Voiced by Amazon Polly |
Introduction
The Remote Desktop Protocol (RDP) is used by Remote Desktop to connect to and access your instance like a desktop computer in front of you (local computer). It is accessible on most of Windows’s platforms as well as Mac OS.
The private key or the key pair is used to decrypt and using the decrypted password we can RDP to an Instance.
AWS Systems Manager is a set of tools that can assist you in managing the infrastructure and services that are hosted on the AWS Cloud. A System Manager makes it easier to manage applications, and resources to speed up the process of identifying and fixing operational issues. This aids in the safe, flexible management of your AWS resources.
AWS Key Management Service (KMS) gives you centralized control over the cryptographic keys used to protect your data. As a result of the service’s integration with other AWS services, you can more easily encrypt the data you keep there and manage who has access to the keys needed to decrypt it.
Scalable computing power is offered by Amazon Elastic Compute Cloud (Amazon EC2) in the Amazon Web Services (AWS) Cloud. By using Amazon EC2, you can develop and deploy apps more quickly because you won’t need to make an upfront hardware investment.
Freedom Month Sale — Upgrade Your Skills, Save Big!
- Up to 80% OFF AWS Courses
- Up to 30% OFF Microsoft Certs
Prerequisites
- In windows server SSM is supported for Windows Server 2016, 2019, and 2022.
- An instance that has the IAM policy AmazonSSMManagedInstanceCore attached.
- All the services should be in the same region.
Step-by-Step Guide to RDP into the EC2 using AWS SSM
Step 1: Try to RDP into EC2 using the RDP client and you will receive this error.
Step 2: Create AMI of the Instance.
- Go to EC2 dashboard -> In EC2 mark the check box of the required EC2 -> Action -> Image and templates -> Create Image.
Step 3: Create IAM Role
- In the search bar type IAM and enter.
- Select roles on the left blade and in the IAM dashboard select create roles and select AWS service
- Under common use case select EC2 and click next
- In Add permission select permission policy AmazonSSMManagedInstanceCore and click next. Review and create the role.
Step 4: Create EC2 using AMI and attach the IAM role created.
- Search for AMI in the search bar.
- Launch an instance from AMI
* In Ec2 Configuration
* Advance setting
*IAM instance profile
*Select the IAM role created.
- Create a new key pair or select any existing Key pair and Launch the Instance.
Step 5: Open SSM and change the password.
- Search for session manager in the search bar.
- In session manager in the left blade under Node management
*Session manager
*Preferences.
- In General preference click on Edit
* Enable the check box for KMS encryption and create a new KMS key.
- While creating the KMS key make sure KMS will be in the same region as other services à Key type symmetric
*Key usage encrypt and decrypt
*Keep default values in step2 and step3.
- In Define key usage permission enable on the IAM role created for SSM and create Key.
- Session manager preferences
* Edit and choose the KMS and save.
- Click session manager on the left blade
*Fleet manager.
- In Fleet manager select required instance
*node actions
*reset password.
- Enter the username and reset the password
*A CLI will pop out.
- Inside CLI change the password and re-enter to confirm.
Step 6: RDP to the instance.
- In EC2 instance
*Click on the required Instance and connect
*Download the RDP file and enter the password to RDP to the server.
Conclusion
When we accidentally lose or Delete the PEM file, we can’t decrypt the password and without a password, we can’t RDP to the server. Similarly, we need to make sure to use the same PEM file for EC2 and EC2 created by AMI. If we change the PEM file, then we can’t decrypt the PEM file and we can’t RDP to the server. To overcome this, we will use the AWS session manager, using this we can reset the password and RDP to the server without Decrypting the PEM file.
Freedom Month Sale — Discounts That Set You Free!
- Up to 80% OFF AWS Courses
- Up to 30% OFF Microsoft Certs
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. Does windows server 2008 support SSM?
ANS: – Yes, but as of January 14, 2020, Windows Server 2008 is no longer supported features or security updates from Microsoft.
2. Does SSM works on both Windows and Linux server?
ANS: – Yes, SSM works on both Windows and Linux server.
3. Is KMS essential in session management?
ANS: – Yes, and KMS created should be in the same region as EC2 instances are located.

WRITTEN BY H S Yashas Gowda
Yashas Gowda works as a Research Associate at CloudThat. He has good hands-on experience working on Azure and AWS services. He is interested to learn new technologies and tries to implement them.
Comments