cluster-api-provider-aws Create "EC2 Instance Connect Endpoint" in VPC to enable SSH access to nodes without public IPs

Create "EC2 Instance Connect Endpoint" in VPC to enable SSH access to nodes without public IPs

Open dlipovetsky opened this issue 5 months ago • 1 comments

trafficstars

/kind feature

Describe the solution you'd like EC2 introduced a mechanism, "EC2 Instance Connect" to make SSH connections to nodes without public IPs. This mechanism requires creating an endpoint in the VPC of the node. This endpoint has no ongoing cost.

CAPA should, as an option, create this endpoint in any VPC it manages. We may want to do so by default.

Anything else you would like to add: EC2 Instance Connect supports every use case for which CAPA currently deploys a bastion. If we support EC2 Instance Connect, we can deprecate bastion support.

Environment:

Cluster-api-provider-aws version:
Kubernetes version: (use kubectl version):
OS (e.g. from /etc/os-release):

Jun 09 '25 16:06 dlipovetsky

cluster-api-provider-aws cluster-api-provider-aws copied to clipboard

Create "EC2 Instance Connect Endpoint" in VPC to enable SSH access to nodes without public IPs

cluster-api-provider-aws
cluster-api-provider-aws copied to clipboard