ntp security best practice with instance on AWS

security amazon-web-services

Solution 1:

According to AWS documentation the servers defined in /etc/ntp.conf are:

The n.amazon.pool.ntp.org DNS records are intended to load balance NTP traffic from AWS. However, these are public NTP servers in the pool.ntp.org project, and they are not owned or managed by AWS. There is no guarantee that they are geographically located near your instances, or even within the AWS network.

Given AWS has set these as default in Amazon Linux I have to assume the risk is low. I wouldn't bother, personally.

You can manually set them to the documented NTP servers if you like, either specific servers or using their aliases which probably load balance. Click the links top right to find the URLs. Just edit the file /etc/ntp.conf to specify them.

Update 1 Dec 2017

The AWS Time Sync service is now available. Read the docs here.

Solution 2:

Well I know this is old but I just found it! I run kapu.ruselabs.com, it is part of the ntp pool project www.ntppool.org to provide free ntp/time services to servers! Most of the ubuntu/linux images talk to public ntp servers and many of us volunteer our time, money, bandwidth so folks can have an accurate time. Hope this helps!

Related

Is there a way i can see why Squid (Proxy Server) determines why a resources should be a MISS?
HTTPS reverse proxy for HTTP-only web service
Amazon S3 tools for Debian?
Iptables --to seems to work in place of --to-destination, should it?
Network Question
Why item display undefine? [duplicate]
H2O single node Vs cluster
Regex match character only when NOT preceeded by specific word
Filter the Chrome console messages
Laravel 5.5 Error Base table or view already exists: 1050 Table 'users' already exists
Kivy recycleview not scrolling smoothly
Force compile time check for correct object instantiation