Posted on Sep 29 EC2 Instance Connect Endpoint allows you to connect to an instance without requiring the instance to have a public IPv4 address. You can connect to any instances that support TCP.For more info and its limitations please visit this link.In order to connect to an ec2 instance using instance connect endpoint you need to create an IAM role with the following policy attached "EC2InstanceConnect"In AWS management console open IAM service, click Roles then click Create Roleselect EC2 then Nextsearch for policy EC2InstanceConnect, select it and press next.fill in the role name and description as desired, then click Create roleRole has been createdTo create an EC2 instance connect endpoint open VPC service from the management console, select Endpoints then Create endpoint.Fill in the endpoint name, choose EC2 Instance Connect Endpoint. then select the desired VPC.you can use the option "Preserve Client IP" if you want the endpoint to use your IP when establishing the connection (for example if you configured the EC2 instance's security group to only accept connections from your IP)select desired subnet and endpoint security group, make sure port 22 is allowed in inbound rules for Linux instances and port 3389 for windows instances. endpoint does not support IPv6, for more limitations check this linkthen click create endpoint. note that creation will take some time.To create an EC2 instance, in the management console go to EC2 service. Choose Instances then launch Instances.fill in the EC2 instance name and choose the AMIchoose the key pair if you want, it is optional. and select the instance typechoose the VPC and subnet (subnet I choose is private). I disabled the auto assign public IP options as I don't need it. Select the security group and make sure the appropriate port is enabled in the inbound rules (22 for linux and port 3389 for windows). If you limited the source connection to your IP, you need to use an endpoint with option "Preserve Client IP" enabled.expand advanced details section, and in IAM instance profile choose the role we created in before. then click launch My EC2 instance is now created, in a private subnet with no public IP and no key pair, still I can connect to it using the ec2 instance connect endpoint.In EC2 service page select your instance and click connectselect EC2 Instance Connect, Connect using EC2 Instance Connect Endpoint, choose the end point you created then click connect.you are now connected to the EC2 instanceTo connect using CLI, you have to install AWS CLI first (check this link ) , create an access key (check this link ) and configure CLI using " aws configure "command.Afer that use the following command to connect to your EC2 instance" aws ec2-instance-connect ssh --instance-id i-1234567890example --connection-type eice "replace i-1234567890example with your EC2 instance idIf you face the following error:aws: error: argument operation: Invalid choice, valid choices are:send-ssh-public-key | send-serial-console-ssh-public-key help please update you AWS CLI and the problem will be solved.Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well Confirm For further actions, you may consider blocking this person and/or reporting abuse Nathan Tarbert - Sep 26 Juan Felipe Lujan - Sep 10 V Sai Harsha - Sep 14 PGzlan - Sep 10 Once suspended, mostafamedhat1983 will not be able to comment or publish posts until their suspension is removed. Once unsuspended, mostafamedhat1983 will be able to comment and publish posts again. Once unpublished, all posts by mostafamedhat1983 will become hidden and only accessible to themselves. If mostafamedhat1983 is not suspended, they can still re-publish their posts from their dashboard. Note: Once unpublished, this post will become invisible to the public and only accessible to mostafamedhat1983. They can still re-publish the post if they are not suspended. Thanks for keeping DEV Community safe. Here is what you can do to flag mostafamedhat1983: mostafamedhat1983 consistently posts content that violates DEV Community's code of conduct because it is harassing, offensive or spammy. Unflagging mostafamedhat1983 will restore default visibility to their posts. DEV Community — A constructive and inclusive social network for software developers. With you every step of your journey. Built on Forem — the open source software that powers DEV and other inclusive communities.Made with love and Ruby on Rails. DEV Community © 2016 - 2023. We're a place where coders share, stay up-to-date and grow their careers.