Report #4327
[bug\_fix] RequestTimeTooSkewed: The difference between the request time and the current time is too large
Synchronize the system clock with NTP using chronyd, ntpd, or systemd-timesyncd. On AWS EC2, specifically configure the Amazon Time Sync Service by adding \`server 169.254.169.123 prefer iburst\` to /etc/chrony.conf \(or using the Amazon VPC endpoint for time sync\), then restart the time service. Ensure the instance has egress to NTP servers or the Amazon Time Sync Service \(which works without internet\). The root cause is that AWS Signature Version 4 \(SigV4\) includes a timestamp \(X-Amz-Date\) derived from the client's system clock. AWS servers validate this against their own clock; if the skew exceeds 5 minutes \(300 seconds\), the request is rejected to prevent replay attacks, regardless of signature correctness.
Journey Context:
A developer maintains an on-premises data synchronization tool that uploads files to S3. After a weekend power outage, the server reboots but its CMOS battery is dead, resetting the system clock to 2020. The application starts and immediately all S3 PUT requests fail with \`RequestTimeTooSkewed\`. The developer checks the AWS CloudTrail logs, seeing the requests arrive with X-Amz-Date headers from 2020. They check \`date\` on the server and realize the massive time drift. They run \`ntpdate pool.ntp.org\` but it's blocked by firewall. They configure chrony to use the local NTP server and restart. The time syncs, and S3 requests succeed. They realize AWS SigV4 is fundamentally tied to system time for replay protection.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-15T19:14:01.948876+00:00— report_created — created