I want to install a Graphical User Interface (GUI) in my Amazon EC2 instance running Amazon Linux 2. How do I do this?
Last updated: 2019-10-30
I want to install a Graphical User Interface (GUI) in my Amazon Elastic Compute Cloud (Amazon EC2) running Amazon Linux 2. How do I do this?
MATE desktop environment, a lightweight GUI based on GNOME 2, is available as an extra for Amazon Linux 2 and is used in the Amazon Linux 2 offering of Amazon WorkSpaces. For more information about MATE, see the MATE desktop environment website.
To interact with MATE, you can install a Virtual Network Computing (VNC) service, such TigerVNC. For more information about TigerVNC, see the tigervnc.org website.
Popular web browsers, such as Firefox or Chromium, can be installed on Amazon Linux 2 as well. For more information on Firefox, see the mozilla.org website. For more information on Chromium, see the chromium.org website.
Before you begin installation:
Note: The instance must be in a public subnet and be accessible through a public IP address or an Elastic IP address. Or, you can establish a connection using AWS VPN or AWS Direct Connect that allows you to access your instance through a private IP. These instructions don't apply to environments using a bastion host. For security reasons, traffic to the VNC server is tunneled using SSH. It's a best practice to avoid opening VNC ports in your Security Groups.
2. Update your instance by running sudo yum update, and then reboot the instance. Failure to do so can lead to unpredictable results when executing the steps below.
1. Install MATE packages:
sudo amazon-linux-extras install mate-desktop1.x
2. Define MATE as your default desktop.
To define MATE for all users:
sudo bash -c 'echo PREFERRED=/usr/bin/mate-session > /etc/sysconfig/desktop'
To define MATE for the current user only (ec2-user):
echo "/usr/bin/mate-session" > ~/.Xclients && chmod +x ~/.Xclients
1. Install TigerVNC packages:
sudo yum install tigervnc-server
2. Configure a VNC-specific password containing 6 to 8 characters for this user. You also have the option to configure a read-only password in this step:
3. Start the VNC Server on display number 1:
Enter the following command to start the VNC Server only once. This means the service won't come up after a reboot:
To always start the VNC Server at boot time:
Create a new systemd unit:
sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@.service
Replace all occurrences of <USER> in the new unit with ec2-user:
sudo sed -i 's/<USER>/ec2-user/' /etc/systemd/system/vncserver@.service
Reload the systemd manager configuration:
sudo systemctl daemon-reload
Enable the service:
sudo systemctl enable vncserver@:1
Start the service:
sudo systemctl start vncserver@:1
Connect to the GUI using the VNC
1. Install the TigerVNC software on your local computer, if it's not already installed. TigerVNC is available for Linux, Windows, and macOS. See the TigerVNC website to access the download.
2. On your local computer, use SSH to connect to your instance while creating a tunnel to forward all traffic on local port 5901/TCP (VNC) to the instance's VNC server.
Linux and macOS:
Use the -L parameter to enable port forwarding. Replace PEM_FILE with your private key, and INSTANCE_IP with your instance's public or private IP, as appropriate:
ssh -L 5901:localhost:5901 -i PEM_FILE ec2-user@INSTANCE_IP
Before opening the connection with PuTTY, configure port forwarding:
From the Connection menu, select SSH, and then select Tunnels.
Enter 5901 in the Source Port field.
Enter INSTANCE_IP:5901 in the Destination field. Replace INSTANCE_IP with your instance's public or private IP as appropriate.
Open the connection.
3. Open the VNC Client on your local computer. When asked for the VNC server hostname, enter localhost:1 and then connect to it.
4. Enter the VNC password you set up in step 2 of the Install TigerVNC section. If an alert appears stating that the connection is not secure, disregard it. Although VNC data is unencrypted by default, you're accessing it using an encrypted SSH tunnel.
Your MATE desktop environment displays.
Install Web Browsers:
AWS currently doesn't provide web browsers such as Mozilla Firefox or Google Chromium in Amazon Linux 2 repositories. To install one of these browsers, follow the steps below.
Note: AWS doesn't provide support for software installed from third-party sources.
Chromium (open-source version of Google Chrome)
1. Enable the EPEL repository. See the EPEL documentation on the Fedoraproject.org website for more information.
sudo amazon-linux-extras install epel
2. Install Chromium packages:
sudo yum install chromium
Chromium installs on MATE under Applications, Internet, Chromium Web Browser.
Mozilla Firefox (current user only)
1. Download the latest Firefox version for Linux 64-bit to your local computer. See the mozilla.org website to access the download.
3. Extract the file contents. The command below indicates the file is in the ec2-user's home directory. Change the path and the Firefox version as needed:
tar jxf ~/firefox-xx.y.tar.bz2 -C ~/
4. Using vim or your favorite editor, create a desktop icon. Create the file ~/Desktop/Firefox.desktop with the contents shown below:
[Desktop Entry] Version=1.0 Type=Application Terminal=false Icon=/home/ec2-user/firefox/browser/chrome/icons/default/default128.png Icon[en_US]=/home/ec2-user/firefox/browser/chrome/icons/default/default128.png Name[en_US]=Firefox Exec=/home/ec2-user/firefox/firefox Comment[en_US]=Firefox web browser Name=Firefox Comment=Firefox web browser GenericName[en_US.UTF-8]=Firefox web browser Categories=Network;WebBrowser;
5. Use the icon you created in step 4 on your desktop to launch Firefox.