Handling Dates in Signature Version 4
The date that you use as part of your credential scope must match the date of your
request. You can include the date as part of your request in several ways. You can
use a
date header, an x-amz-date header or include
x-amz-date as a query parameter. For example requests, see Examples of the Complete Version 4 Signing
Process (Python).
The time stamp must be in UTC and in the following ISO 8601 format: YYYYMMDD'T'HHMMSS'Z'.
For example, 20150830T123600Z is a valid time stamp. Do not include milliseconds
in the time stamp.
AWS first checks the x-amz-datex-amz-date, it looks for the
date header. AWS then checks the credential scope for an eight-digit string
representing the year (YYYY), month (MM), and day (DD) of the request. For example,
if the
x-amz-date20111015T080000Z and the
date component of the credential scope is 20111015, AWS allows the
authentication process to proceed.
If the dates don't match, AWS rejects the request, even if the time stamp is only
seconds away from the date in the credential scope. For example, AWS will reject a
request
that has an x-amz-date20151014T235959Z
and a credential scope that has the date 20151015.
