AWS, Cloud Computing

4 Mins Read

Streamlining Secure Access with Amazon EC2 Instance Connect Endpoints


In the world of Cloud Computing, secure and convenient access to virtual machines is crucial for system administrators and developers. Amazon EC2 Instance Connect Endpoint is a feature designed to simplify and enhance the process of securely accessing Amazon EC2 instances. This blog post provides an in-depth overview of the Amazon EC2 Instance Connect Endpoint, its benefits, implementation, and best practices. By the end of this blog post, you’ll understand what Amazon EC2 Instance Connect Endpoint is, how it enhances your instance access workflows, and how to get started with this game-changing AWS feature.

Amazon EC2 Instance Connect Endpoint

Amazon EC2 Instance Connect Endpoint is a feature that enables you to connect to your Amazon Elastic Compute Cloud (EC2) instances through SSH or RDP without needing the instance to have a public IPv4 address. This implies that you can connect to your instances even if they are on private subnets without setting up a bastion host or other middle server.

It is easy to use and can connect to your instances using a browser-based client. Since you do not have to pay for a bastion host or other middle server, connecting to your instances is affordable as it is available at no additional cost in all AWS regions.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started


  • The bastion host does not need to establish a connection to the instance in the private subnet.
  • AWS CloudTrail records API requests related to the Amazon EIC Endpoint, providing a centralized view of endpoint activity and helping with security auditing.


  • AWS Account
  • Private Subnet
  • 1 Linux based EC2 instance in a private subnet.
  • 1 Windows-based EC2 instance in a private subnet.

Steps to create an Amazon EC2 Instance Connect Endpoint

Step 1 – Open the AWS console, navigate to the VPC service, choose Endpoints from the left navigation bar, and then click on “Create Endpoint”

Step 2 – Enter the Endpoint’s name and choose Amazon EC2 Instance Connect Endpoint.


Step 3 – Select the Amazon VPC, Security group, and Subnet, and click Create Endpoints. It will take a few minutes to create.

Steps to Connect to Linux Instance in the private subnet using Amazon EIC Endpoint

To connect to a private subnet Linux instance using the Amazon EIC endpoint, the Amazon EC2 instance we wish to connect to and the Amazon EC2 instance connect endpoint must be in the same Amazon VPC.

Step 1 – Open the Amazon EC2 Console, choose the instance you want to connect, and click “Connect”.


Step 2 – Choose the Amazon EC2 Instance Connect option now, then click “Connect using Amazon EC2 Instance Connect Endpoint” and select the already created endpoint in the last input field.


Step 3 – It will now direct us to a new tab where we can see that the connection to the instance has been established.


Steps to Connect to Windows instance in the private subnet using Amazon EIC Endpoint

Step 1 – Open the Amazon EC2 Console, choose the instance you want to connect, and click “Connect”.


Step 2 – Choose the “RDP Client” option now, then select “Connect using RDP client” and click on “Get Password”.


Step 3 – Now upload a private key file and click “Decrypt Password”. It will generate the password while establishing an RDP connection with the instance.


Step 4 – To RDP into the private Windows-based instance, we must run an AWS CLI command to establish a private tunnel between the local host system and the Amazon VPC endpoint we configured above. AWS CLI must be installed and configured with the proper permissions to run the command for opening the tunnel successfully. Below is the command to achieve it.

The remote port must be 3389 as it is the standard port for Remote RDP, and we can use any port for local port parameters.


Step 5 – Now, Open the RDP prompt in your local system, and in the Computer input field, enter localhost:”port-no” (which is used in the previous command in the local-port parameter) and click on “Connect”.


Step 6 – Enter the password generated in the previous steps and select “OK”.


Step 7 – When prompted, choose “Yes” to accept the warning.


Amazon EIC endpoint will establish a successful RPD connection in Windows based Amazon EC2 Instance in the private subnet.


With the help of an Amazon EIC endpoint, we can easily establish a secure connection to instances within a private subnet, removing unnecessary complexity and possibly minimizing security risks associated with traditional connection methods. Isolation, control, and logging for secure access to your resources are provided by the Amazon EC2 Instance Connect endpoint, which combines identity-based and network-based access controls.

Drop a query if you have any questions regarding Amazon EIC Endpoint and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, AWS EKS Service Delivery Partner, and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.


1. Is the Amazon EC2 Instance Connect endpoint compatible with IPV4 and IPV6?

ANS: – No, the Amazon EC2 Instance Connect Endpoint only works with IPV4 addresses.

2. Are there additional charges for using Amazon EC2 instance connect Endpoint?

ANS: – No, Amazon EIC Endpoint is available at no additional cost in all commercial AWS regions and GovCloud regions in the U.S.

WRITTEN BY Rohit Lovanshi

Rohit Lovanshi works as a Research Associate (Infra, Migration, and Security Team) at CloudThat. He is AWS Developer Associate certified. He has a positive attitude and works effectively in a team. He loves learning about new technology and trying out different approaches to problem-solving.



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!