Bird
Raised Fist0
AWScloud~5 mins

Connecting to EC2 instances in AWS - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
When you launch a virtual server on AWS called an EC2 instance, you need a way to connect to it to manage it. This concept shows how to securely connect to your EC2 instance using SSH, so you can control it like a regular computer.
When you want to install software or update settings on your EC2 server.
When you need to check logs or troubleshoot issues on your EC2 instance.
When you want to deploy your application manually on the EC2 server.
When you need to run commands or scripts directly on the EC2 instance.
When you want to verify that your EC2 instance is running and accessible.
Commands
This command sets the correct permissions on your private key file so SSH will accept it and keep it secure.
Terminal
chmod 400 my-key-pair.pem
Expected OutputExpected
No output (command runs silently)
This command connects you to your EC2 instance using SSH. The -i flag specifies your private key file, and the username and public DNS identify the server.
Terminal
ssh -i my-key-pair.pem ec2-user@ec2-3-15-237-12.us-east-2.compute.amazonaws.com
Expected OutputExpected
Last login: Tue Jun 6 12:34:56 2024 from 203.0.113.25 [ec2-user@ip-172-31-22-33 ~]$
-i - Specifies the private key file for authentication
This command ends your SSH session and disconnects you from the EC2 instance.
Terminal
exit
Expected OutputExpected
logout Connection to ec2-3-15-237-12.us-east-2.compute.amazonaws.com closed.
Key Concept

If you remember nothing else from this pattern, remember: use the correct private key file with proper permissions and the right username to securely connect to your EC2 instance via SSH.

Common Mistakes
Trying to connect without setting the private key file permissions to 400.
SSH refuses to use a key file that is too open for security reasons, causing connection failure.
Run 'chmod 400 my-key-pair.pem' before connecting to restrict permissions.
Using the wrong username for the EC2 instance.
Different AMIs use different default usernames; using the wrong one causes authentication failure.
Use 'ec2-user' for Amazon Linux, 'ubuntu' for Ubuntu AMIs, or check your AMI documentation.
Trying to connect to the wrong public DNS or IP address.
If the address is incorrect or the instance is stopped, SSH cannot reach the server.
Verify the instance is running and use the exact public DNS or IP shown in the AWS console.
Summary
Set the private key file permissions to 400 using chmod before connecting.
Use the ssh command with the -i flag to specify your private key and connect to the EC2 instance.
Exit the SSH session with the exit command when finished.

Practice

(1/5)
1. What is the primary method to securely connect to an AWS EC2 Linux instance?
easy
A. Using FTP with username and password
B. Using HTTP protocol
C. Using SSH with a private key file
D. Using RDP without any credentials

Solution

  1. Step 1: Understand connection protocols for EC2 Linux

    Linux EC2 instances use SSH (Secure Shell) for secure remote access.

  2. Step 2: Identify the authentication method

    SSH requires a private key file (.pem) to authenticate securely without passwords.

  3. Final Answer:

    Using SSH with a private key file -> Option C

  4. Quick Check:

    SSH + private key = secure EC2 Linux access [OK]
Hint: SSH with private key is standard for Linux EC2 [OK]
Common Mistakes:
  • Trying to use HTTP or FTP for EC2 Linux connection
  • Using RDP which is for Windows instances
  • Connecting without a private key
2. Which command correctly connects to an EC2 instance with IP 203.0.113.25 using the private key file mykey.pem and default username ec2-user?
easy
A. ssh -key mykey.pem ec2-user@203.0.113.25
B. ssh -i mykey.pem ec2-user@203.0.113.25
C. ssh ec2-user@203.0.113.25 -i mykey.pem
D. ssh -pem mykey.pem ec2-user@203.0.113.25

Solution

  1. Step 1: Recall SSH command syntax for private key

    The correct syntax is ssh -i <keyfile> <user>@<ip>.

  2. Step 2: Match the command with the syntax

    ssh -i mykey.pem ec2-user@203.0.113.25 matches the correct order and flags exactly.

  3. Final Answer:

    ssh -i mykey.pem ec2-user@203.0.113.25 -> Option B

  4. Quick Check:

    ssh -i keyfile user@ip = correct syntax [OK]
Hint: Use -i before key file in ssh command [OK]
Common Mistakes:
  • Placing -i after user@ip
  • Using -key or -pem flags which don't exist
  • Omitting the -i flag
3. Given the command ssh -i mykey.pem ubuntu@198.51.100.10, what will happen if the private key file mykey.pem has permissions set to 777?
medium
A. Connection will fail due to insecure key file permissions
B. Connection will succeed without warnings
C. SSH will prompt for a password instead
D. The instance will reject the username 'ubuntu' automatically

Solution

  1. Step 1: Understand SSH key file permission requirements

    SSH requires private key files to have strict permissions (usually 400 or 600) to prevent unauthorized access.

  2. Step 2: Effect of 777 permissions on SSH connection

    Permissions 777 are too open, so SSH refuses to use the key and fails the connection.

  3. Final Answer:

    Connection will fail due to insecure key file permissions -> Option A

  4. Quick Check:

    Too open key permissions = connection failure [OK]
Hint: Private key must have strict permissions (chmod 400) [OK]
Common Mistakes:
  • Assuming connection works with any key permissions
  • Thinking SSH will ask for password if key is insecure
  • Believing username causes rejection here
4. You try to connect to your EC2 instance but get a timeout error. Which of the following is the MOST likely cause?
medium
A. Your private key file is missing
B. The instance is running Windows OS
C. You used the wrong username for the instance
D. Your security group does not allow inbound SSH (port 22) traffic

Solution

  1. Step 1: Analyze timeout error causes

    Timeout usually means network traffic is blocked or unreachable, not authentication issues.

  2. Step 2: Check security group rules

    If inbound SSH (port 22) is not allowed, connection attempts will time out.

  3. Final Answer:

    Your security group does not allow inbound SSH (port 22) traffic -> Option D

  4. Quick Check:

    Timeout = blocked port 22 in security group [OK]
Hint: Check security group allows port 22 inbound [OK]
Common Mistakes:
  • Confusing timeout with wrong username errors
  • Assuming missing key causes timeout instead of auth failure
  • Thinking OS type causes timeout
5. You have an EC2 instance running Amazon Linux and another running Ubuntu. Which usernames should you use to connect via SSH respectively?
hard
A. ec2-user for Amazon Linux, ubuntu for Ubuntu
B. root for Amazon Linux, admin for Ubuntu
C. admin for Amazon Linux, ec2-user for Ubuntu
D. ubuntu for Amazon Linux, ec2-user for Ubuntu

Solution

  1. Step 1: Identify default SSH usernames per OS

    Amazon Linux uses ec2-user and Ubuntu uses ubuntu as default SSH usernames.

  2. Step 2: Match usernames to instances

    Use ec2-user for Amazon Linux and ubuntu for Ubuntu instances.

  3. Final Answer:

    ec2-user for Amazon Linux, ubuntu for Ubuntu -> Option A

  4. Quick Check:

    Amazon Linux = ec2-user, Ubuntu = ubuntu [OK]
Hint: Match username to OS: ec2-user for Amazon Linux [OK]
Common Mistakes:
  • Using root or admin instead of default usernames
  • Mixing usernames between OS types
  • Assuming username is always 'admin'