Posted On: Jun 13, 2023

With EC2 Instance Connect Endpoint (EIC Endpoint), customers now have SSH and RDP connectivity to their EC2 instances without using public IP addresses. In the past, customers assigned public IPs to their EC2 instances for remote connectivity. With EIC Endpoints, customers can have remote connectivity to their instances in private subnets, eliminating the need to use public IPv4 addresses for connectivity.

Previously, customers had to create bastion hosts to tunnel SSH / RDP connections to instances with private IP addresses. Using bastion hosts involves operational overhead of patching, managing and auditing, as well as additional cost. EIC Endpoint eliminates the cost and operational overhead of maintaining bastions. EIC Endpoint combines AWS Identity and Access Management (IAM) based access controls to restrict access to trusted principals, with network based controls such as Security Group rules, and provides an audit of all connections via AWS CloudTrail, helping customers improve their security posture. 

To get started, simply add an EIC Endpoint to a subnet in your VPC(s) with a few clicks from the AWS Management console, AWS CLI or the SDK. Once added, you can setup the related IAM permissions for your users, and connect to your instance using a client of your choice. 

EIC Endpoint is available in all AWS commercial regions and the AWS GovCloud (US) Regions. There is no additional cost for using EIC endpoints. Standard data transfer charges apply. To learn more about EIC Endpoints see our documentation or blog post.