Connect timeout on endpoint URL: “https://sts.[region].amazonaws.com/"

And a bug in the AWS Console when creating NACL rules

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I had a working script but came back later and locked down my firewall rules a bit tighter only to start getting this error. I was limiting traffic via my AWS VPC NACL based on excessive abusive traffic from certain IPs and expected traffic for the services I am using.

I would expect that to assume a role and connect with the above URL I would require the following traffic:

DNS (to get the IP for the domain — always check this first!)

I will also need to be able to query Amazon DNS servers, typically vi the UDP protocol to port 53 from 1024–65535.

I will also need to allow the return traffic from AWS DNS Servers from port 53 back to the assigned port in the range of 1024–65535.

Outbound for HTTP (to allow web requests to the IP address)

local host to sts.[region].amazonaws.com on port 443 from a port in the range of 1024–65535.