Connect to your Linux instance with EC2 Instance Connect - Amazon Elastic Compute Cloud

Connect to your Linux instance with EC2 Instance Connect

Amazon EC2 Instance Connect provides a simple and secure way to connect to your Linux instances with Secure Shell (SSH). With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys. All connection requests using EC2 Instance Connect are logged to AWS CloudTrail so that you can audit connection requests.

You can use EC2 Instance Connect to connect to your instances using the Amazon EC2 console or an SSH client of your choice.

When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes an SSH public key to the instance metadata where it remains for 60 seconds. An IAM policy attached to your user authorizes your user to push the public key to the instance metadata. The SSH daemon uses AuthorizedKeysCommand and AuthorizedKeysCommandUser, which are configured when Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance.

You can use EC2 Instance Connect to connect to instances that have public or private IP addresses. For more information, see Connect using EC2 Instance Connect.

For a blog post that discusses how to improve the security of your bastion hosts using EC2 Instance Connect, see Securing your bastion hosts with Amazon EC2 Instance Connect.

Tip

EC2 Instance Connect is one of the options to connect to your Linux instance. For other options, see Connect to your Linux instance. To connect to a Windows instance, see Connect to your Windows instance.