Amazon EC2 Instance Connect provides a more secure way to connect to your Amazon EC2 instances using Secure Shell (SSH) without requiring the instance to have a public IPv4 address. Instead of using traditional SSH key pairs, you can leverage EC2 Instance Connect to establish an encrypted connection to your instances using AWS Identity and Access Management (IAM) principles. EC2 Instance Connect achieves this by creating an API-based connection through the EC2 Instance Connect service. It simplifies the SSH key management process and enhances security by integrating with IAM for user access control.
EC2 Instance Connect Endpoint fulfills the organization’s security needs, ensuring isolation, control, and comprehensive logging. Also reduces the burden on the organization’s administrator by eliminating the operational tasks associated with maintaining and patching bastion hosts for connectivity. This serves as an identity-aware TCP proxy, offering two modes of operation. The first mode enables secure WebSocket tunneling and the second mode, when not using the AWS CLI, the Console provides secure access to VPC resources by evaluating authentication and authorization before traffic enters the VPC.
Connect to a Linux instance using the Amazon EC2 console
Step 1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
Step 2. Navigate to Instances in the left panel.
Step 2. Consider an EC2 instance created, which does not have a public address and is within a private subnet. Also, it has a private IP address.
Step 4. Click on Connect button.
Step 5. Under the EC2 Instance Connect tab, choose Connect using EC2 Instance Connect Endpoint as the connection type.
Step 5. Enter the User Name.
Step 6. Enter Max tunnel duration (seconds) until web sockets are active.
Step 7. Provide EC2 Instance Connect Endpoint from instance’s VPC.
Note: If you don’t have Endpoint create it by clicking on Create an Endpoint.
Step 8. Click on Connect. This will open a terminal window.
Connect to a Linux instance using SSH
Single Connection
If you want to use a single connection, follow the SSH command below:
Within the proxy command, you will be creating the tunnel using the ec2-instance-connect option and you need to provide instance ID. You can copy the instance ID from the EC2 by navigating to Instances.
Multiple Connection
If you want multiple connections, you can run the proxy command and specify the local port.
Note: Copy the instance ID from the EC2 by navigating to Instances.
Once you execute this command you will notice it is Listening for connections on port 8888.
Open another terminal, and use the normal SSH command:
Note: If your key is in your SSH folder, you do not have to mention it. Otherwise, you could give a hyphen and provide the necessary key with the details.
Once you click enter, you will get the following as output in the first terminal.
and
Conclusion
With EC2 Instance Connect Endpoint, you can connect to an EC2 instance without having a public IPv4 address. IA permission controls the access to create and connect to EC2 Instance Connect Endpoints. This provides a high range of flexibility.
Get assist with all services on Amazone Elastic Compute Cloud.