Configure EC2 Instance Connect

Sep 6, 2019 16:52 · 118 words · 1 minute read

Connect Using EC2 Instance Connect

  1. Network Access
  2. Install ec2 instance connect on target aws instance
  3. Configure ec2 instance connect policy
  4. Connect
ubuntu:~$ sudo apt-get update
ubuntu:~$ sudo apt-get install ec2-instance-connect
# ec2-instance-connect-policy.json
{
	"Version": "2012-10-17",
	"Statement": [{
		"Effect": "Allow",
		"Action": "ec2-instance-connect:SendSSHPublicKey",
		"Resource": "arn:aws:ec2:<region>:<account-id>:instance/*",
		"Condition": {
			"StringEquals": {
				"ec2:osuser": "<iam-user>"
			}
		}
	}]
}

Creata policy

$ aws iam create-policy --policy-name ec2-instance-connect-policy --policy-document file://ec2-instance-connect-policy.json

attach policy to iam user

$ aws iam attach-user-policy --policy-arn arn:aws:iam::<account-id>:policy/ec2-instance-connect-policy --user-name <iam-user>

Create new ssh key or use existing key

ssh-keygen -t rsa -f my_rsa_key

Send newly created keys to instance

aws ec2-instance-connect send-ssh-public-key --region <region> --instance-id <instance id> --availability-zone <az zone> --instance-os-user <iam-user> --ssh-public-key file://my_rsa_key.pub

connect to instance

$ ssh -i my_rsa_key <iam-user>@<instance-ip>