Connect to EC2 instance with private IPv4 using the EC2 Instance Connect Endpoint

Amazon Web Services (AWS) offers EC2 Instance Connect Endpoint, a powerful feature that enables secure SSH access to private EC2 instances without the need for managing SSH keys or bastion hosts. This article provides a step-by-step guide on how to leverage EC2 Instance Connect Endpoint to establish secure connections to private EC2 instances via SSH.

Go to the EC2 console, navigate to the “Instances” section, and find the instance you want to connect to. Click on the instance ID to open its details page.

On the instance details page, click on the “Connect” button at the top of the page.

Currently, it doesn’t have any endpoint so we will create the new endpoint under the same private subnet where over EC2 instance is running.

In the “Create EC2 Instance Connect endpoint” wizard, Provide the name of the endpoint and Select the EC2 Instance Connect Endpoint

select the Virtual Private Cloud (VPC) and subnet where you want to create the endpoint. Make sure the selected VPC and subnet have connectivity to the EC2 instances you want to connect to and Choose a security group for the endpoint. This security group controls the inbound traffic to the endpoint and should allow SSH traffic (port 22) from the authorized clients.

Review and create: Review the configuration settings for the endpoint. If everything looks correct, click on the “Create endpoint” button to create the EC2 Instance Connect endpoint.

It will take some time to reflect the endpoint is available in the status.

Once the status is available you can see the service-name start reflecting.

Go to the private EC2 instance, and click on connect and click on the EC2 instance connect endpoint, this time we have a option to available as we have created the endpoint in the same private subnet where over EC2 instance is running.

Select the appropriate endpoint and click on the Connect

Finally, click on the “Connect” button to establish the SSH connection to the EC2 instance using the EC2 Instance Connect endpoint.

Now, we are connected to the EC2 instance on the private IP via SSH

That’s it! You have successfully set up and used an EC2 Instance Connect endpoint to connect to your EC2 instances securely using SSH.

Conclusion: EC2 Instance Connect Endpoint simplifies and enhances the security of connecting to private EC2 instances via SSH. By following the steps outlined in this guide, you can enable the EC2 Instance Connect Endpoint for an instance, and establish a secure SSH connection without the need for managing SSH keys or bastion hosts. This feature streamlines the process of accessing private instances, ensuring a robust security posture within your AWS environment.