调用 Lambda 时出现“InvalidSignatureException: Signature expired”

Question

I have the following architecture:

S3 ---> S3 Notification ---> SQS ---> Lambda

Sometimes, I'm getting the following error message from the Lambda (of course the times are different):

"errorType": "Runtime.UnhandledPromiseRejection" 
"errorMessage": "InvalidSignatureException: Signature expired: 20221230T132433Z is now earlier than 20221230T132603Z (20221230T133103Z - 5 min.)"

I have a retry policy in the SQS, so when the error occurs, the message returns to the SQS, and the Lambda process it again. When it processes it again, the same message, it succeeds and is processed successfully.

Any idea why?

Answer 1

It's normal for the message to be processed successfully on the second attempt if the root cause of the "InvalidSignatureException: Signature expired" error was resolved in the meantime.

Here are some possible reasons why the error occurred on the first attempt but not on the second:

• The system clock on the device making the request was out of sync with the current time, and this issue was resolved in the meantime. I can also see some of the GitHub links where the issue has occurred, and it got resolved by making changes to the correctClockSkew option when constructing a service client.

Reference Links:

1. https://github.com/aws/aws-sdk-js/issues/2598
2. https://github.com/aws/aws-sdk-js/issues/527
3. https://github.com/aws/aws-sdk-java/blob/1.11.412/aws-java-sdk-core/src/main/java/com/amazonaws/http/AmazonHttpClient.java#L1333-L1337

• The request was made using a temporary security token that had expired, and this issue was resolved in the meantime.

• There was a transient issue with the AWS infrastructure that caused the error on the first attempt, but the issue was resolved on the second attempt.