If you are trying to run issue commands to the AWS Command Line Interface and get an error like this:
HTTPSConnectionPool(host='xxx', port=443): Max retries exceeded with url: / <Caused by <class'socket.error'>: [Errno 10060] A connection attempt failed because thee connected party did not properly response after a period of time, or an established connection failed because connected host has failed to respond)
The problem is the machine doesn't have https access to the AWS url it's trying to reach to issue your command.
If you're trying to run the command from an EC2 instance:
First of all your machine needs to have an elastic IP and be opened up to the Internet for some services. Check the service you are trying to access to determine if public Internet access is required or not.
Next make sure the security group your machine is in can access the service IP address on port 443.
Finally make sure the OS firewall is configured with 443 access to the IP of the AWS service you are trying to reach.
For example -- if you are trying to run this command:
ec2-describe-availability-zones --region us-east-1
You'll get the error message above which will contain this address (at time of this writing) as the address the service is trying to reach to run your command.
ec2.us-east-1.amazonaws.com
You can ping that address to get the specific IP address for that domain and add it to all the rules above, or you can open up your systems and security groups for the machine you are running the Command Line Interface tool to have outbound 443 access for any IP address.
The problem with plugging in a specific IP address to your rules is that Amazon might decide to change the IP address for the above domain name. You might want to limit your configuration and risk by creating a NAT instance as explained VPC documentation for all outbound traffic on port 443 and only allow that particular machine full access out, while configuring all other machines to send outbound traffic on port 443 to your NAT instance.
