3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
AWS Documentation (http://aws.amazon.com/documentation) » Amazon EC2 (http://aws.amazon.com/documentation/ec2) » User
Guide for Windows Instances (index.html) » Amazon EC2 Instances (Instances.html) » Instance Lifecycle (ec2-instancelifecycle.html) » Connecting to Your Windows Instance
Connecting to Your Windows Instance
Amazon EC2 instances created from most Windows Amazon Machine Images (AMIs) enable
you to connect using Remote Desktop. Remote Desktop uses the Remote Desktop Protocol
(RDP) and enables you to connect to and use your instance in the same way you use a
computer sitting in front of you. It is available on most editions of Windows and available
for Mac OS.
Important
The Windows Server 2016 Nano installation option (Nano Server) does not
support RDP. For more information, see Connect to a Windows Server 2016
Nano Server Instance (connecting_to_windows_instance.html#connecting-nano) .
For information about connecting to a Linux instance, see Connect to Your Linux Instance
(http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstances.html) in the Amazon
EC2 User Guide for Linux Instances.
Contents
Prerequisites (#rdp-prereqs)
Connect to Your Windows Instance (#connect-rdp)
Connect to a Windows Instance Using Its IPv6 Address (#connecting-to-windows-ipv6)
Connect to a Windows Server 2016 Nano Server Instance (#connecting-nano)
Transfer Files to Windows Instances (#AccessingInstancesWindowsFileTransfer)
Prerequisites
Install an RDP client
[Windows] Windows includes an RDP client by default. To verify, type mstsc at a
Command Prompt window. If your computer doesn't recognize this command,
see the Windows home page (http://windows.microsoft.com) and search for the
download for Remote Desktop Connection.
[Mac OS X] Use the Microsoft Remote Desktop app from the Apple App Store.
[Linux] Use rdesktop (http://www.rdesktop.org/) .
Get the ID of the instance
You can get the ID of your instance using the Amazon EC2 console (from the Instance
ID column). If you prefer, you can use the describe-instances
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
1/8
3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
(http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) (AWS CLI) or
Get-EC2Instance (http://docs.aws.amazon.com/powershell/latest/reference/items/GetEC2Instance.html) (AWS Tools for Windows PowerShell) command.
Get the public DNS name of the instance
You can get the public DNS for your instance using the Amazon EC2 console (check
the Public DNS (IPv4) column; if this column is hidden, choose the Show/Hide icon
and select Public DNS (IPv4)). If you prefer, you can use the describe-instances
(http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) (AWS CLI) or
Get-EC2Instance (http://docs.aws.amazon.com/powershell/latest/reference/items/GetEC2Instance.html) (AWS Tools for Windows PowerShell) command.
(IPv6 only) Get the IPv6 address of the instance
If you've assigned an IPv6 address to your instance, you can optionally connect to the
instance using its IPv6 address instead of a public IPv4 address or public IPv4 DNS
hostname. Your local computer must have an IPv6 address and must be con gured to
use IPv6. You can get the IPv6 address of your instance using the Amazon EC2
console (check the IPv6 IPs eld). If you prefer, you can use the describe-instances
(http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) (AWS CLI) or
Get-EC2Instance (http://docs.aws.amazon.com/powershell/latest/reference/items/GetEC2Instance.html) (AWS Tools for Windows PowerShell) command. For more
information about IPv6, see IPv6 Addresses (using-instance-addressing.html#ipv6addressing) .
Locate the private key
Get the fully quali ed path to the location on your computer of the .pem le for the
key pair that you speci ed when you launched the instance.
Enable inbound RDP tra c from your IP address to your instance
Ensure that the security group associated with your instance allows incoming RDP
tra c from your IP address. The default security group does not allow incoming RDP
tra c by default. For more information, see Authorizing Inbound Tra c for Your
Windows Instances (authorizing-access-to-an-instance.html) .
For the best experience using Internet Explorer, run the latest version.
Connect to Your Windows Instance
To connect to a Windows instance, you must retrieve the initial administrator password
and then specify this password when you connect to your instance using Remote Desktop.
The name of the administrator account depends on the language of the operating system.
For example, for English, it's Administrator, for French it's Administrateur, and for
Portuguese it's Administrador. For more information, see Localized Names for
Administrator Account in Windows
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
2/8
3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
(http://social.technet.microsoft.com/wiki/contents/articles/13813.localized-names-for-administratoraccount-in-windows.aspx) in the Microsoft TechNet Wiki.
If you've joined your instance to a domain, you can connect to your instance using domain
credentials you've de ned in AWS Directory Service. On the Remote Desktop login screen,
instead of using the local computer name and the generated password, use the fullyquali ed user name for the administrator (for example, corp.example.com\Admin) and the
password for this account.
The license for the Windows Server operating system (OS) allows two simultaneous remote
connections for administrative purposes. The license for Windows Server is included in the
price of your Windows instance. If you need more than two simultaneous remote
connections, you must purchase a Remote Desktop Services (RDS) license. If you attempt a
third connection, an error occurs. For more information, see Con gure the Number of
Simultaneous Remote Connections Allowed for a Connection
(http://technet.microsoft.com/en-us/library/cc753380.aspx) .
To connect to your Windows instance using an RDP client
1. In the Amazon EC2 console, select the instance, and then choose Connect.
2. In the Connect To Your Instance dialog box, choose Get Password (it will take a few
minutes after the instance is launched before the password is available).
3. Choose Browse and navigate to the private key le you created when you launched
the instance. Select the le and choose Open to copy the entire contents of the le
into the Contents eld.
4. Choose Decrypt Password. The console displays the default administrator password
for the instance in the Connect To Your Instance dialog box, replacing the link to Get
Password shown previously with the actual password.
5. Record the default administrator password, or copy it to the clipboard. You need this
password to connect to the instance.
6. Choose Download Remote Desktop File. Your browser prompts you to either open
or save the .rdp le. Either option is ne. When you have nished, you can choose
Close to dismiss the Connect To Your Instance dialog box.
If you opened the .rdp le, you'll see the Remote Desktop Connection dialog
box.
If you saved the .rdp le, navigate to your downloads directory, and open the
.rdp le to display the dialog box.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
3/8
3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
7. You may get a warning that the publisher of the remote connection is unknown. You
can continue to connect to your instance.
8. When prompted, log in to the instance, using the administrator account for the
operating system and the password that you recorded or copied previously. If your
Remote Desktop Connection already has an administrator account set up, you
might have to choose the Use another account option and type the user name and
password manually.
Note
Sometimes copying and pasting content can corrupt data. If you
encounter a "Password Failed" error when you log in, try typing in the
password manually.
9. Due to the nature of self-signed certi cates, you may get a warning that the security
certi cate could not be authenticated. Use the following steps to verify the identity of
the remote computer, or simply choose Yes or Continue to continue if you trust the
certi cate.
a. If you are using Remote Desktop Connection from a Windows PC, choose
View certi cate. If you are using Microsoft Remote Desktop on a Mac, choose
Show Certi cate.
b. Choose the Details tab, and scroll down to the Thumbprint entry on a Windows
PC, or the SHA1 Fingerprints entry on a Mac. This is the unique identi er for
the remote computer's security certi cate.
c. In the Amazon EC2 console, select the instance, choose Actions, and then
choose Get System Log.
d. In the system log output, look for an entry labeled RDPCERTIFICATE-THUMBPRINT.
If this value matches the thumbprint or ngerprint of the certi cate, you have
veri ed the identity of the remote computer.
e. If you are using Remote Desktop Connection from a Windows PC, return to the
Certi cate dialog box and choose OK. If you are using Microsoft Remote
Desktop on a Mac, return to the Verify Certi cate and choose Continue.
f. [Windows] Choose Yes in the Remote Desktop Connection window to connect
to your instance.
[Mac OS] Log in as prompted, using the default administrator account and the
default administrator password that you recorded or copied previously. Note
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
4/8
3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
that you might need to switch spaces to see the login screen. For more
information about spaces, see http://support.apple.com/kb/PH14155
(http://support.apple.com/kb/PH14155) .
g. If you receive an error while attempting to connect to your instance, see Remote
Desktop can't connect to the remote computer (troubleshooting-windowsinstances.html#rdp-issues) .
After you connect, we recommend that you do the following:
Change the administrator password from the default value. You change the password
while logged on to the instance itself, just as you would on any other Windows Server.
Create another user account with administrator privileges on the instance. Another
account with administrator privileges is a safeguard if you forget the administrator
password or have a problem with the administrator account. The user account must
have permission to access the instance remotely. Open System Properties, choose
Remote, and add the user to the Remote Desktop Users group.
Connect to a Windows Instance Using Its IPv6 Address
If you've enabled your VPC for IPv6 and assigned an IPv6 address to your Windows
instance, you can use an RDP client to connect to your instance using its IPv6 address
instead of a public IPv4 address or public DNS hostname. For more information, see IPv6
Addresses (using-instance-addressing.html#ipv6-addressing) .
To connect to your Windows instance using its IPv6 address
1. In the Amazon EC2 console, select the instance, and then choose Connect.
2. In the Connect To Your Instance dialog box, choose Get Password (it will take a few
minutes after the instance is launched before the password is available).
3. Choose Browse and navigate to the private key le you created when you launched
the instance. Select the le and choose Open to copy the entire contents of the le
into the Contents eld.
4. Choose Decrypt Password.
5. Copy the default administrator password. You need this password to connect to the
instance.
6. Open the RDP client on your computer.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
5/8
3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
7. [Windows] For the RDP client on a Windows computer, choose Show Options and do
the following:
For Computer, type the IPv6 address of your Windows instance, for example,
2001:db8:1234:1a00:9691:9503:25ad:1761.
For User name, enter Administrator.
Choose Connect.
[Mac OS X] For the Microsoft Remote Desktop app, choose New and do the following:
For PC Name, enter the IPv6 address of your Windows instance; for example,
2001:db8:1234:1a00:9691:9503:25ad:1761.
For User name, enter Administrator.
Close the dialog box. Under My Desktops, select the connection and choose
Start.
8. Due to the nature of self-signed certi cates, you may get a warning that the security
certi cate could not be authenticated. Use the following steps to verify the identity of
the remote computer, or simply choose Yes or Continue to continue if you trust the
certi cate.
9. When prompted, enter the password that you recorded or copied previously.
Connect to a Windows Server 2016 Nano Server Instance
Windows Server 2016 Nano Server does not support Remote Desktop connections. To
connect to a Windows Server 2016 Nano Server instance, you must connect using Windows
PowerShell, as described in the following procedure.
Prerequisites
Ensure that the security group associated with the instance allows inbound TCP tra c
from your IP address on port 5985 (HTTP).
Get the ID of the instance.
Get the public IP address of the instance. If you use the private IP address, you must
connect to the instance from another instance in the same virtual private cloud (VPC).
Get the fully-quali ed path to the location of the .pem le for the key pair that you
speci ed when you launched the instance. You need this to retrieve the Administrator
password for the instance.
To connect to a Nano Server instance
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
6/8
3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
1. Start a PowerShell session in administrator mode (from Start, Amazon Web
Services, right-click Windows PowerShell and choose Run as administrator).
2. Store the IP address of your instance in a variable as follows.
PS C:\> $ip = "198.51.100.1"
3. Add the IP address of your instance to the list of trusted hosts as follows. When
prompted for con rmation, press Enter. Note that you must do this step only the rst
time you connect to this instance from a computer.
PS C:\> Set-Item WSMan:\localhost\Client\TrustedHosts $ip
4. Retrieve the administrator password for your instance using the GetEC2PasswordData (http://docs.aws.amazon.com/powershell/latest/reference/items/GetEC2PasswordData.html) command as follows. Save the password, as you'll need it to
connect to the instance.
PS C:\> Get-EC2PasswordData -InstanceId i-1234567890abcdef0 -PemFile C:\path\mykey-pair.pem
5. Start the session as follows.
PS C:\> Enter-PSSession -ComputerName $ip -Credential ~\Administrator
6. When prompted for the password, specify the password that you saved. Upon
success, the prompt is modi ed with the IP address of your instance as follows,
indicating that any commands will be run on the instance.
[198.51.100.1]: PS C:\>
7. After you are nished, you can end the session as follows.
[198.51.100.1]: PS C:\> Exit-PSSession
WS-Management encrypts all transmitted Windows PowerShell data, even when you use
HTTP. If you prefer to connect to your Nano Server instance using HTTPS, you must
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
7/8
3/19/2018
Connecting to Your Windows Instance - Amazon Elastic Compute Cloud
connect using HTTP and enable HTTPS support. Before you can connect using HTTPS, you
must also add a rule to the security group associated with the instance that allows inbound
TCP tra c from your IP address on port 5986 (HTTPS). For more information, see
Con guring WinRM over HTTPS to enable PowerShell remoting
(https://blogs.technet.microsoft.com/uktechnet/2016/02/11/con guring-winrm-over-https-to-enablepowershell-remoting/) on the Microsoft TechNet Blog.
Transfer Files to Windows Instances
You can work with your Windows instance the same way that you would work with any
Windows server. For example, you can transfer les between a Windows instance and your
local computer using the local le sharing feature of the Microsoft Remote Desktop
Connection software. If you enable this option, you can access your local les from your
Windows instances. You can access local les on hard disk drives, DVD drives, portable
media drives, and mapped network drives. For more information, see the following articles
from Microsoft:
Make Local Devices and Resources Available in a Remote Session
(http://technet.microsoft.com/en-us/library/cc770631.aspx)
Getting Started with Remote Desktop Client on Mac (http://technet.microsoft.com/enus/library/dn473012.aspx)
How to copy les to and from Nano Server (https://msdn.microsoft.com/enus/library/mt708806.aspx)
© 2018, Amazon Web Services, Inc. or its a liates. All rights reserved.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
8/8