diff --git a/aws/rust-runtime/aws-runtime/src/auth.rs b/aws/rust-runtime/aws-runtime/src/auth.rs
index 4546d58aeee745c20ffc525e2001ce031988a549..503a4bf2afa58e4da60d56971a0e3ccb99960896 100644
--- a/aws/rust-runtime/aws-runtime/src/auth.rs
+++ b/aws/rust-runtime/aws-runtime/src/auth.rs
@@ -11,12 +11,12 @@ pub mod sigv4 {
         SignableRequest, SignatureLocation, SigningParams, SigningSettings,
         UriPathNormalizationMode,
     };
+    use aws_smithy_http::property_bag::PropertyBag;
     use aws_smithy_runtime_api::client::identity::Identity;
     use aws_smithy_runtime_api::client::orchestrator::{
         BoxError, HttpAuthScheme, HttpRequest, HttpRequestSigner, IdentityResolver,
         IdentityResolvers,
     };
-    use aws_smithy_runtime_api::config_bag::ConfigBag;
     use aws_types::region::SigningRegion;
     use aws_types::SigningService;
     use std::time::{Duration, SystemTime};
@@ -197,9 +197,9 @@ pub mod sigv4 {
             &self,
             request: &mut HttpRequest,
             identity: &Identity,
-            cfg: &ConfigBag,
+            signing_properties: &PropertyBag,
         ) -> Result<(), BoxError> {
-            let operation_config = cfg
+            let operation_config = signing_properties
                 .get::<SigV4OperationSigningConfig>()
                 .ok_or("missing operation signing config for SigV4")?;
 
diff --git a/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/SigV4AuthDecorator.kt b/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/SigV4AuthDecorator.kt
index 843d01e22f605c5f85a5a22e66cce9e46a4fe9a8..a0cba8142b1608735bc5499bae86e05d65951191 100644
--- a/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/SigV4AuthDecorator.kt
+++ b/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/SigV4AuthDecorator.kt
@@ -119,16 +119,6 @@ private class AuthOperationRuntimePluginCustomization(private val codegenContext
             is OperationRuntimePluginSection.AdditionalConfig -> {
                 val authSchemes = serviceIndex.getEffectiveAuthSchemes(codegenContext.serviceShape, section.operationShape)
                 if (authSchemes.containsKey(SigV4Trait.ID)) {
-                    rustTemplate(
-                        """
-                        let auth_option_resolver = #{AuthOptionListResolver}::new(
-                            vec![#{HttpAuthOption}::new(#{SIGV4_SCHEME_ID}, std::sync::Arc::new(#{PropertyBag}::new()))]
-                        );
-                        ${section.configBagName}.set_auth_option_resolver(auth_option_resolver);
-                        """,
-                        *codegenScope,
-                    )
-
                     val unsignedPayload = section.operationShape.hasTrait<UnsignedPayloadTrait>()
                     val doubleUriEncode = unsignedPayload || !disableDoubleEncode(codegenContext.serviceShape)
                     val contentSha256Header = needsAmzSha256(codegenContext.serviceShape)
@@ -144,11 +134,17 @@ private class AuthOperationRuntimePluginCustomization(private val codegenContext
                         signing_options.normalize_uri_path = $normalizeUrlPath;
                         signing_options.signing_optional = $signingOptional;
                         signing_options.payload_override = #{payload_override};
-                        ${section.configBagName}.put(#{SigV4OperationSigningConfig} {
+
+                        let mut sigv4_properties = #{PropertyBag}::new();
+                        sigv4_properties.insert(#{SigV4OperationSigningConfig} {
                             region: signing_region,
                             service: signing_service,
                             signing_options,
                         });
+                        let auth_option_resolver = #{AuthOptionListResolver}::new(
+                            vec![#{HttpAuthOption}::new(#{SIGV4_SCHEME_ID}, std::sync::Arc::new(sigv4_properties))]
+                        );
+                        ${section.configBagName}.set_auth_option_resolver(auth_option_resolver);
                         """,
                         *codegenScope,
                         "payload_override" to writable {
diff --git a/rust-runtime/aws-smithy-runtime-api/src/client/orchestrator.rs b/rust-runtime/aws-smithy-runtime-api/src/client/orchestrator.rs
index 1cb5f34006704ed915a4207b0d63c49360e38a12..fa16d0154c56723590191974ec418eada8617bf6 100644
--- a/rust-runtime/aws-smithy-runtime-api/src/client/orchestrator.rs
+++ b/rust-runtime/aws-smithy-runtime-api/src/client/orchestrator.rs
@@ -174,7 +174,7 @@ pub trait HttpRequestSigner: Send + Sync + Debug {
         &self,
         request: &mut HttpRequest,
         identity: &Identity,
-        cfg: &ConfigBag,
+        signing_properties: &PropertyBag,
     ) -> Result<(), BoxError>;
 }
 
diff --git a/rust-runtime/aws-smithy-runtime/src/client/orchestrator/auth.rs b/rust-runtime/aws-smithy-runtime/src/client/orchestrator/auth.rs
index 705ca9f44e3a2d366bff97fd90b8dd854e53a195..38a5cd58a15ebaf3de0087aba8b0945e00d4779e 100644
--- a/rust-runtime/aws-smithy-runtime/src/client/orchestrator/auth.rs
+++ b/rust-runtime/aws-smithy-runtime/src/client/orchestrator/auth.rs
@@ -44,7 +44,7 @@ pub(super) async fn orchestrate_auth(
                 .map_err(construction_failure)?;
             return dispatch_phase.include_mut(|ctx| {
                 let request = ctx.request_mut()?;
-                request_signer.sign_request(request, &identity, cfg)?;
+                request_signer.sign_request(request, &identity, scheme_properties)?;
                 Result::<_, BoxError>::Ok(())
             });
         }