Welcome to my corner of the web
How to access your EC2 instance via SSH only from specific IP-Addresses

How to access your EC2 instance via SSH only from specific IP-Addresses

Dennis Schmidt's photo
Dennis Schmidt
·

3 min read

In this article, we will learn how to create a Security Group, that enables SSH traffic through port 22 from a Managed Prefix List. The Managed Prefix List allows us to conveniently manage your public IP-addresses that can connect to our EC2 instance.

Table of Content

  1. Create Managed Prefix List
  2. Create Security Group
  3. Attach Security Group to EC2 instance
  4. Access your EC2 instance via SSH
  5. Conclusion

1. Create Managed-Prefixlist

  1. Go to the AWS service VPC and select Managed prefix lists.
  2. Click the button Create prefix list
  3. Prefix list name: IP-Whitelist for SSH access
  4. Max entries: 10
  5. Address-family: IPv4
  6. Under Prefix list entries click Add new entry
  7. Click Create prefix list

2. Create Security Group

  1. Go to the AWS service VPC and select Security groups.
  2. Click Create security group
  3. Security group name: SSH
  4. Description: Allows SSH access from a managed prefix list
  5. VPC:
  6. Under Inbound rules click Add rule
  7. Type: SSH
  8. Source: Custom
  9. Scroll down to Prefix lists and select your created newly created IP-Whitelist for SSH access prefix list.
  10. Click Create security group

3. Attach Security Group to EC2 instance

  1. Go to the AWS service EC2 and select your EC2 instance
  2. Go to Actions -> Security and click Change security groups
  3. Under Associated security groups select your newly created Security Group SSH
  4. Click Add security group
  5. Click Save

Now you should be able to connect via SSH to your EC2 instance. Of course you also need a valid Key pair assigned to your EC2 instance and have the corresponding private key on your local machine or client.

4. Access your EC2 instance via SSH

  1. Go to the AWS service EC2 and select your EC2 instance.
  2. Make sure under Details -> Key pair assigned at launch you have a Key pair assigned and you have the corresponding Private Key (usually a .cer file) saved on your local machine.
  3. On your local machine open a new terminal and navigate to your Private Key cer file.
  4. Connect to your EC2 instance with following command
    ssh -i privateKey.cer ubuntu@10.20.30.40
    Replace the ip-address 10.20.30.40 with your Public ip-address of your EC2 instance and ubuntu with your user.

5. Conclusion

In this article we learned how to create a Managed prefix list to simplify the process of adding and modifying IP addresses that are permitted to establish an SSH connection to our EC2 instance. We have also covered the steps involved in creating a Security Group and configuring an Inbound rule specifically designed to allow SSH access via Port 22 from our newly created Managed prefix list. By assigning this Security group to our EC2 instance, we have successfully established SSH connectivity, provided that we have a valid Key pair associated with our EC2 instance and have saved the corresponding Private Key on our local machine or client.

AWSsecuritygroups