Setting the Time for Your Linux Instance

A consistent and accurate time reference is crucial for many server tasks and processes. Most system logs include a time stamp that you can use to determine when problems occur and in what order the events take place. If you use the AWS CLI or an AWS SDK to make requests from your instance, these tools sign requests on your behalf. If your instance's date and time are not set correctly, the date in the signature may not match the date of the request, and AWS rejects the request. Network Time Protocol (NTP) is configured by default on Amazon Linux instances, and the system time is synchronized with a load-balanced pool of public servers on the Internet and set to the UTC time zone. For more information about NTP, go to http://www.ntp.org/.

Tasks

Changing the Time Zone
Configuring Network Time Protocol (NTP)

Important

These procedures are intended for use with Amazon Linux. For more information about other distributions, see their specific documentation.

Changing the Time Zone

Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default, but you may wish to change the time on an instance to the local time or to another time zone in your network.

To change the time zone on an instance

Identify the time zone to use on the instance. The /usr/share/zoneinfo directory contains a hierarchy of time zone data files. Browse the directory structure at that location to find a file for your time zone.
```
Copy
[ec2-user ~]$ ls /usr/share/zoneinfo
Africa      Chile    GB         Indian       Mideast   posixrules  US
America     CST6CDT  GB-Eire    Iran         MST       PRC         UTC
Antarctica  Cuba     GMT        iso3166.tab  MST7MDT   PST8PDT     WET
Arctic      EET      GMT0       Israel       Navajo    right       W-SU
...
```
Some of the entries at this location are directories (such as America), and these directories contain time zone files for specific cities. Find your city (or a city in your time zone) to use for the instance. In this example, you can use the time zone file for Los Angeles, /usr/share/zoneinfo/America/Los_Angeles.
Update the /etc/sysconfig/clock file with the new time zone.
1. Open the /etc/sysconfig/clock file with your favorite text editor (such as vim or nano). You need to use sudo with your editor command because /etc/sysconfig/clock is owned by root.
2. Locate the ZONE entry, and change it to the time zone file (omitting the /usr/share/zoneinfo section of the path). For example, to change to the Los Angeles time zone, change the ZONE entry to the following.
```
Copy
ZONE="America/Los_Angeles"
```
  Note
  
  Do not change the UTC=true entry to another value. This entry is for the hardware clock, and does not need to be adjusted when you're setting a different time zone on your instance.
3. Save the file and exit the text editor.
Create a symbolic link between /etc/localtime and your time zone file so that the instance finds the time zone file when it references local time information.
```
Copy
[ec2-user ~]$ sudo ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
```
Reboot the system to pick up the new time zone information in all services and applications.
```
Copy
[ec2-user ~]$ sudo reboot
```

Configuring Network Time Protocol (NTP)

Network Time Protocol (NTP) is configured by default on Amazon Linux instances; however, an instance needs access to the Internet for the standard NTP configuration to work. In addition, your instance's security group rules must allow outbound UDP traffic on port 123 (NTP), and your network ACL rules must allow both inbound and outbound UDP traffic on port 123. The procedures in this section show how to verify that the default NTP configuration is working correctly. If your instance does not have access to the Internet, you need to configure NTP to query a different server in your private network to keep accurate time.

To verify that NTP is working properly

Use the ntpstat command to view the status of the NTP service on the instance.
```
Copy
[ec2-user ~]$ ntpstat
```
If your output resembles the output below, then NTP is working properly on the instance.
```
synchronised to NTP server (12.34.56.78) at stratum 3
   time correct to within 399 ms
   polling server every 64 s
```
If your output states, "unsynchronised", wait a minute and try again. The first synchronization may take a minute to complete.

If your output states, "Unable to talk to NTP daemon. Is it running?", you probably need to start the NTP service and enable it to automatically start at boot time.

(Optional) You can use the ntpq -p command to see a list of peers known to the NTP server and a summary of their state.

Copy
[ec2-user ~]$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+lttleman.deekay 204.9.54.119     2 u   15  128  377   88.649    5.946   6.876
-bittorrent.tomh 91.189.94.4      3 u  133  128  377  182.673    8.001   1.278
*ntp3.junkemailf 216.218.254.202  2 u   68  128  377   29.377    4.726  11.887
+tesla.selinc.co 149.20.64.28     2 u   31  128  377   28.586   -1.215   1.435

If the output of this command shows no activity, check whether your security groups, network ACLs, or firewalls block access to the NTP port.

To start and enable NTP

Start the NTP service with the following command.

Copy
[ec2-user ~]$ sudo service ntpd start
Starting ntpd:                                             [  OK  ]

Enable NTP to start at boot time with the chkconfig command.
```
Copy
[ec2-user ~]$ sudo chkconfig ntpd on
```
Verify that NTP is enabled with the following command.
```
Copy
[ec2-user ~]$ sudo chkconfig --list ntpd
ntpd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
```
Here ntpd is on in runlevels 2, 3, 4, and 5, which is correct.

To change NTP servers

You may decide not to use the standard NTP servers or you may need to use your own NTP server within your private network for instances that do not have Internet access.

Open the /etc/ntp.conf file in your favorite text editor (such as vim or nano). You need to use sudo with the editor command because /etc/ntp.conf is owned by root.
Find the server section, which defines the servers to poll for NTP configuration.
```
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.amazon.pool.ntp.org iburst
server 1.amazon.pool.ntp.org iburst
server 2.amazon.pool.ntp.org iburst
server 3.amazon.pool.ntp.org iburst
```
Note

The n.amazon.pool.ntp.org DNS records are intended to load balance NTP traffic from AWS. However, these are public NTP servers in the pool.ntp.org project, and they are not owned or managed by AWS. There is no guarantee that they are geographically located near your instances, or even within the AWS network. For more information, see http://www.pool.ntp.org/en/.

Comment out the servers you don't want to use by adding a "#" character to the beginning of those server definitions.

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.amazon.pool.ntp.org iburst
#server 1.amazon.pool.ntp.org iburst
#server 2.amazon.pool.ntp.org iburst
#server 3.amazon.pool.ntp.org iburst

Add an entry for each server to poll for time synchronization. You can use a DNS name for this entry or a dotted quad IP address (such as 10.0.0.254).
```
Copy
server my-ntp-server.my-domain.com iburst
```

Restart the NTP service to pick up the new servers.

Copy
[ec2-user ~]$ sudo service ntpd start
Starting ntpd:                                             [  OK  ]

Verify that your new settings work and that NTP is functioning.

Copy
[ec2-user ~]$ ntpstat
synchronised to NTP server (64.246.132.14) at stratum 2
   time correct to within 99 ms

Document Conventions

« Previous Next »