- Newest
- Most votes
- Most comments
In order for Instance Connect to work, you need to add the Instance Connect IP range into your security group for incoming SSH connections. The IPs below is where the SSH connection will originate from depending on the region in which you're working. Make sure to only pick one. Your instances also MUST have a public IP address.
USA
-
us-west-1 | 13.52.6.112/29
-
us-west-2 | 18.237.140.160/29
-
us-east-1 | 18.206.107.24/29
-
us-east-2 | 3.16.146.0/29
-
us-gov-west-1 | 15.200.28.80/30
-
us-gov-east-1 | 18.252.4.0/30
Canada
- ca-central-1 | 35.183.92.176/29
The ranges are published in this official JSON file: https://ip-ranges.amazonaws.com/ip-ranges.json
Example: { "ip_prefix": "18.252.4.0/30", "region": "us-gov-east-1", "service": "EC2_INSTANCE_CONNECT", "network_border_group": "us-gov-east-1" },
The other option to connect to your instance is through AWS Session Manager: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-prerequisites.html
Some pre-requisites:
- Your instance must have a network path to the public endpoint for AWS Systems Manager, either through Internet Gateway, NAT Gateway or private endpoint.
- Your instance must have a role attached to it with the following managed IAM permissions: AmazonSSMManagedInstanceCore
- Must have SSM agent installed, it should already be pre-installed on your ubuntu image.
The session manager option is right up there in the console where Instance Connect is.
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
Have you been able to resolve your issue? If so, would you select an answer that matched your issue to close out the thread?