How can I resolve the error "native lambda error:InvalidSignatureException: Signature expired" when invoking a Lambda function using an AWS SDK?
When I invoke my AWS Lambda function using an AWS SDK, the function returns a signature expired error.
Short description
Lambda expired signatures occurs when the client time and server time don't match similar to the following error:
"Error: native lambda error:InvalidSignatureException: Signature expired: 20230118T161739Z is now earlier than 20230118T161739Z (20190318T162239Z - 5 min.)"
An API request must reach AWS within five minutes of the timestamp in the request or AWS denies the request. In some scenarios, this issue can't be corrected by changing the client time to match the server time.
Resolution
When invoking a Lambda function synchronously using an AWS SDK, the connection lasts until the response is returned. The Node.js SDK allows 50 connections by default. If the connection limit is reached, then the SDK queues the request locally until there is an available connection. The connection limit might be reached if you received the signature expired error, and the following actions are also true:
- The Lambda function isn't throttling.
- The client time is correct.
- (Node.js SDK only) The correctClockSkew:true option was set when creating the client to make sure that the time is corrected when invoking.
- The Lambda function's invoked at a high rate and runs for an extended period of time.
- The Lambda function's invoked at a high rate.
The SDK signs the request and then puts it in a queue pending an available connection. If the queue becomes too large and the request is pending for more than five minutes, then the signature expires. Any additional requests fail because the signature is expired.
To resolve this issue, consider using asynchronous invocation for Lambda if the response from the invocation isn't needed. This allows the SDK to use the connection only for invoking the request and won't wait for a response.
You can also increase the maximum number of connections allowed by the SDK.
Note: Additional connections allow the Lambda function to invoke at a higher rate, which might cause throttling.
Related information
Monitoring and troubleshooting Lambda applications
How do I troubleshoot Lambda function invocation timeout errors?
How to resolve this when you get this error while updating the lambda function from AWS SDK? Error: updating code for Lambda function: Signature expired: 20230512T173853Z is now earlier than 20230512T174113Z (20230512T174613Z - 5 min.)
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Hi there, thanks for this post, we have a bit of weird one, we are getting this error when called the CloudWatch SDK implying that we are calling it perhaps too much but we never saw this error when we were on aws-sdk v2 and are only seeing it since upgrading to v3. Has something changed in the way the SDK works that is only doing this in v3? Thanks
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked 10 months ago
- Accepted Answerasked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
