Menu
Amazon Elastic Compute Cloud
User Guide for Windows Instances

Connecting to Your Windows Instance

Amazon EC2 instances created from most Windows Amazon Machine Images (AMIs) enable you to connect using Remote Desktop. Remote Desktop uses the Remote Desktop Protocol (RDP) and enables you to connect to and use your instance in the same way you use a computer sitting in front of you. This topic describes how to connect using Remote Desktop Connection, which is available on most editions of Windows.

Important

The Windows Server 2016 Nano installation option (Nano Server) does not include an RDP option for connecting. You must use Windows PowerShell. For more information, see Connect to a Windows Server 2016 Nano Server Instance.

For information about connecting to a Linux instance, see Connect to Your Linux Instance in the Amazon EC2 User Guide for Linux Instances. If you receive an error while attempting to connect to your instance, see Remote Desktop can't connect to the remote computer.

Prerequisites

  • Install an RDP client

    Your Windows computer includes an RDP client by default. You can check for an RDP client by typing mstsc at a Command Prompt window. If your computer doesn't recognize this command, see the Windows home page and search for the download for Remote Desktop Connection. For Mac OS X, you can use the Microsoft Remote Desktop app from the Apple App Store, or the Microsoft's Remote Desktop Connection Client from the Microsoft website. For Linux, you can use rdesktop.

    Important

    Mac OS X users: If you are connecting to a Windows 2012 R2 instance, the Remote Desktop Connection client from the Microsoft website may not work. Use the Microsoft Remote Desktop app from the Apple App Store instead.

  • Get the ID of the instance

    You can get the ID of your instance using the Amazon EC2 console (from the Instance ID column). If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) command.

  • Get the public DNS name of the instance

    You can get the public DNS for your instance using the Amazon EC2 console (check the Public DNS (IPv4) column; if this column is hidden, choose the Show/Hide icon and select Public DNS (IPv4)). If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) command.

  • (IPv6 only) Get the IPv6 address of the instance

    If you've assigned an IPv6 address to your instance, you can optionally connect to the instance using its IPv6 address instead of a public IPv4 address or public IPv4 DNS hostname. Your local computer must have an IPv6 address and must be configured to use IPv6. You can get the IPv6 address of your instance using the Amazon EC2 console (check the IPv6 IPs field). If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) command. For more information about IPv6, see IPv6 Addresses.

  • Locate the private key

    You'll need the fully qualified path of the .pem file for the key pair that you specified when you launched the instance.

  • Enable inbound RDP traffic from your IP address to your instance

    Ensure that the security group associated with your instance allows incoming RDP traffic from your IP address. For more information, see Authorizing Inbound Traffic for Your Windows Instances.

    Important

    Your default security group does not allow incoming RDP traffic by default.

  • For the best experience using Internet Explorer, run the latest version.

Connect to Your Windows Instance

To connect to a Windows instance, you must retrieve the initial administrator password and then specify this password when you connect to your instance using Remote Desktop.

Note

If you've joined your instance to a domain, you can connect to your instance using domain credentials you've defined in AWS Directory Service. For more information about connecting to an instance in a domain, see Connecting To Your Instance Using Domain Credentials.

The name of the administrator account depends on the language of the operating system. For example, for English, it's Administrator, for French it's Administrateur, and for Portuguese it's Administrador. For more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki.

The license for the Windows Server operating system (OS) allows two simultaneous remote connections for administrative purposes. The license for Windows Server is included in the price of your EC2 instance. If you need more than two simultaneous remote connections you must purchase a Remote Desktop Services (RDS) license. If you attempt a third connection, an error occurs. For more information, see Configure the Number of Simultaneous Remote Connections Allowed for a Connection.

To connect to your Windows instance using an RDP client

  1. In the Amazon EC2 console, select the instance, and then choose Connect.

  2. In the Connect To Your Instance dialog box, choose Get Password (it will take a few minutes after the instance is launched before the password is available).

  3. Choose Browse and navigate to the private key file you created when you launched the instance. Select the file and choose Open to copy the entire contents of the file into the Contents field.

  4. Choose Decrypt Password. The console displays the default administrator password for the instance in the Connect To Your Instance dialog box, replacing the link to Get Password shown previously with the actual password.

  5. Record the default administrator password, or copy it to the clipboard. You need this password to connect to the instance.

  6. Choose Download Remote Desktop File. Your browser prompts you to either open or save the .rdp file. Either option is fine. When you have finished, you can choose Close to dismiss the Connect To Your Instance dialog box.

    • If you opened the .rdp file, you'll see the Remote Desktop Connection dialog box.

    • If you saved the .rdp file, navigate to your downloads directory, and open the .rdp file to display the dialog box.

  7. You may get a warning that the publisher of the remote connection is unknown. If you are using Remote Desktop Connection from a Windows PC, choose Connect to connect to your instance. If you are using Microsoft Remote Desktop on a Mac, skip the next step.

  8. When prompted, log in to the instance, using the administrator account for the operating system and the password that you recorded or copied previously. If your Remote Desktop Connection already has an administrator account set up, you might have to choose the Use another account option and enter the user name and password manually.

    Note

    Sometimes copying and pasting content can corrupt data. If you encounter a "Password Failed" error when you log in, try typing in the password manually.

  9. Due to the nature of self-signed certificates, you may get a warning that the security certificate could not be authenticated. Use the following steps to verify the identity of the remote computer, or simply choose Yes or Continue to continue if you trust the certificate.

    1. If you are using Remote Desktop Connection from a Windows PC, choose View certificate. If you are using Microsoft Remote Desktop on a Mac, choose Show Certificate.

    2. Choose the Details tab, and scroll down to the Thumbprint entry on a Windows PC, or the SHA1 Fingerprints entry on a Mac. This is the unique identifier for the remote computer's security certificate.

    3. In the Amazon EC2 console, select the instance, choose Actions, and then choose Get System Log.

    4. In the system log output, look for an entry labeled RDPCERTIFICATE-THUMBPRINT. If this value matches the thumbprint or fingerprint of the certificate, you have verified the identity of the remote computer.

    5. If you are using Remote Desktop Connection from a Windows PC, return to the Certificate dialog box and choose OK. If you are using Microsoft Remote Desktop on a Mac, return to the Verify Certificate and choose Continue.

    6. If you are using Remote Desktop Connection from a Windows PC, choose Yes in the Remote Desktop Connection window to connect to your instance. If you are using Microsoft Remote Desktop on a Mac, log in to the instance as prompted, using the default Administrator account and the default administrator password that you recorded or copied previously.

      Note

      On a Mac, you may need to switch spaces to see the Microsoft Remote Desktop login screen. For more information on spaces, see http://support.apple.com/kb/PH14155.

After you connect, we recommend that you do the following:

  • Change the administrator password from the default value. You change the password while logged on to the instance itself, just as you would on any other Windows Server.

  • Create another user account with administrator privileges on the instance. Another account with administrator privileges is a safeguard if you forget the administrator password or have a problem with the administrator account.

Connect to a Windows Instance Using Its IPv6 Address

If you've enabled your VPC for IPv6 and assigned an IPv6 address to your Windows instance, you can use an RDP client to connect to your instance using its IPv6 address instead of a public IPv4 address or public DNS hostname. For more information, see IPv6 Addresses.

To connect to your Windows instance using its IPv6 address

  1. In the Amazon EC2 console, select the instance, and then choose Connect.

  2. In the Connect To Your Instance dialog box, choose Get Password (it will take a few minutes after the instance is launched before the password is available).

  3. Choose Browse and navigate to the private key file you created when you launched the instance. Select the file and choose Open to copy the entire contents of the file into the Contents field.

  4. Choose Decrypt Password.

  5. Copy the default administrator password. You need this password to connect to the instance.

  6. Open the RDP client on your computer.

  7. (Windows) For the RDP client on a Windows computer, choose Show Options and do the following:

    • For Computer, enter the IPv6 address of your Windows instance, for example, 2001:db8:1234:1a00:9691:9503:25ad:1761.

    • For User name, enter Administrator.

    • Choose Connect.

    (OS X) For the Microsoft Remote Desktop app, choose New and do the following:

    • For PC Name, enter the IPv6 address of your Windows instance; for example, 2001:db8:1234:1a00:9691:9503:25ad:1761.

    • For User name, enter Administrator.

    • Close the dialog box. Under My Desktops, select the connection and choose Start.

  8. Due to the nature of self-signed certificates, you may get a warning that the security certificate could not be authenticated. Use the following steps to verify the identity of the remote computer, or simply choose Yes or Continue to continue if you trust the certificate.

  9. When prompted, enter the password that you recorded or copied previously.

Connect to a Windows Server 2016 Nano Server Instance

Windows Server 2016 Nano Server is a remotely administered server operating system that is optimized for private clouds and data centers. It is similar to Windows Server in Server Core mode, but it is significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents. It takes up far less disk space, sets up significantly faster, and requires far fewer updates and restarts than Windows Server.

Windows Server 2016 Nano Server does not support Remote Desktop connections. To connect to a Windows Server 2016 Nano Server instance, you must connect using PowerShell, as described in the following procedure.

Connecting to a Nano Server instance

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Launch a Windows Server 2016 Nano Server instance. For more information about launching an instance from the Amazon EC2 console, see Launching Your Instance from an AMI.

    Important

    You must either edit the security group for the instance and specify a Custom TCP Rule over HTTP that uses TCP port 5985, or specify this custom rule in Step 6 of the Amazon EC2 Launch Wizard, as shown below.

    Connecting to Nano Server
  3. After the instance starts, locate the private IP address for the instance and the administrator password. If you use the private IP address, you must connect to the instance from another virtual machine on the same VPC.

  4. Execute the following command in Windows PowerShell.

    $ip = "Your instance IP address"
    Set-Item WSMan:\localhost\Client\TrustedHosts $ip
    $user = "$ip\Administrator"
    Enter-PSSession -ComputerName $ip -Credential $user
    

The following procedure describes how to remotely copy files to Windows Server 2016 Nano Server.

Copying files to Nano Server

  1. On the instance you are using to connect to Nano Server, download and install version 5.0 or later of the Windows Management Framework. The installation requires a restart.

  2. Use the Copy-Item command to copy files to the Nano Server instance.

    $ip = "Your instance IP address"
    Set-Item WSMan:\localhost\Client\TrustedHosts $ip
    $user = "$ip\Administrator"
    $cs = New-PSSession –ComputerName $ip –Credential $user
    Copy-Item -Path Path to files -Destination Path to destination on the Nano Server instance -ToSession $cs -Recurse
    

Transfer Files to Windows Server Instances

You can work with your Windows instance the same way that you would work with any Windows server. For example, you can transfer files between a Windows instance and your local computer using the local file sharing feature of the Microsoft Remote Desktop Connection software. If you enable this option, you can access your local files from your Windows instances. You can access local files on hard disk drives, DVD drives, portable media drives, and mapped network drives. For more information about this feature, go to the following articles: