Initiating a connection to an Amazon EC2 Linux instance with desktop functionality using PuTTy provides terminal access but doesn't permit access to desktop functionality.

This article describes how to enable connections from the Windows Remote Desktop client to the desktop of an Amazon EC2 Linux instance running Centos 7. These steps install a remote desktop protocol (RDP) server, a lightweight desktop environment, and a graphical desktop sharing system. These steps are specific to an Amazon EC2 Linux instance of Centos 7. The Amazon Machine Image (AMI) used for this article is ami-f4533694. Centos maintains a list of centos Linux Amazon AMI files at All of the AMI files listed should work with Amazon EC2 without any problems. For more information about locating AMIs, see Finding a Linux AMI.

Important: It is a security best practice to use port forwarding and tunnel RDP client connections through SSH when remotely accessing an EC2 Linux instance desktop. For more information about tunneling RDP client connections to an instance of EC2 Linux via SSH, see How can I securely connect to an Amazon EC2 Linux instance with desktop functionality from Windows?

Note: Amazon Linux does not provide any desktop GUI functionality. Therefore, EC2 Linux instances that are running the Amazon version of Linux can't be configured for connectivity from an RDP client.

1.    Complete Step 1 of Getting Started with Amazon EC2 Linux Instances, and be sure to launch an instance of Centos 7.

2.    Verify that you can connect to your instance as described at Connecting to Your Linux Instance from Windows Using PuTTY. Specify the username 'centos' when you connect to the instance.

3.    Consider creating a 'baseline' backup of your EC2 instance before configuring the instance for RDP client access. You do this by creating a snapshot of the Amazon EBS volume that serves as the root device for your instance as described at Creating an Amazon EBS Snapshot. Note that as a best practice, you should always stop an EC2 instance before you create a snapshot of the EBS volume that serves as the root device for the instance. You can restart the EC2 instance after successfully creating the snapshot.

4.    Connect or re-connect to your EC2 Linux instance.

5.    Enable the EPEL repository as described at How do I enable the EPEL repository for my Amazon EC2 instance running Centos, RHEL, or Amazon Linux?

sudo yum install –y epel-release

6.    Install the GNOME desktop.

sudo yum groupinstall "GNOME Desktop" "Graphical Administration Tools"

7.    Install TigerVNC Server.

sudo yum -y install xrdp tigervnc-server

8.    Configure TigerVNC Server.

ssh -L 3388:locahost:3389 -i "mytestcert.pem"

9.    Change the password for the centos user to a complex password to enhance security. Press the Enter key after typing the command sudo passwd centos, and you will be prompted to enter the new password twice.

sudo passwd centos

10.   Allow TCP port 3389 (the port that Remote Desktop uses) on your Linux instance's Security Group as described in Authorizing Inbound Traffic for Your Linux Instances. Note that you should not open port 3389 if you are tunneling RDP client connections through SSH as described in How can I securely connect to an Amazon EC2 Linux instance with desktop functionality from Windows?

11.   On Windows, open the Remote Desktop Connection client (mstsc.exe) and modify the default value for Colors located under the Display tab. Change this value from "Highest Quality (32 bit)" to a different value such as "High Color (16 bit)". Then paste the fully qualified name of your Amazon EC2 instance as the value for Computer located on the General tab, and choose Connect. You may receive a warning that the computer could not be authenticated due to problems with its security certification; this is normal when the server name on the certificate does not match the name of the EC2 instance that you are connecting to or when the certificate is not recognized as having been issued by a Trusted Root Certification Authority. You can safely can choose Yes to proceed.

12.   When prompted to log in, ensure that the Xvnc module is selected, and enter the username centos with the new password that you created in step 9. Choose OK to connect to the desktop of your EC2 Linux instance running Centos 7.
Note: The first time that you connect to your EC2 Linux instance you may be prompted for your password before you can actually access the desktop. Enter your centos account password and your account will be granted permissions to interact with the desktop.

Important: Because the default user account can gain administrative rights to the instance, consider creating a less privileged user account with a strong password for remote access. For more information about adding new user accounts, see How do I add new user accounts with SSH access to my Amazon EC2 Linux instance? Because you are enabling password authentication for your instance, you might consider renaming the default user account to something other than 'centos,' which is the default user account for EC2 Linux instances running Centos. 

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-09-29