Setting the Time for Your Linux Instance
A consistent and accurate time reference is crucial for many server tasks and processes. Most system logs include a time stamp that you can use to determine when problems occur and in what order the events take place. If you use the AWS CLI or an AWS SDK to make requests from your instance, these tools sign requests on your behalf. If your instance's date and time are not set correctly, the date in the signature may not match the date of the request, and AWS rejects the request.
Amazon provides the Amazon Time Sync Service, which is accessible from all EC2 instances, and is also used by other AWS services. This service uses a fleet of satellite-connected and atomic reference clocks in each Region to deliver accurate current time readings of the Coordinated Universal Time (UTC) global standard through Network Time Protocol (NTP). The Amazon Time Sync Service automatically smooths any leap seconds that are added to UTC.
The Amazon Time Sync Service is available through NTP at the 169.254.169.123
IP address for any instance running in a VPC. Your instance does not require access
to the
internet, and you do not have to configure your security group rules or your network
ACL
rules to allow access. The latest versions of Amazon Linux 2 and Amazon Linux AMIs
synchronize with the Amazon Time Sync Service by default.
Use the following procedures to configure the Amazon Time Sync Service on your instance
using the chrony client.
Alternatively, you can use external NTP sources. For more information about NTP and
public time sources, see http://www.ntp.org/.
An instance needs access to the internet for the external NTP time sources to work.
Configuring the Amazon Time Sync Service on Amazon Linux AMI
Note
On Amazon Linux 2, the default chrony configuration is already set up to use
the Amazon Time Sync Service IP address.
With the Amazon Linux AMI, you must edit the chrony configuration file to add
a server entry for the Amazon Time Sync Service.
To configure your instance to use the Amazon Time Sync Service
-
Connect to your instance and uninstall the NTP service.
[ec2-user ~]$sudo yum erase 'ntp*' -
Install the
chronypackage.[ec2-user ~]$sudo yum install chrony -
Open the
/etc/chrony.conffile using a text editor (such as vim or nano). Verify that the file includes the following line:server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4If the line is present, then the Amazon Time Sync Service is already configured and you can go to the next step. If not, add the line after any other
serverorpoolstatements that are already present in the file, and save your changes. -
Start the
chronydaemon (chronyd).[ec2-user ~]$sudo service chronyd startStarting chronyd: [ OK ]Note
On RHEL and CentOS (up to version 6), the service name is
chronyinstead ofchronyd. -
Use the
chkconfigcommand to configurechronydto start at each system boot.[ec2-user ~]$sudo chkconfig chronyd on -
Verify that
chronyis using the169.254.169.123IP address to synchronize the time.[ec2-user ~]$chronyc sources -v210 Number of sources = 7 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 169.254.169.123 3 6 17 43 -30us[ -226us] +/- 287us ^- ec2-12-34-231-12.eu-west> 2 6 17 43 -388us[ -388us] +/- 11ms ^- tshirt.heanet.ie 1 6 17 44 +178us[ +25us] +/- 1959us ^? tbag.heanet.ie 0 6 0 - +0ns[ +0ns] +/- 0ns ^? bray.walcz.net 0 6 0 - +0ns[ +0ns] +/- 0ns ^? 2a05:d018:c43:e312:ce77:> 0 6 0 - +0ns[ +0ns] +/- 0ns ^? 2a05:d018:dab:2701:b70:b> 0 6 0 - +0ns[ +0ns] +/- 0nsIn the output that's returned,
^*indicates the preferred time source. -
Verify the time synchronization metrics that are reported by
chrony.[ec2-user ~]$chronyc trackingReference ID : A9FEA97B (169.254.169.123) Stratum : 4 Ref time (UTC) : Wed Nov 22 13:18:34 2017 System time : 0.000000626 seconds slow of NTP time Last offset : +0.002852759 seconds RMS offset : 0.002852759 seconds Frequency : 1.187 ppm fast Residual freq : +0.020 ppm Skew : 24.388 ppm Root delay : 0.000504752 seconds Root dispersion : 0.001112565 seconds Update interval : 64.4 seconds Leap status : Normal
Configuring the Amazon Time Sync Service on Ubuntu
You must edit the chrony configuration file to add a server entry for the Amazon Time Sync Service.
To configure your instance to use the Amazon Time Sync Service
-
Connect to your instance and use
aptto install thechronypackage.ubuntu:~$sudo apt install chronyNote
If necessary, update your instance first by running
sudo apt update. -
Open the
/etc/chrony/chrony.conffile using a text editor (such as vim or nano). Add the following line before any otherserverorpoolstatements that are already present in the file, and save your changes:server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4 -
Restart the
chronyservice.ubuntu:~$sudo /etc/init.d/chrony restart[ ok ] Restarting chrony (via systemctl): chrony.service. -
Verify that
chronyis using the169.254.169.123IP address to synchronize the time.ubuntu:~$chronyc sources -v210 Number of sources = 7 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 169.254.169.123 3 6 17 12 +15us[ +57us] +/- 320us ^- tbag.heanet.ie 1 6 17 13 -3488us[-3446us] +/- 1779us ^- ec2-12-34-231-12.eu-west- 2 6 17 13 +893us[ +935us] +/- 7710us ^? 2a05:d018:c43:e312:ce77:6 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? 2a05:d018:d34:9000:d8c6:5 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? tshirt.heanet.ie 0 6 0 10y +0ns[ +0ns] +/- 0ns ^? bray.walcz.net 0 6 0 10y +0ns[ +0ns] +/- 0nsIn the output that's returned,
^*indicates the preferred time source. -
Verify the time synchronization metrics that are reported by
chrony.ubuntu:~$chronyc trackingReference ID : 169.254.169.123 (169.254.169.123) Stratum : 4 Ref time (UTC) : Wed Nov 29 07:41:57 2017 System time : 0.000000011 seconds slow of NTP time Last offset : +0.000041659 seconds RMS offset : 0.000041659 seconds Frequency : 10.141 ppm slow Residual freq : +7.557 ppm Skew : 2.329 ppm Root delay : 0.000544 seconds Root dispersion : 0.000631 seconds Update interval : 2.0 seconds Leap status : Normal
Configuring the Amazon Time Sync Service on SUSE Linux
Install chrony from https://software.opensuse.org/package/chrony.
Open the /etc/chrony.conf file using a text editor (such as
vim or nano). Verify that the file
contains the following line:
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
If this line is not present, add it. Comment out any other server or pool lines. Open yast and enable the chrony service.
Changing the Time Zone on Amazon Linux
Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default, but you may wish to change the time on an instance to the local time or to another time zone in your network.
Important
These procedures are intended for use with Amazon Linux. For more information about other distributions, see their specific documentation.
To change the time zone on an instance
-
Identify the time zone to use on the instance. The
/usr/share/zoneinfodirectory contains a hierarchy of time zone data files. Browse the directory structure at that location to find a file for your time zone.[ec2-user ~]$ls /usr/share/zoneinfoAfrica Chile GB Indian Mideast posixrules US America CST6CDT GB-Eire Iran MST PRC UTC Antarctica Cuba GMT iso3166.tab MST7MDT PST8PDT WET Arctic EET GMT0 Israel Navajo right W-SU ...Some of the entries at this location are directories (such as
America), and these directories contain time zone files for specific cities. Find your city (or a city in your time zone) to use for the instance. In this example, you can use the time zone file for Los Angeles,/usr/share/zoneinfo/America/Los_Angeles. -
Update the
/etc/sysconfig/clockfile with the new time zone.-
Open the
/etc/sysconfig/clockfile with your favorite text editor (such as vim or nano). You need to use sudo with your editor command because/etc/sysconfig/clockis owned byroot. -
Locate the
ZONEentry, and change it to the time zone file (omitting the/usr/share/zoneinfosection of the path). For example, to change to the Los Angeles time zone, change theZONEentry to the following:ZONE="America/Los_Angeles"Note
Do not change the
UTC=trueentry to another value. This entry is for the hardware clock, and does not need to be adjusted when you're setting a different time zone on your instance. -
Save the file and exit the text editor.
-
-
Create a symbolic link between
/etc/localtimeand your time zone file so that the instance finds the time zone file when it references local time information.[ec2-user ~]$sudo ln -sf /usr/share/zoneinfo/America/Los_Angeles/etc/localtime -
Reboot the system to pick up the new time zone information in all services and applications.
[ec2-user ~]$sudo reboot
