Access EC2 with Temporary Credentials
Before starting about EC2 Instance connect I would like you to assume that you have an Amazon EC2 Instance (Linux) launched in a private subnet (private IP address).
Ideally, if you want to connect to this EC2 instance you will have two choices below:
- Bastion Host
- VPN
The problem with the above two choices is introducing a new service in your infrastructure and then paying for it and doing the maintenance, patching, etc.
AWS announced a feature where you can connect to your instances launched in a private subnet using Amazon EC2 Instance connect Endpoint.
Note: When writing this article this feature is available only for the Amazon Linux and Unbuntu AMI only.
EC2 Instance Connect comes preinstalled on the following AMIs:
Amazon Linux 2 2.0.20190618 or later
Ubuntu 20.04 or later
What is AWS EC2 Instance Connect?
AWS EC2 Instance Connect Endpoint is a powerful feature provided by Amazon Web Services (AWS) that enhances the security and accessibility of EC2 instances. By leveraging this feature, users can establish secure connections to their instances without exposing SSH ports to the public internet.
AWS EC2 Instance Connect Endpoint acts as a bridge between the AWS Management Console and the EC2 instances, facilitating secure SSH connections. It provides a dedicated endpoint for managing SSH access to instances, ensuring a streamlined and secure connection experience.
Features:
- Improved Security
- Simplified Access Management
- Streamlined Connection Process
- No Bastion Host Required
How to Connect to your Linux Instance using Amazon EC2 Instance Connect Endpoint (Browser-based AWS Console)
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
- In the navigation pane, choose Instances.
- Select the instance and see the details pane containing the information about the instance.
Refer to the below screen where you can see the Pubic IPV4 address is empty and the instance has only a private IP address.
- Click on Connect will redirect to the EIC section.
Choose the option Connect using the EC2 Instance Connect Endpoint.
Username: ec2-user (default username)
Max tunnel duration (seconds): 3600 (up to your requirement)
EC2 Instance Connect Endpoint: Click on the textbox will ask you to create an endpoint (click on that link)
- From the Create Endpoint section you can:
Enter the name of the Endpoint.
Select EC2 Instance Connect Endpoint.
Select the VPC and then select the Security group and the Subnet.
Click on Create.
- Once the Endpoint is created select that endpoint from the EC2 Instance Connect section and click on Connect and see the magic.
Oops, what is this? why my instance is unable to connect?
If you also face this issue please go to the Security group of the instance and check if the SSH is allowed in the Inbound rule or not.
If not please add the rule. For this example, I have allowed 0.0.0.0/0 but practically you should assign the valid CIDR range or IP address for SSH.
Save the rules.
Connect again to the Instance and WOW! you can connect your EC2 Instance using Amazon EC2 Instance Connect Endpoint.
Happy to see this!!
Thank you for reading this article.
Top comments (0)