AWS Developer Tools Blog

Clock-skew correction

Clock skew is the difference in time between two computers. In the context of this blog post, it’s the difference between the time on a computer running your .NET application (client) and Amazon’s (server). If the client time is different from server time by more than about 15 minutes, the requests your application makes will be signed with the incorrect time, and the server will reject them with an InvalidSignatureException or similar error.

The solution to this problem is to correct your system clock, but unfortunately that isn’t always an option. The application may not have permissions to update the time, or the user may have set an incorrect time on purpose. The latest release of the AWS SDK for .NET includes a new feature to help out in this case: the SDK will now identify and correct for clock skew. This feature is enabled by default, so you don’t have to make any changes to your application.

For the most part, this process is transparent: the SDK will make a request, and if the server responds with a clock skew error, the SDK will calculate a clock offset (how much client time is different from server time) and will then retry the original request with the correct time. If you are interested in knowing the clock offset that the SDK calculated, the SDK stores this value in AWSConfigs.ClockOffset. You can also turn this feature on or off with the AWSConfigs.CorrectForClockSkew property or by using the below configuration, though disabling clock skew correction will of course result in the SDK throwing signature errors if there is clock skew on your system.

    <section name="aws" type="Amazon.AWSSection, AWSSDK" />
  <aws correctForClockSkew="true OR false" />