Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

EC2 yum error: Connection timed out XXXX milliseconds

by | Jul 13, 2021

We come across the EC2 yum error: Connection timed out XXXX milliseconds when we use yum on Amazon EC2 instance running Amazon Linux 1 or Amazon Linux 2.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how to fix this error.


EC2 yum error: Connection timed out XXXX milliseconds

1. First and foremost, we verify that the security group allows outbound http/https traffic.

2. Then we verify the network ACLs associated with the EC2 instance’s subnet allows outbound http/https traffic through NACLs.

For example, here, we can see a custom network ACL that allows outbound traffic on ports 80 and 443:

Inbound rules
Rule# Type Protocol Port Range Source Allow/Deny
100 Custom TCP Rule TCP (6) 1024-65535 ALLOW
101 Custom TCP Rule TCP (6) 1024-65535 ::/0 ALLOW
* ALL Traffic ALL ALL ::/0 DENY
Outbound rules
Rule # Type Protocol Port Range Source Allow/Deny
100 HTTP (80) TCP (6) 80 ALLOW
101 HTTPS (443) TCP (6) 443 ALLOW
102 HTTP (80) TCP (6) 80 ::/0 ALLOW
103 HTTPS (443) TCP (6) 443 ::/0 ALLOW
* ALL Traffic ALL ALL ::/0 DENY

3. After that, we verify that the EC2 instance has access to Amazon Linux repositories.

To check that, our Support Techs recommend either of the following methods.


1. Instance in a public subnet with an Internet Gateway

To enable access to or from the internet for instances in a subnet in a VPC, we:

  • Create an internet gateway and attach it to the VPC.
  • Add a route to the subnet’s route table that directs internet-bound traffic to the internet gateway.
  • Make sure instances in the subnet have a globally unique IP address.
  • Ensure that the network access control lists and security group rules allow the relevant traffic.


2. Instance in a private subnet with a NAT Gateway.

To connect to services outside the VPC we use a NAT gateway for instances in a private subnet. However, external services cannot initiate a connection with those instances.

To do so, we follow the steps below.

  1. Initially, we open the Amazon VPC console.
  2. In the navigation pane, we select NAT Gateways.
  3. Then we select Create NAT Gateway and perform the below tasks:
    1. We specify a name for the NAT gateway if necessary.
    2. Select the subnet in which to create the NAT gateway.
    3. To create a private NAT gateway, we select Private or Public to create a public NAT gateway for Connectivity type.
    4. In the case of Public, for Elastic IP allocation ID, select an Elastic IP address.
    5. Finally, we select Create a NAT Gateway.
  4. Once the status of the NAT gateway change from Pending to Available, it is ready to use.


3. Instance in a private subnet with a NAT Instance

To set up the VPC and NAT instance using the console, our Support Techs recommend these steps:

1. Initially, we create a VPC with two subnets.

    1. After creating, we attach an Internet gateway to the VPC
    2. Then we create a custom route table to send traffic destined outside the VPC to the internet gateway, and then associate it with one subnet, making it a public subnet.

2. Next, we create the NATSG security group.

3. To run as a NAT instance, we launch an instance into the public subnet from an AMI.

    1. Open the Amazon EC2 console.
    2. On the dashboard, we select the Launch Instance button, and complete the wizard as follows:
      1. On the Choose an Amazon Machine Image (AMI) page, we set the filter to Owned by me, then select the AMI.
      2. Then on the Choose an Instance Type page > select instance type > Configure Instance Details.
      3. On the Configure Instance Details page, select the VPC and select the public subnet.
      4. We can also add storage to the instance, and add tags. Once done, we select Next: Configure Security Group.
      5. Here, we select the Select an existing security group option, and select the NATSG security group > Review and Launch.
      6. Once done, review and make changes, and then select Launch.
4. Then we go ahead and disable the SrcDestCheck attribute for the NAT instance

5. Suppose we didn’t assign a public IP address to the NAT instance during launch. In that case, we associate an Elastic IP address with it.

    1. To do so, we open the Amazon VPC console.
    2. In the navigation pane > Elastic IPs > Allocate new address.
    3. After that, select the Elastic IP address from the list > Actions > Associate address.
    4. We select the network interface resource, then select the network interface for the NAT instance. Select the address to associate the Elastic IP with from the Private IP list > Associate.
    5. Then we update the main route table to send traffic to the NAT instance.


4. Instance in a private subnet with a proxy

We modify the /etc/yum.conf file to configure yum to use a proxy:


4. Once we configure the instance using one of the preceding options, to confirm that the instance can access the repository we run:

Amazon Linux 1:

telnet 80

Amazon Linux 2:

telnet 80

Here, ensure to replace us-east-1 with the instance’s region.

[Need help with the fix? We’d be happy to assist you]



In short, we saw how our Support Techs fix the EC2 yum error for our customers.


Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.


var google_conversion_label = "owonCMyG5nEQ0aD71QM";


Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center


Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]


Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid


Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie


These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.