How do I install a GUI on my Amazon EC2 instance running Amazon Linux 2?
Last updated: 2021-04-20
I want to install a graphical user interface (GUI) in my Amazon Elastic Compute Cloud (Amazon EC2) instance running Amazon Linux 2. How do I do this?
To install a GUI on your EC2 Linux instance, do the following:
- Install the MATE desktop environment. MATE is a lightweight GUI based on GNOME 2 available as an extra for Amazon Linux 2. The Amazon Linux 2 offering of Amazon WorkSpaces uses MATE. For more information about MATE, see the MATE desktop environment website.
- Install a virtual network computing (VNC) service, such as TigerVNC. For more information about TigerVNC, see the tigervnc.org website.
- Connect to the GUI using the VNC.
- (Optional) Install a web browser, such as Firefox or Chromium. For more information on Firefox, see the mozilla.org website. For more information on Chromium, see the chromium.org website.
Note: These instructions apply only to Amazon Linux 2. To confirm the version that you're running, run the following command:
For instructions on accessing an EC2 macOS instance using a GUI, see How can I access my Amazon EC2 Mac instance through a GUI?
Before you begin
The instance must be in a public subnet and accessible through a public IP address or an Elastic IP address. Or, you can establish a connection using AWS VPN or AWS Direct Connect that allows you to access your instance through a private IP. These instructions don't apply to environments using a bastion host. For security reasons, traffic to the VNC server is tunneled using SSH. It's a best practice to avoid opening VNC ports in your security groups.
2. Update your instance by running sudo yum update, and then reboot the instance. Failure to update and reboot can lead to unpredictable results when following the steps below.
Install the MATE desktop environment
1. Install MATE packages.
sudo amazon-linux-extras install mate-desktop1.x
2. Define MATE as your default desktop.
To define MATE for all users:
sudo bash -c 'echo PREFERRED=/usr/bin/mate-session > /etc/sysconfig/desktop'
To define MATE for the current user only (ec2-user):
echo "/usr/bin/mate-session" > ~/.Xclients && chmod +x ~/.Xclients
1. Install TigerVNC packages:
sudo yum install tigervnc-server
2. Configure a VNC-specific password containing 6 to 8 characters for this user. When asked if you want to enter a view-only password, press "n".
3. Start the VNC Server on display number 1.
Enter the following command to start the VNC Server only once:
Note: Entering this command prevents the service from coming up after a reboot.
Enter the following commands to always start the VNC Server at boot time:
Create a new systemd unit.
sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@.service
Use the sed command to replace all occurrences of USER in the new unit with ec2-user.
sudo sed -i 's/<USER>/ec2-user/' /etc/systemd/system/vncserver@.service
Reload the systemd manager configuration.
sudo systemctl daemon-reload
Enable the service.
sudo systemctl enable vncserver@:1
Start the service.
sudo systemctl start vncserver@:1
Connect to the GUI using the VNC
1. Install the TigerVNC software on your local computer, if it's not already installed. TigerVNC is available for Linux, Windows, and macOS. See the TigerVNC website to access the download.
2. On your local computer, use SSH to connect to your instance while creating a tunnel to forward all traffic on local port 5901/TCP (VNC) to the instance's VNC server:
Use the -L parameter to enable port forwarding. Replace PEM_FILE with the path for your private key. Replace INSTANCE_IP with your instance's public or private IP, as appropriate.
ssh -L 5901:localhost:5901 -i PEM_FILE ec2-user@INSTANCE_IP
Open the connection.
3. Open the VNC Client on your local computer. When asked for the VNC server hostname, enter localhost:1 and then connect to it.
4. Enter the VNC password you set up in step 2 of the Install TigerVNC section. If an alert appears stating that the connection isn't secure, disregard it. Although VNC data is unencrypted by default, you're accessing the VNC server using an encrypted SSH tunnel.
Your MATE desktop environment appears.
(Optional) Install a web browser
AWS currently doesn't provide web browsers such as Mozilla Firefox or Google Chromium in Amazon Linux 2 repositories. To install one of these browsers, follow the steps below.
Note: AWS doesn't provide support for software installed from third-party sources.
To install Chromium (open-source version of Google Chrome), do the following:
1. Enable the EPEL repository. See the EPEL documentation on the Fedoraproject.org website for more information.
sudo amazon-linux-extras install epel
2. Install Chromium packages.
sudo yum install chromium
Chromium installs on MATE under Applications, Internet, Chromium Web Browser.
To install Mozilla Firefox (current user only), do the following:
1. Download the latest Firefox version for Linux 64-bit to your local computer. See the mozilla.org website to access the download.
2. After downloading Firefox, copy the file to your instance.
3. Extract the file contents. The command below indicates that the file is in the ec2-user's home directory. Change the path and the Firefox version as needed.
tar jxf ~/firefox-xx.y.tar.bz2 -C ~/
4. Using vim or your favorite editor, create a desktop icon. Create the file ~/Desktop/Firefox.desktop with the contents as shown in the following example.
[Desktop Entry] Version=1.0 Type=Application Terminal=false Icon=/home/ec2-user/firefox/browser/chrome/icons/default/default128.png Icon[en_US]=/home/ec2-user/firefox/browser/chrome/icons/default/default128.png Name[en_US]=Firefox Exec=/home/ec2-user/firefox/firefox Comment[en_US]=Firefox web browser Name=Firefox Comment=Firefox web browser GenericName[en_US.UTF-8]=Firefox web browser Categories=Network;WebBrowser;
5. Use the icon you created in step 4 on your desktop to launch Firefox.