Amazon recently announced the availability of Time Sync as a public NTP service. Previously available only for servers running inside AWS data centers, Time Sync utilizes a global fleet of redundant satellite-connected clocks to deliver the current time.
Thanks to the new feature, it is now possible to access time.aws.com as a publicly available NTP server, allowing devices and infrastructure outside of AWS, such as IoT devices and on-premises infrastructure, to synchronize to the same time sources that were previously accessible only from within AWS.
One of the oldest internet protocols in use, the Network Time Protocol (NTP) is a networking protocol for clock synchronization within a few milliseconds of UTC. Time Sync serves leap-smeared time: in the event of a leap second, the service automatically handles it by smoothing out the addition, or removal, of the leap second with a 24-hour linear smear from noon to noon UTC.
Makendran Gunasekaran, cloud support engineer at AWS, explains how Time Sync public NTP works and why it is useful:
What will happen if time is not set correctly? When your organization makes a request using the AWS CLI or AWS SDKs, these tools sign the request on your behalf. If the instance date and time are not set correctly, the signature date may not match the request date, and AWS will reject the request.
AWS describes in a separate article how to configure Chrony to use Time Sync. Corey Quinn, chief cloud economist at The Duckbill Group, questions:
Given that it reports as Stratum 4 (lower numbers are better; Google's equivalent service reports as Stratum 1) it appears that the source of time is Grandpappy's old watch kept in an AWS data center for sentimental reasons.
Stratum levels are an NTP hierarchical structure: the lower the number the closer the device is in accuracy terms to an original time source, with atomic clocks in large-scale physics laboratories or on GPS satellites defined as stratum 0 devices. In a Reddit thread, user CripplingPoison writes:
Time Sync is not making use of their new local zones by the looks of it. Latency is higher than expected.
The user based-richdude questions instead the address time.aws.com:
What do they even have the top-level domain (TLD) for if they aren’t going to do something cool with it, like time.aws?
Time Sync NTP servers are available in all AWS regions and worldwide over the internet. Inside an AWS VPC, the service is reachable at the 169.254.169.123 IPv4 address or the fd00:ec2::123 IPv6, with the latter supported only for instances built on the Nitro system.