Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Find out ECS AMI username to be able to ssh using EC2 Instance Connect Endpoint

0

I am trying to leverage this "EC2 Instance Connect Endpoint" feature to ssh using by browser to instances that do not have any public IP. It works fine if I start an instance using an Amazon Linux ami. However, it does not with my services deployed with ECS backed by EC2 and I get this very generic error message: Failed to connect to your instance Error establishing SSH connection to your instance. Try again later.

I tried created an instance manually using the same ami (ami-090310a05d8eae025 - amazon/amzn2-ami-ecs-hvm-2.0.20230428-x86_64-ebs ) and it does not work as well, so I suspect something is different in this image than the vanilla Amazon Linux one. The default username seems to be "ec2-user" but how do I verify that this ami uses the same one? Is there any other trick that this ami could do differently that would prevent me from connecting?

Topics
ComputeContainers
Tags
Amazon EC2Amazon Elastic Container Service
Language
English
asked a year ago671 views
4 Answers
0

Hi,

It's not a direct reponse to your question but it may help you get the answer: AWS has open-sourced the scripts used to build the Amazon ECS-optimized Linux AMIs.

See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-ami-build-scripts.html

Those scripts are available at https://github.com/aws/amazon-ecs-ami

By analyzing them, you will see if they contain any settings preventing the use of EC2 Instance Connect Endpoint. You can also adapt them to your specific needs (and make sure that you can have ssh connection)

Best,

Didier

EXPERT
answered a year ago
EXPERT
reviewed a year ago
0

Hi,

Please check 2 things:

  1. If VPC of EC2 Instance Connect Endpoint is the same as EC2 VPC.
  2. Check SG of EC2 Instance Connect Endpoint. SG EC2 Instance Connect Endpoint should allow SSH TCP 22 for outbound traffic. SG of EC2 should have inbound rule that allows SG of EC2 Instance Connect Endpoint.
answered a year ago
0

Hey!

All this seems to work. Again, I am testing with the same VPC and SG, and I get it working with a different AMI. But for some reason, it does not work with the ECS AMI.

answered a year ago
0

Hello, I ran into the same issue. Looks like ECS optimized ami doesn't have the following link module in the initial setting, so I installed it and now can connect to my ec2 via EC2 Instance Connect Endpoint.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content