Private EC2 with EC2 Instance Connect Endpoint

0

Assigns full permission ( EC2 ) to a given user, so that he can perform tasks on the instances and especially the connection after creating one. The problem is that I can't establish an ssh connection with the instance, I realized that there is no public ip! I searched the search engines for something related (private EC2 with EC2 Instance Connect Endpoint), would this be the correct way to establish the connection with the instance? If so, could someone give me step by step how to configure it correctly ?

  • hello there , i think you can try to connect to your EC2 via Connect button that its provided inside your GUI console at first ,

    • also make sure to verify your permission that can allow you to do so inside IAM .
    • check one more with VPC that endpoint with your instance . -now you can try one more time without aws management console to connect via ssh by open-tunnel .
Johnny
asked a year ago1672 views
6 Answers
0

If your instance is a supported OS (Amazon Linux 2 and Ubuntu), you can configure EC2 instance connect as per blog Secure Connectivity from Public to Private: Introducing EC2 Instance Connect Endpoint

AWS
EXPERT
Mike_L
answered a year ago
profile picture
EXPERT
reviewed a year ago
profile picture
EXPERT
reviewed a year ago
profile picture
EXPERT
reviewed a year ago
0

If you have problems connecting with ssh from cmdli e you can also try clicking ”connect” from AWS console to narrow down if the problem would be in EC2 or client/network part.

profile picture
EXPERT
Kallu
answered a year ago
0

I launched an ec2 instance of type ( t2.micro ) and made the following relationships with the instance:

    • IAM ( User ) com permissões : AdministratorAccess, AmazonEC2FullAccess, IAMUserChangePassword e a personalizada ( AccessEc2Policy ), segue o Json para analise . . . :
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EC2InstanceConnectPermissions",
            "Effect": "Allow",
            "Action": [
                "ec2-instance-connect:SendSSHPublicKey",
                "ec2-instance-connect:OpenTunnel",
                "ec2-instance-connect:SendSerialConsoleSSHPublicKey"
            ],
            "Resource": "*"
        },
        {
            "Sid": "DescribeInstancesPermissions",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeInstanceConnectEndpoints"
            ],
            "Resource": "*"
        }
    ]
}
  • VPC ( attached to instance - )

  • Subnet (connected to VPC - Ok)

  • Security groups, setup : ... IPV4 ( SSH - TCP - 22 - sg... ) ... IPV4 ( HTTP - TCP - 80 - 0.0.0.0/0 ) ... IPV4 ( HTTPS - TCP - 443 - 0.0.0.0/0 ) ... IPV6 ( HTTP - TCP - 80 - ::/0 ) ... IPV6 ( HTTPS - TCP - 443 -- ::/0 )

  • Terminal : ssh -i "mykey.pem" admin@xxx.xx.xxx

  • Aws CLI : aws ec2 run-instances --image-id $ami_id --instance-type $instance_type --key-name $key_pair_name --security-group-ids $security_group_id --subnet-id $subnet_id --region $ region_id --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$instance_name}]"

( 0v0 ) -> I tried but could not connect to the instance through ( SSH and CLI ) ?

Johnny
answered a year ago
0

You may connect via AWS Console, please find the step as below.

AWS Console

Pre-requisites:

To create an EC2 Instance Connect Endpoint, users require permissions for the following actions: · ec2:CreateInstanceConnectEndpoint · ec2:CreateNetworkInterface · ec2:CreateTags · iam:CreateServiceLinkedRole

To describe and delete EC2 Instance Connect Endpoints, users require permissions for the following actions: · ec2:DescribeInstanceConnectEndpoints · ec2:DeleteInstanceConnectEndpoint

Then assign the policy to users (IAM/Identity Center).

  1. To create EC2 Instance Connect Endpoint login to AWS Management Console -> VPC -> Endpoints -> Create endpoint
  2. Select VPC, Security Groups and Subnet where your instance locate at. Tags are optional and click submit.
  3. After successful creation you will receive a confirmation message.
  4. Navigate to the EC2 instance in AWS console and select the EC2 instance you would like to connect to
  5. Select and Connect. A new option “Connect using EC2 Instance Connect Endpoint” will show up.
  6. Hit Connect and new instance will be launched at cloudshell.
AWS
Jaz
answered a year ago
0
  1. Create the Endpoint connection for the particular VPC
  2. Configure your instance security group and your endpoint security group
  3. Attach the correct policy for the IAM users.
  4. Then update the aws -cli (above 2.13)

If need more information check my git repo. In the below, I attached

https://github.com/Joy-karthik/Secure-EIC.git

KARTHIK
answered 10 months ago
0

This tool lets you easily connect to EC2 instances with EC2 Instance Connect Endpoint: https://github.com/ivoronin/ec2ssh

answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions