10

I have an Amazon EC2 instance.

Using powershell on my local workstation, I want to be able to remote into my Amazon EC2 instance and execute some commands.

I have found many articles online but none are working or I misunderstood them (probably the latter).

Some I tried are
Managing Windows EC2 Instances remotely with Powershell
Administering EC2 instance with Windows Powershell
Enabling- PSRemoting
How to Run PowerShell Commands on Remote Computers

My understanding is that I need to: 

Amazon EC2 Dashboard > Network & Security > Security Groups > Add port 5985

//Local & EC2 PowerShell(Administrator)
enable-psremoting -force

//Local PowerShell(Administrator)
set-item wsman:\localhost\Client\TrustedHosts -value "*" -force

$password = convertto-securestring -asplaintext -force -string myPassword
$credential = new-object -typename system.management.automation.pscredential -argumentlist "myUsername", $password
$session = new-pssession ec2-00-00-00-000.compute-1.amazonaws.com -credential $credential
enter-pssession $session

But I get this error 

new-pssession : [ec2-00-00-00-000.compute-1.amazonaws.com] Connecting to remote server
ec2-00-00-00-000.compute-1.amazonaws.com failed with the following error message : WinRM cannot complete the
operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and
that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote computers within the same local subnet. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $session = new-pssession ec2-00-00-00-000.compute-1.amazonaws.com -credential $c ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
Improve this question
8
  • Are you allowing ports 5985/5986 locally? Run through winrm quickconfig to confirm that both machines are configured correctly (though I think enable-psremoting should have handled this step). Commented Feb 20, 2014 at 23:52
  • @HyperAnthony I ran winrm quickconfig -> I got WinRM service is already running on this machine. WinRM is already set up for remote management on this computer. Commented Feb 21, 2014 at 0:12
  • What OS is your Amazon server? Commented Feb 21, 2014 at 14:14
  • @MDMoore313 Windows Server 2012 Standard Commented Feb 21, 2014 at 16:51
  • @That--Guy_ Have you tried using -Credential get-credential instead of supplying them in variables? Just to eliminate that as a possible problem? Commented Feb 21, 2014 at 17:04

3 Answers 3

Reset to default
18

Solution found here.

The missing link was to (on the EC2 instance) open Windows Firewall with Advanced Security and edit an inbound rule.

Full Steps:

EC2 Instance
1) Open PowerShell as administrator
2) Enter enable-psremoting -force
3) Open Windows Firewall with Advanced Security
4) Inbound Rules -> Find Windows Remote Management (Http-In) - there are 2, do this for both
5) Right click -> Properties -> Advanced -> Check public

Local
6) Open PowerShell as administrator
7) Enter enable-psremoting -force
8) Enter the following: 

$password = convertto-securestring -asplaintext -force -string MY_PASSWORD  
$credential = new-object -typename system.management.automation.pscredential -argumentlist "MY_USERNAME", $password  
$session = new-pssession MY_EC2_PUBLIC_IP -credential $credential  
enter-pssession $session  
Write-Host "Hello, World (from $env:COMPUTERNAME)"
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

I think that not exposing PowerShell via SSH was one of the biggest design mistakes MS did. Even years later they are too proud / blind to do revert that poor decision.

I suggest you to not fight with WinRM and instead, use an SSH server on your Windows machine. You'll benefit from having a simple, standard, secure way to connect to your server from any device (I'm doing remote PS sessions from my iPad).

There is the opensource cygwin and my favorite proprietary (with free offering) PowershellServer

You'll thank me when your Windows server will play nicely with the rest of the world.

Improve this answer

Comments

3

UPDATE I got back to this old thread and would like to add another option - using the new(ish) AWS Systems Manager run-command capability. This allows you to have no administrative port exposed to the external world so no need to fiddle with host / cloud firewalls. It also provide other benefits like auditing, permissions etc...

Improve this answer

1 Comment

I'd agree this is much better solution as of today

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.