EC2 Instance Connect SSH source IP

Question

Hi All, 
Im working with my first EC2 instance and im going around the details of security groups. The default security group that i have includes an allow all (0.0.0.0/0) inbound ssh (tcp-22). When I establish an ssh connexion via the EC2 instance connect method (directly from the management console) I see that the source ip is an aws ip ... public ip (i check by doing a who).  Do you know what is this ip? is it the cloudshell from my management console?

thanks in advance!

Answer

For Amazon EC2 console browser-based client, the IP is from the EC2 Instance Connect IP address range.  You can validate this from the [AWS IP address ranges](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html) JSON file and look for EC2_INSTANCE_CONNECT for your region. Example for us-east-1, the range is:

{
      "ip_prefix": "18.206.107.24/29",
      "region": "us-east-1",
      "service": "EC2_INSTANCE_CONNECT",
      "network_border_group": "us-east-1"
    }

More details here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html#ec2-instance-connect-setup-security-group

Answer

To add to the above, check out this link would help you understand how: [Using Amazon EC2 Instance Connect for SSH access to your EC2 Instances](https://aws.amazon.com/blogs/compute/new-using-amazon-ec2-instance-connect-for-ssh-access-to-your-ec2-instances/)
You could check the detail of the ec2-instance-connect RPM package for further.

Now:
1. Do a quick what is my IP to see the public IP that you're using to access AWS services.
2.  upon connecting via EC2 instance connect, check out your cloudtrail log - look under event source "SendSSHPublicKey" (for details on when the  SSH public keys are pushed to the instance); dig through the event record and you will see your IP in (1)

I hope that help

EC2 Instance Connect SSH source IP

Relevanter Inhalt