Access Windows instances through Web-Browser using AWS System Manager Fleet Manager
When creating RDP connections to Windows servers in the past, clients had to decide which was more important: security or cost. Customers may now easily and securely access Windows servers through RDP using a browser thanks to Fleet Manager’s newest capability.
Now, you may quickly and easily login to your instances from the AWS Management Console via the browser. With the help of this functionality, you may establish an RDP connection to your Windows instance without disclosing the RDP port to the public, hence minimizing the attack surface. All AWS Regions that support AWS Systems Manager provide console-based access to Windows Instances in Fleet Manager.
Operational Excellence is one of the critical pillars of the AWS Well-Architected Framework. Best practices are recommended to help you run workloads effectively, gain insights into workload operations, and continuously improve supporting processes and procedures to deliver business value.
AWS Systems Manager is a service that lets companies automate and manage their operations in the cloud and on-premises.
In particular, Fleet Manager offers a console-based experience, enabling system administrators to view and administer their fleet of instances from a single place. Fleet Manager provides administrators with an aggregated view of their compute resources regardless of their location.
Accessing instances using RDP
Through the Remote Desktop Protocol, system administrators may connect to Windows-based instances using a Graphical User Interface (GUI). One method for achieving this was connecting to the Windows computers through an RDP client. The biggest drawback of this approach is the manual and time-consuming nature of configuring settings like the password and destination endpoint for the RDP session.
An approach is to proxy the RDP connections and set up bastion hosts, server instances that may safely access other servers on your network. However, more manual setting is necessary for this operation. Due to the excessive provisioning, this design may be more costly and prone to errors, increasing the operating burden on system managers. Furthermore, while building architectures, security is one of the top objectives. You want to create systems for secure RDP access without assigning public IP addresses or opening inbound ports to the instances.
Security and operational overhead are the key drawbacks of the older RDP systems. It is difficult to access numerous instances that way. Additionally, manually logging into Amazon EC2 instances raises the possibility of mistakes and misconfigurations, which might result in downtime or security threats.
Console-based RDP access to Windows instances
Using an RDP connection, AWS Systems Manager Fleet Manager allows a console-based management interface for Windows instances. Through the NICE DCV protocol, these sessions are accessible through your web browser.
Customers may now manage Windows instances and configure secure connections using a complete GUI thanks to this new functionality. Using console-based access to Windows instances has a number of benefits, such as:
- Connect, view, and interact with up to four instances side-by-side within a single web browser window.
- Quickly establish a connection via the AWS Management Console. Fleet Manager uses Session Manager to connect to Windows instances using RDP, so there’s no need to set up additional servers or install additional software and plugins.
- Use Windows credentials, Amazon Elastic Compute Cloud (Amazon EC2) key pairs, or AWS Single Sign-On (SSO) to securely login to your instances. Now, system administrators have the option to RDP into the instance without providing a login or password. Furthermore, there is no need of instance security groups to allow direct inbound access to RDP ports.
Demonstration
Prerequisites
The following requirements must be fulfilled to open an RDP connection to an instance:
- It must be a Windows instance
- The SSM agent installed must be preinstalled and is available by default on many AMIs
- Associate an EC2 key pair or Windows User Credentials
- It must be able to access the public or private SSM endpoints
To use Fleet Manager, a capability of AWS Systems Manager, the instance profile attached to your instance must have the required permissions. It must have the Systems Manager EC2 instance profile and Fleet Manager permissions.
Connect to the instance via RDP
Open the AWS Systems Manager interface. Select Fleet Manager from the Node Management section on the left pane. This directs you to the Fleet Manager page, where the Managed Instance view lists all of the instances that may be accessed, whether they are on-premises or in the cloud.
In this situation, you can see the Windows instance to which you want to establish an RDP connection. Check to see if the SSM Agent’s ping status is online. If it’s not, you can investigate why. Select Node actions after choosing the instance you wish to connect to. Then, choose Connect with Remote Desktop from the drop-down option.
This takes you to the Remote Desktop connection page.
On this screen, you may select how you wish to log in to the instance. Use the EC2 key pair that was stored when the EC2 instance was launched in this situation. Locate the EC2 key pair on your local system, select it, and click Connect. As an alternative, you can choose to log in to the instance with your Windows credentials.
You are now connected to the instance through RDP. Select End Session in the top right of the panel to exit the instance.
Up to four nodes, or Windows instances, can be connected in this view.
Conclusion:
So far in this post we have discussed what is AWS System Manager Fleet Manager and what are it’s uses, how to establish a remote session to a windows instance using SSM Fleet Manager in AWS.
If you need help with DevOps practices, or AWS at your company, feel free to reach out to us at Opsnetic.
Contributed By: Raj Shah
