Amazon EC2 Instance Connect のアイコン

Amazon EC2 Instance Connect Specialized2008年〜

A service for securely connecting to EC2 instances without pre-distributing SSH keys

About 2 min read

What It Does

Amazon EC2 Instance Connect lets you securely connect to EC2 instances without pre-distributing or managing SSH key pairs. It pushes a temporary SSH public key to the instance metadata, establishing a connection valid for only 60 seconds. Access is controlled through IAM policies, and connection logs are recorded in CloudTrail.

Use Cases

It is used when developers need to connect to EC2 instances for troubleshooting, or when you want to simplify SSH key management. Browser-based connections are also available, so you can connect even without a local SSH client.

Everyday Analogy

Think of it like a hotel key card system. When a guest (developer) verifies their identity at the front desk (IAM), a key card (temporary SSH key) valid only for their stay is issued. The key card becomes invalid after checkout, eliminating the risk of lost keys.

What Is EC2 Instance Connect?

EC2 Instance Connect is a service that balances SSH connection security with convenience. Traditional SSH connections required managing private key files, but Instance Connect automatically generates temporary keys based on IAM authentication. You can also open a terminal directly in your browser from the AWS Management Console.

Connection Methods

There are three connection methods: browser-based connection from the AWS Management Console, using the ec2-instance-connect command in the AWS CLI, and combining with a standard SSH client. In all cases, only users authorized by IAM policies can access instances, and connection events are recorded in CloudTrail. For detailed implementation of connection methods, books (Amazon) also provide thorough coverage.

Getting Started

Simply select an instance in the EC2 console and click the 'Connect' button. By creating an Instance Connect Endpoint in your VPC, you can connect to instances in private subnets without a public IP. You need to configure the security group to allow SSH from the Instance Connect IP range.

Things to Watch Out For

  • Instance Connect is supported on Amazon Linux 2 and Ubuntu 16.04 and later. It does not support Windows instances
  • Connecting to instances in private subnets requires creating an Instance Connect Endpoint
共有するXB!

Related Services

Amazon EC2 iconAmazon EC2A compute service that provides virtual servers in the cloudAWS IAM iconAWS IAMAn authentication and authorization service for securely managing access to AWS resourcesAmazon VPC iconAmazon VPCBuild a logically isolated virtual network on AWSAWS Systems Manager iconAWS Systems ManagerAn operations management service for centrally managing AWS resources and on-premises servers

Related Articles

Eliminate SSH Key Management with EC2 Instance Connect - Secure Connections from Browser and CLILearn about keyless SSH connections with EC2 Instance Connect, IAM-based access control, and Endpoint usage.

More in This Category

AWS Auto Scaling iconAWS Auto Scaling EssentialA service that automatically scales EC2, ECS, DynamoDB, and other resources based on demandAWS Batch iconAWS Batch SpecializedA managed service for efficiently scheduling and running batch computing jobsAmazon EC2 iconAmazon EC2 EssentialA compute service that provides virtual servers in the cloudAWS Elastic Beanstalk iconAWS Elastic Beanstalk PopularA service that automates application deployment and operations just by uploading your codeAmazon EVS iconAmazon EVS NewA fully managed service for running VMware vSphere environments on AWSEC2 Image Builder iconEC2 Image Builder SpecializedA service that automates the creation, testing, and distribution of custom AMIsAWS Lambda iconAWS Lambda EssentialA serverless compute service that runs code without server managementAmazon Lightsail iconAmazon Lightsail PopularA service offering simple virtual servers, storage, and networking at a fixed monthly price

Similar Articles and Services

Eliminate SSH Key Management with EC2 Instance Connect - Secure Connections from Browser and CLILearn about keyless SSH connections with EC2 Instance Connect, IAM-based access control, and Endpoint usage.AWS Direct ConnectA service that provides a dedicated network connection between on-premises environments and AWS, delivering stable, low-latency connectivity that bypasses the public internetDedicated Connection Design - Achieving Stable Private Network Connectivity with Direct ConnectLearn about dedicated connection design with AWS Direct Connect, including choosing between dedicated and hosted connections, redundancy configurations, and achieving stable private network connectivity through VPC integration.AWS Direct ConnectA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityBuilding Dedicated Connections with AWS Direct Connect - Redundancy Design and Traffic ControlDesign redundant dedicated connections and connect to VPCs across multiple regions with Direct Connect Gateway. This article also covers bandwidth aggregation with LAG and MACsec encryption.