cd ../blogs
blog6 min read

Start EC2 and Connect via RDP in 1-Click

How I built a PowerShell script that automatically starts my AWS EC2 instance and connects via RDP — all from a single click.

#aws#ec2#powershell#automation#devops#rdp

The Problem

I run a Windows EC2 instance on AWS (t3.large) that I only use occasionally. To save costs, It stops automatically when not in use (see how) — AWS only charges for compute when the instance is actually running.

But every time I needed to use it, the process was tedious:

  1. Log into the AWS Console
  2. Navigate to EC2 → Instances
  3. Start the instance and wait for it to boot
  4. Copy the public IP
  5. Open Remote Desktop Connection
  6. Paste the IP, enter credentials, connect

That's 6 manual steps, every single time. I wanted it down to one.

The Solution

A PowerShell script that:

  1. Starts the EC2 instance via the AWS API
  2. Waits for it to reach the running state
  3. Fetches the public IP automatically
  4. Waits for Windows to finish booting
  5. Builds a temporary .rdp file with credentials baked in
  6. Launches RDP and connects automatically — no password popup
  7. Cleans up the .rdp file after use

Saved as a .ps1 file and triggered via a one-line .bat launcher on the Desktop.

Prerequisites

Before running the script, do this once:

Install the AWS EC2 PowerShell module: (Run PowerShell as Administrator)

Install-Module -Name AWS.Tools.EC2 -Force

Allow PowerShell scripts to run:

Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force

Save your AWS credentials:

Set-AWSCredential -AccessKey "YOUR_ACCESS_KEY" `
                  -SecretKey "YOUR_SECRET_KEY" `
                  -StoreAs "default"

The Script

# ---------- CONFIGURATION ----------
$InstanceId  = "i-xxxxxxxxxxxxxxx"
$Region      = "ap-south-1"
$RDPUser     = "Administrator"
$RDPPassword = "YourPasswordHere"
# -----------------------------------
 
Import-Module AWS.Tools.EC2
 
Write-Host "Starting EC2 instance: $InstanceId ..." -ForegroundColor Cyan
Start-EC2Instance -InstanceId $InstanceId -Region $Region | Out-Null
 
Write-Host "Waiting for instance to reach running state..." -ForegroundColor Yellow
do {
    Start-Sleep -Seconds 3
    $state = (Get-EC2Instance -InstanceId $InstanceId -Region $Region).Instances[0].State.Name
    Write-Host "   Current state: $state"
} while ($state -ne "running")
 
Write-Host "Instance is running!" -ForegroundColor Green
 
$PublicIP = (Get-EC2Instance -InstanceId $InstanceId -Region $Region).Instances[0].PublicIpAddress
Write-Host "Public IP: $PublicIP" -ForegroundColor Cyan
 
Write-Host "Waiting 15 seconds for Windows to finish booting..." -ForegroundColor Yellow
Start-Sleep -Seconds 15
 
$SecurePass = ConvertTo-SecureString $RDPPassword -AsPlainText -Force
$EncryptedPass = $SecurePass | ConvertFrom-SecureString
 
$RDPFile = "$env:TEMP\connect_ec2.rdp"
@"
full address:s:$PublicIP
username:s:$RDPUser
password 51:b:$EncryptedPass
authentication level:i:0
prompt for credentials:i:0
"@ | Out-File -FilePath $RDPFile -Encoding UTF8
 
Write-Host "Launching RDP connection to $PublicIP ..." -ForegroundColor Green
Start-Process "mstsc" -ArgumentList $RDPFile
 
Start-Sleep -Seconds 3
Remove-Item $RDPFile -Force
Write-Host "Done. RDP launched." -ForegroundColor Gray

Line-by-Line Explanation

Configuration Block

$InstanceId  = "i-xxxxxxxxxxxxx"
$Region      = "ap-south-1"
$RDPUser     = "Administrator"
$RDPPassword = "YourPasswordHere"

These are the four variables you need to fill in. $InstanceId is your EC2 instance ID (found in the AWS Console). $Region is the AWS region your instance lives in — ap-south-1 is Mumbai. $RDPUser and $RDPPassword are your Windows Server login credentials.

Import the AWS Module

Import-Module AWS.Tools.EC2

Loads the AWS EC2 PowerShell module into the current session. Without this, commands like Start-EC2Instance won't be recognized.

Start the Instance

Start-EC2Instance -InstanceId $InstanceId -Region $Region | Out-Null

Calls the AWS API to boot your stopped EC2 instance — equivalent to clicking "Start Instance" in the AWS Console. | Out-Null suppresses the verbose API response object so the terminal stays clean.

Wait for Running State

do {
    Start-Sleep -Seconds 3
    $state = (Get-EC2Instance -InstanceId $InstanceId -Region $Region).Instances[0].State.Name
    Write-Host "   Current state: $state"
} while ($state -ne "running")

This is a polling loop. Every 3 seconds, it asks AWS for the current state of the instance (e.g., pending, running). It keeps looping until the state becomes running.

Get the Public IP

$PublicIP = (Get-EC2Instance -InstanceId $InstanceId -Region $Region).Instances[0].PublicIpAddress

Fetches the instance's current public IP address from AWS. This is done after the instance is running because EC2 assigns a new public IP each time it starts (unless you use an Elastic IP).

Wait for Windows to Boot

Start-Sleep -Seconds 15

Even after EC2 reports the instance as running, Windows Server itself takes additional time to fully start — including booting services like RDP. This 15-second pause avoids a connection error. You can increase this to 30-45 seconds if your instance is slow to boot.

Encrypt the Password

$SecurePass = ConvertTo-SecureString $RDPPassword -AsPlainText -Force
$EncryptedPass = $SecurePass | ConvertFrom-SecureString

RDP files require passwords in an encrypted format — not plain text. ConvertTo-SecureString wraps the plain-text password into a secure object, and ConvertFrom-SecureString converts it to Windows's DPAPI-encrypted format.

Build the RDP File

$RDPFile = "$env:TEMP\connect_ec2.rdp"
@"
full address:s:$PublicIP
username:s:$RDPUser
password 51:b:$EncryptedPass
authentication level:i:0
prompt for credentials:i:0
"@ | Out-File -FilePath $RDPFile -Encoding UTF8

Creates a temporary .rdp file in your system's temp folder. This file tells the Remote Desktop client exactly where to connect and how to authenticate. authentication level:i:0 skips certificate warnings. prompt for credentials:i:0 is the key line — it tells Windows not to show the password popup, using the baked-in credentials instead.

Launch RDP

Start-Process "mstsc" -ArgumentList $RDPFile

Launches the built-in Windows Remote Desktop client (mstsc.exe) and passes it the .rdp file.

Cleanup

Start-Sleep -Seconds 3
Remove-Item $RDPFile -Force

Waits 3 seconds to give mstsc enough time to read and load the .rdp file, then deletes it. This prevents the credentials from sitting on disk longer than necessary.

The Desktop Launcher

Save this as ConnectEC2.bat on your Desktop for a true one-click experience:

@echo off
powershell -ExecutionPolicy Bypass -File "C:\Scripts\connectEC2.ps1"

Double-click it — your server starts, Windows boots, and RDP opens automatically. No AWS Console, no manual credential entry.

Important Notes

Elastic IP: By default, EC2 assigns a new public IP every time the instance starts. If you want a fixed IP, assign an Elastic IP to your instance in the AWS Console — it's free while attached to a running instance.

RDP Port: Make sure port 3389 is open in your EC2 Security Group for your local IP address. Without this, the RDP connection will time out regardless of the script.