Connect to your Windows instance
Amazon EC2 instances created from most Windows Amazon Machine Images (AMIs) enable you to connect using Remote Desktop. Remote Desktop uses the Remote Desktop Protocol (RDP) and enables you to connect to and use your instance in the same way you use a computer sitting in front of you. It is available on most editions of Windows and available for Mac OS.
The license for the Windows Server operating system allows two simultaneous remote connections for administrative purposes. The license for Windows Server is included in the price of your Windows instance. If you need more than two simultaneous remote connections, you must purchase a Remote Desktop Services (RDS) license. If you attempt a third connection, an error occurs.
For information about connecting to a Linux instance, see Connect to your Linux instance in the Amazon EC2 User Guide for Linux Instances.
Contents
Prerequisites
-
Install an RDP client
-
[Windows] Windows includes an RDP client by default. To verify, type mstsc at a Command Prompt window. If your computer doesn't recognize this command, see the Windows home page
and search for the download for the Microsoft Remote Desktop app. -
[Mac OS X] Download the Microsoft Remote Desktop app from the Mac App Store.
-
[Linux] Use Remmina
.
-
-
Locate the private key
Get the fully-qualified path to the location on your computer of the
.pem
file for the key pair that you specified when you launched the instance. For more information about how you created your key pair, see Creating a Key Pair Using Amazon EC2. -
Enable inbound RDP traffic from your IP address to your instance
Ensure that the security group associated with your instance allows incoming RDP traffic (port 3389) from your IP address. The default security group does not allow incoming RDP traffic by default. For more information, see Authorize inbound traffic for your Windows instances.
Connect to your Windows instance using RDP
To connect to a Windows instance, you must retrieve the initial administrator password and then specify this password when you connect to your instance using Remote Desktop. It takes a few minutes after instance launch before this password is available.
The name of the administrator account depends on the language of the operating system.
For example, for English, it's Administrator, for French it's Administrateur, and
for Portuguese it's Administrador.
For more information, see Localized Names for Administrator Account in Windows
If you've joined your instance to a domain, you can connect to your instance using
domain credentials you've defined in AWS Directory Service.
On the Remote Desktop login screen, instead of using the local computer name
and the generated password, use the fully-qualified user name
for the administrator (for example, corp.example.com\Admin
) and the password for this account.
If you receive an error while attempting to connect to your instance, see Remote Desktop can't connect to the remote computer.
Connect to a Windows instance using its IPv6 address
If you've enabled your VPC for IPv6 and assigned an IPv6 address to your Windows instance,
you can use an RDP client to connect to your instance using its IPv6 address (for
example,
2001:db8:1234:1a00:9691:9503:25ad:1761
) instead of using its public IPv4 address
or public DNS hostname.
To connect to your Windows instance using its IPv6 address
-
Get the initial administrator password for your instance, as described in Connect to your Windows instance using RDP. You need this password to connect to the instance.
-
[Windows] Open the RDP client on your Windows computer and do the following:
-
Choose Show Options.
-
For Computer, enter the IPv6 address of your Windows instance.
-
For User name, enter Administrator.
-
Choose Connect.
-
When prompted, enter the password that you saved previously.
[Mac OS X] Open the RDP client on your computer and do the following:
-
Choose New.
-
For PC Name, enter the IPv6 address of your Windows instance.
-
For User name, enter Administrator.
-
Close the dialog box. Under My Desktops, select the connection, and choose Start.
-
When prompted, enter the password that you saved previously.
-
-
Due to the nature of self-signed certificates, you might get a warning that the security certificate could not be authenticated. If you trust the certificate, you can choose Yes or Continue. Otherwise, you can verify the identity of the remote computer, as described in Connect to your Windows instance using RDP.
Connect to a Windows instance using Session Manager
Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon EC2 instances through an interactive one-click browser-based shell or through the AWS CLI. You can use Session Manager to start a session with an instance in your account. After the session is started, you can run Powershell commands as you would through any other connection type. For more information about Session Manager, see AWS Systems Manager Session Manager in the AWS Systems Manager User Guide.
Before attempting to connect to an instance using Session Manager, ensure that the necessary setup steps have been completed. For more information, see Getting Started with Session Manager.
To connect to a Windows instance using Session Manager using the Amazon EC2 console
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Instances.
-
Select the instance and choose Connect.
-
For Connection method, choose Session Manager.
-
Choose Connect.
Tip If you receive an error that you’re not authorized to perform one or more Systems Manager actions (
ssm:
), then you must update your policies to allow you to start sessions from the Amazon EC2 console. For more information and instructions, see Quickstart Default IAM Policies for Session Manager in the AWS Systems Manager User Guide.command-name
Configure accounts
After you connect, we recommend that you do the following:
-
Change the administrator password from the default value. You change the password while logged on to the instance itself, just as you would on any computer running Windows Server.
-
Create another user account with administrator privileges on the instance. This is a safeguard in case you forget the administrator password or have a problem with the administrator account. The new user account must have permission to access the instance remotely. Open System Properties by right-clicking on the This PC icon on your Windows desktop or File Explorer and selecting Properties. Choose Remote settings, and choose Select Users to add the user to the Remote Desktop Users group.
Transfer files to Windows instances
You can work with your Windows instance the same way that you would work with any Windows server. For example, you can transfer files between a Windows instance and your local computer using the local file sharing feature of the Microsoft Remote Desktop Connection software. If you enable this option, you can access your local files from your Windows instances. You can access local files on hard disk drives, DVD drives, portable media drives, and mapped network drives.
To make local devices and resources available to a remote session on Windows, map the remote session drive to your local drive.
To map the remote session drive to your local drive
-
Open the Remote Desktop Connection client.
-
Choose Show Options.
-
Choose the Local Resources tab.
-
Under Local Devices and resources, choose More...
-
Open Drives and select the local drive to map to your Windows instance.
-
Choose OK.
-
Choose Connect to connect to your Windows instance.
For more information on making local devices available to a remote session on a Mac
computer, see Get Started with Remote Desktop on Mac