Set up an SSH tunnel plus a local private key using instructions from this link:http://www.serverwatch.com/server-tutorials/setting-up-vnc-on-ubuntu-in-the-amazon-ec2-page-2.html
on ec2 ran these installers (not sure which ones are overkill – only that it eventually worked)
sudo apt-get update
sudo apt-get install ubuntu-desktop
sudo apt-get install vnc4server
sudo apt-get install x11vnc
x11vnc -storepasswd
sudo apt-get install gnome-core gnome-session-fallback
vncserver
vncserver -kill :1 #(to get the default xstartup file)
edit $HOME/.vnc/xstartup to look like this:
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc
gnome-session --session=gnome-classic &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
#x-terminal-emulator -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
#x-window-manager &
had to set a password for the ubuntu user (gnome desktop seems to need this?)
sudo passwd ubuntu
had to reboot the instance
then ran
sudo x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -auth /var/run/lightdm/root/:0 -usepw