How to get multiple user remote access for AWS Windows instance? - amazon-web-services

How to get remote control access (RDP) for simultaneous multiple users on a Windows Server on AWS instance?
What are the charges if it incurs any?

You can create as many users as you like (within Windows limitations), but to have more than two RDP sessions on the same time you have to buy your own license, AWS does not provide it.
If you need more than two simultaneous remote connections, you must
purchase a Remote Desktop Services (RDS) license. (Source at AWS)

As far as I understand, adding new users to Windows Server would have to be done the same way new users are added to Linux Instances -> through userdata or cloud-init part, programatically.
For Windows that would be a powershell command, something like this: https://gallery.technet.microsoft.com/scriptcenter/Add-AD-UserGroup-to-RDP-c17b24a4
As for charges, I am not aware of additional charges, but not a windows expert here.

I understand that we can create 2 users for free in a Windows instance. So, I created a new user from the Control Panel of Windows server instance and used this new user name and password to login for the second user and it worked. I've not tried with even more users. I think that would incur cost. But not sure.

Related

Is there a way possible to not just switch on the windows Instance in GCP but also log in to a specific user account?

I have auto scheduled my instance timings in Windows Server over GCP using the cloud functions. Now I all I want to do is that during the switchinch on of the instance, It should also log in to a specific user account - as I have setup some startup scripts for different users. Does anyone know or have tried some way to perform this?
My end goal is whenever my instance is switched on it should not just switch on but log into the windows instance with a specified user which happens through RDP manually.

AWS Session Manager Raspberry-pi/Beaglebone

I am trying to manage a Beaglebones/Raspberry-pis using AWS System Manager.
I registered it on the AWS System Manager shown in the pic below.
However, it does not appear in the Session Manager tab
In the Manage Instances tab I can try the Start Session action.
When I try to start the session like the image above, I get the error shown below which is not all that helpful.
Does anyone know how to make the session manager work with hardware like beaglebones or raspberry-pis? Would it be a matter that AWS would only support Sessions with EC2 instances? Or maybe it is incompatible with the Beaglebone/Raspberry?
Session Manager currently only supports connections to EC2 instances. On-premises managed instances (which is what a Raspberry is after it's registered) are not supported by Session Manager today.
Other features of AWS Systems Manager will work - you can, for example, use Run Command to execute actions on your Raspberry instance.

AWS share custom AMI build instructions

I want to use a trusted cloud provider (I chose Amazon, maybe there is an alternative) to share an application without leaking its code.
The application is supposed to use the customer data, and I want to prove to him that I am not using his data for any other purpose.
So, is there any way to ask Amazon for publishing the instructions I followed to create an Amazon Machine Image which contains the application so that the user can happily instantiate the machine send it his data without any fear of any misuse?
Please help me, thanks a lot
You can create an AMI and grant permission for your user to launch an Amazon EC2 instance in their own AWS Account that uses that AMI.
Any data they place on the instance will remain within their AWS Account and you will not have access to it.
However, they might argue that there could be some software installed in the AMI that secretly sends their data to another computer on the Internet, so they might prefer to install the software themselves rather than use a pre-built AMI. However, unless they look through your entire source code, they wouldn't know whether your software itself is stealing data, either!

Accessing a database inside an EC2 instance

Is it possible to create a database server (MySQL or PostgreSQL) inside an EC2 instance (running Windows 2016) and access it the way we access an RDS or do I need to have a separate RDS for that purpose?
My plan was to have an EC2 instance and use it as a server for accessing some Windows applications to my (small) company as well as an always-available database to store our reports.
Please let me know if I am on the wrong path.
Yes, you can install MySQL or PostgreSQL on an EC2 instance, just like you would for a server that was within your company.
You of course won't have all of the extra redundancy/backup features that RDS provides for you - unless you start adding all of that yourself i.e. automated backups, slave/master configurations, read replicas etc. (and if you do start adding all of those extra features in I would reconsider your decision not to use RDS).
I do this for some smaller, less mission critical solutions I support, and generally have not had many issues; I still prefer RDS when possible, but its not always an option for me.
You can install and configure DB on windows and access from your app. the endpoint will be windows machine IP and running service port. you have to allow the application from the security group.

Securing Folder on EC2 Amazon Marketplace AMI

I'm planning to start a small business and submit an Linux AMI to Amazon's AWS Marketplace. As I'm reading the seller's guide, I see this:
AMIs MUST allow OS-level administration capabilities to allow for compliance requirements, vulnerability updates and log file access. For Linux-based AMIs this is through SSH." (6.2.2)
How can I protect my source code if anyone who uses my product can SSH to the machine and poke around? Can I lock down certain folders yet still allow "os-level administration"?
Here is a bit of context if needed:
I'm using Ubuntu Server 16.04 LTS (HVM), SSD Volume Type (ami-cd0f5cb6) as my base AMI
I'm provisioning a slightly modified MySQL database that I want my customers to be able to access. This is their primary way of interacting with my service.
I'm building a django web service that will come packaged on the AMI. This is what I'd like to lock down and prevent access to.
Whether or not you provide SSH access, it'll always be possible for your users to mount the root EBS-volume of your AMI on another EC2-instance to investigate its contents, so disabling SSH or making certain files unreadable for an SSH-user doesn't help you in this regard.
Instead of trying to to keep users away from your source code I suggest you simply state clearly what the users are allowed to do with it and what not in the terms of service.
Even large companies provide OS-images which contain the source code of their applications (whenever they use a scripting language) in clear form or just slightly obfuscated.