Amazon Linux リポジトリは、S3 によって提供されています。そのため、プライベートサブネット(インターネットへのルートがないサブネット)に配置されたAmazon Linux 2 のEC2 であっても、VPC Endpoint を使用してAmazon Linux リポジトリへアクセスが可能です。
S3 VPC Endpoint 未設定の構成
プライベートサブネットに配置され、ルートテーブルに S3 のVPC Endpoint が未設定の場合は、yum コマンド実行時に、Amazon Linux リポジトリへアクセス出来ず、Timeout のエラーとなります。(Amazon Linux 2 のリポジトリは、amzn2-core および amzn2extra-docker となります)
[ec2-user@ip-xx-xx-xx-xx ~]$ sudo yum update --security
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: [Errno 12] Timeout on https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: (28, 'Connection timeout after 5000 ms')
Trying other mirror.
https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: [Errno 12] Timeout on https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: (28, 'Connection timeout after 5000 ms')
Trying other mirror.
https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: [Errno 12] Timeout on https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: (28, 'Connection timeout after 5000 ms')
Trying other mirror.
https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: [Errno 12] Timeout on https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: (28, 'Connection timeout after 5000 ms')
Trying other mirror.
https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: [Errno 12] Timeout on https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: (28, 'Connection timeout after 5000 ms')
Trying other mirror.
https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: [Errno 12] Timeout on https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: (28, 'Connection timeout after 5000 ms')
Trying other mirror.
https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: [Errno 12] Timeout on https://amazonlinux-2-repos-ap-northeast-1.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/2.0/x86_64/6201a485818f2648562de7dd0e7d6a9177b7fb621c2a29b67b1878c2620de790/repodata/repomd.xml?instance_id=i-12345671234567890®ion=ap-northeast-1: (28, 'Connection timeout after 5000 ms')
Trying other mirror.
No packages needed for security; 0 packages available
No packages marked for update
VPC Endpoint が設定された構成
S3 のVPC Endpoint を作成し、ルートテーブルに設定します。
プライベートサブネットに配置され、ルートテーブルに S3 のVPC Endpoint が設定済みの場合、yum コマンドはAmazon Linux リポジトリへアクセス出来ます。(Amazon Linux 2 のリポジトリは、amzn2-core および amzn2extra-docker となります)
[ec2-user@ip-xx-xx-xx-xx ~]$ sudo yum update --security
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core | 3.6 kB 00:00
No packages needed for security; 0 packages available
No packages marked for update
https://repost.aws/ja/knowledge-center/ec2-al1-al2-update-yu...