Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Middy Secret manager middleware fails with InvalidSignatureException error #1271

Open
hashk99 opened this issue Jan 16, 2025 · 1 comment
Open

Middy Secret manager middleware fails with InvalidSignatureException error #1271

hashk99 opened this issue Jan 16, 2025 · 1 comment
Labels
bug

Comments

@hashk99
Copy link

hashk99 commented Jan 16, 2025

Describe the bug
Middy Secret manager middleware fails with InvalidSignatureException error.
Signature expired: 20250116T095814Z is now earlier than 20250116T095815Z (20250116T100315Z - 5 min.

  • Error happens in complete random scenarios
  • It happens on both cold start and warm functions
  • Executing the same lambda function again sometimes throw the same error but sometimes works fine.
  • Function doesn't manipulate the clock.

To Reproduce
How to reproduce the behaviour:

  1. Lambda function used for a REST API
  2. import secretsManager from '@middy/secrets-manager'
  3. secretsManager({ fetchData: {keys_here}, setToContext: true, })
  4. Error Error: Failed to resolve internal values\n at getInternal (file:///var/task/node_modules/@middy/util/index.js:83:11)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async secretsManagerMiddlewareBefore (file:///var/task/node_modules/@middy/secrets-manager/index.js:103:20)\n at async runMiddlewares (file:///var/task/node_modules/@middy/core/index.js:230:17)\n at async runRequest (file:///var/task/node_modules/@middy/core/index.js:154:5)
  5. Error cause { "output": "<_HttpResponse>", "parsedBody": { "__type": "InvalidSignatureException", "message": "Signature expired: 20250116T095814Z is now earlier than 20250116T095815Z (20250116T100315Z - 5 min.)" }, "errorCode": "InvalidSignatureException" }

Expected behaviour
Fetch secrets from the secret manager without a failure

Environment :

  • Node.js: 20
  • Middy: 5.5.1
  • "@middy/secrets-manager": "5.5.1"
  • AWS SDK: "3.709.0"
  • @aws-sdk/client-secrets-manager": "3.709.0"
@hashk99 hashk99 added the bug label Jan 16, 2025
@willfarrell
Copy link
Member

This has been reported in the past. Thought at the time is that it's an aws issue because we don't mess with signatures to AWS services. The secrets-manager middleware is just a wrapper around GetSecretValueCommand. Perhaps opening a ticket for the AWS SDK is in order.

We added in a function, catchInvalidSignatureException, to catch this type of error and do one retry and that seems to solve it for most people. Not sure what else middy can do to address this.

Ref: https://github.com/middyjs/middy/blob/main/packages/util/index.js#L144-L149

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willfarrell @hashk99