How do I create an AMI from a domain-joined EC2 Windows instance?

2 minute read

I want to create an Amazon Machine Image (AMI) from my domain-joined Amazon Elastic Compute Cloud (Amazon EC2) Windows instance. I want to use the AMI as a template to launch more instances.

Short description

Make sure that you properly prepare to create an AMI from a domain-joined EC2 Windows instance. If you don't, then you might get Remote Desktop Protocol (RDP) login failures, Active Directory authentication issues, and domain trust relationship errors. This can occur when you launch multiple instances from your AMI. Each instance keeps the same computer Security Identifier (SID) and hostname, and it causes conflicts in Active Directory.

To create a reusable AMI from a domain-joined instance, you must run System Preparation (Sysprep) to generalize the Windows installation before you create the AMI. Sysprep removes system-specific information and prepares the instance for deployment as a template. For more information, see Sysprep (System Preparation) Overview on the Microsoft website.

Resolution

Prerequisites: Before you create an AMI from a domain-joined instance, verify the following:

Make sure that you have the local administrator's password for the instance. If domain authentication becomes unavailable, then you need this password to access the instance.
Verify that your System Status Checks and Instance Status Checks pass in the Amazon EC2 console. This confirms that the underlying infrastructure correctly functions.
Confirm that you have the correct AWS Identity and Access Management (IAM) permissions to create AMIs and launch EC2 instances.

Create an AMI from a domain-joined instance

Complete the following steps:

Create an AMI from the original domain-joined instance.
Create a test security group with no outbound rules and inbound rules that allow RDP access.
Use the newly created AMI to launch a new instance with your newly created security group.
Use the local administrator account to connect to your instance.
Run Sysprep with EC2Config or EC2Launch v1 or v2.
Create a new AMI that you can distribute.
Note: When you launch an instance from a sysprepped AMI, the instance boots with a new hostname and computer identity.

Topics: Compute
Tags: Amazon EC2
Language: English

AWS OFFICIALUpdated 2 months ago

No comments

Relevant content

Fresh created Windows AMI contains Password from source image
Ognif
asked 2 years ago
Uable to connect to an EC2 instance created out of an AMI of another instance.
Accepted Answer
Scanstock
asked 2 years ago
EC2 Instance created from AMI in another Account is missing Internet connectivity
Accepted Answer
Vitor
asked 9 months ago
On a windows server ec2 instance launched from an ami, steamvr runs into critical error when started after autologon.
anishkumar
asked 3 years ago
What is the best procedure for setting up a password or other credentials to work with throw away EC2 instances that are generated from AMIs
zeiddev
asked 2 years ago
How do I create a custom AMI, launch an Amazon EC2 instance from a custom AMI, or troubleshoot AMI issues?
AWS OFFICIALUpdated 2 months ago
How do I launch an EC2 instance from a custom AMI?
AWS OFFICIALUpdated a year ago
How do I create an AMI that's based on my EBS-backed EC2 instance?
AWS OFFICIALUpdated 3 years ago
How do I use Sysprep to create and install custom reusable Windows AMIs?
AWS OFFICIALUpdated a year ago
Easily get started with Amazon EC2 Inferentia2 or Trainium1 instances with Hugging Face's Neuron DLAMI
EXPERT
Burtoft, Jim
published a year ago