I have a VPC with a few EC2 instances running Windows Server 2012 that will be used as workstations (in a similar way to WorkSpaces). Right now they are in a public subnet and users can connect using RDP with the instance’s public IP. The security group only allows inbound RDP connections, which I will further restrict to a range of IP addresses.
My question is whether it would be more secure for users to establish a software VPN connection to the VPC (a hardware one would be outside of my knowledge and budget) and then RDP to the instance using its private IP. Or since both RDP and the VPN connection are encrypted, and assuming I configure security groups properly, there would not be a difference?
I am a beginner in the topic so please be patient. Thanks in advance!
Best Answer
You may install an ec2 Windows Server instance inside of your VPC network, setup there PPTP VPN (or any other, but PPTP would be better if you're using Windows).
If you'll have all these instances in one subnet, you may establish VPN connection from outer client to your VPN server, and after that you may establish RDP connections to other Windows instances, that you wish.
How to setup PPTP: http://www.howtogeek.com/135996/how-to-create-a-vpn-server-on-your-windows-computer-without-installing-any-software/