AWS – Create an Amazon EC2 Windows Instance

In this guide, you will create an Amazon EC2 Windows Instance. The learning in this guide corresponds to the AWS Associate Exam Blueprint section 2.1.

Access the AWS Console

  1. Go to
  2. On the Sign In screen, enter your E-mail or mobile number, and password. Then click Sign in using our secure server.
  3. When your login completes, you should see the AWS Console.
    AWS Console

Select an AWS Region

  1. Select the AWS Region where you want to create your VM instance.
    Select Region

Launch a Windows Instance

  1. Select Services→EC2.
    Open the EC2 Dashboard
  2. On the EC2 Dashboard, click Launch Instance.
    Launch Instance
  3. On Step 1: Choose an Amazon Machine Image, click Select next to the Microsoft Windows Server 2012 Base AMI.
    Microsoft Windows Server 2012 Base AMI
  4. On Step 2: Choose an Instance Type set, select t2.micro (Free tier eligible) and click Next: Configure Instance Details.
  5. On Step 3: Configure Instance Details, expand the Advanced details section.
  6. In User data, verify that As text is selected.
  7. Copy and paste the following text into the User data text box. The User data will execute as a script on the instance the first time that it starts. In this case, we will be installing a web server (httpd), configuring it to start at boot, and starting it.
  8. <powershell>
    install-windowsfeature web-server -IncludeAllSubFeature
    install-windowsfeature web-mgmt-tools

    User data Powershell

  9. Click Next: Add Storage.
  10. By default, Step 4: Add Storage shows the volume required to boot the instance. You can optionally add addition volumes on this screen. Click Next: Tag Instance.
  11. On Step 5: Tag Instance, you can optionally add metadata to the Instance. Enter a Name for your instance and click Next: Configure Security Group.
  12. On Step 6: Configure Security Group, you can configure the firewall that filters network access to the instance. Since we want to run the HTTP service, we need to add the port that this service uses (port 80) to the security group.
  13. Confirm that Assign a security group is selected.
  14. Optionally, set a custom Security group name.
  15. Optionally, set a custom Description.
  16. Click Add Rule and set the Type to HTTP.
    Configure Security Group
  17. Click Review and Launch.
  18. On Step 7: Review Instance Launch, you may see a security warning that your instance is open to the world. This is because we didn’t restrict the source IP range on the RDP rule. If this were a production instance instead of a training instance, the source range for RDP should be restricted. Review the details and click Launch.
    Review Instance Launch
  19. In the Key Pair Dialog Box, choose Select an existing key pair and check the acknowledgement box. If you no longer have access to this key pair, create a new key pair and download the new key pair.
    Select an existing key pair
  20. Click Launch Instances.
  21. From the Launch Status page, you View the launch log, Create Billing alerts and access other helpful resources. Billing alerts are useful to warn that you have exceeded the free usage tier. Click View Instances.
    Launch Status

Retrieve Public DNS Name

  1. From the EC2:Instances:Instances screen, select your instance. Copy the Public DNS name.

OSX/Linux: Connect using RDP

  1. Click Connect.
  2. Connect
    On the Connect To Your Instance screen, click Download Remote Desktop File.
    Connect To Your Instance

  3. Save the RDP file
  4. Save RDP file
    Save RDP File Location

  5. Click Get Password
  6. Connect To Your Instance

  7. On the Get Password screen, for Key Pair path, click Choose File.
  8. Get Password

  9. Select the Key Pair that was used to create this instance.
  10. Key Pair Path

  11. Click Decrypt Password.
  12. Get Password With Key Pair

  13. Copy the Password to the clipboard.
  14. Connect To Your Instance With Password

  15. Open the RDP file that you saved earlier.
  16. Open RDP File
    Remote Desktop Connection

  17. While connecting, the Remote Desktop Client will ask for credentials. Confirm that User name is Administrator, paste the password that you copied earlier, and click OK.
  18. 06b-zlab-93

  19. Click Connect to ignore the certificate warning.
  20. Certificate Warning

  21. Your Windows Remote Desktop connection should look similar to the following:
  22. Windows Connection

    Manage Apache

  23. Open Server Manager.
  24. Open Server Manager

  25. Confirm that IIS is installed.
  26. Confirm IIS

  27. If you don’t see the expected results, you can troubleshoot the commands that you provided in User data by inspecting the C:\Program Files\Amazon\Ec2ConfigService\Logs\Ec2ConfigLog.txt file. If you made mistakes in the User data, you can either launch a new instance with corrected user data, or just repair the current instance by running the commands again.
  28. Enter the Public-DNS-Name of your instance in your browser. Confirm that the IIS test page loads.
    IIS Test Page

Manage Windows

For the most part, you can manage an EC2 instance as you would any other Linux host. For example, you can install additional applications.

  1. Run the following commands to install …


Access EC2 Metadata

You can access information about a running instance from inside the instance. For more information on this topic, refer to

  1. Open Powershell
  2. PowerShell

  3. Run the following commands to retrieve the instance ID, local hostname, local IP, public hostname, and public IP.
  4. Instance Metadata
    Note that Amazon instances have separate internal and external IP addresses. Instances also have separate internal and external hostnames. When connecting to instances from the Internet, be sure you are using the external hostname and IP address.

Access EC2 Metadata via the Web Page

You may find it more useful to access the EC2 Metadata via a web page running on the instance. I add a page like this to all of my web servers. It’s invaluable in setting up and diagnosing load balanced web servers — we will do this in a later guide.

  1. Use your favorite text editor to create a new web page at C:\inetpub\wwwroot\default.asp that contains the following. This new ASP page will override the IIS Test Page.
  2. <html>
    url = ""
    set XmlObj = Server.CreateObject("Microsoft.XMLHTTP") "POST", url & "instance-id", false
    instance_id = XmlObj.responseText "POST", url & "local-hostname", false
    local_hostname = XmlObj.responseText "POST", url & "local-ipv4", false
    local_ipv4 = XmlObj.responseText "POST", url & "public-hostname", false
    public_hostname = XmlObj.responseText "POST", url & "public-ipv4", false
    public_ipv4 = XmlObj.responseText
    Response.write("<b>instance-id:</b> " & instance_id & "<br>")
    Response.write("<b>local-hostname:</b> " & local_hostname & "<br>")
    Response.write("<b>local-ipv4:</b> " & local_ipv4 & "<br>")
    Response.write("<b>public-hostname:</b> " & public_hostname & "<br>")
    Response.write("<b>public-ipv4:</b> " & public_ipv4 & "<br>")
  3. Set permissions on C:\inetpub\wwwroot\default.asp to grant the user IUSR both Read & Execute and Read permissions.
  4. default.aspx Permissions

  5. Reload the Public-DNS-Name of your instance in your browser.
  6. Instance Metadata ASP Page


Congratulations! You have successfully created an Amazon EC2 Windows instance. You may find the following additional resources helpful:

Continue to the next lab guide:

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.