Using a modern browser on the Surface 2 RT using AWS EC2

Search This thread

tonysr27

Member
Mar 3, 2022
6
4
1. Overview

Lack of a modern browser on the Surface 2 RT is one of the most major drawbacks of using it as a day-to-day machine. Even if you're patient enough to find workarounds for some use-cases, it's neither sustainable nor robust, since IE is straight up not supported by a lot of websites now.

So, I decided to explore the viability of using an AWS EC2 machine as a "browser server" via RDP, for my browsing needs. Here's how that went. If you want to know how I liked it and/or how much it will cost, you can skip to the final two sections before picking up from here!


2. Prerequisites

To follow this tutorial, you'll need:

- An AWS account.
- Some familiarity with AWS services like IAM and EC2.
- AWSPowerShell. The steps to get it can be found here.
- Finally, for some of the one-time setup, you'll need a browser other than IE as well. It could work with IE, I haven't tried it, I just used my phone's browser.


3. Steps

3.1 Get IAM Credentials


In this step, we're going to create IAM credentials that will be used by the Surface 2 RT machine to turn the browser server on/off, to get details like its DNS name etc.

- Log into your AWS account, and go the IAM console.
- Create a new IAM user and give it programmatic access. Also attach to it the AmazonEC2FullAccess permissions policy.
- Once you generate an aws_access_key_id and aws_secret_access_key pair, create a ~\.aws directory on your Surface and put the pair in a file called credentials, like so:

Code:
PS C:\Users\Tony> cat ~\.aws\credentials
[browser]
aws_access_key_id=<your-key-id>
aws_secret_access_key=<your-secret-key>

- If you don't know what "[browser]" means, don't worry about it, it's just a profile name. Profiles are used by AWSPowerShell to keep track of different credentials in the credentials file.

3.2 Create a Browser Server

- In your AWS account, go to the EC2 console, and choose a region from the top-right closest to where you are. I'm picking N. Virginia (us-east-1).
- Once you've done that, click on the "Instances" tab from the menu on the left, and click on the prominent "Launch Instance" button.
- On the new screen, once you see "Step 1: Choose an Amazon Machine Image (AMI)", scroll down and select the "Free tier only" checkbox from the grey bar on the left.
- I'll cover what this means in the "Cost" section.
- Scroll down until you see this AMI, and click "Select".

1647102374899.png


- Keep clicking "Next" until you reach "Step 6: Configure Security Group". At this point, start PowerShell on your Surface machine, and do:

Code:
PS C:\Users\Tony> $(Invoke-RestMethod http://ipinfo.io/json).ip
<your-ip-addr>

- Now, in the "Source" column, in the table above the "Add Rule" button, add <your-ip-addr>/32. Don't change anything else, except maybe the description, and click "Review and Launch".

1647102692914.png


- On the next screen, click "Launch" after reviewing, and when you get the key-pair popup, select "Create a new key pair" and download the .pem file.
- Click "Launch Instances". Your browser server should be starting!

3.3 Get Credentials to connect to the Browser Server

- In your AWS account's EC2 console, once again go to the "Instances" tab. This time, you should see your instance there in the list.
- Note down its Instance ID, and select the checkbox next to its row. Then, click "Connect" from the top of the list.
- On the new screen, if there is an "RDP client" tab, go to it. If not, you're seeing the older version of the console, which is fine too.
- You should be seeing three things there: the DNS, username, and a "Get Password" button.
  • Your browser server's DNS - Ignore it for now, we'll need to get it dynamically since each time you stop and restart your server, its DNS can change.
  • Username - This will most probably be "Administrator". In any case, note this down.
  • Get Password - Click on this button, and it'll prompt you to upload the .pem file you downloaded in section 3.2's penultimate step. It'll then show you a plaintext password, note that down.

3.4 Connecting to the Browser Server

- We are ready to try to connect to the browser server! Make a PS script called start_browser_server.ps1 on your Surface, like so:

Note: You'll have to replace the region, your browser server's instance-id, its username, and the plaintext password in the script below.

Code:
PS C:\Users\Tony\Desktop> cat .\start_browser_server.ps1
$aws_profile = "browser";
$region = "<your-region>";
$instance_id = "<your-instance-id>";
$aws_args = $("-InstanceId " + $instance_id + " -ProfileName " + $aws_profile + " -Region " + $region);

echo "Starting ...";
iex "Start-EC2Instance $aws_args";
echo "Browser server started. Checking status ...";

$browser_server_status = iex "Get-EC2InstanceStatus $aws_args";

while ($browser_server_status.InstanceState.Name.Value -ne "running") {
    $(Get-Date).DateTime;
    echo $("Browser server is " + $browser_server_status.InstanceState.Name.Value + ". Checking again in 5s.");
    Start-Sleep -s 5;
    $browser_server_status = iex "Get-EC2InstanceStatus $aws_args";
}

echo "Browser server running!";

$browser_server = iex "Get-EC2Instance $aws_args";

$browser_server_dns = $(nslookup $browser_server.Instances.PublicIpAddress resolver1.opendns.com | Select-String "Name") -Split ":\s+" | Select -Index 1;

echo $("Browser Server DNS: " + $browser_server_dns + ". Connecting ...");

cmdkey /generic:"$browser_server_dns" /user:"<your-username>" /pass:"<your-plaintext-password>";

mstsc /f /v:$browser_server_dns;

Start-Sleep -s 30;

cmdkey /delete:"$browser_server_dns";

- Now simply run this script. Accept any certificate warnings it throws at you, and voila! You should be able to RDP into the browser server. It should have the Chromium-based MSFT Edge in it already.

- When you're done, you can stop the server using:

Code:
Stop-EC2Instance -InstanceIds <your-instance-id> -ProfileName browser -Region <your-region>

4 - Cost

At the time of writing, AWS' Free Tier for EC2 includes 750 hours worth of runtime per month of a Windows t2.micro. That's the one we selected when we checked "Free tier only". So for the first year, you won't be billed for your browser server even if it's running 24x7.

After that, a Windows t2.micro instance costs $0.0162 / hr. If you're planning to use this for, let's say, 5 hours a day, then it'll only cost you ~$2.43 / month.

5 - Verdict

For me, it's well worth the cost. While not ideal, this has made browsing definitely possible on the Surface 2 RT. I'm mostly using mine as a dev machine, so I don't do a lot of media-heavy browsing anyway. It's mostly checking docs, maybe browsing Reddit, XDA, etc.

I did try playing a YouTube video. It took some minor work to get the sound playing on my Surface 2 RT, but it worked. The video was a bit laggy, but the sound was okay. If you're planning on listening to songs or podcasts, or even just watch not-media-heavy videos like technical tutorials and stuff, this will do the trick for you.

Lastly, I wrote this post on my browser server too!

1647105624208.jpeg


Yours truly,
Tony
 
Last edited:
  • Like
Reactions: SrCDA and jwa4

Julian2004

New member
Jun 26, 2022
1
1
Can you help me?

I have evertthing done without problem but now im stuck at opening the browser.ps1 file

It says Starting... for long time.
 
  • Like
Reactions: tonysr27

tonysr27

Member
Mar 3, 2022
6
4
Can you help me?

I have evertthing done without problem but now im stuck at opening the browser.ps1 file

It says Starting... for long time.

Hey! Sorry for the late reply. I can try to help, please DM me. Fair warning though, it can be somewhat of a pain to debug over text, but we'll give it a shot~
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    1. Overview

    Lack of a modern browser on the Surface 2 RT is one of the most major drawbacks of using it as a day-to-day machine. Even if you're patient enough to find workarounds for some use-cases, it's neither sustainable nor robust, since IE is straight up not supported by a lot of websites now.

    So, I decided to explore the viability of using an AWS EC2 machine as a "browser server" via RDP, for my browsing needs. Here's how that went. If you want to know how I liked it and/or how much it will cost, you can skip to the final two sections before picking up from here!


    2. Prerequisites

    To follow this tutorial, you'll need:

    - An AWS account.
    - Some familiarity with AWS services like IAM and EC2.
    - AWSPowerShell. The steps to get it can be found here.
    - Finally, for some of the one-time setup, you'll need a browser other than IE as well. It could work with IE, I haven't tried it, I just used my phone's browser.


    3. Steps

    3.1 Get IAM Credentials


    In this step, we're going to create IAM credentials that will be used by the Surface 2 RT machine to turn the browser server on/off, to get details like its DNS name etc.

    - Log into your AWS account, and go the IAM console.
    - Create a new IAM user and give it programmatic access. Also attach to it the AmazonEC2FullAccess permissions policy.
    - Once you generate an aws_access_key_id and aws_secret_access_key pair, create a ~\.aws directory on your Surface and put the pair in a file called credentials, like so:

    Code:
    PS C:\Users\Tony> cat ~\.aws\credentials
    [browser]
    aws_access_key_id=<your-key-id>
    aws_secret_access_key=<your-secret-key>

    - If you don't know what "[browser]" means, don't worry about it, it's just a profile name. Profiles are used by AWSPowerShell to keep track of different credentials in the credentials file.

    3.2 Create a Browser Server

    - In your AWS account, go to the EC2 console, and choose a region from the top-right closest to where you are. I'm picking N. Virginia (us-east-1).
    - Once you've done that, click on the "Instances" tab from the menu on the left, and click on the prominent "Launch Instance" button.
    - On the new screen, once you see "Step 1: Choose an Amazon Machine Image (AMI)", scroll down and select the "Free tier only" checkbox from the grey bar on the left.
    - I'll cover what this means in the "Cost" section.
    - Scroll down until you see this AMI, and click "Select".

    1647102374899.png


    - Keep clicking "Next" until you reach "Step 6: Configure Security Group". At this point, start PowerShell on your Surface machine, and do:

    Code:
    PS C:\Users\Tony> $(Invoke-RestMethod http://ipinfo.io/json).ip
    <your-ip-addr>

    - Now, in the "Source" column, in the table above the "Add Rule" button, add <your-ip-addr>/32. Don't change anything else, except maybe the description, and click "Review and Launch".

    1647102692914.png


    - On the next screen, click "Launch" after reviewing, and when you get the key-pair popup, select "Create a new key pair" and download the .pem file.
    - Click "Launch Instances". Your browser server should be starting!

    3.3 Get Credentials to connect to the Browser Server

    - In your AWS account's EC2 console, once again go to the "Instances" tab. This time, you should see your instance there in the list.
    - Note down its Instance ID, and select the checkbox next to its row. Then, click "Connect" from the top of the list.
    - On the new screen, if there is an "RDP client" tab, go to it. If not, you're seeing the older version of the console, which is fine too.
    - You should be seeing three things there: the DNS, username, and a "Get Password" button.
    • Your browser server's DNS - Ignore it for now, we'll need to get it dynamically since each time you stop and restart your server, its DNS can change.
    • Username - This will most probably be "Administrator". In any case, note this down.
    • Get Password - Click on this button, and it'll prompt you to upload the .pem file you downloaded in section 3.2's penultimate step. It'll then show you a plaintext password, note that down.

    3.4 Connecting to the Browser Server

    - We are ready to try to connect to the browser server! Make a PS script called start_browser_server.ps1 on your Surface, like so:

    Note: You'll have to replace the region, your browser server's instance-id, its username, and the plaintext password in the script below.

    Code:
    PS C:\Users\Tony\Desktop> cat .\start_browser_server.ps1
    $aws_profile = "browser";
    $region = "<your-region>";
    $instance_id = "<your-instance-id>";
    $aws_args = $("-InstanceId " + $instance_id + " -ProfileName " + $aws_profile + " -Region " + $region);
    
    echo "Starting ...";
    iex "Start-EC2Instance $aws_args";
    echo "Browser server started. Checking status ...";
    
    $browser_server_status = iex "Get-EC2InstanceStatus $aws_args";
    
    while ($browser_server_status.InstanceState.Name.Value -ne "running") {
        $(Get-Date).DateTime;
        echo $("Browser server is " + $browser_server_status.InstanceState.Name.Value + ". Checking again in 5s.");
        Start-Sleep -s 5;
        $browser_server_status = iex "Get-EC2InstanceStatus $aws_args";
    }
    
    echo "Browser server running!";
    
    $browser_server = iex "Get-EC2Instance $aws_args";
    
    $browser_server_dns = $(nslookup $browser_server.Instances.PublicIpAddress resolver1.opendns.com | Select-String "Name") -Split ":\s+" | Select -Index 1;
    
    echo $("Browser Server DNS: " + $browser_server_dns + ". Connecting ...");
    
    cmdkey /generic:"$browser_server_dns" /user:"<your-username>" /pass:"<your-plaintext-password>";
    
    mstsc /f /v:$browser_server_dns;
    
    Start-Sleep -s 30;
    
    cmdkey /delete:"$browser_server_dns";

    - Now simply run this script. Accept any certificate warnings it throws at you, and voila! You should be able to RDP into the browser server. It should have the Chromium-based MSFT Edge in it already.

    - When you're done, you can stop the server using:

    Code:
    Stop-EC2Instance -InstanceIds <your-instance-id> -ProfileName browser -Region <your-region>

    4 - Cost

    At the time of writing, AWS' Free Tier for EC2 includes 750 hours worth of runtime per month of a Windows t2.micro. That's the one we selected when we checked "Free tier only". So for the first year, you won't be billed for your browser server even if it's running 24x7.

    After that, a Windows t2.micro instance costs $0.0162 / hr. If you're planning to use this for, let's say, 5 hours a day, then it'll only cost you ~$2.43 / month.

    5 - Verdict

    For me, it's well worth the cost. While not ideal, this has made browsing definitely possible on the Surface 2 RT. I'm mostly using mine as a dev machine, so I don't do a lot of media-heavy browsing anyway. It's mostly checking docs, maybe browsing Reddit, XDA, etc.

    I did try playing a YouTube video. It took some minor work to get the sound playing on my Surface 2 RT, but it worked. The video was a bit laggy, but the sound was okay. If you're planning on listening to songs or podcasts, or even just watch not-media-heavy videos like technical tutorials and stuff, this will do the trick for you.

    Lastly, I wrote this post on my browser server too!

    1647105624208.jpeg


    Yours truly,
    Tony
    1
    Can you help me?

    I have evertthing done without problem but now im stuck at opening the browser.ps1 file

    It says Starting... for long time.