Connect to your Linux instance using EC2 Instance Connect

Amazon EC2 Instance Connect provides a simple and secure way to connect to your Linux instances using Secure Shell (SSH). With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys. All connection requests using EC2 Instance Connect are logged to AWS CloudTrail so that you can audit connection requests.

You can use EC2 Instance Connect to connect to your instances using the Amazon EC2 console, the EC2 Instance Connect CLI, or the SSH client of your choice.

When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes a one-time-use SSH public key to the instance metadata where it remains for 60 seconds. An IAM policy attached to your user authorizes your user to push the public key to the instance metadata. The SSH daemon uses AuthorizedKeysCommand and AuthorizedKeysCommandUser, which are configured when Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance.

You can use EC2 Instance Connect to connect to instances that have public or private IP addresses. For more information, see Connect using EC2 Instance Connect.

Contents

• Set up EC2 Instance Connect
• Connect using EC2 Instance Connect
• Uninstall EC2 Instance Connect

Tip

If you are connecting to a Linux instance from a local computer running Windows, see the following documentation instead:

• Connect to your Linux instance from Windows using PuTTY

• Connect to your Linux instance using SSH

• Connect to your Linux instance from Windows using Windows Subsystem for Linux