Amazon Elastic Compute Cloud
User Guide for Linux Instances

Setting the Time for Your Linux Instance

A consistent and accurate time reference is crucial for many server tasks and processes. Most system logs include a time stamp that you can use to determine when problems occur and in what order the events take place. If you use the AWS CLI or an AWS SDK to make requests from your instance, these tools sign requests on your behalf. If your instance's date and time are not set correctly, the date in the signature may not match the date of the request, and AWS rejects the request. Network Time Protocol (NTP) is configured by default on Amazon Linux instances, and the system time is synchronized with a load-balanced pool of public servers on the Internet and set to the UTC time zone. For more information about NTP, go to


These procedures are intended for use with Amazon Linux. For more information about other distributions, see their specific documentation.

Changing the Time Zone

Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default, but you may wish to change the time on an instance to the local time or to another time zone in your network.

To change the time zone on an instance

  1. Identify the time zone to use on the instance. The /usr/share/zoneinfo directory contains a hierarchy of time zone data files. Browse the directory structure at that location to find a file for your time zone.

    [ec2-user ~]$ ls /usr/share/zoneinfo
    Africa      Chile    GB         Indian       Mideast   posixrules  US
    America     CST6CDT  GB-Eire    Iran         MST       PRC         UTC
    Antarctica  Cuba     GMT  MST7MDT   PST8PDT     WET
    Arctic      EET      GMT0       Israel       Navajo    right       W-SU

    Some of the entries at this location are directories (such as America), and these directories contain time zone files for specific cities. Find your city (or a city in your time zone) to use for the instance. In this example, you can use the time zone file for Los Angeles, /usr/share/zoneinfo/America/Los_Angeles.

  2. Update the /etc/sysconfig/clock file with the new time zone.

    1. Open the /etc/sysconfig/clock file with your favorite text editor (such as vim or nano). You need to use sudo with your editor command because /etc/sysconfig/clock is owned by root.

    2. Locate the ZONE entry, and change it to the time zone file (omitting the /usr/share/zoneinfo section of the path). For example, to change to the Los Angeles time zone, change the ZONE entry to the following.



      Do not change the UTC=true entry to another value. This entry is for the hardware clock, and does not need to be adjusted when you're setting a different time zone on your instance.

    3. Save the file and exit the text editor.

  3. Create a symbolic link between /etc/localtime and your time zone file so that the instance finds the time zone file when it references local time information.

    [ec2-user ~]$ sudo ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
  4. Reboot the system to pick up the new time zone information in all services and applications.

    [ec2-user ~]$ sudo reboot

Configuring Network Time Protocol (NTP)

Network Time Protocol (NTP) is configured by default on Amazon Linux instances; however, an instance needs access to the Internet for the standard NTP configuration to work. In addition, your instance's security group rules must allow outbound UDP traffic on port 123 (NTP), and your network ACL rules must allow both inbound and outbound UDP traffic on port 123. The procedures in this section show how to verify that the default NTP configuration is working correctly. If your instance does not have access to the Internet, you need to configure NTP to query a different server in your private network to keep accurate time.

To verify that NTP is working properly

  1. Use the ntpstat command to view the status of the NTP service on the instance.

    [ec2-user ~]$ ntpstat

    If your output resembles the output below, then NTP is working properly on the instance.

    synchronised to NTP server ( at stratum 3
       time correct to within 399 ms
       polling server every 64 s

    If your output states, "unsynchronised", wait a minute and try again. The first synchronization may take a minute to complete.

    If your output states, "Unable to talk to NTP daemon. Is it running?", you probably need to start the NTP service and enable it to automatically start at boot time.

  2. (Optional) You can use the ntpq -p command to see a list of peers known to the NTP server and a summary of their state.

    [ec2-user ~]$ ntpq -p
         remote           refid      st t when poll reach   delay   offset  jitter
    +lttleman.deekay     2 u   15  128  377   88.649    5.946   6.876
    -bittorrent.tomh      3 u  133  128  377  182.673    8.001   1.278
    *ntp3.junkemailf  2 u   68  128  377   29.377    4.726  11.887     2 u   31  128  377   28.586   -1.215   1.435

    If the output of this command shows no activity, check whether your security groups, network ACLs, or firewalls block access to the NTP port.

To start and enable NTP

  1. Start the NTP service with the following command.

    [ec2-user ~]$ sudo service ntpd start
    Starting ntpd:                                             [  OK  ]
  2. Enable NTP to start at boot time with the chkconfig command.

    [ec2-user ~]$ sudo chkconfig ntpd on
  3. Verify that NTP is enabled with the following command.

    [ec2-user ~]$ sudo chkconfig --list ntpd
    ntpd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off

    Here ntpd is on in runlevels 2, 3, 4, and 5, which is correct.

To change NTP servers

You may decide not to use the standard NTP servers or you may need to use your own NTP server within your private network for instances that do not have Internet access.

  1. Open the /etc/ntp.conf file in your favorite text editor (such as vim or nano). You need to use sudo with the editor command because /etc/ntp.conf is owned by root.

  2. Find the server section, which defines the servers to poll for NTP configuration.

    # Use public servers from the project.
    # Please consider joining the pool (
    server iburst
    server iburst
    server iburst
    server iburst


    The DNS records are intended to load balance NTP traffic from AWS. However, these are public NTP servers in the project, and they are not owned or managed by AWS. There is no guarantee that they are geographically located near your instances, or even within the AWS network. For more information, see

  3. Comment out the servers you don't want to use by adding a "#" character to the beginning of those server definitions.

    # Use public servers from the project.
    # Please consider joining the pool (
    #server iburst
    #server iburst
    #server iburst
    #server iburst
  4. Add an entry for each server to poll for time synchronization. You can use a DNS name for this entry or a dotted quad IP address (such as

    server iburst
  5. Restart the NTP service to pick up the new servers.

    [ec2-user ~]$ sudo service ntpd start
    Starting ntpd:                                             [  OK  ]
  6. Verify that your new settings work and that NTP is functioning.

    [ec2-user ~]$ ntpstat
    synchronised to NTP server ( at stratum 2
       time correct to within 99 ms