When I use an AWS SDK to invoke my AWS Lambda function, the function returns a "Signature expired" error.
Short description
When the client time and server time don't match, the Lambda signature expires, and you receive an error message similar to the following one:
"Error: native lambda error:InvalidSignatureException: Signature expired: 20230118T161739Z is now earlier than 20230118T161739Z (20190318T162239Z - 5 min.)"
An API request must reach AWS within 5 minutes of the timestamp in the request or AWS denies the request. In some scenarios, you can change the client time to match the server time.
Resolution
When you use an AWS SDK to synchronously invoke a Lambda function, the connection lasts until the response is returned. By default, the Node.js SDK allows 50 connections. If the connection quota is reached, then the SDK queues the request locally until a connection is available. If you receive the "Signature expired" error and the following actions are true, then the connection quota might be reached:
- The Lambda function isn't throttling.
- The client time is correct.
- (Node.js SDK only) You set the correctClockSkew:true option when you created the client so that the time is corrected when you invoke the function.
- You invoked the Lambda function at a high rate or, you invoked the Lambda function at a high rate and the invocation runs for an extended period of time.
The SDK signs the request, and then puts the request in a queue. If the queue becomes too large and the request is pending for more than 5 minutes, then the signature expires. Because the signature is expired, all additional requests fail.
If you don't need the response from the invocation, then use asynchronous invocation. Asynchronous invocation allows the SDK to use the connection only to invoke the request and doesn't wait for a response.
You can also use Top Level Await (TLA) in your application. Use TLA if you make API calls outside of a handler, and you receive SignatureDoesNotMatch exceptions when you use Node.js AWS SDK v3.
Or, increase the maximum number of connections that the SDK allows.
Note: When you add connections, the Lambda function invokes at a higher rate and can cause throttling.
Related information
Monitoring and troubleshooting Lambda applications
How do I troubleshoot Lambda function invocation timeout errors?
How do I determine if my Lambda function is timing out?