# How to access your EC2 instance via SSH only from specific IP-Addresses

In this article, we will learn how to create a `Security Group`, that enables SSH traffic through port 22 from a `Managed Prefix List`. The  `Managed Prefix List` allows us to conveniently manage your public IP-addresses that can connect to our `EC2 instance`.

# Table of Content
1. Create Managed Prefix List
2. Create Security Group
3. Attach Security Group to EC2 instance
4. Access your EC2 instance via SSH
5. Conclusion

# 1. Create Managed-Prefixlist
1. Go to the AWS service `VPC` and select `Managed prefix lists`. 
1. Click the button `Create prefix list`
1. `Prefix list name`: IP-Whitelist for SSH access
1. `Max entries`: 10
1. `Address-family`: IPv4
1. Under `Prefix list entries` click **Add new entry**
1. Click **Create prefix list**

# 2. Create Security Group
1. Go to the AWS service `VPC` and select `Security groups`. 
1. Click **Create security group**
1. `Security group name`: SSH
1. `Description`: Allows SSH access from a managed prefix list
1. `VPC`: <your vpc>
1. Under `Inbound rules` click **Add rule**
1. `Type`: SSH 
1. `Source`: Custom
1. Scroll down to **Prefix lists** and select your created newly created **IP-Whitelist for SSH access** prefix list.
1. Click **Create security group**

# 3. Attach Security Group to EC2 instance
1. Go to the AWS service `EC2` and select your `EC2 instance`
1. Go to `Actions` -> `Security` and click `Change security groups`
1. Under **Associated security groups** select your newly created Security Group `SSH`
1. Click **Add security group**
1. Click **Save**

Now you should be able to connect via `SSH` to your EC2 instance. Of course you also need a valid `Key pair` assigned to your `EC2 instance` and have the corresponding private key on your local machine or client.

# 4. Access your EC2 instance via SSH
1. Go to the AWS service `EC2` and select your `EC2 instance`.
1. Make sure under `Details` -> `Key pair assigned at launch` you have a `Key pair` assigned and you have the corresponding `Private Key` (usually a .cer file) saved on your local machine. 
1. On your local machine open a new `terminal` and navigate to your `Private Key` cer file.
1. Connect to your `EC2 instance` with following command
```
ssh -i privateKey.cer ubuntu@10.20.30.40
```
Replace the ip-address **10.20.30.40** with your **Public ip-address** of your `EC2 instance` and **ubuntu** with your user. 

# 5. Conclusion
In this article we learned how to create a `Managed prefix list` to simplify the process of adding and modifying IP addresses that are permitted to establish an `SSH` connection to our `EC2 instance`. We have also covered the steps involved in creating a `Security Group` and configuring an `Inbound rule` specifically designed to allow `SSH` access via `Port 22` from our newly created `Managed prefix list`. By assigning this `Security group` to our `EC2 instance`, we have successfully established `SSH` connectivity, provided that we have a valid `Key pair` associated with our `EC2 instance` and have saved the corresponding `Private Key` on our local machine or client.

