diff --git a/RHEL-16247-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch b/RHEL-16247-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
index e43cdbf..7d3256d 100644
--- a/RHEL-16247-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
+++ b/RHEL-16247-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
@@ -1,18 +1,18 @@
-From a1177407608887970cafbfe7ad9bf97570c739dd Mon Sep 17 00:00:00 2001
+From f45f76600a7e02c860566db7d1350dc3b09449c2 Mon Sep 17 00:00:00 2001
 From: Oyvind Albrigtsen <oalbrigt@redhat.com>
 Date: Mon, 6 Nov 2023 15:49:44 +0100
 Subject: [PATCH] aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
  parameter and AWS Policy based authentication type
 
 ---
- heartbeat/aws-vpc-move-ip    | 40 ++++++++++++++++++----
- heartbeat/aws-vpc-route53.in | 44 +++++++++++++++++++-----
- heartbeat/awseip             | 65 +++++++++++++++++++++++++++---------
- heartbeat/awsvip             | 59 +++++++++++++++++++++++++-------
- 4 files changed, 166 insertions(+), 42 deletions(-)
+ heartbeat/aws-vpc-move-ip    | 43 +++++++++++++++++++----
+ heartbeat/aws-vpc-route53.in | 47 ++++++++++++++++++++-----
+ heartbeat/awseip             | 68 +++++++++++++++++++++++++++---------
+ heartbeat/awsvip             | 60 ++++++++++++++++++++++++-------
+ 4 files changed, 173 insertions(+), 45 deletions(-)
 
 diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
-index dee040300f..3fa93cd4af 100755
+index dee040300f..54806f6eaa 100755
 --- a/heartbeat/aws-vpc-move-ip
 +++ b/heartbeat/aws-vpc-move-ip
 @@ -36,6 +36,7 @@
@@ -76,7 +76,12 @@ index dee040300f..3fa93cd4af 100755
  	export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')"
  	export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')"
  	export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')"
-@@ -224,7 +237,7 @@ ec2ip_validate() {
+@@ -220,11 +233,11 @@ ec2ip_set_address_param_compat(){
+ }
+ 
+ ec2ip_validate() {
+-	for cmd in $OCF_RESKEY_awscli ip curl; do
++	for cmd in "$OCF_RESKEY_awscli" ip curl; do
  		check_binary "$cmd"
  	done
  
@@ -103,12 +108,13 @@ index dee040300f..3fa93cd4af 100755
  			ocf_log debug "executing command: $cmd"
  			$cmd
  		else
-@@ -475,6 +488,21 @@ if ! ocf_is_root; then
+@@ -475,6 +488,22 @@ if ! ocf_is_root; then
  	exit $OCF_ERR_PERM
  fi
  
++AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
++	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@@ -126,7 +132,7 @@ index dee040300f..3fa93cd4af 100755
  
  ec2ip_validate
 diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
-index 22cbb35833..911f15f59f 100644
+index 22cbb35833..18ab157e8a 100644
 --- a/heartbeat/aws-vpc-route53.in
 +++ b/heartbeat/aws-vpc-route53.in
 @@ -46,24 +46,22 @@
@@ -174,6 +180,15 @@ index 22cbb35833..911f15f59f 100644
  <parameter name="profile">
  <longdesc lang="en">
  The name of the AWS CLI profile of the root account. This
+@@ -196,7 +203,7 @@ r53_validate() {
+ 
+ 	# Check for required binaries
+ 	ocf_log debug "Checking for required binaries"
+-	for command in curl dig; do
++	for command in "${OCF_RESKEY_awscli}" curl dig; do
+ 		check_binary "$command"
+ 	done
+ 
 @@ -216,7 +223,10 @@ r53_validate() {
  	esac
  
@@ -194,14 +209,15 @@ index 22cbb35833..911f15f59f 100644
  case $__OCF_ACTION in
  	usage|help)
  		usage
-@@ -427,6 +436,25 @@ case $__OCF_ACTION in
+@@ -427,6 +436,26 @@ case $__OCF_ACTION in
  		metadata
  		exit $OCF_SUCCESS
  		;;
 +esac
 +
++AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
++	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@@ -221,7 +237,7 @@ index 22cbb35833..911f15f59f 100644
  		r53_validate || exit $?
  		r53_start
 diff --git a/heartbeat/awseip b/heartbeat/awseip
-index dc48460c85..f93b5a3434 100755
+index dc48460c85..49b0ca6155 100755
 --- a/heartbeat/awseip
 +++ b/heartbeat/awseip
 @@ -23,7 +23,8 @@
@@ -335,16 +351,19 @@ index dc48460c85..f93b5a3434 100755
      RET=$?
  
      if [ $RET -ne 0 ]; then
-@@ -220,7 +240,7 @@ awseip_monitor() {
+@@ -218,9 +238,9 @@ awseip_monitor() {
+ }
+ 
  awseip_validate() {
-     check_binary ${AWSCLI}
+-    check_binary ${AWSCLI}
++    check_binary "${OCF_RESKEY_awscli}"
  
 -    if [ -z "$OCF_RESKEY_profile" ]; then
 +    if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
          ocf_exit_reason "profile parameter not set"
          return $OCF_ERR_CONFIGURED
      fi
-@@ -238,9 +258,26 @@ case $__OCF_ACTION in
+@@ -238,9 +258,27 @@ case $__OCF_ACTION in
          meta_data
          exit $OCF_SUCCESS
          ;;
@@ -356,8 +375,9 @@ index dc48460c85..f93b5a3434 100755
 +esac
  
 -AWSCLI="${OCF_RESKEY_awscli}"
++AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
++	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@@ -373,7 +393,7 @@ index dc48460c85..f93b5a3434 100755
  ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
  ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
  PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
-@@ -272,10 +309,6 @@ case $__OCF_ACTION in
+@@ -272,10 +310,6 @@ case $__OCF_ACTION in
      validate|validate-all)
          awseip_validate
          ;;
@@ -385,7 +405,7 @@ index dc48460c85..f93b5a3434 100755
          awseip_usage
          exit $OCF_ERR_UNIMPLEMENTED
 diff --git a/heartbeat/awsvip b/heartbeat/awsvip
-index 037278e296..7e6cc23d64 100755
+index 037278e296..bdb4d68dd0 100755
 --- a/heartbeat/awsvip
 +++ b/heartbeat/awsvip
 @@ -23,7 +23,8 @@
@@ -486,14 +506,14 @@ index 037278e296..7e6cc23d64 100755
  
  awsvip_validate() {
 -    check_binary ${AWSCLI}
-+    check_binary ${OCF_RESKEY_awscli}
++    check_binary "${OCF_RESKEY_awscli}"
  
 -    if [ -z "$OCF_RESKEY_profile" ]; then
 +    if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
          ocf_exit_reason "profile parameter not set"
          return $OCF_ERR_CONFIGURED
      fi
-@@ -202,9 +224,26 @@ case $__OCF_ACTION in
+@@ -202,9 +224,27 @@ case $__OCF_ACTION in
          meta_data
          exit $OCF_SUCCESS
          ;;
@@ -504,8 +524,9 @@ index 037278e296..7e6cc23d64 100755
  esac
  
 -AWSCLI="${OCF_RESKEY_awscli}"
++AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
++	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@@ -521,7 +542,7 @@ index 037278e296..7e6cc23d64 100755
  SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
  TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
  INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
-@@ -236,10 +275,6 @@ case $__OCF_ACTION in
+@@ -236,10 +276,6 @@ case $__OCF_ACTION in
      validate|validate-all)
          awsvip_validate
          ;;
diff --git a/resource-agents.spec b/resource-agents.spec
index acfb20c..fe07478 100644
--- a/resource-agents.spec
+++ b/resource-agents.spec
@@ -45,7 +45,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.10.0
-Release:	48%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
+Release:	49%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
 License:	GPLv2+ and LGPLv2+
 URL:		https://github.com/ClusterLabs/resource-agents
 Source0:	%{upstream_prefix}-%{upstream_version}.tar.gz
@@ -627,7 +627,7 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
 
 %changelog
-* Tue Nov 14 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-48
+* Fri Nov 17 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-49
 - aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter
   and AWS Policy based authentication type