I have a simple Node app which sends messages to AWS SQS. For local development I am providing AWS SDK with region, queueUrl, accessKeyId, secretAccessKey.

Everything works fine until I dockerise the app and run as a container. Then whenever SQS wants to do something I get the following error

{ SignatureDoesNotMatch: Signature expired: 20161211T132303Z is now earlier than 20161211T142227Z (20161211T143727Z - 15 min.)

If I add correctClockSkew: true it corrects the problem.

What is docker doing to require the correctClockSkew: true but not when running Node in MacOS

Node app

process.env.TZ = 'Europe/London';
const AWS = require('aws-sdk');

AWS.config.update({
  region: 'eu-west-1',
  correctClockSkew: true //this has to be set when running inside a docker container?
});

const sqs = new AWS.SQS({
  apiVersion: '2012-11-05',
});

sqs.sendMessage({
  QueueUrl: 'https://sqs.eu-west-1.amazonaws.com/522682236448/logback-paddle-prod-errors',
  MessageBody: 'HelloSQS',
}, (err, data) => {
  if (err) throw err;
});

Dockerfile

FROM node
RUN mkdir -p /usr/lib/app
WORKDIR /usr/lib/app
COPY app/ /usr/lib/app/
RUN npm install
CMD ["node", "index.js"]

docker run -d user/image

Edit

Originally I created the question because I kept getting AWS incorrect time errors, now I am getting it with ElasticSearch too. Why is my container reliably out of sync with the host by about 15 mins.

Docker runs inside of a VM on Windows and MacOS, and the clock of that VM can get out of sync with that of your laptop's OS. There are quite a few solutions I've seen, mostly one off commands including:

docker run -it --rm --privileged --pid=host debian nsenter -t 1 -m -u -n -i date -u $(date -u +%m%d%H%M%Y)

And from this answer there's:

docker-machine ssh default "sudo date -u $(date -u +%m%d%H%M%Y)"

The best solution I've seen for this is to run an ntp container in privledged mode so it can constantly adjust the time on your docker host:

docker run -d --restart unless-stopped --name ntp --privileged tutum/ntpd

See the docker hub repo for more details: https://hub.docker.com/r/tutum/ntpd/