AWSSupport-ManageRDPSettings - Amazon Systems Manager Automation Runbook Reference
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWSSupport-ManageRDPSettings

Description

The AWSSupport-ManageRDPSettings runbook allows the user to manage common Remote Desktop Protocol (RDP) settings, such as the RDP port and Network Layer Authentication (NLA). By default, the runbook reads and outputs the values of the settings.

Important

Changes to the RDP settings should be carefully reviewed before running this runbook.

Run this Automation (console)

Document type

Automation

Owner

Amazon

Platforms

Windows

Parameters

  • AutomationAssumeRole

    Type: String

    Description: (Optional) The Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.

  • InstanceId

    Type: String

    Description: (Required) The ID of the managed instance to manage the RDP settings of.

  • NLASettingAction

    Type: String

    Valid values: Check | Enable | Disable

    Default: Check

    Description: (Required) An action to perform on the NLA setting: Check, Enable, Disable.

  • RDPPort

    Type: String

    Default: 3389

    Description: (Optional) Specify the new RDP port. Used only when the action is set to Modify. The port number must be between 1025-65535. Note: After the port is changed, the RDP service is restarted.

  • RDPPortAction

    Type: String

    Valid values: Check | Modify

    Default: Check

    Description: (Required) An action to apply to the RDP port.

  • RemoteConnections

    Type: String

    Valid values: Check | Enable | Disable

    Default: Check

    Description: (Required) An action to perform on the fDenyTSConnections setting.

Required IAM permissions

The AutomationAssumeRole parameter requires the following actions to use the runbook successfully.

The EC2 instance receiving the command must have an IAM role with the AmazonSSMManagedInstanceCore Amazon managed policy attached. The user must have at least ssm:SendCommand to send the command to the instance, plus ssm:GetCommandInvocation to be able to read the command output.

Document Steps

aws:runCommand - Run the PowerShell script to change or check the RDP settings on the target instance.

Outputs

manageRDPSettings.Output