For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
How do I resolve the "Signature expired" error when I use an AWS SDK to invoke a Lambda function?
When I use an AWS SDK to invoke my AWS Lambda function, the function returns a "Signature expired" error."
Short description
When the client time and server time don't match, the Lambda signature expires, and you receive an error message similar to the following:
"Error: native lambda error:InvalidSignatureException: Signature expired: 20230118T161739Z is now earlier than 20230118T161739Z (20190318T162239Z - 5 min.)"
An API request must reach AWS within 5 minutes of the timestamp in the request or AWS denies the request. In specific scenarios, you can change the client time to match the server time.
Resolution
When you use an AWS SDK to synchronously invoke a Lambda function, the connection lasts until the response is returned. By default, the Node.js SDK allows 50 connections. If you reach the connection quota, then the SDK queues the request locally until a connection is available. If you receive the "Signature expired" error and the following actions are true, then you might have reached the connection quota:
- The Lambda function isn't throttling.
- The client time is correct.
- (Node.js SDK only) You set the correctClockSkew:true option when you created the client to correct the time when you invoke the function.
- You invoked the Lambda function at a high rate, and the invocation runs for an extended time.
The SDK signs the request, and then puts the request in a queue. If the queue becomes too large and the request is pending for more than 5 minutes, then the signature expires. Because the signature expired, all additional requests fail.
If you don't need the response from the invocation, then use asynchronous invocation. Asynchronous invocation allows the SDK to use the connection only to invoke the request and doesn't wait for a response.
You can also use Top Level Await (TLA) in your application. Use TLA if you make API calls outside of a handler, and you receive SignatureDoesNotMatch exceptions when you use Node.js AWS SDK v3.
Or, increase the maximum number of connections that the SDK allows.
Note: When you add connections, the Lambda function invokes at a higher rate and can cause throttling.
Related information
Monitoring, debugging, and troubleshooting Lambda functions
How do I troubleshoot Lambda function invocation timeout errors?
How do I use CloudWatch Logs to determine if my Lambda function timed out?
- Topics
- ServerlessCompute
- Tags
- AWS Lambda
- Language
- English
How to resolve this when you get this error while updating the lambda function from AWS SDK? Error: updating code for Lambda function: Signature expired: 20230512T173853Z is now earlier than 20230512T174113Z (20230512T174613Z - 5 min.)
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Hi there, thanks for this post, we have a bit of weird one, we are getting this error when called the CloudWatch SDK implying that we are calling it perhaps too much but we never saw this error when we were on aws-sdk v2 and are only seeing it since upgrading to v3. Has something changed in the way the SDK works that is only doing this in v3? Thanks
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
for folks that are investigating the sdkv2 -> v3 issue, please see this bug discussion - https://github.com/aws/aws-sdk-js-v3/issues/5192#issuecomment-1857037911
This article was reviewed and updated on 2026-03-12.
