# Connect to your Linux instance using a public IP address and EC2 Instance Connect Amazon EC2 Instance Connect provides a secure way to connect to your Linux instances over Secure Shell (SSH). With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) [policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [principals](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) to control SSH access to your instances, removing the need to share and manage SSH keys. All connection requests using EC2 Instance Connect are [logged to AWS CloudTrail](monitor-with-cloudtrail.md#ec2-instance-connect-cloudtrail) so that you can audit connection requests. You can use EC2 Instance Connect to connect to your instances using the Amazon EC2 console or the SSH client of your choice. When you connect to an instance using EC2 Instance Connect, the EC2 Instance Connect API pushes an SSH public key to the [instance metadata](ec2-instance-metadata.md) where it remains for 60 seconds. An IAM policy attached to your user authorizes your user to push the public key to the instance metadata. The SSH daemon uses `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser`, which are configured when EC2 Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance. **Tip** EC2 Instance Connect is one of the options to connect to your Linux instance. For other options, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). To connect to a Windows instance, see [Connect to your Windows instance using RDP](connecting_to_windows_instance.md). **Pricing** EC2 Instance Connect is available at no additional cost. **Region availability** EC2 Instance Connect is available in all AWS Regions. It is not supported in Local Zones. **Topics** + [Tutorial](ec2-instance-connect-tutorial.md) + [Prerequisites](ec2-instance-connect-prerequisites.md) + [Permissions](ec2-instance-connect-configure-IAM-role.md) + [Install EC2 Instance Connect](ec2-instance-connect-set-up.md) + [Connect to an instance](ec2-instance-connect-methods.md) + [Uninstall EC2 Instance Connect](ec2-instance-connect-uninstall.md) For a blog post that discusses how to improve the security of your bastion hosts using EC2 Instance Connect, see [Securing your bastion hosts with Amazon EC2 Instance Connect](https://aws.amazon.com/blogs/infrastructure-and-automation/securing-your-bastion-hosts-with-amazon-ec2-instance-connect/).