diff --git a/mmv1/products/networkservices/api.yaml b/mmv1/products/networkservices/api.yaml
index 792146b752c2..3aa02430bc98 100644
--- a/mmv1/products/networkservices/api.yaml
+++ b/mmv1/products/networkservices/api.yaml
@@ -292,6 +292,28 @@ objects:
               - timeout.0.max_attempts_timeout
               - timeout.0.response_timeout
               - timeout.0.read_timeout
+      - !ruby/object:Api::Type::NestedObject
+        name: 'awsV4Authentication'
+        description: |
+          Enable AWS Signature Version 4 origin authentication.
+        properties:
+          - !ruby/object:Api::Type::String
+            name: 'accessKeyId'
+            required: true
+            description: |
+              The access key ID your origin uses to identify the key.
+          - !ruby/object:Api::Type::String
+            name: 'secretAccessKeyVersion'
+            required: true
+            description: |
+              The Secret Manager secret version of the secret access key used by your origin.
+
+              This is the resource name of the secret version in the format `projects/*/secrets/*/versions/*` where the `*` values are replaced by the project, secret, and version you require.
+          - !ruby/object:Api::Type::String
+            name: 'originRegion'
+            required: true
+            description: |
+              The name of the AWS region that your origin is in.
   - !ruby/object:Api::Resource
     name: 'EdgeCacheService'
     base_url: 'projects/{{project}}/locations/global/edgeCacheServices'
diff --git a/mmv1/products/networkservices/terraform.yaml b/mmv1/products/networkservices/terraform.yaml
index 64d757aaf770..d3de70f58f8d 100644
--- a/mmv1/products/networkservices/terraform.yaml
+++ b/mmv1/products/networkservices/terraform.yaml
@@ -45,6 +45,14 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           resource_name_2: "my-fallback"
         ignore_read_extra:
          - "timeout"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "network_services_edge_cache_origin_v4auth"
+        primary_resource_id: "default"
+        vars:
+          resource_name: "my-origin"
+          secret_name: "secret-name"
+        ignore_read_extra:
+         - "timeout"
     properties:
       failoverOrigin: !ruby/object:Overrides::Terraform::PropertyOverride
         diff_suppress_func: 'compareResourceNames'
diff --git a/mmv1/templates/terraform/examples/network_services_edge_cache_origin_v4auth.tf.erb b/mmv1/templates/terraform/examples/network_services_edge_cache_origin_v4auth.tf.erb
new file mode 100644
index 000000000000..c9b4633cce96
--- /dev/null
+++ b/mmv1/templates/terraform/examples/network_services_edge_cache_origin_v4auth.tf.erb
@@ -0,0 +1,24 @@
+resource "google_secret_manager_secret" "secret-basic" {
+  secret_id = "<%= ctx[:vars]['secret_name'] %>"
+
+  replication {
+    automatic = true
+  }
+}
+
+resource "google_secret_manager_secret_version" "secret-version-basic" {
+  secret = google_secret_manager_secret.secret-basic.id
+
+  secret_data = "secret-data"
+}
+
+resource "google_network_services_edge_cache_origin" "<%= ctx[:primary_resource_id] %>" {
+  name           = "<%= ctx[:vars]['resource_name'] %>"
+  origin_address = "gs://media-edge-default"
+  description    = "The default bucket for V4 authentication"
+  aws_v4_authentication {
+    access_key_id             = "ACCESSKEYID"
+    secret_access_key_version = google_secret_manager_secret_version.secret-version-basic.id
+    origin_region             = "auto"
+  }
+}