By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EC2 instance metadat credentials initial delay

0

We make use of EC2 instance profiles to grant iam rights to our instances. This works fine. However when we use the cli or powershell within the instance the first call to an AWS service has a long delay, frequently around 30 seconds. Subsequent calls to other APIs are almost instant.

Does anyone else see a delay on initial credentials retrieval? If not, what kind of response do you get for the first call?

The delay is not specific to any AWS API. It could be practically any AWS cli command.

Any ideas on how I could reduce this delay or how I could troubleshoot further to find the specific call?

Many thanks

Topics
Management & GovernanceCompute
Tags
AWS Command Line InterfaceAmazon EC2
Language
English
Nobbydoe
asked 2 years ago301 views
1 Answer
0

There are a couple of things I would check:

  • Make sure you're using the latest version of the AWS CLI
  • Verify this only happens with calls out to the AWS API and not any other network calls (i.e. via curl)
  • Monitor your CloudTrail for the target account for failed login attempts. It could be that the CLI is trying to authenticate with a stale set of credentials stored in the credentials file or an environment variable, and falling back to the IAM profile role.
  • Monitor your VPC Flow Logs to see exactly where/when the slow-down is occurring.
  • Ensure proper configuration and routing to your NAT gateways and/or transit networks
profile pictureAWS
Michael_B
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content