Initiating a connection to an Amazon EC2 Linux instance with desktop functionality using PuTTY provides terminal access but does not permit access to desktop functionality.

This article describes how to enable connections from the Windows Remote Desktop client to the desktop of an Amazon EC2 Linux instance running Red Hat Enterprise Linux (RHEL) 7.3. These steps install a remote desktop protocol (RDP) server, a lightweight desktop environment and a graphical desktop sharing system. These steps are specific to an Amazon EC2 Linux instance running RHEL 7.3. The Amazon Machine Image (AMI) used for this article is ami-b55a51cc in the US-WEST-2 Region. For more information about locating AMIs, see Finding a Linux AMI.

Important: It is considered a security best practice to use port forwarding and tunnel RDP client connections through SSH when remotely accessing an EC2 Linux instance desktop. For more information about tunneling RDP client connections to an instance of EC2 Linux via SSH see How can I securely connect to an Amazon EC2 Linux instance with desktop functionality from Windows?

Note: Amazon Linux does not provide any Desktop GUI functionality. Therefore, EC2 Linux instances that are running the Amazon version of Linux cannot be configured for connectivity from an RDP client.

1.    Complete Step 1 of Getting Started with Amazon EC2 Linux Instances; ensure that you launch an instance of RHEL 7.3.

2.    Verify that you can connect to your instance as described at Connecting to Your Linux Instance from Windows Using PuTTY. Specify the username 'ec2-user' when you connect to the instance.

3.    Consider creating a 'baseline' backup of your EC2 instance before configuring the instance for RDP client access. You do this by creating a snapshot of the Amazon EBS volume that serves as the root device for your instance as described at Creating an Amazon EBS Snapshot. Note that as a best practice, you should always stop an EC2 instance before you create a snapshot of the EBS volume that serves as the root device for the instance. You can restart the EC2 instance after successfully creating the snapshot.

4.    Connect or re-connect to your EC2 Linux instance.

5.    Enable the EPEL repository as described at How do I enable the EPEL repository for my Amazon EC2 instance running Centos, RHEL, or Amazon Linux?

sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

6.    Install the GNOME desktop.

sudo yum groupinstall -y "Server with GUI"

7.    Install TigerVNC Server.

sudo yum install -y xrdp tigervnc-server

8.    Configure TigerVNC Server.

sudo systemctl start xrdp.service
chcon --type=bin_t /usr/sbin/xrdp
chcon --type=bin_t /usr/sbin/xrdp-sesman
sudo systemctl enable xrdp.service

9.    Change the password for the ec2-user account to a complex password to enhance security. Press the Enter key after typing the command sudo passwd ec2-user, and you will be prompted to enter the new password twice.

sudo passwd ec2-user

10.   Allow TCP port 3389 (the port that Remote Desktop uses) on your Linux instance's Security Group as described in Authorizing Inbound Traffic for Your Linux Instances. Note that you should not open port 3389 if you are tunneling RDP client connections through SSH as described in How can I securely connect to an Amazon EC2 Linux instance with desktop functionality from Windows?

11.   On Windows, open the Remote Desktop Connection client (mstsc.exe) and modify the default value for Colors located under the Display tab. Change this value from "Highest Quality (32 bit)" to a different value such as "High Color (16 bit)". Then paste the fully qualified name of your Amazon EC2 instance as the value for Computer located on the General tab, and click Connect. You may receive a warning that the computer could not be authenticated due to problems with its security certification, this is normal when the server name on the certificate does not match the name of the EC2 instance that you are connecting to or when the certificate is not recognized as having been issued by a Trusted Root Certification Authority. You can safely can choose Yes to proceed.

12.   When prompted to Login, enter the username ec2-user with the new password that you created in step 9. Click OK to connect to your EC2 Linux instance running RHEL 7.3.
Note: The first time that you connect to your EC2 Linux instance you may be prompted for your password before you can actually access the desktop. Enter your ec2-user account password and your account will be granted permissions to interact with the desktop.

Important: Because the default user account can gain administrative rights to your instance, consider creating a less privileged user account with a strong password for purposes of remotely accessing your EC2 instance. For more information about adding new user accounts to your instance see How do I add new user accounts with SSH access to my Amazon EC2 Linux instance? Since you are enabling password authentication for your instance you may also consider renaming the default user account to something other than 'ec2-user', which is the default user account for all EC2 Linux instances running Red Hat Enterprise Linux (RHEL).


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2017-09-29