Mon Sep 20 2021·2 min read
Photo by Austin Schmid
There are 3 main reasons the
SignatureDoesNotMatch occurs in AWS CLI:
+characters) that cause the error, try to create a new key pair
To solve the "Request signature we calculated does not match the signature you provided" error we must first verify the configured secret access key and access key id are correct.
If you have configured the
environment variables, they have higher precedence than the values you've stored
in your credentials file.
To print the environment variables, run the commands that correspond to your operating system:
# Linux and macOS echo $AWS_ACCESS_KEY_ID echo $AWS_SECRET_ACCESS_KEY # on Windows with CMD echo %AWS_ACCESS_KEY_ID% echo %AWS_SECRET_ACCESS_KEY% # on Windows with PowerShell echo $Env:AWS_ACCESS_KEY_ID echo $Env:AWS_SECRET_ACCESS_KEY
If the environment variables are not set, verify the values of your
aws_secret_access_key variables in your credentials
The credentials file is located at
The syntax of the credentials file should look like:
[default] aws_access_key_id=YOUR_ACCESS_KEY_ID aws_secret_access_key=YOUR_SECRET_ACCESS_KEY [admin] aws_access_key_id=YOUR_ACCESS_KEY_ID aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
aws_secret_access_keyin single, nor double quotes.
Once you're sure that the values of your access key and secret access key are
correct, verify whether your secret access key contains any of the following
If your secret key contains one of these characters, the solution is to generate a new credentials key pair.
Open your IAM console and click on the user. In the
Security Credentials tab,
click on the
Create Access key button and update your configuration to use the
newly generated credentials.
After you generate the key, run the
aws configure command or update your
environment variables to the new keys.
SignatureDoesNotMatch error commonly happens if you're in a virtual
machine and the host's OS time does not match the guest's OS time.
If you're in an ubuntu virtual machine restart the
timedatectl service unit to
update the time to the current time:
sudo systemctl restart systemd-timesyncd.service
To verify the time was updated successfully, check the logs:
journalctl -xe | tail
I'll send you 1 email a week with links to all of the articles I've written that week