Thank you for your answer! I should have mentioned, that the "string" example works perfectly when all iptables rules are flushed.
I had to add a Output rule for destination port 443:
iptables -A OUTPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
Now it works!
For added security one could add the destination address, but I fear the endpoint address might change over time.
Thank you again and greetings from Austria,
Edited by: ChristianAUT on Apr 21, 2020 1:19 AM
KMS listens over port TCP/443 (HTTPS) on the endpoints listed at https://docs.aws.amazon.com/general/latest/gr/kms.html (though the SDK should be able to automatically select the correct endpoint for you just by setting the region).
From the sound of the error message, I think you might be pointing the SDK at your EC2 instance rather than the KMS endpoints.
Also note that when allowing access for your EC2 instance to call KMS, this is OUTGOING traffic (from your instance, to the KMS endpoint), and not incoming.
Hope this helps!
AWS KMS Team
Is there a reason why port forwarding isn't working?asked 18 days ago
cloud9 preview running application on specific portasked 6 months ago
(t2.micro) Editing port rules in Security Group makes no changes - Can always ping port 3389, but 22 failsasked 7 months ago
Port 80 (HTTP) and Port 443 (HTTPS) stopped working for all my EC2 instances of ap-south-1 Region (including any new instance i launch in this region)asked 6 months ago
I can not connect to my ec2 instance by ssh, sg port checkedAccepted Answerasked 2 months ago
AWS Network Firewall Domain list Portasked 4 months ago
Port 3306 results closedasked 2 years ago
accessing site with custom port and static ipasked 4 months ago
How to open a portasked 5 months ago
KMS Network Portasked 2 years ago