Amazon Linux - yum update fails with HTTP Error 403 - Forbidden

Question

I have an Amazon Linux v1 instance in us-west-2 (Oregon) that is failing yum update as per below. This is an old instance that's been working fine for a few years, updated to a t3a.nano a few months ago. It has an S3 gateway in the VPC.

I created an m3.large instance in the same region and had no issues with updates.

Any ideas how to resolve this? I don't have AWS support so I can't ask them, but if it persists I will try again to reproduce within an account that does have support.

sudo yum update  amazon-ssm-agent
Loaded plugins: update-motd, upgrade-helper
Resolving Dependencies
--> Running transaction check
---> Package amazon-ssm-agent.x86_64 0:2.3.662.0-1.amzn1 will be updated
---> Package amazon-ssm-agent.x86_64 0:2.3.714.0-1.amzn1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================
 Package                      Arch               Version                        Repository                Size
===============================================================================================================
Updating:
 amazon-ssm-agent             x86_64             2.3.714.0-1.amzn1              amzn-updates              25 M

Transaction Summary
===============================================================================================================
Upgrade  1 Package

Total download size: 25 M
Is this ok [y/d/N]: y
Downloading packages:
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.us-east-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/solutions/69319

If above article doesn't help to resolve this issue please open a ticket with Red Hat Support.

amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.ap-northeast-2.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.ap-east-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.eu-central-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.sa-east-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.ap-southeast-2.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.us-west-2.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.us-west-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.ap-southeast-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.ap-northeast-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
amazon-ssm-agent-2.3.714.0-1.a FAILED
http://packages.eu-west-1.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64.rpm?instance_id=i-863eaf5c&region=us-west-2: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.


Error downloading packages:
  amazon-ssm-agent-2.3.714.0-1.amzn1.x86_64: [Errno 256] No more mirrors to try.

Update

Based on David's suggestion of "yum clean all" I logged in and tried it. After I did this yum no says no updates are available - even though Amazon Linux tells me there are three updates available when I log in via SSH.

Notes:

• Current amazon-ssm-agent is 2.3.662.0
• Previously yum said it would update from 0:2.3.662.0 to 0:2.3.714.0-1

Here's the SSH session

Last login: Thu Dec 19 09:28:01 2019 from (IP address removed)
3 package(s) needed for security, out of 8 available <-- ***
Run "sudo yum update" to apply all updates.
sudo yum clean all
Loaded plugins: update-motd, upgrade-helper
Cleaning repos: amzn-main amzn-updates epel-debuginfo epel-source
Cleaning up everything


sudo yum update -y
Loaded plugins: update-motd, upgrade-helper
amzn-main                                                | 2.1 kB     00:00
amzn-updates                                             | 2.5 kB     00:00
epel-debuginfo/x86_64/metalink                           |  17 kB     00:00
epel-debuginfo                                           | 3.0 kB     00:00
epel-source/x86_64/metalink                              |  17 kB     00:00
epel-source                                              | 4.1 kB     00:00
(1/8): amzn-main/latest/group_gz                           | 4.4 kB   00:00
(2/8): amzn-updates/latest/group_gz                        | 4.4 kB   00:00
(3/8): epel-source/x86_64/updateinfo                       | 792 kB   00:00
(4/8): amzn-updates/latest/updateinfo                      | 615 kB   00:00
(5/8): epel-source/x86_64/primary_db                       | 1.9 MB   00:00
(6/8): epel-debuginfo/x86_64/primary_db                    | 831 kB   00:00
(7/8): amzn-main/latest/primary_db                         | 4.0 MB   00:01
(8/8): amzn-updates/latest/primary_db                      | 2.5 MB   00:01
No packages marked for update

Answer 1

I'm getting the same on an old Amazon Linux instance:

$ sudo yum upgrade xz
[...]
Downloading packages:
xz-5.2.2-1.13.amzn1.x86_64.rpm FAILED                                          
http://packages.ap-southeast-2.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/xz-5.2.2-1.13.amzn1.x86_64.rpm?instance_id=i-abcdefgh&region=ap-southeast-2: [Errno 14] HTTP Error 403 - Forbidden]  0.0 B/s |    0 B  --:--:-- ETA 
Trying other mirror.
xz-5.2.2-1.13.amzn1.x86_64.rpm FAILED                                          
http://packages.us-west-2.amazonaws.com/2018.03/updates/5444ecdf4764/x86_64/Packages/xz-5.2.2-1.13.amzn1.x86_64.rpm?instance_id=i-abcdefgh&region=ap-southeast-2: [Errno 14] HTTP Error 403 - Forbidden     ]  0.0 B/s |    0 B  --:--:-- ETA 
Trying other mirror.
...

I'm quite confident it's an intermittent issue with AWS package repositories. It should go away soon. I hope :)

BTW You can snapshot your instance and restore it in an account with a support plan for easy testing and you can then raise a support request if it doesn't recover in a few hours.

Hope that helps :)