To connect to a private EC2 instance you need to use a bastion host (oka jump box). But because of security concerns you might not want to upload your private key to the bastion host. How do you solve this dilemma ? Easy! With SSH Agent forwarding.
You can refer to the code snippet below or the video at the bottom of the article
ssh-agent bash
ssh-add keyfilename
ssh -A USER@BASTIONHOST
[connected]
ssh USER@PRIVATEIP
The video below shows you how to do this quick and easy