Not able to download code deploy agent on aws linux ami

Question

I am trying to download the aws codedeploy agent on amazon linux ami. But it does not work. I made sure that role to access s3(full access) has been attached to the EC2 instance. Please find the command below:

wget https://aws-codedeploy-us-east-1.s3.us-east-1.amazonaws.com/latest/install

--2020-07-25 03:59:12--  (try: 2)  https://aws-codedeploy-us-east-1.s3.us-east-1.amazonaws.com/latest/install
Connecting to aws-codedeploy-us-east-1.s3.us-east-1.amazonaws.com (aws-codedeploy-us-east-1.s3.us-east-1.amazonaws.com)|52.216.248.88|:443... failed: Connection timed out.
Retrying.

aws s3 cp s3://aws-codedeploy-us-east-2.s3.us-east-2.amazonaws.com/latest/install . --region=us-east-2

Also, noticed that aws-cli command to list s3 buckets is not working aws s3 ls What could be wrong ?

Thanks

Answer 1

You are not able to connect to S3, there are many possible reasons these are detailed below:

• Ensure your security group allows outbound access to HTTPS (port 443) if you have restricted outbound access. By default all outbound access is allowed.
• If you have attached a non-default NACL to your instances subnet ensure that its outbound rules support port 443 as well as the ephemeral ports.
• If your instance is using a public IP address ensure its route table has an internet gateway for the 0.0.0.0/0 route (and ::/0 if you support IPv6).
• If your instance is private then ensure you have a NAT gateway/NAT instance in place and attached to its subnets route table for the 0.0.0.0/0 route (and ::/0 if you support IPv6).
• If you're trying to restrict public internet connection, instead use a VPC Endpoint for S3 and associate with your instances subnet.