How can I troubleshoot the "Could not connect to the endpoint URL" error when I run the sync command on my Amazon S3 bucket?

Last updated: 2020-12-23

I'm trying to run the cp or sync command on my Amazon Simple Storage Service (Amazon S3) bucket. However, I'm getting the "Could not connect to the endpoint URL" error message. How can I troubleshoot this?

Short description

To run the cp or sync commands using the AWS Command Line Interface (AWS CLI), your machine must connect to the correct Amazon S3 endpoints. Otherwise, you get the "Could not connect to the endpoint URL" error message.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent AWS CLI version.

To troubleshoot this error, check the following:

  • Confirm that you're using the correct AWS Region and Amazon S3 endpoint.
  • Verify that your network can connect to those Amazon S3 endpoints.
  • Verify that your DNS can resolve to those Amazon S3 endpoints.
  • If you're seeing this error on an Amazon Elastic Compute Cloud (Amazon EC2) instance, then check the Amazon Virtual Private Cloud (Amazon VPC) configuration.

Resolution

Confirm that you're using the correct AWS Region and Amazon S3 endpoint

When you run a command using the AWS CLI, API requests are sent to the default AWS Region's S3 endpoint. Or, API requests are sent to a Region-specific S3 endpoint when the Region is specified in the command. Then, the AWS CLI can redirect the request to the bucket's Regional S3 endpoint.

You can get the "Could not connect to the endpoint URL" error if there's a typo or error in the specified Region or endpoint.

For example, the following command results in the error because there's an extra "e" in the endpoint name:

aws s3 cp filename s3://DOC-EXAMPLE-BUCKET/ --endpoint-url https://s3-acceleratee.amazonaws.com

Before you run the cp or sync command, be sure to confirm that the associated Region and S3 endpoint are written correctly.

Note: If you're using Amazon S3 Transfer Acceleration, see Getting started with Amazon S3 Transfer Acceleration for the endpoint name.

Verify that your network can connect to the S3 endpoints

Confirm that your network's firewall allows traffic to the Amazon S3 endpoints on the port that you're using for Amazon S3 traffic.

For example, the following telnet command tests the connection to the ap-southeast-2 Regional S3 endpoint on port 443:

Note: Be sure to replace the Regional endpoint and the port (443 or 80) with the values associated with your use case.

telnet s3.ap-southeast-2.amazonaws.com 443

Verify that your DNS can resolve to the S3 endpoints

To confirm that your DNS can resolve to the Amazon S3 endpoints, you can use a DNS query tool such as nslookup or ping. The following example uses nslookup:

nslookup s3.amazonaws.com

The following example uses ping to confirm that the DNS resolves to the S3 endpoint:

ping s3.amazonaws.com

If your DNS can't resolve to the S3 endpoints, then you must troubleshoot your DNS configuration. If Amazon Route 53 is your DNS provider, then see Troubleshooting Amazon Route 53.

If you're seeing this error on an EC2 instance, check the VPC configuration

If the EC2 instance is in a public subnet:

If the EC2 instance is in a private subnet:

  • Check if there is a network address translation (NAT) gateway associated with the route table of the subnet. The NAT gateway provisions an internet path to reach the Amazon S3 endpoint.
  • If you're using a VPC endpoint for Amazon S3, then verify that the correct Region is set in the AWS CLI config file. VPC endpoints for Amazon S3 are Region-specific. If you run a sync command using --region us-west-1 when the VPC endpoint is in a different Region, then the CLI contacts https://s3.us-west-1.amazonaws.com. This results in the "Could not connect to the endpoint URL" error.

Did this article help?


Do you need billing or technical support?