Connect to your Windows instance using an RDP client - Amazon Elastic Compute Cloud
Prerequisites

Connect to your Windows instance using an RDP client

The following section details the prerequisites and process to connect to your instance using its IPv4 or IPv6 address with an RDP client.

Prerequisites

You must meet the following prerequisites to connect to your Windows instance using an RDP client.

  • Install an RDP client

    • (Windows) Windows includes an RDP client by default. To verify, type mstsc at a Command Prompt window. If your computer doesn't recognize this command, see the Windows home page and search for the download for the Microsoft Remote Desktop app.

    • (macOS X) Download the Microsoft Remote Desktop app from the Mac App Store.

    • (Linux) Use Remmina.

  • Locate the private key

    Get the fully-qualified path to the location on your computer of the .pem file for the key pair that you specified when you launched the instance. For more information, see Identify the public key specified at launch.

    If you can't find your private key file, see

  • Enable inbound RDP traffic from your IP address to your instance

    Ensure that the security group associated with your instance allows incoming RDP traffic (port 3389) from your IP address. The default security group does not allow incoming RDP traffic by default. For more information, see Rules to connect to instances from your computer.

Tip

You can create an EC2 Instance Connect Endpoint to connect to your Windows instance using RDP without a public IPv4 address.

To connect to a Windows instance, you must retrieve the initial administrator password and use this password when you connect to your instance using Remote Desktop. It takes a few minutes after instance launch before this password is available.

The default username for the Administrator account depends on the language of the operating system (OS) contained in the AMI. To ascertain the correct username, identify the language of your AMI's OS, and then choose the corresponding username. For example, for an English OS, the username is Administrator, for a French OS it's Administrateur, and for a Portuguese OS it's Administrador. If a language version of the OS does not have a username in the same language, choose the username Administrator (Other). For more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki.

If you've joined your instance to a domain, you can connect to your instance using domain credentials you've defined in AWS Directory Service. On the Remote Desktop login screen, instead of using the local computer name and the generated password, use the fully-qualified user name for the administrator (for example, corp.example.com\Admin), and the password for this account.

If you receive an error while attempting to connect to your instance, see Remote Desktop can't connect to the remote computer.

To connect to your Windows instance using an RDP client

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select the instance and then choose Connect.

  4. On the Connect to instance page, choose the RDP client tab.

  5. For Username, choose the default username for the Administrator account. The username you choose must match the language of the operating system (OS) contained in the AMI that you used to launch your instance. If there is no username in the same language as your OS, choose Administrator (Other).

  6. Choose Get password.

  7. On the Get Windows password page, do the following:

    1. Choose Upload private key file and navigate to the private key (.pem) file that you specified when you launched the instance. Select the file and choose Open to copy the entire contents of the file to this window.

    2. Choose Decrypt password. The Get Windows password page closes, and the default administrator password for the instance appears under Password, replacing the Get password link shown previously.

    3. Copy the password and save it in a safe place. This password is required to connect to the instance.

  8. Choose Download remote desktop file. When you have finished downloading the file, choose Cancel to return to the Instances page. Navigate to your downloads directory, and open the RDP file.

  9. You might get a warning that the publisher of the remote connection is unknown. Choose Connect to continue to connect to your instance.

  10. The administrator account is chosen by default. Paste the password that you copied previously, and then choose OK.

  11. Due to the nature of self-signed certificates, you might get a warning that the security certificate could not be authenticated. Do one of the following:

    • If you trust the certificate, choose Yes to connect to your instance.

    • [Windows] Before you proceed, compare the thumbprint of the certificate with the value in the system log to confirm the identity of the remote computer. Choose View certificate and then choose Thumbprint from the Details tab. Compare this value to the value of RDPCERTIFICATE-THUMBPRINT in Actions, Monitor and troubleshoot, Get system log.

    • [Mac OS X] Before you proceed, compare the fingerprint of the certificate with the value in the system log to confirm the identity of the remote computer. Choose Show Certificate, expand Details, and choose SHA1 Fingerprints. Compare this value to the value of RDPCERTIFICATE-THUMBPRINT in Actions, Monitor and troubleshoot, Get system log.

If you've enabled your VPC for IPv6 and assigned an IPv6 address to your Windows instance, you can use an RDP client to connect to your instance using its IPv6 address (for example, 2001:db8:1234:1a00:9691:9503:25ad:1761) instead of using its public IPv4 address or public DNS hostname.

To connect to your Windows instance using its IPv6 address

  1. Get the initial administrator password for your instance, as described in Connect to your Windows instance using an RDP client. This password is required to connect to your instance.

  2. (Windows) Open the RDP client on your Windows computer, choose Show Options, and do the following:

    Remote Desktop client.

    • For Computer, enter the IPv6 address of your Windows instance.

    • For User name, enter Administrator.

    • Choose Connect.

    • When prompted, enter the password that you saved previously.

    (macOS X) Open the RDP client on your computer and do the following:

    • Choose New.

    • For PC Name, enter the IPv6 address of your Windows instance.

    • For User name, enter Administrator.

    • Close the dialog box. Under My Desktops, select the connection, and choose Start.

    • When prompted, enter the password that you saved previously.

  3. Due to the nature of self-signed certificates, you may get a warning that the security certificate could not be authenticated. If you trust the certificate, you can choose Yes or Continue. Otherwise, you can verify the identity of the remote computer, as described in Connect to your Windows instance using an RDP client.