Handling Dates in Signature Version 4
The date that you use as part of your credential scope must match the date of your request.
You can include the date as part of your request in several ways. You can use a
date header, an
x-amz-date header or include
x-amz-date as a query parameter. For example requests, see Examples of the Complete Version 4 Signing
The time stamp must be in UTC and in the following ISO 8601 format: YYYYMMDD'T'HHMMSS'Z'.
20150830T123600Z is a valid time stamp. Do not include milliseconds
in the time stamp.
AWS first checks the
header or parameter for a
time stamp. If AWS can't find a value for
x-amz-date, it looks for the
date header. AWS then checks the credential scope for an eight-digit string
representing the year (YYYY), month (MM), and day (DD) of the request. For example, if the
header value is
20111015T080000Z and the
date component of the credential scope is
20111015, AWS allows the
authentication process to proceed.
If the dates don't match, AWS rejects the request, even if the time stamp is only
seconds away from the date in the credential scope. For example, AWS will reject a request
that has an
header value of
and a credential scope that has the date