EC2 Instance Connect (browser-based SSH connection) doesn't work

3
votes

Trying to connect Amazon AWS EC2 instance fails.

Platform: Amazon Linux

Connection method: EC2 Instance Connect (browser-based SSH connection)

Error: There was a problem setting up the instance connection Log in failed. If this instance has just started up, try again in a minute or two.

Note: I am able to connect via Putty / SSH Client. But same instance can't connect via browser.

When checked network logs in browser's developer tool, see a Status Code: 400 Bad Request for following URL:

https://ec2-instance-connect.us-east-2.managed-ssh.aws.a2z.com/ls/api/tokens

Has anyone ever successfully connected to Amazon Linux EC2 instance from browser.

3
amazon-ec2
There are two functions of EC2 Instance Connect. One function pushes a temporary private key. The other function is the web-based browser. You can test each operation separately. First, what is the Security Group setting for port 22 for that instance? Does it permit access from the EC2_INSTANCE_CONNECT range of IP addresses, or even 0.0.0.0/0?John Rotenstein
yes is has 0.0.0.0/0, ::/0user3731930
Are you using Amazon Linux or Amazon Linux 2?John Rotenstein

3 Answers

4
votes

To test, I just did the following:

  • Launched an Amazon Linux 2 EC2 instance with the default security group
  • Clicked "Connect" in the EC2 management console
  • Selected "EC2 Instance Connect"
  • Clicked "Connect"

A new browser tab opened and a few seconds later I had a working SSH connection.

I then tried it again with an Amazon Linux (not Amazon Linux 2) instance and got the error:

There was a problem setting up the instance connection
Log in failed. If this instance has just started up, try again in a minute or two.

This is because the EC2 Instance Connect client is only pre-installed on Amazon Linux 2 and Ubuntu 16.04 or later.

0
votes

This is for AWS Lightsail, I could not use browser to connect via SSS, instead I was able to connect via SSH using macOS terminal. I was able to login via SSH by appending my public key id_rsa.pub contents to the remote authorized_keys file, I used SFTP (Filezilla) to update authorized_keys file. For SFTP connection I downloaded ssh key from Accounts page.

0
votes

You can use EC2 Instance Connect with your ssh client. In case you really need the browse-based connection, your security group must have a rule allowing SSH connections (port 22) from 0.0.0.0/0. Not much secure in my point of view...