Some AWS components accept API inputs as headers. Such headers should always be signed. However, while awscurl allows users to specify arbitrary headers, it does not allow them to tell it to sign those headers: awscurl always signs only host, x-amz-date, and if present, x-amz-security-token.

Please provide a way for users to request that specific additional headers be covered in the signature. It should be an error to request that a header be signed if it is not present in the request.

I like this -- I'll try to get some time to include this.