I just started working with AWS free tier to start getting familiar with it. Knowing that having RDP open to the outside is a bad thing, I’m trying to figure out the best way to get to and manage the Windows servers. At this point I’m thinking of installing (and learning about) OpenVPN on a Linux server and using that as a jumping off point. Just wondering if anyone has any good suggestions that would still keep me in the free tier but about to securely access the Windows servers?
OpenVPN is great and you don’t need a Linux server, it’ll run off Windows.
OpenVPN is a great solution but, perhaps a bit of a steep learning curb to begin with, keeping in mind that you’re just familiarising yourself with AWS I would suggest staring out with OpenVPN access server (VPN Access Server For Business | OpenVPN)it’s free for up to two concurrent users. Configuration can be done completely via a web browser.
Just make sure what free tier covers. Not Windows servers for example.
You can configure your security-group to only allow traffic from your IP.
Thanks. The fun part would be getting it installed on the Windows server without exposing RDP to the outside. I already know that I can limit that to my IP only in the security group, but it’s still exposed even that much. My thought was to use an Ubuntu server with OpenVPN and LetsEncrypt certs, and make that server the entry point to the other servers.
That would definitely fit my needs right now but I can’t find where it’s free for up to two users.
In the list of images available to me I see a number of Windows servers which are free tier eligible. Am I missing something?
Thanks and I see that, but given the vulnerabilities with RDP I’m hesitant to do even that, though I know it’s ok as a temporary solution. The fun part is getting a Linux RDP client to work with it. The level of documentation I see on AWS makes me think they don’t want us to use Linux RDP clients.
^^ this… alternatively, setup a linux bastion and port forward thru ssh. No complicated vpn necessary.
It’s all encrypted like SSH and you can limit RDP/3389 to the internal network, so it won’t be available except for 10.0.0.1 or whatever. Only the VPN port is listening for authentic connections which you need a private key for and you’ll limit that to your local WAN.
As from their website:
Access Server is free to install and use for a maximum of two simultaneous VPN connections, so you can test everything without having to pay first.
These are the simple steps to access your two free connections:
1 Choose your Access Server solution
2 Set it up in your preferred environment
3 When prompted to enter your license during setup, simply leave it blank
4 Connect up to two OpenVPN Clients simultaneously
Check it here: Understanding OpenVPN Access Server’s Two Free Connections
No, you are correct, there are windows ec2’s that are free tier.
It’s OK even as a long term solution