Why am I receiving errors when using yum on my EC2 instance running Amazon Linux 1 or Amazon Linux 2?

Last updated: 2020-10-17

Why am I receiving errors when using yum on my Amazon Elastic Compute Cloud (Amazon EC2) instance running Amazon Linux 1 or Amazon Linux 2?

Short description

Use the output messages of the yum command to determine what error occurred. The following are common error messages:

  • Connection timed out XXX milliseconds
  • HTTP Error 403 - Forbidden
  • Could not resolve host: xxxxxxxxx.$awsregion.$awsdomain
  • HTTP Error 407 - Proxy Authentication Required
  • Resolving timed out after 5000 milliseconds

Resolution

Connection timed out XXXX milliseconds

1.    Verify that the security group attached to your EC2 instance allows outbound http/https traffic.

2.    Verify that the network ACLs associated with your EC2 instance's subnet allows outbound http/https traffic through your NACLs.

The following example shows a custom network ACL that allows outbound traffic on port 80 and 443:

Inbound rules
Rule#    Type                    Protocol    Port Range    Source        Allow/Deny
100      Custom TCP Rule         TCP (6)     1024-65535    0.0.0.0/0     ALLOW
101      Custom TCP Rule         TCP (6)     1024-65535    ::/0          ALLOW
*        ALL Traffic             ALL         ALL           ::/0          DENY
*        ALL Traffic             ALL         ALL           0.0.0.0/0     DENY
Outbound rules
Rule #    Type                   Protocol    Port Range    Source       Allow/Deny
100       HTTP (80)              TCP (6)     80            0.0.0.0/0    ALLOW
101       HTTPS (443)            TCP (6)     443           0.0.0.0/0    ALLOW
102       HTTP (80)              TCP (6)     80            ::/0         ALLOW
103       HTTPS (443)            TCP (6)     443           ::/0         ALLOW
*         ALL Traffic            ALL         ALL           ::/0         DENY
*         ALL Traffic            ALL         ALL           0.0.0.0/0    DENY

3.    Verify that your EC2 instance has access to Amazon Linux repositories using one of the following options

proxy=http://proxy-server-IP-address:proxy_port
proxy_username=proxy-user-name
proxy_password=proxy-password

Note: Replace proxy-port, proxy-user-name, and proxy-password with the correct values for your proxy.

4.    After configuring your instance using one of the preceding options, run the following telnet command to confirm that the instance can access the repository. In the following command, replace us-east-1 with your instance's Region.

Amazon Linux 1

telnet repo.us-east-1.amazonaws.com 80

Amazon Linux 2

telnet amazonlinux.us-east-1.amazonaws.com 80

HTTP Error 403 - Forbidden

1.    If you're using an S3 VPC endpoint in your instance's VPC, verify that the attached policy allows the s3:GetObject API call on the following resources:

Amazon Linux 1:

"arn:aws:s3:::packages.region.amazonaws.com/*"

"arn:aws:s3:::repo.region.amazonaws.com/*"

Amazon Linux 2:

"arn:aws:s3:::amazonlinux.region.amazonaws.com/*"

Note: Replace the Region in the preceding examples with your instance's Region.

2.    If you're using a proxy to access Amazon Linux repositories, verify that the sub-domains .amazonaws.com are on the allow list in your proxy configuration.

Could not resolve host: xxxxxxxx.$awsregion.$awsdomain"

1.    Run the following commands to verify that the directory /etc/yum/vars defines the custom yum variables. The directory must include the variables awsdomain and awsregion. In the following example command, replace us-east-1 with your instance's Region.

$ cat /etc/yum/vars/awsregion
us-east-1

$ cat /etc/yum/vars/awsdomain
amazonaws.com

2.    Verify the DNS resolution of your instance. The instance must resolve the domain name of the Amazon Linux repositories:

$ dig amazonlinux.us-east-1.amazonaws.com

$ dig repo.us-east-1.amazonaws.com

HTTP Error 407 - Proxy Authentication Required

This occurs if your proxy can't complete the request because yum doesn't have proper authentication credentials for your proxy server. To configure yum to use a proxy, modify the /etc/yum.conf file with the following parameters:

proxy=http://proxy-server-IP-address:proxy_port
proxy_username=proxy-user-name
proxy_password=proxy-password

Resolving timed out after 5000 milliseconds

Run the following command to verify that the /etc/resolv.conf file had the correct IP for your DNS server:

cat /etc/resolv.conf
nameserver YourDNSIP

Did this article help?


Do you need billing or technical support?