diff --git a/src/lua/api-gateway/aws/AwsService.lua b/src/lua/api-gateway/aws/AwsService.lua
index 2dc22a7..38eec8d 100644
--- a/src/lua/api-gateway/aws/AwsService.lua
+++ b/src/lua/api-gateway/aws/AwsService.lua
@@ -228,8 +228,9 @@ function _M:getRequestArguments(actionName, parameters)
     local urlencoded_args = "Action=" .. actionName
     if parameters ~= nil then
         for key, value in pairs(parameters) do
-            local proper_val = ngx.re.gsub(tostring(value), "&", "%26", "ijo")
-            urlencoded_args = urlencoded_args .. "&" .. key .. "=" .. (proper_val or "")
+            local t = {}
+            t[key] = tostring(value)
+            urlencoded_args = urlencoded_args .. "&" .. ngx.encode_args(t)
         end
     end
     return urlencoded_args
diff --git a/src/lua/api-gateway/aws/AwsV4Signature.lua b/src/lua/api-gateway/aws/AwsV4Signature.lua
index 3936937..3cb61c7 100644
--- a/src/lua/api-gateway/aws/AwsV4Signature.lua
+++ b/src/lua/api-gateway/aws/AwsV4Signature.lua
@@ -51,20 +51,13 @@ end
 local _sign = _sign_sha256_FFI
 local _hash = _sha256_hex
 
-local function get_hashed_canonical_request(method, uri, querystring, headers, requestPayload)
+local function get_hashed_canonical_request(method, uri, querystring, host, amzDate, requestPayload)
     local hash = method .. '\n' ..
                  uri .. '\n' ..
                 (querystring or "") .. '\n'
-    -- add canonicalHeaders
-    local canonicalHeaders = ""
-    local signedHeaders = ""
-    for h_n,h_v in pairs(headers) do
-        -- todo: trim and lowercase
-        canonicalHeaders = canonicalHeaders .. h_n .. ":" .. h_v .. "\n"
-        signedHeaders = signedHeaders .. h_n .. ";"
-    end
-    --remove the last ";" from the signedHeaders
-    signedHeaders = string.sub(signedHeaders, 1, -2)
+    -- add canonicalHeaders. Headers must be in alphabetical order
+    local canonicalHeaders = "host:" .. host .. "\n" .. "x-amz-date:" .. amzDate .. "\n"
+    local signedHeaders = "host;x-amz-date"
 
     hash = hash .. canonicalHeaders .. "\n"
             .. signedHeaders .. "\n"
@@ -157,9 +150,7 @@ function HmacAuthV4Handler:getSignature(http_method, request_uri, uri_arg_table,
     local date1 = self.aws_date_short
     local date2 = self.aws_date
 
-    local headers = {}
-    headers.host = self.aws_service .. "." .. self.aws_region .. ".amazonaws.com"
-    headers["x-amz-date"] = date2
+    local host = self.aws_service .. "." .. self.aws_region .. ".amazonaws.com"
 
     local encoded_request_uri = request_uri
     if (self.doubleUrlEncode == true) then
@@ -176,7 +167,7 @@ function HmacAuthV4Handler:getSignature(http_method, request_uri, uri_arg_table,
             get_hashed_canonical_request(
                 http_method, encoded_request_uri,
                 uri_args,
-                headers, request_payload) ) )
+                host, date2, request_payload) ) )
     return sign
 end