Meaning
The request was signed incorrectly, so AWS cannot verify its authenticity.
Causes
- Incorrect access key/secret used to sign
- Mismatched region or service in the signing string
- Clock skew or modified request parameters
Fixes
- Confirm the access key and secret are correct
- Verify the region/service used in the signer
- Ensure the request is not modified after signing
Example
The request signature we calculated does not match the signature you provided.
FAQ
- Can clock skew cause this?
Yes. Large time drift can invalidate signatures. - Does changing headers after signing break it?
Yes. Any change to signed headers or params will fail.
Contact
Contact your AWS admin if you need help with signing configuration.