Step 2.2: Authorize RDP Access
Important
The AWS OpsWorks Stacks service reached end of life on May 26, 2024 and has been disabled for both new and existing customers.
We strongly recommend customers migrate their workloads to other solutions as soon as possible. If you have questions about migration, reach out to the AWS Support Team on AWS re:Post
Now that you have created a stack, you will create a layer and add a Windows instance to the layer. However, before you can do so, you must configure the stack to allow you to use RDP to connect to the custom layer's instances. To do so, you must do the following:
-
Add an inbound rule to the security group that controls RDP access.
-
Set your AWS OpsWorks Stacks permissions for this stack to allow RDP access.
When you create the first stack in a region, AWS OpsWorks Stacks creates a set of security
groups. They include one named something like AWS-OpsWorks-RDP-Server
,
which AWS OpsWorks Stacks attaches to all Windows instances to allow RDP access. However, by
default, this security group does not have any rules, so you must add an inbound
rule to allow RDP access to your instances.
To allow RDP access
-
Open the Amazon EC2 console
, set it to the stack's region, and choose Security Groups from the navigation pane. -
Choose AWS-OpsWorks-RDP-Server, choose the Inbound tab, and choose Edit.
-
Choose Add Rule and specify the following settings:
-
Type – RDP.
-
Source – The permissible source IP addresses.
You typically allow inbound RDP requests from your IP address or a specified IP address range (typically your corporate IP address range). For learning purposes, it's often sufficient to specify 0.0.0.0/0, which allows RDP access from any IP address.
-
The security group allows the instance to receive RDP connection requests, but that's only half the story. An ordinary user will log into the instance using a password provided by AWS OpsWorks Stacks. To have AWS OpsWorks Stacks generate that password, you must explicitly authorize RDP access for the user.
To authorize RDP for a user
-
In the AWS OpsWorks Stacks dashboard, choose the IISWalkthrough stack.
-
In the navigation pane for the stack, choose Permissions.
-
On the Permissions page, choose Edit.
-
In the list of users, select the checkbox for SSH/RDP for the user to whom you want to grant necessary permissions. If you want the user to also have administrator permissions, select sudo/admin as well.
-
Choose Save.
The user can then get a password and use it to log in to the instance, as described later.
Note
You also can log in as Administrator. For more information, see Logging in As Administrator.