Open in app

Sign in

Write

Sign in

How to setup AWS EC2 Instance Connect EndPoint

Nipulpatel
4 min readAug 26, 2023

--

In this blog, how to create an EIC endpoint, launch two EC2 instances without a Public IP address (only a Private IP address) and connect it via EIC.

Previously customers had to create a jump box or bastion hosts to tunnel SSH/RDP connections to instances with Private IP addresses. Both involved operational overhead as well as cost.

What is Bastion Host?

A bastion host is a dedicated server that allows secure remote access to private instances within a network. By connecting to the bastion host, users can establish a secure connection to the private instance, bypassing direct exposure to the internet and ensuring the integrity and security of the internal network.

AWS to the rescue: EC2 Instance Connect Endpoint

AWS has introduced EC2 Instance Connect Endpoint which allows you to connect to your instance via SSH or RDP without requiring the instance to have a public IPv4 address. This means that if your EC2 Instance only has a private IP, still you will be able to connect it.

EC2 Instance Connect endpoint, its security controls, and step-by-step instructions on how to create and use it to establish secure connections to your Amazon Elastic Compute Cloud (Amazon EC2) instances within your Amazon Virtual Private Cloud (Amazon VPC).

task we do in this exercise

  1. Create custom VPC
  2. Create 2 private subnets
  3. Create IGW (Internet Gateway) & Attach to the VPC
  4. Add IGW in Public Route table (0.0.0.0/0)
  5. Create 2 Security Groups
  6. Route the traffic from 1st SG (Endpoint) to 2nd SG (EC2) by route table
  7. Create EC2 instance connect Endpoint
  8. Launch the instance in private subnets A and B

How to connect EC2 instances with EC2 instance connect endpoint with private IPv4

Create a VPC

  1. Login to your AWS Console.
  2. Create your VPC with Valid CIDR and name.

3. Create 2 subnets in VPC

Private A — (192.12.0.0/24) and

Private B — (192.12.1.0/24)

4. Create IGW (EC2-endpoint) and attach it to our VPC

5. Attach it to the VPC

6. Create a new route table and associate it to both subnets

7. Edit the route table and add the internet gateway

8. Configure 1st SG for Endpoint and add SSH from 0.0.0.0/0

9. Configure 2nd SG for EC2 instance and Destination must be the Endpoint SG and add SSH from 1st SG

10. Go to the endpoints and create EC2-instance-connect-endpoint

11. Select Our VPC, Endpoint-SG and Private A subnet

12. Launch instance in myPrivate1

13. Launch 2nd instance in the myPrivate2 subnet

14. we don’t have Public IPv4 in both instances

15. let’s we connect without IPv4

15. SSH into instance

as we can see privateips….

In Conclusion, EC2 Instance Connect Endpoint is a secure solution to connect to your instances via SSH or aws web console in private subnets without public IPs, agents, and bastion hosts. By configuring an EIC Endpoint for your VPC, you can securely connect using your existing client tools or the Console/AWS CLI.

thank you for reading..

--

--

Nipulpatel
Nipulpatel

Written by Nipulpatel

31 Followers
9 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams