diff --git a/docs/content/configuration.md b/docs/content/configuration.md
index 2148e6b5df..65c6175dc3 100644
--- a/docs/content/configuration.md
+++ b/docs/content/configuration.md
@@ -580,7 +580,7 @@ via [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeR
 
 {{< info >}}
 For using `services[_].credentials.s3_signing.assume_role_credentials`, a method for setting the AWS credentials has to be specified in the `services[_].credentials.s3_signing.assume_role_credentials.aws_signing`.
-The value of `services[_].credentials.s3_signing.assume_role_credentials.aws_signing.service` is set to `STS`. Several methods of obtaining the necessary credentials are available; exactly one must be specified,
+The value of `services[_].credentials.s3_signing.assume_role_credentials.aws_signing.service` is set to `sts`. Several methods of obtaining the necessary credentials are available; exactly one must be specified,
 see description for `services[_].credentials.s3_signing`. Currently supported methods are `services[_].credentials.s3_signing.environment_credentials`, `services[_].credentials.s3_signing.profile_credentials` and
 `services[_].credentials.s3_signing.metadata_credentials`. OPA will follow this *internally defined* order of precedence when multiple credential providers are specified.
 {{< /info >}}
diff --git a/plugins/rest/aws.go b/plugins/rest/aws.go
index ae1baa2647..f39027366e 100644
--- a/plugins/rest/aws.go
+++ b/plugins/rest/aws.go
@@ -448,7 +448,7 @@ func (cs *awsAssumeRoleCredentialService) refreshFromService(ctx context.Context
 		return err
 	}
 
-	err = aws.SignRequest(req, "STS", signingCreds, time.Now(), cs.AWSSigningPlugin.AWSSignatureVersion)
+	err = aws.SignRequest(req, "sts", signingCreds, time.Now(), cs.AWSSigningPlugin.AWSSignatureVersion)
 	if err != nil {
 		return err
 	}