diff --git a/lib/aws/AwsSigv4Signer.js b/lib/aws/AwsSigv4Signer.js
index f2086aee5..2ebafcfd0 100644
--- a/lib/aws/AwsSigv4Signer.js
+++ b/lib/aws/AwsSigv4Signer.js
@@ -14,6 +14,7 @@ const Connection = require('../Connection')
 const Transport = require('../Transport')
 const aws4 = require('aws4')
 const AwsSigv4SignerError = require('./errors')
+const crypto = require('crypto')
 
 const getAwsSDKCredentialsProvider = async () => {
   // First try V3
@@ -78,7 +79,12 @@ function AwsSigv4Signer (opts = {}) {
     request.region = opts.region
     request.headers = request.headers || {}
     request.headers.host = request.hostname
-    return aws4.sign(request, credentialsState.credentials)
+    const signed = aws4.sign(request, credentialsState.credentials)
+    signed.headers['x-amz-content-sha256'] = crypto
+      .createHash('sha256')
+      .update(request.body || '', 'utf8')
+      .digest('hex')
+    return signed
   }
 
   class AwsSigv4SignerConnection extends Connection {
diff --git a/lib/aws/index.d.ts b/lib/aws/index.d.ts
index 50ba0c4f0..640a46713 100644
--- a/lib/aws/index.d.ts
+++ b/lib/aws/index.d.ts
@@ -20,6 +20,7 @@ import { OpenSearchClientError } from '../errors';
 interface AwsSigv4SignerOptions {
   getCredentials: () => Promise<Credentials>;
   region: string;
+  service?: 'es' | 'aoss';
 }
 
 interface AwsSigv4SignerResponse {
diff --git a/test/unit/lib/aws/awssigv4signer.test.js b/test/unit/lib/aws/awssigv4signer.test.js
index d6a66b7b2..d44f51bb6 100644
--- a/test/unit/lib/aws/awssigv4signer.test.js
+++ b/test/unit/lib/aws/awssigv4signer.test.js
@@ -17,7 +17,7 @@ const { Connection } = require('../../../../index')
 const { Client, buildServer } = require('../../../utils')
 
 test('Sign with SigV4', (t) => {
-  t.plan(3)
+  t.plan(4)
 
   const mockCreds = {
     accessKeyId: uuidv4(),
@@ -51,6 +51,10 @@ test('Sign with SigV4', (t) => {
   const signedRequest = auth.buildSignedRequestObject(request)
   t.hasProp(signedRequest.headers, 'X-Amz-Date')
   t.hasProp(signedRequest.headers, 'Authorization')
+  t.same(
+    signedRequest.headers['x-amz-content-sha256'],
+    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+  )
   t.same(signedRequest.service, 'es')
 })