To connect to a private EC2 instance you need to use a bastion host (oka jump box). But because of security concerns you might not want to upload your private key to the bastion host. How do you solve this dilemma ? Easy! With SSH Agent forwarding.
You can refer to the code snippet below or the video at the bottom of the article
ssh-agent bash ssh-add keyfilename ssh -A USER@BASTIONHOST [connected] ssh USER@PRIVATEIP
The video below shows you how to do this quick and easy