Skip to content

Instantly share code, notes, and snippets.

@atheiman

atheiman/User_Data.md

Last active March 21, 2024 21:15
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save atheiman/ecef955d9352f79c229cd22d56b22629 to your computer and use it in GitHub Desktop.
Save atheiman/ecef955d9352f79c229cd22d56b22629 to your computer and use it in GitHub Desktop.
Download ZIP
EC2 User Data examples for Windows and Linux
Raw
User_Data.md

EC2 User Data examples

Basic Windows local user with Administrator and RDP access

Add a local rdp user via user data at launch of a Windows EC2 instance. Note that this includes a password passed in thru both the user data and powershell command line and is a bad security practice because they can be viewed later. At a minimum, you should connect to the instance immediately after launch and change the password interactively. Also, delete the userdata from the instance after launch. More secure would be to connect the instance to a domain for authentication or use AWS native tooling to connect to the instance (e.g., AWS Session Manager).

<powershell>
# Be sure to set the username and password on these two lines. Of course this is not a good
# security practice to include a password at command line.
$User = "LocalRdpUser"
$Password = ConvertTo-SecureString "8Yfx6H@BKWx@H9GE#JUp" -AsPlainText -Force
New-LocalUser $User -Password $Password
Add-LocalGroupMember -Group "Remote Desktop Users" -Member $User
Add-LocalGroupMember -Group "Administrators" -Member $User
</powershell>

Basic Linux (tested on Amazon Linux 2023) local user with sudo access

#!/bin/bash

LOCAL_USER="localuser"
adduser "$LOCAL_USER"
echo "${LOCAL_USER}:localuserpassword" | chpasswd
mkdir -p /etc/sudoers.d
echo "${LOCAL_USER} ALL=(ALL) ALL" > "/etc/sudoers.d/${LOCAL_USER}"

Advanced Windows

<powershell>
echo "Start of user data output"
Set-PSDebug -Trace 1

# Create a file on boot to timestamp the instance launch
$file = $env:SystemRoot + "\Temp\FirstBoot_" + (Get-Date).ToString("yyyy-MM-dd-hh-mm")
New-Item $file -ItemType file

# Example to install Windows Server features (this would enable AD management from this server)
#Install-WindowsFeature -Name ADLDS,GPMC,RSAT-AD-PowerShell,RSAT-AD-AdminCenter,RSAT-ADDS-Tools,RSAT-DNS-Server

# Be sure to set the username and password on these two lines. Default password complexity requirement
# for Windows is 8 chars with lower + upper + number. Of course this is not a good security practice
# to include a password at command line.
$User = "LocalRdpUser"
$Password = ConvertTo-SecureString "G3n39*kd38xNj2Kd88!q" -AsPlainText -Force
New-LocalUser $User -Password $Password
Add-LocalGroupMember -Group "Remote Desktop Users" -Member $User
Add-LocalGroupMember -Group "Administrators" -Member $User

# signal to CloudFormation stack the EC2 instance is ready (make sure to set resource name)
#cfn-signal.exe --stack ${AWS::StackName} --success true --resource WindowsEc2 --region ${AWS::Region}
</powershell>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment