How to connect to EC2 instance which is in Private subnet from my Windows OS client machine through Bastion host.?

Question

I have a scenario as following, I have one EC2 instance in private subnet and one EC2 instance in public subnet. How can I connect to private subnet EC2 instance through public subnet EC2 instance which is also called Bastion host (Jump box) from my Windows OS client machine.??

Answer 1

The easiest way is in the bastion(public instance), make the copy of the .pem file that you assigned to the private instance when you launched it.

example.pem

Then, you need to make it only readable by you(otherwise you cannot make a connection).

chmod 400 example.pem

Finally, run this command below to connect to the private instance from the bastion. (Use the private ip of the private instance after @ in the command below)

ssh -i "example.pem" ubuntu@10.0.2.254

That's it!!

Supplementally saying, the name of .pem file doesn't need to be the same as the one you assigned to the private instance. But the content which is RSA PRIVATE KEY must be the same as the one you assigned to the private instance.

Answer 2

You need to connect to the Bastion host, and use that connection to open a tunnel from your machine to the target machine in the private subnet. That allows you open a second connection to the target machine, using the tunnel.

Here is a guide on how to do this using Putty: AWS Setup Bastion Host SSH Tunnel (they are also opening a second tunnel to a Windows server, you can ignore that part).