It may be a bit perverse, but I wanted to hit a Windows EC2 instance from my Mac. After a little hitch getting started, I got it to work. There are a few quirks about accessing Windows instances, though.
First off, SSH is not enabled by default. You’ll need to use remote desktop to access your instance. Remote desktop uses port 3389, so the first step is to create a new security group for Windows desktop access
$ ec2-add-group windows -d 'Windows remote desktop access' GROUP windows Windows remote desktop access
Then, allow access to port 3389 from your desired origin. I’m allowing it from anywhere, which isn’t a great idea, but I’m on the road a lot. I never know what the hotel’s network origin will be.
$ ec2-authorize windows -p 3389 -P tcp GROUP windows PERMISSION windows ALLOWS tcp 3389 3389 FROM CIDR 0.0.0.0/0
Obviously, you could add that permission to any existing group that you already use.
There’s a bit of a song and dance to log in. Where Linux instances typically use SSH with public-key authentication, Windows server requires a typed password. Amazon has come up with a reasonable, but slightly convoluted, way to extract a randomized password.
You will need to start your instance in the new security group and with a keypair. The docs could be a little clearer, in that here you’re providing the name of the keypair as it was registered with EC2. The first few times I tried this, I was giving it the path of the file containing the keypair, which doesn’t work.
$ ec2-describe-keypairs KEYPAIR devkeypair 02:10:65:9e:51:73:7e:93:bd:30:e2:5d:91:03:d5:e1:d4:0e:c0:f4 $ ec2-run-instances ami-782bcf11 -g windows -k devkeypair RESERVATION r-82429ceb 001356815600 windows INSTANCE i-f172db98 ami-782bcf11 pending devkeypair 0 m1.small 2008-10-23T20:01:36+0000 us-east-1a windows
After all that, and waiting through a Windows boot cycle, you can access the Windows desktop through RDP.
What’s that? You don’t have an RDP client, because you’re a Mac user? I like CoRD for that. I also saw a lot of references to rdesktop, which is available through Darwin Ports. (For today, I wasn’t prepared to install Ports just to try out the Windows EC2 instance!)
Extract the public IP address of your instance:
$ ec2-describe-instances RESERVATION r-82429ceb 001356815600 windows INSTANCE i-f172db98 ami-782bcf11 ec2-75-101-252-238.compute-1.amazonaws.com domU-12-31-39-02-48-31.compute-1.internal running devkeypair 0 m1.small 2008-10-23T20:01:36+0000 us-east-1a windows
Fire up CoRD and paste the IP address into "Quick Connect".
Well, now what? Obviously, you’ll use "Administrator" as the username, but what’s the password? There’s a new command in the latest release of ec2-api-tools called "ec2-get-password".
$ ec2-get-password i-f172db98 -k keys/devkeypair.pem edhnsNG1J5
Note that this time, I’m using the path of my keypair file. EC2 uses this to decrypt the password from the instance’s console output. At boot time, Windows prints out the password, encrypted with the public key from the keypair you named when starting the instance.
Success at last: fully logged in to my virtual Windows server from my Mac desktop.