diff --git a/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqttConnectionBuilder.java b/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqttConnectionBuilder.java
index 7c1ff5912..d120922f6 100644
--- a/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqttConnectionBuilder.java
+++ b/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqttConnectionBuilder.java
@@ -516,6 +516,14 @@ public MqttClientConnection build() {
         // This does mean that once you call build() once, modifying the tls context options or client bootstrap
         // has no affect on subsequently-created connections.
         synchronized(this) {
+            // Is this going to a custom authorizer at the correct (443) port? If so change the alpnList to "mqtt".
+            if (config.getUsername() != null) {
+                if (config.getUsername().contains("x-amz-customauthorizer-name") && config.getPort() == 443) {
+                    tlsOptions.alpnList.clear();
+                    tlsOptions.alpnList.add("mqtt");
+                }
+            }
+
             if (tlsOptions != null && (tlsContext == null || resetLazilyCreatedResources)) {
                 try (ClientTlsContext clientTlsContext = new ClientTlsContext(tlsOptions)) {
                     swapReferenceTo(tlsContext, clientTlsContext);