Setting the Time for Your Linux Instance
A consistent and accurate time reference is crucial for many server tasks and processes. Most system logs include a time stamp that you can use to determine when problems occur and in what order the events take place. If you use the AWS CLI or an AWS SDK to make requests from your instance, these tools sign requests on your behalf. If your instance's date and time are not set correctly, the date in the signature may not match the date of the request, and AWS rejects the request. Network Time Protocol (NTP) is configured by default on Amazon Linux instances, and the system time is synchronized with a load-balanced pool of public servers on the Internet and set to the UTC time zone. For more information about NTP, go to http://www.ntp.org/.
These procedures are intended for use with Amazon Linux. For more information about other distributions, see their specific documentation.
Changing the Time Zone
Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default, but you may wish to change the time on an instance to the local time or to another time zone in your network.
To change the time zone on an instance
Identify the time zone to use on the instance. The
/usr/share/zoneinfodirectory contains a hierarchy of time zone data files. Browse the directory structure at that location to find a file for your time zone.
ls /usr/share/zoneinfoAfrica Chile GB Indian Mideast posixrules US America CST6CDT GB-Eire Iran MST PRC UTC Antarctica Cuba GMT iso3166.tab MST7MDT PST8PDT WET Arctic EET GMT0 Israel Navajo right W-SU ...
Some of the entries at this location are directories (such as
America), and these directories contain time zone files for specific cities. Find your city (or a city in your time zone) to use for the instance. In this example, you can use the time zone file for Los Angeles,
/etc/sysconfig/clockfile with the new time zone.
/etc/sysconfig/clockfile with your favorite text editor (such as vim or nano). You need to use sudo with your editor command because
/etc/sysconfig/clockis owned by
ZONEentry, and change it to the time zone file (omitting the
/usr/share/zoneinfosection of the path). For example, to change to the Los Angeles time zone, change the
ZONEentry to the following.
Do not change the
UTC=trueentry to another value. This entry is for the hardware clock, and does not need to be adjusted when you're setting a different time zone on your instance.
Save the file and exit the text editor.
Create a symbolic link between
/etc/localtimeand your time zone file so that the instance finds the time zone file when it references local time information.
sudo ln -sf /usr/share/zoneinfo/
Reboot the system to pick up the new time zone information in all services and applications.
Configuring Network Time Protocol (NTP)
Network Time Protocol (NTP) is configured by default on Amazon Linux instances; however, an instance needs access to the Internet for the standard NTP configuration to work. In addition, your instance's security group rules must allow outbound UDP traffic on port 123 (NTP), and your network ACL rules must allow both inbound and outbound UDP traffic on port 123. The procedures in this section show how to verify that the default NTP configuration is working correctly. If your instance does not have access to the Internet, you need to configure NTP to query a different server in your private network to keep accurate time.
To verify that NTP is working properly
Use the ntpstat command to view the status of the NTP service on the instance.
If your output resembles the output below, then NTP is working properly on the instance.
synchronised to NTP server (22.214.171.124) at stratum 3 time correct to within 399 ms polling server every 64 s
If your output states, "
unsynchronised", wait a minute and try again. The first synchronization may take a minute to complete.
If your output states, "
Unable to talk to NTP daemon. Is it running?", you probably need to start the NTP service and enable it to automatically start at boot time.
(Optional) You can use the ntpq -p command to see a list of peers known to the NTP server and a summary of their state.
ntpq -premote refid st t when poll reach delay offset jitter ============================================================================== +lttleman.deekay 126.96.36.199 2 u 15 128 377 88.649 5.946 6.876 -bittorrent.tomh 188.8.131.52 3 u 133 128 377 182.673 8.001 1.278 *ntp3.junkemailf 184.108.40.206 2 u 68 128 377 29.377 4.726 11.887 +tesla.selinc.co 220.127.116.11 2 u 31 128 377 28.586 -1.215 1.435
If the output of this command shows no activity, check whether your security groups, network ACLs, or firewalls block access to the NTP port.
To start and enable NTP
Start the NTP service with the following command.
sudo service ntpd startStarting ntpd: [ OK ]
Enable NTP to start at boot time with the chkconfig command.
sudo chkconfig ntpd on
Verify that NTP is enabled with the following command.
sudo chkconfig --list ntpdntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Here ntpd is on in runlevels 2, 3, 4, and 5, which is correct.
To change NTP servers
You may decide not to use the standard NTP servers or you may need to use your own NTP server within your private network for instances that do not have Internet access.
/etc/ntp.conffile in your favorite text editor (such as vim or nano). You need to use sudo with the editor command because
/etc/ntp.confis owned by
serversection, which defines the servers to poll for NTP configuration.
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.amazon.pool.ntp.org iburst server 1.amazon.pool.ntp.org iburst server 2.amazon.pool.ntp.org iburst server 3.amazon.pool.ntp.org iburst
DNS records are intended to load balance NTP traffic from AWS. However, these are public NTP servers in the
pool.ntp.orgproject, and they are not owned or managed by AWS. There is no guarantee that they are geographically located near your instances, or even within the AWS network. For more information, see http://www.pool.ntp.org/en/.
Comment out the servers you don't want to use by adding a "
#" character to the beginning of those server definitions.
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.amazon.pool.ntp.org iburst
#server 1.amazon.pool.ntp.org iburst
#server 2.amazon.pool.ntp.org iburst
#server 3.amazon.pool.ntp.org iburst
Add an entry for each server to poll for time synchronization. You can use a DNS name for this entry or a dotted quad IP address (such as
Restart the NTP service to pick up the new servers.
sudo service ntpd startStarting ntpd: [ OK ]
Verify that your new settings work and that NTP is functioning.
ntpstatsynchronised to NTP server (18.104.22.168) at stratum 2 time correct to within 99 ms