Secure Connection to EC2 Windows using SSH Port Forwarding
Using SSH port forwarding, you can access an EC2 Windows in a private subnet through a bastion host in a public subnet. Enjoy AWS.
Overview
Creating Private Subnet
Create a private subnet. If you already have one, you can skip this.
Creating Route Table
Create a route table and associate it with the private subnet.
Creating NAT Gateway
If an EC2 Windows needs access to the Internet, create a NAT gateway in a public subnet.
After creating the NAT gateway, attach it to the route table.
Creating SSH Bastion Host
Create an EC2 instance in the public subnet as a bastion host, and open ports 22 and 3389 in a security group inbound setting.
Creating Windows Instance
Create an EC2 Windows instance in the private subnet.
To obtain the account information for remote desktop connection, navigate to Actions and select Get Windows Password.
Open ports 22 and 3389 to allow inbound traffic only from the SSH bastion host.
Testing Connection
Using any terminal you prefer, enter the following command to establish a connection between your PC and the SSH bastion host.
ssh -i <YOUR_PRIVATE_KEY> -L 13389:<YOUR_EC2_WINDOWS_IP>:3389 ec2-user@<YOUR_SSH_BASTION_IP>
This command forwards any traffic from local port 13389 to the EC2 Windows instance in the private subnet via the SSH bastion host.
Now you can initiate your remote desktop session on localhost:13389.
Conclusion
Using SSH port forwarding, AWS users can securely connect to EC2 Windows instances in private subnets through Remote Desktop.
I hope you will find this post useful.
