Configure launch settings for Amazon EC2 instances
Amazon EC2 launch agents perform tasks during instance startup and run if an instance is stopped and later started, or restarted. For information about a specific agent, see the detail pages in the following list.
Compare Amazon EC2 launch agents
The following table shows the major functional differences between EC2Config, EC2Launch v1, and EC2Launch v2.
Feature | EC2Config | EC2Launch v1 | EC2Launch v2 |
---|---|---|---|
Run as | Windows Service | PowerShell Scripts | Windows Service |
Supports | Legacy OS only |
Windows 2016 Windows 2019 (LTSC and SAC) |
Windows 2016 Windows 2019 (LTSC and SAC) Windows 2022 |
Configuration file |
XML | XML |
YAML |
Set Administrator username |
No | No |
Yes |
User data size |
16 KB | 16 KB |
60 KB (compressed) |
Local user data baked on AMI |
No | No | Yes, configurable |
Task configuration in user data | No | No | Yes |
Configurable wallpaper |
No | No |
Yes |
Customize task run order |
No | No |
Yes |
Configurable tasks |
15 |
9 |
20 at launch |
Supports Windows Event Viewer |
Yes |
No |
Yes |
Number of Event Viewer event types |
2 |
0 |
30 |
Note
EC2Config documentation is provided for historical reference only. The operating system versions it runs on are no longer supported by Microsoft. We strongly recommend that you upgrade to the latest launch service.
Configure DNS Suffix
With Amazon EC2 launch agents, you can configure a list of DNS suffixes that Windows
instances use for domain name resolution. The launch agents override the standard
Windows settings in the
System\CurrentControlSet\Services\Tcpip\Parameters\SearchList
registry key by adding the following values to the DNS suffix search list:
-
The domain of the instance
-
The suffixes that result from devolution of the instance domain
-
NV domain
-
The domains specified by each network interface cards
All launch agents support DNS suffix configuration. For more information, see your specific launch agent version:
-
For information about the
setDnsSuffix
task and how to configure DNS suffixes in EC2Launch v2, see setDnsSuffix . -
For information about DNS suffix list setup and how to enable or disable devolution for EC2Launch v1, see Configure EC2Launch.
-
For information about DNS suffix list setup and how to enable or disable devolution for EC2Config, see EC2Config settings files.
Domain name devolution
Domain name devolution is an Active Directory behavior that allows computers in a child domain to access resources in the parent domain without using a fully qualified domain name. By default, domain name devolution continues until there are only two nodes left in the domain name progression.
Launch agents perform devolution on the domain name if the instance is connected to a
domain, and add the results to the DNS suffix search list that's maintained in the
System\CurrentControlSet\Services\Tcpip\Parameters\SearchList
registry key. The agents use the settings from the following registry keys, to determine
the devolution behavior.
-
System\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
-
When not set, disables devolution
-
When set to
1
, enables devolution (default) -
When set to
0
, disables devolution
-
-
System\CurrentControlSet\Services\Dnscache\Parameters\DomainNameDevolutionLevel
-
When not set, use level of
2
(default) -
When set to
3
or greater, use value to set level
-
When you disable devolution or change your devolution settings to a higher level, the
System\CurrentControlSet\Services\Tcpip\Parameters\SearchList
registry key stil contains the suffixes that were added previously. They are not
automatically removed. You can manually update the list, or you can clear the list
and let your agent run through the process to set up the new list.
Note
To clear the DNS suffix list from the registry, you can run the following command.
PS C:\>
Invoke-CimMethod -ClassName Win32_NetworkAdapterConfiguration -MethodName "SetDNSSuffixSearchOrder" -Arguments @{ DNSDomainSuffixSearchOrder = $null } | Out-Null
Devolution examples
The following examples show domain name progression through the devolution process.
corp.example.com
-
-
Progresses to
example.com
-
locale.region.corp.example.com
-
-
Progresses to
region.corp.example.com
-
Progresses to
corp.example.com
-
Progresses to
example.com
-
locale.region.corp.example.com
with a setting ofDomainNameDevolutionLevel=3
-
-
Progresses to
region.corp.example.com
-
Progresses to
corp.example.com
. The progression stops here, due to the level setting.
-