diff --git a/include/aws/auth/credentials.h b/include/aws/auth/credentials.h
index ce87c9c4..396368cb 100644
--- a/include/aws/auth/credentials.h
+++ b/include/aws/auth/credentials.h
@@ -354,6 +354,11 @@ struct aws_credentials_provider_x509_options {
      */
     const struct aws_http_proxy_options *proxy_options;
 
+    /**
+     * (Optional) Socks5 proxy configuration for the http request that fetches credentials
+     */
+    const struct aws_socks5_proxy_options *socks5_proxy_options;
+
     /* For mocking the http layer in tests, leave NULL otherwise */
     struct aws_auth_http_system_vtable *function_table;
 };
@@ -525,6 +530,11 @@ struct aws_credentials_provider_sts_options {
      */
     const struct aws_http_proxy_options *http_proxy_options;
 
+    /**
+     * (Optional) Socks5 proxy configuration for the http request that fetches credentials
+     */
+    const struct aws_socks5_proxy_options *socks5_proxy_options;
+
     /**
      * (Optional)
      * Uses a cached config file profile collection (~/.aws/config). You can also pass a merged profile collection,
@@ -722,6 +732,11 @@ struct aws_credentials_provider_cognito_options {
      */
     const struct aws_http_proxy_options *http_proxy_options;
 
+    /**
+     * (Optional) Socks5 proxy configuration for the http request that fetches credentials
+     */
+    const struct aws_socks5_proxy_options *socks5_proxy_options;
+
     /* For mocking the http layer in tests, leave NULL otherwise */
     struct aws_auth_http_system_vtable *function_table;
 
diff --git a/source/credentials_provider_cognito.c b/source/credentials_provider_cognito.c
index 51ae18dc..882e5bd3 100644
--- a/source/credentials_provider_cognito.c
+++ b/source/credentials_provider_cognito.c
@@ -817,6 +817,7 @@ struct aws_credentials_provider *aws_credentials_provider_new_cognito(
     manager_options.shutdown_complete_user_data = provider;
     manager_options.tls_connection_options = &tls_connection_options;
     manager_options.proxy_options = options->http_proxy_options;
+    manager_options.socks5_proxy_options = options->socks5_proxy_options;
 
     impl->function_table = options->function_table;
     if (impl->function_table == NULL) {
diff --git a/source/credentials_provider_sts.c b/source/credentials_provider_sts.c
index 477aef6d..5c86f850 100644
--- a/source/credentials_provider_sts.c
+++ b/source/credentials_provider_sts.c
@@ -952,6 +952,7 @@ struct aws_credentials_provider *aws_credentials_provider_new_sts(
         .socket_options = &socket_options,
         .tls_connection_options = &tls_connection_options,
         .proxy_options = options->http_proxy_options,
+        .socks5_proxy_options = options->socks5_proxy_options,
     };
 
     impl->connection_manager =
diff --git a/source/credentials_provider_x509.c b/source/credentials_provider_x509.c
index 8917636a..e4e876d4 100644
--- a/source/credentials_provider_x509.c
+++ b/source/credentials_provider_x509.c
@@ -583,6 +583,7 @@ struct aws_credentials_provider *aws_credentials_provider_new_x509(
     manager_options.shutdown_complete_user_data = provider;
     manager_options.tls_connection_options = &impl->tls_connection_options;
     manager_options.proxy_options = options->proxy_options;
+    manager_options.socks5_proxy_options = options->socks5_proxy_options;
 
     impl->function_table = options->function_table;
     if (impl->function_table == NULL) {