How to create Windows EC2 with AWS CDK and Python

by Adam Świątkowski
4 mins read
Windows EC2 with AWS CDK and Python

In this quick guide, I will try to create a complete EC2 instance running Windows. It will be created without the need to use the AWS console, and all operations will be performed from the AWS CDK.

Windows EC2 with AWS CDK and Python
Windows EC2 with AWS CDK and Python

What’s so special about this guide?

Most guides on creating EC2 virtual machines at some stage require going to the AWS console to, for example, retrieve the password to log in to the machine. This bothered me from the beginning, because I would like to have a scriptable option to create a specific virtual machine without having a need for making “click-ops”. As an answer to this problem, I’ve prepared a complete project in AWS CDK, which you can find here. An interesting function is reading the administrator password by a script after deploying resources and as a final step of deployment – generating an RDP (eng. Remote Desktop Protocol) file. At the end, all you need to do is issue the cdk deploy command, open the generated RDP file and connect to the machine. For those interested, I leave a description of how it works below.

AWS CDK Logo
AWS Cloud Development Kit

How it works?

As I’ve already mentioned, the project performs all the operations needed to run and connect to the EC2, such as:

  • generating a key pair needed to decrypt the Windows administrator password,
  • creation a VPC in which EC2 resides,
  • creation a Security Group which is allowing access to the RDP server running on the instance,
  • creation of EC2 itself,
  • creation of an IAM Role associated with the instance.

The script waits for the EC2 instance to start, decodes the administrator’s password, then generates an RDP file enabling easy connection to the instance.

Creating a key pair for EC2

A key pair is used to prove your identity when you try to connect to the instance. We need it to decrypt administrator’s password which is then used to connect to the machine with RDP. Below is the boto3 method that I’ve used. Link to this part of the code is located here.

Generate key pair for EC2 with boto3
Generate key pair for EC2 with boto3

Creating of a VPC and Security Group which allows traffic to RDP server in EC2

VPC is a virtual network in which our virtual machine is located. We need to somehow allow traffic to this machine. For that I allowed outbound traffic to port 3389 on which RDP server is listening for new connections. I recommend to limit the incoming traffic to your IP or you company’s CIDR block. Link to this part of the code is located here.

Creating a VPC and Security Group for Windows EC2 instance with AWS CDK
Creating a VPC and Security Group for Windows EC2 instance with AWS CDK

Creating Windows EC2 with associated IAM Role

Using the CDK construct to create EC2, we do create our instance with a specific size and a what’s most important specified key pair. Link to this part of the code is located here.

Creating a key pair for AWS EC2 and instance with AWS CDK
Creating a key pair for AWS EC2 and instance with AWS CDK

Decrypting instance password

To decode the password needed to log in to the instance, we use the previously created key pair and then, using the boto3 library, we send a request to AWS to receive the encrypted password to our newly created EC2 instance. Then we decode the received password into the plain text. Link to this part of the code is located here.

Decrypting Windows EC2 password with boto3 and Python
Decrypting Windows EC2 password with boto3 and Python

Generating RDP file

To make it easy to connect to the machine, after deployment of resources, an RDP file is generated filled with details from AWS CloudFormation Outputs. Link to this part of the code is located here.

Generating RDP file for Windows EC2 machine
Generating RDP file for Windows EC2 machine

Demo

Before we start… Please be advised that purpose of this project is not for production usage.

Let’s clone the project (remember to look if all prerequisites from the REAMDE.md file are met):

git clone [email protected]:amswiatkowski/windows-ec2-cdk.git

Install all dependencies:

poetry shell
poetry install --sync

Login to AWS / AWS SSO:

aws sso login --profile your-profile

Run the deployment:

./deploy.sh --region us-east-1

Copy password from the console:

Finished cdk deploy and showing decrypted admin's password
Finished cdk deploy and showing decrypted admin’s password

Open RDP file with your Remote Desktop Client and paste copied password:

Opening .rdp file for Windows EC2 machine
Opening .rdp file for Windows EC2 machine

After opening the generated RDP file and logging in to the administrator account with the copied password, we should see desktop of our Windows EC2. 😎

Connecting to Windows EC2 with RDP
Connecting to Windows EC2 with RDP
Successful connection to Windows EC2 machine that was fully created with AWS CDK
Successful connection to Windows EC2 machine that was fully created with AWS CDK

Cleaning:

./destroy.sh --region us-east-1

Summarize

Thank you for reaching out to that place. If you want to know more about AWS and the cloud, check the below posts:

Related Articles

This website uses cookies to improve your experience. I'll assume you're ok with this, but you can opt-out if you wish. Read Privacy Policy. Accept