handled by the generated endpoint provider (treated as false, the declared default in the endpoint rule set).

  • Removed unused imports (AwsClientEndpointProvider, Protocol, SdkExecutionAttribute) and the SERVICE_NAME constant.

Testing

  • Existing PresignRequestHandlerTest (RDS, Neptune, DocDB) validates the full presigning flow, including asserting the exact presigned URL host (https://rds.us-east-1.amazonaws.com) and signature.
  • Existing PresignRequestWireMockTest (Neptune, DocDB) validates presigned URLs in wire-level integration tests.
  • All existing tests pass without modification, confirming behavioral equivalence.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@S-Saranya1 S-Saranya1 requested a review from a team as a code owner July 6, 2026 22:43
@S-Saranya1 S-Saranya1 force-pushed the somepal/presign-interceptors-remove-servicemetadata branch from f9baaaf to 09b86ef Compare July 7, 2026 22:23

@RanVaknin RanVaknin left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we please add 2 more tests to PresignRequestHandlerTest.java to cover when dualstack enabled and when fips is enabled (asserting that the endpoint is correctly resolving to the fips or dualstack modifier of that service, ie rds-fips.us-east-1.amazonaws.com)

This was missing from the existing tests, but since we are touching the interceptor here we should have a sane check to make sure the wiring for these modifiers is correct.

@S-Saranya1

Copy link
Copy Markdown
Contributor Author

Can we please add 2 more tests to PresignRequestHandlerTest.java to cover when dualstack enabled and when fips is enabled (asserting that the endpoint is correctly resolving to the fips or dualstack modifier of that service, ie rds-fips.us-east-1.amazonaws.com)

This was missing from the existing tests, but since we are touching the interceptor here we should have a sane check to make sure the wiring for these modifiers is correct.

Added tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants