Getting Started with Amazon EC2 Windows Instances
Let's get started with Amazon Elastic Compute Cloud (Amazon EC2) by launching, connecting to, and using a Windows instance. An instance is a virtual server in the AWS cloud. With Amazon EC2, you can set up and configure the operating system and applications that run on your instance.
When you sign up for AWS, you can get started with Amazon EC2 for free using the AWS Free Tier. If you created your AWS account less than 12 months ago, and have not already exceeded the free tier benefits for Amazon EC2, it will not cost you anything to complete this tutorial, because we help you select options that are within the free tier benefits. Otherwise, you'll incur the standard Amazon EC2 usage fees from the time that you launch the instance until you terminate the instance (which is the final task of this tutorial), even if it remains idle.
The instance is an Amazon EBS-backed instance (meaning that the root volume is an EBS volume). You can either specify the Availability Zone in which your instance runs, or let Amazon EC2 select an Availability Zone for you. When you launch your instance, you secure it by specifying a key pair and security group. When you connect to your instance, you must specify the private key of the key pair that you specified when launching your instance.
To complete this tutorial, perform the following tasks:
If you'd prefer to launch a Linux instance, see this tutorial in the Amazon EC2 User Guide for Linux Instances: Getting Started with Amazon EC2 Linux Instances.
If you'd prefer to use the command line, see this tutorial in the AWS Command Line Interface User Guide: Using Amazon EC2 through the AWS CLI.
Before you begin, be sure that you've completed the steps in Setting Up with Amazon EC2.
Step 1: Launch an Instance
You can launch a Windows instance using the AWS Management Console as described in the following procedure. This tutorial is intended to help you launch your first instance quickly, so it doesn't cover all possible options. For more information about the advanced options, see Launching an Instance.
To launch an instance
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
From the console dashboard, choose Launch Instance.
The Choose an Amazon Machine Image (AMI) page displays a list of basic configurations, called Amazon Machine Images (AMIs), that serve as templates for your instance. Select the AMI for Windows Server 2012 R2 Base or Windows Server 2008 R2 Base. Notice that these AMIs are marked "Free tier eligible."
On the Choose an Instance Type page, you can select the hardware configuration of your instance. Select the
t2.microtype, which is selected by default. Notice that this instance type is eligible for the free tier.
T2 instances, such as
t2.micro, must be launched into a VPC. If your AWS account supports EC2-Classic and you do not have a VPC in the selected region, the launch wizard creates a VPC for you and you can continue to the next step. Otherwise, the Review and Launch button is disabled and you must choose Next: Configure Instance Details and follow the directions to select a subnet.
Choose Review and Launch to let the wizard complete the other configuration settings for you.
On the Review Instance Launch page, under Security Groups, you'll see that the wizard created and selected a security group for you. You can use this security group, or alternatively you can select the security group that you created when getting set up using the following steps:
Choose Edit security groups.
On the Configure Security Group page, ensure that Select an existing security group is selected.
Select your security group from the list of existing security groups, and then choose Review and Launch.
On the Review Instance Launch page, choose Launch.
When prompted for a key pair, select Choose an existing key pair, then select the key pair that you created when getting set up.
Alternatively, you can create a new key pair. Select Create a new key pair, enter a name for the key pair, and then choose Download Key Pair. This is the only chance for you to save the private key file, so be sure to download it. Save the private key file in a safe place. You'll need to provide the name of your key pair when you launch an instance and the corresponding private key each time you connect to the instance.
Don't select the Proceed without a key pair option. If you launch your instance without a key pair, then you can't connect to it.
When you are ready, select the acknowledgement check box, and then choose Launch Instances.
A confirmation page lets you know that your instance is launching. Choose View Instances to close the confirmation page and return to the console.
On the Instances screen, you can view the status of the launch. It takes a short time for an instance to launch. When you launch an instance, its initial state is
pending. After the instance starts, its state changes to
runningand it receives a public DNS name. (If the Public DNS (IPv4) column is hidden, choose the Show/Hide icon in the top right corner of the page and then select Public DNS (IPv4).)
It can take a few minutes for the instance to be ready so that you can connect to it. Check that your instance has passed its status checks; you can view this information in the Status Checks column.
Step 2: Connect to Your Instance
To connect to a Windows instance, you must retrieve the initial administrator password and then specify this password when you connect to your instance using Remote Desktop.
If you've joined your instance to a domain, you can connect to your instance using domain credentials you've defined in AWS Directory Service. For more information about connecting to an instance in a domain, see Connecting To Your Instance Using Domain Credentials.
The name of the administrator account depends on the language of the operating system. For example, for English, it's Administrator, for French it's Administrateur, and for Portuguese it's Administrador. For more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki.
The license for the Windows Server operating system (OS) allows two simultaneous remote connections for administrative purposes. The license for Windows Server is included in the price of your EC2 instance. If you need more than two simultaneous remote connections you must purchase a Remote Desktop Services (RDS) license. If you attempt a third connection, an error occurs. For more information, see Configure the Number of Simultaneous Remote Connections Allowed for a Connection.
To connect to your Windows instance using an RDP client
In the Amazon EC2 console, select the instance, and then choose Connect.
In the Connect To Your Instance dialog box, choose Get Password (it will take a few minutes after the instance is launched before the password is available).
Choose Browse and navigate to the private key file you created when you launched the instance. Select the file and choose Open to copy the entire contents of the file into the Contents field.
Choose Decrypt Password. The console displays the default administrator password for the instance in the Connect To Your Instance dialog box, replacing the link to Get Password shown previously with the actual password.
Record the default administrator password, or copy it to the clipboard. You need this password to connect to the instance.
Choose Download Remote Desktop File. Your browser prompts you to either open or save the .rdp file. Either option is fine. When you have finished, you can choose Close to dismiss the Connect To Your Instance dialog box.
If you opened the .rdp file, you'll see the Remote Desktop Connection dialog box.
If you saved the .rdp file, navigate to your downloads directory, and open the .rdp file to display the dialog box.
You may get a warning that the publisher of the remote connection is unknown. If you are using Remote Desktop Connection from a Windows PC, choose Connect to connect to your instance. If you are using Microsoft Remote Desktop on a Mac, skip the next step.
When prompted, log in to the instance, using the administrator account for the operating system and the password that you recorded or copied previously. If your Remote Desktop Connection already has an administrator account set up, you might have to choose the Use another account option and enter the user name and password manually.
Sometimes copying and pasting content can corrupt data. If you encounter a "Password Failed" error when you log in, try typing in the password manually.
Due to the nature of self-signed certificates, you may get a warning that the security certificate could not be authenticated. Use the following steps to verify the identity of the remote computer, or simply choose Yes or Continue to continue if you trust the certificate.
If you are using Remote Desktop Connection from a Windows PC, choose View certificate. If you are using Microsoft Remote Desktop on a Mac, choose Show Certificate.
Choose the Details tab, and scroll down to the Thumbprint entry on a Windows PC, or the SHA1 Fingerprints entry on a Mac. This is the unique identifier for the remote computer's security certificate.
In the Amazon EC2 console, select the instance, choose Actions, and then choose Get System Log.
In the system log output, look for an entry labeled
RDPCERTIFICATE-THUMBPRINT. If this value matches the thumbprint or fingerprint of the certificate, you have verified the identity of the remote computer.
If you are using Remote Desktop Connection from a Windows PC, return to the Certificate dialog box and choose OK. If you are using Microsoft Remote Desktop on a Mac, return to the Verify Certificate and choose Continue.
If you are using Remote Desktop Connection from a Windows PC, choose Yes in the Remote Desktop Connection window to connect to your instance. If you are using Microsoft Remote Desktop on a Mac, log in to the instance as prompted, using the default Administrator account and the default administrator password that you recorded or copied previously.
On a Mac, you may need to switch spaces to see the Microsoft Remote Desktop login screen. For more information on spaces, see http://support.apple.com/kb/PH14155.
Step 3: Clean Up Your Instance
After you've finished with the instance that you created for this tutorial, you should clean up by terminating the instance. If you want to do more with this instance before you clean up, see Next Steps.
Terminating an instance effectively deletes it; you can't reconnect to an instance after you've terminated it.
If you launched an instance that is not within the AWS
Free Tier, you'll stop incurring charges for that instance as soon as the
instance status changes to
shutting down or
If you'd like to keep your instance for later, but not incur charges, you can stop
the instance now and then start it again later. For more information, see
To terminate your instance
In the navigation pane, choose Instances. In the list of instances, select the instance.
Choose Actions, then Instance State, and then choose Terminate.
Choose Yes, Terminate when prompted for confirmation.
Amazon EC2 shuts down and terminates your instance. After your instance is terminated, it remains visible on the console for a short while, and then the entry is deleted.
After you start your instance, you might want to try some of the following exercises:
Learn how to remotely manage you EC2 instance using Run Command. For more information, see Tutorial: Remotely Manage Your Amazon EC2 Instances and Remote Management.
Configure a CloudWatch alarm to notify you if your usage exceeds the Free Tier. For more information, see Create a Billing Alarm in the AWS Billing and Cost Management User Guide.
Install the WAMP or WIMP stack. For more information, see Tutorial: Installing a WAMP Server on an Amazon EC2 Instance Running Windows Server and Tutorial: Installing a WIMP Server on an Amazon EC2 Instance Running Windows Server.