Search code examples
amazon-web-servicesdockertime

AWS InvalidSignatureException, Signature expired when running from docker container


I'm experiencing an issue where I am developing a program within a docker container, and out of nowhere I seem to be getting an issue with invalid signatures. The following exception is raised when I attempt to retrieve resources from AWS Secrets Manager (I do not believe the specific AWS service is relevant to the issue):

botocore.exceptions.ClientError: An error occurred (InvalidSignatureException) when calling the GetSecretValue operation: Signature expired: 20200505T192909Z is now earlier than 20200506T151410Z (20200506T151910Z - 5 min.)


Solution

  • This exception is known to happen when the client system's clock is out of sync with the clock AWS is synced with.

    To check the time of this container, I paused my program at a break point and checked the current time. Sure enough, it was off from the actual time!

    First thing to check:

    The first thing to check is your local system's time. If it's off, re-sync it and try again. That should fix the problem.

    1. This can be done on unix-like systems by using ntpd.
    2. Windows users can go to Start -> Settings -> Time & Language -> Date & Time -> Synchronize your clock

    Docker Desktop

    Users of Docker Desktop might still get the same error despite their local machine's time being synced.

    While it's true that docker containers will have synced time with their host, it is important to note that Docker Desktop runs a virtual machine for docker. With that said, the mac or windows machine is NOT the host, the VM is. This is the problem I was having. My windows desktop had a synced and up to date date/time, but the Docker Desktop VM was the problem.

    I was able to resolve this issue by restarting Docker Desktop.