I was reviewing VPC flow-logs of my EC2 instance (standard AWS Linux image), where I stumbled upon an entry with port 123 (NTP) with destination as 107.170.0.6 (kapu.ruselabs.com)
Being new to this, i digged further and found more strange looking NTP Servers being used by my VM.
[ec2-user@ip-... ~]$ ntpq -p
remote refid
-------------------------
+time.mclarkdev. 167.114.204.238
-aprihop.cdknnjl 173.162.192.156
*chl.la 216.218.254.202
+kapu.ruselabs.c 200.98.196.212
I understand that this is most likely a standard practice, but I dont feel comfortable when my box is talking to strangers. In this case I am unable to find which person/organisation runs kapu.ruselabs.com
So the question is, what are best-practices around using NTP servers when running VMs in AWS.
According to AWS documentation the servers defined in /etc/ntp.conf are:
Given AWS has set these as default in Amazon Linux I have to assume the risk is low. I wouldn't bother, personally.
You can manually set them to the documented NTP servers if you like, either specific servers or using their aliases which probably load balance. Click the links top right to find the URLs. Just edit the file /etc/ntp.conf to specify them.
Update 1 Dec 2017
The AWS Time Sync service is now available. Read the docs here.
Well I know this is old but I just found it! I run kapu.ruselabs.com, it is part of the ntp pool project www.ntppool.org to provide free ntp/time services to servers! Most of the ubuntu/linux images talk to public ntp servers and many of us volunteer our time, money, bandwidth so folks can have an accurate time. Hope this helps!
https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/
AWS just launched their own NTP service and VMs dont need Internet-Gateway just to sync time!