Check out this YouTube video for a full walkthrough!
Hi! We’re glad to have you here. We want to share how Amazon EC2 Mac instances (we’ll get into what that means further down) allow you to accelerate your workflow and accomplish things that have ranged from challenging to near-impossible without foresight. Specifically, we’ll focus on how EC2 Mac instances let you:
- Access a Mac to develop and test with whenever you might need one — within minutes.
- Switch between multiple macOS versions effortlessly — on the same Mac.
- Recreate user scenarios — in a safe, ephemeral, non-virtualized macOS environment.
- Test your macOS scripts and apps easily — before they hit production.
- Build, test, sign, and publish your Apple apps in the cloud — forget the Mac-in-a-closet (or under a desk).
- And, of course, integrate with device management solutions like Jamf to enroll and test complex workflows — before they deploy to your users.
On that last one: this workflow is thanks to our recent partnerships—see the recent announcement by AWS and Jamf here and the launch blog by Jamf, Wipro, and AWS here. MDM enrollment can now automatically occur when an instance starts. The process involves a script and light image setup, with full setup instructions and templates here.
If you are an experienced user in AWS, awesome! Check out our guide to starting your first EC2 Mac instance here!
If you’re not experienced in AWS, or don’t speak cloud at all, you’re still awesome! Let’s dive deeper together below on what we have to offer, starting with the name: EC2 Mac. ⬇️
EC2 stands for Elastic Compute Cloud, and is Amazon’s offering for compute in the cloud.
Yup, like a computer—that is available on-demand, accessible over the internet, with a pay-as-you-go model.. Let’s narrow our discussion a bit now, just to EC2 Mac.
At its core, an EC2 Mac is an Apple Mac mini, connected to AWS cloud via AWS Nitro System—which provides network, storage, security, and more over Thunderbolt. While this Mac mini is the same as any other Mac mini you’d find off the shelf (see the specs below), the interconnection to AWS Nitro System is what enables you to run powerful Apple workloads in AWS cloud. When you request a Dedicated Host (the first step in getting your EC2 Mac up and running—more on that below), think of it as AWS physically handing that Mac mini to you—releasing the host is you “handing it back.”
If you’d like (or prefer to) see this all visualized, take a look at our 90-second EC2 Mac explainer video here!
A new term! A Dedicated Host (sometimes abbreviated DH) is AWS’ way of saying that you, as a customer, have use of a specific piece of hardware: in this case, the aforementioned Mac mini. Think of this as your official “claim” on your Mac in AWS cloud during the time you have it. Once you have your host (or hosts), you’re able to launch an instance onto it.
Another term! An EC2 Mac instance, simply put, is a Mac that’s running in AWS cloud booted from an Amazon Machine Image, or AMI. Think of the AMI like a bootable volume, and an instance as almost a “cousin” to a virtual machine: you can take a new snapshot (which creates a new AMI that you’re able to launch instances of), and that represents everything that’s on the disk at the time. An AMI can be instantly duplicated and used to launch as many EC2 Mac instances as you need, all from the same image.
Yes, imaging! While a deprecated practice for general Mac management, it’s again a thing through AMIs! An Amazon Machine Image (AMI) is very similar to a monolithic image, or a bootable USB drive. Thanks to AMIs, you can easily test different macOS versions by switching between AMIs on the same EC2 Mac Dedicated Host—within minutes, and with a single click. AMIs can be created, or “baked,” even while an instance is running, and can be used to start duplicates of itself on other EC2 Mac hosts within minutes.
As for the EC2 Mac Dedicated Host hardware, there’s a few types available:
- Mac1 is a 2018 Mac mini with 12-core x86 Intel i7 processors and 32GB RAM.
- Hosts that starts with Mac2 are Apple silicon:
-
- Mac2 is a 2020 Mac mini with Apple’s M1 chip and 16GB RAM.
-
- Mac2-m2 is a 2023 Mac mini with Apple’s M2 chip and 24GB RAM.
-
- Mac2-m2pro is a 2023 Mac mini with Apple’s M2 Pro chip and 32GB RAM.
-
- Mac2-m1ultra is a 2021 Mac Studio with Apple’s M1 Ultra chip and 128GB RAM.
The instance you spin up on top of the Dedicated Host adds .metal to the end (e.g. mac1.metal, mac2-m2.metal, etc.). The metal in the instance name means that you’re able to use all of the underlying Mac mini hardware without any virtualization layer: bare-metal.
EC2 Mac is more than a Mac mini on a rack in a datacenter. The Apple hardware is bare-metal connected to the AWS Nitro System—a purpose-built, secure system that provides storage and networking over Thunderbolt, along with security and monitoring of the hardware itself. Nitro is responsible for ensuring a Mac Dedicated Host is prepared on-demand, its firmware updated, and all of its storage cleared. Also, Nitro gives you even more detailed insights into monitoring and logs, and is itself, by design, entirely locked off from tampering or admin access. Here’s a picture of what it all looks like together:
On the software side, there’s no shortage of enhancement, either: ec2-macos-init is an open-source helper agent included on the Amazon-vended image that allows you to run scripts or code as soon as the Mac is booted. The stock AMI includes Homebrew (brew) as well, to assist in installation of packages across the internet. The AWS Systems Manager agent is also installed, bringing additional workflow integration, control, and reporting for your instances. Read more here on exactly what’s offered in the Amazon-vended AMI.
In short, an EC2 Mac instance is far more secure than a stray Mac mini under a desk! Now that we have an EC2 Mac instance running on a Dedicated Host, let’s next connect it a network.
It is! A network of networks, with some more networks inside those. Luckily, there’s not a whole lot to wrestle with to ensure your Mac can meet the internet, or as much (or little) of the internet as you want it to. First, let’s start with the Amazon Virtual Private Cloud, or VPC. A VPC can be thought of as a virtual datacenter: it can encompass many subnets, and it also allows you to privately connect your datacenter to another one with minimal configuration.
If you’re just getting started with EC2 Mac, when you create your EC2 account, a default VPC is created in the Region your instance starts up in. Its default state is enough for what we’ll need to do to get started.
The AWS cloud is divided into physical regions, which are subdivided into Availability Zones, or AZs for short. See the diagram below: a region is made of many AZs, and each AZ itself is redundant too, made of multiple datacenters. See here for a comprehensive list of all regions and AZs.
For EC2 Mac instance availability, see this page which contains the latest info of instances broken down by region. Not all instance types are available in all regions.
Security Groups can be thought of as firewalls: they’ll keep any incoming connections out unless you specify. When you’re launching your EC2 Mac instance, you can automatically create a group that’ll keep anything but port 22 out, which we can use to SSH (and later VNC) into our Mac. Keep in mind that Security Groups are stateful, which means that the Mac itself can still reach out to the internet (without an explicit denial in the rules), and can also accept incoming connections that itself has initiated. All that means a default Security Group is a good place to start. With port 22 open, now you can SSH and connect to your Mac instance!
Once you’re connected to your Mac instance, you can use SSH to enable VNC access via macOS’ built-in Screen Sharing service. For enhanced GUI connectivity, check out our step-by-step blog with HP Anyware (formerly Teradici), a macOS agent available today on AWS Marketplace enabling secure, compressed, pixel-perfect remote screen sessions. Citrix VDA integrates with EC2 Macs for high-performance, flexible remote access. Also, keep in mind, the elasticity of the cloud means there may not be a need to replace on-premises, physical developer devices with cloud EC2 Macs on a one-to-one basis. For example, if you have Apple developers located across geographical regions—great! Using an auto-scaled shared pool of EC2 Macs for devs across time zones to launch an instance on (and terminate when done) can bring extra savings through the efficiencies gained. If this interests you or you’re ready to get going, let’s talk, as we have some great resources and experience to share—see below how to get in touch!
Of course! To start, EC2 Mac instances carry all the security that AWS brings; see more here. In addition, the Mac host is "yours" for the duration, When you’re done with it (or whenever you’re switching instances), a process occurs called scrubbing, which securely destroys any data on the Mac, down to restoring the firmware, to remove any possible data that could be left in place. The root volume of the Mac can also be fully AES-256 encrypted, with a key that can be stored and rotated in AWS.
Yes—for security, the AMIs launched do not have a password: they can only be accessed with an SSH key file. In the step-by-step instructions we’ll go into how to make one, download the key file, then use it to connect. EC2 Mac instances can be configured, just like any Mac, with multiple users and standard passwords—we’ll actually be setting one in our walkthrough later on in order to connect to the GUI.
AWS announced our partnership with Jamf in mid-2022, starting with agent-based enrollment, and have added support and integration for Jamf Private Access. Full automation is now available in the amazon-ec2-mac-mdm-enrollment-automation repository here.
Awesome! Many builders and admins are finding that scripting is the start of their automation journey, and are picking up more compiled languages like Swift to expand their optimizations in ways they never have before. Building, testing, signing, and publishing apps is something EC2 Mac is great for, and was built for—so it’s easily integrated into common developer CI/CD workflows.
Apple’s macOS EULA defines a minimum 24-hour initial lease period. Simply put, when you allocate an EC2 Mac Dedicated Host, a 24-hour timer will start. After the 24-hour initial lease time has elapsed, you are free to release the host back to AWS whenever you’re done: the AWS billing stops that very second.
The per-second AWS charge on the EC2 Mac Dedicated Host is the only charge: there’s no secondary “lease charge” or charge to run an instance. Additional charges may apply for storage, snapshots, and data transfer as well, with that info here and here. EC2 Mac pricing (per-region) can be found on this page for both On-Demand usage and Savings Plan.
Great! Our EC2 Mac step-by-step guide is here.
Feel free to get in touch with us if you’re stuck at any point or want to influence what AWS and our partners should be building next by opening a GitHub issue, creating a re:Post with the tag #ec2mac, or reaching out via email.