How do I connect to my WorkSpace using RDP?
Last updated: 2022-07-19
I can't connect to my WorkSpace using the Amazon WorkSpaces client. How do I connect to my WorkSpace using a Remote Desktop Protocol (RDP) client for troubleshooting?
Typically you connect to your WorkSpace using the Amazon WorkSpaces client. However, you might need to connect to a WorkSpace using an RDP client for troubleshooting. To do so, you must update the Amazon WorkSpaces security group settings to allow connections from the IP address of your RDP client machine.
Note: It's a best practice to use only an RDP client to connect to a WorkSpace for troubleshooting purposes. When you're done troubleshooting, remove the RDP inbound rule that you added.
To RDP outside of the network, you must provide internet access from your WorkSpace by assigning an Elastic IP address to each WorkSpace. If you use a network address translation (NAT) gateway, then you can RDP from within the network. For more information, see NAT gateways.
Important: When entering the IP addresses that you use to connect to the WorkSpace, don't enter 0.0.0.0/0 or allow IP addresses that don't need access. Using 0.0.0.0/0, allows all IPv4 addresses to access your instance using RDP. If you use ::/0, you enable all IPv6 address to access your instance. You should authorize only a specific IP address or range of addresses to access your instance.
To allow the client machine to connect to the WorkSpace using RDP, follow these steps:
- Open the Amazon WorkSpaces console.
- Select the WorkSpace, and then expand the details pane using the arrow. Note the IP address under WorkSpace IP.
Note: The WorkSpace must be in a running state for the private IP address to appear. If the WorkSpace is stopped, choose Actions, Start WorkSpaces.
- Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- In the navigation pane, under Network & Security, choose Network Interfaces.
- In the search box, enter the IP address from step 2. Select the network interface associated with the IP address, and then note the IP address in the IPv4 Public IP column (if any).
- Choose the hyperlink in the Security groups column.
- Choose the Inbound rules tab, and then choose Edit inbound rules.
- Choose Add Rule, and create a rule with the following attributes:
Port Range: 3389
Source: Enter the IP addresses that you use to connect to the WorkSpace. The IP addresses can include the public IP address of a remote machine, the private IP address of another EC2 instance in the same Amazon Virtual Private Cloud (Amazon VPC), or the public IP that your router is using for NAT.
Important: Be as granular as possible. Don't enter 0.0.0.0/0 or allow IP addresses that don't need access.
- Choose Save rules.
You can now connect to the WorkSpace using RDP from the IP addresses that you specified. Follow these steps:
- Open Remote Desktop Connection.
- For Computer, enter the WorkSpace IP addresses, and then choose Connect.
- For Enter your credentials, enter the user credentials. Then, choose Ok.
Note: The user credentials must be in the format: domain_name\username.