Tutorial: Get started with Amazon EC2 Windows instances – Amazon Elastic Compute Cloud
Nội Dung Chính
Tutorial: Get started with Amazon EC2
Windows
instances
Use this tutorial to get started with Amazon Elastic Compute Cloud (Amazon EC2). You’ll learn how to launch,
connect to, and use a Windows instance. An instance is a virtual
server in the AWS Cloud. With Amazon EC2, you can set up and configure the operating system and
applications that run on your instance.
When you sign up for AWS, you can get started with Amazon EC2 using the AWS Free Tier. If you created your AWS account
less than 12 months ago, and have not already exceeded the free tier benefits for Amazon EC2, it
won’t cost you anything to complete this tutorial because we help you select options that
are within the free tier benefits. Otherwise, you’ll incur the standard Amazon EC2 usage fees
from the time that you launch the instance until you terminate the instance (which is the
final task of this tutorial), even if it remains idle.
Related tutorials
If you’d prefer to launch a Linux instance, see this tutorial in the
Amazon EC2 User Guide for Linux Instances: Get started with Amazon EC2 Linux
instances.If you’d prefer to use the command line, see this tutorial in the
AWS Command Line Interface User Guide: Using Amazon EC2 through the AWS CLI.
Overview
The instance launched in this tutorial is an Amazon EBS-backed instance (meaning that the
root volume is an EBS volume). You can either specify the Availability Zone in which
your instance runs, or let Amazon EC2 select an Availability Zone for you. Availability Zones
are multiple, isolated locations within each Region. You can think of an Availability
Zone as an isolated data center.
When you launch your instance, you secure it by specifying a key pair (to prove your
identity) and a security group (which acts as a virtual firewall to control ingoing and
outgoing traffic). When you connect to your instance, you must provide the private key
of the key pair that you specified when you launched your instance.
Prerequisites
Before you begin, be sure that you’ve completed the steps in Set up to use Amazon EC2.
Step 1: Launch an instance
You can launch a Windows instance using the AWS Management Console as described in the following
procedure. This tutorial is intended to help you quickly launch your first instance, so
it doesn’t cover all possible options. For information about advanced options, see Launch an instance using the new launch
instance wizard. For information
about other ways to launch your instance, see Launch your instance.
To launch an instance
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.From the EC2 console dashboard, in the Launch instance box, choose
Launch instance, and then choose Launch
instance from the options that appear.Under Name and tags, for Name, enter
a descriptive name for your instance.Under Application and OS Images (Amazon Machine Image), do the following:
Choose Quick Start, and then choose Windows. This is the
operating system (OS) for your instance.From Amazon Machine Image (AMI), select the AMI for
Windows Server 2016 Base or later.. Notice that these AMIs
are marked Free tier eligible. An Amazon Machine Image (AMI) is a basic configuration that serves as
a template for your instance.
Under Instance type, from the Instance type
list, you can select the hardware configuration for your instance. Choose the
t2.micro
instance type, which is selected by default. The
t2.micro
instance type is eligible for the free tier. In
Regions wheret2.micro
is unavailable, you can use a
t3.micro
instance under the free tier. For more information,
see AWS Free Tier.Under Key pair (login), for Key pair name,
choose the key pair that you created when getting set up.
Note that you must select an RSA key.
ED25519 keys are not supported for Windows
instances.Warning
Do not choose Proceed without a key pair (Not recommended). If you
launch your instance without a key pair, then you can’t connect to
it.Next to Network settings, choose
Edit. For Security group name,
you’ll see that the wizard created and selected a security group for you. You
can use this security group, or alternatively you can select the security group
that you created when getting set up using the following steps:Choose Select existing security group.
From Common security groups, choose your security
group from the list of existing security groups.
Keep the default selections for the other configuration settings for your instance.
Review a summary of your instance configuration in the Summary panel,
and when you’re ready, choose Launch instance.A confirmation page lets you know that your instance is launching. Choose View
all instances to close the confirmation page and return to the
console.On the Instances screen, you can view the status of the
launch. It takes a short time for an instance to launch. When you launch an
instance, its initial state ispending
. After the instance starts,
its state changes torunning
and it receives a public DNS name. If
the Public IPv4 DNS column is hidden, choose the settings
icon (
) in the top-right corner, toggle on Public IPv4
DNS, and choose Confirm.It can take a few minutes for the instance to be ready for you to connect to
it. Check that your instance has passed its status checks; you can view this
information in the Status check column.
Step 2: Connect to your
instance
To connect to a Windows instance, you must retrieve the initial administrator password and
then enter this password when you connect to your instance using Remote Desktop. It takes a few minutes
after instance launch before this password is available.
The name of the administrator account depends on the language of the operating system.
For example, for English, it’s Administrator
, for French it’s Administrateur
, and for Portuguese it’s Administrador
.
For more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki.
If you’ve joined your instance to a domain, you can connect to your instance using domain credentials you’ve defined in AWS Directory Service.
On the Remote Desktop login screen, instead of using the local computer name and the generated password, use the fully-qualified user name
for the administrator (for example, corp.example.com\Admin
), and the password for this account.
If you receive an error while attempting to connect to your instance, see
Remote Desktop can’t connect to the remote
computer.
- New console
To connect to your Windows instance using an RDP client
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.In the navigation pane, select Instances. Select the instance and then
choose Connect.On the Connect to instance page, choose the RDP client tab,
and then choose Get password.Choose Browse and navigate to the private key (
.pem
) file you created when you
launched the instance. Select the file and choose Open to copy
the entire contents of the file to this window.Choose Decrypt Password. The console displays the default administrator
password for the instance under Password, replacing the Get password
link shown previously. Save the password in a safe place. This password is required to connect to the instance.Choose Download remote desktop file. Your browser prompts you to either
open or save the RDP shortcut file. When you have finished
downloading the file, choose Cancel to return to the Instances
page.If you opened the RDP file, you’ll see the Remote Desktop Connection
dialog box.If you saved the RDP file, navigate to your downloads directory, and
open the RDP file to display the dialog box.
You may get a warning that the publisher of the remote connection is unknown.
Choose Connect to continue to connect to your instance.The administrator account is chosen by default. Copy and paste the password that
you saved previously.Tip
If you receive a “Password Failed” error, try entering the password manually.
Copying and pasting content can corrupt it.Due to the nature of self-signed certificates, you may get a warning that the
security certificate could not be authenticated. Use the following steps to verify
the identity of the remote computer, or simply choose Yes (Windows)
or Continue (Mac OS X) if you trust the certificate.If you are using Remote Desktop Connection on a
Windows computer, choose View certificate. If you are using
Microsoft Remote Desktop on a Mac, choose
Show Certificate.Choose the Details tab, and scroll down to
Thumbprint (Windows) or SHA1 Fingerprints (Mac OS X).
This is the unique identifier for the remote computer’s security certificate.In the Amazon EC2 console, select the instance, choose Actions,
Monitor and troubleshoot, Get system log.In the system log output, look for
RDPCERTIFICATE-THUMBPRINT
. If
this value matches the thumbprint or fingerprint of the certificate, you have verified
the identity of the remote computer.If you are using Remote Desktop Connection on a
Windows computer, return to the Certificate dialog box and
choose OK. If you are using Microsoft Remote
Desktop on a Mac, return to the Verify Certificate
and choose Continue.[Windows] Choose Yes in the Remote Desktop
Connection window to connect to your instance.[Mac OS X] Log in as prompted, using the default administrator account and the
default administrator password that you recorded or copied previously.
Note that you might need to switch spaces to see the login screen. For
more information, see Add spaces and switch between them.
- Old console
To connect to your Windows instance using an RDP client
In the Amazon EC2 console, select the instance, and then choose
Connect.In the Connect To Your Instance dialog box, choose Get
Password (it will take a few minutes after the instance is launched
before the password is available).Choose Browse and navigate to the private key (.pem) file you created when you
launched the instance. Select the file and choose Open to copy
the entire contents of the file into the Contents field.Choose Decrypt Password. The console displays the default administrator
password for the instance in the Connect To Your Instance
dialog box, replacing the link to Get Password shown previously
with the actual password.Record the default administrator password, or copy it to the clipboard. You need
this password to connect to the instance.Choose Download Remote Desktop File. Your browser prompts you to either
open or save the .rdp file. Either option is fine. When you have finished, you can
choose Close to dismiss the Connect To Your
Instance dialog box.If you opened the .rdp file, you’ll see the Remote Desktop Connection
dialog box.If you saved the .rdp file, navigate to your downloads directory, and
open the .rdp file to display the dialog box.
You may get a warning that the publisher of the remote connection is unknown.
You can continue to connect to your instance.When prompted, log in to the instance, using the administrator account for the operating system
and the password that you recorded or copied previously. If your
Remote Desktop Connection already has an
administrator account set up, you might have to choose the Use another
account option and type the user name and password manually.Note
Sometimes copying and pasting content can corrupt data. If you encounter a
“Password Failed” error when you log in, try typing in the password
manually.Due to the nature of self-signed certificates, you may get a warning that the
security certificate could not be authenticated. Use the following steps to verify
the identity of the remote computer, or simply choose Yes or
Continue to continue if you trust the certificate.If you are using Remote Desktop Connection from a
Windows PC, choose View certificate. If you are using
Microsoft Remote Desktop on a Mac, choose
Show Certificate.Choose the Details tab, and scroll down to the
Thumbprint entry on a Windows PC, or the
SHA1 Fingerprints entry on a Mac. This is the
unique identifier for the remote computer’s security certificate.In the Amazon EC2 console, select the instance, choose
Actions, and then choose Get System
Log.In the system log output, look for an entry labeled
RDPCERTIFICATE-THUMBPRINT
. If this value matches the
thumbprint or fingerprint of the certificate, you have verified the identity
of the remote computer.If you are using Remote Desktop Connection from a
Windows PC, return to the Certificate dialog box and
choose OK. If you are using Microsoft Remote
Desktop on a Mac, return to the Verify
Certificate and choose Continue.[Windows] Choose Yes in the Remote Desktop
Connection window to connect to your instance.[Mac OS] Log in as prompted, using the default administrator account and the
default administrator password that you recorded or copied previously.
Note that you might need to switch spaces to see the login screen. For
more information about spaces, see support.apple.com/en-us/HT204100.If you receive an error while attempting to connect to your instance, see
Remote Desktop can’t connect to the remote
computer.
Step 3: Clean up your instance
After you’ve finished with the instance that you created for this tutorial, you should
clean up by terminating the instance. If you want to do more with this instance before
you clean up, see Next steps.
Important
Terminating an instance effectively deletes it; you can’t reconnect to an instance
after you’ve terminated it.
If you launched an instance that is not within the AWS Free Tier, you’ll stop incurring charges for that instance as soon as
the instance status changes to shutting down
or terminated
. To
keep your instance for later, but not incur charges, you can stop the instance now and
then start it again later. For more information, see Stop and start your instance.
To terminate your instance
In the navigation pane, choose Instances. In the list of
instances, select the instance.Choose Instance state, Terminate
instance.Choose Terminate when prompted for confirmation.
Amazon EC2 shuts down and terminates your instance. After your instance is
terminated, it remains visible on the console for a short while, and then the
entry is automatically deleted. You cannot remove the terminated instance from
the console display yourself.
Next steps
After you start your instance, you might want to try some of the following
exercises: