Signature expired: is now earlier than error : InvalidSignatureException

Question

I am trying a small example with AWS API Gateway and IAM authorization. The AWS API Gateway generated the below Endpoint :

https://xyz1234.execute-api.us-e         


        

Answer 1

A request signed with AWS sigV4 includes a timestamp for when the signature was created. Signatures are only valid for a short amount of time after they are created. (This limits the amount of time that a replay attack can be attempted.)

When the signature is validated the timestamp is compared to the current time. If this indicates that the signature was not created recently, then signature validation fails with the error message you mentioned.

A common cause of this is when the local clock on the host generating the signature is off by more than a couple of minutes.