Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Command Line: What "Outbound connections on 443 must be enabled" means?

Network Newbie here.

Background

I am trying to use the AWS Command Line utility to connect to my instances on the AWS cloud.

Problem

When I try a simple command (from either local machine or EC2) such as...

aws ec2 describe-instances

I get...

Could not connect to the endpoint URL: "https://ec2.sa-east-1a.amazonaws.com/"

Which is fine and dandy because according to the AWS Command Line User Manual I should take note of:

The AWS CLI makes API calls to services over HTTPS. Outbound connections on TCP port 443 must be enabled in order to perform calls.

But what that is suppose to mean in the first place? I find the above statement as clear as a glass of muddy water.

1) Should I go to the 'Security Group' of my instance and set inbound rules to 'HTTPS TCP 443 0.0.0.0/0'? (Doesn't work)

2) Or set outbound rules and set 'HTTPS TCP 443 0.0.0.0/0' ? (Doesn't work)

3) Does the above statement has anything to do with the 'Security Groups'?

4) If it doesn't has to then, what should I do in my machine in order to 'enable the port 443. That being said...

5) Should I RUN the AWS Command Line utility from my local machine or from my EC2 remote server?

I'd appreciate some guidance so I can start solving my problem.

Thanks in advance!

like image 472
BringBackCommodore64 Avatar asked Apr 25 '15 17:04

BringBackCommodore64


People also ask

What is required to use the AWS command line interface?

By default, the AWS CLI sends requests to AWS services by using HTTPS on TCP port 443. To use the AWS CLI successfully, you must be able to make outbound connections on TCP port 443. To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Does AWS CLI use SSL?

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.


Video Answer


1 Answers

You have your region configured as "sa-east-1a", but the region is actually "sa-east-1". Your availability zones are sa-east-1a, sa-east-1b, etc.

like image 84
tedder42 Avatar answered Oct 24 '22 04:10

tedder42