Running Windows 10 on AWS EC2

Windows10AWSEC2.md

Running Windows 10 on AWS EC2

Downloading the image

Download the windows image you want.

AWS vmimport supported versions: Microsoft Windows 10 (Professional, Enterprise, Education) (US English) (64-bit only)

So Home wont work.

You can download the trial Enterprise trial here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise

Creating the virtual machine

• Use virtualbox to create a new virtual machine, make sure that it uses the VHD format (The OS is 20 gigabyte).
• Install the Windows 10 image onto it.
• Make sure to set a username password on the administrator account otherwise cannot connect trough remote desktop.
• Install teamviewer on the virtual machine grant easy access to yourself and check extras->options
  • General -> Network Settings: Accept Incoming Lan Connections
  • Security -> Windows logon: Allowed for all users
• Start -> Allow remote access to your computer
  • Allow remote connections to this computer
• Install ec2 configure service http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_Install.html
• Restart the virtual machine.
• Wait for windows 10 updates to install.
• Exit the virtual machine.

Install and configure awscli

sudo apt install awscli
aws configure

http://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html During configure you can add your:

AWS access key. AWS secret access key. Default region.

If you set a default region you dont have to specify the region parameter in the following commands. Note that P2 instances are only avalible in the US.

Create an S3 bucket

The bucketname must be unique.

aws s3 mb s3://peterforgacs --region eu-central-1

Upload image to s3

Move to the folder you store the virtual machine file and upload the virtual image to the s3 bucket.

cd myvmfolder
aws s3 cp codexaws.vhd s3://peterforgacs --region eu-central-1

Configuration files

Create a trust policy in the file trust-policy.json

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}

Create a vmimport role and add vim import/export access to it.

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

Create a file named role-policy.json replace the !!REPLACEME!! to the bucketname you are using.

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!"
         ]
      },
      {
         "Effect": "Allow",
         "Action": [
            "s3:GetObject"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!/*"
         ]
      },
      {
         "Effect": "Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource": "*"
      }
   ]
}

Add the policy to the vmimport role.

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Create a configuration file on your computer called containers.json. Replace bucketname and myimage.vhd with your bucket and image name.

[{ "Description": "Windows 10 Base Install", "Format": "vhd", "UserBucket": { "S3Bucket": "peterforgacs", "S3Key": "codexaws.vhd" } }]

Create EC2 AMI from S3 VHD image

aws ec2 import-image --description "Windows 10" --disk-containers file://containers.json --region eu-central-1

This may take a while you can check on the status of the import.

aws ec2 describe-import-image-tasks --region eu-central-1

When the import status is completed you can head to the EC2 console and select the correct region.

Create EC2 instance from AMI

Images -> AMI -> Right click -> Launch

• Instance type: g2 (You might have to ask the support for an increase in the g2 limit).
• Security Group: Allow RDP, Teamviewer ports.

Instances -> Launch

Running the instance

Instances -> Right click -> Connect

You download the remote desktop file.

Launch that file with the username and password you set on the original instance.

In the form: .\Username pass

Post Install

Reassign teamviewer to the your teamviewer. Download nvidia experience and install a driver.

This works great. Thanks for the step-by-step. As implied at the top Windows 10 Home will not work.

Anyone figure out how to get higher resolution out of the Windows Basic Display Driver? I am stuck at 1280x1024.

First of all, thank you.

The AMI doesn't seem to be compatible to run with the new generation T3 instances. There seems to be a problem with trying to install the Elastic Network Adapter (ENA) which might might not be supported for Window 10 AMI's?

Has anyone been able to get the Windows 10 AMI to work with t3/g3 instances?

Thanks! looks very simple to follow.
Any idea what about the licensing?

Do i need to bring my license and activate? Will the license "survive" a reboot?

I cant seem to access my instance either through teamview, or from my Server instance that is on the same subnet. What cuases the ethernet adapter to be set up right?

First, I want to say thank you for sharing with us, but is it possible that someone upload a windows 10 pro image to a hosting site or if it's possible to create an image from an azure machine thanks

First of all, thank you.

The AMI doesn't seem to be compatible to run with the new generation T3 instances. There seems to be a problem with trying to install the Elastic Network Adapter (ENA) which might might not be supported for Window 10 AMI's?

Has anyone been able to get the Windows 10 AMI to work with t3/g3 instances?

try this to upgrade
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/migrating-latest-types.html#auto-upgrade

First, I want to say thank you for sharing with us, but is it possible that someone upload a windows 10 pro image to a hosting site or if it's possible to create an image from an azure machine thanks

@RaR1991 - You can export an image from azure as a VHD: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/download-vhd

Thanks for sharing,

What about the rules of the license in the cloud ? Does MS is okay to make us use a license on the cloud without software assurance ?

Thanks in advance

The way I read this page, Windows 10 isn't licensed to run in AWS unless you're doing it on "Dedicated Instances or Dedicated Hosts." Or so it appears.

Thank you for this guide. The instance monitoring reports everything OK but i cannot login to the instance RDP or Teamviewer. The instance can not be reached with nmap within the same subnet/vpc with an allow all protocols in or outbound security group or via an external elastic IP. The instance uses default DHCP to obtain the correct IP.

What settings could cause this behaviour?

Thank you very much for this informative guide. I wanted to add some additional information for using certain instance types. Many instance types require Elastic Network Adapter support, which requires installation of a driver on your image.

Details here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/enhanced-networking-ena.html

Likewise, if you plan to use a GPU-enabled instance, likely you want to install the NVIDIA graphics driver (as mentioned). There are different drivers available, depending on the Instance type.

Details here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html

Finally, I have not found it necessary to install TeamViewer to access the instance, instead using the "Connect" feature in EC2 instances to download and launch the Remote Desktop Protocol file to connect with the credentials specified in the image.

Again, thanks to everyone for the input.

Thank you - I can confirm this is working as of 10/7/2020 with no modifications needed. ENA is not required for all EC2 instance types so if you don't need to be picky with which type you need, you will be able to follow this guide exactly.

As mentioned previously, TeamViewer is not required, just downloading the RDP file and using Microsoft Remote Desktop (I'm even on a Mac) works perfectly fine.

I'm too noob to process this. Need a video {pulls hair}! Thanks a lot anyway!

please someone help me to get it workin in g4 instances? or say if it's possible? please

Thanks, I can also confirm this is working as of 06/04/2020 with no modifications. Also, I was able to enable ENA and launch the image correctly on an ENA-enabled instance type by following this instruction: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/enhanced-networking-ena.html. Basically you launch the image on a t2 first, follow the instruction to install ENA driver. Then you stop the instance, modify ec2 attribute to enable ena, and change instance type to the ENA-enabled instance type you need, and start the instance. Everything should work like a charm.

July 2021 - works fine! Thanks a lot !

what about nested virtualization? i think still need to run i3.metal

How much cost do we need to pay for Create windows 10 Instance on AWS EC2?

Ho,can someone upload somewhere a windows 10 vhd(unlicensed accepted) and share it with me? I don't have virtualization support,no Intel-VT or Amd-V and my friends have really slow connection to upload 10 gb+,so kindly share and i can enjoy win 10 on aws

used a microsoft account as admin user... after all the work now I cant login :(

It happened to me as well:-( Enable the local Windows Administrator account and set its password still in Vbox and check You can access RDP BEFORE You send it to Your S3 bucket...

The image import (after checking with "describe-import-image-tasks") always fails with "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity." :/ Any suggestions on this? I already tried to reupload the vhd file. Didn't help. Any suggestions?

Might be a basic question, but are you using enhanced networking? If so, this needs to be enabled specifically. This link might be helpful: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/enhanced-networking-ena.html

…

On Sat, Aug 13, 2022 at 7:04 PM Nick ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ The image import (after checking with "describe-import-image-tasks") always fails with "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity." :/ Any suggestions on this? I already tried to reupload the vhd file. Didn't help. Any suggestions? — Reply to this email directly, view it on GitHub <https://gist.github.com/abebc777fcd6f4b67c07b2283cd31777#gistcomment-4266193>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQ7ZF6LDZ6IZRZWKBAYZAFLVZASXBANCNFSM4JCMUMJA> . You are receiving this because you commented.Message ID: ***@***.***>

Might be a basic question, but are you using enhanced networking? If so, this needs to be enabled specifically.

Not yet. Following another tutorial it said that you can enable ENA in the running instance afterwards. But I don't have an instance to start yet, because the image import fails.

Is this possible on G4 instances?

Is this possible on G4 instances?

Hi @ZetaMoons. Yes, it should be. Minimally, you can establish it on a g2 or g3 (if g2 remains a thing) and then change the instance type later from the AWS EC2 console. Regardless, using a G- instance, you need to install the NVIDIA graphics driver to enable the NVIDIA GRID card - please see here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html

I can't think of any other issue regarding the instance type.

Is this possible on G4 instances?

Hi @ZetaMoons. Yes, it should be. Minimally, you can establish it on a g2 or g3 (if g2 remains a thing) and then change the instance type later from the AWS EC2 console. Regardless, using a G- instance, you need to install the NVIDIA graphics driver to enable the NVIDIA GRID card - please see here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html

I can't think of any other issue regarding the instance type.

Thanks for your answer. I already have a G4 instance running so I'd like to know if it's possible for me to use the disk on the new instance? I'm not too familiar with AWS and it seems a lot more complicated than Azure

My ami thing is stuck at 39, how long does it take its been 4 hours

My ami thing is stuck at 39, how long does it take its been 4 hours

The same - was stuck at 39 first

        {
            "Architecture": "x86_64",
            "Description": "Windows 10",
            "ImportTaskId": "import-ami-074bdb1e75afa31e1",
            "LicenseType": "BYOL",
            "Platform": "Windows",
            "Progress": "39",
            "SnapshotDetails": [
                {
                    "Description": "Windows 10 Base Install",
                    "DeviceName": "/dev/sda1",
                    "DiskImageSize": 11633748992.0,
                    "Format": "VHD",
                    "Status": "completed",
                    "UserBucket": {
                        "S3Bucket": "ami-artifacts-664100854551",
                        "S3Key": "win10.vhd"
                    }
                }
            ],
            "Status": "active",
            "StatusMessage": "booting",
            "Tags": [],
            "BootMode": "legacy_bios"
        },

and then boot failure error

        {
            "Architecture": "x86_64",
            "Description": "Windows 10",
            "ImportTaskId": "import-ami-01fff93bebe3fac61",
            "LicenseType": "BYOL",
            "Platform": "Windows",
            "SnapshotDetails": [
                {
                    "Description": "Windows 10 Base Install",
                    "DeviceName": "/dev/sda1",
                    "DiskImageSize": 11633748992.0,
                    "Format": "VHD",
                    "Status": "completed",
                    "UserBucket": {
                        "S3Bucket": "ami-artifacts-664100854551",
                        "S3Key": "win10.vhd"
                    }
                }
            ],
            "Status": "deleted",
            "StatusMessage": "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity.",
            "Tags": [],
            "BootMode": "legacy_bios"
        }

the only thing that I think - I've created the AWS account right before the importing, might be it was not initialized properly still... :(

Any resolution to the "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity."? I've tried seemingly everything, including completely disabling Windows defender, the Windows Firewall, enabling the Administrator user, using an Enterprise Windows 10 license, installing Amazon EC2Launch v2, for Windows 10, and I keep getting this error. When I run checker.ps1, found here, everything works as expected, yet I still get this error. Any ideas? Maybe I need to run EC2Launch v1 instead of v2? I don't know. At this point I'm out of ideas.

Here's my latest output

{
    "Architecture": "x86_64",
    "Description": "Windows-10-vhd",
    "ImportTaskId": "import-ami-XXXX",
    "LicenseType": "BYOL",
    "Platform": "Windows",
    "SnapshotDetails": [
        {
            "Description": "Windows 10 Base Install",
            "DeviceName": "/dev/sda1",
            "DiskImageSize": 22019262976.0,
            "Format": "VHD",
            "Status": "completed",
            "UserBucket": {
                "S3Bucket": "vm-uploads-XXX",
                "S3Key": "windows-10-aws.vhd"
            }
        }
    ],
    "Status": "deleted",
    "StatusMessage": "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity.",
    "Tags": [],
    "BootMode": "legacy_bios"
}

checker.ps1 output:

PS C:\Users\Administrator\Downloads> powershell -executionpolicy bypass -file .\checker.ps1
3/21/2024 12:21:38 PM
Test Results
**************************************************************************

Result    Test                                                         Result Value
------    ----                                                         ------------
[SUCCESS] Supported Windows Operating System                                   True
[SUCCESS] Supported Edition/Type of Operating System                           True
[SUCCESS] OS System language is en-US                                          True
[SUCCESS] Powershell Version                                                    v 5
[SUCCESS] Administrator Account Enabled                                        True
[SUCCESS] Administrator Account Not Locked                                     True
[SUCCESS] Administrator Account Has Password                                   True
[SUCCESS] Autologon Disabled                                                   True
[SUCCESS] Single Network Interface                        1 active network adapters
[ INFO  ] IPv6 Enabled on Network Interface                                    True
[SUCCESS] More than 6GB Free Space on C: Drive                             12.14 GB
[SUCCESS] Maximum of 21 disks attached                                            1
[SUCCESS] Boot Volume is Dynamic Disk                                         False
[WARNING] Only Local Disks Attached                                           False
[SUCCESS] .NET Framework version                                               True
[SUCCESS] Attached disks smaller than 8TB                                      True
[SUCCESS] MBR boot volume or GPT smaller or equal to 2 TB                      True
[SUCCESS] Pending Windows/Software Update/Installation                        False
[SUCCESS] Hotfixes installed - KB2800213 & KB2922223                           True
[SUCCESS] Multiple Bootable Partitions                                            1
[SUCCESS] Windows Path Statement                                               True
[SUCCESS] PV Drivers Installation                                             False
[SUCCESS] Third Party storage filter drivers                                  False
[SUCCESS] Third Party network filter drivers                                  False
[SUCCESS] DHCP Service Enabled                                                 True
[WARNING] System Managed Page file                                             True
[SUCCESS] EMS/SAC is enabled                                                  False



FAIL/WARNING/INFO Details
**************************************************************************
** [ INFO  ]: IPv6 Enabled on Network Interface - True **

You currently have IPv6 Enabled on your network interface. VM Import assigns only IPv4 addresses to your instances. You can add IPv6 addresses.

** [WARNING]: Only Local Disks Attached - False **

Please note that any attached Removable, Network or CD/ISO Drives might be unavailable after Import

** [WARNING]: System Managed Page file - True **

If Windows is configured to use the "Automatically manage paging file size for all drives", it might create 16 GB pagefile.sys files on the C drive.

OS Details
**************************************************************************

OS    Product   Architecture Caption                         Service Pack Language Code Edition
--    -------   ------------ -------                         ------------ ------------- -------
Win10 Client OS 64-bit       Microsoft Windows 10 Enterprise            0          1033       4



Storage Details
**************************************************************************

Attached Drive types:

Drive Type
----- ----
C:    Local Disk
D:    Compact Disc



List of Partitions:

Index Name                  BootPartition PrimaryPartition Type                           Size NumberofBlocks
----- ----                  ------------- ---------------- ----                           ---- --------------
    0 Disk #0, Partition #0          True             True Installable File System    52428800         102400
    1 Disk #0, Partition #1         False             True Installable File System 42337870848       82691154
    2 Disk #0, Partition #2         False             True Unknown                   555745280        1085440



Installed .NET Framework versions
**************************************************************************

Name   Version   Release
----   -------   -------
Client 4.8.04084  528372
Full   4.8.04084  528372
Client 4.0.0.0



Overall Checker Status
**************************************************************************
PASS