{
	"id": "ce4fb34f-ad9d-4de2-8858-fe67206d18c0",
	"created_at": "2026-04-06T00:16:05.575934Z",
	"updated_at": "2026-04-10T03:20:58.305717Z",
	"deleted_at": null,
	"sha1_hash": "6fbc74d8dcadcb76d21dc2ba582fbd743b1ea29b",
	"title": "Connect to a Linux instance using EC2 Instance Connect",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 85456,
	"plain_text": "Connect to a Linux instance using EC2 Instance Connect\r\nArchived: 2026-04-05 20:44:40 UTC\r\nThe following instructions explain how to connect to your Linux instance using EC2 Instance Connect through the\r\nAmazon EC2 console, the AWS CLI, or an SSH client.\r\nWhen you connect to an instance using EC2 Instance Connect through the console or AWS CLI, the EC2 Instance\r\nConnect API automatically pushes an SSH public key to the instance metadata where it remains for 60 seconds.\r\nAn IAM policy attached to your user authorizes this action. If you prefer using your own SSH key, you can use an\r\nSSH client and explicitly push your SSH key to the instance using EC2 Instance Connect.\r\nConsiderations\r\nAfter connecting to an instance using EC2 Instance Connect, the connection persists until the SSH session is\r\nterminated. The duration of the connection is not determined by the duration of your IAM credentials. If your\r\nIAM credentials expire, the connection continues to persist. When using the EC2 Instance Connect console\r\nexperience, if your IAM credentials expire, terminate the connection by closing the browser page. When using\r\nyour own SSH client and EC2 Instance Connect to push your key, you can set a SSH timeout value to terminate\r\nthe SSH session automatically.\r\nRequirements\r\nBefore you begin, be sure to review the prerequisites.\r\nConnect using the Amazon EC2 console\r\nYou can connect to an instance using EC2 Instance Connect through the Amazon EC2 console.\r\nRequirements\r\nTo connect using the Amazon EC2 console, the instance must have either a public IPv4 or IPv6 address. If the\r\ninstance only has a private IPv4 address, you can use the ec2-instance-connect AWS CLI to connect.\r\nTo connect to your instance using the Amazon EC2 console\r\n1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.\r\n2. In the navigation pane, choose Instances.\r\n3. Select the instance and choose Connect.\r\n4. Choose the EC2 Instance Connect tab.\r\n5. Choose Connect using a Public IP.\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html\r\nPage 1 of 5\n\n6. If there is a choice, select the IP address to connect to. Otherwise, the IP address is selected automatically.\r\n7. For Username, verify the username.\r\n8. Choose Connect to establish a connection. An in-browser terminal window opens.\r\nConnect using the AWS CLI\r\nYou can use the ec2-instance-connect AWS CLI to connect to your instance with an SSH client. EC2 Instance\r\nConnect attempts to establish a connection using an available IP address in a predefined order, based on the\r\nspecified connection type. If an IP address isn't available, it automatically tries the next one in the order.\r\nConnection types\r\nauto (default)\r\nEC2 Instance Connect tries to connect using the instance's IP addresses in the following order and with the\r\ncorresponding connection type:\r\n1. Public IPv4: direct\r\n2. Private IPv4: eice\r\n3. IPv6: direct\r\ndirect\r\nEC2 Instance Connect tries to connect using the instance's IP addresses in the following order:\r\n1. Public IPv4\r\n2. IPv6\r\n3. Private IPv4 (it does not connect over an EC2 Instance Connect Endpoint)\r\neice\r\nEC2 Instance Connect tries to connect using the instance's private IPv4 address and an EC2 Instance\r\nConnect Endpoint.\r\nNote\r\nIn the future, we might change the behavior of the auto connection type. To ensure that your desired connection\r\ntype is used, we recommend that you explicitly set the --connection-type to either direct or eice .\r\nRequirements\r\nYou must use AWS CLI version 2. For more information, see Install or update to the latest version of the AWS\r\nCLI.\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html\r\nPage 2 of 5\n\nTo connect to an instance using the instance ID\r\nIf you only know the instance ID, and want to let EC2 Instance Connect determine the connection type to use\r\nwhen connecting to your instance, use the ec2-instance-connect ssh CLI command with the instance ID.\r\naws ec2-instance-connect ssh --instance-id i-1234567890example\r\nTo connect to an instance using the instance ID and an EC2 Instance Connect Endpoint\r\nIf you want to connect to your instance over an EC2 Instance Connect Endpoint, use the preceding command and\r\nalso specify the --connection-type parameter with the eice value.\r\naws ec2-instance-connect ssh --instance-id i-1234567890example --connection-type eice\r\nTo connect to an instance using the instance ID and your own private key file\r\nIf you want to connect to your instance over an EC2 Instance Connect Endpoint using your own private key,\r\nspecify the instance ID and the path to the private key file. Do not include file:// in the path; the following\r\nexample will fail: file:///path/to/key .\r\naws ec2-instance-connect ssh --instance-id i-1234567890example --private-key-file /path/to/key .pem\r\nTip\r\nIf you get an error when using these commands, make sure that you're using AWS CLI version 2, because the\r\nssh command is only available in this major version. We also recommend regularly updating to the latest minor\r\nversion of AWS CLI version 2 to access the latest features. For more information, see About AWS CLI version 2\r\nin the AWS Command Line Interface User Guide.\r\nConnect using your own key and SSH client\r\nYou can use your own SSH key and connect to your instance from the SSH client of your choice while using the\r\nEC2 Instance Connect API. This enables you to benefit from the EC2 Instance Connect capability to push a public\r\nkey to the instance. This connection method works for instances with public and private IP addresses.\r\nRequirements\r\nRequirements for key pairs\r\nSupported types: RSA (OpenSSH and SSH2) and ED25519\r\nSupported lengths: 2048 and 4096\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html\r\nPage 3 of 5\n\nFor more information, see Create a key pair using a third-party tool and import the public key to\r\nAmazon EC2.\r\nWhen connecting to an instance that has only private IP addresses, the local computer from which you are\r\ninitiating the SSH session must have connectivity to the EC2 Instance Connect service endpoint (to push\r\nyour SSH public key to the instance) as well as network connectivity to the instance's private IP address to\r\nestablish the SSH session. The EC2 Instance Connect service endpoint is reachable over the internet or\r\nover an Direct Connect public virtual interface. To connect to the instance's private IP address, you can\r\nleverage services such as Direct Connect, AWS Site-to-Site VPN, or VPC peering.\r\nTo connect to your instance using your own key and any SSH client\r\n1. (Optional) Generate new SSH private and public keys\r\nYou can generate new SSH private and public keys, my_key and my_key.pub , using the following\r\ncommand:\r\nssh-keygen -t rsa -f my_key\r\n2. Push your SSH public key to the instance\r\nUse the send-ssh-public-key command to push your SSH public key to the instance. If you launched your\r\ninstance using AL2023 or Amazon Linux 2, the default username for the AMI is ec2-user . If you\r\nlaunched your instance using Ubuntu, the default username for the AMI is ubuntu .\r\nThe following example pushes the public key to the specified instance in the specified Availability Zone, to\r\nauthenticate ec2-user .\r\naws ec2-instance-connect send-ssh-public-key \\\r\n --region us-west-2 \\\r\n --availability-zone us-west-2b \\\r\n --instance-id i-001234a4bf70dec41EXAMPLE \\\r\n --instance-os-user ec2-user \\\r\n --ssh-public-key file:// my_key.pub\r\n3. Connect to the instance using your private key\r\nUse the ssh command to connect to the instance using the private key before the public key is removed\r\nfrom the instance metadata (you have 60 seconds before it is removed). Specify the private key that\r\ncorresponds to the public key, the default username for the AMI that you used to launch your instance, and\r\nthe instance's public DNS name (if connecting over a private network, specify the private DNS name or IP\r\naddress). Add the IdentitiesOnly=yes option to ensure that only the files in the ssh config and the\r\nspecified key are used for the connection.\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html\r\nPage 4 of 5\n\nssh -o \"IdentitiesOnly=yes\" -i my_key ec2-user @ ec2-198-51-100-1.compute-1.amazonaws.com\r\nThe following example uses timeout 3600 to set your SSH session to terminate after 1 hour. Processes\r\nstarted during the session may continue running on your instance after the session terminates.\r\ntimeout 3600 ssh -o “IdentitiesOnly=yes” -i my_key ec2-user @ ec2-198-51-100-1.compute-1.amazonaws.com\r\nTroubleshoot\r\nIf you receive an error while attempting to connect to your instance, see the following:\r\nTroubleshoot issues connecting to your Amazon EC2 Linux instance\r\nHow do I troubleshoot issues connecting to my EC2 instance using EC2 Instance Connect?\r\nSource: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html\r\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html"
	],
	"report_names": [
		"ec2-instance-connect-methods.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434565,
	"ts_updated_at": 1775791258,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6fbc74d8dcadcb76d21dc2ba582fbd743b1ea29b.pdf",
		"text": "https://archive.orkl.eu/6fbc74d8dcadcb76d21dc2ba582fbd743b1ea29b.txt",
		"img": "https://archive.orkl.eu/6fbc74d8dcadcb76d21dc2ba582fbd743b1ea29b.jpg"
	}
}