Connect using EC2 Instance Connect

Tram Ho

As you may already know, we have two ways to access an EC2 instance:

  1. The first way is to connect using the Amazone EC2 console . This method requires you to have a public IPv4 address.
  2. The second way is to connect using SSH client. If the instance doesn’t have a public IP address, you can connect to the instance over a private network using an SSH client. For example, you can connect from within the same VPC or through a VPN connection, port forwarding, or AWS Direct Connect.

1. Connect using the Amazon EC2 console

You can connect to an instance using the Amazon EC2 console by selecting the instance from the console and choosing to connect using EC2 Instance Connect. Instance Connect handles permissions and provides a successful connection.

To connect using the Amazon EC2 console, the instance must have a public IPv4 address.

To connect to your instance using a browser-based client from the Amazon EC2 console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/ .
  2. In the navigation pane, select Instances.
  3. Select instance and select Connect.
  4. Select Connect EC2 instance.
  5. Verify the username and select Connect to open a terminal window.

2. Connect using your own key and SSH client

You can use your own SSH key and connect to your instance from an SSH client of your choice while using the EC2 instance connection API. This allows you to benefit from Instance Connect’s ability to push the public key to the instance. This connection method works for instances with public and private IP addresses.

Request

Requirements for key pairs

When connecting to an instance that only has a private IP address, the local computer on which you are starting the SSH session must have a connection to the EC2 Instance Connect service endpoint (to push your SSH public key to the instance) as well. like connecting to the network with the instance’s private IP address to establish an SSH session. EC2 Instance Connect service endpoints can be accessed over the internet or through the AWS Direct Connect public virtual interface. To connect to your instance’s private IP address, you can leverage services such as AWS Direct Connect, AWS Site-to-Site VPN, or peer-to-peer VPC.

To connect to your instance using your own key and any SSH client

1. (Optional) Generate a new SSH private and public key

You can generate new SSH private and public keys my_key and my_key.pub, using the following command:

2. Push your SSH public key to the instance

Use the send-ssh-public-key command to push your SSH public key to the instance. If you launch your instance using Amazon Linux 2, the default username for the AMI is ec2-user . If you launch your instance using Ubuntu, the default username for the AMI is ubuntu.

The following example pushes the public key to the specified instance in the specified Avaibility Zone, for ec2-user authentication.

3. Connect to the instance with your private key

Use the ssh command to connect to the instance with the private key before the public key is removed from the instance’s metadata (you have 60 seconds before this key is deleted). Specify the private key corresponding to the public key, the default username for the AMI that you used to launch your instance, and the instance’s public DNS name (if connecting over a private network, specify the DNS name or address). private IP only). Add the IdentitiesOnly=yes option to ensure that only the files in the ssh config and the specified key are used for the connection.

troubleshoot

If you get an error when trying to connect to your instance, see the following:

Troubleshoot connection problems with your instance

How do I troubleshoot connecting to my EC2 instance using EC2 Instance Connect?

References

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html

Share the news now

Source : Viblo