Our team is working on AWS, where we have lots of instances, which we keep adding and removing. Each instance has a logical name, which helps us know what it does as well as finding it.
When we want to connect to one, though, we either need to update the ~/.ssh/config file all the time, or go to the web console, find the instance by its name, copying its IP and only then we can run it using:
ssh -i ~/.aws/my-pem-file.pem [email protected]
I was wandering whether there is an easier way to do it, where you could specify the machine name, and EC2 would do the rest?
Something like
ssh-aws my-machine-name
The EC2 Instance Connect service endpoint is reachable over the internet or over an AWS Direct Connect public virtual interface. To connect to the instance's private IP address, you can leverage services such as AWS Direct Connect, AWS Site-to-Site VPN, or VPC peering .
The ability to push a 'temporary keypair' to the EC2 instance Permission can be granted to an IAM User to use EC2 Instance Connect. Therefore, a user can login to the EC2 instance by using their AWS credentials. They are effectively requesting a connect via EC2 Instance Connect, and all the SSH stuff is done in the background.
To install EC2 Instance Connect on an instance launched with Amazon Linux 2 Connect to your instance using SSH. Use the SSH key pair that was assigned to your instance when you launched it and the default user name of the AMI that you used to launch your instance. For Amazon Linux 2, the default user name is ec2-user.
AuthorizedKeysCommandUser sets the system user as ec2-instance-connect If you previously configured AuthorizedKeysCommand and AuthorizedKeysCommandUser, the Instance Connect installation will not change the values and you will not be able to use Instance Connect.
If you configure your instance/load balancer with an Elastic IP (which doesn't change), you can always use an SSH config file.
Secondly, if you have the Unified AWS CLI Tools configured, you can add these functions to your Bash profile. Assuming every instance you have has a unique "Name" tag, this will return the IP address of that instance for SSH requests. (Otherwise, it will simply use the first "Name" match.)
function hostname_from_instance() {
    echo $(aws ec2 describe-instances --filters "{\"Name\":\"tag:Name\", \"Values\":[\"$1\"]}" --query='Reservations[0].Instances[0].PublicDnsName' | tr -d '"')
}
function ip_from_instance() {
    echo $(aws ec2 describe-instances --filters "{\"Name\":\"tag:Name\", \"Values\":[\"$1\"]}" --query='Reservations[0].Instances[0].PublicIpAddress' | tr -d '"')
}
function ssh-aws() {
    ssh -i ~/.ssh/your-keypair.pem ec2-user@$(ip_from_instance "$1")
}
Depending on whether you're running instances inside of VPC or not, sometimes you'll get back one or the other. All-public (classic) EC2 should always get back a hostname, and sometimes a public IP.
Feel free to tweak/adjust as necessary.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With