About the String to Sign

Each AWS request you send must include an HMAC-SHA request signature calculated with your Secret Access Key (except for SOAP requests using WS-Security). The string you use to calculate the signature (the string to sign) varies depending on the API you're using (Query or SOAP). The details are covered in the following topics:

Query Request Authentication
SOAP without WS-Security