En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

InvalidSignatureException while Invoking a Lambda via API Gateway

0

Why do I receive this error and what are the possible solutions:

{ "level": 50, "time": 1698215566274, "pid": 8, "hostname": "169.254.178.13", "name": "InvalidSignatureException", "$fault": "client", "$metadata": { "httpStatusCode": 400, "requestId": "6ef2e952-9bf4-41d7-89d7-c871f9aa7c8d", "attempts": 1, "totalRetryDelay": 0 }, "__type": "InvalidSignatureException", **** "message": "Signature expired: 20231025T062005Z is now earlier than 20231025T062017Z (20231025T062517Z - 5 min.)",**** "stack": "InvalidSignatureException: Signature expired: 20231025T062005Z is now earlier than 20231025T062017Z (20231025T062517Z - 5 min.)\n at throwDefaultError (/var/runtime/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:8:22)\n at /var/runtime/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:18:39\n at de_GetSecretValueCommandError (/var/runtime/node_modules/@aws-sdk/client-secrets-manager/dist-cjs/protocols/Aws_json1_1.js:507:20)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async /var/runtime/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24\n at async /var/runtime/node_modules/@aws-sdk/middleware-signing/dist-cjs/awsAuthMiddleware.js:14:20\n at async /var/runtime/node_modules/@aws-sdk/middleware-retry/dist-cjs/retryMiddleware.js:27:46\n at async /var/runtime/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:7:26\n at async getAwsSecret (/var/task/index.js:72085:33)\n at async getAuroraConnector (/var/task/index.js:72046:25)", "type": "Error", "msg": "Error handling request" }

Sujets
Sans serveurCalculWeb et mobile front-endRéseaux et diffusion de contenu
Balises
AWS LambdaPasserelle API AmazonModèle d'application sans serveur (SAM) AWS
Langue
English
Kim Van Rompay
demandé il y a 7 mois711 vues
2 réponses
0

Hi,

You get this error code because the client rest request reaching your API gateway is not properly signed: it must match SigV4 protocol.

See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html

You may also want to give at look at https://github.com/aws-samples/sigv4a-signing-examples to see how to properly sign you requests from different languages.

In your specific case, the error message indicates that the request was signed too long ( > 5 min) before reaching the API gateway. See on page above: Protect against potential replay attacks: In most cases, a request must reach AWS within five minutes of the time stamp in the request. Otherwise, AWS denies the request.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
répondu il y a 7 mois
profile picture
EXPERT
Sedat Salman
vérifié il y a 7 mois
0

Thank you Didier,

First of all, thank you for your answer.

Weirdly so we can evade this problem by deploying with another Jenkins agent. Is this coincidence or also related?

Kim Van Rompay
répondu il y a 7 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents