Inconsistent AWS "Signature not current" errors from Cloudformation API

Question

I have a ruby client (fog) that makes a call to the AWS CloudFormation API. The client runs on an AWS EC2 instance. For months, the client has been running without issue, but in the last 2 weeks, I've been getting random authorization failures because of "Signature not current".

Here's some cherry-picked debug details from excon (the underlying library used by fog to make http calls).

request:

:headers => {
  "User-Agent"    => "fog/1.24.0"
  "x-amz-date"    => "20150326T152500Z"
}

excon.error.response

:headers       => {
  "Date"             => "Thu, 26 Mar 2015 15:19:28 GMT"
}
ERROR: Fog::AWS::CloudFormation::Error: SignatureDoesNotMatch => Signature not yet current: 20150326T152500Z is still later than 20150326T152429Z (20150326T151929Z + 5 min.)

Looks to me like a time sync error: the CFN API is responding with a 15:19:28 timestamp while the request on the client side (ec2 instance) has a time of 13:25:00 - just over 5 minutes ahead...

Assuming this is something that needs to be addressed by AWS... any suggestions for a workaround?

Answer 1

if Linux, Please check your ntp server is running in system or not.

service ntp start

service ntp status

Answer 2

Your server has some clock drift that is causing the request signature to be invalid, or at least, not valid yet.