Connecting to an Instance using Ec2 Instance Connect Endpoint
Over View:-
In this tutorial, we will walk through the steps to create an EC2 Instance Connect #endpoint in AWS. EC2 Instance Connect allows you to establish a secure SSH connection to your EC2 instances using the AWS Management Console, AWS CLI, or AWS SDKs. By creating an Instance Connect #endpoint, you can simplify and enhance the security of SSH connections to your EC2 instances. Let’s get started!
Pre-requisites:-
*AWS account with required permissions.
Step 1:- Sign in to the AWS Management Console Sign in to the AWS Management Console using your AWS account credentials. Ensure that you have the necessary permissions to create an EC2 Instance Connect #endpoint.
Step 2:- Once signed in, Navigate to the vpc service by searching for “VPC” in the AWS Management Console’s search bar. Click on the “VPC” result to open the VPC dashboard.
Step 3:- Create a VPC, using that vpc create a subnet, after creating the vpc click on ‘End points’ in the left hand side menu.
Step 4:- Create a #Endpoint using the vpc and subnet which is created before. you can see the below figure for more understanding.
Step 5 :- After creating the #endpoint go to the ‘Iam’ service and create a user in the “iam” service and attach the below policies.
Step 6 :- Click on add permissions > create inline policy and coy paste the below policy in the json editor and save it.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceConnectEndpoints"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ec2-instance-connect:OpenTunnel",
"Resource": [
"*",
"arn:aws:ec2:*:*:instance-connect-endpoint/*"
],
"Condition": {
"IpAddress": {
"ec2-instance-connect:privateIpAddress": "172.37.26.192/31"
},
"NumericLessThanEquals": {
"ec2-instance-connect:maxTunnelDuration": "60"
},
"NumericEquals": {
"ec2-instance-connect:remotePort": "22"
}
}
}
]
}Step 7:- repeat the stepno: 6 with below policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantAllActionsInAllSubnets",
"Action": [
"ec2:CreateInstanceConnectEndpoint",
"ec2:DeleteInstanceConnectEndpoint",
"ec2:CreateNetworkInterface",
"ec2:CreateTags",
"iam:CreateServiceLinkedRole"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:subnet/*"
},
{
"Action": [
"ec2:CreateNetworkInterface"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:::security-group/*"
},
{
"Sid": "DescribeInstanceConnectEndpoints",
"Action": [
"ec2:DescribeInstanceConnectEndpoints"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "EndpointConnect",
"Action": [
"ec2-instance-connect:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}Step 8:- Navigate to the “EC2" service and create an ec2 instance using the vpc and subnet which we have used for #endpoint creation. create a keypair as well.Refer the below figure for configuration.
Step 9:- Review and create the EC2 Instance configuration details you provided in the previous step. If everything looks correct, click on the “Launch instance” button to create the EC2 Instance.
Step-10 :- Test the EC2 Instance Connect #endpoint After the EC2 Instance Connect #endpoint is created, you can test it by establishing an SSH connection to your EC2 instance using the AWS Management Console. Open the EC2 dashboard, locate your instance, and click on the “Connect” button. In the connection options, select “EC2 Instance Connect” and follow the on-screen instructions to establish the SSH connection.
Step 11 :- or else u can connect your instance from your local machine using below tunneling(putty) command.
aws ec2-instance-connect ssh --instance-id i-0f12223953b6xxxxxConclusion:-
Congratulations! You have successfully created an EC2 Instance Connect #endpoint in AWS. By utilizing EC2 Instance Connect, you can securely connect to your EC2 instances using the AWS Management Console, CLI, or SDKs. This enhances the security and simplifies the management of SSH connections to your EC2 instances.
