Skip to content

Instantly share code, notes, and snippets.

@peterforgacs

peterforgacs/Windows10AWSEC2.md

Last active April 18, 2024 23:53
Show Gist options
  • Save peterforgacs/abebc777fcd6f4b67c07b2283cd31777 to your computer and use it in GitHub Desktop.
Save peterforgacs/abebc777fcd6f4b67c07b2283cd31777 to your computer and use it in GitHub Desktop.
Download ZIP
Running Windows 10 on AWS EC2
Raw
Windows10AWSEC2.md

Running Windows 10 on AWS EC2

Downloading the image

Download the windows image you want.

AWS vmimport supported versions: Microsoft Windows 10 (Professional, Enterprise, Education) (US English) (64-bit only)

So Home wont work.

You can download the trial Enterprise trial here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise

Creating the virtual machine

  • Use virtualbox to create a new virtual machine, make sure that it uses the VHD format (The OS is 20 gigabyte).
  • Install the Windows 10 image onto it.
  • Make sure to set a username password on the administrator account otherwise cannot connect trough remote desktop.
  • Install teamviewer on the virtual machine grant easy access to yourself and check extras->options
    • General -> Network Settings: Accept Incoming Lan Connections
    • Security -> Windows logon: Allowed for all users
  • Start -> Allow remote access to your computer
    • Allow remote connections to this computer
  • Install ec2 configure service http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_Install.html
  • Restart the virtual machine.
  • Wait for windows 10 updates to install.
  • Exit the virtual machine.

Install and configure awscli

sudo apt install awscli
aws configure

http://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html During configure you can add your:

AWS access key. AWS secret access key. Default region.

If you set a default region you dont have to specify the region parameter in the following commands. Note that P2 instances are only avalible in the US.

Create an S3 bucket

The bucketname must be unique.

aws s3 mb s3://peterforgacs --region eu-central-1

Upload image to s3

Move to the folder you store the virtual machine file and upload the virtual image to the s3 bucket.

cd myvmfolder
aws s3 cp codexaws.vhd s3://peterforgacs --region eu-central-1

Configuration files

Create a trust policy in the file trust-policy.json

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}

Create a vmimport role and add vim import/export access to it.

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

Create a file named role-policy.json replace the !!REPLACEME!! to the bucketname you are using.

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!"
         ]
      },
      {
         "Effect": "Allow",
         "Action": [
            "s3:GetObject"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!/*"
         ]
      },
      {
         "Effect": "Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource": "*"
      }
   ]
}

Add the policy to the vmimport role.

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Create a configuration file on your computer called containers.json. Replace bucketname and myimage.vhd with your bucket and image name.

[{ "Description": "Windows 10 Base Install", "Format": "vhd", "UserBucket": { "S3Bucket": "peterforgacs", "S3Key": "codexaws.vhd" } }]

Create EC2 AMI from S3 VHD image

aws ec2 import-image --description "Windows 10" --disk-containers file://containers.json --region eu-central-1

This may take a while you can check on the status of the import.

aws ec2 describe-import-image-tasks --region eu-central-1

When the import status is completed you can head to the EC2 console and select the correct region.

Create EC2 instance from AMI

Images -> AMI -> Right click -> Launch

  • Instance type: g2 (You might have to ask the support for an increase in the g2 limit).
  • Security Group: Allow RDP, Teamviewer ports.

Instances -> Launch

Running the instance

Instances -> Right click -> Connect

You download the remote desktop file.

Launch that file with the username and password you set on the original instance.

In the form: .\Username pass

Post Install

Reassign teamviewer to the your teamviewer. Download nvidia experience and install a driver.

@ZetaMoons
Copy link

Is this possible on G4 instances?

Hi @ZetaMoons. Yes, it should be. Minimally, you can establish it on a g2 or g3 (if g2 remains a thing) and then change the instance type later from the AWS EC2 console. Regardless, using a G- instance, you need to install the NVIDIA graphics driver to enable the NVIDIA GRID card - please see here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html

I can't think of any other issue regarding the instance type.

Thanks for your answer. I already have a G4 instance running so I'd like to know if it's possible for me to use the disk on the new instance? I'm not too familiar with AWS and it seems a lot more complicated than Azure

@Shilvi33
Copy link

My ami thing is stuck at 39, how long does it take its been 4 hours

@asaushkin
Copy link

My ami thing is stuck at 39, how long does it take its been 4 hours

The same - was stuck at 39 first

        {
            "Architecture": "x86_64",
            "Description": "Windows 10",
            "ImportTaskId": "import-ami-074bdb1e75afa31e1",
            "LicenseType": "BYOL",
            "Platform": "Windows",
            "Progress": "39",
            "SnapshotDetails": [
                {
                    "Description": "Windows 10 Base Install",
                    "DeviceName": "/dev/sda1",
                    "DiskImageSize": 11633748992.0,
                    "Format": "VHD",
                    "Status": "completed",
                    "UserBucket": {
                        "S3Bucket": "ami-artifacts-664100854551",
                        "S3Key": "win10.vhd"
                    }
                }
            ],
            "Status": "active",
            "StatusMessage": "booting",
            "Tags": [],
            "BootMode": "legacy_bios"
        },

and then boot failure error

        {
            "Architecture": "x86_64",
            "Description": "Windows 10",
            "ImportTaskId": "import-ami-01fff93bebe3fac61",
            "LicenseType": "BYOL",
            "Platform": "Windows",
            "SnapshotDetails": [
                {
                    "Description": "Windows 10 Base Install",
                    "DeviceName": "/dev/sda1",
                    "DiskImageSize": 11633748992.0,
                    "Format": "VHD",
                    "Status": "completed",
                    "UserBucket": {
                        "S3Bucket": "ami-artifacts-664100854551",
                        "S3Key": "win10.vhd"
                    }
                }
            ],
            "Status": "deleted",
            "StatusMessage": "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity.",
            "Tags": [],
            "BootMode": "legacy_bios"
        }

the only thing that I think - I've created the AWS account right before the importing, might be it was not initialized properly still... :(

@aaron-spooky
Copy link

aaron-spooky commented Mar 21, 2024
edited

Any resolution to the "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity."? I've tried seemingly everything, including completely disabling Windows defender, the Windows Firewall, enabling the Administrator user, using an Enterprise Windows 10 license, installing Amazon EC2Launch v2, for Windows 10, and I keep getting this error. When I run checker.ps1, found here, everything works as expected, yet I still get this error. Any ideas? Maybe I need to run EC2Launch v1 instead of v2? I don't know. At this point I'm out of ideas.

Here's my latest output

{
    "Architecture": "x86_64",
    "Description": "Windows-10-vhd",
    "ImportTaskId": "import-ami-XXXX",
    "LicenseType": "BYOL",
    "Platform": "Windows",
    "SnapshotDetails": [
        {
            "Description": "Windows 10 Base Install",
            "DeviceName": "/dev/sda1",
            "DiskImageSize": 22019262976.0,
            "Format": "VHD",
            "Status": "completed",
            "UserBucket": {
                "S3Bucket": "vm-uploads-XXX",
                "S3Key": "windows-10-aws.vhd"
            }
        }
    ],
    "Status": "deleted",
    "StatusMessage": "FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity.",
    "Tags": [],
    "BootMode": "legacy_bios"
}

checker.ps1 output:

PS C:\Users\Administrator\Downloads> powershell -executionpolicy bypass -file .\checker.ps1
3/21/2024 12:21:38 PM
Test Results
**************************************************************************

Result    Test                                                         Result Value
------    ----                                                         ------------
[SUCCESS] Supported Windows Operating System                                   True
[SUCCESS] Supported Edition/Type of Operating System                           True
[SUCCESS] OS System language is en-US                                          True
[SUCCESS] Powershell Version                                                    v 5
[SUCCESS] Administrator Account Enabled                                        True
[SUCCESS] Administrator Account Not Locked                                     True
[SUCCESS] Administrator Account Has Password                                   True
[SUCCESS] Autologon Disabled                                                   True
[SUCCESS] Single Network Interface                        1 active network adapters
[ INFO  ] IPv6 Enabled on Network Interface                                    True
[SUCCESS] More than 6GB Free Space on C: Drive                             12.14 GB
[SUCCESS] Maximum of 21 disks attached                                            1
[SUCCESS] Boot Volume is Dynamic Disk                                         False
[WARNING] Only Local Disks Attached                                           False
[SUCCESS] .NET Framework version                                               True
[SUCCESS] Attached disks smaller than 8TB                                      True
[SUCCESS] MBR boot volume or GPT smaller or equal to 2 TB                      True
[SUCCESS] Pending Windows/Software Update/Installation                        False
[SUCCESS] Hotfixes installed - KB2800213 & KB2922223                           True
[SUCCESS] Multiple Bootable Partitions                                            1
[SUCCESS] Windows Path Statement                                               True
[SUCCESS] PV Drivers Installation                                             False
[SUCCESS] Third Party storage filter drivers                                  False
[SUCCESS] Third Party network filter drivers                                  False
[SUCCESS] DHCP Service Enabled                                                 True
[WARNING] System Managed Page file                                             True
[SUCCESS] EMS/SAC is enabled                                                  False



FAIL/WARNING/INFO Details
**************************************************************************
** [ INFO  ]: IPv6 Enabled on Network Interface - True **

You currently have IPv6 Enabled on your network interface. VM Import assigns only IPv4 addresses to your instances. You can add IPv6 addresses.

** [WARNING]: Only Local Disks Attached - False **

Please note that any attached Removable, Network or CD/ISO Drives might be unavailable after Import

** [WARNING]: System Managed Page file - True **

If Windows is configured to use the "Automatically manage paging file size for all drives", it might create 16 GB pagefile.sys files on the C drive.

OS Details
**************************************************************************

OS    Product   Architecture Caption                         Service Pack Language Code Edition
--    -------   ------------ -------                         ------------ ------------- -------
Win10 Client OS 64-bit       Microsoft Windows 10 Enterprise            0          1033       4



Storage Details
**************************************************************************

Attached Drive types:

Drive Type
----- ----
C:    Local Disk
D:    Compact Disc



List of Partitions:

Index Name                  BootPartition PrimaryPartition Type                           Size NumberofBlocks
----- ----                  ------------- ---------------- ----                           ---- --------------
    0 Disk #0, Partition #0          True             True Installable File System    52428800         102400
    1 Disk #0, Partition #1         False             True Installable File System 42337870848       82691154
    2 Disk #0, Partition #2         False             True Unknown                   555745280        1085440



Installed .NET Framework versions
**************************************************************************

Name   Version   Release
----   -------   -------
Client 4.8.04084  528372
Full   4.8.04084  528372
Client 4.0.0.0



Overall Checker Status
**************************************************************************
PASS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment