Prerequisite Configure the RDP connection

Configure the Amazon Linux 2 MATE desktop connection

The MATE desktop environment is pre-installed and pre-configured in AMIs with the following description:

".NET Core x.x, Mono x.xx, PowerShell x.x, and MATE DE pre-installed to run your .NET applications on Amazon Linux 2 with Long Term Support (LTS)."

The environment provides an intuitive graphical user interface for administering Amazon Linux 2 instances with minimal use of the command line. The interface uses graphical representations, such as icons, windows, toolbars, folders, wallpapers, and desktop widgets. Built-in, GUI-based tools are available to perform common tasks. For example, there are tools for adding and removing software, applying updates, organizing files, launching programs, and monitoring system health.

Important

xrdp is the remote desktop software bundled in the AMI. By default, xrdp uses a self-signed TLS certificate to encrypt remote desktop sessions. Neither AWS nor the xrdp maintainers recommend using self-signed certificates in production. Instead, obtain a certificate from an appropriate certificate authority (CA) and install it on your instances. For more information about TLS configuration, see TLS security layer on the xrdp wiki.

Prerequisite

To run the commands shown in this topic, you must install the AWS Command Line Interface (AWS CLI) or AWS Tools for Windows PowerShell, and configure your AWS profile.

Options

Install the AWS CLI – For more information, see Installing the AWS CLI and Configuration basics in the AWS Command Line Interface User Guide.
Install the Tools for Windows PowerShell – For more information, see Installing the AWS Tools for Windows PowerShell and Shared credentials in the AWS Tools for Windows PowerShell User Guide.

Configure the RDP connection

Follow these steps to set up a Remote Desktop Protocol (RDP) connection from your local machine to an Amazon Linux 2 instance running the MATE desktop environment.

To get the ID of the AMI for Amazon Linux 2 that includes MATE in the AMI name, you can use the describe-images command from your local command line tool. If you have not installed the command line tools, you can perform the following query directly from an AWS CloudShell session. For information about how to launch a shell session from CloudShell, see Getting started with AWS CloudShell. From the Amazon EC2 console, you can find the MATE-included AMI by launching an instance, and then entering MATE in the AMI search bar. The Amazon Linux 2 Quick Start with MATE pre-installed will appear in the search results.
```
aws ec2 describe-images --filters "Name=name,Values=amzn2*MATE*" --query "Images[*].[ImageId,Name,Description]"
[
    [
        "ami-0123example0abc12",
        "amzn2-x86_64-MATEDE_DOTNET-2020.12.04",
        ".NET Core 5.0, Mono 6.12, PowerShell 7.1, and MATE DE pre-installed to run your .NET applications on Amazon Linux 2 with Long Term Support (LTS)."
    ],
    [
        "ami-0456example0def34",
        "amzn2-x86_64-MATEDE_DOTNET-2020.04.14",
        "Amazon Linux 2 with .Net Core, PowerShell, Mono, and MATE Desktop Environment"
    ]
]
```
Choose the AMI that is appropriate for your use.
Launch an EC2 instance with the AMI that you located in the previous step. Configure the security group to allow for inbound TCP traffic to port 3389. For more information about configuring security groups, see Security groups for your VPC. This configuration enables you to use an RDP client to connect to the instance.
Connect to the instance using SSH.
Update the software and kernel on the instance.
```
[ec2-user ~]$ sudo yum update
```
After the update completes, reboot the instance to ensure that it is using the latest packages and libraries from the update; kernel updates are not loaded until a reboot occurs.
```
[ec2-user ~]$ sudo reboot
```
Reconnect to the instance and run the following command on your Linux instance to set the password for ec2-user.
```
[ec2-user ~]$ sudo passwd ec2-user
```
Install the certificate and key.

If you already have a certificate and key, copy them to the /etc/xrdp/ directory as follows:
- Certificate — /etc/xrdp/cert.pem
- Key — /etc/xrdp/key.pem
If you do not have a certificate and key, use the following command to generate them in the /etc/xrdp directory.
```
$ sudo openssl req -x509 -sha384 -newkey rsa:3072 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 365
```
Note
This command generates a certificate that is valid for 365 days.
Open an RDP client on the computer from which you will connect to the instance (for example, Remote Desktop Connection on a computer running Microsoft Windows). Enter ec2-user as the user name and enter the password that you set in the previous step.

To disable xrdp on your Amazon EC2 instance

You can disable xrdp at any time by running one of the following commands on your Linux instance. The following commands do not impact your ability to use MATE using an X11 server.


[ec2-user ~]$ sudo systemctl disable xrdp


[ec2-user ~]$ sudo systemctl stop xrdp

To enable xrdp on your Amazon EC2 instance

To re-enable xrdp so that you can connect to your Amazon Linux 2 instance running the MATE desktop environment, run one of the following commands on your Linux instance.


[ec2-user ~]$ sudo systemctl enable xrdp


[ec2-user ~]$ sudo systemctl start xrdp

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

User provided kernels

Instances