I have an Amazon Elastic Compute Cloud (Amazon EC2) macOS instance on a Dedicated Host. I want to access the instance through a graphical user interface (GUI).
Resolution
The following steps apply to macOS Mojave 10.14.6 and macOS Catalina 10.15.7
Important: Run the SSH session even when you're in the remote session.
To access your macOS EC2 instance through a GUI, complete the following steps:
-
Use SSH to connect to your EC2 macOS instance.
Linux:
To use SSH to connect to your EC2 macOS instance as ec2-user, run the following command:
% ssh -i keypair_file ec2-user@Instance-Public-IP
Note: Replace keypair_file with your key pair and Instance-Public-IP with the public IP address of your instance.
Windows:
Windows 10 and newer have an OpenSSH client installed by default. To activate the OpenSSH client, choose Settings, Apps, Apps & features, and then choose Manage optional features. Choose Add a feature, and then select OpenSSH Client. If you're using an earlier version of Windows, then use Git Bash to run the preceding Linux command.
Note: You can make the instance accessible through a public IP address or an Elastic IP address when it's in a public subnet. Use a bastion or jump server to connect to the instance. Or, use AWS VPN or AWS Direct Connect to establish a connection to your instance through a private IP address. For security reasons, it's a best practice to use SSH to tunnel traffic to the macOS screen sharing service. It's also a best practice to not open VNC ports in your security groups.
-
To install and start the macOS screen sharing SSH from the macOS instance, run the following command:
sudo defaults write /var/db/launchd.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist
-
To set a password for ec2-user, run the following command:
sudo /usr/bin/dscl . -passwd /Users/ec2-user
-
To create an SSH tunnel to the VNC port, run the following command:
ssh -i keypair_file -L 5900:localhost:5900 ec2-user@192.0.2.0
Note: Replace keypair_file with your SSH key path, and 192.0.2.0 with your instance's IP address or DNS name.
-
Use a VNC client to connect to localhost:5900.
macOS:
macOS has a built-in VNC client. To access the VNC viewer, open Finder, choose Go, and then choose Connect to Server. Or, use the keyboard shortcut CMD + K. Then, for Server Address, enter vnc://localhost:5900.
Windows:
You can use a third-party VNC client such as RealVNC Viewer. If you use the RealVNC Viewer client, then from the File dropdown list, choose New Connection. Then, for VNC Server: localhost:5900 Encryption: Let VNC Server Choose, choose OK. Other clients, such as TightVNC on Windows, don't work with this resolution.
Note: You might experience authentication errors when you connect to RealVNC Viewer. To resolve this issue, change the Encryption setting from Prefer On to Prefer Off, or from Prefer Off to Prefer On.
Linux:
You can use a third-party VNC client such as Remmina. To download the tool, see How to install Remmina on the Remmina website.
-
After the macOS GUI launches, connect to the remote session of the macOS instance as ec2-user with the new password.
Related information
How do I install a GUI on my Amazon EC2 instance that's running Amazon Linux 2?
Launch and connect to an Amazon EC2 Mac instance
Amazon EC2 mac getting started on the GitHub website