Referencing from here, Amazon as of March 2022 recommends verifying the header's Signature-256 against the SHA-256 hash of the request body, as documented here.
Might also be worth revisiting the checklist to make sure this module is up-to-date for such checks.