I was playing yesterday with Eucalyptus Public Cloud, which is an Open Source project, that gives free access to some of the resources of their cloud where you can get a taste of Amazon’s EC2 tools. Having configured the environment of my system, I tried to retrieve the list of the available zones on which I could deploy some of Eucalyptus’ virtual machines. However, the first few tries returned a timestamp problem:
$ ec2-describe-availability-zones Server: An error was discovered processing the header. (WSSecurityEngine: Invalid timestamp The security semantics of message have expired)
So it looked like there was an issue between the timing of my system against that of the server. I decided to synchronise my system with an NTP server. There was indeed something more than five minutes difference between my system’s manual time and that of the NTP sever:
$ date Tue 12 May 2009 18:52:22 BST
$ date Tue 12 May 2009 18:57:37 BST
One more try to fetch the list:
$ ec2-describe-availability-zones AVAILABILITYZONE epc mayhem9.cs.ucsb.edu
It worked this time. As mentioned here “each message sent by the client contains a time-stamp. The server refuses messages sent more than five minutes ago. This is to prevent replay attacks (where an attacker gets hold of a valid message and then sends it again later)“.