Voiced by Amazon Polly |
Overview
In the world of Cloud Computing, secure and convenient access to virtual machines is crucial for system administrators and developers. Amazon EC2 Instance Connect Endpoint is a feature designed to simplify and enhance the process of securely accessing Amazon EC2 instances. This blog post provides an in-depth overview of the Amazon EC2 Instance Connect Endpoint, its benefits, implementation, and best practices. By the end of this blog post, you’ll understand what Amazon EC2 Instance Connect Endpoint is, how it enhances your instance access workflows, and how to get started with this game-changing AWS feature.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Amazon EC2 Instance Connect Endpoint
Amazon EC2 Instance Connect Endpoint is a feature that enables you to connect to your Amazon Elastic Compute Cloud (EC2) instances through SSH or RDP without needing the instance to have a public IPv4 address. This implies that you can connect to your instances even if they are on private subnets without setting up a bastion host or other middle server.
Benefits
- The bastion host does not need to establish a connection to the instance in the private subnet.
- AWS CloudTrail records API requests related to the Amazon EIC Endpoint, providing a centralized view of endpoint activity and helping with security auditing.
Prerequisites
- AWS Account
- Private Subnet
- 1 Linux based EC2 instance in a private subnet.
- 1 Windows-based EC2 instance in a private subnet.
Steps to create an Amazon EC2 Instance Connect Endpoint
Step 1 – Open the AWS console, navigate to the VPC service, choose Endpoints from the left navigation bar, and then click on “Create Endpoint”
Step 2 – Enter the Endpoint’s name and choose Amazon EC2 Instance Connect Endpoint.
Step 3 – Select the Amazon VPC, Security group, and Subnet, and click Create Endpoints. It will take a few minutes to create.
Steps to Connect to Linux Instance in the private subnet using Amazon EIC Endpoint
To connect to a private subnet Linux instance using the Amazon EIC endpoint, the Amazon EC2 instance we wish to connect to and the Amazon EC2 instance connect endpoint must be in the same Amazon VPC.
Step 1 – Open the Amazon EC2 Console, choose the instance you want to connect, and click “Connect”.
Step 2 – Choose the Amazon EC2 Instance Connect option now, then click “Connect using Amazon EC2 Instance Connect Endpoint” and select the already created endpoint in the last input field.
Step 3 – It will now direct us to a new tab where we can see that the connection to the instance has been established.
Steps to Connect to Windows instance in the private subnet using Amazon EIC Endpoint
Step 1 – Open the Amazon EC2 Console, choose the instance you want to connect, and click “Connect”.
Step 2 – Choose the “RDP Client” option now, then select “Connect using RDP client” and click on “Get Password”.
Step 3 – Now upload a private key file and click “Decrypt Password”. It will generate the password while establishing an RDP connection with the instance.
Step 4 – To RDP into the private Windows-based instance, we must run an AWS CLI command to establish a private tunnel between the local host system and the Amazon VPC endpoint we configured above. AWS CLI must be installed and configured with the proper permissions to run the command for opening the tunnel successfully. Below is the command to achieve it.
1 |
aws ec2-instance-connect open-tunnel --instance-id “instance-id” --remote-port 3389 --local-port “any-port” |
The remote port must be 3389 as it is the standard port for Remote RDP, and we can use any port for local port parameters.
Step 5 – Now, Open the RDP prompt in your local system, and in the Computer input field, enter localhost:”port-no” (which is used in the previous command in the local-port parameter) and click on “Connect”.
Step 6 – Enter the password generated in the previous steps and select “OK”.
Step 7 – When prompted, choose “Yes” to accept the warning.
Amazon EIC endpoint will establish a successful RPD connection in Windows based Amazon EC2 Instance in the private subnet.
Conclusion
With the help of an Amazon EIC endpoint, we can easily establish a secure connection to instances within a private subnet, removing unnecessary complexity and possibly minimizing security risks associated with traditional connection methods. Isolation, control, and logging for secure access to your resources are provided by the Amazon EC2 Instance Connect endpoint, which combines identity-based and network-based access controls.
Drop a query if you have any questions regarding Amazon EIC Endpoint and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. Is the Amazon EC2 Instance Connect endpoint compatible with IPV4 and IPV6?
ANS: – No, the Amazon EC2 Instance Connect Endpoint only works with IPV4 addresses.
2. Are there additional charges for using Amazon EC2 instance connect Endpoint?
ANS: – No, Amazon EIC Endpoint is available at no additional cost in all commercial AWS regions and GovCloud regions in the U.S.

WRITTEN BY Rohit Lovanshi
Rohit Lovanshi works as a Research Associate (Infra, Migration, and Security Team) at CloudThat. He is AWS Developer Associate certified. He has a positive attitude and works effectively in a team. He loves learning about new technology and trying out different approaches to problem-solving.
Comments