Unable to install packages from amazon repo on AWS EC2 instance Ubuntu

Question

I'm having an EC2 instance on AWS, contains platform as Ubuntu.

I'm unable to install anything from the command line tool sudo apt-get install <package>

The result pops out on screen is like

> ubuntu@ip-XX-XX-XX-XX:~$ sudo apt install awscli
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  libuv1
Use 'sudo apt autoremove' to remove it.
The following additional packages will be installed:
  docutils-common liblcms2-2 libpaper-utils libpaper1 libwebp5 libwebpmux1 python3-botocore python3-colorama python3-dateutil python3-docutils python3-jmespath python3-pil python3-pygments python3-roman
  python3-rsa python3-s3transfer
Suggested packages:
  liblcms2-utils texlive-latex-recommended texlive-latex-base texlive-lang-french fonts-linuxlibertine | ttf-linux-libertine docutils-doc python-pil-doc python3-pil-dbg ttf-bitstream-vera
The following NEW packages will be installed:
  awscli docutils-common liblcms2-2 libpaper-utils libpaper1 libwebp5 libwebpmux1 python3-botocore python3-colorama python3-dateutil python3-docutils python3-jmespath python3-pil python3-pygments
  python3-roman python3-rsa python3-s3transfer
0 upgraded, 17 newly installed, 0 to remove and 42 not upgraded.
Need to get 3,260 kB of archives.
After this operation, 28.6 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
0% [Connecting to us-east-1.ec2.archive.ubuntu.com (54.165.17.230)]
0% [Connecting to us-east-1.ec2.archive.ubuntu.com (54.165.17.230)]
0% [Connecting to us-east-1.ec2.archive.ubuntu.com (54.165.17.230)]
0% [Connecting to us-east-1.ec2.archive.ubuntu.com (54.165.17.230)]
Err:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 liblcms2-2 amd64 2.6-3ubuntu2
  Could not connect to us-east-1.ec2.archive.ubuntu.com:80 (54.152.129.43), connection timed out [IP: 54.152.129.43 80]

Err:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-dateutil all 2.4.2-1
  Unable to connect to us-east-1.ec2.archive.ubuntu.com:http: [IP: 54.152.129.43 80]
..........
Err:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libwebp5 amd64 0.4.4-1
  Unable to connect to us-east-1.ec2.archive.ubuntu.com:http: [IP: 54.152.129.43 80]
Err:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libwebpmux1 amd64 0.4.4-1
  Unable to connect to us-east-1.ec2.archive.ubuntu.com:http: [IP: 54.152.129.43 80]
Err:16 http://security.ubuntu.com/ubuntu xenial-security/main amd64 python3-pil amd64 3.1.2-0ubuntu1.1
  Unable to connect to us-east-1.ec2.archive.ubuntu.com:http: [IP: 54.152.129.43 80]
Err:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-pygments all 2.1+dfsg-1
  Unable to connect to us-east-1.ec2.archive.ubuntu.com:http: [IP: 54.152.129.43 80]
0% [Connecting to security.ubuntu.com (91.189.88.162)]packet_write_wait: Connection to 54.152.110.91 port 22: Broken pipe

From the output what I've understand is like AWS Ubuntu package repo isn't responding. But When go the address of repo in browser it is there (but no packages in it).

More over I'm able install node packages properly ( npm install <module> ). Before I was trying to add loadbalancer to the instance it worked fine. All these are in the process of adding ssl certificate to my server.

Can anyone explain clearly what to do for both of the problems.

Thanks, Advance.

Answer 1

Finally, I found where the problem is, Security Groups, I've disabled all Outbound http and allowed only https. Once I've added all those in Outbound, It got resolved.

Thanks.

Answer 2

EC2 instances allow outbound traffic by default, but other software like Terraform disables this by default. If you use Terraform, the solution is to add this to your security group:

resource "aws_security_group" "instance" { 
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Additionally, if you haven't already added a security group to your instance or launch configuration:

security_groups = [aws_security_group.instance.id]

Answer 3

I could resolve the issue by adding an EIP to my instance