Amazon Elastic Compute Cloud
Microsoft Windows Guide (API Version 2012-04-01)
AWS Documentation » Amazon EC2 » Microsoft Windows Guide » Using Windows AMIs » Creating Your Own Windows AMI » Using EC2Config Service
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...

Using EC2Config Service

EC2Config service can perform various functions to prepare an instance when it first boots up. Each of these functions can be enabled or disabled from the settings before creating a new AMI. The new settings are applied to the instance that will be launched from the new AMI.

EC2Config settings can be enabled or disabled using either the EC2Config Service Properties user interface tool or by directly editing the XML files. Some advanced configuration settings are currently not available on the user interface tool. For advanced modifications use the XML files. The following procedures describe the user interface tool and the XML files.

[Important]Important

Be sure to select the Set Password and Enable SetPassword feature after sysprep check boxes unless you have included your own Administrator password in the Sysprep configuration file. Otherwise you won't be able to log in to the AMI.

We Sysprep all the Amazon base Windows AMIs before registering and making them available to the public. So, when you launch an Amazon Windows AMI, it has to go through the inital Sysprep cycle. Sysprep is a Microsoft tool that prepares an AMI for multiple launches. However, after you launch your instance and the instance configures itself, Sysprep should not run unless you manually invoke it.

You can manually invoke the Sysprep tool to prepare your instance to create a new Windows AMI. The process of customizing and preparing an instance for creating a new AMI is also called bundling. The following procedure describes steps to bundle your instance using the EC2 Service Properties user interface.

Using the EC2Config Service User Interface Tool

Topics

    To change the EC2Config settings on your Windows instance using the EC2Config tool

    1. Launch and connect to your Windows instance.

    2. Go to C:\Program Files\Amazon\EC2ConfigService and double-click the Ec2ConfigServiceSettings application.

    3. Your Windows instance displays the Ec2 Service Properties dialog box.

    4. Use the Ec2 Service Properties dialog box to enable or disable your settings. In the General Properties tab you can adjust the following settings:

      1. Set Computer NameEnabled by default, sets the hostname of the instance to a unique name based on the IP address of the instance and reboots once after booting. If you want to set your own hostname, or prevent your existing host name from being modified, you must disable this setting.

      2. Initialize DrivesInitializes and formats all uninitialized instance stores attached to the instance during startup. When an instance is launched, all instance stores that come with the instance are uninitialized. Enabled by default, this feature initializes and mounts the instance stores as drives D:/, E:/, etc. For more information on instance stores that come with Windows instances, see Amazon EC2 Instance Storage.

      3. Set PasswordSets a random password on the instance every time you launch an instance, encrypts it with the user launch key, and outputs the encrypted password to the console. This feature is disabled by default after the first launch so that any further reboots or restarts of this instance do not change the password set by the user. Select this check box to generate random passwords every time you launch this instance.

        [Caution]Caution

        Do not clear this check box unless you included a password for the Administrator account in the Sysprep configuration file. If you do not modify the Sysprep configuration file to include a password for the Administrator account, you must select this check box and the Enable SetPassword feature after sysprep check box to correctly generate a password for the AMI.

      4. Enable SetPassword feature after sysprepEnabled by default, sets a random password after you have used Sysprep feature to create an AMI from this instance.

        [Caution]Caution

        Do not clear this check box unless you included a password for the Administrator account in the Sysprep configuration file. If you do not modify the Sysprep configuration file to include a password for the Administrator account, you must select this check box and the Set Password check box to correctly generate a password for the AMI. In addition, if you do not include a password for the Administrator account in the Sysprep configuration file and you clear this check box, the AMI's password will be unknown and you will not be able to log in to the AMI.

      5. Event LogClick the empty check box to enable this setting to put eventlog entries on the console during boot for easy monitoring and debugging. Click Settings> in the EventLog box to specify filters for the log entries that will be sent to the console output. By default, the three most recent error entries from the System event log are sent to the console.

    5. Click the Bundle tab to open the Sysprep page.

    6. Click Run Sysprep and Shutdown Now to prepare your instance for creating a new AMI, click Apply and then click OK.

      By default, when an Amazon EBS volume is attached to an instance, it may show up as any drive letter on the instance. You can specify the drive letters of the mounted volumes by mapping the name of a volume to a drive letter.

    7. Click the Drive Mapping tab to specify your drive mapping.

      The Drive Letter Mapping setting is enabled by default. This means that the drives will be mapped to drive letters, but the system decides the mapping.

    8. To specify your own mapping, click Mappings.

      1. In the DriveLetterSetting dialog box, type in the name (disk label) of the volume.

      2. Click the drop-down arrow in the Drive Letter box and select the drive letter for the volume.

      3. Keep adding the volume names and the drive letters you want to map it with.

      4. Click OK to close the DriveLetterSetting dialog box.

    9. Click OK to close the Ec2 Service Properties dialog box.

    If you have specified your drive letter mapping, the settings will take effect immediately on volumes you attach after following this procedure. This setting will not change the drive letters on already mounted volumes. However, the setting will fail if the drive letter is already in use. We recommend that you pick drive letters from the end of the alphabet (Z, Y, X, and so on) to avoid this problem.

    Using EC2Config XML Files

    Topics

      By default, the EC2Config service is installed on all public Amazon AMIs. The binaries and additional tools needed to configure the new Windows AMI are contained in the %ProgramFiles%\Amazon\EC2ConfigService directory. You can modify the following configuration and settings files located in the directory.

      Config.xml File

      • Ec2SetPasswordGenerates a new random encrypted password every time you launch an instance. This feature is disabled by default after the first launch so that any further reboots or restarts of this instance do not change the password set by the user. Change this setting to Enabled to continue generating random passwords every time you launch an instance.

        This setting is important, if you are planning on creating an AMI from your instance. Before you configure this setting you have to decide whether you want the instances launched from the customized AMI to have random passwords generated.

      • Ec2SetComputerNameEnabled by default, sets the hostname of the instance to a unique name based on the IP address of the instance and reboots once after booting. If you want to set your own host name, or prevent your existing host name from being modified, you must disable this setting.

      • Ec2InitializeDrivesInitializes and formats all uninitialized instance stores attached to the instance during startup. When an instance is launched, all instance stores that come with the instance are uninitialized. Enabled by default, this feature initializes and mounts the instance stores as drives D:/, E:/, etc. For more information on the instance stores that come with Windows instances, go to Amazon EC2 Instance Storage.

      • Ec2EventLogPuts event log entries in the console based on the configuration of the eventlogconfig file. By default, the three most recent error entries from the system event log are sent to the console. To specify the event log entries to output to the console, edit the EventLogConfig.XML file located in Settings directory.

        For information on the settings in this file, go to the Microsoft MSDN website.

      • Ec2ConfigureRDPSets up a self-signed certificate on the instance, so users can securely access the instance using Remote Desktop. This feature is Disabled on Windows Server 2008 instances since Windows Server 2008 is able to generate its own certificates.

      • Ec2OutputRDPCertThis setting is Enabled by default and copies the Remote Desktop certificate information to the console, so the user can verify it against the thumbprint.

      • Ec2SetDriveLetterSets the drive letters of the mounted volumes based on the user defined settings. By default, when an Amazon EBS volume is attached to an instance, it may show up as any drive letter on the instance. To specify your drive letter mappings, edit the DriveLetterConfig.XML file located in the Settings directory.

      • Ec2WindowsActivateEnabling this setting causes Windows Server 2008 to attempt activation by searching through the DNS Suffix List for appropriate KMS Server entries. In Windows Server 2008 (not the later Windows Server R2 version), the plug-in performs this search manually. When the appropriate KMS server entries are found, the plug-in sets your activation server to the first server to respond to the request successfully. In Windows Server 2008 R2, the auto discovery method built into Windows Server is able to search the suffix list automatically.

        To modify the settings for the KMS servers, edit the ActivationSettings.XML file located in the Settings directory.

      • SetDnsSuffixListAdds entries to your DNS suffix search list to facilitate DNS lookups.

        [Note]Note

        This functionality is key to Windows Server 2008 activation. See the preceding list item for more information.

        This plug-in has the ability to make region-specific decisions about the suffix list based on the Availability Zone the instance has been launched in. The default settings have been configured to discover the KMS server in each region. To see the default settings or add settings specific to your requirements, open and edit the DnsSuffixSettings.XML file located in the Settings directory.

      The BundleConfig.xml file controls how the EC2Config service prepares an instance for bundling. This includes configuring Sysprep on the system, changing the state of the Ec2ConfigureRDP plug-in, and shutting down the instance for bundling.

      BundleConfig.XML

      • AutoSysprepChange the value to Yes if you want to use Sysprep.

      • SetRDPCertificateSets a self-signed certificate to the Remote Desktop server running on a Windows 2003 instance. This allows you to securely RDP into the instances. Change the value of this setting to Yes if you want the new instances to have the certificate.

        [Note]Note

        This setting is not used in Windows Server 2008, since Windows Server 2008 is able to generate its own certificates.

      • SetPasswordAfterSysprepSets a random password on the newly launched instances, encrypts it with the user launch key, and outputs the encrypted password on the console. Change the value of this setting to No if you do not want the new instances to set a random encrypted password.

      Document Conventions
      Terms of Use      		Did this page help you?  Yes  No   Tell us about it...