Amazon recommends fixing this through DNS instead of through software on the instance.
Instead of resolving eu-west-1.ec2.archive.ubuntu.com directly to an A record of the internal IP address starting with "10.", Canonical should change it to resolve to a CNAME of the external elastic IP address hostname (e.g., ec2-NNN-NNN-NNN-NNN.compute-1.amazonaws.com) This will resolve to the internal "10." IP address for normal EC2 instances saving performance and cost, and will resolve to the external elastic IP address for VPC EC2 instances. Making this change not only clears up the issue with VPC, but any other future situation where an EC2 instance cannot access "10." IP addresses and EC2 DNS points it to the external IP address of the apt repository. This approach also makes it easier for Canonical when the apt repository instance gets a new internal IP address (e.g., stop/start, failure). Canonical would simply reassociate the elastic IP address with the new/restarted instance and all DNS would resolve to the correct new IP address without Canonical making any changes to their DNS servers. If Canonical is concerned about the EC2 apt repositories being accessed from outside of EC2 (I wouldn't be, but it's your choice), Amazon recommends the following: "To protect the rep from being accessed outside of AWS, lockdown the security group rules to allow only traffic from the public AWS IP ranges (https://forums.aws.amazon.com/ann.jspa?annID=1097) and to the 10. network." Here is a github repository that keeps up to date lists of the EC2 IP address ranges in a format that is easy to parse: https://github.com/garnaat/missingcloud -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/824947 Title: EC2 apt repository DNS resolution on VPC instances To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/824947/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
