Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

InvalidSignatureException while Invoking a Lambda via API Gateway

0

Why do I receive this error and what are the possible solutions:

{ "level": 50, "time": 1698215566274, "pid": 8, "hostname": "169.254.178.13", "name": "InvalidSignatureException", "$fault": "client", "$metadata": { "httpStatusCode": 400, "requestId": "6ef2e952-9bf4-41d7-89d7-c871f9aa7c8d", "attempts": 1, "totalRetryDelay": 0 }, "__type": "InvalidSignatureException", **** "message": "Signature expired: 20231025T062005Z is now earlier than 20231025T062017Z (20231025T062517Z - 5 min.)",**** "stack": "InvalidSignatureException: Signature expired: 20231025T062005Z is now earlier than 20231025T062017Z (20231025T062517Z - 5 min.)\n at throwDefaultError (/var/runtime/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:8:22)\n at /var/runtime/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:18:39\n at de_GetSecretValueCommandError (/var/runtime/node_modules/@aws-sdk/client-secrets-manager/dist-cjs/protocols/Aws_json1_1.js:507:20)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async /var/runtime/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24\n at async /var/runtime/node_modules/@aws-sdk/middleware-signing/dist-cjs/awsAuthMiddleware.js:14:20\n at async /var/runtime/node_modules/@aws-sdk/middleware-retry/dist-cjs/retryMiddleware.js:27:46\n at async /var/runtime/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:7:26\n at async getAwsSecret (/var/task/index.js:72085:33)\n at async getAuroraConnector (/var/task/index.js:72046:25)", "type": "Error", "msg": "Error handling request" }

Argomenti
ServerlessComputazionaliFront-end web e dispositivi mobiliNetworking e distribuzione di contenuti
Tag
AWS LambdaGateway API di AmazonModello di applicazione serverless AWS (SAM)
Lingua
English
Kim Van Rompay
posta 7 mesi fa711 visualizzazioni
2 Risposte
0

Hi,

You get this error code because the client rest request reaching your API gateway is not properly signed: it must match SigV4 protocol.

See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html

You may also want to give at look at https://github.com/aws-samples/sigv4a-signing-examples to see how to properly sign you requests from different languages.

In your specific case, the error message indicates that the request was signed too long ( > 5 min) before reaching the API gateway. See on page above: Protect against potential replay attacks: In most cases, a request must reach AWS within five minutes of the time stamp in the request. Otherwise, AWS denies the request.

Best,

Didier

profile pictureAWS
ESPERTO
Didier_Durand
con risposta 7 mesi fa
profile picture
ESPERTO
Sedat Salman
verificato 7 mesi fa
0

Thank you Didier,

First of all, thank you for your answer.

Weirdly so we can evade this problem by deploying with another Jenkins agent. Is this coincidence or also related?

Kim Van Rompay
con risposta 7 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente