diff --git a/ui/app/components/configure-aws-secret/access-to-aws-form.hbs b/ui/app/components/configure-aws-secret/access-to-aws-form.hbs
new file mode 100644
index 000000000000..78ea9c1f97f2
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/access-to-aws-form.hbs
@@ -0,0 +1,96 @@
+<form
+  onsubmit={{action
+    "saveRootCreds"
+    (hash access_key=@accessKey iam_endpoint=@iamEndpoint sts_endpoint=@stsEndpoint secret_key=@secretKey region=@region)
+  }}
+  data-test-aws-root-creds-form
+  aria-label="save root creds form"
+>
+  <div class="box is-fullwidth is-shadowless is-marginless">
+    <NamespaceReminder @mode="save" @noun="configuration" />
+    <p class="has-text-grey-dark">
+      Note: the client uses the official AWS SDK and will use the specified credentials, environment credentials, shared file
+      credentials, or IAM role/ECS task credentials in that order.
+    </p>
+  </div>
+
+  <div class="field">
+    <label for="access" class="is-label">
+      Access key
+    </label>
+    <div class="control">
+      <Input
+        @type="text"
+        id="access"
+        name="access"
+        class="input"
+        autocomplete="off"
+        spellcheck="false"
+        @value={{@accessKey}}
+        data-test-aws-input="accessKey"
+      />
+    </div>
+  </div>
+
+  <div class="field">
+    <label for="secret" class="is-label">
+      Secret key
+    </label>
+    <div class="control">
+      <Input
+        @type="password"
+        id="secret"
+        name="secret"
+        class="input"
+        @value={{@secretKey}}
+        data-test-aws-input="secretKey"
+      />
+    </div>
+  </div>
+
+  <ToggleButton @isOpen={{this.showOptions}} @onClick={{fn (mut this.showOptions)}} />
+  {{#if this.showOptions}}
+    <div class="box is-marginless">
+      <div class="field">
+        <label for="region" class="is-label">
+          Region
+        </label>
+        <div class="control is-expanded">
+          <div class="select is-fullwidth">
+            <select
+              name="region"
+              id="region"
+              onchange={{action (mut @region) value="target.value"}}
+              data-test-input="region"
+            >
+              <option value=""></option>
+              {{#each (aws-regions) as |val|}}
+                <option>{{val}}</option>
+              {{/each}}
+            </select>
+          </div>
+        </div>
+      </div>
+      <div class="field">
+        <label for="iam" class="is-label">
+          IAM endpoint
+        </label>
+        <div class="control">
+          <Input @type="text" id="iam" name="iam" class="input" @value={{@iamEndpoint}} />
+        </div>
+      </div>
+      <div class="field">
+        <label for="sts" class="is-label">
+          STS endpoint
+        </label>
+        <div class="control">
+          <Input @type="text" id="sts" name="sts" class="input" @value={{@stsEndpoint}} />
+        </div>
+      </div>
+    </div>
+  {{/if}}
+
+  <div class="box is-bottomless is-fullwidth">
+    <Hds::Button @text="Save" data-test-aws-input="root-save" type="submit" />
+  </div>
+</form>
\ No newline at end of file
diff --git a/ui/app/components/configure-aws-secret/access-to-aws-form.ts b/ui/app/components/configure-aws-secret/access-to-aws-form.ts
new file mode 100644
index 000000000000..4d916fa424c0
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/access-to-aws-form.ts
@@ -0,0 +1,36 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+import Component from '@glimmer/component';
+import { action } from '@ember/object';
+import { tracked } from '@glimmer/tracking';
+import type SecretEngineModel from 'vault/models/secret-engine';
+
+type AWSRootCredsFields = {
+  access_key: string | null;
+  iam_endpoint: string | null;
+  sts_endpoint: string | null;
+  secret_key: string | null;
+  region: string | null;
+};
+
+interface Args {
+  model: SecretEngineModel;
+  accessKey: string;
+  iamEndpoint: string;
+  region: string;
+  secretKey: string;
+  stsEndpoint: string;
+  onSubmit: (data: AWSRootCredsFields) => void;
+}
+
+export default class ConfigureAwsSecretAccessToAwsFormComponent extends Component<Args> {
+  @tracked showOptions = false;
+
+  @action
+  saveRootCreds(data: AWSRootCredsFields, event: Event) {
+    event.preventDefault();
+    this.args.onSubmit(data);
+  }
+}
diff --git a/ui/app/components/configure-aws-secret/lease-form.hbs b/ui/app/components/configure-aws-secret/lease-form.hbs
new file mode 100644
index 000000000000..2d42fdbe7646
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/lease-form.hbs
@@ -0,0 +1,28 @@
+<form
+  onsubmit={{action "saveLease" (hash lease=@model.lease lease_max=@model.leaseMax)}}
+  aria-label="save lease form"
+  data-test-aws-leases-form="true"
+>
+  <div class="box is-fullwidth is-shadowless is-marginless">
+    <NamespaceReminder @mode="saved" @noun="configuration" />
+    <MessageError @model={{@model}} />
+    <p class="has-text-grey-dark">
+      If you do not supply lease settings, we will use the default values in AWS.
+    </p>
+  </div>
+  <TtlPicker
+    @label="Lease"
+    @initialValue={{@model.lease}}
+    @initialEnabled={{@model.lease}}
+    @onChange={{fn this.handleTtlChange "lease"}}
+  />
+  <TtlPicker
+    @label="Maximum Lease"
+    @initialValue={{@model.leaseMax}}
+    @initialEnabled={{@model.leaseMax}}
+    @onChange={{fn this.handleTtlChange "leaseMax"}}
+  />
+  <div class="box is-bottomless is-fullwidth">
+    <Hds::Button @text="Save" data-test-aws-input="lease-save" type="submit" />
+  </div>
+</form>
\ No newline at end of file
diff --git a/ui/app/components/configure-aws-secret/lease-form.ts b/ui/app/components/configure-aws-secret/lease-form.ts
new file mode 100644
index 000000000000..df89ef2d8897
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/lease-form.ts
@@ -0,0 +1,30 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+import Component from '@glimmer/component';
+import { action } from '@ember/object';
+import type SecretEngineModel from 'vault/models/secret-engine';
+import type { TtlEvent } from 'vault/app-types';
+
+type LeaseFields = { lease: string; lease_max: string };
+
+interface Args {
+  model: SecretEngineModel;
+  onSubmit: (data: LeaseFields) => void;
+}
+
+export default class ConfigureAwsSecretLeaseFormComponent extends Component<Args> {
+  @action
+  handleTtlChange(name: string, ttlObj: TtlEvent) {
+    // lease values cannot be undefined, set to 0 to use default
+    const valueToSet = ttlObj.enabled ? ttlObj.goSafeTimeString : 0;
+    this.args.model.set(name, valueToSet);
+  }
+
+  @action
+  saveLease(data: LeaseFields, event: Event) {
+    event.preventDefault();
+    this.args.onSubmit(data);
+  }
+}
diff --git a/ui/app/models/mount-config.js b/ui/app/models/mount-config.js
index d7b3665a70ea..879e29d04c6b 100644
--- a/ui/app/models/mount-config.js
+++ b/ui/app/models/mount-config.js
@@ -67,6 +67,15 @@ export default class MountConfigModel extends Model {
   })
   allowedManagedKeys;
 
+  @attr('string', {
+    editType: 'searchSelect',
+    fallbackComponent: 'string-list',
+    models: ['oidc/key'],
+    selectLimit: 1,
+    subText: 'A named key to sign tokens. Vault will use a default if left blank.',
+  })
+  identityTokenKey;
+
   @attr('string', {
     label: 'Plugin version',
     subText:
diff --git a/ui/app/models/secret-engine.js b/ui/app/models/secret-engine.js
index 555918e97ea5..6873e7de82f1 100644
--- a/ui/app/models/secret-engine.js
+++ b/ui/app/models/secret-engine.js
@@ -202,6 +202,10 @@ export default class SecretEngineModel extends Model {
     ];
 
     switch (this.engineType) {
+      case 'aws':
+        defaultFields = ['path', 'config.identityTokenKey'];
+        optionFields = [...CORE_OPTIONS, ...STANDARD_CONFIG];
+        break;
       case 'kv':
         defaultFields = ['path', 'maxVersions', 'casRequired', 'deleteVersionAfter'];
         optionFields = [