Connect To EC2 using Ec2 Instance Connect Without AWS Configure
Do you know Keeping our AWS credentials on Ec2 — Instance is Super Insecure.
I am not talking about Creating an EC2 Instance. It will cover on another Blog.
I am going to cover how we can connect to EC2 Instance using AWS default CLI .(i.e., AWS EC2 Instance Connect) .
How we can access CLI without “aws configure”
The RIGHT WAY to access AWS CLI on EC2
- IAM roles can be attached to EC2 Instance.
- IAM roles can come with a policy authorizing exactly what the EC2 instance can be able to do.
- We need to create an IAM role for EC2 Instance and provide access privilege's to IAM role. What type of access is needed. We will attach a policy to the IAM Role.
4. Ec2 Instances can then use these profiles automatically without any additional configurations required.
NOTE:NEVER EVER put your CREDENTIALS on AWS CONFIGURE always use IAM ROLES.
Attach an IAM Role to an Instance.. Let’s deep dive into it.
- Go to IAM Management Console >> Roles >> Create Role.
3.Click on Create Role , you are navigating to this screen .Most used use case is EC2. Choose EC2 and click NEXT : Permissions.
4. Here I am providing AWS S3 Read Only Access and S3 Full Access to the IAM Role. So, we can create an S3 bucket, READ, WRITE, DELETE / MODIFY permissions we are allocated to the IAM Role.
5. We can Add Tags / Optional.
6. Click on Review and you will be navigated to this final review screen. You have to provide Role Name for the IAM Role. Click on CREATE ROLE .
7. In IAM Roles Section you can able to see this type of Toastr Message.
Final Step Attach / Modify IAM Role to EC2 Instance
Go to Instances >> Select the Running Instance for which you want to attach the IAM Role. Right click on the Selected Instance . Go to Security > Select Modify IAM Role/Attach IAM Role.
We will navigate to a new screen that consists of attaching the IAM role / Create New IAM Role. Select the IAM Role from the list if you choose to. Click Save . I am Selecting Demo-S3Role.
Once you click on Save and Navigate to list of Ec2 Instances. Select the Ec2 Instance and you can able to see the section IAM Role with Role Attached To it.
Connect To Ec2 Instance without AWS Configure
Let’s Connect to AWS Ec2 Connect >> Click on Connect at top of the list. we will navigate to this screen then again Click Connect .
I will show you how it looks after connecting to the Ec2 Instance ( Linux Console).
I didn’t Configure any credentials to AWS EC2 Instance.
Let’s Check the Operations of s3 listing se bucket details using command “aws s3 ls”
Without any credentials we can able to access the s3 ls using IAM Role. Wow how good and super secure it is.
Let’s check what are the contents inside the s3 buckets.
I hope this article is helpful and get better understanding of How we can access AWS EC2 instance without AWS Configure. Happy Learning.. :-)
Cheers,
Adityavardhan N