Questions tagged with Amazon EC2

I'm trying to run a dedicated server using Windows Server 2019. When I tell the server application to begin it gets stuck on a loading screen and never starts. Any ideas?

I'm unable to delete the snapshot of a terminated instance. The instance is a very old t1.micro for which the Volume has also been deleted. How do I get rid of the snapshot so that this instance incurs no additional charges?

I have got email from AWS that one of my EC2 is infected with malware and may be part of botnet. Can someone please guide me on how to fix this ? Please investigate this reported activity from your AWS Resource. Destination IP: 194.145.227.21 Destination Port: 5443 Please Review - https://cujo.com/the-sysrv-botnet-and-how-it-evolved/

I have been struggling with this for days. I have been trying to spin up an instance in an OpsWorks stack and layer utilizing a custom cookbook. I have created the required roles and policies, but I am still getting instance setup failures. I am getting an error code 403. Does anyone have insight on this?

start request repeated too quickly for systemd-tmpfiles-clean.service

I am making a Snapshot of a mounted volume to a path called /home/ec2-user/restore - when I use the web interface all works as expected. When I use AWS CLI to create a **new** volume from the snapshot and mount the **new** volume to /home/ec2-user/restore again, the new volume from the snapshot has all the files that are supposed to be there, but the files have nothing in them. Do you know why a snapshot would omit all the data within the files?

Hello, We encountered troubles with ECS on Docker on EC2. Some tasks stay a long time in provisionning state while an EC2 is available and others tasks with the same docker image and parameters succeed to start. Then, the status goes from PROVISIONNING to STOPPED with reason : "Task failed to start". I have no logs, or info on the containers in ECS console and Cloudwatch, and did not find any tips in the EC2 logs... Any idea on why we have this behaviour ? or a way to have more traces to investigate ? Thanks Valentin

We have run into an issue all of a sudden with our Ec2 instance. VM doesn't respond to commands on shell as expected and sessions terminate abruptly. We have tried reboots, force updates, patching but non of these have helped, we also found that CPU, Memory and disk space utilizations are well under control. Volumes are also mounted correctly after reboot. The no. of processes are also very minimal, none of our apps have been turned ON after reboot.

I recently had a need to attach an Elastic IP to an instance that previously had a Public IP - got tired of changing SSH keys whenever I rebooted as I was assigning the same private IP to the instance. However, the need for a static IP across reboots has now waned and I wanted to revert to the Public IP setting. However, after detaching the Elastic IP, the instance did not get another Public IP as stated in this document: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-recover-ip-address/ Instead, I had to resort to creating an AMI and launching a new instance with a Public IP. Is this now the only way to get a Public IP after an Elastic IP is detached?

Hi, I need to assign ssh key pairs to the EC2 instances for multiple IAM users. So what i want to have: IAM users `[user1,user2,user3]`, out of them `[user1,user2]` should have separate (each IAM user should have its own user in VM) SSH access to the `[VM-1,VM-2]` EC2 instances, and the `[user3]` should have access **only** to the `[VM-3]` instance. Do i need to generate ssh key pairs, create users inside the EC2 instance, assign permissions for those users - manually, and then also manually add those SSH pub keys in the EC2 instances? Or AWS has service that can do it automatically for me? Joann

Hi everyone I'm having trouble setting up my 3cx free license and connecting it with my AWS ec2. For some reason, it is telling me that my computer name is invalid, which is why my installation of the 3cx Server on AWS isn't working. I have created all the necessary things: User with the matching rights, the Key pair, I checked the region as well. Does anyone know how to fix this? THX Marko

Steps to reproduce: Create EC2 instance in eu-central-1 region with following configuration - t3.small, ami-042172eb88687b43e (Windows Server 2016 Base), Public IP, igw to handle traffic. Login to the instance through RDP. Install telnet (it can be done through PowerShell with following command Install-WindowsFeature -name Telnet-Client). Open command line and try use telnet to connect 10-20 times to remote host with following command telnet 212.90.186.150 80. At least one attempt will fail with error "Connection failed". Repeat all steps above in eu-north-1 region and will see 0 errors. Is there a problem with routing in eu-central-1 region? You can also trace (tracert 212.90.186.150) to find out through which IPs/Networks the connection goes. From the 212.90.186.150 country (Ukraine) side the route is the same for both regions but when you trace from eu-central-1 it also goes through few internal IPs: 100.95.20.135, 100.100.22.2, 100.95.21.129, 100.100.4.58 and one "Frankfurt IPv4 Peering LAN". It could be a problem with this route. Could you help to solve the issue?

I am running the free t2.micro instance. Since last night I have been unable to connect to the instance using any method. I've tried using PuTTY, FileZilla, and the built-in console, but none work. My dashboard says the server is online and connectable though. I can't ask support directly because of the aforementioned free tier. What should I do? I at least need to connect with FileZilla and backup my server data before wiping the instance, but I'd prefer to not do that. Nothing was changed on the server before I was kicked off it.

Hi, I want to forbid IAM user (for example: support-IAM ) to authenticate to the EC2 instance user ( for example : root-EC2 ), but still be able to authenticate as other EC2 instance user ( for example: support-EC2 ) , for that, as i understood i need to forbid this user to set `--tags` with value `root-EC2` (or in my case, everything **except** `support-EC2`) while using command `aws sts assume-role`, but how can i do it? P.S im using `AWS session manager` Joann

We want to renew the SSL certificate for our website pokerbootcamp.in. The site is hosted on EC-2. I just installed PUTTY to access SSH but we don't have the keypair. Tried creating a new one but that gets refused on PUTTY. Is there a solution to this? We just want to renew the SSL, that's it.

Hello, I tried using [Inf1 EC2 instance](https://aws.amazon.com/ec2/instance-types/inf1/) for deploying my ML model. I need to monitor the GPU usage of the ML model. I could find the CPU usage in the aws console, but not gpu usage. Already tried: 1. https://docs.aws.amazon.com/dlami/latest/devguide/tutorial-gpu-monitoring-gpumon.html This didn't work. It threw this error ``` (python3) ubuntu@ip-xxx-mm-yy-zzz:~/tools/GPUCloudWatchMonitor$ python3 gpumon.py Traceback (most recent call last): File "gpumon.py", line 146, in <module> nvmlInit() File "/home/ubuntu/anaconda3/envs/python3/lib/python3.8/site-packages/pynvml/nvml.py", line 1450, in nvmlInit nvmlInitWithFlags(0) File "/home/ubuntu/anaconda3/envs/python3/lib/python3.8/site-packages/pynvml/nvml.py", line 1440, in nvmlInitWithFlags _nvmlCheckReturn(ret) File "/home/ubuntu/anaconda3/envs/python3/lib/python3.8/site-packages/pynvml/nvml.py", line 765, in _nvmlCheckReturn raise NVMLError(ret) pynvml.nvml.NVMLError_DriverNotLoaded: Driver Not Loaded ``` Also, `nvidia-smi` didn't work ``` (python3) ubuntu@ip-xxx-mm-yy-zzz:~/tools/GPUCloudWatchMonitor$ nvidia-smi NVIDIA-SMI has failed because it couldn't communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running. ``` Kindly provide some help to monitor GPU usage.

I am running an Algo on EC2 instance machine and its working fine in the morning but as time passes by there is a lag of 10-20sec in order placement. I am unable to identify the issue. The python file is of only 14KB Kindly guide where is the problem and how to rectify it.

I'm trying to make a custom Ubuntu 20.04 image from a .iso file that I have uploaded to Amazon S3. I've went through all the steps to create an image pipeline, but when I get to the end and hit create pipeline it just says `Error message: InvalidParameter: The service role role-name provided does not exist or does not have sufficient permissions`. I've made a role specifically for this pipeline, and even when I attach a policy that has all permissions to all resources I still get this error that says it doesn't have permission. Any help here?

Hi! I built a web app on an EC2 windows instance & want to put it on my clients domain. Once the server is on the domain, the users only have to go to the server name in their browser & the app renders. I haven't worked with AWS networking & want to know if I should I use Resolver, Amazon Active Directory, or AD Connector? Preferably quick & easy. I only need to join one ec2 windows instance to my clients network. Thanks in advance!

Overview: I'm trying to run an XGboost model on a bunch of parquet files sitting in S3 using dask by setting up a fargate cluster and connecting it to a Dask cluster. Total dataframe size totals to about 140 GB of data. I scaled up a fargate cluster with properties: Workers: 40 Total threads: 160 Total memory: 1 TB So there should be enough data to hold the data tasks. Each worker has 9+ GB with 4 Threads. I do some very basic preprocessing and then I create a DaskDMatrix which does cause the task bytes per worker to get a little high, but never above the threshold where it would fail. Next I run xgb.dask.train which utilizes the xgboost package not the dask_ml.xgboost package. Very quickly, the workers die and I get the error `XGBoostError: rabit/internal/utils.h:90: Allreduce failed`. When I attempted this with a single file with only 17MB of data, I would still get this error but only a couple workers die. Does anyone know why this happens since I have double the memory of the dataframe? ``` X_train = X_train.to_dask_array() X_test = X_test.to_dask_array() y_train = y_train y_test = y_test ``` dtrain = xgb.dask.DaskDMatrix(client,X_train, y_train) output = xgb.dask.train( client, {"verbosity": 1, "tree_method": "hist", "objective": "reg:squarederror"}, dtrain, num_boost_round=100, evals=[(dtrain, "train")])`

I understand that an EC2 instance is only charged if it is on. But does it change if I use "Reserved Capacity"? If I run an EC2 On Demand instance with Reserved Capacity for a few hours a day only, do I get charged any more than the actual instance cost for those hours the machine is on?

Hi, My first question - https://repost.aws/questions/QUS8M4w0jkS8iV6EzPmaRmag/ssh-key-managment-for-multiple-accounts Im trying to use "AWS system manager" - "session manager". As i was advised in my previous question, to be able to login into the EC2 instances located in multiple accounts, i will need to do something similar to https://aws.amazon.com/blogs/mt/vr-beneficios-session-manager/ But the problem is that i need to have for each IAM user their own user in EC2 instance, as i found out, i need to pass tag "SSMSessionRunAs" with the value of the username to witch im login in. But if i will use "group" roles (roles assigned for multiple users), they will be authenticating with the same user in EC2 instance, which will not work for me. Does that mean, that in my case i will need to create a role for each IAM user? or i can change tag of the role depending on the user assuming this role? Thank you very much. Joann

I'm new to AWS , I have my ec2 instance and loadbalancer setup outside lightsail and my domain careerboat.io is inside lightsail now i am unable to choose loadbalancer for A record (no options available) So frontend guys getting ssl error on login page :)

Hello, i need some help regarding my question title. i am working on a project that needs to get a video stored on a website which i have created to work with my machine learning code which is running on pycharm it all seems to be working locally and schedulely but i want it to run it on cloud what type of instance do i need because the model i am using takes a lot of time on cpu and gpu based instance will certainly help. if you need more details regarding this let me know thanks.

ec2-54-87-201-155.compute-1.amazonaws.com 54.87.201.155 Instance is inside VPC with internet gateway attached and also route table has 0.0.0.0/0 destination My security groups are as follows ``` sgr-0f24aa20ece6c10df 80 TCP 0.0.0.0/0 launch-wizard-1 sgr-0b9cc7da941a4456d All All 0.0.0.0/32 launch-wizard-1 sgr-0815f5d840e9d3937 443 TCP 0.0.0.0/0 launch-wizard-1 sgr-019b0f12413825491 22 TCP xx.xx.xxx/32 launch-wizard-1 ``` I am able to connect ssh from my IP with Git bash on windows, I have installed apache there and I am able to curl localhost on the instance

Hi, I cannot terminate EC2 instances i-0a63be202eeedb72c and i-0164358bd2d08565f. It has be been in the shutting down state for 1 days. The status message is "Server.InternalError: Internal error on launch". Could you please help? Regards

Hi. I have two EC2 instances running linux which I use as a web/database server and a mail server. I occasionally want to back-up both of these as AMI images. What I now do is "Stop Instance", then I select "Create Image". I then wait until the images have finished creating ( I watch the progress under Elastic Block Store>Snapshots). When the images show 100% completion, I start my instances again and my backup is finished. I would like to know, is it ok to start the EC2 instances up before the image creation is complete? I am trying to minimize my downtime, which currently is about 15 minutes.

Hello, I'm trying to migrate 5 local servers to the cloud, I'm using AWS Application migration service, I started with 4 servers for example servers: A, B, C and D and All the 4 servers replicated at 100% successfully. Then I ran the replication Agent in the 5th server "E" but as soon as I did this server B got replaced by the new server E. Server B got deleted from the source servers list. I tried re-installing the replication agent again in server B but now server E got replaced by server B. If I check the server info tab I see the IP and disk from server E but if a check the Disk settings tab I see the server B disks. I dont know what is happening, please help.

Hi, I am running a python code which uses API from a broker platform for a trading strategy. The code runs for hours on personal machine but when I run from an EC2 instance it stops automatically in 2-4 hours without any error. this has happened 3 times now. i saw some 54 updates to be applied on the ubuntu instance, have upgraded all and rebooted the system. Even then issue remains. pls help

Hi, I created an AWS Opensearch domain in a VPC, but I can't figure out how to access it? When I am clicking on AWS Opensearch dashboard it's not opening and there is a timeout. I fould 2 solutions: EC2 instance with SSH tunnel or NGINX proxy on EC2 instance. But can I access the domain in a VPC without spinning the EC2 instance at all?

We have only one region ec2, Korea. but when we make ec2, It is not working with this message, "This account is currently blocked and not recognized as a valid account. Please contact aws-verification@amazon.com if you have questions." what is problem?

How will the IP address change if you set up a server using an EC2 instance? Does it change in a certain amount of time? Does it change depending on the increase or decrease in communication charges?

Performance : How does AWS Nitro System provide better performance for SAP workloads? *NOTE:* This is a common question asked by AWS customers. The AWS team is posting it to provide an answer that can benefit everyone.

Hi, We try to configure the RDP connection to Windows EC2 via SSO via FleetManager. We have this error : An error occurred while establishing the Remote Desktop session. The GetCommandInvocation API operation failed to fetch the result in the given time. CommandId 94ce5f12-0545-4ae9-9f94-d6322bd1ec04 Can you help us? Regards, Jérôme

Hello, I would like to build a solution where I can start an EC2 instance by sending an email with a specific keyword (i.e "start)". Once the EC2 instance is started, it should reply to me via email with public IP. When I want to stop the instance, I should be able to send an email with a keyword. And then it should reply back to me saying that the instance has been shutdown. What AWS services I can use to achieve this? Thank you.

In my AWS instance, I only have one network interface, and **one internal IP address** from my subnet 10.1.1.0/24, let's say it's 10.1.1.66, I have 10 EIPs, 52.2.2.1 - 52.2.2.10 as well. Can I associate these 10 public EIPs to my single internal IP 10.1.1.66? My instance has code to direct these 10 public IPs to different web services. Thanks

We are working on Automation of CCTV camera videos (RTSP link) using image processing techniques such as back ground subtraction, contour detection, annotation using opencv-python for 80 sites.so we have to run 80 python scripts in parallel manner. I would like to know which AMI suits for this project without any drop in outputs. The outputs are images in jpg format. These code would run 24*7.kindly suggest best AMI for this so that we would suggest the same to our management for purchase.

currently my website is running under a t3a.small EC2 instance (Origin - N California) and the volume size is 10 GIB. Now i have launched a new EC2 t2.micro instance (Origin - Mumbai) and the volume size is 8 GIB. All i'm doing for avoiding charges as i am a free tier user and the original instance is not cover the free tier promotion. So how can i attach EBS volume from original instance to new instance without losing any data?

Hi, So we have an EC2 instance setup with a load balancer and elastic IP.... It works perfectly, except when the Elastic IP address becomes unassociated with the instance. The EIP addr is still there in the EIP table, just no instance is connected to it. And it does this seemingly at random. It will work for hours - days - then all of a sudden we can't connect. We check the EIP and it's unassociated. We re-associated it, and it's back to working again. (We do not have the *Reassociation* checkbox marked when you go to associate an EIP, so that shouldn't be causing it.) Other information: 1. No one has made changes to aws setting when it disassociates. 2. It doesn't coincide with bitbucket pipeline build. 3. Security groups, inbound rules are still all the same and associated with the instance. 4. We also only have a couple EIP, so we shouldn't be hitting any limits. So we are at a complete loss. Nothing else seems to change in aws - just the EIP association. Any ideas? I will happily add more information if needed.

Could you please tell me, how I can stop a running EC2 (Elastic Compute Cloud) instance? My bill tells that it is running, but I cannot even see it anywhere else. I've checked that I am using the correct region:

it is not accessible , saying 1/2 check passed

I have a Linux (Ubuntu) instance running as m3.xlarge - this server is getting IO errors across multiple EBS volumes. I have unmounted the volumes and run fsck on them. One found some problems that were fixed, the others reported as clean. On restart, after a while (hour) I received more IO errors. As multiple volumes are involved, I wondered if there was an underlying hardware problem (I have multiple other very similar instances which are functioning as normal). I have stopped/started the instance to see if that would move it to a new host, but there is no way of telling. Suggestions on finding the issue? Is there a way to confirm if an instance has moved to a new host?

I'm quite new at AWS and use mostly the console to build my project. I have placed a containerized Streamlit web app in an AWS EC2/ECS instance beyond an ALB (https listener with session timeout 3960 secs.) and let users access it through Cognito authentication with Authorization code grant. Everything works fine, users are allowed to the app. Now, I would like users to be authomatically logged out after 60 minutes and redirected to the signout URL. I've set the refresh token expiration at 60 min., the access token and ID token expiration at 5 min. However, the backend continues delivering data to logged in users even after 60 minutes, so my idea doesn't work. Then, I've implemented a Lambda function with admin_user_global_sign_out but it doesn't work either: users do still get data from the backend. I'm wondering what I shall do and looking for a solution that I can implement using the AWS console so that the procedure is clear to me. Thank you for any help.

I checked the connection after creating the instance, But it seems that at some point something went wrong with the instance. After restarting the instance, It works fine, but I don't know the cause of the problem. [Problems] - Cannot connect using PuTTY - 'ping' to Elastic IP is not responding - The state of the instance is RUNNING, but failed to check the status of the instance [Installed on EC2] - Docker - Apache + PHP (Container) - MySQL (Container) The CPU usage increased on 04/30/2022 03:00, and the instance status check fails after that. And there was no traffic at this time. I checked the logs, no errors are found. What more should I check?

I took a Snapshot of my volume, but it usually takes a few minutes to be ready, but I've noticed that some are ready 100% in seconds

Hi, I have a c5n.metal instance where network configuration is not working. Serical console is not available. Is there any kind of alternative console/out of band management (aka IPMI KVM Access, iLO, RSB, iDRAC)? Thanks Roger

Hi, I tried to migrate my EC2-classic to VPC Before using wizard "systems-manager/automation", i have only create an new Security Group in my standalone VPC. My VPC and my EC2 server are all in Ireland, why this error ? I just use "Test" and get security group id created just before How could i resolve it ? Regards > Step fails when it is Poll action status for completion. Traceback (most recent call last): File "/tmp/6c97ba4a-da4f-4e64-9657-1340b5e9d1e1-2022-05-02-16-03-47/customer_script.py", line 186, in verifysecurityGroup raise Exception('[ERROR] Security Group and Subnet are not in same VPC') Exception: [ERROR] Security Group and Subnet are not in same VPC Exception - [ERROR] Security Group and Subnet are not in same VPC. Please refer to Automation Service Troubleshooting Guide for more diagnosis details.

Hello, I have an AWS account and I need to create another instance in the same account. I am looking everywhere to see if I can hence get separate invoices for each instance. The only answers available seem to be: have different AWS accounts. Am I missing something? Thanks

I create a ECS service using EC2 instances, then i create an Application Load Balancer and a target group, my docker image the task definition its using follow configuration: ```json { "ipcMode": null, "executionRoleArn": null, "containerDefinitions": [ { "dnsSearchDomains": null, "environmentFiles": null, "logConfiguration": { "logDriver": "awslogs", "secretOptions": null, "options": { "awslogs-group": "/ecs/onestapp-task-prod", "awslogs-region": "us-east-2", "awslogs-stream-prefix": "ecs" } }, "entryPoint": null, "portMappings": [ { "hostPort": 0, "protocol": "tcp", "containerPort": 80 } ], "cpu": 0, "resourceRequirements": null, "ulimits": null, "dnsServers": null, "mountPoints": [], "workingDirectory": null, "secrets": null, "dockerSecurityOptions": null, "memory": null, "memoryReservation": 512, "volumesFrom": [], "stopTimeout": null, "image": "637960118793.dkr.ecr.us-east-2.amazonaws.com/onestapp-repository-prod:5ea9baa2a6165a91c97aee3c037b593f708b33e7", "startTimeout": null, "firelensConfiguration": null, "dependsOn": null, "disableNetworking": null, "interactive": null, "healthCheck": null, "essential": true, "links": null, "hostname": null, "extraHosts": null, "pseudoTerminal": null, "user": null, "readonlyRootFilesystem": false, "dockerLabels": null, "systemControls": null, "privileged": null, "name": "onestapp-container-prod" } ], "placementConstraints": [], "memory": "1024", "taskRoleArn": null, "compatibilities": [ "EXTERNAL", "EC2" ], "taskDefinitionArn": "arn:aws:ecs:us-east-2:637960118793:task-definition/onestapp-task-prod:25", "networkMode": null, "runtimePlatform": null, "cpu": "1024", "revision": 25, "status": "ACTIVE", "inferenceAccelerators": null, "proxyConfiguration": null, "volumes": [] } ``` The service its using ALB and its using same Target Group as ALB, my task its running, and i can access using public ip from instance, but the target group does not have registered my tasks.

We are a startup based in India and are using AWS for our entire tech stack from a long time. Recently, our EC2 reserved instances expired and we upgraded to Savings plan for them. Our credit card is declining the partial payment amount because it is high for a lump sum amount. The plan already got rejected once due to this. We have applied again. Can we have the total amount divided into smaller parts and get charged via multiple cards? Do we have any other mode of payment like payment via link, bank transfer, cheque etc. to complete this process asap. We are getting charged on the on-demand pricing that is costing us a lot. Any help is highly appreciated.

Hi, i'm free tier user and been charged of $8.40 for running a Linux t3a.small in the Northern California region which is not cover under the Free Tier promotion. Obviously i have done that by mistake. However for the time being i have stoped that instance to avoid charges, as a result the website is also not responding usually. Please suggest me what i need to do now to run my website and also how to avoid the unnecessary charges in the future?

Hello, I have an instance need to auto scale only volume not instance type. Is it possible to auto scale only volume of instance?

Hi, when i tried to hit this URL from a server which is hosted on AWS, getting the following error: curl https://d2sqx12cok5m5h.cloudfront.net/BTVWorld_BtvSanglapPunh_1029895.jpg error response: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The request could not be satisfied</TITLE> </HEAD><BODY> <H1>403 ERROR</H1> <H2>The request could not be satisfied.</H2> <HR noshade size="1px"> Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. <BR clear="all"> If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. <BR clear="all"> <HR noshade size="1px"> <PRE> Generated by cloudfront (CloudFront) Request ID: apZQ8Smj5jjHTwrHBi8ZwWLt4gLHwzZHprpRMnA05Z9_j4YgJKf32A== </PRE> <ADDRESS> </ADDRESS> while i am able to access from browser. please help to resolve the issue. Thanks in Advance

Hello everyone, I am trying to deploy a MATLAB VM using the official stack deployment method on the MATLAB Help Centre (through the provided GitHub repository). However, when I try to do this, the EC2 instance creation always fails with "Failed to receive 1 resource signal(s) within the specified duration". This whole process apparently takes only 10-20 minutes and I have tried waiting for 3 hours by increasing the timeout period but I still get CREATE_FAILED followed by rollback. What could possibly be happening here and how could I go about resolving it?

Launch instance from a clone AMI and the status check fails. Unable to ssh in the ec2 instance checked the Private IPv4 addresses and it's correct for the current VPC and the correct security group inbound ports is open ie..port 22. Click on Get instance screenshot and the IP showing in the login screen is incorrect. example..ec2 intance IP: 10.2.68.xx screenshot IP: 10.1.x.x This will happen with any flavor of Linux ie..centos, redhat, ubuntu etc I did shut down the ec2 instance and still had the incorrect private IP

The following trust policy is the default trust policy for an EC2 instance role. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sts:AssumeRole" ], "Principal": { "Service": [ "ec2.amazonaws.com" ] } } ] } ``` Is it possible to limit this trust policy to allow the role to only be attached to a specific instance? I know that it would be possible to only grant the IAM permissions to a user to pass this role to a specific instance but I would also like to limit the scope of this role to a specific instance at the same time.

Hi - I am trying to access Windows SQL server running in a private subnet in AWS from another Windows instance in Lightsail. There are multiple subnets in the same VPC, some are private and others are public. How can (only) allow Lightsail instance to access DBs in SQL server? Thanks

I sending CloudTrail API event for event source ec2 to CW Events. Following is the Event Pattern configured in EventBridge ``` { "detail": { "eventName": ["RunInstances"] "eventSource": ["ec2.amazonaws.com"] }, "detail-type": ["AWS API Call via CloudTrail"] "source": ["aws.ec2"] } ``` I am not getting complete event but the following message ``` { "omitted": true, "originalSize": 109435, "reason": "responseElements too large" } ``` If I check Quotas in CloudTrail user guide, it is mentioned that events can have a max size of 256 KB. The original size mentioned above is less than that, could anyone help me with understanding why I am not getting the complete event? Thanks!

Hello Team, I was trying to import ubuntu 22.04 raw image on AWS. while importing I got an error below. I'm not sure why it's getting this error. Although in the documentation also it's not mentioned anywhere list of supported kernels. > { "ImportImageTasks": [ { "Description": "Ubuntu 22.04 QCOW Image", "ImportTaskId": "xxxxxxxxxxxxxxxxxxxxxxxxx", "SnapshotDetails": [ { "Description": "Ubuntu 22.04 QCOW Image", "DeviceName": "/dev/sde", "DiskImageSize": 85899345920.0, "Format": "RAW", "Status": "completed", "Url": "xxxxxxxxxxxxxxxxxxxxx/ubuntu_22_04_release_20220422.raw", "UserBucket": { "S3Bucket": "xxxxxxxxxxxxxxxxxxxx", "S3Key": "ubuntu_22_04_release_20220422.raw" } } ], "Status": "deleted", "StatusMessage": "ClientError: Unsupported kernel version 5.15.0-27-generic", "Tags": [] } ] } Can anybody suggest on this. Thanks, Aman

Hello world. I have question. How I can install Docker on Linux (container) on Windows Server 2016 or Windows Server 2019? Windows Server 2016 is bad idea, because I read this Windows Server 2016 Version (1607) doesn't support Docker (Linux). But Windows Server 2019 supports Docker( Linux) but Ec2 instance needs Hyper-V. But instance with Hyper-V is very expensive. How I can run Docker (linux) not expensive?

This happen at aws console. Any clues? Thanks in advance. There was a problem connecting to your instance Log in failed. If this instance has just started up, wait a few minutes and try again. Otherwise, ensure the instance is running on an AMI that supports EC2 Instance Connect.

Hello, We are running 3 i3.xlarge EC2 instances for a database cluster. We also attach a 750 GB gp3 EBS volume to each instance. We have a process that copies our backup snapshots from the i3.xlarge's instance store volume to the attached EBS volume for backup purposes. We've noticed that when initially attached, our EBS volumes are getting expected throughput and backups are completing quickly. After a few hours, the EBS volumes start going into the warning state and say that they are either getting degraded or severely degraded I/O performance. As such, throughput is very low and backups take a long time to complete. We are wondering why the volumes start out with expected performance and seemingly degrade over time. Here is how the bandwidth looks once the volumes enter the severely degraded state: https://imgur.com/a/uDmPfnl

Can someone assist rebooting the following instances? i-098ec4b6233be75a0 i-0c10d51f5d89f9f4c Update: Screenshot shows that both instances are stuck at: Booting from Hard Disk 0... I rebooted 4 total instances that are identical from the same AMI and two of them (above) are failing to complete boot-up. Please assist. Much obliged, Al

When using AWS Batch is there a way to limit the maximum number of EC2 instances that AWS Batch will have running at one time? Ideally, this would apply across all compute instances. Does AWS Batch enable this or are there other AWS services that can be combined with AWS Batch to allow us to achieve instance based limits? An example would be say I am running AWS Batch for some workload. But I want AWS Batch to at most have 10 EC2 instances running. Is there somewhere that I can configure AWS Batch such that it will respect that limit on EC2 instances?

# Background I created a Windows Server 2019 AMI with VMware workstation 15 installed. Before I captured the instance into an AMI I ran `InitializeInstance.ps1 -Schedule`. When I shared the AMI with another account which was launched in a different VPC, we tried connecting via SSM, but the AWS console was telling us that the instance wasn't configured properly. When we checked the logs we got the following output: ``` Windows sysprep configuration complete. 2022/04/20 16:40:16Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:42:31Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:44:46Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:47:02Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:49:17Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:51:33Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:53:49Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:56:05Z: Message: Failed to add routes.. attempting it again 2022/04/20 16:58:20Z: Message: Failed to add routes.. attempting it again 2022/04/20 17:00:36Z: Message: Failed to add routes.. attempting it again 2022/04/20 17:02:53Z: Message: Failed to add routes.. attempting it again 2022/04/20 17:05:09Z: Message: Failed to add routes.. attempting it again 2022/04/20 17:06:14Z: EC2LaunchTelemetry: IsTelemetryEnabled=true 2022/04/20 17:06:14Z: EC2LaunchTelemetry: IsAgentScheduledPerBoot=true 2022/04/20 17:06:14Z: EC2LaunchTelemetry: AgentCommandErrorCode=1 ``` When I opened the `EC2Launch.log` file, the exception details showed the following: ``` Failed to add routes.. attempting it again Cannot bind argument to parameter 'Addresses' because it is null ``` This error is in line 103 of `C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-Routes.ps1` (only mention of an `Addresses` parameter in the `Add-Routes` function): ```powershell [string[]]$defaultGateways = @(FilterIPAddresses -Addresses $networkAdapterConfig.DefaultIPGateway -AddressFamily $AddressFamily) ``` I did a bit of source code diving to discover the source of the issue, which is described in the following section. # Bug Description `InitializeInstance.ps1` calls - among other things - a function called `Add-Routes` defined in `C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-Routes.ps1`. This function adds the correct network routes in order to be able to reach various services via the reserved IP addresses in `169.254.169.0/24`. To do so, it adds routes telling the operating system to route all of these packets through the default gateway of a primary network interface. The `Add-Routes.ps1` script determines the primary network interface by performing the following query on line 85: ```powershell $networkAdapter = Get-CimInstance -ClassName Win32_NetworkAdapter -Filter "AdapterTypeId='0' AND NetEnabled='True' AND NOT Name LIKE '%Hyper-V Virtual%' AND NOT Name LIKE '%Loopback Adapter%' AND NOT Name LIKE '%TAP-Windows Adapter%'" | Sort-Object -Property "InterfaceIndex" | Select-Object InterfaceIndex ``` and selecting the interface with the lowest value of `InterfaceIndex`. Notably, this query **does not** filter out values like "VMware Virtual Ethernet Adapter for VMnet 1" which is created whenever VMware workstation is installed. When I expermented I found that the aforemention virtual ethernet adapter had a lower `InterfaceIndex` than the primary interface "AWS PV Network Device #0". Since the virtual adapter does not have a default gateway, the result of trying to access it is `$null` which throws the exception and makes it unable to add the correct routes for the AWS services, rendering SSM inaccessible for that instance. # Solution...? Either, don't install VMware or change the indices of the virtual network adapters. This solves my specific use-case, but doesn't solve the future problem of having any other virtual adapters that don't get filtered out by that query which might have a lower index. Ideally the query to find a primary network interface for the default gateway should be altered to be more robust. Rather than filtering known bad values, a better solution might be to filter for known good values, thereby eliminating the need to filter out all possible virtual network adapters, which could have arbitrary names.

My EC2 instance (ID: i-040166ba182c261a3) is stuck in the pending state, and previously was stuck in the starting and stopping states.

When is the IP address changed when using ELB? Does it change depending on the time such as every 30 minutes? Will it change as the number of accesses increases?

My system connects to share brokers using REST APIs during trading hours. Each thread takes care of a user account. Based on the number of my users several threads have to run simulationsly. Each thread takes care of a user account with a share broker. Can I use AWS Batch service for this usecase? Or is it better to use several Amazon ec2s by calculating memory and processor requirements?

Hi there, I have three volumes in my AWS account that are not attached to any instance but I can't delete them. I can not attach them or detach them (neither force detachment). How could I delete them?

how can i point a new instance with a domain which is already exist with another ip address in hosting zone? Is that even possible?

I have configured and build the enclave instance as per https://docs.aws.amazon.com/enclaves/latest/user/enclaves-user.pdf . But when I tried to run in it throws the following error ``` $ nitro-cli run-enclave --eif-path vsock_sample.eif --cpu-count 2 --enclave-cid 6 --memory 512 --debug-mode Start allocating memory... Started enclave with enclave-cid: 6, memory: 512 MiB, cpu-ids: [1, 5] [ E36 ] Enclave boot failure. Such error appears when attempting to receive the `ready` signal from a freshly booted enclave. It arises in several contexts, for instance, when the enclave is booted from an invalid EIF file and the enclave process immediately exits, failing to submit the `ready` signal. In this case, the error backtrace provides detailed information on what specifically failed during the enclave boot process. For more details, please visit https://docs.aws.amazon.com/enclaves/latest/user/cli-errors.html#E36 If you open a support ticket, please provide the error log found at "/var/log/nitro_enclaves/err2022-04-27T03:41:39.495653281+00:00.log" Failed connections: 1 [ E39 ] Enclave process connection failure. Such error appears when the enclave manager fails to connect to at least one enclave process for retrieving the description information. For more details, please visit https://docs.aws.amazon.com/enclaves/latest/user/cli-errors.html#E39 If you open a support ticket, please provide the error log found at "/var/log/nitro_enclaves/err2022-04-27T03:41:39.495889864+00:00.log" ``` Action: Run Enclave Subactions: Failed to handle all enclave process replies Failed to connect to 1 enclave processes Root error file: src/enclave_proc_comm.rs Root error line: 349 Build commit: not available ``` How to fix this error ?

On the Instances console page, the EBS volume for the root device is reported to be: /dev/xvda But, the "df -k" command from the instance itself is reporting: /dev/nvme0n1p1 (an NVMe) device. ``` $ df -k Filesystem 1K-blocks Used Available Use% Mounted on devtmpfs 193955196 0 193955196 0% /dev tmpfs 193965976 0 193965976 0% /dev/shm tmpfs 193965976 780 193965196 1% /run tmpfs 193965976 0 193965976 0% /sys/fs/cgroup /dev/nvme0n1p1 1048563692 26926468 1021637224 3% / tmpfs 38793196 0 38793196 0% /run/user/1000 ``` Is there something wrong? Shouldn't they match? I need to know what kind of device it is so I know which instructions to follow for extended the file system as I just finished resizing the volume. There are two different instructions on this page depending on if the device is XVD or NVMe: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recognize-expanded-volume-linux.html Thanks, Al

I am new to AWS and I am the sole admin in my subscription. I am a member of the `Admins` group, and have the `AdministratorAccess` policy. Yet, when I try to use the Apache Superset reference deployment (https://aws.amazon.com/quickstart/architecture/apache-superset/), I am getting the following error: `AccessDenied. User doesn't have permission to call ec2:DescribeAvailabilityZones.` I have tried to create a new Policy with specific EC2 permissions, but it has not helped. Please help!

I do have an EC2 instance with a gitlab-manager runinc (it was working for the past year until this morning). The gitlab-manager is configuerd to always keep 1 machine running on a spot instance. `` "amazonec2-request-spot-instance=true",`` This morning the Instances created from the manager aint working, It starts the instance but it stays with the "Status Check" Initializing. After some time the instance is shuted-down and a new request to create a new instance is made. I tryed to debug the gitlab-manager but it seems that the problem is happening during the instance inicialization on AWS. What can I do? How can I debug the reason for the instance to not initialize?

are there any ways to use hyper -v without using a bare-metal dedicated server ? Regards

I am trying to load data from an EC2 instance into Redshift tables but cannot figure out how to do this using the copy command. I have tried the following to create the sql queries: ``` def copy_query_creator(table_name, schema): copy_sql_template = sql.SQL("COPY {table_name} from stdin iam_role 'iam_role' DATEFORMAT 'MM-DD-YYYY' TIMEFORMAT 'MM-DD-YYYY HH12:MI:SS AM' ACCEPTINVCHARS fixedwidth {schema}").format(table_name = sql.Identifier(table_name),schema = schema) return copy_sql_template ``` and ``` def copy_query_creator_2(table_name, iam_role, schema): copy_sql_base = """ COPY {} FROM STDIN iam_role {} DATEFORMAT 'MM-DD-YYYY' TIMEFORMAT 'MM-DD-YYYY HH12:MI:SS AM' ACCEPTINVCHARS fixedwidth {}""".format(table_name, iam_role, schema) print(copy_sql_base) return copy_sql_base ``` where schema is the fixedwidth_spec in the example snippet below: ``` copy table_name from 's3://mybucket/prefix' iam_role 'arn:aws:iam::0123456789012:role/MyRedshiftRole' fixedwidth 'fixedwidth_spec'; ``` The function that uses the query created looks like so: ``` def copy_query(self, filepath): schema = Query.create_schema() #returns the formatted fixedwidth_spec table_name = Query.get_table_def() #returns the table_name print(copy_query_creator_2(table_name, iam_role, schema)) self.connect() with self.connection.cursor() as cursor: try: with open(filepath) as f: cursor.copy_expert(copy_query_creator_2(table_name, iam_role, schema), f) print('copy worked') logging.info(f'{copy_query_creator_2(table_name, iam_role, schema)} ran; {cursor.rowcount} records copied.') except (Exception, psycopg2.Error) as error: logging.error(error) print(error) ``` The two attempts return errors. The first returns 'Composed elements must be Composable, got %r instead' while the latter returns 'error at or near STDIN'. Please help.

I'm new to AWS, and I have one Elastic IP on my account that I'd like to use to establish a VPN connection between my on-premises and AWS accounts. I tried setting up an OPNsense firewall instance and connecting my elastic IP to form a tunnel, but it didn't work? I also tried connecting Elastic IP to a network interface, but it didn't work. I also changed the security groups to allow everything, including all tcp/udp/icmp traffic. I also added routes tables as required.But packet from on prem is ever showed up at aws end. Is there anything I'm missing?

I have an "m1.small" 3-year reserved instances which will be expired on July 31, 2023. The EC2-classic will be retired after Aug. 2022, so I have to migrate my EC2 classic instance to VPC by the deadline. Unfortunately, It looks like the "m1.small" instance type is no more available in the VPC. If I'd like to migrate my EC2 instance to "t3.small", how do I modify my "m1.small" reserved instances to "t3.small"? PS: I tried to modify the reserved instances, but no "t3.small" option in the available list.

We run a number of EC2/Ubuntu 20.04 instances in our VPC, as spot instances. All but one are fine, and the last keeps rebooting on an irregular basis. It looks (from journalctl) as though it's doing a controlled (rather than kp) shutdown and then reboots. We simply cannot work out why this is happening, when other instances have no such problems. Is there a particular parameter I should be looking at?

We had an instance that despite being unreachable did not switch from healthy to unhealthy. In the instance there is a tomcat and nginx web application as a reverse proxy. In the tomcat and nginx logs we did not find any calls from the healthcheck service during the down period, but calls resumed smoothly as soon as the instance resumed working smoothly Would anyone be able to explain why the instance has not become unhealthy?

Please let me know if Solarflare Card can be used with EC2 Metal Servers in any AWS Region ?

Hi there i am trying to start a task which uses gpu on my instance. EC2 is already added to a cluster but it failed to start, here is the error: ``` status: STOPPED (CannotStartContainerError: Error response from dae) Details Status reason CannotStartContainerError: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: Running hook #0:: error running hook: exit status 1, stdout: , stderr Network bindings - not configured ``` ec2: setup ``` Type: AWS::EC2::Instance Properties: IamInstanceProfile: !Ref InstanceProfile ImageId: ami-0d5564ca7e0b414a9 InstanceType: g4dn.xlarge KeyName: tmp-key SubnetId: !Ref PrivateSubnetOne SecurityGroupIds: - !Ref ContainerSecurityGroup UserData: Fn::Base64: !Sub | #!/bin/bash echo ECS_CLUSTER=traffic-data-cluster >> /etc/ecs/ecs.config echo ECS_ENABLED_GPU_SUPPORT=true >> /etc/ecs/ecs.config ``` Dockerfile ``` FROM nvidia/cuda:11.6.0-base-ubuntu20.04 ENV NVIDIA_VISIBLE_DEVICES all ENV NVIDIA_DRIVER_CAPABILITIES compute,utility # RUN nvidia-smi RUN echo 'install pip packages' RUN apt-get update RUN apt-get install python3.8 -y RUN apt-get install python3-pip -y RUN ln -s /usr/bin/python3 /usr/bin/python RUN pip3 --version RUN python --version WORKDIR / COPY deployment/video-blurring/requirements.txt /requirements.txt RUN pip3 install --upgrade pip RUN pip3 install --user -r /requirements.txt ## Set up the requisite environment variables that will be passed during the build stage ARG SERVER_ID ARG SERVERLESS_STAGE ARG SERVERLESS_REGION ENV SERVER_ID=$SERVER_ID ENV SERVERLESS_STAGE=$SERVERLESS_STAGE ENV SERVERLESS_REGION=$SERVERLESS_REGION COPY config/env-vars . ## Sets up the entry point for running the bashrc which contains environment variable and ## trigger the python task handler COPY script/*.sh / RUN ["chmod", "+x", "./initialise_task.sh"] ## Copy the code to /var/runtime - following the AWS lambda convention ## Use ADD to preserve the underlying directory structure ADD src /var/runtime/ ENTRYPOINT ./initialise_task.sh ```

I hope we're asking this in the right area. We are very new to AWS. We have an EC2 server with WHM running two websites. One using MySQL. The other is in development and the developer is suggesting we use MongaDB. We have developer saying we cannot run both on the same server, the other developer saying we can. We looking on feedback and what might be the best server structure to use. Ideally we'd like to run both from one server. How would we best achieve this, if at all? Thanks.

Four or five times in the past 6-8 weeks, we've had situations where one of our ec2 instances (running CentOS) cannot reach the private IP address of a classic ELB. I believe this is due to scaling events (or something else causing replacement of ELB components) happening on the ELB. From what I see in cloud trial, the network interface is replaced with one having the same ip address but a different mac address. Sometimes, but not all the time, the old mac address gets stuck in the instance's arp cache (in REACHABLE state), preventing the instance from communicating with the ELB causing drastic issues for our application. If I manually delete the entry from the arp cache, things start working again. This is happening across different environments, so multiple subnets, multiple ELBs and multiple ec2 instances. These environments and components have been running for years without seeing this issue before. The only network config change we've recently made is to disable jumbo frames earlier this year, but don't see how that would impact this. Any ideas how to fix this? Thanks EDIT: this happened again today and I was able to more closely examine things. The new ENI is actually re-using an ip address that had been used over a month prior. The old entry for said ip address is still listed in the arp cache with the prior MAC address, despite not being used for about four weeks. This explains why it's starting to happen more frequently, as the chance that an ip address gets re-used increases as new ENIs are created for the ELBs. It's a /26 subnet so not a lot of addresses to choose from.

I create a new instance, the secret pem is right, but i can not access the instance in my ssh client. The error is "SSH_MSG_DISCONNECT: 2 Too many authentication failures", so what's the problem? can someone help me? thanks!

I created a new AWS account in my AWS Organization. When I try to create a reserved instance in the account I get the following error: "Error: Your current quota does not allow you to purchase the required number of reserved instances (Status Code: 400; Error Code: ReservedInstancesLimitExceeded; Request ID: 52e35efd-89aa-44ef-9794-026b1176d21b)" Reserved instance details: * Region = us-east-2 * Instance type = g4dn.2xlarge * Offering = standard * Quantity = 1 * Payment terms = All Upfront It's a new account so I do not have any existing instances in the account in any region. When I go to limits, it shows that my "Reserved Instances" limit is 20. I clearly have the limit available for reserved instances, so why am I getting this error?

My website is not responding since last 10 days, it's showing Error 522 connection timed out. I have already done all the basic steps which are required to prevent this errors such as clear cookies, used different browsers etc but still it's didn't work. Please help me to fix this issue. Website: machcart.com

I am creating a data pipeline using Template-ShellCommandActivity, but I am facing an issue while attaching the resource role. I am not able to get the resource role I created in the dropdown. And when I go ahead as it is Pipeline activation fails with this error: "Object:EC2ResourceObj ERROR: Unable to validate an instance profile with the role name'*****My Resource Role*****'.Please create an EC2 instance profile with the same name as your resource role"

note: I'm new to scaling and firstly seeking advice on the best practices for horizontal scaling **I have the following setup:** *EC2 Instances <-> ASG(created from Launch template) -> TG <-> ALB <-> TG <-> NLB* Traffic flows through NLB to ALB and finally to EC2 instances configured via ASG. note: I'm assuming the above setup is the best one to go with horizontal scaling, if not please let me know. the above setup works fine for HTTP whereas when I try to configure HTTPS, I don't see options to do so. Issue1: Target Group(TG) doesn’t allow to create one with Load Balancer type with TLS port: 443 but allows only TCP: port 80, **Question1: **how else should I redirect HTTPS traffic to ALB? note: I need NLB because ALB doesn't provide Static IPs **Question2:** wrt Static IPs: NLB doesn't allow <2 AZs which means I need to have 2 Static IPs linked to my domain? any inputs would be really helpful! **Update1:** I've configured like below: In ALB listeners: HTTP(80) gets redirected to HTTPS HTTPS(443) gets forwarded to ASG In NLB listeners: HTTP(80) gets forwarded to ALB note: ALB's public URL is added to my domain(sample-alb.domain.com) NLB's public URL is added to my domain(sample-nlb.domain.com) SSL works fine if the user enters by hitting sample-alb.domain.com whereas if the user enters by hitting sample-nlb.domain.com, it always fails with "ERR_CERT_INVALID" any inputs on why this fails? **Update2:** I've got the answer to my Issue1/Question1 on how to redirect HTTPS traffic to ALB from here: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/application-load-balancer-target.html#configure-application-load-balancer-target > **Listeners and routing** > For Listeners, the default is a listener that accepts TCP traffic on port 80. Only TCP listeners can forward traffic to an Application Load Balancer target group. Keep the listener protocol set to TCP, but you can modify the port as required. > > This setup allows you to use HTTPS listeners on the Application Load Balancer to terminate the TLS protocol. so, I created a TG with TCP port 80 and listener to NLB, which redirects to ALB. (say for ex my NLB's public URL is 'nlb34323.amazonaws.com') now, when I hit my NLB's public URL with 'http://nlb34323.amazonaws.com', it does get redirected to 'https://nlb34323.amazonaws.com', but eventually fails with a timeout error. note: whereas when I hit ALB's public URL, it is working fine does it have anything to do with TLS termination as mentioned in the above documentation: > This setup allows you to use HTTPS listeners on the Application Load Balancer to terminate the TLS protocol. what am I doing wrong here?

The latest version of Corretto has a critical security fix for CVE-2022-21449: ``` Corretto version: 17.0.3.6.1 Release Date: April 17, 2022 ``` Yet this latest version is not available from the package repo on the very latest Amazon Linux 2 AMI. When can we expect to see the patched version? ``` [ec2-user@ip-XXX ~]$ sudo yum install -y java-17-amazon-corretto-headless Loaded plugins: extras_suggestions, langpacks, priorities, update-motd amzn2-core | 3.7 kB 00:00:00 4 packages excluded due to repository priority protections Package 1:java-17-amazon-corretto-headless-17.0.2+8-1.amzn2.1.x86_64 already installed and latest version Nothing to do [ec2-user@ip-XXX ~]$ cat /etc/image-id image_name="amzn2-ami-hvm" image_version="2" image_arch="x86_64" image_file="amzn2-ami-hvm-2.0.20220419.0-x86_64.xfs.gpt" image_stamp="8e61-6310" image_date="20220419161702" recipe_name="amzn2 ami" recipe_id="fd8fd9c3-72c3-a01f-c3a3-db8b-8481-685a-78a2e8af" ```