Issue
Unable to connect to EC2 via AWS Console in a web browser
Connection via SSH Client works fine
When Security Group is set to allow all for SSH, connection is possible, but the IP is not the user’s own IP
Cause
Browser-based SSH connections use the EC2 Instance Connect service to redirect access to your instance.
[Your PC] ---<TCP/443>---> [AWS Web Console: EC2 Instance Connect] ----<TCP/22>---> [EC2 Instance]
Solution
As shown above, access to the EC2 instance goes through AWS, so instead of the IP address of your own PC, you need to assign the AWS IP address of the region where the EC2 instance is located to the Security Group of the EC2 instance.
Set up EC2 Instance Connect - Task 1: Configure network access to an instance
It is recommended to allow inbound SSH traffic from the published IP blocks for service use (Amazon EC2 console browser-based client). Use the EC2_INSTANCE_CONNECT filter for the service parameter to obtain the IP address ranges used by EC2 Instance Connect. |
The AWS IP used in the Korea region can be identified using the following command, and the identified CIDR should be entered in the "Source" field of the Security Group for SSH connection:
$ curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region=="ap-northeast-2") | select(.service=="EC2_INSTANCE_CONNECT") | .ip_prefix' 13.209.1.56/29
You can verify that the client IP (FROM) checked with the
w
command is included in the above CIDR.Reference
How do I troubleshoot issues connecting to an EC2 instance using EC2 Instance Connect?
https://aws.amazon.com/ko/premiumsupport/knowledge-center/ec2-instance-connect-troubleshooting/?nc1=h_ls