...
Those URLs are resolved to various changing IPs. The server may either directly fully access those services (for details check at AWS the IP scopes of the S3 service) or the server can use a proxy server having those internet access possibilities.
In case you use a proxy server (only then):
...
Open the management console "Computer Certificates" and navigate there to the "Trusted Root Certificates" store. Make sure that the certificate "Amazon Root CA 1" is present.
If not you have to download the certificate "Amazon Root CA 1" (File: "AmazonRootCA1.cer", Distinguished Name: "CN=Amazon Root CA 1,O=Amazon,C=US") from here: https://www.amazontrust.com/repository/.
Than you have to import the downloaded certificate to the "Trusted Root Certificates" store. You can right click on the certificate file and select "Import" or import the certificate in the certificate store management tool as well.
Review if there are any older expired certificate of Amazon Root CAs in the trusted root certificate store. If so remove them.
Afterwards reboot the operating system of the computer.
...