AWS Remote Connectivity
you have following options to connect to your AWS EC2 instances:
SSH to an instance. Default port is 22
AWS Instance Connect is a web-based console you can also use
To connect using SSH
download your .pem access key.
remove the space within the filename if there is a space.
Then place in a directory on your local client machine and from that directory,
get your public ip from your ec2 instance that you want to ssh into.
and also check the security of your instance to check that port 22 from anywhere exists as a rule and allows access.
then do ssh ec2user@<yourEC2publicIP>
you will see an authentication error initially, because you have to specify your access key… so,
we need to reference our .pem file into our command…
so cd to the directory where your .pem file is located, then do:
ssh -i <your.pem file> ec2user@<yourEC2publicIP>
then you will see the error that you have to change your permissions of your key file:
so on your local client do
chmod 0400 *.pem
then you should be able to login ok.
Resolving SSH Connectivity Problems
if you still have a connection problem…
if it is “connection refused”, then this means the instance is reachable, but no SSH utility is running on the instance
Solutions:
Try to restart the instance
If it doesn’t work, terminate the instance and create a new one. Make sure you’re using Amazon Linux 2
If your security group is properly configured as above, and you still have connection timeout issues, then that means a corporate firewall or a personal firewall is blocking the connection.
In this case use EC2 Instance Connect as described below.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
This means either two things:
You are using the wrong security key or not using a security key. Please look at your EC2 instance configuration to make sure you have assigned the correct key to it.
You are using the wrong user. Make sure you have started an Amazon Linux 2 EC2 instance, and make sure you’re using the user ec2-user.
Finally,
if you were able to connect yesterday, but not today…
This is probably because you have stopped your EC2 instance and then started it again today. When you do so, the public IP of your EC2 instance will change. So you need to get the new public ip of the instance and try connecting to that.
EC2 Instance Connect
login to your AWS Web Management Desktop and navigate to the EC2 Dashboard, and select the instance you want to connect to, and then click on CONNECT.
This will open a CLI shell console session on your EC2 instance via the web-browser window.
Use IAM Roles instead of AWS Credentials (access keys) to login to your EC2 Instances
DO NOT EVER ENTER YOUR ID ACCESS KEY OR SECRET KEY CREDENTIALS into an EC2 instance.
You CAN enter your access key id and secret access key into your aws credentials within your ssh session, using the “aws credentials” cli command – but you are strongly advised NOT to do this!
if you do this, then anyone who has access to the file on your laptop or pc can access your instance… and they can retrieve your access keys from your instance!
Therefore, always use IAM Roles instead to grant users access to EC2 instances!
To do this, we attach the role we created earlier to our ec2 instance, via the ec2 dashboard:
in your EC2 Dashboard, select the EC2 instance then select Actions – Security – Modify iam role
then add the role you want, then choose the iam role you want to add… in this case our demo role.
you can check with:
[ec2-user@ip-172-31-87-242 ~]$
[ec2-user@ip-172-31-87-242 ~]$ aws iam list-users
{
“Users”: [
{
“UserName”: “kevin”,
“PasswordLastUsed”: “2022-08-08T09:21:00Z”,
“CreateDate”: “2022-08-08T09:17:45Z”,
“UserId”: “AIDAQT3XOKFNXLOJMYNW6”,
“Path”: “/”,
“Arn”: “arn:aws:iam::042663301467:user/kevin”
}
]
}
[ec2-user@ip-172-31-87-242 ~]$