What is the best procedure for setting up a password or other credentials to work with throw away EC2 instances that are generated from AMIs

Question

We have a number of AMIs that are used to create temporary Windows EC2 instances accessed via RDP in order to test our different versions of our products in different environments. Currently each AMI creates an EC2 instance and the password is the same for all of them always. It has been like this for many years now.

This feels wrong. It is not really much of a password policy even if the instances are temporary i.e. regularly have different IP addresses as they are stopped or terminated after use.

Is there a better approach so that it is straight forward to setup and either change password or have some other mechanism for accessing the EC2 instances?

UPDATE: I should add that this is used by our support agents who quickly fire up an instance so this needs to be relatively straight forward and an automated approach.

Answer

Hi,

Yes, there is a better solution: you can have an automatically generated WIndows admin password and retrieve it via CLI

For that  `get-password-data` command use https://docs.aws.amazon.com/cli/latest/reference/ec2/get-password-data.html.

See examples at bottom of page.

Any other language SDK can also do it via https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html

Best,

Didier

Answer

Hello.

You can change the password to any password you like by running the following command with the user data when starting EC2.  
```

net user Administrator "New Password"

```

Alternatively, if you use Sysprep on the Windows OS to shut down when creating an AMI, you can change the initial password for Administrator each time.  
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch-v2-settings.html  
![a](/media/postImages/original/IMwQe1Ax5aSOSyz1j_IT9J_Q)

What is the best procedure for setting up a password or other credentials to work with throw away EC2 instances that are generated from AMIs

관련 콘텐츠