I have provisioned a new EC2 instance using CloudFormation, and have set up the network ACL with the following rules:
  INBOUND
  100  HTTP (80)        TCP (6)  80          0.0.0.0/0  ALLOW
  102  SSH (22)         TCP (6)  22          0.0.0.0/0  ALLOW
  104  Custom TCP Rule  TCP (6)  1024-65535  0.0.0.0/0  ALLOW
  *    ALL Traffic      ALL      ALL         0.0.0.0/0  DENY
  OUTBOUND
  100  HTTP (80)        TCP (6)  80          0.0.0.0/0  ALLOW
  102  Custom TCP Rule  TCP (6)  1024-65535  0.0.0.0/0  ALLOW
  *    ALL Traffic      ALL      ALL         0.0.0.0/0  DENY
I have assigned an IAM role with following policy to the instance:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1427889375000",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket/*"
            ]
        }
    ]
}
When the instance starts, I can SSH in to it but when i run the following:
aws s3 ls s3://my-bucket
it just hangs. When I press CTRL+C I get the following stack trace:
Traceback (most recent call last):
  File "/usr/bin/aws", line 27, in <module>
    sys.exit(main())
  File "/usr/bin/aws", line 23, in main
    return awscli.clidriver.main()
  File "/usr/lib/python2.7/dist-packages/awscli/clidriver.py", line 50, in main
    return driver.main()
  File "/usr/lib/python2.7/dist-packages/awscli/clidriver.py", line 197, in main
    return command_table[parsed_args.command](remaining, parsed_args)
  File "/usr/lib/python2.7/dist-packages/awscli/customizations/commands.py", line 185, in __call__
    parsed_globals)
  File "/usr/lib/python2.7/dist-packages/awscli/customizations/commands.py", line 182, in __call__
    return self._run_main(parsed_args, parsed_globals)
  File "/usr/lib/python2.7/dist-packages/awscli/customizations/s3/subcommands.py", line 330, in _run_main
    self._list_all_objects(bucket, key, parsed_args.page_size)
  File "/usr/lib/python2.7/dist-packages/awscli/customizations/s3/subcommands.py", line 352, in _list_all_objects
    for response_data in iterator:
  File "/usr/lib/python2.7/dist-packages/botocore/paginate.py", line 70, in __iter__
    response = self._make_request(current_kwargs)
  File "/usr/lib/python2.7/dist-packages/botocore/paginate.py", line 116, in _make_request
    return self._method(**current_kwargs)
  File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 187, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 231, in _make_api_call
    operation_model, request_dict)
  File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 173, in make_request
    return self._send_request(request_dict, operation_model)
  File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 201, in _send_request
    request, operation_model, attempts)
  File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 231, in _get_response
    proxies=self.proxies, timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/adapters.py", line 370, in send
    timeout=timeout
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 518, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 322, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 727, in _validate_conn
    conn.connect()
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connection.py", line 204, in connect
    conn = self._new_conn()
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connection.py", line 134, in _new_conn
    (self.host, self.port), self.timeout, **extra_kw)
  File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/util/connection.py", line 78, in create_connection
    sock.connect(sa)
  File "/usr/lib64/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
KeyboardInterrupt
It looks like a network issue but I'm not sure what.
I can access the internet from the instance, which I confirmed with
[ec2-user@ip-10-1-1-100 aws-bootstrapping]$ curl -I www.google.com
HTTP/1.1 302 Found
Location: http://www.google.ie/?gws_rd=cr&ei=-eEbVc_ZIobm7gaW7YC4Bw
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=679f042abd7bfd64:FF=0:TM=1427890681:LM=1427890681:S=cJBdhGCXJhkFNjOk; expires=Fri, 31-Mar-2017 12:18:01 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=KgZ3BLHR3Nu08xwiXhQHX4n3hnj1ME4tXzHe8OGH0h6d1sPJwK1VVHi9soPkB_JY9PqAiuRvDQ1_7PA3wd5tYPATrwP5dCoCcqsInoxT-tbGWo37qcWl7aUHZNvCA0Cp; expires=Thu, 01-Oct-2015 12:18:01 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Wed, 01 Apr 2015 12:18:01 GMT
Server: gws
Content-Length: 258
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.5
If the aws command cannot be found after first installing or updating the AWS CLI, you might need to restart your terminal for it to recognize any PATH updates. If the aws command cannot be found after first installing or updating the AWS CLI, it might not have been fully installed.
To launch an Amazon EC2 instance using the AMI you selected, use the aws ec2 run-instances command. You can launch the instance into a virtual private cloud (VPC).
To validate a user's credentials with the AWS CLI, run the sts get-caller-identity command. The command returns details about the user's credentials if they are valid, otherwise it throws an error. Copied!
Use the describe-configuration-recorder-status command to check that the AWS Config has started recording the configurations of the supported AWS resources existing in your account. The recorded configurations are delivered to the specified delivery channel.
It looks like you don't allow SSL (443) traffic out. By default the AWS CLI connects to the AWS services via their SSL endpoints.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With