Set the time for your Linux instance
A consistent and accurate time reference is crucial for many server tasks and processes. Most system logs include a time stamp that you can use to determine when problems occurred and in what order the events took place. If you use the AWS CLI or an AWS SDK to make requests from your instance, these tools sign requests on your behalf. If your instance's date and time are not set correctly, the date in the signature might not match the date of the request, and AWS rejects the request.
Amazon provides the Amazon Time Sync Service, which is accessible from all EC2 instances, and is also used by other AWS services. This service uses a fleet of satellite-connected and atomic reference clocks in each AWS Region to deliver accurate current time readings of the Coordinated Universal Time (UTC) global standard through Network Time Protocol (NTP). The Amazon Time Sync Service automatically smooths any leap seconds that are added to UTC.
The Amazon Time Sync Service is available through NTP at the 169.254.169.123
IPv4 address or the fd00:ec2::123
IPv6 address. The IPv6 address is only accessible on Instances built on the Nitro System.
Your instance does not require access to the internet, and you do not have to configure
your security group rules or your network ACL rules to allow access. The latest versions of
Amazon Linux 2 and Amazon Linux AMIs synchronize with the Amazon Time Sync Service by default.
For a backup to the Amazon Time Sync link-local service, and to connect resources outside of Amazon EC2 to the Amazon Time Sync Service, you can use the Amazon Time Sync Public NTP pool located at time.aws.com. Amazon Time Sync Public NTP, like the Amazon Time Sync service, automatically smooths any leap seconds that are added to UTC. The Amazon Time Sync Service Public NTP is supported globally by our fleet of satellite-connected and atomic reference clocks in each AWS Region.
Use the following procedures to configure the Amazon Time Sync Service on your instance
using the chrony
client. Alternatively, you can use external NTP sources. For
more information about NTP and public time sources, see http://www.ntp.org/
For Windows instances, see Set the time for a Windows instance.
Topics
Configure the time for clients with Amazon Time Sync Public NTP
You can configure your client machine to use Amazon Time Sync.
To configure Amazon Time Sync Public NTP for Apple macOS
-
On your client machine, open System Preferences.
-
Choose Date & Time, and then choose the Date & Time tab.
-
To make changes, choose the lock icon, and enter your password when prompted.
-
For Set date and time automatically, enter
time.aws.com
.
To configure Amazon Time Sync Public NTP for Linux (chrony or ntpd)
-
Edit
/etc/chrony/chrony.conf
(if you use chrony) or/etc/ntp.conf
(if you use ntpd) using your favorite text editor as follows:-
To prevent your instance from trying to mix smeared and non-smeared servers, remove or comment out lines starting with
server
.Important
To ensure your instance stays connected to the local Amazon Time Sync service, do not edit the following line.
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
-
Add the following line.
pool time.aws.com iburst
-
-
Choose NAME.
-
Restart the daemon using the following command.
-
chrony
sudo service chrony force-reload
-
ntpd
sudo service ntp reload
-
-
Edit the
systemd/timesyncd
file using your favorite text editor and set the content of the[Time]
block to the following. By configuring the Amazon Time Sync Service Public NTP as the fallback server, it will be selected as the only NTP server. This prevents inadvertently moving between smeared and unsmeared time servers.[Time] NTP=FallbackNTP=time.aws.com
-
Restart
systemd-timesyncd
using the following command as a user with appropriate permissions.systemctl restart systemd-timesyncd.service
-
Verify that your system is using the Amazon Time Sync Public NTP pool using the following command.
timedatectl show-timesync | grep
ServerName
If successfully configured, the output will show the following:
ServerName
=time.aws.com
Configure the time for EC2 instances with IPv4 addresses
This section describes how to set the time for EC2 instances with IPv4 addresses depending on the type of Linux distribution.
Topics
Configure the Amazon Time Sync Service on Amazon Linux AMI
Note
On Amazon Linux 2, chrony
is already installed and configured to use
the Amazon Time Sync Service IP address.
With the Amazon Linux AMI, you must edit the chrony
configuration file to add
a server entry for the Amazon Time Sync Service.
To configure your instance to use the Amazon Time Sync Service
-
Connect to your instance and uninstall the NTP service.
[ec2-user ~]$
sudo yum erase 'ntp*'
-
Install the
chrony
package.[ec2-user ~]$
sudo yum install chrony
-
Open the
/etc/chrony.conf
file using a text editor (such as vim or nano). Verify that the file includes the following line:server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
If the line is present, then the Amazon Time Sync Service is already configured and you can go to the next step. If not, add the line after any other
server
orpool
statements that are already present in the file, and save your changes. -
Restart the
chrony
daemon (chronyd
).[ec2-user ~]$
sudo service chronyd restart
Starting chronyd: [ OK ]
Note
On RHEL and CentOS (up to version 6), the service name is
chrony
instead ofchronyd
. -
Use the
chkconfig
command to configurechronyd
to start at each system boot.[ec2-user ~]$
sudo chkconfig chronyd on
-
Verify that
chrony
is using the169.254.169.123
IP address to synchronize the time.[ec2-user ~]$
chronyc sources -v
210 Number of sources = 7 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 169.254.169.123 3 6 17 43 -30us[ -226us] +/- 287us ^- ec2-12-34-231-12.eu-west> 2 6 17 43 -388us[ -388us] +/- 11ms ^- tshirt.heanet.ie 1 6 17 44 +178us[ +25us] +/- 1959us ^? tbag.heanet.ie 0 6 0 - +0ns[ +0ns] +/- 0ns ^? bray.walcz.net 0 6 0 - +0ns[ +0ns] +/- 0ns ^? 2a05:d018:c43:e312:ce77:> 0 6 0 - +0ns[ +0ns] +/- 0ns ^? 2a05:d018:dab:2701:b70:b> 0 6 0 - +0ns[ +0ns] +/- 0ns
In the output that's returned,
^*
indicates the preferred time source. -
Verify the time synchronization metrics that are reported by
chrony
.[ec2-user ~]$
chronyc tracking
Reference ID : A9FEA97B (169.254.169.123) Stratum : 4 Ref time (UTC) : Wed Nov 22 13:18:34 2017 System time : 0.000000626 seconds slow of NTP time Last offset : +0.002852759 seconds RMS offset : 0.002852759 seconds Frequency : 1.187 ppm fast Residual freq : +0.020 ppm Skew : 24.388 ppm Root delay : 0.000504752 seconds Root dispersion : 0.001112565 seconds Update interval : 64.4 seconds Leap status : Normal
Configure the Amazon Time Sync Service on Ubuntu
You must edit the chrony
configuration file to add a server entry for the Amazon Time Sync Service.
To configure your instance to use the Amazon Time Sync Service
Connect to your instance and use
apt
to install thechrony
package.ubuntu:~$
sudo apt install chrony
Note
If necessary, update your instance first by running
sudo apt update
.Open the
/etc/chrony/chrony.conf
file using a text editor (such as vim or nano). Add the following line before any otherserver
orpool
statements that are already present in the file, and save your changes:server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
-
Restart the
chrony
service.ubuntu:~$
sudo /etc/init.d/chrony restart
Restarting chrony (via systemctl): chrony.service.
-
Verify that
chrony
is using the169.254.169.123
IP address to synchronize the time.ubuntu:~$
chronyc sources -v
210 Number of sources = 7 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 169.254.169.123 3 6 17 12 +15us[ +57us] +/- 320us ^- tbag.heanet.ie 1 6 17 13 -3488us[-3446us] +/- 1779us ^- ec2-12-34-231-12.eu-west- 2 6 17 13 +893us[ +935us] +/- 7710us ^? 2a05:d018:c43:e312:ce77:6 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? 2a05:d018:d34:9000:d8c6:5 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? tshirt.heanet.ie 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? bray.walcz.net 0 6 0 10y +0ns[ +0ns] +/- 0ns
In the output that's returned, on the line starting with
^*
indicates the preferred time source. -
Verify the time synchronization metrics that are reported by
chrony
.ubuntu:~$
chronyc tracking
Reference ID : 169.254.169.123 (169.254.169.123) Stratum : 4 Ref time (UTC) : Wed Nov 29 07:41:57 2017 System time : 0.000000011 seconds slow of NTP time Last offset : +0.000041659 seconds RMS offset : 0.000041659 seconds Frequency : 10.141 ppm slow Residual freq : +7.557 ppm Skew : 2.329 ppm Root delay : 0.000544 seconds Root dispersion : 0.000631 seconds Update interval : 2.0 seconds Leap status : Normal
Configure the Amazon Time Sync Service on SUSE Linux
Install chrony from https://software.opensuse.org/package/chrony
Open the /etc/chrony.conf
file using a text editor (such as
vim or nano). Verify that the file
contains the following line:
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
If this line is not present, add it. Comment out any other server or pool lines. Open yaST and enable the chrony service.
Configure the time for EC2 instances with IPv6 addresses
This section explains how the process described in Configure the time for EC2 instances with IPv4 addresses differs if you are configuring Amazon Time Sync Service for EC2 instances that use an IPv6 address. It doesn't explain the entire Amazon Time Sync Service configuration process. The IPv6 address is only accessible on Instances built on the Nitro System.
Note
We don't recommend using both the IPv4 address and the IPv6 address entries together in your chrony.conf file. The IPv4 and IPv6 NTP packets come from the same local server for your instance. You will likely get mixed results with some packets coming from the IPv4 endpoint and some from the IPv6 endpoint if you are using both at the same time.
Depending on the Linux distribution you are using, when you reach the step to edit the
chrony.conf file, you'll be using the IPv6 endpoint of the Amazon Time Sync Service
(fd00:ec2::123
) rather than the IPv4 endpoint
(169.254.169.123
):
server fd00:ec2::123 prefer iburst minpoll 4 maxpoll 4
Save the file and verify that chrony
is using the
fd00:ec2::123
IPv6 address to synchronize time:
[ec2-user ~]$
chronyc sources -v
In the output, if you see the fd00:ec2::123
IPv6 address, the
configuration is complete.
Change the time zone on Amazon Linux
Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default. You can change the time on an instance to the local time or to another time zone in your network.
Important
This information applies to Amazon Linux. For information about other distributions, see their specific documentation.
To change the time zone on an Amazon Linux 2023 or Amazon Linux 2 instance
-
View the system's current time zone setting.
[ec2-user ~]$
timedatectl
-
List the available time zones.
[ec2-user ~]$
timedatectl list-timezones
-
Set the chosen time zone.
[ec2-user ~]$
sudo timedatectl set-timezone
America/Vancouver
-
(Optional) Confirm that the current time zone is updated to the new time zone by running the timedatectl command again.
[ec2-user ~]$
timedatectl
To change the time zone on an Amazon Linux instance
-
Identify the time zone to use on the instance. The
/usr/share/zoneinfo
directory contains a hierarchy of time zone data files. Browse the directory structure at that location to find a file for your time zone.[ec2-user ~]$
ls /usr/share/zoneinfo
Africa Chile GB Indian Mideast posixrules US America CST6CDT GB-Eire Iran MST PRC UTC Antarctica Cuba GMT iso3166.tab MST7MDT PST8PDT WET Arctic EET GMT0 Israel Navajo right W-SU ...
Some of the entries at this location are directories (such as
America
), and these directories contain time zone files for specific cities. Find your city (or a city in your time zone) to use for the instance. -
Update the
/etc/sysconfig/clock
file with the new time zone. In this example, we use the time zone data file for Los Angeles,/usr/share/zoneinfo/America/Los_Angeles
.-
Open the
/etc/sysconfig/clock
file with your favorite text editor (such as vim or nano). You need to use sudo with your editor command because/etc/sysconfig/clock
is owned byroot
.[ec2-user ~]$
sudo
nano
/etc/sysconfig/clock -
Locate the
ZONE
entry, and change it to the time zone file (omitting the/usr/share/zoneinfo
section of the path). For example, to change to the Los Angeles time zone, change theZONE
entry to the following:ZONE="
America/Los_Angeles
"Note
Do not change the
UTC=true
entry to another value. This entry is for the hardware clock, and does not need to be adjusted when you're setting a different time zone on your instance. -
Save the file and exit the text editor.
-
-
Create a symbolic link between
/etc/localtime
and the time zone file so that the instance finds the time zone file when it references local time information.[ec2-user ~]$
sudo ln -sf /usr/share/zoneinfo/
America/Los_Angeles
/etc/localtime -
Reboot the system to pick up the new time zone information in all services and applications.
[ec2-user ~]$
sudo reboot
-
(Optional) Confirm that the current time zone is updated to the new time zone by using the date command. The current time zone appears in the output. In the following example, the current time zone is PDT, which refers to the Los Angeles time zone.
[ec2-user ~]$
date
Sun Aug 16 05:45:16 PDT 2020
Compare timestamps
If you're using the Amazon Time Sync Service, you can compare the timestamps on your Amazon EC2 instances with ClockBound to determine the true time of an event. ClockBound measures the clock accuracy of your EC2 instance, and allows you to check if a given timestamp is in the past or future with respect to your instance's current clock. This information is valuable for determining the order and consistency of events and transactions across EC2 instances, independent of each instance's geographic location.
ClockBound is an open source daemon and library. To learn more about ClockBound,
including installation instructions, see ClockBound