Configure the AL2 MATE desktop connection - Amazon Linux 2
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configure the AL2 MATE desktop connection

The MATE desktop environment is pre-installed and pre-configured in AMIs with the following description:

".NET Core x.x, Mono x.xx, PowerShell x.x, and MATE DE pre-installed to run your .NET applications on Amazon Linux 2 with Long Term Support (LTS)."

The environment provides an intuitive graphical user interface for administering AL2 instances with minimal use of the command line. The interface uses graphical representations, such as icons, windows, toolbars, folders, wallpapers, and desktop widgets. Built-in, GUI-based tools are available to perform common tasks. For example, there are tools for adding and removing software, applying updates, organizing files, launching programs, and monitoring system health.

Important

xrdp is the remote desktop software bundled in the AMI. By default, xrdp uses a self-signed TLS certificate to encrypt remote desktop sessions. Neither Amazon nor the xrdp maintainers recommend using self-signed certificates in production. Instead, obtain a certificate from an appropriate certificate authority (CA) and install it on your instances. For more information about TLS configuration, see TLS security layer on the xrdp wiki.

Note

If you prefer to use a virtual network computing (VNC) service instead of xrdp, see the How do I install a GUI on my Amazon EC2 instance running AL2 Amazon Knowledge Center article.

Prerequisite

To run the commands shown in this topic, you must install the Amazon Command Line Interface (Amazon CLI) or Amazon Tools for Windows PowerShell, and configure your Amazon profile.

Options
  1. Install the Amazon CLI – For more information, see Installing the Amazon CLI and Configuration basics in the Amazon Command Line Interface User Guide.

  2. Install the Tools for Windows PowerShell – For more information, see Installing the Amazon Tools for Windows PowerShell and Shared credentials in the Amazon Tools for Windows PowerShell User Guide.

Tip

As an alternative to doing a full installation of the Amazon CLI, you can use Amazon CloudShell for a browser-based, pre-authenticated shell that launches directly from the Amazon Web Services Management Console. Check supported Amazon Web Services Regions, to make sure it's available in the region you are working in.

Configure the RDP connection

Follow these steps to set up a Remote Desktop Protocol (RDP) connection from your local machine to an AL2 instance running the MATE desktop environment.

  1. To get the ID of the AMI for AL2 that includes MATE in the AMI name, you can use the describe-images command from your local command line tool. If you have not installed the command line tools, you can perform the following query directly from an Amazon CloudShell session. For information about how to launch a shell session from CloudShell, see Getting started with Amazon CloudShell. From the Amazon EC2 console, you can find the MATE-included AMI by launching an instance, and then entering MATE in the AMI search bar. The AL2 Quick Start with MATE pre-installed will appear in the search results.

    aws ec2 describe-images --filters "Name=name,Values=amzn2*MATE*" --query "Images[*].[ImageId,Name,Description]" [ [ "ami-0123example0abc12", "amzn2-x86_64-MATEDE_DOTNET-2020.12.04", ".NET Core 5.0, Mono 6.12, PowerShell 7.1, and MATE DE pre-installed to run your .NET applications on Amazon Linux 2 with Long Term Support (LTS)." ], [ "ami-0456example0def34", "amzn2-x86_64-MATEDE_DOTNET-2020.04.14", "Amazon Linux 2 with .Net Core, PowerShell, Mono, and MATE Desktop Environment" ] ]

    Choose the AMI that is appropriate for your use.

  2. Launch an EC2 instance with the AMI that you located in the previous step. Configure the security group to allow for inbound TCP traffic to port 3389. For more information about configuring security groups, see Security groups for your VPC. This configuration enables you to use an RDP client to connect to the instance.

  3. Connect to the instance using SSH.

  4. Update the software and kernel on the instance.

    [ec2-user ~]$ sudo yum update

    After the update completes, reboot the instance to ensure that it is using the latest packages and libraries from the update; kernel updates are not loaded until a reboot occurs.

    [ec2-user ~]$ sudo reboot
  5. Reconnect to the instance and run the following command on your Linux instance to set the password for ec2-user.

    [ec2-user ~]$ sudo passwd ec2-user
  6. Install the certificate and key.

    If you already have a certificate and key, copy them to the /etc/xrdp/ directory as follows:

    • Certificate — /etc/xrdp/cert.pem

    • Key — /etc/xrdp/key.pem

    If you do not have a certificate and key, use the following command to generate them in the /etc/xrdp directory.

    $ sudo openssl req -x509 -sha384 -newkey rsa:3072 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 365
    Note

    This command generates a certificate that is valid for 365 days.

  7. Open an RDP client on the computer from which you will connect to the instance (for example, Remote Desktop Connection on a computer running Microsoft Windows). Enter ec2-user as the user name and enter the password that you set in the previous step.

To disable xrdp on your Amazon EC2 instance

You can disable xrdp at any time by running one of the following commands on your Linux instance. The following commands do not impact your ability to use MATE using an X11 server.

[ec2-user ~]$ sudo systemctl disable xrdp
[ec2-user ~]$ sudo systemctl stop xrdp
To enable xrdp on your Amazon EC2 instance

To re-enable xrdp so that you can connect to your AL2 instance running the MATE desktop environment, run one of the following commands on your Linux instance.

[ec2-user ~]$ sudo systemctl enable xrdp
[ec2-user ~]$ sudo systemctl start xrdp