diff --git a/index.d.ts b/index.d.ts
index 0a7c859f51d..80fca3c39e5 100644
--- a/index.d.ts
+++ b/index.d.ts
@@ -943,6 +943,14 @@ declare namespace plugins {
      * @default code => code < 500
      */
     validateStatus?: (code: number) => boolean;
+
+    /**
+     * Enable injection of tracing headers into requests signed with AWS IAM headers.
+     * Disable this if you get AWS signature errors (HTTP 403).
+     *
+     * @default false
+     */
+    enableTracingWithAmazonSignature?: boolean;
   }
 
   /** @hidden */
diff --git a/packages/datadog-plugin-http/src/client.js b/packages/datadog-plugin-http/src/client.js
index 8ea210a0ba9..bbc58d17a41 100644
--- a/packages/datadog-plugin-http/src/client.js
+++ b/packages/datadog-plugin-http/src/client.js
@@ -58,7 +58,7 @@ class HttpClientPlugin extends ClientPlugin {
       span._spanContext._trace.record = false
     }
 
-    if (!(hasAmazonSignature(options) || !this.config.propagationFilter(uri))) {
+    if (this.shouldInjectTraceHeaders(options, uri)) {
       this.tracer.inject(span, HTTP_HEADERS, options.headers)
     }
 
@@ -71,6 +71,18 @@ class HttpClientPlugin extends ClientPlugin {
     return message.currentStore
   }
 
+  shouldInjectTraceHeaders (options, uri) {
+    if (hasAmazonSignature(options) && !this.config.enableTracingWithAmazonSignature) {
+      return false
+    }
+
+    if (!this.config.propagationFilter(uri)) {
+      return false
+    }
+
+    return true
+  }
+
   bindAsyncStart ({ parentStore }) {
     return parentStore
   }
diff --git a/packages/datadog-plugin-http/test/client.spec.js b/packages/datadog-plugin-http/test/client.spec.js
index ca2a89cf67d..aa7591bd322 100644
--- a/packages/datadog-plugin-http/test/client.spec.js
+++ b/packages/datadog-plugin-http/test/client.spec.js
@@ -1052,6 +1052,52 @@ describe('Plugin', () => {
         })
       })
 
+      describe('with config enableTracingWithAmazonSignature enabled', () => {
+        let config
+
+        beforeEach(() => {
+          config = {
+            enableTracingWithAmazonSignature: true
+          }
+
+          return agent.load('http', config)
+            .then(() => {
+              http = require(protocol)
+              express = require('express')
+            })
+        })
+
+        it('should inject tracing header into AWS signed request', done => {
+          const app = express()
+
+          app.get('/', (req, res) => {
+            try {
+              expect(req.get('x-datadog-trace-id')).to.be.a('string')
+              expect(req.get('x-datadog-parent-id')).to.be.a('string')
+
+              res.status(200).send()
+
+              done()
+            } catch (e) {
+              done(e)
+            }
+          })
+
+          getPort().then(port => {
+            appListener = server(app, port, () => {
+              const req = http.request({
+                port,
+                headers: {
+                  Authorization: 'AWS4-HMAC-SHA256 ...'
+                }
+              })
+
+              req.end()
+            })
+          })
+        })
+      })
+
       describe('with validateStatus configuration', () => {
         let config