How do I connect to my Amazon EC2 Linux instance?

Short description

Use one of the following methods to connect to your EC2 Linux instances:

• SSH
• EC2 Serial Console
• Session Manager, a capability of AWS Systems Manager
• Amazon EC2 Instance Connect

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

SSH

Prerequisites: Make sure that your configuration adheres to the SSH prerequisites.

Run the SSH command in a terminal window to connect to the instance. Or, use PuTTY to connect to your instance from a Windows operating system (OS).

For SSH authentication, Amazon EC2 deploys a single key pair to each instance. If you lose the key pair, then you can't regenerate it. For more information, see How do I connect to my Amazon EC2 instance if I lose my SSH key pair after the initial instance launch?

Also, SSH doesn't have built-in connection logging and audits.

EC2 Serial Console

Prerequisites: Make sure that your configuration adheres to the serial console prerequisites. Also, configure access to the serial console.

Use the EC2 Serial Console to establish a serial connection to instances so that you can troubleshoot boot and network connectivity issues. To connect to the serial console, use a browser-based client or an SSH client.

There can be only one active serial console connection for each instance. There must be at least a 30-second interval between sessions. When you connect to the serial console, your instance's throughput slightly decreases.

If your instance is unreachable, then see How do I access the EC2 Serial Console of an unreachable or inaccessible Linux instance?

Session Manager

Prerequisites:

• Make sure that your configuration adheres to the Session Manager prerequisites.
• Make sure that your OS supports AWS Systems Manager.
• (Optional) It's a best practice to create Amazon Virtual Private Cloud (Amazon VPC) endpoints for Systems Manager.

Use Session Manager to get secure access to the managed nodes without the need to open inbound ports or manage an SSH key. Use AWS CloudTrail events to audit Session Manager sessions, and control the sessions with AWS Identity and Access Management (IAM) policies.

Use the Amazon EC2 console to connect to your instance with Session Manager. Or, to connect with the AWS CLI, run the following start-session command:

aws ssm start-session --target instance-id

Note: Replace instance-id with your instance ID.

You can also allow SSH connections through Session Manager.

You can't transfer files with Session Manager. Instead, use an Amazon Simple Storage Service (Amazon S3) bucket and the AWS CLI to exchange data. If you connect through port forwarding or SSH, then you can use logging for the Session Manager session. SSH encrypts all session data, and Session Manager serves only as a tunnel for SSH connections.

EC2 Instance Connect

Prerequisites:

• Make sure that your configuration adheres to the EC2 Instance Connect prerequisites.
• Configure the required IAM permissions for your public IP addresses or private IP addresses.
• Install EC2 Instance Connect.

Use EC2 Instance Connect to securely access your instance through SSH. EC2 Instance Connect provides multiple options to connect to your instance without the need to share your SSH keys.

To connect with EC2 Instance connect, use the Amazon EC2 console, the AWS CLI, or your own key and an SSH client.

If you already configured the AuthorizedKeysCommand and AuthorizedKeysCommandUser settings, then you can't use EC2 Instance Connect. To use the Amazon EC2 console to connect, you must use an IPv4 address. You can't use an IPv6 address. You also can't use EC2 Instance Connect in AWS Local Zones.

Related information

Why can't I connect to my Amazon EC2 instance?