Comment 13 for bug 1372710

> That is, keystone includes the Action header in the data to be signed, while boto does not.

How can that be right? Surely this is a boto bug?

The requests in comment #3 indicates the entire query string is missing from the request that is signed, meaning anyone who captures the request can replay whatever data they want into cloudwatch. So IMO we don't want that scheme.

Are we sure the arguments aren't just passed as POST data instead of part of the query string?