From the help message in EC2Cloud configuration, I need to let spot instance notify the Jenkins master that this slave is available.
As my AMI is based on CentOS, I cannot take the script directly as it mentioned. So I have gone through the script and here is my understanding on the callback process.

Jenkins master does the spot-instance request also with a default parameter in instance userdata, like:

JENKINS_URL=http://1.1.1.1:8080/&SLAVE_NAME=XXXXXXX&USER_DATA=

Then the callback script will first download the "slave.jar" and use it to notify Jenkins Master that this slave is alive:

java -jar slave.jar -jnlpUrl http://1.1.1.1:8080/XXXXXXX/slave-agent.jnlp

However, due to my Jenkins master deployed internally with no public access, Jenkins master will keep considering this slave not ready.

I also try to run these commands on an internal machine and wish Master could let it go. But only get the "403 forbidden" response.

Could you please help me on this issue?
I feel this deployment is also quite common then.

Thanks
Henry