A consistent and accurate time reference is crucial for many server tasks and processes. Most system logs include a time stamp that you can use to determine when problems occur and in what order the events take place. If you use the AWS CLI, EC2 CLI, or an AWS SDK to make requests from your instance, these tools sign requests on your behalf. If your instance's date and time are not set correctly, the date in the signature may not match the date of the request, and AWS rejects the request. Network Time Protocol (NTP) is configured by default on Amazon Linux instances, and the system time is synchronized with a load-balanced pool of public servers on the Internet and set to the UTC time zone. For more information about NTP, go to http://www.ntp.org/.
These procedures are intended for use with Amazon Linux. For more information about other distributions, see their specific documentation.
Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default, but you may wish to change the time on an instance to the local time or to another time zone in your network.
To change the time zone on an instance
Identify the time zone to use on the instance. The
/usr/share/zoneinfo directory contains a hierarchy
of time zone data files. Browse the directory structure at that location to
find a file for your time
ls /usr/share/zoneinfoAfrica Chile GB Indian Mideast posixrules US America CST6CDT GB-Eire Iran MST PRC UTC Antarctica Cuba GMT iso3166.tab MST7MDT PST8PDT WET Arctic EET GMT0 Israel Navajo right W-SU ...
of the entries at this location are directories (such as
America), and these directories contain time zone
files for specific cities. Find your city (or a city in your time zone) to
use for the instance. In this example, you can use the time zone file for
/etc/sysconfig/clock file with the new
/etc/sysconfig/clock file with your
favorite text editor (such as vim or
nano). You need to use
sudo with your editor command because
/etc/sysconfig/clock is owned by
ZONE entry, and change it to the
time zone file (omitting the
/usr/share/zoneinfo section of the path).
For example, to change to the Los Angeles time zone, change the
ZONE entry to the
Save the file and exit the text editor.
Create a symbolic link between
your time zone file so that the instance finds the time zone file when it
references local time
sudo ln -sf /usr/share/zoneinfo/
Reboot the system to pick up the new time zone information in all services and applications.
Network Time Protocol (NTP) is configured by default on Amazon Linux instances; however, an instance needs access to the Internet for the standard NTP configuration to work. Your instance's security group must also allow outbound UDP traffic on port 123 (NTP). The procedures in this section show how to verify that the default NTP configuration is working correctly. If your instance does not have access to the Internet, you need to configure NTP to query a different server in your private network to keep accurate time.
To verify that NTP is working properly
Use the ntpstat command to view the status of the NTP service on the instance.
If your output resembles the output below, then NTP is working properly on the instance.
synchronised to NTP server (188.8.131.52) at stratum 3 time correct to within 399 ms polling server every 64 s
your output states, "
unsynchronised", wait a minute and try
again. The first synchronization may take a minute to complete.
If your output states, "
Unable to talk to NTP daemon. Is it
running?", you probably need to start the NTP service and enable it to
automatically start at boot time.
(Optional) You can use the ntpq -p command to see a list of peers known to the NTP server and a summary of their state.
ntpq -premote refid st t when poll reach delay offset jitter ============================================================================== +lttleman.deekay 184.108.40.206 2 u 15 128 377 88.649 5.946 6.876 -bittorrent.tomh 220.127.116.11 3 u 133 128 377 182.673 8.001 1.278 *ntp3.junkemailf 18.104.22.168 2 u 68 128 377 29.377 4.726 11.887 +tesla.selinc.co 22.214.171.124 2 u 31 128 377 28.586 -1.215 1.435
If the output of this command shows no activity, check whether your security groups, network ACLs, or firewalls block access to the NTP port.
To start and enable NTP
Start the NTP service with the following command.
sudo service ntpd startStarting ntpd: [ OK ]
Enable NTP to start at boot time with the chkconfig command.
sudo chkconfig ntpd on
Verify that NTP is enabled with the following command.
sudo chkconfig --list ntpdntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Here ntpd is on in runlevels 2, 3, 4, and 5, which is correct.
To change NTP servers
You may decide not to use the standard NTP servers or you may need to use your own NTP server within your private network for instances that do not have Internet access.
/etc/ntp.conf file in your favorite text editor
(such as vim or nano). You need to use
sudo with the editor command because
/etc/ntp.conf is owned by
server section, which defines the servers to poll for
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.amazon.pool.ntp.org iburst server 1.amazon.pool.ntp.org iburst server 2.amazon.pool.ntp.org iburst server 3.amazon.pool.ntp.org iburst
DNS records are intended to load balance NTP traffic from AWS. However,
these are public NTP servers in the
and they are not owned or managed by AWS. There is no guarantee that they
are geographically located near your instances, or even within the AWS
network. For more information, see http://www.pool.ntp.org/en/.
Comment out the servers you don't want to use by adding a "
character to the beginning of those server
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.amazon.pool.ntp.org iburst
#server 1.amazon.pool.ntp.org iburst
#server 2.amazon.pool.ntp.org iburst
#server 3.amazon.pool.ntp.org iburst
Add an entry for each server to poll for time synchronization. You can use a DNS
name for this entry or a dotted quad IP address (such as
Restart the NTP service to pick up the new servers.
sudo service ntpd startStarting ntpd: [ OK ]
Verify that your new settings work and that NTP is functioning.
ntpstatsynchronised to NTP server (126.96.36.199) at stratum 2 time correct to within 99 ms