Right now you can only connect to an EC2 instance using pulumi-command if:
VPC has internet gateway
EC2 instance is in public subnet
key-pair access is enabled (this is disabled in a lot of organizations because it's not easily auditable)
Security Groups allow internet ingress on SSH port (also forbidden in a lot of organizations)
AWS provides two services that let you connect to EC2 instances that cannot meat the requirements above:
AWS SSM
EC2 instance connect endpoint
By extending pulumi-command to support establishing remote connections via those two methods we can offer customers more secure, auditable access to their EC2 instances as well as enable them to use pulumi-command in secured environments that do not permit regular SSH access.
Right now you can only connect to an EC2 instance using pulumi-command if:
AWS provides two services that let you connect to EC2 instances that cannot meat the requirements above:
By extending pulumi-command to support establishing remote connections via those two methods we can offer customers more secure, auditable access to their EC2 instances as well as enable them to use pulumi-command in secured environments that do not permit regular SSH access.