SignatureDoesNotMatch Error in AWS CLI [Solved]
Last updated: Feb 26, 2024
Reading time·3 min
# Table of Contents
- Solving SignatureDoesNotMatch Error in AWS CLI
- Verify your Credentials Are Correct
- Verify your Secret Key Doesn't Contain Special Characters
- Sync OS time if in Virtual Machine
# SignatureDoesNotMatch Error in AWS CLI [Solved]
There are 3 main reasons the SignatureDoesNotMatch occurs in AWS CLI:
- Your secret access key or access key id is incorrect.
- Your auto-generated secret access key contains special characters (e.g.
%,/, or+characters) that cause the error, try to create a new key pair. - You are in a virtual machine and there is a discrepancy between the host's OS time and the guest's OS time.
# Verify your Credentials are Correct
To solve the "Request signature we calculated does not match the signature you provided" error, we must first verify the configured secret access key and access key id are correct.
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, they have higher precedence than the values you've stored in your credentials file.To print the environment variables, run the commands that correspond to your operating system:
# on Linux and macOS echo $AWS_ACCESS_KEY_ID echo $AWS_SECRET_ACCESS_KEY # on Windows with CMD echo %AWS_ACCESS_KEY_ID% echo %AWS_SECRET_ACCESS_KEY% # on Windows with PowerShell echo $Env:AWS_ACCESS_KEY_ID echo $Env:AWS_SECRET_ACCESS_KEY
If the environment variables aren't set, verify the values of the
aws_access_key_id and aws_secret_access_key variables in your credentials
file.
The credentials file is located at ~/.aws/credentials on Linux and macOS, and
at C:\Users\USERNAME\.aws\credentials on Windows.
The syntax of the credentials file should look as follows.
[default] aws_access_key_id=YOUR_ACCESS_KEY_ID aws_secret_access_key=YOUR_SECRET_ACCESS_KEY [admin] aws_access_key_id=YOUR_ACCESS_KEY_ID aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
aws_access_key_id or aws_secret_access_key in single or double quotes.# Verify your Secret Key Doesn't Contain Special Characters
Once you're sure that the values of your access key and secret access key are
correct, verify whether your secret access key contains any of the following
characters: %, /, +.
Open your IAM console and click on the user. In the Security Credentials tab,
click on the Create Access key button and update your configuration to use the
newly generated credentials.
After you generate the key, run the aws configure command or update your
environment variables to the new keys.
# Sync OS time if in a Virtual Machine
The SignatureDoesNotMatch error commonly happens if you're in a virtual
machine and the host's OS time does not match the guest's OS time.
If you're in an Ubuntu virtual machine, restart the timedatectl service unit
to update the time to the current time.
sudo systemctl restart systemd-timesyncd.service
To verify the time was updated successfully, check the logs:
journalctl -xe | tail
# Additional Resources
You can learn more about the related topics by checking out the following tutorials:
- Get Access Key ID and Secret Access Key for AWS
- How to Get your Default Profile with AWS CLI
- Manage Multiple Accounts with the AWS CLI
- Set your Default Profile's Name in AWS CLI
- How to Clear your AWS CLI Credentials
- View your AWS CLI logs in Real Time (tail)
- How to turn off the Pager in AWS CLI
- Create a Role with AWS CLI - Complete Guide
- Create a Lambda Function with AWS CLI - Complete Guide
- AWS CDK Tutorial for Beginners - Step-by-Step Guide
- How to use Parameters in AWS CDK
