AWS, Cloud Computing

4 Mins Read

Streamlining Secure Access with Amazon EC2 Instance Connect Endpoints

Voiced by Amazon Polly

Overview

In the world of Cloud Computing, secure and convenient access to virtual machines is crucial for system administrators and developers. Amazon EC2 Instance Connect Endpoint is a feature designed to simplify and enhance the process of securely accessing Amazon EC2 instances. This blog post provides an in-depth overview of the Amazon EC2 Instance Connect Endpoint, its benefits, implementation, and best practices. By the end of this blog post, you’ll understand what Amazon EC2 Instance Connect Endpoint is, how it enhances your instance access workflows, and how to get started with this game-changing AWS feature.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Amazon EC2 Instance Connect Endpoint

Amazon EC2 Instance Connect Endpoint is a feature that enables you to connect to your Amazon Elastic Compute Cloud (EC2) instances through SSH or RDP without needing the instance to have a public IPv4 address. This implies that you can connect to your instances even if they are on private subnets without setting up a bastion host or other middle server.

It is easy to use and can connect to your instances using a browser-based client. Since you do not have to pay for a bastion host or other middle server, connecting to your instances is affordable as it is available at no additional cost in all AWS regions.

Benefits

  • The bastion host does not need to establish a connection to the instance in the private subnet.
  • AWS CloudTrail records API requests related to the Amazon EIC Endpoint, providing a centralized view of endpoint activity and helping with security auditing.

Prerequisites

  • AWS Account
  • Private Subnet
  • 1 Linux based EC2 instance in a private subnet.
  • 1 Windows-based EC2 instance in a private subnet.

Steps to create an Amazon EC2 Instance Connect Endpoint

Step 1 – Open the AWS console, navigate to the VPC service, choose Endpoints from the left navigation bar, and then click on “Create Endpoint”

Step 2 – Enter the Endpoint’s name and choose Amazon EC2 Instance Connect Endpoint.

endpoint

Step 3 – Select the Amazon VPC, Security group, and Subnet, and click Create Endpoints. It will take a few minutes to create.

Steps to Connect to Linux Instance in the private subnet using Amazon EIC Endpoint

To connect to a private subnet Linux instance using the Amazon EIC endpoint, the Amazon EC2 instance we wish to connect to and the Amazon EC2 instance connect endpoint must be in the same Amazon VPC.

Step 1 – Open the Amazon EC2 Console, choose the instance you want to connect, and click “Connect”.

linux1

Step 2 – Choose the Amazon EC2 Instance Connect option now, then click “Connect using Amazon EC2 Instance Connect Endpoint” and select the already created endpoint in the last input field.

linux2

Step 3 – It will now direct us to a new tab where we can see that the connection to the instance has been established.

linux3

Steps to Connect to Windows instance in the private subnet using Amazon EIC Endpoint

Step 1 – Open the Amazon EC2 Console, choose the instance you want to connect, and click “Connect”.

win1

Step 2 – Choose the “RDP Client” option now, then select “Connect using RDP client” and click on “Get Password”.

win2

Step 3 – Now upload a private key file and click “Decrypt Password”. It will generate the password while establishing an RDP connection with the instance.

win3

Step 4 – To RDP into the private Windows-based instance, we must run an AWS CLI command to establish a private tunnel between the local host system and the Amazon VPC endpoint we configured above. AWS CLI must be installed and configured with the proper permissions to run the command for opening the tunnel successfully. Below is the command to achieve it.

The remote port must be 3389 as it is the standard port for Remote RDP, and we can use any port for local port parameters.

win4

Step 5 – Now, Open the RDP prompt in your local system, and in the Computer input field, enter localhost:”port-no” (which is used in the previous command in the local-port parameter) and click on “Connect”.

win5

Step 6 – Enter the password generated in the previous steps and select “OK”.

win6

Step 7 – When prompted, choose “Yes” to accept the warning.

win7

Amazon EIC endpoint will establish a successful RPD connection in Windows based Amazon EC2 Instance in the private subnet.

Conclusion

With the help of an Amazon EIC endpoint, we can easily establish a secure connection to instances within a private subnet, removing unnecessary complexity and possibly minimizing security risks associated with traditional connection methods. Isolation, control, and logging for secure access to your resources are provided by the Amazon EC2 Instance Connect endpoint, which combines identity-based and network-based access controls.

Drop a query if you have any questions regarding Amazon EIC Endpoint and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. Is the Amazon EC2 Instance Connect endpoint compatible with IPV4 and IPV6?

ANS: – No, the Amazon EC2 Instance Connect Endpoint only works with IPV4 addresses.

2. Are there additional charges for using Amazon EC2 instance connect Endpoint?

ANS: – No, Amazon EIC Endpoint is available at no additional cost in all commercial AWS regions and GovCloud regions in the U.S.

WRITTEN BY Rohit Lovanshi

Rohit Lovanshi works as a Research Associate (Infra, Migration, and Security Team) at CloudThat. He is AWS Developer Associate certified. He has a positive attitude and works effectively in a team. He loves learning about new technology and trying out different approaches to problem-solving.

Share

PREV

NEXT

Comments

    Click to Comment

Related Resources

Cloud Computing, DevOps

Kubernetes-native Security and Governance with Kyverno

By Abhilasha D

Aug 26, 2025

Cloud Computing, DevOps

Private Docker Repositories Enhancing Security and Performance

By Swapnil Kumbar

Aug 26, 2025

AWS, Cloud Computing, DevOps

Designing a Scalable and Secure Jenkins CI/CD Pipeline on

By Gokulraj G

Aug 26, 2025

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!