Skip to main content
How to sync time with Amazon Time Sync Service
Updated over a month ago

Problem description

DR jobs failing with error AWS_DR128

Cause

AWS DR Proxy instance's date and time settings are inaccurate, it can result in a discrepancy between the date in the signature and the date of the request, leading to AWS rejecting your requests.

Pre-requisites:

  • Add a Firewall rule in your Compute Gateway which allows NTP traffic to 169.254.169.123

  • Services: NTP (UDP:123)

  • Steps to add Firewall Rule:

    • Click Security Groups under Security on the navigation pane after opening the Amazon VPC Console. Click Security Groups under Security on the navigation pane after opening the Amazon VPC Console

    • A list of security groups will be displayed. Select the security group you want to modify.

    • Click Actions

    • Configure Inbound Rules:

      • In the Inbound rules tab, click on Edit inbound rules.

      • Click on Add rule.

      • Set the Type to Custom UDP Rule.

      • Set the Port Range to 123.

      • Set the Source to a specific IP range (e.g., 0.0.0.0/0 for all IP addresses, but consider narrowing it down for better security).

      • Click Save rules.

    • Configure Outbound Rules:

      • In the Outbound rules tab, click on Edit outbound rules.

      • Click on Add rule.

      • Set the Type to Custom UDP Rule.

      • Set the Port Range to 123.

      • Set the Destination to a specific IP range (e.g., 0.0.0.0/0).

      • Click Save rules.

Traceback

Phoenix.log

[2024-03-12 03:15:42,459] [ERROR] [139823652820800] Failed to run command sudo ntpdate 169.254.169.123 with error : b'sudo: ntpdate: command not found\n'[2024-03-12 03:15:42,459] [DEBUG] [139823652820800] Logging infra details of the proxy[2024-03-12 03:15:42,466] [ERROR] [139823652820800] EC2Client : Failed to get EC2 instance details : error = An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials[2024-03-12 03:15:42,466] [ERROR] [139823652820800] Error <class 'botocore.exceptions.ClientError'>:An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials. Traceback -Traceback (most recent call last):  File "/code/src/phoenix_client_lib/boto3/ec2client.py", line 2283, in get_ec2_instance_details  File "/code/src/phoenix_client_lib/boto3/ec2client.py", line 2236, in __get_bulk_ec2_instance_details  File "/usr/local/pyenv/versions/3.9.1/lib/python3.9/site-packages/botocore/client.py", line 535, in _api_call  File "/usr/local/pyenv/versions/3.9.1/lib/python3.9/site-packages/botocore/client.py", line 980, in _make_api_callbotocore.exceptions.ClientError: An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials[2024-03-12 03:15:42,466] [INFO] [139823652820800] AwsDRLib<retry_module>: not retrying any more since error is not retryable for Fn: get_ec2_instance_details[2024-03-12 03:15:42,467] [ERROR] [139823652820800] Error <class 'inSyncLib.inSyncError.SyncError'>:AWS was not able to validate the provided access credentials (#100080080) (Error Code : AWS_DR128). Traceback -Traceback (most recent call last):

Resolution:

  • Connect to AWS DR proxy instance and use apt to install the chrony package. If you have already installed chrony, skip the install.
    ​sudo apt install chrony

  • Open the /etc/chrony/chrony.conf file using a text editor. (update the permission to this file using chmod command)

  • Add the following line before any other server or pool statements that are already present in the file and save your changes.(attached is the screenshot for reference)
    ​server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4

  • Restart the chrony service.

    sudo /etc/init.d/chrony restart

  • Reboot AWS DR Proxy for the changes to affect.
    ​

Did this answer your question?