A beach with many clouds

Cloud for .net – RDP’ing into a Windows box

Now that we have a windows box, but we can’t do anything wish. If you tried to connect to RDP, you’d fail, because the ports are not open. We’re going to fix that by adding some security groups.

Security Groups

We need to allow RDP, which is port 3389, inbound to our instance. We do this with a security group.

resource "aws_security_group" "rdp" {
  ingress {
    from_port = 3389
    to_port = 3389
    protocol = "tcp"
    cidr_blocks = [""]

We open port 3389, on the TCP protocol, and we open it to anyone trying to connect (the cidr block). It goes without saying that we shouldnt’ do this in production, this is just to play with our VM.

We now need to associate this security group to our previous instance. To do that, we need to reference our security group in the aws_instance resource. The security-groups argument takes a name, and as the name is generated by terraform, we need to reference something that doesn’t exist yet. To do this, we use the interpolation syntax.


In terraform, each resource we declare has a bunch of inputs, the things you set, called arguments, and a bunch of outputs, called attributes. To access those attributes, the syntax is ${resource.name.attribute}.

Looking at the aws_security_group resource, it has an attribute name, so we use that.

resource "aws_instance" "my_cool_server" {
  ami = "ami-3d787d57"
  instance_type = "t2.micro"
  security_groups = ["${aws_security_group.rdp.name}"]

If you apply, you should now have a server with an RDP port open.

To connect to our machine, we need to know what its public IP address is. We could of course go to the web site, but why go away from the comfort of our terminal?


Any resource attributes can be “exported”, aka made available for any containing script, or for yourself to RDP into a box! To do that, we declare an output, and set its value to the public IP address of our instance.

output "my_cool_server_public_ip" {
  value = "${aws_instance.my_cool_server.public_ip}"

If you go ahead and apply again, the public IP address will now be avaiable immediately.

$ tf apply
aws_security_group.rdp: Refreshing state... (ID: sg-2645665e)
aws_instance.my_cool_server: Refreshing state... (ID: i-23e9f6b9)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.


  my_cool_server_public_ip =

You can now connect to RDP to your box. But not login! Feel free to tf destory the machine, and next time we’ll see how to setup our credentials.