- Newest
- Most votes
- Most comments
Hello.
If you can set up a NAT Gateway or Systems Manager VPC endpoint in your VPC, you can use RDP with Session Manager's port forwarding feature.
I think this option is effective if you are already managing EC2 with Systems Manager.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/
Another option is to RDP using the EC2 Instance Connect Endpoint.
With EC2 Instance Connect Endpoint, you can RDP connect to EC2 without setting up a NAT Gateway or VPC endpoint.
https://aws.amazon.com/blogs/compute/secure-connectivity-from-public-to-private-introducing-ec2-instance-connect-endpoint-june-13-2023/
https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-ec2-instance-connect-ssh-rdp-public-ip-address/?nc1=h_ls
Hi Riku_Kobayashi, is it possible that I create an OpenVPN Linux instance with Public IP and still RDP into private Windows instance and if so do I need to add any security group rule?
To add, you can use fleet manager directly via Web Based RDP so long as SSM is up and working via a NAT gateway or VPC Endpoints https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-rdp.html
It is possible to create an OpenVPN Linux instance and connect it to a private Windows instance. However, this is not recommended as it requires constant awareness of version control of the Linux instance's OS and middleware. Rather than creating an OpenVPN Linux instance, I recommend using the EC2 Instance Connect endpoint or setting up AWS ClientVPN. https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html