Tutorial: Get started with Amazon EC2 Windows instances – Amazon Elastic Compute Cloud

Tutorial: Get started with Amazon EC2

Windows

instances

Use this tutorial to get started with Amazon Elastic Compute Cloud (Amazon EC2). You’ll learn how to launch,
connect to, and use a Windows instance. An instance is a virtual
server in the AWS Cloud. With Amazon EC2, you can set up and configure the operating system and
applications that run on your instance.

When you sign up for AWS, you can get started with Amazon EC2 using the AWS Free Tier. If you created your AWS account
less than 12 months ago, and have not already exceeded the free tier benefits for Amazon EC2, it
won’t cost you anything to complete this tutorial because we help you select options that
are within the free tier benefits. Otherwise, you’ll incur the standard Amazon EC2 usage fees
from the time that you launch the instance until you terminate the instance (which is the
final task of this tutorial), even if it remains idle.

Related tutorials
  • If you’d prefer to launch a Linux instance, see this tutorial in the
    Amazon EC2 User Guide for Linux Instances: Get started with Amazon EC2 Linux
    instances.

  • If you’d prefer to use the command line, see this tutorial in the
    AWS Command Line Interface User Guide: Using Amazon EC2 through the AWS CLI.

Overview

The instance launched in this tutorial is an Amazon EBS-backed instance (meaning that the
root volume is an EBS volume). You can either specify the Availability Zone in which
your instance runs, or let Amazon EC2 select an Availability Zone for you. Availability Zones
are multiple, isolated locations within each Region. You can think of an Availability
Zone as an isolated data center.

When you launch your instance, you secure it by specifying a key pair (to prove your
identity) and a security group (which acts as a virtual firewall to control ingoing and
outgoing traffic). When you connect to your instance, you must provide the private key
of the key pair that you specified when you launched your instance.

				An Amazon EBS-backed instance with an additional Amazon EBS volume

Prerequisites

Before you begin, be sure that you’ve completed the steps in Set up to use Amazon EC2.

Step 1: Launch an instance

You can launch a Windows instance using the AWS Management Console as described in the following
procedure. This tutorial is intended to help you quickly launch your first instance, so
it doesn’t cover all possible options. For information about advanced options, see Launch an instance using the new launch
instance wizard. For information
about other ways to launch your instance, see Launch your instance.

To launch an instance
  1. Open the Amazon EC2 console at
    https://console.aws.amazon.com/ec2/.

  2. From the EC2 console dashboard, in the Launch instance box, choose
    Launch instance, and then choose Launch
    instance
    from the options that appear.

  3. Under Name and tags, for Name, enter
    a descriptive name for your instance.

  4. Under Application and OS Images (Amazon Machine Image), do the following:

    1. Choose Quick Start, and then choose Windows. This is the
      operating system (OS) for your instance.

    2. From Amazon Machine Image (AMI), select the AMI for
      Windows Server 2016 Base or later.. Notice that these AMIs
      are marked Free tier eligible. An Amazon Machine Image (AMI) is a basic configuration that serves as
      a template for your instance.

  5. Under Instance type, from the Instance type
    list, you can select the hardware configuration for your instance. Choose the
    t2.micro instance type, which is selected by default. The
    t2.micro instance type is eligible for the free tier. In
    Regions where t2.micro is unavailable, you can use a
    t3.micro instance under the free tier. For more information,
    see AWS Free Tier.

  6. Under Key pair (login), for Key pair name,
    choose the key pair that you created when getting set up.
    Note that you must select an RSA key.
    ED25519 keys are not supported for Windows
    instances.

    Warning

    Do not choose Proceed without a key pair (Not recommended). If you
    launch your instance without a key pair, then you can’t connect to
    it.

  7. Next to Network settings, choose
    Edit. For Security group name,
    you’ll see that the wizard created and selected a security group for you. You
    can use this security group, or alternatively you can select the security group
    that you created when getting set up using the following steps:

    1. Choose Select existing security group.

    2. From Common security groups, choose your security
      group from the list of existing security groups.

  8. Keep the default selections for the other configuration settings for your instance.

  9. Review a summary of your instance configuration in the Summary panel,
    and when you’re ready, choose Launch instance.

  10. A confirmation page lets you know that your instance is launching. Choose View
    all instances
    to close the confirmation page and return to the
    console.

  11. On the Instances screen, you can view the status of the
    launch. It takes a short time for an instance to launch. When you launch an
    instance, its initial state is pending. After the instance starts,
    its state changes to running and it receives a public DNS name. If
    the Public IPv4 DNS column is hidden, choose the settings
    icon (
    Settings icon.
    ) in the top-right corner, toggle on Public IPv4
    DNS
    , and choose Confirm.

  12. It can take a few minutes for the instance to be ready for you to connect to
    it. Check that your instance has passed its status checks; you can view this
    information in the Status check column.

Step 2: Connect to your
instance

To connect to a Windows instance, you must retrieve the initial administrator password and
then enter this password when you connect to your instance using Remote Desktop. It takes a few minutes
after instance launch before this password is available.

The name of the administrator account depends on the language of the operating system.
For example, for English, it’s Administrator, for French it’s Administrateur, and for Portuguese it’s Administrador.
For more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki.

If you’ve joined your instance to a domain, you can connect to your instance using domain credentials you’ve defined in AWS Directory Service.
On the Remote Desktop login screen, instead of using the local computer name and the generated password, use the fully-qualified user name
for the administrator (for example, corp.example.com\Admin), and the password for this account.

If you receive an error while attempting to connect to your instance, see
Remote Desktop can’t connect to the remote
computer.

New console
To connect to your Windows instance using an RDP client
  1. Open the Amazon EC2 console at
    https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, select Instances. Select the instance and then
    choose Connect.

  3. On the Connect to instance page, choose the RDP client tab,
    and then choose Get password.

                                                         Get password for RDP.

  4. Choose Browse and navigate to the private key (.pem) file you created when you
    launched the instance. Select the file and choose Open to copy
    the entire contents of the file to this window.

  5. Choose Decrypt Password. The console displays the default administrator
    password for the instance under Password, replacing the Get password
    link shown previously. Save the password in a safe place. This password is required to connect to the instance.

                                                                  Password location for RDP.

  6. Choose Download remote desktop file. Your browser prompts you to either
    open or save the RDP shortcut file. When you have finished
    downloading the file, choose Cancel to return to the Instances
    page.

    • If you opened the RDP file, you’ll see the Remote Desktop Connection
      dialog box.

    • If you saved the RDP file, navigate to your downloads directory, and
      open the RDP file to display the dialog box.

  7. You may get a warning that the publisher of the remote connection is unknown.
    Choose Connect to continue to connect to your instance.

                                                                  Unknown publisher message.

  8. The administrator account is chosen by default. Copy and paste the password that
    you saved previously.

    Tip

    If you receive a “Password Failed” error, try entering the password manually.
    Copying and pasting content can corrupt it.

  9. Due to the nature of self-signed certificates, you may get a warning that the
    security certificate could not be authenticated. Use the following steps to verify
    the identity of the remote computer, or simply choose Yes (Windows)
    or Continue (Mac OS X) if you trust the certificate.

                                                                  "Identity cannot be verified" window.

    1. If you are using Remote Desktop Connection on a
      Windows computer, choose View certificate. If you are using
      Microsoft Remote Desktop on a Mac, choose
      Show Certificate.

    2. Choose the Details tab, and scroll down to
      Thumbprint (Windows) or SHA1 Fingerprints (Mac OS X).
      This is the unique identifier for the remote computer’s security certificate.

    3. In the Amazon EC2 console, select the instance, choose Actions,
      Monitor and troubleshoot, Get system log.

    4. In the system log output, look for RDPCERTIFICATE-THUMBPRINT. If
      this value matches the thumbprint or fingerprint of the certificate, you have verified
      the identity of the remote computer.

    5. If you are using Remote Desktop Connection on a
      Windows computer, return to the Certificate dialog box and
      choose OK. If you are using Microsoft Remote
      Desktop
      on a Mac, return to the Verify Certificate
      and choose Continue.

    6. [Windows] Choose Yes in the Remote Desktop
      Connection
      window to connect to your instance.

      [Mac OS X] Log in as prompted, using the default administrator account and the
      default administrator password that you recorded or copied previously.
      Note that you might need to switch spaces to see the login screen. For
      more information, see Add spaces and switch between them.

Old console
To connect to your Windows instance using an RDP client
  1. In the Amazon EC2 console, select the instance, and then choose
    Connect.

  2. In the Connect To Your Instance dialog box, choose Get
    Password
    (it will take a few minutes after the instance is launched
    before the password is available).

  3. Choose Browse and navigate to the private key (.pem) file you created when you
    launched the instance. Select the file and choose Open to copy
    the entire contents of the file into the Contents field.

  4. Choose Decrypt Password. The console displays the default administrator
    password for the instance in the Connect To Your Instance
    dialog box, replacing the link to Get Password shown previously
    with the actual password.

  5. Record the default administrator password, or copy it to the clipboard. You need
    this password to connect to the instance.

  6. Choose Download Remote Desktop File. Your browser prompts you to either
    open or save the .rdp file. Either option is fine. When you have finished, you can
    choose Close to dismiss the Connect To Your
    Instance
    dialog box.

    • If you opened the .rdp file, you’ll see the Remote Desktop Connection
      dialog box.

    • If you saved the .rdp file, navigate to your downloads directory, and
      open the .rdp file to display the dialog box.

  7. You may get a warning that the publisher of the remote connection is unknown.
    You can continue to connect to your instance.

  8. When prompted, log in to the instance, using the administrator account for the operating system
    and the password that you recorded or copied previously. If your
    Remote Desktop Connection already has an
    administrator account set up, you might have to choose the Use another
    account
    option and type the user name and password manually.

    Note

    Sometimes copying and pasting content can corrupt data. If you encounter a
    “Password Failed” error when you log in, try typing in the password
    manually.

  9. Due to the nature of self-signed certificates, you may get a warning that the
    security certificate could not be authenticated. Use the following steps to verify
    the identity of the remote computer, or simply choose Yes or
    Continue to continue if you trust the certificate.

    1. If you are using Remote Desktop Connection from a
      Windows PC, choose View certificate. If you are using
      Microsoft Remote Desktop on a Mac, choose
      Show Certificate.

    2. Choose the Details tab, and scroll down to the
      Thumbprint entry on a Windows PC, or the
      SHA1 Fingerprints entry on a Mac. This is the
      unique identifier for the remote computer’s security certificate.

    3. In the Amazon EC2 console, select the instance, choose
      Actions, and then choose Get System
      Log
      .

    4. In the system log output, look for an entry labeled
      RDPCERTIFICATE-THUMBPRINT. If this value matches the
      thumbprint or fingerprint of the certificate, you have verified the identity
      of the remote computer.

    5. If you are using Remote Desktop Connection from a
      Windows PC, return to the Certificate dialog box and
      choose OK. If you are using Microsoft Remote
      Desktop
      on a Mac, return to the Verify
      Certificate
      and choose Continue.

    6. [Windows] Choose Yes in the Remote Desktop
      Connection
      window to connect to your instance.

      [Mac OS] Log in as prompted, using the default administrator account and the
      default administrator password that you recorded or copied previously.
      Note that you might need to switch spaces to see the login screen. For
      more information about spaces, see support.apple.com/en-us/HT204100.

    7. If you receive an error while attempting to connect to your instance, see
      Remote Desktop can’t connect to the remote
      computer.

Step 3: Clean up your instance

After you’ve finished with the instance that you created for this tutorial, you should
clean up by terminating the instance. If you want to do more with this instance before
you clean up, see Next steps.

Important

Terminating an instance effectively deletes it; you can’t reconnect to an instance
after you’ve terminated it.

If you launched an instance that is not within the AWS Free Tier, you’ll stop incurring charges for that instance as soon as
the instance status changes to shutting down or terminated. To
keep your instance for later, but not incur charges, you can stop the instance now and
then start it again later. For more information, see Stop and start your instance.

To terminate your instance
  1. In the navigation pane, choose Instances. In the list of
    instances, select the instance.

  2. Choose Instance state, Terminate
    instance
    .

  3. Choose Terminate when prompted for confirmation.

    Amazon EC2 shuts down and terminates your instance. After your instance is
    terminated, it remains visible on the console for a short while, and then the
    entry is automatically deleted. You cannot remove the terminated instance from
    the console display yourself.

Next steps

After you start your instance, you might want to try some of the following
exercises: