AWS

4 Mins Read

Secure Private Connectivity using EC2 Instance Connect Endpoint

Voiced by Amazon Polly

Introduction

An Amazon Elastic Compute Cloud (Amazon EC2) instance is launched in the private subnet of Amazon Virtual Private Cloud (Amazon VPC). A user who wants to connect to a private instance must first connect to the bastion host, an instance with a public IP address provisioned in the public subnet through an internet gateway. This requires the additional overhead of maintaining and patching the bastion host to ensure connectivity. The architecture below shows how to connect to the private instance using a bastion host through an internet gateway.

Figure 1: Connect to the private instance using a bastion host

Figure 1: Connect to the private instance using a bastion host

Amazon EC2 Instance Connect Endpoint (EIC Endpoint) allows a secure connection to the instances in a private subnet from the internet. It does not require a bastion host, internet gateway in VPC, a public IP address on the resource, or even any agent to connect to the resource. EIC Endpoint provides control, isolation, and logging to ensure organizations’ security requirements using identity and network-based controls. An organization administrator is free from the overhead of maintaining and patching bastion hosts.

In the following figure, a user can connect to private instances using Amazon EC2 Instance Connect Endpoint without an internet gateway.

Figure 2: Connect to the private instance using a bastion host

Freedom Month Sale — Upgrade Your Skills, Save Big!

  • Up to 80% OFF AWS Courses
  • Up to 30% OFF Microsoft Certs
Act Fast!

Security groups are allocated to the instance you wish to connect to and the EC2 Instance Connect Endpoint. Attach a security group with inbound and outbound rules for the EIC endpoint group by adding the following rule.

For private instances, attach a security group to allow traffic from the EIC Endpoint security group by adding the following inbound rule.

Create VPC with two private subnets in a single availability zone.

Launch two Amazon Linux instances in both the private subnets.

Step 1– Go to the VPC console and select endpoint. Click on “Create Endpoint.”

 

Step 2– Select “EC2 Instance Connect Endpoint “ from the service category.

 

Step 3– Select the VPC and Endpoint security group created earlier.

Amazon EC2

 

Step 4– Select one of the private subnets and click on Create endpoint.

Amazon EC2

Step 5– Select the EC2 instance from the EC2 console and click on “connect.”

Amazon EC2

 

Step 6– Select “Connect using EC2 instance Connect Endpoint” and choose the endpoint created in step 1. Click on “Connect”. You will be connected to a private EC2 instance.

 

Step 7– Repeat step 6 to connect to another private EC2 instance.

 

Conclusion

With no need for IGWs, public IPs, agents, or bastion hosts, EIC Endpoint offers a safe way to establish SSH or RDP connections with your instances on private subnets. You can use the Console/AWS CLI or your current client tools to establish a secure connection by setting up an EIC Endpoint for your VPC.

Freedom Month Sale — Discounts That Set You Free!

  • Up to 80% OFF AWS Courses
  • Up to 30% OFF Microsoft Certs
Act Fast!

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

WRITTEN BY Rashmi D

Rashmi Dhumal is working as a Subject Matter Expert in AWS Team at CloudThat, India. Being a passionate trainer, “technofreak and a quick learner”, is what aptly describes her. She has an immense experience of 20+ years as a technical trainer, an academician, mentor, and active involvement in curriculum development. She trained many professionals and student graduates pan India.

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!