Aishwary Gathe

Posted on Jan 9

Logging Into EC2 Is Easy… Until You Pick the Wrong Way

#aws #security #ec2 #cloud

Imagine you have a computer room in school.
Only students and teachers with permission are allowed inside.

That computer room is like an EC2 server in AWS.

Now the big question is:
How do you enter that room safely?

Just like a school has different entry methods, AWS EC2 also has multiple ways to log in.

Let’s learn them using a fun story.

Meet the EC2 School Building

Your EC2 server is a school building.
Inside it:

Runs applications
Stores files
Does important work

AWS does not let just anyone enter.
You need proper access methods.

Method 1: SSH Key Login (The Main Door Key)

This is the most common way to log in to a Linux EC2 server.

Story Version

You are given a special key to enter the computer room.
If you lose it — you can’t enter.
If someone else doesn’t have it — they can’t enter either.

That key is called an SSH Key Pair.

Technical Explanation

You download a .pem key while creating EC2
Use it to log in via SSH
Password login is disabled by default

Example Command

ssh -i mykey.pem ec2-user@server-ip

Good Because

Very secure
No password guessing

Not So Good Because

If you lose the key, access becomes difficult

Method 2: EC2 Instance Connect (Teacher Temporarily Opens the Door)

Story Version

You forgot your key.
So you ask the teacher,
“Can you open the door for 1 minute?”

Teacher checks your ID and opens the door briefly.

That’s EC2 Instance Connect.

Technical Explanation

AWS pushes a temporary SSH key
Works for Amazon Linux
Needs IAM permission

Good Because

No need to store keys
Quick temporary access

Not So Good Because

Limited OS support

Method 3: AWS SSM Session Manager (Remote Control Entry)

Story Version

You don’t even enter the room.
You control the computer from outside using a remote.

No keys.
No doors.
No internet needed.

This is the safest method.

Technical Explanation

Uses AWS Systems Manager
No SSH, no open ports
Works via IAM permissions

Good Because

Very secure
No key management
No port 22 open

Not So Good Because

Needs SSM agent and IAM role

Method 4: RDP Login (Windows EC2 – Password Entry)

This is for Windows EC2 servers.

Story Version

Windows computers have a username + password
like your school computer lab.

Technical Explanation

Login using Remote Desktop (RDP)
Password is decrypted using key pair

Good Because

Easy for beginners
Familiar Windows login

Not So Good Because

Needs port 3389 open
Must be secured properly

Method 5: Bastion Host (Security Guard Building)

Story Version

You can’t enter the main school directly.
First, you enter a small guard room.
Then the guard takes you inside.

That guard room is a Bastion Host.

Technical Explanation

One public EC2 acts as entry point
Private EC2s are accessed through it

Good Because

Extra security
Private servers stay hidden

Not So Good Because

More setup and maintenance

Method 6: AWS CloudShell (School Computer Provided by AWS)

Story Version

AWS says:
“Don’t bring your own computer.
Use mine.”

AWS gives you a ready-made terminal.

Technical Explanation

Browser-based shell
Uses IAM permissions
Can SSH into EC2

Good Because

No local setup
Quick access

Not So Good Because

Still needs network access rules

Quick Comparison Table (Kid Friendly)

Method	Think of it as	Secure	Common
SSH Key	Main door key	Yes	Very
EC2 Instance Connect	Teacher opens door	Yes	Medium
SSM Session Manager	Remote control	Very High	Growing
RDP	Username & password	Medium	Windows only
Bastion Host	Guard room	High	Enterprise
CloudShell	AWS computer	Medium	Quick access