In this exercise we will use AWS Trusted Advisor’s basic security checks to identify remote access risks associated with the EC2 instance and fix them. Furthermore, we will use AWS Systems Manager’s feature to secure our remote access.
Note: For this lab, it is assumed that Microsoft Windows based EC2 instance is already created with default settings. For instructions to create EC2 Instance please follow the link.
From the AWS console, click Services and select Trusted Advisor.
On the Trusted Advisor console click on Refresh All icon on the right side as shown below.
Click on Edit inbound rules.
Click Delete associated with the open port of 3389. Click Save rules, which will remove the rule permanently.
Now to access the EC2 instance securely, we will be using AWS System’s Manager capability called Session Manager.
From the AWS console, click Services and select Systems Manager.
Click on Fleet Manager under Node Management on the menu at the left side of Systems Manager console.
Click on Get Started.
You will see your instance(s) listed which are managed by Systems Manager.
Click on the Settings tab.
Click on Change account setting button in order to use an Advanced Instance Tier which allows you to use Session Manager capability.
Accept the changes by clicking on the checkbox and click on Change setting.
Click on Session Manager under Node Management on the menu at the left side of Systems Manager console.
Click on Start Session on upper right.
Select the instance that you want to have access and then click Start session.
For more information please read the AWS User Guide: https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor.html https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html