Use the tunnel

Finally ssh into your EC2 instance by using AWS IoT secure tunneling.

Before you can ssh into a remote host you need to have a private key. This key has already been created for you during bootstrapping of your EC2 instance and has been copied to the S3 bucket for the workshop.

In a Cloud9 terminal:

Copy ssh private key onto your instance

cd ~/secure-tunneling

# copy the ssh private key to your AWS Cloud9 environment
aws s3 cp s3://$S3_BUCKET/ssh/sec-tunnel.key .
chmod 400 sec-tunnel.key

Ssh into your remote EC2 instance

ssh -i sec-tunnel.key -p 2333 ec2-user@localhost

Answer yes when you are prompted with Are you sure you want to continue connecting (yes/no)?

You should have been logged in into your EC2 instance and should see a banner similar to:

Secure tunnel

If you are interested you can also take a look at the logs from the listener agent:

cd /tmp
tail  -f listener-agent.log