How to connect other AWS cloud service from an EC2 instance using AWS Javascript SDK?

Question

I've the application deployed on an EC2 instance with an IAM role attached. The instance running inside of private subnet. I'm getting the networking error while trying to listing the buckets from S3 service.

Error: connect ETIMEDOUT 10.100.20.30:443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) {
errno: -110,
code: 'NetworkingError',
syscall: 'connect',
address: '10.100.20.30',
port: 443,
region: 'us-east-1',
hostname: 'mybucket.s3.us-east-1.amazonaws.com',
retryable: true,
time: 2020-07-28T05:44:13.678Z
} Error: connect ETIMEDOUT 10.100.20.30:443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16)

Answer 1

It appears that your situation is:

• An Amazon EC2 instance in a private subnet
• An application on the instance needs to access Amazon S3

There are two ways to achieve this:

Option 1: Internet Access

Amazon S3 resides on the Internet. Since the EC2 instance is in a private subnet, it will need to use a NAT Gateway to access the Internet and Amazon S3.

The NAT Gateway should be launched in a public subnet and the Route Table for the private subnet(s) should be updated to send traffic destined for 0.0.0.0/0 to the NAT Gateway.

Option 2: VPC Endpoint

Alternatively, you can add a VPC Endpoint for S3, which provides a 'short-cut' to communicate with Amazon S3 without going via the Internet.

Answer 2

Please make sure your instance is able to connect to an S3 endpoint. AWS lists steps to validate network connectivity from EC2 to S3 in their docs. As your instance is running inside a private subnet, please make sure you have one of the following in place:

• A route table with a default route through a NAT gateway
• A VPC endpoint.

Answer 3

Try this.

sudo npm install -g @aws-amplify/cli
amplify configure
amplify init
amplify push