Configuring amazon-linux-extras epel on Amazon Linux 2 in a private subnet

Question

I have an EC2 in a private subnet with no external internet access. I need to pull in a package called proj from the EPEL repository.

Based on this documentation I should be able to run

sudo amazon-linux-extras install epel -y

This does configure the EPEL repository but whenever I run sudo yum install <PACKAGE> I get the following error message.

Cannot retrieve metalink for repository: epel/x86_64. Please verify its path and try again

Looking at /etc/yum.repos.d/epel.repo I see that there is a metalink reference pointing to a HTTPS site but I changed it to HTTP. Is this still attempting to reach out to the internet to retrieve certain files?

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=http://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch

Is there a way in AWS on an EC2 instance to point to somewhere internal within AWS that hosts the packages?

I also attempted to get a copy of the epel-release-latest-7.noarch.rpm uploaded to my EC2 instance and then ran sudo yum install epel-release-latest-7.noarch.rpm but I still am coming across a similar error message about the metalink.

I'm assuming this was just to configure the repo but it would still need to reach out to the public internet to pull in packages?

Answer 1

Is this still attempting to reach out to the internet to retrieve certain files?

Yes.

Is there a way in AWS on an EC2 instance to point to somewhere internal within AWS that hosts the packages?

No.

Normally what you do is to create a custom AMI with all the packages using an instance in a public subnet, and then create private instance using the AMI created. This way you do not need to connect to any repositories. Otherwise you have to setup NAT gateway to be able to access internet.