Amazon Elastic Compute Cloud (EC2)
Basics of EC2
Demo Access EC2 Instance web console SSH Key
In this tutorial, you’ll learn multiple ways to connect to your Amazon EC2 instance—from the AWS Management Console and directly from your terminal using an SSH key pair.
Connection Methods Overview
| Method | Use Case | Requirements |
|---|---|---|
| EC2 Instance Connect | Browser-based SSH via public or private IP | IAM permissions, Instance Connect enabled |
| Session Manager | SSH-less console access without open inbound ports | SSM Agent installed, IAM role with SSM perms |
| SSH Client (Key Pair) | CLI-based SSH from local machine | .pem key file, SSH client |
| EC2 Serial Console | Low-level troubleshooting (console, BIOS, boot issues) | Explicit IAM permission, Nitro-based instances |
1. Select Your EC2 Instance
- Open the AWS Management Console and navigate to EC2 > Instances.
- Select your running instance (e.g., “demo”).
- Click the Connect button in the top right.
You’ll now see all available connection options.
2. EC2 Instance Connect (Browser SSH)
EC2 Instance Connect provides a quick, browser-based SSH session—no local keys required.
- In the Connect dialog, choose EC2 Instance Connect.
- Confirm the Username (default is
ec2-useron Amazon Linux). - Click Connect.
A new tab opens with your SSH shell. Verify connectivity:
[ec2-user@ip-172-31-81-18 ~]$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=1.05 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=53 time=1.07 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=53 time=1.09 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
To disconnect, simply close the browser tab.
3. EC2 Instance Connect (Private IP)
If your instance lacks a public IP but sits in a network-accessible subnet (VPN, Direct Connect), you can still launch EC2 Instance Connect over its private IP:
- Select Connect over private IP in the same dialog.
Note
You must be within the same VPC (or have network routing configured) for private IP SSH sessions.
4. AWS Systems Manager Session Manager
Session Manager lets you establish a shell session without SSH keys or opening inbound ports.
Note
Ensure your instance has:
- The SSM Agent installed
- An IAM role attached with
AmazonSSMManagedInstanceCorepolicy
No additional network configuration is required. Just select Session Manager in the Connect dialog.
5. SSH Client Using a PEM Key Pair
To SSH from your workstation, use the .pem file downloaded when you launched the instance.
Set secure permissions on the key:
chmod 400 demo.pemConnect via SSH:
ssh -i "demo.pem" [email protected]Accept the fingerprint when prompted:
The authenticity of host 'ec2-54-85-134-101.compute-1.amazonaws.com (100.82.78.53)' can't be established. ED25519 key fingerprint is SHA256:TTVrUr5IXAYZa2vFYtPx90hNGkphIpubYjaNHm9uYLs. Are you sure you want to continue connecting (yes/no/[fingerprint])? yesTest network connectivity:
[ec2-user@ip-172-31-81-18 ~]$ ping -c 4 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=1.01 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=53 time=1.07 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=53 time=1.09 ms --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002msExit the session:
exit
6. EC2 Serial Console (Low-Level Access)
For troubleshooting boot or BIOS issues, use the EC2 Serial Console.
Warning
Your IAM principal must have explicit permission (ec2-instance-connect:SendSerialConsoleSSHPublicKey) to use the EC2 Serial Console.
Further Reading and References
- Amazon EC2 Instance Connect
- AWS Systems Manager Session Manager
- Connect to Your Linux Instance Using SSH
- EC2 Serial Console
Watch Video
Watch video content
Practice Lab
Practice lab