New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provision EC2 Instance Connect Endpoint at VPC Networking stack #525

Closed

victorskl opened this issue Jan 4, 2025 · 2 comments · Fixed by #526

Assignees

Labels

feature infrastructure

Member

victorskl commented Jan 4, 2025

Context:

EICE looks promising and should be the way forward our infra usage.

https://aws.amazon.com/blogs/compute/secure-connectivity-from-public-to-private-introducing-ec2-instance-connect-endpoint-june-13-2023/

Quota:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/eice-quotas.html
- We just need to setup once at VPC level. Then utilise across the subnets

Action:

Create EC2 Instance Connect Endpoint at main-vpc networking stack

victorskl self-assigned this

victorskl added feature infrastructure labels

victorskl linked a pull request

that will close this issue

Networking TF: Added EC2 Instance Connect Endpoint (EICE) #526

Merged

Member Author

victorskl commented Jan 6, 2025

Note

You may typically want to EICE enabled private network Security Group
which can be looked up name ssh_from_eice. Add this SG to your VM
instance created in private subnet. Then you no longer need public IP
to connect to this instance. Just need to do like so.
```
aws ec2-instance-connect ssh --connection-type eice --os-user <ubuntu|ec2-user> --instance-id <i-1234567replace>
```
Or, punch local tunnel like so:
```
aws ec2-instance-connect open-tunnel --instance-id <i-1234567replace> --local-port 2222
```

Member Author

victorskl commented Jan 6, 2025 •

edited

Loading

See more

victorskl closed this as completed in #526

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment