change my SSH port from 0.0.0.0/0 to specific VPN IP

Question

currently my instance security group inbound source is 0.0.0.0/0, I want to change that to a specific VPN IP example 125.25.456.88 of my organization and I want to access the ssh only throught this ip. I changed the source in security group of port 22 to 125.25.456.88/32. But after that I'm getting the issue

Failed to connect to your instance
EC2 Instance Connect is unable to connect to your instance. Ensure your instance network settings are configured correctly for EC2 Instance Connect. For more information, see EC2 Instance Connect Prerequisites at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html.

Leo K · Answer

Instead of your own public IP address, you'll need to allow SSH traffic from the managed prefix list com.amazonaws.REGION.ec2-instance-connect (with "REGION" replaced with the region code). If you're configuring the security group rule via the console, simply add a new inbound rule with TCP as the protocol, 22 as the port, and the name of the prefix list as the source. This is explained in the document you linked to, under the "Allow inbound SSH traffic" heading: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html#ec2-instance-connect-setup-security-group

The rule that allows SSH access from your own /32 IP address you should delete.

change my SSH port from 0.0.0.0/0 to specific VPN IP

添加回答

相关内容