Support AWS EC2 instances without public IP

[csantanapr]

Is your feature request related to a problem?
Some users can't have the ec2 instance on public subnet, they need to be in private subnet

Which solution do you suggest?
Devpod should be able to leverage the new recent feature ec2 connect https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-ec2-instance-connect-ssh-rdp-public-ip-address/

Which alternative solutions exist?
don't know

Additional context

[ThomasK33]

Hey @csantanapr 👋

While I have you here, what would be the most significant difference/advantage of instance connect compared to running an SSH session via AWS SSM?

We have yet to look into this use case for the AWS provider, but I remember from the past that SSM was (somewhat) popular.

[csantanapr]

Hi @ThomasK33
Both options are very popular, I just wanted to let the team know that in addition of AWS SSM ec2 connect recently announce the feature of connecting via SSHP without public IP addres

I personally don't have a strong preference as long I can use an instance that is located in a private subnet where I can reach endpoints that are not public like EKS kube-api endpoint, and other instances

[alexandradragodan]

hey, @csantanapr 👋

Thanks for suggesting this!
Forgot to let you know this is already on our roadmap, our team will start working on it soon.

[csantanapr]

Any updates on this

[csantanapr]

Any updates on this?

[pascalbreuninger]

@csantanapr we've release a new alpha version to test this, you'd need to

1. run devpod provider add [email protected]
2. set devpod provider set-options aws -o AWS_USE_INSTANCE_CONNECT_ENDPOINT to use the default instance connect endpoint for your subnet or alternatively specify which one you want with the AWS_INSTANCE_CONNECT_ENDPOINT_ID option
3. create a new workspace

iirc the maximum duration for tunnels through instance connect endpoints is 1 hour, if you're IDE doesn't do automatic reconnections you'll need to manually ssh into the workspace again

[shanman190]

EC2 Instance Connect will be a welcomed feature for those users that don't have a Direct Connect or VPN to their VPCs.

Just to note for others that arrive here as well with direct connect or VPN, I had added direct private ip support back with #10.

[csantanapr]

Nice @pascalbreuninger Nice 👍 Thank you !

[csantanapr]

@shanman190 your saying you fix in #10 the ability to use VPN and use the private IP of the instance (ie 10.0.1.3) ?

[shanman190]

@csantanapr, yes, if you happen to have a private connection to the VPC such as a VPN, then that PR enabled you to access the instance via its private IP.

[pascalbreuninger]

@csantanapr That's currently not easily doable from the UI for alpha and beta versions. You can always quick-install the CLI from Settings > Add CLI to Path, though