Amazon Elastic Compute Cloud
User Guide for Windows Instances

Details about EC2Config Versions

Windows AMIs include an optional service called the EC2Config service (EC2Config.exe). EC2Config starts when the instance boots and performs tasks during start-up and each time you stop or start the instance. EC2Config can also perform tasks on demand. Some of these tasks are automatically enabled, while others must be enabled manually. Although optional, this service provides access to advanced features that aren't otherwise available. This service runs in the LocalSystem account and performs tasks on the instance such as Windows Activation, setting the Administrator password, executing userdata, Cloud Formation Execution (requires AWS CloudFormation executable), writing to the AWS Console and one click sysprep from within the application. Its binaries and additional files are contained in the %ProgramFiles%\Amazon\EC2ConfigService directory. After you install the service, a log file is created in the %ProgramFiles%\Amazon\Ec2ConfigService\Logs\Ec2MsiInstall.txt directory.

Amazon Windows AMIs contain a service installed by Amazon Web Services; the EC2Config service. Although optional, this service provides access to advanced features that are not otherwise available.


(Optional) If you have a version of EC2Config that is earlier than version 2.1.19 and you are trying to upgrade up to 2.2.12, you must first update to version 2.1.19, and then update to the current version. To update to version 2.1.19, download, unzip the file, and then run EC2Install.exe. Please note this issue has been fixed in 2.3.313 version.


.Net framework 3.5 SP1 or greater

You can receive notifications when new versions of the EC2Config service are released. For more information, see Subscribing to EC2Config Service Notifications.

Version Details


New version of SSM Agent (2.0.761.0)


New version of SSM Agent (2.0.755.0)


New version of SSM Agent (2.0.730.0)


New version of SSM Agent (2.0.716.0)


New version of SSM Agent (2.0.682.0)


  • New version of SSM Agent (2.0.672.0)

  • Fixed agent update issue with v4.3, v4.4, and v4.5


New version of SSM Agent (2.0.645.1)


New version of SSM Agent (2.0.633.0)


New version of SSM Agent (2.0.617.1)


New version of SSM Agent (2.0.599.0)


New version of SSM Agent (2.0.558.0)


  • Run Command, SSM Config, the CloudWatch agent, and domain join support have been moved into another agent called SSM Agent. SSM Agent will be installed as part of the EC2Config upgrade. For more information, see EC2Config and Amazon EC2 Systems Manager (SSM).

  • If you have a proxy set up in EC2Config, you will need to update your proxy settings for SSM Agent before upgrading. If you do not update the proxy settings, you will not be able to use Run Command to manage your instances. To avoid this, see the following information before updating to the newer version: Installing SSM Agent on Windows.

  • If you previously enabled CloudWatch integration on your instances by using a local configuration file (AWS.EC2.Windows.CloudWatch.json), you will need to configure the file to work with SSM agent. For more information, see Windows Server 2016.


  • Re-enabled activation plugin for instances with old KMS configuration.

  • Change default TRIM behavior to be disabled during disk format operation and added FormatWithTRIM for overriding InitializeDisks plugin with userdata.


  • Fix to reliably add routes to the primary network adapter.

  • Updates to improve support for AWS services.

  • Fixes duplicate system logs appearing when filters set to same category.

  • Fixes to prevent from hanging during disk initialization.


Added support to log "Window is Ready to use" event to Windows Event Log on start.


Fix to allow uploading run command output to S3 bucket names with '.' character.


Added support to override InitializeDisks plugin settings. For example: To speed up SSD disk initialize, you can temporarily disable TRIM by specifying this in userdata:



SSM RunCommand - Fixes to process commands reliably after windows reboot.


  • Fix to gracefully handle reboot when running commands/scripts.

  • Fix to reliably cancel running commands.

  • Add support for (optionally) uploading MSI logs to S3 when installing applications via Run Command.


  • Fixes to enable RDP thumbprint generation for Windows 2003.

  • Fixes to include timezone and UTC offset in the EC2Config log lines.

  • SSM support to run commands in parallel.

  • Roll back previous change to bring partitioned disks online.


  • Fix SSM (Simple Systems Manager) configuration failures when installing MSI applications.

  • Fix to reliably bring storage disks online.

  • Updates to improve support for AWS services.


  • Fix in post Sysprep script to leave the configuration of windows update in a default state.

  • Fix the password generation plugin to improve the reliability in getting GPO password policy settings.

  • Restrict EC2Config/SSM log folder permissions to the local Administrators group.

  • Updates to improve support for AWS services.


  • Fixed an issue with CloudWatch that prevented logs from getting uploaded when not on primary drive.

  • Improved the disk initialization process by adding retry logic.

  • Added improved error handling when the SetPassword plugin occasionally failed during AMI creation.

  • Updates to improve support for AWS services.


  • Improvements to the ec2config-cli utility for config testing and troubleshooting within instance.

  • Avoid adding static routes for KMS and meta-data service on an OpenVPN adapter.

  • Fixed an issue where user-data execution was not honoring the "persist" tag.

  • Improved error handling when logging to the EC2 console is not available.

  • Updates to improve support for AWS services.


  • Windows activation reliability fix to first use link local address for activating windows via KMS

  • Improved proxy handling for SSM, Windows Activation and Domain Join scenarios

  • Fixed an issue where duplicate lines of user accounts were added to the Sysprep answer file


  • Addressed a scenario where the CloudWatch plugin may consume excessive CPU and memory reading Windows Event Logs

  • Added a link to the CloudWatch configuration documentation in the EC2Config Settings UI


  • Fixes to EC2Config when used in combination with VM-Import.

  • Fixed service naming issue in the WiX installer.


  • Improved exception handling for ssm and domain join failures.

  • Change to support SSM schema versioning.

  • Fixed formatting ephemeral disks on Win2K3.

  • Change to support configuring disk size greater than 2TB.

  • Reduced virtual memory usage by setting GC mode to default.

  • Support for downloading artifacts from UNC path in aws:psModule and aws:application plugin.

  • Improved logging for Windows activation plugin.


  • Performance improvements by delay loading SSM assemblies.

  • Improved exception handling for malformed sysprep2008.xml.

  • Command line support for SSM "Apply" configuration.

  • Change to support domain join when there is a pending computer rename.

  • Support for optional parameters in the aws:applications plugin.

  • Support for command array in aws:psModule plugin.



  • Added scheduled task to recover EC2Config from service startup failures.

  • Improvements to the Console log error messages.

  • Updates to improve support for AWS services.


  • Fixed an issue with large memory consumption in some cases when the CloudWatch Logs feature is enabled.

  • Fixed an upgrade bug so that ec2config versions lower than 2.1.19 can now upgrade to latest.

  • Updated COM port opening exception to be more friendly and useful in logs.

  • Ec2configServiceSettings UI disabled resizing and fixed the attribution and version display placement in UI.


  • Handled NullPointerException while querying a registry key for determining Windows Sysprep state which returned null occasionally.

  • Freed up unmanaged resources in finally block.


Fixed a issue in CloudWatch plugin for handling empty log lines.


  • Removed configuring CloudWatch Logs settings through UI.

  • Enable users to define CloudWatch Logs settings in %ProgramFiles%\Amazon\Ec2ConfigService\Settings\AWS.EC2.Windows.CloudWatch.json file to allow future enhancements.


Fixed unhandled exception and added logging.


  • Fixes Windows OS version check in EC2Config Installer to support Windows 2003 Sp1 and above.

  • Fixes null value handling when reading registry keys related to updating Sysprep config files.


  • Added support for EC2Config to run during Sysprep execution for Windows 2008 and greater.

  • Improved exception handling and logging for better diagnostics


  • Reduced the load on the instance and on CloudWatch Logs when uploading log events.

  • Addressed an upgrade issue where the CloudWatch Logs plug-in did not always stay enabled


  • Added support to upload logs to CloudWatch Log Service.

  • Fixed a race condition issue in Ec2OutputRDPCert plug-in

  • Changed EC2Config Service recovery option to Restart from TakeNoAction

  • Added more exception information when EC2Config Crashes


  • Fixed a typo in PostSysprep.cmd

  • Fixed the bug which EC2Config does not pin itself onto start menu for OS2012+


  • Added option to install EC2Config without service starting immediately upon install. To use, run 'Ec2Install.exe start=false' from the command prompt

  • Added parameter in wallpaper plugin to control adding/removing wallpaper. To use, run 'Ec2WallpaperInfo.exe set' or 'Ec2WallpaperInfo.exe revert' from the command prompt

  • Added checking for RealTimeIsUniversal key, output incorrect settings of the RealTimeIsUniveral registry key to the Console

  • Removed EC2Config dependency on Windows temp folder

  • Removed UserData execution dependency on .Net 3.5


  • Added check to service stop behavior to check that resources are being released

  • Fixed issue with long execution times when joined to domain


  • Updated Installer to allow upgrades from older versions

  • Fixed Ec2WallpaperInfo bug in .Net4.5 only environment

  • Fixed intermittent driver detection bug

  • Added silent install option. Execute Ec2Install.exe with the '-q' option. eg: 'Ec2Install.exe -q'


  • Added support for .Net4 and .Net4.5 only environments

  • Updated Installer


  • Added ephemeral disk labeling support when using Intel network driver (eg. C3 instance Type). For more information, see Enhanced Networking on Windows.

  • Added AMI Origin Version and AMI Origin Name support to the console output

  • Made changes to the Console Output for consistent formatting/parsing

  • Updated Help File


  • Added EC2Config WMI Object for Completion notification (-Namespace root\Amazon -Class EC2_ConfigService)

  • Improved Performance of Startup WMI query with large Event Logs; could cause prolonged high CPU during initial execution


  • Fixed UserData execution issue with Standard Output and Standard Error buffer filling

  • Fixed incorrect RDP thumbprint sometimes appearing in Console Output for >= w2k8 OS

  • Console Output now contains 'RDPCERTIFICATE-SubjectName:' for Windows 2008+, which contains the machine name value

  • Added D:\ to Drive Letter Mapping dropdown

  • Moved Help button to top right and changed look/feel

  • Added Feedback survey link to top right


  • General Tab includes link to EC2Config download page for new Versions

  • Desktop Wallpaper overlay now stored in Users Local Appdata folder instead of My Documents to support MyDoc redirection

  • MSSQLServer name sync'd with system in Post-Sysprep script (2008+)

  • Reordered Application Folder (moved files to Plugin directory and removed duplicate files)

  • Changed System Log Output (Console):

  • *Moved to a date, name, value format for easier parsing (Please start migrating dependencies to new format)

  • *Added 'Ec2SetPassword' plugin status

  • *Added Sysprep Start and End times

  • Fixed issue of Ephemeral Disks not being labeled as 'Temporary Storage' for non-english Operating Systems

  • Fixed EC2Config Uninstall failure after running Sysprep


  • Optimized requests to the Metadata service

  • Metadata now bypass Proxy Settings

  • Ephemeral Disks labeled as 'Temporary Storage' and Important.txt placed on volume when found (Citrix PV drivers only). For more information, see Upgrading PV Drivers on Your Windows AMI.

  • Ephemeral Disks assigned drive letters from Z to A (Citrix PV drivers only) - assignment can be overwritten using Drive Letter Mapping plugin with Volume labels 'Temporary Storage X' where x is a number 0-25)

  • UserData now executes immediately following 'Windows is Ready'


Desktop wallpaper fixes


  • Desktop wallpaper will display hostname by default

  • Removed dependency on Windows Time service

  • Route added in cases where multiple IPs are assigned to a single interface


  • Changes made to Ec2Activation Plugin

  • -Verifies Activation status every 30 days

  • -If Grace Period has 90 days remaining (out of 180), reattempts activation


  • Desktop wallpaper overlay no longer persists with Sysprep or Shutdown without Sysprep

  • Userdata option to execute on every service start with <persist>true</persist>

  • Changed location and name of /DisableWinUpdate.cmd to /Scripts/PostSysprep.cmd

  • Administrator password set to not expire by default in /Scripts/PostSysprep.cmd

  • Uninstall will remove EC2Config PostSysprep script from c:\windows\setup\script\CommandComplete.cmd

  • Add Route supports custom interface metrics


UserData Execution no longer limited to 3851 Characters


  • OS Version and language identifier written to console

  • EC2Config version written to console

  • PV driver version written to console

  • Detection of Bug Check and output to the console on next boot when found

  • Option added to config.xml to persist Sysprep credentials

  • Add Route Retry logic in cases of ENI being unavailable at start

  • User Data execution PID written to console

  • Minimum generated password length retrieved from GPO

  • Set service start to retry 3 attempts

  • Added S3_DownloadFile.ps1 and S3_Upload file.ps1 examples to /Scripts folder


  • Version information added to General tab

  • Renamed the Bundle tab to Image

  • Simplified the process of specifying passwords and moved the password-related UI from the General tab to the Image tab

  • Renamed the Disk Settings tab to Storage

  • Added a Support tab with common tools for troubleshooting

  • Windows 2003 sysprep.ini set to extend OS partition by default

  • Added the private IP address to the wallpaper

  • Sysprep 2003 expand Root Volume

  • Private IP address displayed on wallpaper

  • Added retry logic for Console output

  • Fixed Com port exception for metadata accessibility -- caused EC2Config to terminate before console output is displayed

  • Checks for activation status on every boot -- activates as necessary

  • Fixed issue of relative paths -- caused when manually executing wallpaper shortcut from startup folder; pointing to Administrator/logs

  • Fixed default background color for Windows 2003 user (other than Administrator)


  • Console timestamps in UTC (Zulu)

  • Removed appearance of hyperlink on Sysprep tab

  • Addition of feature to dynamically expand Root Volume on first boot for Windows 2008+

  • When Set-Password is enabled, now automatically enables EC2Config to set the password

  • EC2Config checks activation status prior to running Sysprep (presents warning if not activated)

  • Windows 2003 Sysprep.xml now defaults to UTC timezone instead of Pacific

  • Randomized Activation Servers

  • Renamed Drive Mapping tab to Disk Settings

  • Moved Initialize Drives UI items from General to the Disk Settings tab

  • Help button now points to HTML help file

  • Updated HTML help file with changes

  • Updated 'Note' text for Drive Letter Mappings

  • Added InstallUpdates.ps1 to /Scripts folder for automating Patches and cleanup prior to Sysprep


  • Desktop wallpaper displays instance information by default upon first logon (not disconnect/reconnect)

  • PowerShell can be executed from the userdata by surrounding the code with <powershell></powershell>