diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md
index 2bf6e4d9181..cfd5c40f53a 100644
--- a/gems/aws-sdk-core/CHANGELOG.md
+++ b/gems/aws-sdk-core/CHANGELOG.md
@@ -1,12 +1,14 @@
 Unreleased Changes
 ------------------
 
+* Issue - Fix signing for S3/S3 Control and `aws-crt` gem for certain object keys (#2849).
+
 * Issue - Ensure `SSOCredentials` `#expiration` is a `Time` (#2874)
 
 3.176.0 (2023-06-28)
 ------------------
 
-* Feature - Add :expiration accessor to `CredentialProvider` and do not refresh credentials when checking expiration.
+* Feature - Add :expiration accessor to `CredentialProvider` and do not refresh credentials when checking expiration (#2872).
 
 3.175.0 (2023-06-15)
 ------------------
diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/endpoints.rb b/gems/aws-sdk-core/lib/aws-sdk-core/endpoints.rb
index d56b31eb339..b35cfe5976b 100644
--- a/gems/aws-sdk-core/lib/aws-sdk-core/endpoints.rb
+++ b/gems/aws-sdk-core/lib/aws-sdk-core/endpoints.rb
@@ -39,7 +39,11 @@ def default_auth_scheme(context)
           auth_scheme = { 'name' => 'sigv4' }
           merge_signing_defaults(auth_scheme, context.config)
         when 's3', 's3v4'
-          auth_scheme = { 'name' => 'sigv4', 'disableDoubleEncoding' => true }
+          auth_scheme = {
+            'name' => 'sigv4',
+            'disableDoubleEncoding' => true,
+            'disableNormalizePath' => true
+          }
           merge_signing_defaults(auth_scheme, context.config)
         when 'bearer'
           { 'name' => 'bearer' }
diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb b/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb
index 6ce5a78186d..607a57cb941 100644
--- a/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb
+++ b/gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb
@@ -108,6 +108,7 @@ def initialize(auth_scheme, config, region_override = nil)
               credentials_provider: config.credentials,
               signing_algorithm: scheme_name.to_sym,
               uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
+              normalize_path: !!!auth_scheme['disableNormalizePath'],
               unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
             )
           rescue Aws::Sigv4::Errors::MissingCredentialsError
diff --git a/gems/aws-sdk-core/spec/aws/endpoints_spec.rb b/gems/aws-sdk-core/spec/aws/endpoints_spec.rb
index f5b5d8b6e30..b80224ffb96 100644
--- a/gems/aws-sdk-core/spec/aws/endpoints_spec.rb
+++ b/gems/aws-sdk-core/spec/aws/endpoints_spec.rb
@@ -94,7 +94,13 @@ def expect_auth_scheme(auth_scheme)
             let(:signature_version) { auth_type }
 
             it 'signs with sigv4 with double encoding' do
-              expect_auth_scheme({ 'name' => 'sigv4', 'disableDoubleEncoding' => true })
+              expect_auth_scheme(
+                {
+                  'name' => 'sigv4',
+                  'disableDoubleEncoding' => true,
+                  'disableNormalizePath' => true
+                }
+              )
               client.operation
             end
           end