How do I resolve the error "Connect timeout on endpoint URL" on Amazon SageMaker?
Last updated: 2022-07-29
When I try to connect to an AWS service from my Amazon SageMaker notebook, I get an error similar to the following:
"Connect timeout on endpoint URL: "https://athena.ap-southeast-2.amazonaws.com/"
To connect to AWS services, the notebook instance's subnet must have a virtual private cloud (VPC) endpoint for the service that you're connecting to. Or, the subnet must be able to reach the internet.
Use one of the following options to resolve "Connect timeout on endpoint URL" errors.
Add a VPC endpoint for the service to the notebook instance's subnet
When you choose this option, you don't have to create a new notebook instance. Many AWS services offer either an interface endpoint or a gateway endpoint. For more information, see VPC endpoints. If the AWS service that you're connecting to doesn't offer an interface or gateway endpoint, create a new notebook instance.
Create a new notebook instance
Choose one of the following configurations for a new notebook instance based on your security requirements:
- Create a new notebook instance with direct internet access enabled. This is the default option, regardless of whether or not you create the notebook instance in a VPC. For both VPC and non-VPC notebook instances, direct internet access is the easiest way to assure that a notebook instance can reach the public endpoint for the service that you're connecting to. When direct internet access is enabled, SageMaker provides a network interface that allows the notebook to communicate with the internet through a SageMaker-managed VPC. For more information, see Understanding Amazon SageMaker notebook instance networking configurations and advanced routing options.
- Create the notebook instance in a private subnet with direct internet access disabled. Then, add a NAT gateway to the subnet. The NAT gateway allows traffic to reach the public endpoint for the service that you're connecting to.