Amazon Elastic Compute Cloud
User Guide (API Version 2011-12-15)
AWS Documentation » Amazon EC2 » User Guide » Using Amazon EC2 » Using Instances » Connecting to Instances
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...
Filter View:

Connecting to Instances

Topics

This section describes how to connect to instances that you launched and how to transfer files between your local machine and your Amazon EC2 instance. For information on launching instances, see Launching and Using Instances.

Prerequisites

  • Enable SSH/RDP traffic—Open the instance's SSH or RDP port

    Before you try to connect, ensure that your Amazon EC2 instance accepts incoming traffic on the proper port. For Linux/UNIX instances, open port 22 for SSH access. For Windows instances, open port 3389 for RDP access. For more information, see Authorize Network Access to Your Instances.

  • SSH/RDP client—Install an SSH or RDP client

    Most Linux and UNIX machines include an SSH client by default. You can check for an SSH client by typing ssh at the command line. If your machine doesn't recognize the command, the OpenSSH project provides a free implementation of the full suite of SSH tools. For more information, go to http://www.openssh.org. Likewise, most Windows machines include an RDP client. For more information, go to the Microsoft website.

  • Instance ID—Get the ID of your Amazon EC2 instance

    Retrieve the Instance ID of the Amazon EC2 instance you want to access. The Instance ID for all your instances are available in the AWS Management Console or through the CLI command ec2-describe-instances.

  • Private key—Get the path to your private key

    You'll need the fully qualified path of the private key file associated with your instance. For more information on key pairs, see Getting an SSH Key Pair.

To connect to an Amazon EC2 Linux/UNIX instance, use SSH. To connect to an Amazon EC2 Windows instance, use the Remote Desktop Protocol (RDP). The following sections provide more information on how to connect to your instance with these protocols.

Authorize Network Access to Your Instances

By default, Amazon EC2 instances do not permit access on any ports. To access your instance with SSH or RDP, your instance must allow incoming traffic on port 22 or 3389, respectively. To open a port for incoming traffic, add a security group rule to a security group that includes your instance. You can use the AWS Management Console or the command line tools (i.e., API tools). If you use the command line tools, use them on your local system, not on the instance itself.

The following instructions authorize incoming SSH or RDP traffic for your instance, but only from your local system's public IP address. If your IP address is dynamic, you must authorize access each time it changes. To allow additional IP address ranges, add a new security group rule for each range.

[Important]Important

Get the public IP address of your local machine by going to a search engine (Google, Yahoo, Bing, etc.). Enter "what is my IP address" and use one of the provided services. If you are connecting through an ISP or from behind your firewall without a static IP address, you need to find out the range of IP addresses used by client machines.

AWS Management Console

To add a rule to a security group for SSH access for Linux instances

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Click Security Groups in the Navigation pane.

    The console displays a list of security groups that belong to the account.

  3. Select an EC2 security group that includes your instance.

    Its rules appear on the Inbound tab in the lower pane.

  4. From the Create a new rule: drop-down list, select SSH.

    Security group: add SSH rule

  5. In the Source field, specify your local system's public IP address in CIDR notation. For example, if your IP address is 203.0.113.0, enter 203.0.113.0/32.

  6. Click Add Rule.

    An asterisk appears on the Inbound tab.

  7. Click Apply Rule Changes.

    The new rule is created and applied to all instances that belong to the security group.

To add a rule to a security group for RDP access for Windows instances

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Click Security Groups in the Navigation pane.

    The console displays a list of security groups that belong to the account.

  3. Select an EC2 security group that includes your instance.

    Its rules appear on the Inbound tab in the lower pane.

  4. From the Create a new rule: drop-down list, select RDP.

    Security group: add RDP rule

  5. In the Source field, specify your local system's public IP address in CIDR notation. For example, if your IP address is 203.0.113.0, enter 203.0.113.0/32.

  6. Click Add Rule.

    An asterisk appears on the Inbound tab.

  7. Click Apply Rule Changes.

    The new rule is created and applied to all instances that belong to the security group.

Command Line Interface

To add a rule to a security group for SSH access

  • Enter the ec2-authorize command to open port 22 (SSH port) to your IP address.

    The following example adds a rule to the default security group that allows incoming traffic on port 22 from your IP address.

    PROMPT>  ec2-authorize default -p 22 -s your_ip_address/32
GROUP default
PERMISSION default ALLOWS tcp 22 22 FROM CIDR your_ip_address/32

To add a rule to a security group for RDP access

  • Enter the ec2-authorize command to open port 3389 (RDP port) to your IP address.

    The following example adds a rule to the default security group that allows incoming traffic on port 22 from your IP address.

    PROMPT>  ec2-authorize default -p 3389 -s your_ip_address/32
GROUP default
PERMISSION default ALLOWS tcp 3389 3389 FROM CIDR your_ip_address/32
Document Conventions
Terms of Use		Did this page help you?  Yes  No   Tell us about it...