I have an EC2 Windows 2019 Server instance in a VPC in the private subnet. I have a bastion instance in the public subnet, and I know the bastion instance works, because it is being used for internet access for my Lambda API. I have VPC endpoints to:
I would like to connect with RDP to the EC2 instance to manage my MySQL RDS instance. I have been trying to get Systems Manager Session Manager Port Forwarding to work, following several guides.
I have tried every guide I could find, and everything seem correctly setup.
Is it required to have specific ports setup inbound / outbound on the bastion instance SG, or on the SG the EC2 I want to RDP to is in? I have not been able to see that anywhere.
I have run AWSSupport-TroubleshootRDP and everything pass with "Success" and from the output everything looks good.
When I run the port forwarding command on my machine it starts the session, but I never get "Connection accepted" and the RDP connection fails when I try that.
Can anyone point me to what else I can do to verify that I have the correct network configurations, and to test why I am not getting "Connection accepted", as I have seen I should be getting from the guides.
Thanks in advance.
To test the ability to run RDP via Session Manager Port Forwarding, I did the following:
AmazonSSMManagedInstanceCore permissionsaws ssm start-session --target i-xxx --document-name AWS-StartPortForwardingSession --parameters '{"portNumber":["3389"],"localPortNumber":["3389"]}'
localhostSo, yes, you can use Session Manager Port Forwarding to establish an RDP connection with a Windows instance even if it is in a private subnet (which I simulated by removing all inbound rules on the security group).
If you are having further problems, it might be due to your VPC Endpoint configurations.