TechQA.

AWS is out of sync with Israeli time - causing security errors

290 views Asked by At

When connecting with AWS service, the connection time should be max 15 minutes for security reasons.

This year in Israel, the winter clock change is postponed in about 2 months.

But amazon seems to not know about it, so if the correct israeli time is 14:00 PM, for amazon it is 13:00 PM.

This situation causes every request to the service to fail (S3 in particular)

  1. Option 1 is that amazon fixes it, but it may take time.

  2. Option 2 is to manually change the time on the server that makes the requests.

However, in my case, this is not possible because the server is a VM, and I don't have the privilege to change the time.

Is there another way to fix that? somehow to change the time on the server when connecting amazon service?

I'm using django with django-storages (boto) for connecting with S3

django amazon-web-services amazon-s3 clock django-storage
Original Q&A
3

There are 3 answers

2
dcro On BEST ANSWER

If S3 doesn't fix the issue and you don't want to adjust your server's time, you could compensate for the date difference by modifying the boto source code (see HmacAuthV1Handler->add_auth) or by monkey patching the original boto code.

0
Matt Johnson-Pint On

Israel's time zone changes are accounted for in the 2013d version of the IANA time zone database. In Python, this is implemented via pytz.

According to these docs, Django optionally uses pytz. You should therefore:

  • Make sure you are using pytz in Django.
  • Make sure you have the 2013d update to pytz.

You should also raise a support incident with Amazon if you haven't already. They really should be staying on top of the IANA TZDB updates on their operating systems.

1
Ryan Parman On

@YardenST: AWS only needs to know that the request was signed by you with the right timezone conversion on your end. Your server's software needs to handle the timezone conversion to UTC correctly. If you can't fix your server's time, then dcro has the right idea.

Matt Johnson said:

You should also raise a support incident with Amazon if you haven't already. They really should be staying on top of the IANA TZDB updates on their operating systems.

Yes, but YardenST never said he was running Amazon Linux on EC2. If he were, then yes, that would be the thing to do. But then again, you have root access to EC2 servers, so that's still a userland problem to update your packages.

Related Questions in DJANGO

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in CLOCK

Related Questions in DJANGO-STORAGE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions