- Newest
- Most votes
- Most comments
It sounds like the instance is not in a Public Subnet. https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-types
Your EC2 instance is in a private subnet. It is not possible to directly connect to it via the Internet, however, there is a way using AWS Systems Manager Session Manager which I will describe below
- Make sure the EC2 instance has the SSM agent installed and IAM role assigned to allow SSM access.
- Install the SSM Session Manager plugin on your local machine if using the console.
- In the AWS Systems Manager console, go to the Session Manager page. Click "Start Session"
- Select the instance ID of the private Windows server and choose "Session Manager" as the connection type.
- In the session start options, enable "Enable remote start of excluded services" to allow the RDP service to be started.
- Click "Start Session" to initiate the Session Manager connection.
- Once connected via Session Manager, you can open a PowerShell window and run:
mstsc /v:127.0.0.1:3389
This will launch the RDP client connected via the Session Manager tunnel to your private instance.
- Login with valid RDP credentials to access the desktop of the private Windows server.
The key requirements are the SSM agent on the instance, appropriate IAM permissions, and enabling remote service start for RDP in the session options. This allows RDP over Session Manager without any inbound RDP port access needed.
I am currently working to try the new connection endpoint to see if I can connect to the private network. I will also try the session manager and let you know which one works for me. Thank you.
Were you not able to connect or ping the elastic IP from within the same VPC\Subnet?
alantam, I cannot access the windows instance to ping anything. I need the Elastic IP to work so I can access the Windows instance. Also RDP is not working to acceess the instance.
Alantam, I have been working on the connection endpoint to connect to my private subnet. I created the endpoint and I am now in the process of creating the IAM user with the necessary permissions to run the open tunnel commands to connect to the instance in the private subnet from my laptop. Also I updated to the new latest AWS cli version to run the open tunnel commands. If this works, I will post and let you know.
Please use VPC Reachability Analyzer to validate the route between the Elastic IP and the Internet Gateway.
Kentrad, in the process of using Reachability Analyzer as you suggested. Analyzing Elastic IP source to the management IP of the Windows instance I will post the results when the analyzer is complete.
Kentrad, in the Reachabily Analyzer utility has no selection to input the source type as Elastic IP. I used the VPC gateway as the source to the Windows instance mgmt IP and the result connection was not reachable.
Relevant content
- asked a year ago
- asked 8 months ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 2 years ago
alantam, I created a windows instance and need to access the windows instance to login to the windows instance by using an Elastic IP. The windows instance is on a private subnet. How can I access the windows instance and login? The Elastic IP's are not working and not connecting to the Windows instance. Note. the RDP connection is also not working to connect me to the Windows instance. Any suggestions? I checked the link you provided and it says I require a network gateway to connect a private subnet to the internet. Is this the only way to access my windows instance and login to window?
If your windows instances is on a private subnet, you would need to have a Net Gateway attached to that subnet so that instances in the subnet can access Internet. But it will still not allow you to access the instance from Internet. To access the instance who has the Elastic IP, you need to have that instance in the Public subnet which has a direct route to the Internet Gateway. But this is not secure since you are exposing the instance on the Internet. Another way is to leave the instance in the private subnet, remove the public IP, and use EC2 Instance Connect Endpoint to connect to it. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-with-ec2-instance-connect-endpoint.html
Hello alantam,
I was able to connect to my instance private subnet using the connection endpoint you suggested. Configuring the connection endpoint went well. There were other steps involved that I found at the link here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connect-using-eice.html.
I followed the title in the document “Connect to your windows instance using RDP”.
Thank you for your help. I