diff --git a/google/auth/aws.py b/google/auth/aws.py
index 2f2a1359b..c8deee707 100644
--- a/google/auth/aws.py
+++ b/google/auth/aws.py
@@ -45,6 +45,7 @@
 import os
 import re
 import urllib
+from urllib.parse import urljoin
 
 from google.auth import _helpers
 from google.auth import environment_vars
@@ -112,13 +113,17 @@ def get_request_options(
         additional_headers = additional_headers or {}
 
         uri = urllib.parse.urlparse(url)
+        # Normalize the URL path. This is needed for the canonical_uri.
+        # os.path.normpath can't be used since it normalizes "/" paths
+        # to "\\" in Windows OS.
+        normalized_uri = urllib.parse.urlparse(urljoin(url, uri.path))
         # Validate provided URL.
         if not uri.hostname or uri.scheme != "https":
             raise ValueError("Invalid AWS service URL")
 
         header_map = _generate_authentication_header_map(
             host=uri.hostname,
-            canonical_uri=os.path.normpath(uri.path or "/"),
+            canonical_uri=normalized_uri.path or "/",
             canonical_querystring=_get_canonical_querystring(uri.query),
             method=method,
             region=self._region_name,