By using AWS re:Post, you agree to the Terms of Use

[Announcement] Amazon Linux 2 now supports the ability to use HTTPS while connecting to package repositories

0

This is now the default in Amazon Linux AMI released after Apr 25th 2021

Amazon Linux 2 now supports the ability to switch package repository connections from HTTP to HTTPS in all AWS regions. This feature provides an extra layer of assurance that packages being delivered from Amazon Linux are being delivered by trusted repositories, and not redirected to an untrusted source. With this feature all traffic to package repositories will shift from outbound port 80 to outbound port 443 and security groups should be updated accordingly. You can start using this feature by enabling it on your EC2 instances today.

To enable HTTPS repositories at the launch of an instance, you will need to use an Amazon Linux 2 AMI version 2.0.20210126.0 or greater. If using custom AMI's, please make sure that your version of cloud-init is at or above cloud-init-19.3-5.amzn2 in addition to the system-release and amazon-linux-extras packages called out below. Include the following command in your cloud-init user-data to enable HTTPS prior to the initial yum updates performed on boot:
#cloud-config
amazonlinux_repo_https: true

To enable HTTPS repos on existing instances, update the system-release and amazon-linux-extras RPMs to versions system-release-2-13.amzn2 and amazon-linux-extras-1.6.13-1.amzn2 or higher, and run the following script with root or with sudo permissions:
sudo /usr/sbin/amazon-linux-https enable
sudo yum clean expire-cache

This will convert the standard Amazon Linux repositories from HTTP to HTTPS. If you wish to roll back to HTTP repositories, you can do so by running the same script with ‘disable’:
sudo /usr/sbin/amazon-linux-https disable
sudo yum clean expire-cache

If you are actively using policies to allow access to the Amazon Linux repositories following the instructions here or here you will need to update the policy to include a new arn "arn:aws:s3:::amazonlinux-2-repos-$region/"* (don't forget to replace $region with the region you are in).

  • This is an announcement migrated from AWS Forums that does not require an answer.

asked a year ago67 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions