AWS EC2 Instance Connect
AWS EC2 Instance Connect
AWS EC2 Instance Connect API temporarily pushes SSH public keys to EC2 instance authorized_keys — SSH access without long-lived keys.
No-key-management security mode
Default support only for Amazon Linux 2 / Ubuntu 16.04+; other OS needs agent installation
aws ec2-instance-connect send-ssh-public-key --instance-id ... pushes the public key; ssh ec2-user@... within 60 seconds to log in.
Uptime · 30-day window
GitHub activity
About this API
EC2 Instance Connect addresses a traditional EC2 pain point: SSH key management. Traditional flow: configure a keypair at EC2 launch, download .pem to local — but .pem is a long-lived credential; leak means trouble. Sharing .pem among ops teams creates audit issues. Instance Connect takes a different approach: when you need SSH, temporarily push your public key to the target instance's authorized_keys (auto-expires in 60s), with IAM controlling who can push to which instance. CloudTrail logs every push for clean audits. Client just needs EC2 Instance Connect CLI or AWS Console's web SSH. Works for in-region SSH access; not cross-region or public-internet SSH (VPC-only). Systems Manager Session Manager is a more comprehensive alternative (no SSH port needed), but Instance Connect suits "want to keep SSH protocol experience" scenarios.
What you can build
- 1SSH into EC2 without pre-configured keypair at launch
- 2Temporary SSH access for debugging, then revoke
- 3Audit SSH access (CloudTrail records who pushed keys)
- 4Avoid managing ec2-user.pem long-lived keys
Strengths & limitations
Strengths
- No-key-management security mode
- Pushed keys auto-expire in 60 seconds
- Full CloudTrail audit
- Integrates with IAM for SSH access control
Limitations
- Default support only for Amazon Linux 2 / Ubuntu 16.04+; other OS needs agent installation
- Does not fully replace Systems Manager Session Manager (more comprehensive)
Example request
curl https://github.com/mermade/aws2openapi/<endpoint>Getting started
aws ec2-instance-connect send-ssh-public-key --instance-id ... pushes the public key; ssh ec2-user@... within 60 seconds to log in.
FAQ
Instance Connect vs. Session Manager?+
Session Manager: no SSH port + more comprehensive (session logs, port forwarding). Instance Connect: preserves SSH experience but needs port 22 open.
Technical details
- Auth type
- unknown
- Pricing
- unknown
- Protocols
- REST
- SDKs
- python, javascript, go, java
- Response time
- 13 ms
- Last health check
- 5/12/2026, 7:36:33 AM
More from Amazon Web Services
AWS IAM Access Analyzer API analyzes IAM resource policies for over-privileged access or external access — proactively surfaces security risks.
Amazon Chime SDK API embeds real-time audio/video calling and chat into apps (meetings, messaging, PSTN calls).
Amazon CloudFront is the AWS CDN and edge service — accelerates static and dynamic content delivery, a standard for web performance.
Amazon CloudSearch is AWS's managed search service (gradually superseded by OpenSearch Service).
CloudWatch Application Insights API auto-detects application problems — intelligently identifies anomalies (slow SQL queries, memory leaks), reducing manual alarm configuration.
AWS Cognito Identity Pools API issues temporary AWS credentials to frontend apps — identity federation, guest users, direct AWS resource access.
Amazon Cognito User Pools deliver managed user signup, login, password reset, and MFA for applications.
Amazon Connect Contact Lens API uses AI to analyze Amazon Connect calls in real time — sentiment, keywords, compliance detection, auto-summary.