2 Answers
- Newest
- Most votes
- Most comments
0
Hi! A couple different solutions:
- Update the Attached Security Group whenever your IP changes)
- If you can get a determined range of IPs that your provider may give you and you're comfortable with the security trade-offs/risk of opening up the rule, you can place those IP ranges in the Security Group inbound rule as well.
- (Newer Release from November 2021) You can use Fleet Manager in AWS Systems Manager to RDP to Windows servers: https://aws.amazon.com/about-aws/whats-new/2021/11/aws-systems-manager-console-windows-instances-security/
Is your Internet Service Provider doing any NATting that may cause the public IP to look different from the IP you are assigned?
Note: From a security perspective, I do not recommend leaving an inbound rule open to the world (0.0.0.0/0) as that allows anyone to reach your instance.
answered 2 years ago
0
Have you considered using AWS Session Manager (SSM). With SSM you don't need to open inbound ports. You can forward a port on a remote instance to a port on your local machine. This allows you to forward the traditional RDP port to an available port on your local machine. You can then use any RDP client to connect to the forwarded port on your local machine to access the instance in AWS.
SSM pre-requisites
- EC2 instance has internet connectivity (NAT gateway is fine), or is in a subnet that has VPC endpoints for SSM configured.
- EC2 instance is configured with an IAM instance profile assigned to the instance that has the AmazonSSMManagedInstanceCore managed policy attached (or similar permissions).
- EC2 instance is running the SSM Agent.
answered 2 years ago
Relevant content
- asked 3 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago