Set the time for your Linux instance
A consistent and accurate time reference is crucial for many server tasks and processes. Most system logs include a time stamp that you can use to determine when problems occur and in what order the events take place. If you use the AWS CLI or an AWS SDK to make requests from your instance, these tools sign requests on your behalf. If your instance's date and time are not set correctly, the date in the signature may not match the date of the request, and AWS rejects the request.
Amazon provides the Amazon Time Sync Service, which is accessible from all EC2 instances, and is also used by other AWS services. This service uses a fleet of satellite-connected and atomic reference clocks in each Region to deliver accurate current time readings of the Coordinated Universal Time (UTC) global standard through Network Time Protocol (NTP). The Amazon Time Sync Service automatically smooths any leap seconds that are added to UTC.
The Amazon Time Sync Service is available through NTP at the 169.254.169.123
IP address for any instance running in a VPC. Your instance does not require access
to the
internet, and you do not have to configure your security group rules or your network
ACL
rules to allow access. The latest versions of Amazon Linux 2 and Amazon Linux AMIs
synchronize with the Amazon Time Sync Service by default.
Use the following procedures to configure the Amazon Time Sync Service on your instance
using the chrony
client.
Alternatively, you can use external NTP sources. For more information about NTP and
public time sources, see http://www.ntp.org/
Topics
Configure the Amazon Time Sync Service on Amazon Linux AMI
On Amazon Linux 2, the default chrony
configuration is already set up to use
the Amazon Time Sync Service IP address.
With the Amazon Linux AMI, you must edit the chrony
configuration file to add
a server entry for the Amazon Time Sync Service.
To configure your instance to use the Amazon Time Sync Service
-
Connect to your instance and uninstall the NTP service.
[ec2-user ~]$
sudo yum erase 'ntp*'
-
Install the
chrony
package.[ec2-user ~]$
sudo yum install chrony
-
Open the
/etc/chrony.conf
file using a text editor (such as vim or nano). Verify that the file includes the following line:server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
If the line is present, then the Amazon Time Sync Service is already configured and you can go to the next step. If not, add the line after any other
server
orpool
statements that are already present in the file, and save your changes. -
Restart the
chrony
daemon (chronyd
).[ec2-user ~]$
sudo service chronyd restart
Starting chronyd: [ OK ]
Note On RHEL and CentOS (up to version 6), the service name is
chrony
instead ofchronyd
. -
Use the
chkconfig
command to configurechronyd
to start at each system boot.[ec2-user ~]$
sudo chkconfig chronyd on
-
Verify that
chrony
is using the169.254.169.123
IP address to synchronize the time.[ec2-user ~]$
chronyc sources -v
210 Number of sources = 7 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 169.254.169.123 3 6 17 43 -30us[ -226us] +/- 287us ^- ec2-12-34-231-12.eu-west> 2 6 17 43 -388us[ -388us] +/- 11ms ^- tshirt.heanet.ie 1 6 17 44 +178us[ +25us] +/- 1959us ^? tbag.heanet.ie 0 6 0 - +0ns[ +0ns] +/- 0ns ^? bray.walcz.net 0 6 0 - +0ns[ +0ns] +/- 0ns ^? 2a05:d018:c43:e312:ce77:> 0 6 0 - +0ns[ +0ns] +/- 0ns ^? 2a05:d018:dab:2701:b70:b> 0 6 0 - +0ns[ +0ns] +/- 0ns
In the output that's returned,
^*
indicates the preferred time source. -
Verify the time synchronization metrics that are reported by
chrony
.[ec2-user ~]$
chronyc tracking
Reference ID : A9FEA97B (169.254.169.123) Stratum : 4 Ref time (UTC) : Wed Nov 22 13:18:34 2017 System time : 0.000000626 seconds slow of NTP time Last offset : +0.002852759 seconds RMS offset : 0.002852759 seconds Frequency : 1.187 ppm fast Residual freq : +0.020 ppm Skew : 24.388 ppm Root delay : 0.000504752 seconds Root dispersion : 0.001112565 seconds Update interval : 64.4 seconds Leap status : Normal
Configure the Amazon Time Sync Service on Ubuntu
You must edit the chrony
configuration file to add a server entry for the Amazon Time Sync Service.
To configure your instance to use the Amazon Time Sync Service
-
Connect to your instance and use
apt
to install thechrony
package.ubuntu:~$
sudo apt install chrony
Note If necessary, update your instance first by running
sudo apt update
. -
Open the
/etc/chrony/chrony.conf
file using a text editor (such as vim or nano). Add the following line before any otherserver
orpool
statements that are already present in the file, and save your changes:server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
-
Restart the
chrony
service.ubuntu:~$
sudo /etc/init.d/chrony restart
[ ok ] Restarting chrony (via systemctl): chrony.service.
-
Verify that
chrony
is using the169.254.169.123
IP address to synchronize the time.ubuntu:~$
chronyc sources -v
210 Number of sources = 7 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 169.254.169.123 3 6 17 12 +15us[ +57us] +/- 320us ^- tbag.heanet.ie 1 6 17 13 -3488us[-3446us] +/- 1779us ^- ec2-12-34-231-12.eu-west- 2 6 17 13 +893us[ +935us] +/- 7710us ^? 2a05:d018:c43:e312:ce77:6 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? 2a05:d018:d34:9000:d8c6:5 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? tshirt.heanet.ie 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? bray.walcz.net 0 6 0 10y +0ns[ +0ns] +/- 0ns
In the output that's returned,
^*
indicates the preferred time source. -
Verify the time synchronization metrics that are reported by
chrony
.ubuntu:~$
chronyc tracking
Reference ID : 169.254.169.123 (169.254.169.123) Stratum : 4 Ref time (UTC) : Wed Nov 29 07:41:57 2017 System time : 0.000000011 seconds slow of NTP time Last offset : +0.000041659 seconds RMS offset : 0.000041659 seconds Frequency : 10.141 ppm slow Residual freq : +7.557 ppm Skew : 2.329 ppm Root delay : 0.000544 seconds Root dispersion : 0.000631 seconds Update interval : 2.0 seconds Leap status : Normal
Configure the Amazon Time Sync Service on SUSE Linux
Install chrony from https://software.opensuse.org/package/chrony
Open the /etc/chrony.conf
file using a text editor (such as
vim or nano). Verify that the file
contains the following line:
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
If this line is not present, add it. Comment out any other server or pool lines. Open yast and enable the chrony service.
Change the time zone on Amazon Linux
Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default. You can change the time on an instance to the local time or to another time zone in your network.
This information applies to Amazon Linux. For information about other distributions, see their specific documentation.
To change the time zone on an instance
-
Identify the time zone to use on the instance. The
/usr/share/zoneinfo
directory contains a hierarchy of time zone data files. Browse the directory structure at that location to find a file for your time zone.[ec2-user ~]$
ls /usr/share/zoneinfo
Africa Chile GB Indian Mideast posixrules US America CST6CDT GB-Eire Iran MST PRC UTC Antarctica Cuba GMT iso3166.tab MST7MDT PST8PDT WET Arctic EET GMT0 Israel Navajo right W-SU ...
Some of the entries at this location are directories (such as
America
), and these directories contain time zone files for specific cities. Find your city (or a city in your time zone) to use for the instance. -
Update the
/etc/sysconfig/clock
file with the new time zone. In this example, we use the time zone data file for Los Angeles,/usr/share/zoneinfo/America/Los_Angeles
.-
Open the
/etc/sysconfig/clock
file with your favorite text editor (such as vim or nano). You need to use sudo with your editor command because/etc/sysconfig/clock
is owned byroot
.[ec2-user ~]$
sudo
nano
/etc/sysconfig/clock -
Locate the
ZONE
entry, and change it to the time zone file (omitting the/usr/share/zoneinfo
section of the path). For example, to change to the Los Angeles time zone, change theZONE
entry to the following:ZONE="
America/Los_Angeles
"Note Do not change the
UTC=true
entry to another value. This entry is for the hardware clock, and does not need to be adjusted when you're setting a different time zone on your instance. -
Save the file and exit the text editor.
-
-
Create a symbolic link between
/etc/localtime
and the time zone file so that the instance finds the time zone file when it references local time information.[ec2-user ~]$
sudo ln -sf /usr/share/zoneinfo/
America/Los_Angeles
/etc/localtime -
Reboot the system to pick up the new time zone information in all services and applications.
[ec2-user ~]$
sudo reboot
-
(Optional) Confirm that the current time zone is updated to the new time zone by using the date command. The current time zone appears in the output. In the following example, the current time zone is PDT, which refers to the Los Angeles time zone.
[ec2-user ~]$
date
Sun Aug 16 05:45:16 PDT 2020