AWS EC2 Instance Connect
AWS EC2 Instance Connect
AWS EC2 Instance Connect API temporarily pushes SSH public keys to EC2 instance authorized_keys — SSH access without long-lived keys.
No-key-management security mode
Default support only for Amazon Linux 2 / Ubuntu 16.04+; other OS needs agent installation
aws ec2-instance-connect send-ssh-public-key --instance-id ... pushes the public key; ssh ec2-user@... within 60 seconds to log in.
Uptime · 30-day window
GitHub activity
About this API
EC2 Instance Connect addresses a traditional EC2 pain point: SSH key management. Traditional flow: configure a keypair at EC2 launch, download .pem to local — but .pem is a long-lived credential; leak means trouble. Sharing .pem among ops teams creates audit issues. Instance Connect takes a different approach: when you need SSH, temporarily push your public key to the target instance's authorized_keys (auto-expires in 60s), with IAM controlling who can push to which instance. CloudTrail logs every push for clean audits. Client just needs EC2 Instance Connect CLI or AWS Console's web SSH. Works for in-region SSH access; not cross-region or public-internet SSH (VPC-only). Systems Manager Session Manager is a more comprehensive alternative (no SSH port needed), but Instance Connect suits "want to keep SSH protocol experience" scenarios.
What you can build
- 1SSH into EC2 without pre-configured keypair at launch
- 2Temporary SSH access for debugging, then revoke
- 3Audit SSH access (CloudTrail records who pushed keys)
- 4Avoid managing ec2-user.pem long-lived keys
Strengths & limitations
Strengths
- No-key-management security mode
- Pushed keys auto-expire in 60 seconds
- Full CloudTrail audit
- Integrates with IAM for SSH access control
Limitations
- Default support only for Amazon Linux 2 / Ubuntu 16.04+; other OS needs agent installation
- Does not fully replace Systems Manager Session Manager (more comprehensive)
Getting started
aws ec2-instance-connect send-ssh-public-key --instance-id ... pushes the public key; ssh ec2-user@... within 60 seconds to log in.
FAQ
Instance Connect vs. Session Manager?+
Session Manager: no SSH port + more comprehensive (session logs, port forwarding). Instance Connect: preserves SSH experience but needs port 22 open.
Technical details
- Auth type
- unknown
- Pricing
- unknown
- Protocols
- REST
- SDKs
- python, javascript, go, java
- Response time
- 41 ms
- Last health check
- 6/26/2026, 6:22:15 AM
More from Amazon Web Services
AWS IAM Access Analyzer API analyzes IAM resource policies for over-privileged access or external access — proactively surfaces security risks.
Alexa for Business helps you use Alexa in your organization.
Amazon API Gateway helps developers deliver robust, secure, and scalable mobile and web application back ends.
Use AppConfig, a capability of Amazon Web Services Systems Manager, to create, manage, and quickly deploy application configurations.
Welcome to the Amazon AppFlow API reference.
The Amazon AppIntegrations service enables you to configure and reuse connections to external applications.
Amazon AppStream 2.0 API Reference.
Amazon Athena is an interactive query service that lets you use standard SQL to analyze data directly in Amazon S3.