Securely Access Windows Instances Using RDP and AWS Systems Manager Session Manager

Подписаться 754 тыс.

Просмотров 60 тыс.

50% 1

In this video, you'll see how to securely access Windows instances using Remote Desktop Protocol (RDP) and AWS Systems Manager Session Manager. With Session Manager, you can improve the security of your remote instances, limit their surface of attack, and access instances without enabling the RDP port.
Learn more about AWS Management & Governance at - go.aws/2xJLszA
Subscribe:
More AWS videos bit.ly/2O3zS75
More AWS events videos bit.ly/316g9t4
#AWS #AWSDemo

Наука

Опубликовано:

7 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 32

@hisatnam 2 года назад

Thanks for explaining. I want to create users with given time frame. Is it possible within session Manager?

@samk_jg Год назад

awesome tutorial👋

@-q-b0_1 4 года назад

Awesome

@user-uj7ip1ko3v 4 месяца назад

at 3:40 you are saying "Lets review the AWS User Account We Have Setup". When did we set it up? where is the explanation about setup?

@ManojMarneni 2 месяца назад

Did you find how this users were setup?

@sairamakrishna2776 2 года назад

Can we somehow bypass(without any prompt and entering creds) the windows security authentication while starting an RDP port forwarding session with Windows Ec2 ?

@guillaume.bourquelevio1281 Год назад

Very good presentation, well organized, but why don't you share all code samples used to deployed this ?

@JonRumfelt1975 3 года назад

Is it possible to do this without Cli installed? We aren’t allowed to use it, but have the powershell commands instead. Also, why so many steps to connect each time? Can’t we get a web based rdp from console?

@leihan57 3 года назад

Windows servers do not have the sessions manager pre-installed. I've looked all over and tried for hours, but all in vain. Could you explain how to install the SSM on windows server 2019?

@omarismail1405 2 года назад

um..... but nothing is logged when using RDP :-( would be good if there was a way to record and use machine learning to find what the user was doing at the time and be able to replay from an S3 bucket. Maybe that could be a future feature request ;) Thanks

@bhaveshvyas4105 3 года назад

Where I can find the policy attached to the SampleUser ??

@wh4t3VAH 2 года назад

Had the same question. You can get it from here: docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-quickstart.html and add the PortForwarding one

@itwish3601 3 года назад

Hello, My Instance is running a DC and i cannot create a local user through session manager. What is the work around for the same or if you can create a seperate video for the same. Also is there any way to automate the process of installation of Session Plugin along with the CLI command for starting the session. Please guide on this.

@DavidJJJ 3 года назад

You can use this if you want to try a bastion approach.

@jytan740 Год назад

is there even easier way to "RDP" in? e.g. Click connect and it will show like the login windows screen of a hypervisor. If there is no need to open a browser to access applications, I wouldn't need to "RDP" in.

@djtommy4879 3 года назад

This is Windows Server is still on public subnet. But how can I remote control the Windows Server on private subnet without any public IP attached?

@jakekudiersky3362 3 года назад

To do so you will need to create a VPC endpoint for ssm, ssm:messages ec2 and ec2messages, assign them to the private subnet. Ensure port 443 is open to your VPC. SSM agent must be installed on the instance and instance role with ssm ec2:messages and ssm:messages

@DavidJJJ 3 года назад

You can use this also. aws.amazon.com/blogs/security/controlling-network-access-to-ec2-instances-using-a-bastion-server/

@sheikhs121 2 года назад

Is SSM agent supported in lightsail Windows instance?

@L0nelyRogue 4 года назад

To start Session through System Manager, prerequisite is installation of SSM Agent, is it not? I spin up new Linux Red Hat and when tried to start Session, it asked for it. It means I have to enable SSH port, open Putty, install Agent, then use Session Manager.. right? -- In 'thoughts'...

@lvinokur 4 года назад

Correct. You can automate SSM agent installation using user-data or your preferred CM tools (Chef/Puppet/Ansible/etc)

@DavidJJJ 3 года назад

This is so convoluted, why not just setup a small ubuntu jump box with port forwarding? Secure it with IP restriction and it would be easier to use. I just wish AWS had JIT like Azure does, it would make it easier, I'm about to implement the same thing in Lambda so we can securely access our hosts without having RDP open to the world.

@varun1st 2 года назад

Port forwarding way has lot of pre-reqs to meet before enabling end user/each Admin user to use that way of connecting to windows/linux EC2 machines.

@PradeepYadav1991 2 года назад

What is the cost of System Manager with Session Manager?

@shadyapp7416 4 месяца назад

Will it still work if instance doesnt have a public ip? Thanks in advance

@awssupport 4 месяца назад

Hi there! This doc will walk you through connecting to your instance without a public IP: go.aws/3V888lo. 📚 If you need additional help, you can reach out to our community of experts in re:Post: go.aws/aws-repost. 👨‍💻 ^RS

@shadyapp7416 4 месяца назад

@@awssupportappreciate your quick response

@awssupport 4 месяца назад

No problem! We're here if you need any additonal guidance. 🧭 ^RS

@AliKhan12345 4 года назад

This is cool, but someone I know has already done this. So not something new tbh

@maheshbasapur 9 месяцев назад

at 3:40 you are saying "Lets review the AWS User Account We Have Setup". When did we set it up? where is the explanation about setup?

@awssupport 9 месяцев назад

Hi, Mahesh. It looks like the video assumes that you have an AWS account. Please be sure to post on our re:Post forum should you have any questions or require any assistance: go.aws/3PZHlVu. ^CM