🌐
AWS
docs.aws.amazon.com › amazon linux › user guide › al2 on amazon ec2 › configure al2 instances › manage software on your al2 instance › add repositories on an al2 instance
Add repositories on an AL2 instance - Amazon Linux 2
To install a package from a different repository with yum, you need to add the repository information to the /etc/yum.conf file or to its own repository.repo file in the /etc/yum.repos.d directory. You can do this manually, but most yum repositories provide their own repository.repo file at their repository URL.
🌐
GitHub
github.com › orgs › amazonlinux › repositories
Amazon Linux
AWS module for testing upgrades from Amazon Linux (1) AMI to Amazon Linux 2 using the preupgrade-assistant. Shell•66 forks•4545 stars•33 issues•00 pull requests•Updated ... A DNF plugin to check Support Information for Amazon Linux 2023 packages. ... ProTip! When viewing an organization's repositories, you can use the props.
🌐
TheForeman
community.theforeman.org › support
Add Amazon Linux 2 repository into Forman katello - Support - TheForeman
May 9, 2021 - I create a yum repository as below ... My_Organization Red Hat Repository: no Content Type: yum Mirror on Sync: yes Url: http://amazonlinux.us-east-1.......
🌐
Server Fault
serverfault.com › questions › 924274 › artifactory-rpm-repositories-and-amazon-linux-repo-mirror-list
yum - Artifactory rpm repositories and Amazon Linux Repo mirror list - Server Fault
Thanks, so that file contains cdn.amazonlinux.com/2/core/2.0/x86_64/… and I haven't yet been able configure an Artifactory remote repository proxy where a yum instance can find the repomd.xml ...
🌐
Repology
repology.org › repository › amazon_2
Amazon Linux 2 repository information - Repology
Badge header may be changed or removed by header URL parameter, for example: https://repology.org/badge/repository-big/amazon_2.svg?header=Amazon Linux 2
🌐
AWS re:Post
repost.aws › questions › QU4f2GtpZkT4eS19xSW3A9GQ › accessing-amazon-linux-2-yum-repositories-from-an-on-premises-vm
Accessing Amazon Linux 2 yum repositories from an on-premises VM | AWS re:Post
February 13, 2024 - If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true Cannot find a valid baseurl for repo: amzn2-core/2/x86_64 ... Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge. ... Judging from the error contents, it appears that the name "amazonlinux.default.amazonaws.com" cannot be resolved. It may be a good idea to review the VM's network settings, etc. ... Thanks for the response. I actually have access to that url: http://amazonlinux.default.amazonaws.com/2/core/latest/x86_64/mirror.list, which returns a mirror.list with this url: https://cdn.amazonlinux.com/2/core/2.0/x86_64/073693aa0842a0f3e16526cb49af0137eeb4a56b5ff2be7040f1f066bf8b8069 which is the one I have no access to.
🌐
AWS re:Post
repost.aws › questions › QUm7OnsvU1QBOG4sFLPHUNkA › amazon-linux-2-yum-core-repository-ohio
Amazon Linux 2 yum core repository @ Ohio | AWS re:Post
December 20, 2021 - $ cat /etc/yum.repos.d/amzn2-core.repo [amzn2-core] name=Amazon Linux 2 core repository mirrorlist=$awsproto://$amazonlinux.$awsregion.$awsdomain/$releasever/$product/$target/$basearch/mirror.list priority=10 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2 enabled=1 metadata_expire=300 mirrorlist_expire=300 report_instanceid=yes [amzn2-core-source] name=Amazon Linux 2 core repository - source packages mirrorlist=$awsproto://$amazonlinux.$awsregion.$awsdomain/$releasever/$product/$target/SRPMS/mirror.list priority=10 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ama
🌐
GitHub
github.com › docker-library › repo-info › blob › master › repos › amazonlinux › local › 2.md
repo-info/repos/amazonlinux/local/2.md at master · docker-library/repo-info
January 15, 2026 - $ dnf --quiet download --source --url libblkid-2.30.2-2.amzn2.0.13 https://cdn.amazonlinux.com/2/core/2.0/SRPMS/9f862452182adbc3431f0dcf54ac57a518f3e987d65b6b61bd3455cc477e12d5/../../../../../blobstore/fc0bff3fda2adc08d41e51a99fce75fa9eeb26c2dafa6ad1735b0b04ad908d9d/util-linux-2.30.2-2.amzn2.0.13.src.rpm
Author   docker-library
🌐
GitHub
github.com › awsdocs › amazon-ec2-user-guide › blob › master › doc_source › add-repositories.md
amazon-ec2-user-guide/doc_source/add-repositories.md at master · awsdocs/amazon-ec2-user-guide
April 3, 2023 - Use the yum-config-manager command with the --enable repository flag. The following command enables the Extra Packages for Enterprise Linux (EPEL) repository from the Fedora project. By default, this repository is present in /etc/yum.repos.d on Amazon Linux AMI instances, but it is not enabled.
Author   awsdocs
🌐
Awstut
awstut.com › aws_en
Create yum Repository in S3 and Access from Private Subnet | Awstut
September 25, 2024 - Note the value of baseurl, which is the URL of the S3 website endpoint. This means that when referencing myrepo, the S3 bucket will be accessed. Check the list of repositories recognized by yum. sh-4.2$ yum repolist Loaded plugins: extras_suggestions, langpacks, priorities, update-motd 2 packages excluded due to repository priority protections repo id repo name status amzn2-core/2/x86_64 Amazon Linux 2 core repository 27418 amzn2extra-docker/2/x86_64 Amazon Extras repo for docker 56
Find elsewhere
🌐
Medium
medium.com › @madmag111 › set-up-yum-aws-amazon-linux-2023-bec3fca71259
Set up yum AWS Amazon Linux 2023. I recently set up a new EC2 instance on… | by badecoder | Medium
November 3, 2023 - Next by doing a cat on amazonlinux.repo you’ll see the mirrorlist url have variables $awsregion and $awsdomain. [amazonlinux-source] name=Amazon Linux 2023 repository - Source packages mirrorlist=https://al2023-repos-$awsregion-de612dc2.s3.dualstack.$awsregion.$awsdomain/core/mirrors/$releasever/SRPMS/mirror.list ·
🌐
AWS re:Post
repost.aws › questions › QUsGGr6SesS1KM01k2_wt6rw › cannot-find-a-valid-baseurl-for-repo-amzn2-core-2-x86-64
Cannot find a valid baseurl for repo: amzn2-core/2/x86_64 | AWS re:Post
Top answer
1 of 4
1
Hello. Check your outbound rules in the security group you have chosen for your instance. In my case I'm allowing all traffic.
2 of 4
0
Had the same error. Possible network issue. I found this on stack Overflow and it worked for me: To solve this, adding a valid nameserver into resolv.conf (use sudo if you are not root user) $ echo nameserver 8.8.8.8 > /etc/resolv.conf
🌐
Stack Overflow
stackoverflow.com › questions › 69231157 › ec2-instance-cant-access-amazon-linux-repos-eg-amazon-linux-extras-install-doc
EC2 instance can't access amazon-linux repos (eg amazon-linux-extras install docker) through s3 gateway endpoint - Stack Overflow
Top answer
1 of 3
3

By the looks of it, you are well aware of what you are trying to achieve. Even though you are saying that it is not the NACLs, I would check them one more time, as sometimes one can easily overlook something minor. Take into account the snippet below taken from this AWS troubleshooting article and make sure that you have the right S3 CIDRs in your rules for the respective region:

Make sure that the network ACLs associated with your EC2 instance's subnet allow the following: Egress on port 80 (HTTP) and 443 (HTTPS) to the Regional S3 service. Ingress on ephemeral TCP ports from the Regional S3 service. Ephemeral ports are 1024-65535. The Regional S3 service is the CIDR for the subnet containing your S3 interface endpoint. Or, if you're using an S3 gateway, the Regional S3 service is the public IP CIDR for the S3 service. Network ACLs don't support prefix lists. To add the S3 CIDR to your network ACL, use 0.0.0.0/0 as the S3 CIDR. You can also add the actual S3 CIDRs into the ACL. However, keep in mind that the S3 CIDRs can change at any time.

Your S3 endpoint policy looks good to me on first look, but you are right that it is very likely that the policy or the endpoint configuration in general could be the cause, so I would re-check it one more time too.

One additional thing that I have observed before is that depending on the AMI you use and your VPC settings (DHCP options set, DNS, etc) sometimes the EC2 instance cannot properly set it's default region in the yum config. Please check whether the files awsregion and awsdomain exist within the /etc/yum/vars directory and what's their content. In your use case, the awsregion should have:

$ cat /etc/yum/vars/awsregion
ap-southeast-2

You can check whether the DNS resolving on your instance is working properly with:

dig amazonlinux.ap-southeast-2.amazonaws.com

If DNS seems to be working fine, you can compare whether the IP in the output resides within the ranges you have allowed in your NACLs.

EDIT:

After having a second look, this line, is a bit stricter than it should be: arn:aws:s3:::amazonlinux-2-repos-ap-southeast-2.s3.ap-southeast-2.amazonaws.com/*

According to the docs it should be something like:

arn:aws:s3:::amazonlinux-2-repos-ap-southeast-2/*

2 of 3
2

Hi @nick https://stackoverflow.com/users/9405602/nick --> these are excellent suggestions writing a 'answer' because trouble shooting will be valuable for others plus char limit in comment.

The problem is definitely the policy.

sh-4.2$ cat /etc/yum/vars/awsregion
ap-southeast-2sh-4.2$

dig:

sh-4.2$ dig amazonlinux.ap-southeast-2.amazonaws.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.amzn2.5.2 <<>> amazonlinux.ap-southeast-2.amazonaws.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 598 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;amazonlinux.ap-southeast-2.amazonaws.com. IN A

;; ANSWER SECTION: amazonlinux.ap-southeast-2.amazonaws.com. 278 IN CNAME s3.dualstack.ap-southeast-2.amazonaws.com. s3.dualstack.ap-southeast-2.amazonaws.com. 2 IN A 52.95.134.91

;; Query time: 4 msec ;; SERVER: 10.0.0.2#53(10.0.0.2) ;; WHEN: Mon Sep 20 00:03:36 UTC 2021 ;; MSG SIZE rcvd: 112

let's check in on the NACLs:

NACL OUTBOUND RULES description: 100 All traffic All All 0.0.0.0/0
Allow 101 All traffic All All 52.95.128.0/21
Allow 150 All traffic All All 3.5.164.0/22
Allow 200 All traffic All All 3.5.168.0/23
Allow 250 All traffic All All 3.26.88.0/28
Allow 300 All traffic All All 3.26.88.16/28
Allow All traffic All All 0.0.0.0/0
Deny

NACL INBOUND RULES inbound rule description: 100 All traffic All All 10.0.0.0/24 Allow 150 All traffic All All 10.0.1.0/24 Allow 200 All traffic All All 10.0.2.0/24 Allow 250 All traffic All All 10.0.3.0/24 Allow 400 All traffic All All 52.95.128.0/21
Allow 450 All traffic All All 3.5.164.0/22
Allow 500 All traffic All All 3.5.168.0/23
Allow 550 All traffic All All 3.26.88.0/28
Allow 600 All traffic All All 3.26.88.16/28
Allow All traffic All All 0.0.0.0/0
Deny

SO -----> '52.95.134.91' is captured by rule 101 outbound and 400 inbound so that looks good NACL wise. (future people trouble shooting, this is what you should look for)

Also regarding those CIDR blocks, Deploy script pulls those from the current list and grabs out the s3 ones for ap-southeast-2 with jq and pass those as parameters to the CF deploy.

docs on how to do that for others: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#aws-ip-download

Another note, you might notice the out 0.0.0.0/0, I realize (and for other people looking pls note )this makes the other rules redundant, I just put it in 'in case' while fiddling (and removed out -> pub subnets). private subnet traffic outbound 0.0.0.0/0 is routed to the respective NATs in public subnets. I'll add outbound for my public subnets and remove this rule at some point.

subnetting atm is simply: 10.0.0.0/16 pub a : 10.0.0.0/24 pub b : 10.0.1.0/24 priv a : 10.0.2.0/24 priv b : 10.0.3.0/24

so out rules for pub a and b blocks will be re-introduced so i can remove the allow on 0.0.0.0/0

I am now sure it is the policy.

I just click-ops amended the policy in console to 'full access' to give that a crack and had success.

My guess is the mirror list makes it hard to pin-down what to explicitly allow, so even though I cast the net broad I wasn't capturing the required bucket. But I don't know much about how aws mirrors work so that's a guess.

I probably don't want a super duper permissive policy, so this isn't really a fix but it confirms where the issue is.

🌐
Badllama
badllama.com › content › how-set-local-mirror-amazon-linux-repository-using-s3
How to set up a local mirror of an Amazon Linux Repository using S3 | badllama.com
I've found that the best URL to use is the one that points to repomod.xml. You can find this by using browsing the s3 service and looking at the properties of the file object. cat < local-repository.repo [local_amzn-2015.09] name=amzn-2015.09 enabled=yes baseurl=https://s3-us-west-2.amazonaws.com/s3-amzn-repo/ gpgcheck=no REPO ·
🌐
Stack Overflow
stackoverflow.com › questions › 78283075 › aws-ec2-amazon-linux-yum-repository-loaded-manually
aws ec2 amazon linux yum repository loaded manually - Stack Overflow
Top answer
1 of 1
1

You can use the following cmd to add repos to the Amazon Linux,

sudo yum-config-manager --add-repo https://www.example.com/repository.repo

Additionally you can enable the Extra Packages for Enterprise Linux (EPEL) using the following CMD,

sudo yum-config-manager --enable epel

You can also use the following to install the packages directly like this,

sudo yum install links
or
sudo yum install package.rpm

Also, the Amazon Linux is based on RedHat Enterprise Linux(RHEL) so if you find that the package you're trying to install is not in AL's repo, you can Google and add the repo url using --add-repo option

🌐
Amazon Web Services
aws.amazon.com › compute › amazon linux 2 › faqs
Amazon Linux 2 FAQs
5 days ago - Yes. New builds will point to the same repositories and include the cumulative set of security and feature updates to prevent the need to apply outstanding updates. Updates for Amazon Linux 2 are provided with a pre-configured repository hosted in each AWS region.
🌐
AWS re:Post
repost.aws › questions › QUbMuk2r8nSr2Nm8XRmV-vkw › amzn-updates-base-yum-repo-for-amazon-linux-2
amzn-updates-base Yum Repo for Amazon Linux 2 | AWS re:Post
January 19, 2018 - yum repolist all Loaded plugins: langpacks, priorities, update-motd 98 packages excluded due to repository priority protections repo id repo name status !amzn2-core/2017.12/x86_64 Amazon Linux 2 core repository enabled: 7,157 amzn2-core-debuginfo/2017.12/x86_64 Amazon Linux 2 core repository - debuginfo packages disabled amzn2-core-source/2017.12 Amazon Linux 2 core repository - source packages disabled
🌐
Bobcares
bobcares.com › blog › aws-yum-repository
AWS yum repository - Easy way to set up and fix errors
July 21, 2019 - In this write-up, we’ll see how our Support Engineers create a yum repository in AWS server and fix related errors. Amazon Linux has two repositories by default, namely amzn-main and amzn-updates.
🌐
Sonatype Community
community.sonatype.com › sonatype nexus repository
Support for Amazon Linux 2 Yum repository - Sonatype Nexus Repository - Sonatype Community
September 10, 2020 - But the same setup for Amazon Linux 2 is not working as expected. because With AL1, the structure of the repository is something like this - $ sudo yumdownloader --urls ec2 Failed to set locale, defaulting to C Loaded plugins: priorities, update-motd, upgrade-helper http://packages.us-east...
Related queries
amazon-linux-extras
amazon linux 2 packages list
how to install epel repository on amazon linux 2023
amazon linux yum repository url
epel repo for amazon linux 2023
amazon linux 2023 repository url
amazon linux 2 repository url github
amazon linux 2 repository url download