Setting Up a Microsoft Server on AWS EC2: A Hybrid Approach

Introduction

This guide walks you through setting up a Microsoft Windows Server on AWS EC2 using AWS CloudShell for setup and the AWS Console for password retrieval. We'll use a t3.micro instance type, which is free-tier eligible.

Prerequisites

• An AWS account
• A Remote Desktop client for your operating system

Setup Process Using CloudShell

1. Access AWS CloudShell

1. Log into AWS Management Console
2. Click the CloudShell icon in the top navigation bar
3. Wait for the environment to initialize

2. Create a Key Pair

# Create key pair and save it
aws ec2 create-key-pair \
    --key-name windows-server-key \
    --query 'KeyMaterial' \
    --output text > windows-server-key.pem

# Set proper permissions
chmod 400 windows-server-key.pem

# IMPORTANT: Download the .pem file
# Click Actions -> Download File
# Enter: windows-server-key.pem
        

To Download your .pem file, you will be asked for a path to your file. If you are unsure of the path, enter PWD in the Cloudshell console and make note of the path. You will enter that in the input that is provided when you download the file plus your file name. For example, in my case my path was /home/cloud-user/windows-server-key.pem. When you Download this file, make sure to put it somewhere you will remember as you will need it for a future step.

3. Create a Security Group

# Create the security group
aws ec2 create-security-group \
    --group-name windows-server-sg \
    --description "Security group for Windows Server"

# Store the security group ID
SG_ID=$(aws ec2 describe-security-groups \
    --group-names windows-server-sg \
    --query 'SecurityGroups[0].GroupId' \
    --output text)

# Add RDP access (port 3389)
aws ec2 authorize-security-group-ingress \
    --group-id $SG_ID \
    --protocol tcp \
    --port 3389 \
    --cidr 0.0.0.0/0

# Add HTTP access
aws ec2 authorize-security-group-ingress \
    --group-id $SG_ID \
    --protocol tcp \
    --port 80 \
    --cidr 0.0.0.0/0

# Add HTTPS access
aws ec2 authorize-security-group-ingress \
    --group-id $SG_ID \
    --protocol tcp \
    --port 443 \
    --cidr 0.0.0.0/0        

4. Launch the EC2 Instance

To get the AMI image id, you will select the checkbox next to your running instance in the aws console.

Copy the AMI Image Id from the AWS Console and replace the --image-id ami with the once from your aws console.

# Launch the instance - Replace the ami id with yours.
INSTANCE_ID=$(aws ec2 run-instances \
    --image-id ami-xxxxxxxxxxx \
    --instance-type t3.micro \
    --key-name windows-server-key \
    --security-group-ids $SG_ID \
    --query 'Instances[0].InstanceId' \
    --output text)

echo "Instance ID: $INSTANCE_ID"

# Get the public IP
PUBLIC_IP=$(aws ec2 describe-instances \
    --instance-ids $INSTANCE_ID \
    --query 'Reservations[0].Instances[0].PublicIpAddress' \
    --output text)

echo "Public IP: $PUBLIC_IP"        

5. Get Windows Password (Using AWS Console)

• Wait 4-5 minutes for the instance to fully initialize
• Go to EC2 Dashboard in AWS Console
• Click "Instances" in the left sidebar
• Select your Windows instance
• Click the "Connect" button at the top
• Select the "RDP Client" tab
• Click "Get Password"
• Click "Browse" and select your downloaded .pem key file
• Click "Decrypt Password"

Save the following information:

• Public IP: (from CloudShell output)
• Username: Administrator
• Password: (decrypted from Console)

Connecting via Remote Desktop

Windows Users

1. Press Windows + R
2. Type "mstsc" and press Enter
3. Enter the Public IP
4. Click Connect
5. Enter Administrator credentials
6. Accept certificate warning

Mac Users

1. Install Microsoft Remote Desktop from Mac App Store
2. Open Microsoft Remote Desktop
3. Click "Add PC"
4. Enter the Public IP
5. Add credentials when prompted
6. Connect to the instance

Linux Users

1. Install Remmina RDP client
2. Create new RDP connection
3. Enter the Public IP
4. Enter Administrator credentials
5. Connect to the instance

Once you follow these steps, you will connect to your Windows Server Instance.

Once you have finished, you will want to make sure that you remove any running instances so as to not run up any AWS fees. Here are some usefull Cleanup commands.

Cleanup (Using CloudShell)

# Terminate the instance when done
aws ec2 terminate-instances --instance-ids $INSTANCE_ID

# Delete the security group (after instance termination)
aws ec2 delete-security-group --group-name windows-server-sg

# Delete the key pair if not needed
aws ec2 delete-key-pair --key-name windows-server-key

# Remove the local key file
rm windows-server-key.pem        

Important Security Note

This guide uses 0.0.0.0/0 in the security group to allow RDP access from any IP address. This is suitable for temporary test instances that will be terminated quickly after creation. For production environments, you should restrict RDP access to specific IP addresses.

I hope this helps you in your Windows server AWS EC2 creation. I wrote this to not only practice my AWS skills but to help those who want to move more into using the CloudShell environment instead of the console. I look forward to writing more articles on this subject as I grow in my AWS Cloud journey. I hope you follow me on this trek as well. Thank you.