diff --git a/requests_aws4auth/aws4auth.py b/requests_aws4auth/aws4auth.py
index e0b55ff..4bf3c94 100644
--- a/requests_aws4auth/aws4auth.py
+++ b/requests_aws4auth/aws4auth.py
@@ -615,7 +615,16 @@ def get_canonical_headers(cls, req, include=None):
         # in the signed headers, but Requests doesn't include it in a
         # PreparedRequest
         if 'host' not in headers:
-            headers['host'] = urlparse(str(req.url)).netloc.split(':')[0]
+            purl = urlparse(str(req.url))
+            netloc = purl.netloc
+            # Python's http client only includes the port if it is non-default,
+            # see http.client.HTTPConnection.putrequest. The request URL, on the
+            # other hand, might explicitly include it.
+            if (purl.port is not None
+                and (purl.scheme == 'http' and purl.port == 80 or
+                     purl.scheme == 'https' and purl.port == 443)):
+                netloc = netloc.rsplit(":", 1)[0]
+            headers['host'] = netloc
         # Aggregate for upper/lowercase header name collisions in header names,
         # AMZ requires values of colliding headers be concatenated into a
         # single header with lowercase name.  Although this is not possible with