签名已过期:现在早于错误:InvalidSignatureException [英] Signature expired: is now earlier than error : InvalidSignatureException
问题描述
我正在尝试一个有关AWS API Gateway和IAM授权的小例子。 AWS API Gateway生成了以下端点:
I am trying a small example with AWS API Gateway and IAM authorization. The AWS API Gateway generated the below Endpoint :
https://xyz1234.execute-api.us-east-2.amazonaws.com/Users/users
具有POST操作且没有参数。
with POST action and no parameters.
最初,我已为此POST方法关闭了IAM,然后我使用了邮递员验证了它的结果。
然后,我创建了一个新的IAM用户,并向该用户附加了AmazonAPIGatewayInvokeFullAccess策略,从而授予了调用任何API的权限。为POST方法启用IAM。
Initially I had turned off the IAM for this POST Method and I verified results using Postman it works. Then I created a new IAM User and attached AmazonAPIGatewayInvokeFullAccess Policy to the user thereby giving permission to invoke any API's. Enabled the IAM for the POST Method.
然后我去了邮递员-并添加了带有AccessKey,秘密密钥,AWS区域的授权为 us-east -2 和服务名称为 execute-api 并尝试执行请求,但我收到InvalidSignatureException错误,返回403。
I then went to Postman - and added Authorization with AccessKey, Secret Key, AWS Region as us-east-2 and Service Name as execute-api and tried to execute the Request but I got InvalidSignatureException Error with 403 as return code.
正文包含以下消息:
Signature expired: 20170517T062414Z is now earlier than 20170517T062840Z (20170517T063340Z - 5 min.)"
我缺少什么?
推荐答案
使用AWS sigV4签名的请求包含创建签名的时间戳,签名仅在创建后的短时间内有效(限制了尝试重播攻击的时间。)
A request signed with AWS sigV4 includes a timestamp for when the signature was created. Signatures are only valid for a short amount of time after they are created. (This limits the amount of time that a replay attack can be attempted.)
当签名被验证时,时间戳与当前时间进行比较。签名不是最近创建的,然后签名验证失败,并显示您提到的错误消息。
When the signature is validated the timestamp is compared to the current time. If this indicates that the signature was not created recently, then signature validation fails with the error message you mentioned.
常见的原因是主机上的本地时钟生成签名时关闭时间超过几分钟。
A common cause of this is when the local clock on the host generating the signature is off by more than a couple of minutes.
这篇关于签名已过期:现在早于错误:InvalidSignatureException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
