Timestamps and AWS
Making requests to AWS services requires that you use a timestamp, which represents the time at which you make the request. For security purposes, AWS requires a valid timestamp in the request in order to mitigate the risk of third-party request interception and unauthorized replay. AWS allows a five minute variance on the timestamp — in other words, the timestamp doesn't need to be exact. However, on mobile devices, it is possible for the time to be significantly out of sync. In these situations, calls to AWS will fail due to the timestamp being outside the allowable range. You are likely to get an exception, such as
RequestTimeTooSkewed or another message that indiciates that the time is out of sync with AWS. This post details how to address this issue when using the AWS Mobile SDKs.
The AWS Mobile SDKs provide a feature that allows you to adjust the timestamp when making an AWS request. Therefore, if you determine that the device is not using the exact time, you can adjust the timestamp accordingly. Below, we demonstrate the code necessary to adjust the timestamp for both the AWS SDK for Android and the AWS SDK for iOS.
The SDK for iOS includes a helper class
AmazonSDKUtil, which includes two methods for getting and setting the current clock skew for the runtime. The method
setRuntimeClockSkew is passed an
NSTimeInterval that indicates the number of seconds ahead or behind your local clock is relative to AWS. The method
getRuntimeClockSkew returns the current clock skew adjustment value. For example, if the local device time was an hour ahead, setting the clock skew as follows still allows requests to AWS to succeed:
If the local device time were behind an hour, then the following code would resolve the issue:
The SDK for Android has a similar mechanism that allows you to adjust the timestamp sent to AWS. However, for the SDK for Android, adjusting the clock skew is done on a per service client basis. Therefore, for each service you make requests against, you need to invoke the
setTimeOffset method on the client. For example, if local time is ahead, use the following:
AmazonS3Client s3Client = new AmazonS3Client(); s3Client.setTimeOffset( 3600 );
Otherwise, if the local device time is behind, use the following:
AmazonS3Client s3Client = new AmazonS3Client(); s3Client.setTimeOffset( -3600 );
For both AWS Mobile SDKs, specifying a positive number indicates that your local device time is ahead, whereas a negative value indicates that the device time is behind. Remember, using this feature in either SDK is necessary only when the local time is off by more than five minutes.
Please let us know if this helped by leaving a comment below.
The SDKs now automatically set the offset or clock skew for most operations, see our new post for information.