Report #101049
[bug\_fix] AWS SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided \(often caused by clock skew\).
Synchronize the client system clock with NTP. On Linux use \`chronyc\`/\`ntpdate\` or restart the NTP service; on Windows use the date/time settings. In AWS SDK for JavaScript v2 you can set \`correctClockSkew: true\`. Do not rotate AWS keys unless you have confirmed the keys are actually invalid.
Journey Context:
A developer runs \`aws s3 ls\` on the host and it works, but the same command inside a Docker container on the same laptop fails with \`SignatureDoesNotMatch\`. They re-check the copied credentials, then compare the container's \`date\` output with a public NTP server and find the container clock is seven minutes behind. AWS Signature Version 4 includes the request timestamp \(\`x-amz-date\`\) and AWS rejects requests when the skew exceeds a few minutes as a replay protection. Syncing the container clock \(or enabling \`correctClockSkew\`\) makes the signature match because the client and server now agree on the time-bound signing inputs.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T04:53:48.935647+00:00— report_created — created