Many misconceptions surround AWS in the IT community. IT pros think that AWS is a developer technology or that only VMs that run Linux can run on the service. It doesn't help that many AWS-specific terms can be confusing. What, for example, is Elastic Block Storage (EBS)? Fortunately, getting an AWS account and a Windows Server VM running on the service is straightforward and inexpensive. In this article, I'll go through the steps to create such a VM and connect to it via Microsoft Remote Desktop Protocol (RDP).
Sign Up, Sign In
The first thing you'll need is an AWS account. If you already have an Amazon.com account, you're practically there. Head over to aws.amazon.com and click the Sign Up Now button on the right side of the page. (If you don't already have an Amazon.com account, you can create one here.) Sign in with your Amazon.com email address and password, then complete the remaining AWS sign-up steps.
After you've signed up and signed in, you're presented with a rather stark dashboard, as Figure 1 shows. The top tabs show the various services that AWS offers. Take some time and explore them all. Some have an additional Sign Up button that you can click if you want to enable that particular AWS service for use. There's no harm in enabling access to all these services: With AWS, you pay only for the resources that you're actually using.
After you're familiar with the dashboard offerings, click the EC2 tab. This is where you'll create and work with your Windows Server VMs.
Create an Instance
To get your Windows Server VM going, click the Launch Instance button. This action brings up the Request Instances Wizard, in which you can select an Amazon Machine Image (AMI) to run. AMIs come from a variety of sources, including the AWS community and Amazon itself. You'll use the Microsoft Windows Server 2008 R2 Base AMI that's presented in the Quick Start tab, as Figure 2 shows. (Unfortunately, no Windows AMIs currently qualify for the AWS free usage tier, which specifies the use of Linux. Still, for a quick test of the service, you'll be paying literally a few cents. Click the link for more information about AWS pricing.)
After you select the AMI image, the next screen of the wizard prompts you for details about the Elastic Compute Cloud (EC2) instance that you want to create. As Figure 3 shows, you need only one instance; the Availability Zone doesn't matter in this situation. I selected a large instance type to up the available RAM from 613MB to 7.5GB and add an additional CPU core.
On this screen, you'll supply more details about the instance that you want. Here, you run into some of that confusing terminology. You don't need to select a particular Kernel ID or RAM Disk ID, but what are Termination Protection and Shutdown Behavior? In AWS parlance, when you select Shut Down from the Windows Start Menu, the EC2 instance can be either stopped or terminated. It might be better to think of these options as "dormant" or "destroyed." You can restart a stopped instance, at will. A terminated instance is destroyed and cannot be restarted, hence the Termination Protection check box for those who choose Terminate as a shutdown behavior. I want my instance to stop only when I select Shut Down, so I'm leaving the Shutdown Behavior default set to Stop.
The next screen allows for user-specified key-value pairs, to ease management. You don't need to define any of these, so simply move on.
On the following screen, you need to create a key pair to gain access to the EC2 instance. (The AMI that you selected has a default Administrator password. Of course, you don't know that password; if it was merely a default that anyone who used AWS knew, an attacker could connect to your newly launched EC2 instance before you could. So, you'll create a key pair that can be used to gain access to the Administrator password.) Type a name for your key pair, then click Create and Download Keypair. Save the resulting .pem file somewhere that's easy for you to access. The wizard automatically moves on to the next screen, which Figure 4 shows.
You now configure the firewall settings that are needed to gain access to whichever services you intend to run on the EC2 instance. Fortunately, the wizard offers to create a security group, called quick-start-1, that allows access from any IP address to RDP port 3389. This is exactly what you want for now, so click Continue to move on.
As Figure 5 shows, the final screen presents a summary, to which you can make changes if needed. If everything is copasetic, click Launch. A message appears, stating that the instance is now launching and providing a link to view it on the Instances page. Click the link, and you'll see something similar to Figure 6. When the status of the instance is listed as running and displays a green orb, you're ready to connect via RDP. First, however, you need to obtain the IP address of the EC2 instance, and grab the Administrator password, by using the key pair that we created earlier.
Get the IP address first. Select the check box to select the running instance, then scroll down in the lower window pane until you see the Public DNS field. This field contains the hostname that will resolve to the IP address that's currently assigned to your EC2 instance. Make a note of this address.
Now for the Administrator password. Click the Instance Actions drop-down arrow to view the Instance Management menu, which Figure 7 shows. Select Get Windows Admin Password. A window appears with the encrypted password. Paste the text from the .pem file that you downloaded earlier into the Private Key box, and then click Decrypt Password. You're presented with the decrypted password and the public DNS name of the instance, as a reminder. Make a note of both pieces of information.
You can now use RDP to connect to your EC2 instance. This step is as easy as launching Remote Desktop Connection and entering the public DNS name in the Connect To box. Log on using the Administrator account and the decrypted password, and you'll be in familiar territory, as Figure 8 shows. Feel free to explore all you want -- it's a real Windows Server VM!
When you've finished, select Shut Down from the Start Menu. Now, take another look at the AWS dashboard. As Figure 9 shows, the instance status is now shown as stopped and displays a red orb. You can restart the instance by selecting its check box and clicking the Launch Instance button. One caveat: By default, the public DNS name of the instance doesn't survive across launches, so make sure that you note the new public DNS name when you relaunch the instance.
Finally, you'll terminate the instance. Why not just leave it in the stopped state? Billing for AMI disk storage continues if the instance isn't terminated. You don't want that for this tutorial, so select the instance, return to the Instance Management menu, and choose Terminate under Instance Actions. The status for the instance in the AWS dashboard changes to terminated, next to a red orb. Soon thereafter, the instance will disappear entirely from the dashboard.
Just the Beginning
This tutorial just scratches the surface of what you can do with Windows Server running as an EC2 instance on AWS. The possibilities include building your own AMIs, using a static IP address, and monitoring your instance so that you can be alerted if there are any problems. It's even possible, albeit with some configuration caveats, to run an Active Directory (AD) domain within EC2 instances. I encourage you not to fear the cloud -- wade deeper into the AWS pool and experiment.