In this quick guide, I will try to create a complete EC2 instance running Windows. It will be created without the need to use the AWS console, and all operations will be performed from the AWS CDK.
Table of Contents
What’s so special about this guide?
Most guides on creating EC2 virtual machines at some stage require going to the AWS console to, for example, retrieve the password to log in to the machine. This bothered me from the beginning, because I would like to have a scriptable option to create a specific virtual machine without having a need for making “click-ops”. As an answer to this problem, I’ve prepared a complete project in AWS CDK, which you can find here. An interesting function is reading the administrator password by a script after deploying resources and as a final step of deployment – generating an RDP (eng. Remote Desktop Protocol) file. At the end, all you need to do is issue the cdk deploy
command, open the generated RDP file and connect to the machine. For those interested, I leave a description of how it works below.
How it works?
As I’ve already mentioned, the project performs all the operations needed to run and connect to the EC2, such as:
- generating a key pair needed to decrypt the Windows administrator password,
- creation a VPC in which EC2 resides,
- creation a Security Group which is allowing access to the RDP server running on the instance,
- creation of EC2 itself,
- creation of an IAM Role associated with the instance.
The script waits for the EC2 instance to start, decodes the administrator’s password, then generates an RDP file enabling easy connection to the instance.
Creating a key pair for EC2
A key pair is used to prove your identity when you try to connect to the instance. We need it to decrypt administrator’s password which is then used to connect to the machine with RDP. Below is the boto3 method that I’ve used. Link to this part of the code is located here.
Creating of a VPC and Security Group which allows traffic to RDP server in EC2
VPC is a virtual network in which our virtual machine is located. We need to somehow allow traffic to this machine. For that I allowed outbound traffic to port 3389 on which RDP server is listening for new connections. I recommend to limit the incoming traffic to your IP or you company’s CIDR block. Link to this part of the code is located here.
Creating Windows EC2 with associated IAM Role
Using the CDK construct to create EC2, we do create our instance with a specific size and a what’s most important specified key pair. Link to this part of the code is located here.
Decrypting instance password
To decode the password needed to log in to the instance, we use the previously created key pair and then, using the boto3 library, we send a request to AWS to receive the encrypted password to our newly created EC2 instance. Then we decode the received password into the plain text. Link to this part of the code is located here.
Generating RDP file
To make it easy to connect to the machine, after deployment of resources, an RDP file is generated filled with details from AWS CloudFormation Outputs. Link to this part of the code is located here.
Demo
Before we start… Please be advised that purpose of this project is not for production usage.
Let’s clone the project (remember to look if all prerequisites from the REAMDE.md file are met):
git clone [email protected]:amswiatkowski/windows-ec2-cdk.git
Install all dependencies:
poetry shell
poetry install --sync
Login to AWS / AWS SSO:
aws sso login --profile your-profile
Run the deployment:
./deploy.sh --region us-east-1
Copy password from the console:
Open RDP file with your Remote Desktop Client and paste copied password:
After opening the generated RDP file and logging in to the administrator account with the copied password, we should see desktop of our Windows EC2. 😎
Cleaning:
./destroy.sh --region us-east-1
Summarize
Thank you for reaching out to that place. If you want to know more about AWS and the cloud, check the below posts:
- Building latency-based routing solution with Amazon Route 53
- Decrease cost and boost performance by moving to Graviton
- Autoscaling solution for Amazon ECS Cluster
- Converting infrastructure to AWS CloudFormation and AWS CDK