Tutorial: Get started with Amazon EC2 Windows instances - Amazon Elastic Compute Cloud

Tutorial: Get started with Amazon EC2 Windows instances

Use this tutorial to get started with Amazon Elastic Compute Cloud (Amazon EC2). You'll learn how to launch, connect to, and use a Windows instance. An instance is a virtual server in the AWS Cloud. With Amazon EC2, you can set up and configure the operating system and applications that run on your instance.

When you sign up for AWS, you can get started with Amazon EC2 using the AWS Free Tier. If you created your AWS account less than 12 months ago, and have not already exceeded the Free Tier benefits for Amazon EC2, it won't cost you anything to complete this tutorial because we help you select options that are within the Free Tier benefits. Otherwise, you'll incur the standard Amazon EC2 usage fees from the time that you launch the instance until you terminate the instance (which is the final task of this tutorial), even if it remains idle.

Related tutorials

Overview

The instance launched in this tutorial is an Amazon EBS-backed instance (meaning that the root volume is an EBS volume). You can either specify the Availability Zone in which your instance runs, or let Amazon EC2 select an Availability Zone for you. Availability Zones are multiple, isolated locations within each AWS Region. You can think of an Availability Zone as an isolated data center.

When you launch your instance, you secure it by specifying a key pair (to prove your identity) and a security group (which acts as a virtual firewall to control ingoing and outgoing traffic). When you connect to your instance, you must provide the private key of the key pair that you specified when you launched your instance.


				An Amazon EBS-backed instance in a security group.

Prerequisites

Before you begin, be sure that you've completed the steps in Set up to use Amazon EC2.

Step 1: Launch an instance

You can launch a Windows instance using the AWS Management Console as described in the following procedure. This tutorial is intended to help you quickly launch your first instance, so it doesn't cover all possible options. For information about advanced options, see Launch an instance using the new launch instance wizard. For information about other ways to launch your instance, see Launch your instance.

To launch an instance
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. From the EC2 console dashboard, in the Launch instance box, choose Launch instance.

  3. Under Name and tags, for Name, enter a descriptive name for your instance.

  4. Under Application and OS Images (Amazon Machine Image), do the following:

    1. Choose Quick Start, and then choose Windows. This is the operating system (OS) for your instance.

    2. From Amazon Machine Image (AMI), select the AMI for Windows Server 2016 Base or later.. Notice that these AMIs are marked Free Tier eligible. An Amazon Machine Image (AMI) is a basic configuration that serves as a template for your instance.

      Note

      AL2023 is the successor to Amazon Linux 2. For more information, see Launching AL2023 using the Amazon EC2 console.

  5. Under Instance type, from the Instance type list, you can select the hardware configuration for your instance. Choose the t2.micro instance type, which is selected by default. The t2.micro instance type is eligible for the Free Tier. In Regions where t2.micro is unavailable, you can use a t3.micro instance under the Free Tier. For more information, see AWS Free Tier.

  6. Under Key pair (login), for Key pair name, choose the key pair that you created when getting set up. Note that you must select an RSA key. ED25519 keys are not supported for Windows instances.

    Warning

    Do not choose Proceed without a key pair (Not recommended). If you launch your instance without a key pair, then you can't connect to it.

  7. Next to Network settings, choose Edit. For Security group name, you'll see that the wizard created and selected a security group for you. You can use this security group, or alternatively you can select the security group that you created when getting set up using the following steps:

    1. Choose Select existing security group.

    2. From Common security groups, choose your security group from the list of existing security groups.

  8. Keep the default selections for the other configuration settings for your instance.

  9. Review a summary of your instance configuration in the Summary panel, and when you're ready, choose Launch instance.

  10. A confirmation page lets you know that your instance is launching. Choose View all instances to close the confirmation page and return to the console.

  11. On the Instances screen, you can view the status of the launch. It takes a short time for an instance to launch. When you launch an instance, its initial state is pending. After the instance starts, its state changes to running and it receives a public DNS name. If the Public IPv4 DNS column is hidden, choose the settings icon ( Settings icon. ) in the top-right corner, toggle on Public IPv4 DNS, and choose Confirm.

  12. It can take a few minutes for the instance to be ready for you to connect to it. Check that your instance has passed its status checks; you can view this information in the Status check column.

Step 2: Connect to your instance

To connect to a Windows instance, you must retrieve the initial administrator password and use this password when you connect to your instance using Remote Desktop. It takes a few minutes after instance launch before this password is available.

The default username for the Administrator account depends on the language of the operating system (OS) contained in the AMI. To ascertain the correct username, identify the language of your AMI's OS, and then choose the corresponding username. For example, for an English OS, the username is Administrator, for a French OS it's Administrateur, and for a Portuguese OS it's Administrador. If a language version of the OS does not have a username in the same language, choose the username Administrator (Other). For more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki.

If you've joined your instance to a domain, you can connect to your instance using domain credentials you've defined in AWS Directory Service. On the Remote Desktop login screen, instead of using the local computer name and the generated password, use the fully-qualified user name for the administrator (for example, corp.example.com\Admin), and the password for this account.

If you receive an error while attempting to connect to your instance, see Remote Desktop can't connect to the remote computer.

To connect to your Windows instance using an RDP client
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select the instance and then choose Connect.

  4. On the Connect to instance page, choose the RDP client tab.

  5. For Username, choose the default username for the Administrator account. The username you choose must match the language of the operating system (OS) contained in the AMI that you used to launch your instance. If there is no username in the same language as your OS, choose Administrator (Other).

  6. Choose Get password.

    
								Get password for RDP.
  7. On the Get Windows password page, do the following:

    1. Choose Upload private key file and navigate to the private key (.pem) file that you specified when you launched the instance. Select the file and choose Open to copy the entire contents of the file to this window.

    2. Choose Decrypt password. The Get Windows password page closes, and the default administrator password for the instance appears under Password, replacing the Get password link shown previously.

    3. Copy the password and save it in a safe place. This password is required to connect to the instance.

      
								Password location for RDP.
  8. Choose Download remote desktop file. Your browser prompts you to either open or save the RDP shortcut file. When you have finished downloading the file, choose Cancel to return to the Instances page.

    • If you opened the RDP file, you'll see the Remote Desktop Connection dialog box.

    • If you saved the RDP file, navigate to your downloads directory, and open the RDP file to display the dialog box.

  9. You might get a warning that the publisher of the remote connection is unknown. Choose Connect to continue to connect to your instance.

    
										Unknown publisher message.
  10. The administrator account is chosen by default. Paste the password that you copied previously, and then choose Continue.

    Tip

    If you receive a "Password Failed" error, try entering the password manually. Copying and pasting content can corrupt it.

  11. Due to the nature of self-signed certificates, you might get a warning that the security certificate could not be authenticated. Use the following steps to verify the identity of the remote computer. Alternatively, if you trust the certificate, choose Yes (Windows) or Continue (Mac OS X) to skip the following steps.

    
										"Identity cannot be verified" window.
    1. [Windows] Choose View certificate.

      [Mac OS X] Choose Show Certificate.

    2. [Windows] Choose the Details tab, and scroll down to Thumbprint.

      [Mac OS X] Expand Details, and scroll down to SHA1 Fingerprints.

      This is the unique identifier for the remote computer's security certificate.

    3. In the Amazon EC2 console, select the instance, and then choose Actions, Monitor and troubleshoot, Get system log.

    4. In the system log output, look for RDPCERTIFICATE-THUMBPRINT. If this value matches the thumbprint (Windows) or fingerprint (Mac OS X) of the certificate, you have verified the identity of the remote computer.

    5. [Windows] Return to the Certificate dialog box and choose OK.

      [Mac OS X computer] Return to the Verify Certificate dialog box and choose Continue.

    6. [Windows] Choose Yes in the Remote Desktop Connection window to connect to your instance.

      [Mac OS X] The process automatically commences connecting to your instance. Note that you might need to switch spaces to see the Windows instance screen. For more information, see See open windows and spaces in Mission Control on Mac.

Step 3: Track your Free Tier usage

You can use Amazon EC2 without incurring charges if you've been an AWS customer for less than 12 months and you stay within the Free Tier usage limits. It's important to track your Free Tier usage to avoid billing surprises. If you exceed the Free Tier limits, you'll incur standard pay-as-go charges.

Note

If you've been an AWS customer for more than 12 months, you're no longer eligible for Free Tier usage and you won't see the EC2 Free Tier box that is described in the following procedure.

To track your Free Tier usage
  1. In the navigation pane, choose EC2 Dashboard.

  2. Find the EC2 Free Tier box (at top right).

    
						The EC2 Free Tier box in the EC2 Dashboard.
  3. In the EC2 Free Tier box, check your Free Tier usage, as follows:

    • Under EC2 Free Tier offers in use, take note of the warnings:

      • End of month forecast – This warns that you will incur charges this month if you continue with your current usage pattern.

      • Exceeds Free Tier – This warns that you've exceeded your Free Tier limits and you're already incurring charges.

    • Under Offer usage (monthly), take note of your usage of Linux instances, Windows instances, and EBS storage. The percentage indicates how much of your Free Tier limits you've used this month. If you're at 100%, you will incur charges for further use.

      Note

      This information appears only after you've created an instance. However, usage information is not updated in real time; it's updated three times a day.

  4. To avoid incurring further charges, delete any resources that are either incurring charges now, or will incur charges if you exceed your Free Tier limit usage.

    • For the instructions to delete your instance, go to the next step in this tutorial.

    • To check if you have resources in other Regions that might be incurring charges, in the EC2 Free Tier box, choose View Global EC2 resources to open the EC2 Global View. For more information, see Amazon EC2 Global View.

  5. To view your resource usage for all AWS services under the AWS Free Tier, at the bottom of the EC2 Free Tier box, choose View all AWS Free Tier offers. For more information, see Using the AWS Free Tier in the AWS Billing User Guide.

Step 4: Clean up your instance

After you've finished with the instance that you created for this tutorial, you should clean up by terminating the instance. If you want to do more with this instance before you clean up, see Next steps.

Important

Terminating an instance effectively deletes it; you can't reconnect to an instance after you've terminated it.

If you launched an instance that is not within the AWS Free Tier, you'll stop incurring charges for that instance as soon as the instance status changes to shutting down or terminated. To keep your instance for later, but not incur charges, you can stop the instance now and then start it again later. For more information, see Stop and start your instance.

To terminate your instance
  1. In the navigation pane, choose Instances. In the list of instances, select the instance.

  2. Choose Instance state, Terminate instance.

  3. Choose Terminate when prompted for confirmation.

    Amazon EC2 shuts down and terminates your instance. After your instance is terminated, it remains visible on the console for a short while, and then the entry is automatically deleted. You cannot remove the terminated instance from the console display yourself.

Next steps

After you start your instance, you might want to try some of the following exercises: