- Newest
- Most votes
- Most comments
If your instance is a supported OS (Amazon Linux 2 and Ubuntu), you can configure EC2 instance connect as per blog Secure Connectivity from Public to Private: Introducing EC2 Instance Connect Endpoint
If you have problems connecting with ssh from cmdli e you can also try clicking ”connect” from AWS console to narrow down if the problem would be in EC2 or client/network part.
I launched an ec2 instance of type ( t2.micro ) and made the following relationships with the instance:
-
- IAM ( User ) com permissões : AdministratorAccess, AmazonEC2FullAccess, IAMUserChangePassword e a personalizada ( AccessEc2Policy ), segue o Json para analise . . . :
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EC2InstanceConnectPermissions",
"Effect": "Allow",
"Action": [
"ec2-instance-connect:SendSSHPublicKey",
"ec2-instance-connect:OpenTunnel",
"ec2-instance-connect:SendSerialConsoleSSHPublicKey"
],
"Resource": "*"
},
{
"Sid": "DescribeInstancesPermissions",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceConnectEndpoints"
],
"Resource": "*"
}
]
}
-
VPC ( attached to instance - )
-
Subnet (connected to VPC - Ok)
-
Security groups, setup : ... IPV4 ( SSH - TCP - 22 - sg... ) ... IPV4 ( HTTP - TCP - 80 - 0.0.0.0/0 ) ... IPV4 ( HTTPS - TCP - 443 - 0.0.0.0/0 ) ... IPV6 ( HTTP - TCP - 80 - ::/0 ) ... IPV6 ( HTTPS - TCP - 443 -- ::/0 )
-
Terminal : ssh -i "mykey.pem" admin@xxx.xx.xxx
-
Aws CLI : aws ec2 run-instances --image-id $ami_id --instance-type $instance_type --key-name $key_pair_name --security-group-ids $security_group_id --subnet-id $subnet_id --region $ region_id --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$instance_name}]"
( 0v0 ) -> I tried but could not connect to the instance through ( SSH and CLI ) ?
You may connect via AWS Console, please find the step as below.
AWS Console
Pre-requisites:
To create an EC2 Instance Connect Endpoint, users require permissions for the following actions: · ec2:CreateInstanceConnectEndpoint · ec2:CreateNetworkInterface · ec2:CreateTags · iam:CreateServiceLinkedRole
To describe and delete EC2 Instance Connect Endpoints, users require permissions for the following actions: · ec2:DescribeInstanceConnectEndpoints · ec2:DeleteInstanceConnectEndpoint
Then assign the policy to users (IAM/Identity Center).
- To create EC2 Instance Connect Endpoint login to AWS Management Console -> VPC -> Endpoints -> Create endpoint
- Select VPC, Security Groups and Subnet where your instance locate at. Tags are optional and click submit.
- After successful creation you will receive a confirmation message.
- Navigate to the EC2 instance in AWS console and select the EC2 instance you would like to connect to
- Select and Connect. A new option “Connect using EC2 Instance Connect Endpoint” will show up.
- Hit Connect and new instance will be launched at cloudshell.
- Create the Endpoint connection for the particular VPC
- Configure your instance security group and your endpoint security group
- Attach the correct policy for the IAM users.
- Then update the aws -cli (above 2.13)
If need more information check my git repo. In the below, I attached
This tool lets you easily connect to EC2 instances with EC2 Instance Connect Endpoint: https://github.com/ivoronin/ec2ssh
Relevant content
- asked 5 months ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago