Active Directory Domain Services on AWS
Active Directory DS Quick Start

Setting up Secure Administrative Access using Remote Desktop Gateway

As you design our architecture for highly available AD DS, you should also design for highly available and secure remote access. The Quick Start templates handle this by deploying a Remote Desktop (RD) Gateway in each Availability Zone. In case of an Availability Zone outage, this architecture allows access to the resources that may have failed over to the other Availability Zone.

RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote administrators on the internet and Windows-based Amazon EC2 instances without the need for a virtual private network (VPN) connection. This configuration helps reduce the attack surface on your Windows-based Amazon EC2 instances while providing a remote administration solution for administrators.

The AWS CloudFormation templates provided with this Quick Start automatically deploy the architecture and configuration outlined in the Remote Desktop Gateway Quick Start.

After you've launched your AD infrastructure by following the deployment steps in this guide, you will initially connect to your instances by using a standard RDP TCP Port 3389 connection. You can then follow the steps in the Remote Desktop Gateway Quick Start to secure future connections via HTTPS.