Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

InvalidSignatureException while Invoking a Lambda via API Gateway

0

Why do I receive this error and what are the possible solutions:

{ "level": 50, "time": 1698215566274, "pid": 8, "hostname": "169.254.178.13", "name": "InvalidSignatureException", "$fault": "client", "$metadata": { "httpStatusCode": 400, "requestId": "6ef2e952-9bf4-41d7-89d7-c871f9aa7c8d", "attempts": 1, "totalRetryDelay": 0 }, "__type": "InvalidSignatureException", **** "message": "Signature expired: 20231025T062005Z is now earlier than 20231025T062017Z (20231025T062517Z - 5 min.)",**** "stack": "InvalidSignatureException: Signature expired: 20231025T062005Z is now earlier than 20231025T062017Z (20231025T062517Z - 5 min.)\n at throwDefaultError (/var/runtime/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:8:22)\n at /var/runtime/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:18:39\n at de_GetSecretValueCommandError (/var/runtime/node_modules/@aws-sdk/client-secrets-manager/dist-cjs/protocols/Aws_json1_1.js:507:20)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async /var/runtime/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24\n at async /var/runtime/node_modules/@aws-sdk/middleware-signing/dist-cjs/awsAuthMiddleware.js:14:20\n at async /var/runtime/node_modules/@aws-sdk/middleware-retry/dist-cjs/retryMiddleware.js:27:46\n at async /var/runtime/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:7:26\n at async getAwsSecret (/var/task/index.js:72085:33)\n at async getAuroraConnector (/var/task/index.js:72046:25)", "type": "Error", "msg": "Error handling request" }

Temas
Sin servidorCálculoWeb y móvil front-endRedes y entrega de contenido
Etiquetas
AWS LambdaAmazon API GatewayModelo de aplicaciones sin servidor (SAM) de AWS
Idioma
English
Kim Van Rompay
preguntada hace 7 meses711 visualizaciones
2 Respuestas
0

Hi,

You get this error code because the client rest request reaching your API gateway is not properly signed: it must match SigV4 protocol.

See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html

You may also want to give at look at https://github.com/aws-samples/sigv4a-signing-examples to see how to properly sign you requests from different languages.

In your specific case, the error message indicates that the request was signed too long ( > 5 min) before reaching the API gateway. See on page above: Protect against potential replay attacks: In most cases, a request must reach AWS within five minutes of the time stamp in the request. Otherwise, AWS denies the request.

Best,

Didier

profile pictureAWS
EXPERTO
Didier_Durand
respondido hace 7 meses
profile picture
EXPERTO
Sedat Salman
revisado hace 7 meses
0

Thank you Didier,

First of all, thank you for your answer.

Weirdly so we can evade this problem by deploying with another Jenkins agent. Is this coincidence or also related?

Kim Van Rompay
respondido hace 7 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante