The gist assumes that you have launched a mac1.metal instance, and are able to SSH into it. Your IP address must be the same as the one in the security group, especially watch out for VPNs.
If this is not the case, use this gist, including the linked steps to connect to the EC2 instance using SSH, to achieve this.
A VNC server will be created on the mac1.metal instance to share its GUI. A VNC Viewer is installed on the computer that you wish to view the instance GUI on, probably your local desktop or laptop computer.
Any VNC viewer should work in theory, because Apple Remote Desktop (ARD) is supposedly based on the same, but I had authentication problems with several until I used the RealVNC VNC Viewer, which did the trick. Download it to your viewing computer from here. The VNC viewer has a proprietary thing called VNC Connect, which is not needed for this procedure, so you don't need to sign in or anything, and in fact signing in may change the terms of use for the viewer.
I'll be looking for an open source alternative, such as gsshvnc, which I was unfortunately unable to get working - let me know in the comments if you are able to get this or an open source alternative working!
Attribution is given to Sébastien Stormacq for his work here, and from the official documentation from which I have liberally borrowed.
Enter the following at the mac1.metal command line:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-activate -configure -access -on \
-configure -allowAccessFor -specifiedUsers \
-configure -users ec2-user \
-configure -restart -agent -privs -allThen enter the following at the mac1.metal command line:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-configure -access -on -privs -all -users ec2-userIt should look like this
An instance password does seem to be needed. Enter the following at the mac1.metal command line:
sudo passwd ec2-user Complete the steps to create a password for the instance, and make a note of the password.
Enter the following at the mac1.metal command line:
curl ifconfig.me
Ignore the % symbol at the end of the result.
On the computer you want to view from (probably your laptop), enter the following at the command line replacing the placeholders with the filename for your AWS keypair (*.pem) file and the public IP address you just got (or the public DNS string will work too):
ssh -L 5999:localhost:5900 -C -N -i [PEM_FILENAME] ec2-user@[MAC INSTANCE PUBLIC IP]In my example that looks like:
ssh -L 5999:localhost:5900 -C -N -i "C:\Users\alanmur\Documents\Work\keys\mac1metal.pem" ec2-user@3.143.233.90This means that any connection to localhost port 5999 is tunneled to port 5900 on the remote machine, i.e. the listening port of the VNC server. I used 5999 because if your viewing machine is also listening for VNC connections, it may already be using port 5900, making it unavailable for us to use for tunneling.
By the way, if the remote instance IP address appears to be in the range 10.x.x.x, or 172.16.0.0 to 172.31.255.255, or 192.168.x.x (depending on the subnet the instance was launched into) then you are looking at the private IP address of the instance, and this will not work.
Note that the command continues to run for as long as the tunnel is open, and so the command prompt does not appear again after the command is run.
Open the VNC Viewer and type localhost::5999 noting the double colon. (You could also type 127.0.0.1::5999, which is essentially the same thing.) Press Enter to start the connection.
You will be warned about transferring authentication details insecurely. This would be true, but the software doesn't know that we are tunneling though the secure shell (SSH) connection, so in fact you don't need any of that. I check the 'don't warn me about this again' box.
Authenticate with the mac1.metal instance using the password you set for ec2-user. Remember the password so you don't need to retype it each time you connect.
If everything went well, then the mac1.metal GUI appears.
Use the same ec2-user password to create your interactive session.
The desktop appears after a few moments. Notice that there is a nice palette of options, including scaling the remote screen to 100%, which I like to do. The native resolution of the instance (as supplied by the Nitro chip) seems to be only 1024 x 768, which is fine for me, but if you want a higher resolution it may be possible to achieve using the instructions here.
Success! The session information is available from the VNC Viewer options palette:
End the session in the VNC Viewer by closing the window, or using the end session option.
Close the SSH tunnel by going to the terminal and either dispensing with the session using the trash can icon, or pressing CTRL + C to interrupt the command.
More information in the official documentation here.