Connecting to Your Windows Instance
Amazon EC2 instances created from most Windows Amazon Machine Images (AMIs) enable you to connect using Remote Desktop. Remote Desktop uses the Remote Desktop Protocol (RDP) and enables you to connect to and use your instance in the same way you use a computer sitting in front of you. This topic describes how to connect using Remote Desktop Connecton, which is available on most editions of Windows. The Windows Server 2016 Nano installation option (Nano Server) does not include an RDP option for connecting. You must use Windows PowerShell. For more information, see Connect to a Windows Server 2016 Nano Server Instance. For information about connecting to a Linux instance, see Connect to Your Linux Instance in the Amazon EC2 User Guide for Linux Instances. If you receive an error while attempting to connect to your instance, see Remote Desktop can't connect to the remote computer.
Install an RDP client
Your Windows computer includes an RDP client by default. You can check for an RDP client by typing mstsc at a Command Prompt window. If your computer doesn't recognize this command, see the Windows home page and search for the download for Remote Desktop Connection. For Mac OS X, you can use the Microsoft Remote Desktop app from the Apple App Store, or the Microsoft's Remote Desktop Connection Client from the Microsoft website. For Linux, you can use rdesktop.
Mac OS X users: If you are connecting to a Windows 2012 R2 instance, the Remote Desktop Connection client from the Microsoft website may not work. Use the Microsoft Remote Desktop app from the Apple App Store instead.
Get the ID of the instance
You can get the ID of your instance using the Amazon EC2 console (from the Instance ID column). If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) command.
Get the public DNS name of the instance
You can get the public DNS for your instance using the Amazon EC2 console (check the Public DNS column; if this column is hidden, click the Show/Hide icon and select Public DNS). If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) command.
Locate the private key
You'll need the fully-qualified path of the
.pemfile for the key pair that you specified when you launched the instance.
Enable inbound RDP traffic from your IP address to your instance
Ensure that the security group associated with your instance allows incoming RDP traffic from your IP address. For more information, see Authorizing Inbound Traffic for Your Windows Instances.
Your default security group does not allow incoming RDP traffic by default.
For the best experience using Internet Explorer, run the latest version.
Connect to Your Windows Instance
To connect to a Windows instance, you must retrieve the initial administrator password and then specify this password when you connect to your instance using Remote Desktop.
If you've joined your instance to a domain, you can connect to your instance using domain credentials you've defined in AWS Directory Service. For more information about connecting to an instance in a domain, see Connecting To Your Instance Using Domain Credentials.
The name of the administrator account depends on the language of the operating system. For example, for English, it's Administrator, for French it's Administrateur, and for Portuguese it's Administrador. For more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki.
The license for the Windows Server operating system (OS) allows two simultaneous remote connections for administrative purposes. The license for Windows Server is included in the price of your EC2 instance. If you need more than two simultaneous remote connections you must purchase a Remote Desktop Services (RDS) license. If you attempt a third connection, an error will occur. For more information, see Configure the Number of Simultaneous Remote Connections Allowed for a Connection.
To connect to your Windows instance using an RDP client
In the Amazon EC2 console, select the instance, and then choose Connect.
In the Connect To Your Instance dialog box, choose Get Password (it will take a few minutes after the instance is launched before the password is available).
Choose Browse and navigate to the private key file you created when you launched the instance. Select the file and choose Open to copy the entire contents of the file into contents box.
Choose Decrypt Password. The console displays the default administrator password for the instance in the Connect To Your Instance dialog box, replacing the link to Get Password shown previously with the actual password.
Record the default administrator password, or copy it to the clipboard. You need this password to connect to the instance.
Choose Download Remote Desktop File. Your browser prompts you to either open or save the .rdp file. Either option is fine. When you have finished, you can choose Close to dismiss the Connect To Your Instance dialog box.
If you opened the .rdp file, you'll see the Remote Desktop Connection dialog box.
If you saved the .rdp file, navigate to your downloads directory, and open the .rdp file to display the dialog box.
You may get a warning that the publisher of the remote connection is unknown. If you are using Remote Desktop Connection from a Windows PC, choose Connect to connect to your instance. If you are using Microsoft Remote Desktop on a Mac, skip the next step.
When prompted, log in to the instance, using the administrator account for the operating system and the password that you recorded or copied previously. If your Remote Desktop Connection already has an administrator account set up, you might have to choose the Use another account option and enter the user name and password manually.
Sometimes copying and pasting content can corrupt data. If you encounter a "Password Failed" error when you log in, try typing in the password manually.
Due to the nature of self-signed certificates, you may get a warning that the security certificate could not be authenticated. Use the following steps to verify the identity of the remote computer, or simply choose Yes or Continue to continue if you trust the certificate.
If you are using Remote Desktop Connection from a Windows PC, choose View certificate. If you are using Microsoft Remote Desktop on a Mac, choose Show Certificate.
Choose the Details tab, and scroll down to the Thumbprint entry on a Windows PC, or the SHA1 Fingerprints entry on a Mac. This is the unique identifier for the remote computer's security certificate.
In the Amazon EC2 console, select the instance, choose Actions, and then choose Get System Log.
In the system log output, look for an entry labeled
RDPCERTIFICATE-THUMBPRINT. If this value matches the thumbprint or fingerprint of the certificate, you have verified the identity of the remote computer.
If you are using Remote Desktop Connection from a Windows PC, return to the Certificate dialog box and choose OK. If you are using Microsoft Remote Desktop on a Mac, return to the Verify Certificate and choose Continue.
If you are using Remote Desktop Connection from a Windows PC, choose Yes in the Remote Desktop Connection window to connect to your instance. If you are using Microsoft Remote Desktop on a Mac, log in to the instance as prompted, using the default Administrator account and the default administrator password that you recorded or copied previously.
On a Mac, you may need to switch spaces to see the Microsoft Remote Desktop login screen. For more information on spaces, see http://support.apple.com/kb/PH14155.
After you connect, we recommend that you do the following:
Change the administrator password from the default value. You change the password while logged on to the instance itself, just as you would on any other Windows Server.
Create another user account with administrator privileges on the instance. Another account with administrator privileges is a safeguard if you forget the administrator password or have a problem with the administrator account.
Transfer Files to Windows Server Instances
You can work with your Windows instance the same way that you would work with any Windows server. For example, you can transfer files between a Windows instance and your local computer using the local file sharing feature of the Microsoft Remote Desktop Connection software. If you enable this option, you can access your local files from your Windows instances. You can access local files on hard disk drives, DVD drives, portable media drives, and mapped network drives. For more information about this feature, go to the following articles: