Amazon Elastic Compute Cloud User Guide For Windows Instances

User Manual:

Open the PDF directly: View PDF .
Page Count: 860

Download
Open PDF In Browser	View PDF

Amazon Elastic
Compute Cloud
User Guide for Windows Instances

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Amazon Elastic Compute Cloud: User Guide for Windows Instances
Copyright © 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any
manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other
trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to,
or sponsored by Amazon.

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Table of Contents
What Is Amazon EC2? .................................................................................................................. 1
Features of Amazon EC2 ....................................................................................................... 1
How to Get Started with Amazon EC2 ..................................................................................... 2
Related Services ................................................................................................................... 2
Accessing Amazon EC2 ......................................................................................................... 3
Pricing for Amazon EC2 ........................................................................................................ 3
PCI DSS Compliance ............................................................................................................ 4
Basic Infrastructure ............................................................................................................... 5
Amazon Machine Images and Instances ........................................................................... 5
Regions and Availability Zones ....................................................................................... 6
Storage ....................................................................................................................... 6
Root Device Volume ..................................................................................................... 8
Networking and Security ............................................................................................... 10
AWS Identity and Access Management .......................................................................... 10
Differences between Windows Server and an Amazon EC2 Windows Instance ...................... 10
Designing Your Applications to Run on Amazon EC2 Windows Instances ............................. 12
Setting Up .................................................................................................................................. 13
Sign Up for AWS ................................................................................................................ 13
Create an IAM User ............................................................................................................ 13
Create a Key Pair ............................................................................................................... 15
Create a Virtual Private Cloud (VPC) ..................................................................................... 16
Create a Security Group ...................................................................................................... 17
Getting Started ........................................................................................................................... 19
Overview ............................................................................................................................ 19
Prerequisites ...................................................................................................................... 20
Step 1: Launch an Instance .................................................................................................. 20
Step 2: Connect to Your Instance .......................................................................................... 21
Step 3: Clean Up Your Instance ............................................................................................ 23
Next Steps ......................................................................................................................... 23
Best Practices ............................................................................................................................ 24
Tutorials ..................................................................................................................................... 26
Tutorial: Deploy a WordPress Blog ........................................................................................ 26
Prerequisites .............................................................................................................. 27
Installing the Microsoft Web Platform Installer .................................................................. 27
Installing WordPress .................................................................................................... 27
Configuring Security Keys ............................................................................................ 28
Configuring the Site Title and Administrator ..................................................................... 29
Making Your WordPress Site Public ............................................................................... 29
Next Steps ................................................................................................................. 30
Tutorial: Installing a WAMP Server ........................................................................................ 30
Tutorial: Installing a WIMP Server .......................................................................................... 33
Tutorial: Increase the Availability of Your Application ................................................................ 37
Prerequisites .............................................................................................................. 37
Scale and Load Balance Your Application ....................................................................... 38
Test Your Load Balancer .............................................................................................. 39
Tutorial: Remotely Manage Your Instances ............................................................................. 41
Launch a New Instance ............................................................................................... 41
Grant Your User Account Access to SSM ....................................................................... 42
Send a Command Using the EC2 Console ...................................................................... 42
Send a Command Using AWS Tools for Windows PowerShell ............................................ 43
Tutorial: Set Up a Windows HPC Cluster ................................................................................ 44
Prerequisites .............................................................................................................. 44
Step 1: Set Up Your Active Directory Domain Controller .................................................... 44
Step 2: Configure Your Head Node ................................................................................ 47
Step 3: Set Up the Compute Node ................................................................................ 49

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Step 4: Scale Your HPC Compute Nodes (Optional) .........................................................
Running the Lizard Performance Measurement Application ................................................
IP Permissions for the Active Directory Security Groups ....................................................
IP Permissions for HPC Cluster Security Group ...............................................................
Amazon Machine Images .............................................................................................................
Using an AMI .....................................................................................................................
Creating Your Own AMI .......................................................................................................
Buying, Sharing, and Selling AMIs .........................................................................................
Deregistering Your AMI ........................................................................................................
AWS Windows AMIs ............................................................................................................
Selecting an Initial Windows AMI ...................................................................................
Keeping Your AMIs Up-to-Date .....................................................................................
AMI Types .........................................................................................................................
Launch Permissions ....................................................................................................
Storage for the Root Device .........................................................................................
Finding a Windows AMI .......................................................................................................
Finding a Windows AMI Using the Amazon EC2 Console ..................................................
Finding an AMI Using the AWS CLI ...............................................................................
Finding an AMI Using the AWS Tools for Windows PowerShell ..........................................
Finding a Windows Server 2003 AMI .............................................................................
Shared AMIs ......................................................................................................................
Finding Shared AMIs ...................................................................................................
Making an AMI Public ..................................................................................................
Sharing an AMI with Specific AWS Accounts ...................................................................
Using Bookmarks ........................................................................................................
Guidelines for Shared Windows AMIs .............................................................................
Paid AMIs ..........................................................................................................................
Selling Your AMI .........................................................................................................
Finding a Paid AMI .....................................................................................................
Purchase a Paid AMI ...................................................................................................
Getting the Product Code for Your Instance ....................................................................
Using Paid Support .....................................................................................................
Bills for Paid and Supported AMIs .................................................................................
Managing Your AWS Marketplace Subscriptions ..............................................................
Creating an Amazon EBS-Backed Windows AMI ......................................................................
Overview of Creating Amazon EBS-Backed AMIs .............................................................
Creating a Windows AMI from a Running Instance ...........................................................
Creating an Instance Store-Backed Windows AMI ....................................................................
Instance Store-Backed Windows AMIs ...........................................................................
Preparing to Create an Instance Store-Backed Windows AMI .............................................
Bundling an Instance Store-Backed Windows Instance ......................................................
Registering an Instance Store-Backed Windows AMI ........................................................
AMIs with Encrypted Snapshots ............................................................................................
AMI Scenarios Involving Encrypted EBS Snapshots ..........................................................
Copying an AMI ..................................................................................................................
Copying an AMI You Own ............................................................................................
Copying an AMI Across AWS Accounts ..........................................................................
Copying an AMI Across Regions ...................................................................................
Copying to Encrypt ......................................................................................................
AMI Copying Scenarios ................................................................................................
Copying an AMI Using the Console or Command Line ......................................................
Stopping a Pending AMI Copy Operation ........................................................................
Deregistering Your AMI ........................................................................................................
Cleaning Up Your Amazon EBS-Backed AMI ..................................................................
Cleaning Up Your Instance Store-Backed AMI .................................................................
Windows AMI Versions ........................................................................................................
Configuration Settings and Drivers .................................................................................
Updating Your Windows Instance ..................................................................................

50
51
51
55
60
60
61
61
61
61
62
62
62
63
63
66
66
67
67
67
68
68
69
70
71
72
72
73
73
74
74
75
75
75
76
76
77
79
79
80
81
82
82
83
85
86
86
86
87
88
89
90
90
91
92
92
93
93

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Upgrading or Migrating a Windows Server Instance .......................................................... 93
Determining Your Instance Version ................................................................................ 94
Subscribing to Windows AMI Notifications ....................................................................... 94
AWS Windows AMI Versions ........................................................................................ 95
Image Changes ......................................................................................................... 105
Create a Standard Amazon Machine Image Using Sysprep ...................................................... 106
Before You Begin ...................................................................................................... 106
Using Sysprep with the EC2Config Service ................................................................... 106
Run Sysprep with the EC2Config Service ...................................................................... 109
Troubleshooting Sysprep with EC2Config ...................................................................... 110
Instances .................................................................................................................................. 112
Instance Types .................................................................................................................. 112
Available Instance Types ............................................................................................ 113
Hardware Specifications ............................................................................................. 114
Networking and Storage Features ................................................................................ 114
Instance Limits .......................................................................................................... 115
T2 Instances ............................................................................................................. 115
C4 Instances ............................................................................................................ 118
GPU Instances .......................................................................................................... 120
I2 Instances .............................................................................................................. 122
D2 Instances ............................................................................................................ 123
HI1 Instances ............................................................................................................ 124
HS1 Instances .......................................................................................................... 126
T1 Micro Instances .................................................................................................... 127
X1 Instances ............................................................................................................. 138
Resizing Instances ..................................................................................................... 140
Instance Purchasing Options ............................................................................................... 144
Determining the Instance Lifecycle ............................................................................... 145
Reserved Instances ................................................................................................... 146
Scheduled Instances .................................................................................................. 167
Spot Instances .......................................................................................................... 170
Dedicated Hosts ........................................................................................................ 215
Instance Lifecycle .............................................................................................................. 226
Instance Launch ........................................................................................................ 226
Instance Stop and Start (Amazon EBS-backed instances only) ......................................... 227
Instance Reboot ........................................................................................................ 227
Instance Retirement ................................................................................................... 227
Instance Termination .................................................................................................. 227
Differences Between Reboot, Stop, and Terminate ......................................................... 228
Launch ..................................................................................................................... 229
Connect ................................................................................................................... 239
Stop and Start .......................................................................................................... 241
Reboot ..................................................................................................................... 244
Retire ....................................................................................................................... 245
Terminate ................................................................................................................. 247
Recover ................................................................................................................... 252
Configure Instances ........................................................................................................... 253
Instance Metadata and User Data ................................................................................ 253
Using EC2Config ....................................................................................................... 266
PV Drivers ................................................................................................................ 290
Setting the Password ................................................................................................. 307
Setting the Time ........................................................................................................ 313
Managing Configuration .............................................................................................. 315
Joining an AWS Domain ............................................................................................. 321
Sending Log Data to CloudWatch ................................................................................ 330
Configuring a Secondary Private IP Address .................................................................. 342
Upgrading Instances .................................................................................................. 346
Remotely Manage Your Instances ........................................................................................ 354

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Components and Concepts ......................................................................................... 355
Prerequisites ............................................................................................................. 358
Configuring the EC2Config Service for Run Command .................................................... 360
Delegating Access ..................................................................................................... 360
Setting Up Run Command On Managed Instances ......................................................... 367
Executing Commands ................................................................................................ 370
Viewing Command Output .......................................................................................... 391
Creating SSM Documents ........................................................................................... 393
Sharing SSM Documents ............................................................................................ 399
Walkthroughs ............................................................................................................ 404
Cancelling a Command .............................................................................................. 416
Monitoring Commands ................................................................................................ 417
Troubleshooting Run Command ................................................................................... 426
Importing and Exporting Virtual Machines .............................................................................. 429
Monitoring ................................................................................................................................ 430
Automated and Manual Monitoring ....................................................................................... 432
Automated Monitoring Tools ........................................................................................ 432
Manual Monitoring Tools ............................................................................................ 433
Best Practices for Monitoring ............................................................................................... 433
Monitoring the Status of Your Instances ................................................................................ 434
Instance Status Checks .............................................................................................. 434
Scheduled Events ...................................................................................................... 438
Monitoring Your Instances Using CloudWatch ........................................................................ 442
Enable Detailed Monitoring ......................................................................................... 442
List Available Metrics ................................................................................................. 444
Get Statistics for Metrics ............................................................................................. 449
Graph Metrics ........................................................................................................... 464
Create a CloudWatch Alarm ........................................................................................ 467
Create Alarms That Stop, Terminate, Reboot, or Recover an Instance ................................ 473
Network and Security ................................................................................................................. 495
Key Pairs ......................................................................................................................... 496
Creating Your Key Pair Using Amazon EC2 .................................................................. 496
Importing Your Own Key Pair to Amazon EC2 ............................................................... 497
Retrieving the Public Key for Your Key Pair on Windows ................................................. 498
Verifying Your Key Pair's Fingerprint ............................................................................ 499
Deleting Your Key Pair ............................................................................................... 499
Security Groups ................................................................................................................ 500
Security Groups for EC2-Classic .................................................................................. 500
Security Groups for EC2-VPC ..................................................................................... 500
Security Group Rules ................................................................................................. 501
Default Security Groups .............................................................................................. 503
Custom Security Groups ............................................................................................. 503
Creating a Security Group .......................................................................................... 504
Describing Your Security Groups ................................................................................. 505
Adding Rules to a Security Group ................................................................................ 505
Deleting Rules from a Security Group ........................................................................... 506
Deleting a Security Group ........................................................................................... 507
API and Command Overview ...................................................................................... 507
Controlling Access ............................................................................................................. 508
Network Access to Your Instance ................................................................................ 508
Amazon EC2 Permission Attributes .............................................................................. 508
IAM and Amazon EC2 ............................................................................................... 509
IAM Policies ............................................................................................................. 510
IAM Roles ................................................................................................................ 547
Network Access ........................................................................................................ 552
Amazon VPC .................................................................................................................... 554
Benefits of Using a VPC ............................................................................................. 554
Differences Between EC2-Classic and EC2-VPC ............................................................ 555

vii

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Sharing and Accessing Resources Between EC2-Classic and EC2-VPC ............................. 557
Instance Types Available Only in a VPC ....................................................................... 559
Amazon VPC Documentation ...................................................................................... 559
Supported Platforms .................................................................................................. 560
ClassicLink ............................................................................................................... 561
Migrating from EC2-Classic to a VPC ........................................................................... 571
Instance IP Addressing ...................................................................................................... 581
Private IP Addresses and Internal DNS Hostnames ........................................................ 582
Public IP Addresses and External DNS Hostnames ........................................................ 582
Elastic IP Addresses .................................................................................................. 583
Amazon DNS Server .................................................................................................. 584
IP Address Differences Between EC2-Classic and EC2-VPC ............................................ 584
Determining Your Public, Private, and Elastic IP Addresses .............................................. 585
Assigning a Public IP Address ..................................................................................... 586
Multiple Private IP Addresses ...................................................................................... 587
Elastic IP Addresses .......................................................................................................... 592
Elastic IP Address Basics ........................................................................................... 592
Elastic IP Address Differences for EC2-Classic and EC2-VPC .......................................... 592
Working with Elastic IP Addresses ............................................................................... 594
Using Reverse DNS for Email Applications .................................................................... 598
Elastic IP Address Limit .............................................................................................. 598
Elastic Network Interfaces ................................................................................................... 598
Private IP Addresses Per Network Interface Per Instance Type ......................................... 600
Public IP Addresses for Network Interfaces ................................................................... 602
Creating a Management Network ................................................................................. 602
Use Network and Security Appliances in Your VPC ........................................................ 603
Creating Dual-homed Instances with Workloads/Roles on Distinct Subnets ......................... 603
Create a Low Budget High Availability Solution .............................................................. 603
Monitoring IP Traffic on Your Network Interface .............................................................. 603
Best Practices for Configuring Elastic Network Interfaces ................................................. 603
Creating an Elastic Network Interface ........................................................................... 604
Deleting an Elastic Network Interface ........................................................................... 604
Viewing Details about an Elastic Network Interface ......................................................... 605
Attaching an Elastic Network Interface When Launching an Instance ................................. 605
Attaching an Elastic Network Interface to a Stopped or Running Instance ........................... 606
Detaching an Elastic Network Interface from an Instance ................................................. 607
Changing the Security Group of an Elastic Network Interface ............................................ 608
Changing the Source/Destination Checking of an Elastic Network Interface ......................... 608
Associating an Elastic IP Address with an Elastic Network Interface ................................... 609
Disassociating an Elastic IP Address from an Elastic Network Interface .............................. 609
Changing Termination Behavior for an Elastic Network Interface ....................................... 610
Adding or Editing a Description for an Elastic Network Interface ........................................ 610
Adding or Editing Tags for an Elastic Network Interface ................................................... 611
Placement Groups ............................................................................................................. 611
Placement Group Limitations ....................................................................................... 612
Launching Instances into a Placement Group ................................................................ 613
Deleting a Placement Group ....................................................................................... 614
Network MTU .................................................................................................................... 614
Jumbo Frames (9001 MTU) ........................................................................................ 615
Path MTU Discovery .................................................................................................. 615
Check the Path MTU Between Two Hosts ..................................................................... 616
Check and Set the MTU on your Amazon EC2 Instance .................................................. 616
Troubleshooting ......................................................................................................... 617
Enhanced Networking ........................................................................................................ 618
Enhanced Networking Types ....................................................................................... 618
Enabling Enhanced Networking on Your Instance ........................................................... 618
Enabling Enhanced Networking: Intel 82599 VF ............................................................. 618
Enabling Enhanced Networking: ENA ........................................................................... 621

viii

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Storage .................................................................................................................................... 625
Amazon EBS .................................................................................................................... 626
Features of Amazon EBS ........................................................................................... 627
EBS Volumes ........................................................................................................... 628
EBS Snapshots ......................................................................................................... 669
EBS Optimization ...................................................................................................... 676
EBS Encryption ......................................................................................................... 680
EBS Performance ...................................................................................................... 683
Instance Store ................................................................................................................... 696
Instance Store Lifetime ............................................................................................... 697
Instance Store Volumes ............................................................................................. 697
Add Instance Store Volumes ....................................................................................... 699
SSD Instance Store Volumes ...................................................................................... 702
Amazon S3 ...................................................................................................................... 702
Amazon S3 and Amazon EC2 ..................................................................................... 703
Instance Volume Limits ...................................................................................................... 704
Linux-Specific Volume Limits ....................................................................................... 705
Windows-Specific Volume Limits .................................................................................. 705
Bandwidth vs Capacity ............................................................................................... 705
Device Naming .................................................................................................................. 705
Available Device Names ............................................................................................. 706
Device Name Considerations ...................................................................................... 706
Block Device Mapping ........................................................................................................ 707
Block Device Mapping Concepts .................................................................................. 707
AMI Block Device Mapping ......................................................................................... 710
Instance Block Device Mapping ................................................................................... 712
Mapping Disks to Volumes ................................................................................................. 715
Listing the Disks Using Windows Disk Management ........................................................ 716
Listing the Disks Using Windows PowerShell ................................................................. 718
Disk Device to Device Name Mapping .......................................................................... 720
Using Public Data Sets ...................................................................................................... 722
Public Data Set Concepts ........................................................................................... 722
Finding Public Data Sets ............................................................................................ 722
Creating a Public Data Set Volume from a Snapshot ....................................................... 723
Attaching and Mounting the Public Data Set Volume ....................................................... 724
Resources and Tags .................................................................................................................. 725
Resource Locations ........................................................................................................... 725
Resource IDs .................................................................................................................... 726
Working with Longer IDs ............................................................................................ 727
Controlling Access to Longer ID Settings ...................................................................... 730
Listing and Filtering Your Resources .................................................................................... 730
Advanced Search ...................................................................................................... 730
Listing Resources Using the Console ........................................................................... 731
Filtering Resources Using the Console ......................................................................... 732
Listing and Filtering Using the CLI and API ................................................................... 733
Tagging Your Resources .................................................................................................... 733
Tag Basics ............................................................................................................... 734
Tag Restrictions ........................................................................................................ 735
Tagging Your Resources for Billing .............................................................................. 736
Working with Tags Using the Console .......................................................................... 737
Working with Tags Using the CLI or API ....................................................................... 742
Service Limits ................................................................................................................... 742
Viewing Your Current Limits ........................................................................................ 743
Requesting a Limit Increase ........................................................................................ 744
Usage Reports .................................................................................................................. 744
Available Reports ...................................................................................................... 744
Getting Set Up for Usage Reports ................................................................................ 744
Granting IAM Users Access to the Amazon EC2 Usage Reports ....................................... 746

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Instance Usage ......................................................................................................... 746
Reserved Instance Utilization ...................................................................................... 749
AWS Systems Manager for Microsoft System Center VMM .............................................................. 755
Features ........................................................................................................................... 755
Limitations ........................................................................................................................ 756
Requirements .................................................................................................................... 756
Getting Started .................................................................................................................. 756
Setting Up ........................................................................................................................ 756
Sign Up for AWS ...................................................................................................... 756
Set Up Access for Users ............................................................................................ 757
Deploy the Add-In ..................................................................................................... 759
Provide Your AWS Credentials .................................................................................... 759
Managing EC2 Instances .................................................................................................... 760
Creating an EC2 Instance ........................................................................................... 760
Viewing Your Instances .............................................................................................. 762
Connecting to Your Instance ....................................................................................... 763
Rebooting Your Instance ............................................................................................ 763
Stopping Your Instance .............................................................................................. 764
Starting Your Instance ................................................................................................ 764
Terminating Your Instance .......................................................................................... 764
Importing Your VM ............................................................................................................ 764
Prerequisites ............................................................................................................. 765
Importing Your Virtual Machine .................................................................................... 765
Checking the Import Task Status ................................................................................. 766
Backing Up Your Imported Instance ............................................................................. 766
Troubleshooting ................................................................................................................. 767
Error: Add-in cannot be installed .................................................................................. 767
Installation Errors ...................................................................................................... 767
Checking the Log File ................................................................................................ 768
Errors Importing a VM ................................................................................................ 768
Uninstalling the Add-In ............................................................................................... 768
AWS Management Pack ............................................................................................................. 769
Overview of AWS Management Pack for System Center 2012 .................................................. 770
Overview of AWS Management Pack for System Center 2007 R2 ............................................. 771
Downloading ..................................................................................................................... 772
System Center 2012 .................................................................................................. 772
System Center 2007 R2 ............................................................................................. 773
Deploying ......................................................................................................................... 773
Step 1: Installing the AWS Management Pack ............................................................... 774
Step 2: Configuring the Watcher Node .......................................................................... 775
Step 3: Create an AWS Run As Account ...................................................................... 775
Step 4: Run the Add Monitoring Wizard ........................................................................ 778
Step 5: Configure Ports and Endpoints ......................................................................... 782
Using ............................................................................................................................... 783
Views ....................................................................................................................... 783
Discoveries ............................................................................................................... 797
Monitors ................................................................................................................... 798
Rules ....................................................................................................................... 799
Events ..................................................................................................................... 799
Health Model ............................................................................................................ 800
Customizing the AWS Management Pack ...................................................................... 801
Upgrading ......................................................................................................................... 802
System Center 2012 .................................................................................................. 802
System Center 2007 R2 ............................................................................................. 802
Uninstalling ....................................................................................................................... 803
System Center 2012 .................................................................................................. 803
System Center 2007 R2 ............................................................................................. 803
Troubleshooting ................................................................................................................. 804

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Errors 4101 and 4105 ................................................................................................ 804
Error 4513 ................................................................................................................ 804
Event 623 ................................................................................................................ 804
Events 2023 and 2120 ............................................................................................... 805
Event 6024 ............................................................................................................... 805
General Troubleshooting for System Center 2012 — Operations Manager .......................... 805
General Troubleshooting for System Center 2007 R2 ...................................................... 806
AWS Diagnostics for Windows Server .......................................................................................... 807
Analysis Rules .................................................................................................................. 807
Analyzing the Current Instance ............................................................................................ 808
Collecting Data From an Offline Instance .............................................................................. 810
Data File Storage .............................................................................................................. 810
Troubleshooting ......................................................................................................................... 812
Troubleshoot an Unreachable Instance ................................................................................. 812
How to Take a Screenshot of an Unreachable Instance ................................................... 812
Common Screenshots ................................................................................................ 813
Common Issues ................................................................................................................ 819
Boot an EC2 Windows Instance into Directory Services Restore Mode (DSRM) ................... 820
High CPU usage shortly after Windows starts ................................................................ 822
No console output ..................................................................................................... 822
Instance terminates immediately .................................................................................. 823
Remote Desktop can't connect to the remote computer ................................................... 823
RDP displays a black screen instead of the desktop ....................................................... 825
Instance loses network connectivity or scheduled tasks don't run when expected .................. 826
Insufficient Instance Capacity ...................................................................................... 826
Instance Limit Exceeded ............................................................................................. 827
Windows Server 2012 R2 not available on the network .................................................... 827
Common Messages ........................................................................................................... 827
"Password is not available" ......................................................................................... 827
"Password not available yet" ....................................................................................... 828
"Cannot retrieve Windows password" ............................................................................ 828
"Waiting for the metadata service" ............................................................................... 828
"Unable to activate Windows" ...................................................................................... 831
"Windows is not genuine (0x80070005)" ....................................................................... 832
"No Terminal Server License Servers available to provide a license" .................................. 832
Document History ...................................................................................................................... 834
AWS Glossary .......................................................................................................................... 849

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Features of Amazon EC2

What Is Amazon EC2?
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon
Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware up front,
so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as
few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2
enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing
your need to forecast traffic.
For more information about cloud computing, see What is Cloud Computing?

Features of Amazon EC2
Amazon EC2 provides the following features:
• Virtual computing environments, known as instances
• Preconfigured templates for your instances, known as Amazon Machine Images (AMIs), that
package the bits you need for your server (including the operating system and additional software)
• Various configurations of CPU, memory, storage, and networking capacity for your instances, known
as instance types
• Secure login information for your instances using key pairs (AWS stores the public key, and you
store the private key in a secure place)
• Storage volumes for temporary data that's deleted when you stop or terminate your instance, known
as instance store volumes
• Persistent storage volumes for your data using Amazon Elastic Block Store (Amazon EBS), known
as Amazon EBS volumes
• Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known
as regions and Availability Zones
• A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your
instances using security groups
• Static IP addresses for dynamic cloud computing, known as Elastic IP addresses
• Metadata, known as tags, that you can create and assign to your Amazon EC2 resources
• Virtual networks you can create that are logically isolated from the rest of the AWS cloud, and that
you can optionally connect to your own network, known as virtual private clouds (VPCs)
For more information about the features of Amazon EC2, see the Amazon EC2 product page.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
How to Get Started with Amazon EC2

Amazon EC2 enables you to run any compatible Windows-based solution on our high-performance,
reliable, cost-effective, cloud computing platform. For more information, see Amazon EC2 Running
Windows Server & SQL.
For more information about running your website on AWS, see Websites & Website Hosting.

How to Get Started with Amazon EC2
The first thing you need to do is get set up to use Amazon EC2. After you are set up, you are ready to
complete the Getting Started tutorial for Amazon EC2. Whenever you need more information about a
feature of Amazon EC2, you can read the technical documentation.

Get Up and Running
• Setting Up with Amazon EC2 (p. 13)
• Getting Started with Amazon EC2 Windows Instances (p. 19)

Basics
• Amazon EC2 Basic Infrastructure for Windows (p. 5)
• Instance Types (p. 112)
• Tags (p. 733)

Networking and Security
• Amazon EC2 Key Pairs and Windows Instances (p. 496)
• Security Groups (p. 500)
• Elastic IP Addresses (p. 592)
• Amazon EC2 and Amazon VPC (p. 554)

Storage
• Amazon EBS (p. 626)
• Instance Store (p. 696)

Working with Windows Instances
• Differences between Windows Server and an Amazon EC2 Windows Instance (p. 10)
• Designing Your Applications to Run on Amazon EC2 Windows Instances (p. 12)
• Getting Started with AWS: Hosting a .NET Web App
If you have questions about whether AWS is right for you, contact AWS Sales. If you have technical
questions about Amazon EC2, use the Amazon EC2 forum.

Related Services
You can provision Amazon EC2 resources, such as instances and volumes, directly using Amazon
EC2. You can also provision Amazon EC2 resources using other services in AWS. For more
information, see the following documentation:

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Accessing Amazon EC2

• Auto Scaling User Guide
• AWS CloudFormation User Guide
• AWS Elastic Beanstalk Developer Guide
• AWS OpsWorks User Guide
To automatically distribute incoming application traffic across multiple instances, use Elastic Load
Balancing. For more information, see Elastic Load Balancing User Guide.
To monitor basic statistics for your instances and Amazon EBS volumes, use Amazon CloudWatch.
For more information, see the Amazon CloudWatch Developer Guide.
To monitor the calls made to the Amazon EC2 API for your account, including calls made by the
AWS Management Console, command line tools, and other services, use AWS CloudTrail. For more
information, see the AWS CloudTrail User Guide.
To get a managed relational database in the cloud, use Amazon Relational Database Service (Amazon
RDS) to launch a database instance. Although you can set up a database on an EC2 instance,
Amazon RDS offers the advantage of handling your database management tasks, such as patching
the software, backing up, and storing the backups. For more information, see Amazon Relational
Database Service Developer Guide.

Accessing Amazon EC2
Amazon EC2 provides a web-based user interface, the Amazon EC2 console. If you've signed up for
an AWS account, you can access the Amazon EC2 console by signing into the AWS Management
Console and selecting EC2 from the console home page.
If you prefer to use a command line interface, you have the following options:
AWS Command Line Interface (CLI)
Provides commands for a broad set of AWS products, and is supported on Windows, Mac, and
Linux. To get started, see AWS Command Line Interface User Guide. For more information about
the commands for Amazon EC2, see ec2 in the AWS Command Line Interface Reference.
AWS Tools for Windows PowerShell
Provides commands for a broad set of AWS products for those who script in the PowerShell
environment. To get started, see the AWS Tools for Windows PowerShell User Guide. For more
information about the cmdlets for Amazon EC2, see the AWS Tools for Windows PowerShell
Reference.
Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP
verbs GET or POST and a Query parameter named Action. For more information about the API
actions for Amazon EC2, see Actions in the Amazon EC2 API Reference.
If you prefer to build applications using language-specific APIs instead of submitting a request over
HTTP or HTTPS, AWS provides libraries, sample code, tutorials, and other resources for software
developers. These libraries provide basic functions that automate tasks such as cryptographically
signing your requests, retrying requests, and handling error responses, making it is easier for you to
get started. For more information, see AWS SDKs and Tools.

Pricing for Amazon EC2
When you sign up for AWS, you can get started with Amazon EC2 for free using the AWS Free Tier.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
PCI DSS Compliance

Amazon EC2 provides the following purchasing options for instances:
On-Demand instances
Pay for the instances that you use by the hour, with no long-term commitments or up-front
payments.
Reserved Instances
Make a low, one-time, up-front payment for an instance, reserve it for a one- or three-year term,
and pay a significantly lower hourly rate for these instances.
Spot instances
Specify the maximum hourly price that you are willing to pay to run a particular instance type. The
Spot price fluctuates based on supply and demand, but you never pay more than the maximum
price you specified. If the Spot price moves higher than your maximum price, Amazon EC2 shuts
down your Spot instances.
For a complete list of charges and specific prices for Amazon EC2, see Amazon EC2 Pricing.
To calculate the cost of a sample provisioned environment, see AWS Economics Center.
To see your bill, go to your AWS Account Activity page. Your bill contains links to usage reports that
provide details about your bill. To learn more about AWS account billing, see AWS Account Billing.
If you have questions concerning AWS billing, accounts, and events, contact AWS Support.
For an overview of Trusted Advisor, a service that helps you optimize the costs, security, and
performance of your AWS environment, see AWS Trusted Advisor.

PCI DSS Compliance
Amazon EC2 supports the processing, storage, and transmission of credit card data by a merchant or
service provider, and has been validated as being compliant with Payment Card Industry (PCI) Data
Security Standard (DSS). For more information about PCI DSS, including how to request a copy of the
AWS PCI Compliance Package, see PCI DSS Level 1.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Basic Infrastructure

Amazon EC2 Basic Infrastructure for Windows
As you get started with Amazon EC2, you'll benefit from understanding the components of its basic
infrastructure and how they compare or contrast with your own data centers.
Concepts
• Amazon Machine Images and Instances (p. 5)
• Regions and Availability Zones (p. 6)
• Storage (p. 6)
• Root Device Volume (p. 8)
• Networking and Security (p. 10)
• AWS Identity and Access Management (p. 10)
• Differences between Windows Server and an Amazon EC2 Windows Instance (p. 10)
• Designing Your Applications to Run on Amazon EC2 Windows Instances (p. 12)

Amazon Machine Images and Instances
An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an
operating system, an application server, and applications). From an AMI, you launch instances, which
are copies of the AMI running as virtual servers in the cloud.
Amazon publishes many AMIs that contain common software configurations for public use. In addition,
members of the AWS developer community have published their own custom AMIs. You can also
create your own custom AMI or AMIs; doing so enables you to quickly and easily start new instances
that have everything you need. For example, if your application is a website or web service, your AMI
could include a web server, the associated static content, and the code for the dynamic pages. As a
result, after you launch an instance from this AMI, your web server starts, and your application is ready
to accept requests.
You can launch different types of instances from a single AMI. An instance type essentially determines
the hardware of the host computer used for your instance. Each instance type offers different compute
and memory facilities. Select an instance type based on the amount of memory and computing
power that you need for the applications or software that you plan to run on the instance. For more
information about the hardware specifications for each Amazon EC2 instance type, see Amazon EC2
Instances. You can also launch multiple instances from an AMI, as shown in the following figure.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Regions and Availability Zones

Your Windows instances keep running until you stop or terminate them, or until they fail. If an instance
fails, you can launch a new one from the AMI.
Your AWS account has a limit on the number of instances that you can have running. For more
information about this limit, and how to request an increase, see How many instances can I run in
Amazon EC2 in the Amazon EC2 General FAQ.

Regions and Availability Zones
Amazon has data centers in different areas of the world (for example, North America, Europe, and
Asia). Correspondingly, Amazon EC2 is available to use in different regions. By launching instances in
separate regions, you can design your application to be closer to specific customers or to meet legal or
other requirements. Prices for Amazon EC2 usage vary by region (for more information about pricing
by region, see Amazon EC2 Pricing).
Each region contains multiple distinct locations called Availability Zones. Each Availability Zone is
engineered to be isolated from failures in other Availability Zones, and to provide inexpensive, lowlatency network connectivity to other zones in the same region. By launching instances in separate
Availability Zones, you can protect your applications from the failure of a single location.

For more information about the available regions and Availability Zones, see Using Regions and
Availability Zones in the Amazon EC2 User Guide for Linux Instances.

Storage
When using Amazon EC2, you may have data that you need to store. Amazon EC2 offers the following
storage options:
• Amazon Elastic Block Store (Amazon EBS)
• Amazon EC2 Instance Store (p. 696)
• Amazon Simple Storage Service (Amazon S3)
The following figure shows the relationship between these types of storage.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Storage

Amazon EBS Volumes
Amazon EBS volumes are the recommended storage option for the majority of use cases. Amazon
EBS provides your instances with persistent, block-level storage. Amazon EBS volumes are essentially
hard disks that you can attach to a running instance.
Amazon EBS is especially suited for applications that require a database, a file system, or access to
raw block-level storage.
As illustrated in the previous figure, you can attach multiple volumes to an instance. Also, to keep a
backup copy of your data, you can create a snapshot of an EBS volume, which is stored in Amazon
S3. You can create a new Amazon EBS volume from a snapshot, and attach it to another instance.
You can also detach a volume from an instance and attach it to a different instance. The following
figure illustrates the life cycle of an EBS volume.

For more information about Amazon EBS volumes, see Amazon Elastic Block Store (Amazon
EBS) (p. 626).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Root Device Volume

Instance Store
All instance types, with the exception of Micro instances, offer instance store, which provides your
instances with temporary, block-level storage. This is storage that is physically attached to the host
computer. The data on an instance store volume doesn't persist when the associated instance is
stopped or terminated. For more information about instance store volumes, see Amazon EC2 Instance
Store (p. 696).
Instance store is an option for inexpensive temporary storage. You can use instance store volumes if
you don't require data persistence.

Amazon S3
Amazon S3 is storage for the Internet. It provides a simple web service interface that enables you to
store and retrieve any amount of data from anywhere on the web. For more information about Amazon
S3, see the Amazon S3 product page.

Root Device Volume
When you launch an instance, the root device volume contains the image used to boot the instance.
You can launch an Amazon EC2 Windows instance using an AMI backed either by instance store or by
Amazon Elastic Block Store (Amazon EBS).
• Instances launched from an AMI backed by Amazon EBS use an Amazon EBS volume as the
root device. The root device volume of an Amazon EBS-backed AMI is an Amazon EBS snapshot.
When an instance is launched using an Amazon EBS-backed AMI, a root EBS volume is created
from the EBS snapshot and attached to the instance. The root device volume is then used to boot
the instance.
• Instances launched from an AMI backed by instance store use an instance store volume as the
root device. The image of the root device volume of an instance store-backed AMI is initially stored in
Amazon S3. When an instance is launched using an instance store-backed AMI, the image of its root
device is copied from Amazon S3 to the root partition of the instance. The root device volume is then
used to boot the instance.

Important
The only Windows AMIs that can be backed by instance store are those for Windows Server
2003. Instance store-backed instances don't have the available disk space required for later
versions of Windows Server.
For a summary of the differences between instance store-backed AMIs and Amazon EBS-backed
AMIs, see Storage for the Root Device (p. 63).

Determining the Root Device Type of an AMI
You can determine the root device type of an AMI using the console or the command line.

To determine the root device type of an AMI using the console
1.

Open the Amazon EC2 console.

In the navigation pane, click AMIs, and select the AMI.

Check the value of Root Device Type in the Details tab as follows:
• If the value is ebs, this is an Amazon EBS-backed AMI.
• If the value is instance store, this is an instance store-backed AMI.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Root Device Volume

To determine the root device type of an AMI using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• describe-images (AWS CLI)
• Get-EC2Image (AWS Tools for Windows PowerShell)

Determining the Root Device Type of an Instance
You can determine the root device type of an instance using the console or the command line.

To determine the root device type of an instance using the console
1.

Open the Amazon EC2 console.

In the navigation pane, click Instances, and select the instance.

Check the value of Root device type in the Description tab as follows:
• If the value is ebs, this is an Amazon EBS-backed instance.
• If the value is instance store, this is an instance store-backed instance.

To determine the root device type of an instance using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• describe-instances (AWS CLI)
• Get-EC2Instance (AWS Tools for Windows PowerShell)

Changing the Root Device Volume to Persist
Using the console, you can change the DeleteOnTermination attribute when you launch an
instance. To change this attribute for a running instance, you must use the command line.

To change the root device volume of an instance to persist at launch using the console
1.

Open the Amazon EC2 console.

2.
3.
4.

From the Amazon EC2 console dashboard, click Launch Instance.
On the Choose an Amazon Machine Image (AMI) page, choose the AMI to use and click Select.
Follow the wizard to complete the Choose an Instance Type and Configure Instance Details
pages.

5.
6.

On the Add Storage page, deselect the Delete On Termination check box for the root volume.
Complete the remaining wizard pages, and then click Launch.

You can verify the setting by viewing details for the root device volume on the instance's details pane.
Next to Block devices, click the entry for the root device volume. By default, Delete on termination is
True. If you change the default behavior, Delete on termination is False.

To change the root device volume of an instance to persist using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• modify-instance-attribute (AWS CLI)

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Networking and Security

• Edit-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

Networking and Security
You can launch instances in one of two platforms: EC2-Classic and EC2-VPC. An instance that's
launched into EC2-Classic is assigned a public IP address. By default, an instance that's launched
into EC2-VPC is assigned public IP address only if it's launched into a default VPC. An instance that's
launched into a nondefault VPC must be specifically assigned a public IP address at launch, or you
must modify your subnet's default public IP addressing behavior. For more information about EC2Classic and EC2-VPC, see Supported Platforms (p. 560).
Instances can fail or terminate for reasons outside of your control. If one fails and you launch a
replacement instance, the replacement has a different public IP address than the original. However,
if your application needs a static IP address, Amazon EC2 offers Elastic IP addresses. For more
information, see Amazon EC2 Instance IP Addressing (p. 581).
You can use security groups to control who can access your instances. These are analogous to an
inbound network firewall that enables you to specify the protocols, ports, and source IP ranges that
are allowed to reach your instances. You can create multiple security groups and assign different rules
to each group. You can then assign each instance to one or more security groups, and we use the
rules to determine which traffic is allowed to reach the instance. You can configure a security group
so that only specific IP addresses or specific security groups have access to the instance. For more
information, see Amazon EC2 Security Groups for Windows Instances (p. 500).

AWS Identity and Access Management
AWS Identity and Access Management (IAM) enables you to do the following:
• Create users and groups under your AWS account
• Assign unique security credentials to each user under your AWS account
• Control each user's permissions to perform tasks using AWS resources
• Allow the users in another AWS account to share your AWS resources
• Create roles for your AWS account and define the users or services that can assume them
• Use existing identities for your enterprise to grant permissions to perform tasks using AWS
resources
By using IAM with Amazon EC2, you can control whether users in your organization can perform a task
using specific Amazon EC2 API actions and whether they can use specific AWS resources.
For more information about IAM, see the following:
•
•
•
•

Creating an IAM Group and Users (p. 509)
IAM Policies for Amazon EC2 (p. 510)
IAM Roles for Amazon EC2 (p. 547)
Identity and Access Management (IAM)

• IAM User Guide

Differences between Windows Server and an
Amazon EC2 Windows Instance
After you launch your Amazon EC2 Windows instance, it behaves like a traditional server running
Windows Server. For example, both Windows Server and an Amazon EC2 instance can be used to

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Differences between Windows Server
and an Amazon EC2 Windows Instance
run your web applications, conduct batch processing, or manage applications requiring large-scale
computations. However, there are important differences between the server hardware model and
the cloud computing model. The way an Amazon EC2 instance runs is not the same as the way a
traditional server running Windows Server runs.

Before you begin launching Amazon EC2 Windows instances, you should be aware that the
architecture of applications running on cloud servers can differ significantly from the architecture for
traditional application models running on your hardware. Implementing applications on cloud servers
requires a shift in your design process.
The following table describes some key differences between Windows Server and an Amazon EC2
Windows instance.
Windows Server

Amazon EC2 Windows Instance

Resources and capacity are physically limited.

Resources and capacity are scalable.

You pay for the infrastructure, even if you don't
use it.

You pay for the usage of the infrastructure. We
stop charging you for the instance as soon as
you stop or terminate it.

Occupies physical space and must be
maintained on a regular basis.

Doesn't occupy physical space and does not
require regular maintenance.

Starts with push of the power button (known as
cold booting).

Starts with the launch of the instance.

You can keep the server running until it is time
to shut it down, or put it in a sleep or hibernation
state (during which the server is powered down).

You can keep the server running, or stop and
restart it (during which the instance is moved to a
new host computer).

When you shut down the server, all resources
remain intact and in the state they were in when
you switched it off. Information you stored on
the hard drives persists and can be accessed
whenever it's needed. You can restore the server
to the running state by powering it on.

When you terminate the instance, its
infrastructure is no longer available to you. You
can't connect to or restart an instance after
you've terminated it. However, you can create
an image from your instance while it's running,
and launch new instances from the image at any
time.

A traditional server running Windows Server goes through the states shown in the following diagram.

An Amazon EC2 Windows instance is similar to the traditional Windows Server, as you can see by
comparing the following diagram with the previous diagram for Windows Server. After you launch
an instance, it briefly goes into the pending state while registration takes place, then it goes into the
running state. The instance remains active until you stop or terminate it. You can't restart an instance
after you terminate it. You can create a backup image of your instance while it's running, and launch a
new instance from that backup image.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Designing Your Applications to Run
on Amazon EC2 Windows Instances

Designing Your Applications to Run on Amazon
EC2 Windows Instances
It is important that you consider the differences mentioned in the previous section when you design
your applications to run on Amazon EC2 Windows instances.
Applications built for Amazon EC2 use the underlying computing infrastructure on an as-needed basis.
They draw on necessary resources (such as storage and computing) on demand in order to perform
a job, and relinquish the resources when done. In addition, they often dispose of themselves after
the job is done. While in operation, the application scales up and down elastically based on resource
requirements. An application running on an Amazon EC2 instance can terminate and recreate the
various components at will in case of infrastructure failures.
When designing your Windows applications to run on Amazon EC2, you can plan for rapid deployment
and rapid reduction of compute and storage resources, based on your changing needs.
When you run an Amazon EC2 Windows instance, you don't need to provision the exact system
package of hardware, software, and storage, the way you do with Windows Server. Instead, you can
focus on using a variety of cloud resources to improve the scalability and overall performance of your
Windows application.
With Amazon EC2, designing for failure and outages is an integral and crucial part of the architecture.
As with any scalable and redundant system, architecture of your system should account for computing,
network, and storage failures. You have to build mechanisms in your applications that can handle
different kinds of failures. The key is to build a modular system with individual components that
are not tightly coupled, can interact asynchronously, and treat one another as black boxes that
are independently scalable. Thus, if one of your components fails or is busy, you can launch more
instances of that component without breaking your current system.
Another key element to designing for failure is to distribute your application geographically. Replicating
your application across geographically distributed regions improves high availability in your system.
Amazon EC2 infrastructure is programmable and you can use scripts to automate the deployment
process, to install and configure software and applications, and to bootstrap your virtual servers.
You should implement security in every layer of your application architecture running on an Amazon
EC2 Windows instance. If you are concerned about storing sensitive and confidential data within your
Amazon EC2 environment, you should encrypt the data before uploading it.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Sign Up for AWS

Setting Up with Amazon EC2
If you've already signed up for Amazon Web Services (AWS), you can start using Amazon EC2
immediately. You can open the Amazon EC2 console, click Launch Instance, and follow the steps in
the launch wizard to launch your first instance.
If you haven't signed up for AWS yet, or if you need assistance launching your first instance, complete
the following tasks to get set up to use Amazon EC2:
1. Sign Up for AWS (p. 13)
2. Create an IAM User (p. 13)
3. Create a Key Pair (p. 15)
4. Create a Virtual Private Cloud (VPC) (p. 16)
5. Create a Security Group (p. 17)

Sign Up for AWS
When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for
all services in AWS, including Amazon EC2. You are charged only for the services that you use.
With Amazon EC2, you pay only for what you use. If you are a new AWS customer, you can get started
with Amazon EC2 for free. For more information, see AWS Free Tier.
If you have an AWS account already, skip to the next task. If you don't have an AWS account, use the
following procedure to create one.

To create an AWS account
1.
2.

Open http://aws.amazon.com/, and then choose Create an AWS Account.
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone
keypad.

Note your AWS account number, because you'll need it for the next task.

Create an IAM User
Services in AWS, such as Amazon EC2, require that you provide credentials when you access them,
so that the service can determine whether you have permission to access its resources. The console

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Create an IAM User

requires your password. You can create access keys for your AWS account to access the command
line interface or API. However, we don't recommend that you access AWS using the credentials for
your AWS account; we recommend that you use AWS Identity and Access Management (IAM) instead.
Create an IAM user, and then add the user to an IAM group with administrative permissions or and
grant this user administrative permissions. You can then access AWS using a special URL and the
credentials for the IAM user.
If you signed up for AWS but have not created an IAM user for yourself, you can create one using the
IAM console. If you aren't familiar with using the console, see Working with the AWS Management
Console for an overview.

To create a group for administrators
1.

In the navigation pane, choose Groups, and then choose Create New Group.

For Group Name, type a name for your group, such as Administrators, and then choose Next
Step.

In the list of policies, select the check box next to the AdministratorAccess policy. You can use
the Filter menu and the Search box to filter the list of policies.

Choose Next Step, and then choose Create Group.

Your new group is listed under Group Name.

To create an IAM user for yourself, add the user to the administrators group, and create
a password for the user
1.

In the navigation pane, choose Users, and then choose Create New Users.

In box 1, type a user name.

Clear the check box next to Generate an access key for each user.

Choose Create.

In the list of users, choose the name (not the check box) of the user you just created. You can use
the Search box to search for the user name.

Choose the Groups tab and then choose Add User to Groups.

Select the check box next to the administrators group. Then choose Add to Groups.

Choose the Security Credentials tab. Under Sign-In Credentials, choose Manage Password.

Select Assign a custom password. Then type a password in the Password and Confirm
Password boxes. When you are finished, choose Apply.

To sign in as this new IAM user, sign out of the AWS console, then use the following URL, where
your_aws_account_id is your AWS account number without the hyphens (for example, if your AWS
account number is 1234-5678-9012, your AWS account ID is 123456789012):
https://your_aws_account_id.signin.aws.amazon.com/console/

Enter the IAM user name (not your email address) and password that you just created. When you're
signed in, the navigation bar displays "your_user_name @ your_aws_account_id".
If you don't want the URL for your sign-in page to contain your AWS account ID, you can create an
account alias. From the IAM console, click Dashboard in the navigation pane. From the dashboard,
click Customize and enter an alias such as your company name. To sign in after you create an
account alias, use the following URL:

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Create a Key Pair
https://your_account_alias.signin.aws.amazon.com/console/

To verify the sign-in link for IAM users for your account, open the IAM console and check under IAM
users sign-in link on the dashboard.
For more information about IAM, see IAM and Amazon EC2 (p. 509).

Create a Key Pair
AWS uses public-key cryptography to secure the login information for your instance. You specify
the name of the key pair when you launch your instance, then provide the private key to obtain the
administrator password for your Windows instance so you can log in using RDP.
If you haven't created a key pair already, you can create one using the Amazon EC2 console. Note that
if you plan to launch instances in multiple regions, you'll need to create a key pair in each region. For
more information about regions, see Regions and Availability Zones (p. 6).

To create a key pair
1.

From the AWS dashboard, choose EC2 to open the Amazon EC2 console.

From the navigation bar, select a region for the key pair. You can select any region that's available
to you, regardless of your location. However, key pairs are specific to a region; for example, if you
plan to launch an instance in the US West (Oregon) Region, you must create a key pair for the
instance in the US West (Oregon) Region.

In the navigation pane, under NETWORK & SECURITY, click Key Pairs.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Create a Virtual Private Cloud (VPC)

Tip
The navigation pane is on the left side of the console. If you do not see the pane, it might
be minimized; click the arrow to expand the pane. You may have to scroll down to see the
Key Pairs link.

Click Create Key Pair.

Enter a name for the new key pair in the Key pair name field of the Create Key Pair dialog box,
and then click Create. Choose a name that is easy for you to remember, such as your IAM user
name, followed by -key-pair, plus the region name. For example, me-key-pair-uswest2.

The private key file is automatically downloaded by your browser. The base file name is the name
you specified as the name of your key pair, and the file name extension is .pem. Save the private
key file in a safe place.

Important
This is the only chance for you to save the private key file. You'll need to provide the
name of your key pair when you launch an instance and the corresponding private key
each time you connect to the instance.
For more information, see Amazon EC2 Key Pairs and Windows Instances (p. 496).

Create a Virtual Private Cloud (VPC)
Amazon VPC enables you to launch AWS resources into a virtual network that you've defined. If
you have a default VPC, you can skip this section and move to the next task, Create a Security
Group (p. 17). To determine whether you have a default VPC, see Supported Platforms in the
Amazon EC2 Console (p. 560). Otherwise, you can create a nondefault VPC in your account using
the steps below.

Important
If your account supports EC2-Classic in a region, then you do not have a default VPC in that
region. T2 instances must be launched into a VPC.

To create a nondefault VPC
1.

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

From the navigation bar, select a region for the VPC. VPCs are specific to a region, so you should
select the same region in which you created your key pair.

On the VPC dashboard, click Start VPC Wizard.

On the Step 1: Select a VPC Configuration page, ensure that VPC with a Single Public Subnet
is selected, and click Select.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Create a Security Group

On the Step 2: VPC with a Single Public Subnet page, enter a friendly name for your VPC in
the VPC name field. Leave the other default configuration settings, and click Create VPC. On the
confirmation page, click OK.

For more information about Amazon VPC, see What is Amazon VPC? in the Amazon VPC User Guide.

Create a Security Group
Security groups act as a firewall for associated instances, controlling both inbound and outbound
traffic at the instance level. You must add rules to a security group that enable you to connect to your
instance from your IP address using RDP. You can also add rules that allow inbound and outbound
HTTP and HTTPS access from anywhere.
Note that if you plan to launch instances in multiple regions, you'll need to create a security group in
each region. For more information about regions, see Regions and Availability Zones (p. 6).
Prerequisites
You'll need the public IP address of your local computer, which you can get using a service. For
example, we provide the following service: http://checkip.amazonaws.com/. To locate another service
that provides your IP address, use the search phrase "what is my IP address." If you are connecting
through an Internet service provider (ISP) or from behind a firewall without a static IP address, you
need to find out the range of IP addresses used by client computers.

To create a security group with least privilege
1.

Open the Amazon EC2 console.

Tip
Alternatively, you can use the Amazon VPC console to create a security group. However,
the instructions in this procedure don't match the Amazon VPC console. Therefore, if
you switched to the Amazon VPC console in the previous section, either switch back to
the Amazon EC2 console and use these instructions, or use the instructions in Set Up a
Security Group for Your VPC in the Amazon VPC Getting Started Guide.
2.

From the navigation bar, select a region for the security group. Security groups are specific to a
region, so you should select the same region in which you created your key pair.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Create a Security Group

3.
4.

Click Security Groups in the navigation pane.
Click Create Security Group.

Enter a name for the new security group and a description. Choose a name that is easy for you to
remember, such as your IAM user name, followed by _SG_, plus the region name. For example,
me_SG_uswest2.
In the VPC list, select your VPC. If you have a default VPC, it's the one that is marked with an
asterisk (*).

Note
If your account supports EC2-Classic, select the VPC that you created in the previous
task.
7.

On the Inbound tab, create the following rules (click Add Rule for each new rule), and then click
Create:
• Select HTTP from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).
• Select HTTPS from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).
• Select RDP from the Type list. In the Source box, ensure Custom is selected, and specify
the public IP address of your computer or network in CIDR notation. To specify an individual
IP address in CIDR notation, add the routing prefix /32. For example, if your IP address is
203.0.113.25, specify 203.0.113.25/32. If your company allocates addresses from a
range, specify the entire range, such as 203.0.113.0/24.

Caution
For security reasons, we don't recommend that you allow RDP access from all IP
addresses (0.0.0.0/0) to your instance, except for testing purposes and only for a
short time.
For more information, see Amazon EC2 Security Groups for Windows Instances (p. 500).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Overview

Getting Started with Amazon EC2
Windows Instances

Let's get started with Amazon Elastic Compute Cloud (Amazon EC2) by launching, connecting to, and
using a Windows instance. An instance is a virtual server in the AWS cloud. With Amazon EC2, you
can set up and configure the operating system and applications that run on your instance.
When you sign up for AWS, you can get started with Amazon EC2 for free using the AWS Free Tier. If
you created your AWS account less than 12 months ago, and have not already exceeded the free tier
benefits for Amazon EC2, it will not cost you anything to complete this tutorial, because we help you
select options that are within the free tier benefits. Otherwise, you'll incur the standard Amazon EC2
usage fees from the time that you launch the instance until you terminate the instance (which is the
final task of this tutorial), even if it remains idle.
Contents
• Overview (p. 19)
• Prerequisites (p. 20)
• Step 1: Launch an Instance (p. 20)
• Step 2: Connect to Your Instance (p. 21)
• Step 3: Clean Up Your Instance (p. 23)
• Next Steps (p. 23)

Overview
The instance is an Amazon EBS-backed instance (meaning that the root volume is an EBS volume).
You can either specify the Availability Zone in which your instance runs, or let Amazon EC2 select an
Availability Zone for you. When you launch your instance, you secure it by specifying a key pair and
security group. When you connect to your instance, you must specify the private key of the key pair
that you specified when launching your instance.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Prerequisites

Tasks
To complete this tutorial, perform the following tasks:
1. Launch an Instance (p. 20)
2. Connect to Your Instance (p. 21)
3. Clean Up Your Instance (p. 23)

Related Tutorials
• If you'd prefer to launch a Linux instance, see this tutorial in the Amazon EC2 User Guide for Linux
Instances: Getting Started with Amazon EC2 Linux Instances.
• If you'd prefer to use the command line, see this tutorial in the AWS Command Line Interface User
Guide: Using Amazon EC2 through the AWS CLI.

Prerequisites
Before you begin, be sure that you've completed the steps in Setting Up with Amazon EC2 (p. 13).

Step 1: Launch an Instance
You can launch a Windows instance using the AWS Management Console as described in the
following procedure. This tutorial is intended to help you launch your first instance quickly, so it doesn't
cover all possible options. For more information about the advanced options, see Launching an
Instance.

To launch an instance
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

From the console dashboard, choose Launch Instance.

The Choose an Amazon Machine Image (AMI) page displays a list of basic configurations, called
Amazon Machine Images (AMIs), that serve as templates for your instance. Select the AMI for
Windows Server 2012 R2 Base or Windows Server 2008 R2 Base. Notice that these AMIs are
marked "Free tier eligible."

On the Choose an Instance Type page, you can select the hardware configuration of your
instance. Select the t2.micro type, which is selected by default. Notice that this instance type is
eligible for the free tier.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 2: Connect to Your Instance

Note
T2 instances, such as t2.micro, must be launched into a VPC. If your AWS account
supports EC2-Classic and you do not have a VPC in the selected region, the launch
wizard creates a VPC for you and you can continue to the next step. Otherwise, the
Review and Launch button is disabled and you must choose Next: Configure Instance
Details and follow the directions to select a subnet.
5.

Choose Review and Launch to let the wizard complete the other configuration settings for you.

On the Review Instance Launch page, under Security Groups, you'll see that the wizard created
and selected a security group for you. You can use this security group, or alternatively you can
select the security group that you created when getting set up using the following steps:
a.

Choose Edit security groups.

On the Configure Security Group page, ensure that Select an existing security group is
selected.

Select your security group from the list of existing security groups, and then choose Review
and Launch.

On the Review Instance Launch page, choose Launch.

When prompted for a key pair, select Choose an existing key pair, then select the key pair that
you created when getting set up.
Alternatively, you can create a new key pair. Select Create a new key pair, enter a name for the
key pair, and then choose Download Key Pair. This is the only chance for you to save the private
key file, so be sure to download it. Save the private key file in a safe place. You'll need to provide
the name of your key pair when you launch an instance and the corresponding private key each
time you connect to the instance.

Caution
Don't select the Proceed without a key pair option. If you launch your instance without a
key pair, then you can't connect to it.
When you are ready, select the acknowledgement check box, and then choose Launch
Instances.
9.

A confirmation page lets you know that your instance is launching. Choose View Instances to
close the confirmation page and return to the console.

10. On the Instances screen, you can view the status of the launch. It takes a short time for an
instance to launch. When you launch an instance, its initial state is pending. After the instance
starts, its state changes to running and it receives a public DNS name. (If the Public DNS
column is hidden, choose the Show/Hide icon in the top right corner of the page and then select
Public DNS.)
11. It can take a few minutes for the instance to be ready so that you can connect to it. Check that
your instance has passed its status checks; you can view this information in the Status Checks
column.

Step 2: Connect to Your Instance
To connect to a Windows instance, you must retrieve the initial administrator password and then
specify this password when you connect to your instance using Remote Desktop.

Note
If you've joined your instance to a domain, you can connect to your instance using
domain credentials you've defined in AWS Directory Service. For more information about
connecting to an instance in a domain, see Connecting To Your Instance Using Domain
Credentials (p. 327).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 2: Connect to Your Instance

The name of the administrator account depends on the language of the operating system. For
example, for English, it's Administrator, for French it's Administrateur, and for Portuguese it's
Administrador. For more information, see Localized Names for Administrator Account in Windows in
the Microsoft TechNet Wiki.
The license for the Windows Server operating system (OS) allows two simultaneous remote
connections for administrative purposes. The license for Windows Server is included in the price of
your EC2 instance. If you need more than two simultaneous remote connections you must purchase
a Remote Desktop Services (RDS) license. If you attempt a third connection, an error will occur. For
more information, see Configure the Number of Simultaneous Remote Connections Allowed for a
Connection.

To connect to your Windows instance using an RDP client
1.

In the Amazon EC2 console, select the instance, and then choose Connect.

In the Connect To Your Instance dialog box, choose Get Password (it will take a few minutes
after the instance is launched before the password is available).

Choose Browse and navigate to the private key file you created when you launched the instance.
Select the file and choose Open to copy the entire contents of the file into contents box.

Choose Decrypt Password. The console displays the default administrator password for the
instance in the Connect To Your Instance dialog box, replacing the link to Get Password shown
previously with the actual password.

Record the default administrator password, or copy it to the clipboard. You need this password to
connect to the instance.

Choose Download Remote Desktop File. Your browser prompts you to either open or save
the .rdp file. Either option is fine. When you have finished, you can choose Close to dismiss the
Connect To Your Instance dialog box.
• If you opened the .rdp file, you'll see the Remote Desktop Connection dialog box.
• If you saved the .rdp file, navigate to your downloads directory, and open the .rdp file to display
the dialog box.

You may get a warning that the publisher of the remote connection is unknown. If you are using
Remote Desktop Connection from a Windows PC, choose Connect to connect to your instance.
If you are using Microsoft Remote Desktop on a Mac, skip the next step.

When prompted, log in to the instance, using the administrator account for the operating system
and the password that you recorded or copied previously. If your Remote Desktop Connection
already has an administrator account set up, you might have to choose the Use another account
option and enter the user name and password manually.

Note
Sometimes copying and pasting content can corrupt data. If you encounter a "Password
Failed" error when you log in, try typing in the password manually.
9.

Due to the nature of self-signed certificates, you may get a warning that the security certificate
could not be authenticated. Use the following steps to verify the identity of the remote computer, or
simply choose Yes or Continue to continue if you trust the certificate.
a.

If you are using Remote Desktop Connection from a Windows PC, choose View certificate.
If you are using Microsoft Remote Desktop on a Mac, choose Show Certificate.

Choose the Details tab, and scroll down to the Thumbprint entry on a Windows PC, or the
SHA1 Fingerprints entry on a Mac. This is the unique identifier for the remote computer's
security certificate.

In the Amazon EC2 console, select the instance, choose Actions, and then choose Get
System Log.

In the system log output, look for an entry labeled RDPCERTIFICATE-THUMBPRINT. If this
value matches the thumbprint or fingerprint of the certificate, you have verified the identity of
the remote computer.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 3: Clean Up Your Instance

If you are using Remote Desktop Connection from a Windows PC, return to the Certificate
dialog box and choose OK. If you are using Microsoft Remote Desktop on a Mac, return to
the Verify Certificate and choose Continue.
If you are using Remote Desktop Connection from a Windows PC, choose Yes in the
Remote Desktop Connection window to connect to your instance. If you are using
Microsoft Remote Desktop on a Mac, log in to the instance as prompted, using the default
Administrator account and the default administrator password that you recorded or copied
previously.

Note
On a Mac, you may need to switch spaces to see the Microsoft Remote Desktop
login screen. For more information on spaces, see http://support.apple.com/kb/
PH14155.

Step 3: Clean Up Your Instance
After you've finished with the instance that you created for this tutorial, you should clean up by
terminating the instance. If you want to do more with this instance before you clean up, see Next
Steps (p. 23).

Important
Terminating an instance effectively deletes it; you can't reconnect to an instance after you've
terminated it.
If you launched an instance that is not within the AWS Free Tier, you'll stop incurring charges for that
instance as soon as the instance status changes to shutting down or terminated. If you'd like
to keep your instance for later, but not incur charges, you can stop the instance now and then start it
again later. For more information, see Stopping Instances.

To terminate your instance
1.

In the navigation pane, choose Instances. In the list of instances, select the instance.

2.
3.

Choose Actions, then Instance State, and then choose Terminate.
Choose Yes, Terminate when prompted for confirmation.
Amazon EC2 shuts down and terminates your instance. After your instance is terminated, it
remains visible on the console for a short while, and then the entry is deleted.

Next Steps
After you start your instance, you might want to try some of the following exercises:
• Configure a CloudWatch alarm to notify you if your usage exceeds the Free Tier. For more
information, see Create a Billing Alarm in the AWS Billing and Cost Management User Guide.
• Add an EBS volume. For more information, see Creating an Amazon EBS Volume (p. 642) and
Attaching an Amazon EBS Volume to an Instance (p. 647).
• Install the WAMP or WIMP stack. For more information, see Tutorial: Installing a WAMP Server on
an Amazon EC2 Instance Running Windows Server (p. 30) and Tutorial: Installing a WIMP Server
on an Amazon EC2 Instance Running Windows Server (p. 33).

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Best Practices for Amazon EC2
This checklist is intended to help you get the maximum benefit from and satisfaction with Amazon EC2.

Security and Network
• Manage access to AWS resources and APIs using identity federation, IAM users, and IAM roles.
Establish credential management policies and procedures for creating, distributing, rotating, and
revoking AWS access credentials. For more information, see IAM Best Practices in the IAM User
Guide.
• Implement the least permissive rules for your security group. For more information, see Security
Group Rules (p. 501).
• Regularly patch, update, and secure the operating system and applications on your instance. For
more information about updating Amazon Linux, see Managing Software on Your Linux Instance
in the Amazon EC2 User Guide for Linux Instances. For more information about updating your
Windows instance, see Updating Your Windows Instance.
• Launch your instances into a VPC instead of EC2-Classic. Note that if you created your AWS
account after 2013-12-04, we automatically launch your instances into a VPC. For more information
about the benefits, see Amazon EC2 and Amazon Virtual Private Cloud (p. 554).

Storage
• Understand the implications of the root device type for data persistence, backup, and recovery. For
more information, see Storage for the Root Device (p. 63).
• Use separate Amazon EBS volumes for the operating system versus your data. Ensure that the
volume with your data persists after instance termination. For more information, see Preserving
Amazon EBS Volumes on Instance Termination (p. 250).
• Use the instance store available for your instance to store temporary data. Remember that the data
stored in instance store is deleted when you stop or terminate your instance. If you use instance
store for database storage, ensure that you have a cluster with a replication factor that ensures fault
tolerance.

Resource Management
• Use instance metadata and custom resource tags to track and identify your AWS resources. For
more information, see Instance Metadata and User Data (p. 253) and Tagging Your Amazon EC2
Resources (p. 733).
• View your current limits for Amazon EC2. Plan to request any limit increases in advance of the time
that you'll need them. For more information, see Amazon EC2 Service Limits (p. 742).

Amazon Elastic Compute Cloud
User Guide for Windows Instances

Backup and Recovery
• Regularly back up your instance using Amazon EBS snapshots (p. 669) or a backup tool.
• Deploy critical components of your application across multiple Availability Zones, and replicate your
data appropriately.
• Design your applications to handle dynamic IP addressing when your instance restarts. For more
information, see Amazon EC2 Instance IP Addressing (p. 581).
• Monitor and respond to events. For more information, see Monitoring Amazon EC2 (p. 430).
• Ensure that you are prepared to handle failover. For a basic solution, you can manually attach a
network interface or Elastic IP address to a replacement instance. For more information, see Elastic
Network Interfaces (ENI) (p. 598). For an automated solution, you can use Auto Scaling. For more
information, see the Auto Scaling User Guide.
• Regularly test the process of recovering your instances and Amazon EBS volumes if they fail.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Deploy a WordPress Blog

Tutorials for Amazon EC2
Instances Running Windows
Server

The following tutorials show you how to perform common tasks using EC2 instances running Windows
Server.
Tutorials
• Tutorial: Deploying a WordPress Blog on Your Amazon EC2 Instance Running Windows
Server (p. 26)
• Tutorial: Installing a WAMP Server on an Amazon EC2 Instance Running Windows
Server (p. 30)
• Tutorial: Installing a WIMP Server on an Amazon EC2 Instance Running Windows
Server (p. 33)
• Tutorial: Increase the Availability of Your Application on Amazon EC2 (p. 37)
• Tutorial: Remotely Manage Your Amazon EC2 Instances (p. 41)
• Tutorial: Setting Up a Windows HPC Cluster on Amazon EC2 (p. 44)

Tutorial: Deploying a WordPress Blog on
Your Amazon EC2 Instance Running Windows
Server
This tutorial will help you install and deploy a WordPress blog on an Amazon EC2 instance running
Windows Server.
If you'd prefer to host your WordPress blog on a Linux instance, see Tutorial: Hosting a WordPress
Blog with Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Prerequisites

Prerequisites
Before you get started, be sure that you do the following:
1. Launch an Amazon EC2 instance from the Windows Server 2008 R2 base AMI. For information, see
Getting Started with Amazon EC2 Windows Instances (p. 19).
2. Use the AWS free usage tier (if eligible) to launch and use the free Windows t2.micro instance for
12 months. You can use the AWS free usage tier for launching new applications, testing existing
applications, or simply gaining hands-on experience with AWS. For more information about eligibility
and the highlights, see the AWS Free Usage Tier product page.

Important
If you've launched a regular instance and use it to deploy the WordPress website, you will
incur the standard Amazon EC2 usage fees for the instance until you terminate it. For more
information about Amazon EC2 usage rates, go to the Amazon EC2 product page.
3. Ensure that the security group in which you're launching your instance has ports 80 (HTTP), 443
(HTTPS), and 3389 (RDP) open for inbound traffic. Ports 80 and 443 allow computers outside of the
instance to connect with HTTP and HTTPS. If these ports are not open, the WordPress site can't be
accessed from outside the instance. Port 3389 allows you to connect to the instance with Remote
Desktop Protocol.
4. Connect to your instance.

Installing the Microsoft Web Platform Installer
You can use the Microsoft Web Platform Installer to install and configure WordPress on your server.
This tool simplifies deployment of Web applications and Web sites to IIS servers. For more information,
see Microsoft Web Platform Installer.
1.
2.

Verify that you've met the conditions in Prerequisites (p. 27).
Disable Internet Explorer Enhanced Security Configuration.

Download and install the latest version of the Microsoft Web Platform Installer.

Installing WordPress
Now that the Web Platform Installer is installed, you can use it install and configure WordPress on your
server.

To install WordPress
1.

Open the Web Platform Installer and click Applications.

2.
3.

Select WordPress, click Add, and then click Install.
On the Prerequisites page, select MySQL for the database to use. Enter the desired
administrator password for your MySQL database in the Password and Re-type Password
boxes, and then click Continue.

Note

For more information about creating a secure password, see http://www.pctools.com/
guides/password/. Do not reuse an existing password, and make sure to store this
password in a safe place.
Click I Accept for the list of third-party application software, Microsoft products (including the IIS
web server), and components. After the Web Platform Installer finishes installing the software, you
are prompted to configure your new site.
On the Configure page, clear the default application name in the 'WordPress' application name:
box and leave it blank, then leave the default information in the other boxes and click Continue.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Configuring Security Keys

Click Yes to accept that the contents of the folder will be overwritten.

Configuring Security Keys
WordPress allows you to generate and enter unique authentication keys and salts for your site. These
key and salt values provide a layer of encryption to the browser cookies that WordPress users store on
their local machines. Basically, adding long, random values here makes your site more secure.
For more information about security keys, see http://codex.wordpress.org/Editing_wpconfig.php#Security_Keys.

To configure security keys
1.

Visit https://api.wordpress.org/secret-key/1.1/salt/ to randomly generate a set of key values that
you can copy and paste into the installation wizard. The following steps will show you how to
modify these values in Notepad to work with a Windows installation.

Copy all of the text in that page to your clipboard. It should look similar to the example below.

Note
The values below are for example purposes only; do not use these values for your
installation.
define('AUTH_KEY',
'3#U$$+[RXN8:b^-L 0(WU_+ c+WFkI~c]o]-bHw+)/
Aj[wTwSiZ)Y |;
(^[Iw]Pi+LG#A4R?7N`YB3');
define('NONCE_KEY',
'P(g62HeZxEes|LnI^i=H,[XwK9I&[2s|:?0N}VJM
%?;v2v]v+;+^9eXUahg@::Cj');
define('AUTH_SALT',
'C$DpB4Hj[JK:?{ql`sRVa:{:7yShy(9A@5wg+`JJVb1fk
%_-Bx*M4(qc[Qg%JT!h');
define('SECURE_AUTH_SALT', 'd!uRu#}+q#{f$Z?Z9uFPG.${+S{n~1M&
%@~gL>U>NV.|Y
%Ug4#I^*LVd9QeZ^&XmK|e(76miC+&W&+^0P/');
define('NONCE_SALT',
'-97r*V/cgxLmp?Zy4zUU4r99QQ_rGs2LTd%P;|
_e1tS)8_B/,.6[=UK

In a web browser, enter the URL of the file you just created. This URL is the public DNS
address of your instance followed by a forward slash and the file name. For example:
http://my.public.dns.amazonaws.com/phpinfo.php

Verify that the PHP information page is displayed. If the page does not display, verify
that you entered the correct public DNS address. Also verify that Windows folder options
are configured to show known file extensions. By default, folder options hide known
file extensions. If you created the file in Notepad and saved it in the root directory your
phpinfo.php file might incorrectly be saved as phpinfo.php.txt.

As a security best practice, delete the phpinfo.php file when you finish testing the WAMP
server.

Enhance MySQL security by disabling default features and by setting a root password. The
mysql_secure_installation Perl script can perform these tasks for you. To run the script, you
must install Perl.
32

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Installing a WIMP Server

Download and install Perl from the Perl Programming Language website.

In the C:\Bitnami\wampstack-version_number\mysql\bin directory, double-click
mysql_secure_installation.

When prompted, enter the MySQL root account password that you entered when you ran the
Bitnami WAMP stack installer, and then press Enter.

Type n to skip changing the password.

Type Y to remove the anonymous user accounts.

Type Y to disable remote root login.

Type Y to remove the test database.

Type Y to reload the privilege tables and save your changes.

If you successfully completed the steps in this tutorial, then your WAMP server is
functioning properly. To continue testing, you can add more content to the C:\Bitnami
\wampstack-version_number\apache2\htdocs folder and view the content by using the public DNS
address for your instance.

Important
As a best practice, stop the MySQL server if you do not plan to use it right away. You can
restart the server when you need it again.

Tutorial: Installing a WIMP Server on an
Amazon EC2 Instance Running Windows
Server
This tutorial shows you how to install a Microsoft Internet Information Services (IIS) web server
with PHP and MySQL on an EC2 instance running Windows Server. This software configuration is
sometimes called a WIMP server or WIMP stack (Windows, IIS, MySQL, PHP).
A WIMP stack is designed for easy installation to help developers get up and running quickly. It is not
designed for production environments for the following reasons:
• The default configurations do not meet security requirements for most production environments.
• Upgrading and patching the different software components on a single production server would
affect server availability.
• The WAMP one-click installers do not place files in standard locations, which can make it difficult to
locate important configuration files.
You can, however, create a WIMP stack on an EC2 instance to prototype a web project in a controlled
test environment. For example, you can host a static website or deploy a dynamic PHP application that
reads and writes information to a database.
Prerequisites
Before you begin:
• Provision a Windows Server 2008 R2 or 2012 R2 base instance. You must configure the base
instance with a public domain name system (DNS) name that is reachable from the Internet. For
more information, see Getting Started with Amazon EC2 Windows Instances (p. 19). Optionally, you

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Installing a WIMP Server

might be eligible to configure the base instance using the AWS free tier. The free tier is designed for
users with new AWS accounts who want to gain experience with AWS. For more information about
the free tier and eligibility requirements, see AWS Free Tier.

Important
If you launch a non-free tier instance and use it to deploy your stack, you will incur
the standard Amazon EC2 usage fees for the instance until you terminate it. For more
information, see Amazon EC2 Pricing.
• Verify that the security group for your instance has the following ports open:
• 80 (HTTP inbound and outbound) - Port 80 allows computers outside of the instance to connect by
using HTTP.
• 443 (HTTPS inbound and outbound) - Port 443 allows computers outside of the instance to
connect by using HTTPS.
• 3389 (RDP inbound only) - Port 3389 allows you to connect to the instance with Remote Desktop
Protocol (RDP). As a security best practice, restrict RDP access to a range of IP addresses in your
organization.
For more information about these prerequisites, see Setting Up with Amazon EC2 (p. 13).
• Read the best practices for installing PHP on the Microsoft web platform.

To install a WIMP server
1.

Connect to your instance using Microsoft Remote Desktop. For more information, see Connecting
to Your Windows Instance Using RDP (p. 239).

Disable Internet Explorer Enhanced Security Configuration so that you can download and install
required software from the web.

Note
Make a note to re-enable Internet Explorer Enhanced Security Configuration when you
have finished installing software from the web.
3.

Install software updates to ensure that the instance has the latest security updates and bug fixes.
a.

EC2Config - Download and install the latest version of Amazon Windows EC2Config Service.

Windows Update - Run Windows Update to ensure that the latest security and software
updates are installed on the instance. In Control Panel, click System and Security. In the
Windows Update section, click Check for updates.

Install the IIS web server
IIS is a feature of Windows Server and is installed by using Server Manager. This section includes
procedures for installing IIS on either Windows Server 2008 or 2012.

Install IIS on Windows Server 2012
1.

In Server Manager click Add roles and features.

On the Before you begin page, click Next.

On the Select installation type page, select Role-based or feature-based installation, and then
click Next.

On the Select destination server page, select your instance from the server pool, and then click
Next.

On the Select server roles page, select Web Server (IIS), click Add features, and then click
Next.

On the Select features page, retain the default features and expand .NET Framework 4.5
Features, select ASP.NET 4.5, and then click Next.
34

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Installing a WIMP Server

On the Web Server Role (IIS) page, click Next.

On the Select role services page, retain the default services and select Application
Development.

Expand Application Development, and then select the following features. When selecting these
features, if you are prompted, click Add features:
a.

.NET Extensibility 3.5

.NET Extensibility 4.5

Application Initialization

ASP.NET 3.5

ASP.NET 4.5

CGI

10. Click Next.
11. On the Confirm installation selections page, select Restart the destination server
automatically if required. When prompted for confirmation, click Yes.
12. Click Install, and then after the installation is complete, click Close.
13. Run Windows update again.

Install IIS on Windows Server 2008
1.

In Server Manager, click Roles.

Click Add Roles.

On the Before You Begin page, click Next.

On the Select Server Roles page, click Web Server (IIS).

On the Select Role Services page under Application Development, click ASP.NET.
a.

When prompted, click Add Required Role Services.

Click CGI.

Click Next.

On the Confirm Installation Selections, click Install.

Run Windows update again.

Verify that the web server is running
After setup completes, verify that the IIS web server is configured properly and running by going to
the IIS welcome page. Open a web browser on a different computer and enter either the public DNS
address of the WIMP server or the public IP address. The public DNS address for your instance is
listed on the Amazon EC2 console in the Public DNS column. If this column is hidden, click the Show/
Hide icon and select Public DNS.

Important
If you do not see the IIS welcome page, use Windows Firewall with Advanced Security to
create a custom rule that allows the HTTP protocol through port 80 and the HTTPS protocol
through port 443. For more information, see Windows Firewall with Advanced Security
Overview on Microsoft TechNet. Also verify that the security group you are using contains a
rule to allow HTTP (port 80) connections. For information about adding an HTTP rule to your
security group, see Adding Rules to a Security Group.
Install MySQL and PHP
You can download and install MySQL and PHP by using the Microsoft Web Platform Installer, as
described in this section.
35

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Installing a WIMP Server

To install MySQL and PHP
1.
2.
3.

In your Windows Server instance, download and install the latest version of the Microsoft Web
Platform Installer 5.0.
In the Microsoft Web Platform Installer click the Products tab.
Select MySQL Windows 5.5 and click Add.

4.
5.

Select PHP 5.6.0 and click Add.
Click Install.

On the Prerequisites page, enter a password for the MySQL default database administrator
account, and then click Continue.
When the installation is complete, click Finish, and then click Exit to close the Web Platform
Installer.

Test your WIMP server
Test your WIMP server by viewing a PHP file from the web. You must be logged onto the instance as
an administrator to perform the following steps.

To test your WIMP server
1.
2.

Download and install the Visual C++ Redistributable for Visual Studio 2012 Update 4 x86 package.
Even if your server is a 64-bit server, you must install the x86 package.
Create a file called phpinfo.php that contains the following code and place this file in the IIS root
directory. By default, the path is: C:\inetpub\wwwroot.

5.
6.

In a web browser, enter the URL of the file you just created. This URL is the public DNS address
of your instance followed by a forward slash and the file name, as in the following example:
http://my.public.dns.amazonaws.com/phpinfo.php
Verify that the PHP information page is displayed. If the page does not display, verify that you
entered the correct public DNS address. Also verify that Windows folder options are configured to
show known file extensions. By default, folder options hide known file extensions. If you created
the file in Notepad and saved it in the root directory your phpinfo.php file might incorrectly be
saved as phpinfo.php.txt.
As a security best practice, delete the phpinfo.php file when you finish testing the WAMP server.
Enhance MySQL security by disabling default features and by setting a root password. The
mysql_secure_installation Perl script can perform these tasks for you. To run the script, you
must install Perl.
a.
b.
c.
d.

Download and install Perl from the Perl Programming Language website.
In the C:\Program Files\MySQL\MySQL Server 5.5\bin directory, double-click
mysql_secure_installation.
When prompted, enter the current root password and press Enter.
Type n to skip changing the password.

e.
f.
g.
h.

Type Y to remove the anonymous user accounts.
Type Y to disable remote root login.
Type Y to remove the test database.
Type Y to reload the privilege tables and save your changes.

You should now have a fully functional WIMP web server. If you add content to the IIS document
root at C:\inetpub\wwwroot, you can view that content at the public DNS address for your instance.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Increase the Availability of Your Application

Important
As a best practice, stop the MySQL server if you do not plan to use it right away. You can
restart the server when you need it again.

Tutorial: Increase the Availability of Your
Application on Amazon EC2
Suppose that you start out running your app or website on a single EC2 instance, and over time,
traffic increases to the point that you require more than one instance to meet the demand. You can
launch multiple EC2 instances from your AMI and then use Elastic Load Balancing to distribute
incoming traffic for your application across these EC2 instances. This increases the availability of your
application. Placing your instances in multiple Availability Zones also improves the fault tolerance in
your application. If one Availability Zone experiences an outage, traffic is routed to the other Availability
Zone.
You can use Auto Scaling to maintain a minimum number of running instances for your application
at all times. Auto Scaling can detect when your instance or application is unhealthy and replace it
automatically to maintain the availability of your application. You can also use Auto Scaling to scale
your Amazon EC2 capacity up or down automatically based on demand, using criteria that you specify.
In this tutorial, we use Auto Scaling with Elastic Load Balancing to ensure that you maintain a specified
number of healthy EC2 instances behind your load balancer. Note that these instances do not need
public IP addresses, because traffic goes to the load balancer and is then routed to the instances. For
more information, see Auto Scaling and Elastic Load Balancing.

Contents
• Prerequisites (p. 37)
• Scale and Load Balance Your Application (p. 38)
• Test Your Load Balancer (p. 39)

Prerequisites
This tutorial assumes that you have already done the following:
1.

If you don't have a default virtual private cloud (VPC), create a VPC with one public subnet in two
or more Availability Zones. For more information, see Create a Virtual Private Cloud (VPC) (p. 16).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Scale and Load Balance Your Application

Launch an instance in the VPC.

Connect to the instance and customize it. For example, you can install software and applications,
copy data, and attach additional EBS volumes. For information about setting up a web server
on your instance, see Tutorial: Installing a WAMP Server on an Amazon EC2 Instance Running
Windows Server (p. 30) or Tutorial: Installing a WIMP Server on an Amazon EC2 Instance
Running Windows Server (p. 33).

Test your application on your instance to ensure that your instance is configured correctly.

Create a custom Amazon Machine Image (AMI) from your instance. For more information, see
Creating an Amazon EBS-Backed Windows AMI (p. 76).

(Optional) Terminate the instance if you no longer need it.

Create an IAM role that grants your application the access to AWS that it needs. For more
information, see Creating an IAM Role Using the Console (p. 549).

Scale and Load Balance Your Application
Use the following procedure to create a load balancer, create a launch configuration for your instances,
create an Auto Scaling group with two or more instances, and associate the load balancer with the
Auto Scaling group.

To scale and load-balance your application
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, under LOAD BALANCING, click Load Balancers.

Click Create Load Balancer.

On the Define Load Balancer page, do the following:

Enter a name for the load balancer in Load Balancer name. For example, my-lb.

Select your VPC from Create LB Inside.

Leave the default for Listener Configuration, which is an HTTP listener.

If you selected a nondefault VPC, you are prompted to select subnets under Select Subnets.
Click the icon in the Action column for each of your two public subnets.

Click Next: Assign Security Groups.

On the Assign Security Groups page, do the following:
a.

Click Create a new security group.

Enter a name and description for your security group. This new security group contains a rule
that allows traffic to the port for your HTTP listener.

Click Next: Configure Security Settings.

On the Configure Security Settings page, click Next: Configure Health Check to continue to
the next page, as we are not creating an HTTPS load balancer.

On the Configure Health Check page, do the following:
a.

Leave Ping Protocol and Ping Port at their default values.

Set Ping Path to /. This sends queries to your default page, whether it is named
index.html or something else.

Click Next: Add EC2 Instances.

On the Add EC2 Instances page, click Next: Add Tags to continue to the next page, as we'll use
Auto Scaling to add EC2 instances to the load balancer.

On the Add Tags page, add any tags that you need, and then click Review and Create.

10. On the Review page, review your settings and then click Create. After the load balancer is
created, click Close.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Test Your Load Balancer

11. In the navigation pane, under AUTO SCALING, click Launch Configurations.
•

If you are new to Auto Scaling, you see a welcome page. Click Create Auto Scaling group to
start the Create Auto Scaling Group wizard, and then click Create launch configuration.

•

Otherwise, click Create launch configuration.

12. On the Choose AMI page, select the My AMIs tab, and then select the AMI that you created in
Prerequisites (p. 37).
13. On the Choose Instance Type page, select an instance type, and then click Next: Configure
details.
14. On the Configure details page, do the following:
a.

In Name, enter a name for your launch configuration (for example, my-launch-config).

From IAM role, select the IAM role that you created in Prerequisites (p. 37).

(Optional) If you need to run a startup script, expand Advanced Details and enter the script in
User data.

Click Skip to review.

15. On the Review page, click Edit security groups. You can select an existing security group or
create a new one. This security group must allow HTTP traffic and health checks from the load
balancer. If your instances will have public IP addresses, you can optionally allow RDP traffic if
you need to connect to the instances. When you are finished, click Review.
16. On the Review page, click Create launch configuration.
17. When prompted, select an existing key pair, create a new key pair, or proceed without a key pair.
Click the acknowledgment check box, and then click Create launch configuration.
18. After the launch configuration is created, you must create an Auto Scaling group.
•

If you are new to Auto Scaling and you are using the Create Auto Scaling group wizard, you
are taken to the next step automatically.

•

Otherwise, click Create an Auto Scaling group using this launch configuration.

19. On the Configure Auto Scaling group details page, do the following:
a.

Enter a name for the Auto Scaling group. For example, my-asg.

In Group size, enter the number of instances in the text box (for example, 2). Note that
we recommend that you maintain approximately the same number of instances in each
Availability Zone.

Select your VPC from Network and your two public subnets from Subnet.

Expand Advanced Details. Select Receive traffic from Elastic Load Balancer(s). Select
your load balancer from the text field.

Click Next: Configure scaling policies.

20. On the Configure scaling policies page, click Review, as we will simply let Auto Scaling
maintain the group at the specified size. Note that later on, you can manually scale this Auto
Scaling group, configure the group to scale on a schedule, or configure the group to scale based
on demand.
21. On the Review page, click Create Auto Scaling group.
22. After the group is created, click Close.

Test Your Load Balancer
First, verify that Auto Scaling has launched your instances and that they are ready. From the Auto
Scaling Groups page, select your Auto Scaling group and then select the Instances tab.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Test Your Load Balancer

Initially, your instances are in the Pending state. When their states are InService, they are ready for
use.
Next, verify that your instances are registered with the load balancer and ready to receive traffic from
the load balancer. From the Load Balancers page, select your load balancer and then select the
Instances tab.

If the state of your instances is OutOfService, it's possible that they are still registering. When their
states are InService, they are ready for use. After your instances are ready, you can test your load
balancer as follows.

To test your load balancer
1.

From the Load Balancers page, select your load balancer.

On the Description tab, locate the DNS name. This name has the following form:
my-lb-xxxxxxxxxx.us-west-2.elb.amazonaws.com

In a web browser, paste the DNS name for the load balancer into the address bar and press Enter.
You'll see your website displayed.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Remotely Manage Your Instances

Tutorial: Remotely Manage Your Amazon EC2
Instances
This tutorial shows you how to remotely manage an Amazon EC2 instance using Amazon Elastic
Compute Cloud (Amazon EC2) Run Command from your local machine. In this tutorial, you will learn
how to do the following tasks:
• Launch a new instance that is configured for Run Command.
• Configure your user account for Run Command.
• Use Run Command to send a command from your local machine and retrieve a list of services
running on the instance.
This tutorial includes procedures for executing commands using either the Amazon EC2 console or
AWS Tools for Windows PowerShell.

Note
With Run Command, you can also manage your servers and virtual machines (VMs) in your
on-premises environment or in an environment provided by other cloud providers. For more
information, see Setting Up Run Command On Managed Instances (p. 367).

Launch a New Instance
Instances require an AWS Identity and Access Management (IAM) role that enables the instance to
communicate with Amazon EC2 Simple Systems Manager (SSM). You must assign the IAM role when
you create the new instance. You can't assign a role to an instance that is already running. For existing
instances, you must create an image of the instance, launch an instance from that image, and assign
the IAM role as you launch the instance. For more information, see Creating an Amazon EBS-Backed
Windows AMI (p. 76).

To create an instance that uses an SSM-supported role
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

Select a supported region.

Choose Launch Instance and select a Windows Server Amazon Machine Image (AMI).

Choose your instance type and then choose Next: Configure Instance Details.

In Auto-assign Public IP, choose Enable.

Beside IAM role choose Create new IAM role. The IAM console opens in a new tab.
a.

Choose Create New Role.

In Step 1: Set Role Name, enter a name that identifies this role as a Run Command role.

In Step 2: Select Role Type, choose Amazon EC2 Role for Simple Systems Manager. The
system skips Step 3: Establish Trust because this is a managed policy.

In Step 4: Attach Policy, choose AmazonEC2RoleforSSM.

Choose Next Step, and then choose Create Role.

Close the tab with the IAM console.

In the Amazon EC2 console, choose the Refresh button beside Create New IAM role.

From IAM role, choose the role you just created.

Complete the wizard to launch the new instance. Make a note of the instance ID. You will need to
specify this ID later in this tutorial.
41

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Grant Your User Account Access to SSM

Grant Your User Account Access to SSM
Your user account must be configured to communicate with the SSM API. Use the following procedure
to attach a managed IAM policy to your user account that grants you full access to SSM API actions.

To create the IAM policy for your user account
1.

Open the Identity and Access Management (IAM) console at https://console.aws.amazon.com/
iam/.

In the navigation pane, choose Policies. (If this is your first time using IAM, choose Get Started,
and then choose Create Policy.)

In the Filter field, type AmazonSSMFullAccess and press Enter.

Select the check box next to AmazonSSMFullAccess and then choose Policy Actions, Attach.

On the Attach Policy page, choose your user account and then choose Attach Policy.

Send a Command Using the EC2 Console
Use the following procedure to list all services running on the instance by using Run Command from
the Amazon EC2 console.

To execute a command using Run Command from the console
1.

In the Amazon EC2 console, in the navigation pane choose Command History, and then choose
Run a Command.

In the Command document list, choose AWS-RunPowerShellScript.

Choose Select instances, and then choose the instance you just created. If you don't see the
instance, verify that you are currently in the same region as the instance you created. Also verify
that you configured the IAM role and trust policies as described earlier in this topic.

In the Commands field, type Get-Service. You can specify a Working Directory and
Execution Timeout, if you want. The Execution Timeout is the number of seconds the
EC2Config service will attempt to run the command before it is considered to have failed. We
recommend entering a comment in the Comments field. A comment will help you identify the
command in the list of pending commands and make it easier to view the output.

In the Timeout (seconds) field, type the number of seconds Run Command should attempt to
reach instances before an instance is considered unreachable and the command execution fails.

Choose Run to execute the command. Run Command displays a status screen.

Choose View results.

Choose the command invocation for the command you just ran. Choose the Output tab, and then
choose View Output.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Send a Command Using AWS
Tools for Windows PowerShell

Send a Command Using AWS Tools for
Windows PowerShell
Use the following procedure to list all services running on the instance by using Run Command from
AWS Tools for Windows PowerShell.

To execute a command
1.

On your local computer, download the latest version of AWS Tools for Windows PowerShell.

Open AWS Tools for Windows PowerShell on your local computer and execute the following
command to specify your credentials.
Set-AWSCredentials –AccessKey key –SecretKey key

Execute the following command to set the region for your PowerShell session. Specify the region
where you created the instance in the previous procedure. This example uses the us-west-2
region.
Set-DefaultAWSRegion -Region us-west-2

Execute the following command to retrieve the services running on the instance.
Send-SSMCommand -InstanceId 'Instance-ID' -DocumentName AWSRunPowerShellScript -Comment 'listing services on the instance' -Parameter
@{'commands'=@('Get-Service')}

The command returns a command ID, which you will use to view the results.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Tutorial: Set Up a Windows HPC Cluster

The following command returns the output of the original Send-SSMCommand. The output is
truncated after 2500 characters. To view the full list of services, specify an Amazon S3 bucket in
the command using the -OutputS3BucketName bucket_name parameter.
Get-SSMCommandInvocation -CommandId Command-ID -Details $true | select ExpandProperty CommandPlugins

For more examples of how to execute commands using Run Command with Tools for
Windows PowerShell and the AWS Management Console, see Amazon EC2 Run Command
Walkthroughs (p. 404). For more information about Run Command, see Remotely Manage Your
Instances (p. 354).

Tutorial: Setting Up a Windows HPC Cluster
on Amazon EC2
You can launch a scalable Windows High Performance Computing (HPC) cluster using Amazon EC2
instances. A Windows HPC cluster requires an Active Directory domain controller, a DNS server, a
head node, and one or more compute nodes.
To set up a Windows HPC cluster on Amazon EC2, complete the following tasks:
• Step 1: Set Up Your Active Directory Domain Controller (p. 44)
• Step 2: Configure Your Head Node (p. 47)
• Step 3: Set Up the Compute Node (p. 49)
• Step 4: Scale Your HPC Compute Nodes (Optional) (p. 50)
For more information about high performance computing, see High Performance Computing (HPC) on
AWS.

Prerequisites
• Install the AWS Command Line Interface tools, and set the region you'll be using as the default
region. For more information, see Installing the AWS Command Line Interface in the AWS Command
Line Interface User Guide.
• These procedures assume that you have a VPC in which to launch your instances. You can use your
default VPC, or configure a nondefault VPC. For more information, see What is Amazon VPC? in the
Amazon VPC User Guide.

Step 1: Set Up Your Active Directory Domain
Controller
The Active Directory domain controller provides authentication and centralized resource management
of the HPC environment and is required for the installation. To set up your Active Directory, complete
these steps:
1.

Create the security groups required for Active Directory.

Create the instance that serves as the domain controller for your HPC cluster.

Configure the domain controller for your HPC cluster.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 1: Set Up Your Active
Directory Domain Controller

Creating Security Groups for Active Directory
Use the AWS CLI to create security groups for the domain controller and domain members.

To create the required security groups for Active Directory
1.

Create a security group in your VPC for the domain controller. In the output, take note of the
security group ID.
aws ec2 create-security-group --vpc-id vpc-id --group-name "SG - Domain
Controller" --description "Active Directory Domain Controller"
{
"GroupId": "dc-security-group-id"
}

Create a security group in your VPC for the domain members. In the output, take note of the
security group ID.
aws ec2 create-security-group --vpc-id vpc-id --group-name "SG - Domain
Member" --description "Active Directory Domain Member"
{
"GroupId": "dm-security-group-id"
}

Copy the contents of the first file in IP Permissions for the Active Directory Security
Groups (p. 51) to a text editor. Replace the dm-security-group-id values with the ID of the
your domain member security group. Save the file, using the file name dc-sg-rules.json.

Add the rules to the domain controller security group.
aws ec2 authorize-security-group-ingress --group-id dc-security-group-id
--ip-permissions file://dc-sg-rules.json

Note
If the JSON file is located in a different directory from which you're working, you must
include the path to the file after file://.
5.

Copy the contents of the second file in IP Permissions for the Active Directory Security
Groups (p. 51) to a text editor. Replace the dc-security-group-id values with the ID of the
your domain controller security group. Save the file, using the file name dm-sg-rules.json.

Add the rules to the domain member security group.
aws ec2 authorize-security-group-ingress --group-id dm-security-group-id
--ip-permissions file://dm-sg-rules.json

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pance, choose Security Groups. Verify that the following security groups appear
in the list, and are populated with the required rules:
• SG - Domain Controller
• SG - Domain Member

Alternatively, manually set up the firewall to allow traffic on the required ports. For more information, go
to How to configure a firewall for domains and trusts on the Microsoft website.
45

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 1: Set Up Your Active
Directory Domain Controller

Creating the Domain Controller for your HPC cluster
Launch an instance that will serve as the domain controller for your HPC cluster.

To create a domain controller for your HPC cluster
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Choose the same region in which you created your security groups.

On the console dashboard, choose Launch Instance.

On the Choose an AMI page, select an AMI for Windows Server, and choose Select.

On the next page of the wizard, select an instance type, then choose Next: Configure Instance
Details.

On the Configure Instance Details page, select your VPC from Network and a subnet from
Subnet. On the next page of the wizard, you can specify additional storage for your instance.

On the Tag Instance page, enter Domain Controller as the value for the Name tag and then
choose Next: Configure Security Group.

On the Configure Security Group page, choose Select an existing security group, select SG Domain Controller from the list of security groups, and then choose Review and Launch.

Choose Launch.

After you've launched your instance, associate an Elastic IP with the instance.

To associate an Elastic IP address with an instance
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Elastic IPs.

Choose Allocate New Address.

When prompted, choose Yes, Allocate, and then close the confirmation dialog box.

Note
If your account supports EC2-Classic, first choose VPC from the list.
5.

Select the Elastic IP address you created, choose Actions, and then choose Associate Address.

In the Instance list, select the Domain Controller instance and then choose Associate.

Configuring the Domain Controller for Your HPC Cluster
Connect to the instance you created, and configure the server as a domain controller for the HPC
cluster.

To configure your instance as a domain controller
1.

Connect to your Domain Controller instance. For more information, see Connecting to Your
Windows Instance Using RDP (p. 239).

Open Server Manager, and add the Active Directory Domain Services role.

Promote the server to a domain controller using Server Manager or by running DCPromo.exe.

Create a new domain in a new forest.

Enter hpc.local as the fully qualified domain name (FQDN).

Select Forest Functional Level as Windows Server 2008 R2.

Ensure that the DNS Server option is selected, and then choose Next.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 2: Configure Your Head Node

Select Yes, the computer will use an IP address automatically assigned by a DHCP server
(not recommended).

In the warning box, choose Yes to continue.

10. Complete the wizard and then select Reboot on Completion.
11. Connect to the instance as hpc.local\administrator.
12. Create a domain user hpc.local\hpcuser.

Step 2: Configure Your Head Node
An HPC client connects to the head node. The head node facilitates the scheduled jobs. You configure
your head node by completing the following steps:
1. Create security groups for your HPC cluster.
2. Launch an instance for your head node.
3. Install the HPC Pack.
4. Configure your HPC cluster.

Creating Security Groups for Your HPC Cluster
Use the AWS CLI to create a security group for the HPC cluster.

To create the security group for your HPC cluster
1.

Create a security group in your VPC for the HPC cluster. In the output, take note of the security
group ID.
aws ec2 create-security-group --vpc-id vpc-id --group-name "SG - Windows
HPC Cluster" --description "Windows HPC Server 2008 R2 Cluster Nodes"
{
"GroupId": "hpc-security-group-id"
}

Copy the contents of the JSON file in IP Permissions for HPC Cluster Security Group (p. 55)
to a text editor. Replace the hpc-security-group-id value with the ID of your HPC security
group. Save the file, using the file name hpc-sg-rules.json.

Add the rules to your HPC cluster security group.
aws ec2 authorize-security-group-ingress --group-id hpc-security-group-id
--ip-permissions file://hpc-sg-rules.json

Open the Amazon EC2 console, select Security Groups from the navigation pane, and verify that
the SG - Windows HPC Cluster security group appears in the list, and is populated with the
required security group rules.

Alternatively, manually configure the firewall with the port requirements for HPC cluster members to
communicate. For more information, see Windows Firewall configuration on the Microsoft website.

Launch an Instance for the HPC Head Node
Launch an instance and then configure it as a member of the hpc.local domain and with the
necessary user accounts.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 2: Configure Your Head Node

To configure an instance as your head node
1.

Launch an instance and name it HPC-Head. When you launch the instance, select both of these
security groups:
• SG - Windows HPC Cluster
• SG - Domain Member

Connect to the instance and get the existing DNS server address from HPC-Head using the
following command:
C:\> IPConfig /all

Update the TCP/IPv4 properties of the HPC-Head NIC to include the Elastic IP address for the
Domain Controller instance as the primary DNS, and then add the additional DNS IP address
from the previous step.

Join the machine to the hpc.local domain using the credentials for hpc.local
\administrator (the domain administrator account).

Add hpc.local\hpcuser as the local administrator. When prompted for credentials, use
hpc.local\administrator, and then restart the instance.

Connect to HPC-Head as hpc.local\hpcuser.

Install the HPC Pack
To install the HPC Pack
1.

Connect to your HPC-Head instance using the hpc.local\hpcuser account.

Using Server Manager, turn off Internet Explorer Enhanced Security Configuration (IE ESC) for
Administrators.

In Server Manager, under Security Information, choose Configure IE ESC.

Turn off IE ESC for administrators.

Install the HPC Pack on HPC-Head.
a.

Download the HPC Pack to HPC-Head from the Microsoft Download Center. Choose the HPC
Pack for the version of Windows Server on HPC-Head.

Extract the files to a folder, open the folder, and double-click setup.exe.

On the Installation page, select Create a new HPC cluster by creating a head node, and
then choose Next.

Accept the default settings to install all the databases on the Head Node, and then choose
Next.

Complete the wizard.

Configure Your HPC Cluster on the Head Node
To configure your HPC cluster on the head node
1.

Start HPC Cluster Manager.

In the Deployment To-Do List, select Configure your network.
a.

In the wizard, select the default option (5), and then choose Next.

Complete the wizard accepting default values on all screens, and choose how you want to
update the server and participate in customer feedback.
48

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 3: Set Up the Compute Node

Choose Configure.

Select Provide Network Credentials, then supply the hpc.local\hpcuser credentials.

Select Configure the naming of new nodes, and then choose OK.

Select Create a node template.
a.

Select the Compute node template, and then choose Next.

Select Without operating system, and then continue with the defaults.

Choose Create.

Step 3: Set Up the Compute Node
Setting up the compute node involves the following steps:
1. Launch an instance for your compute node.
2. Install the HPC Pack on the instance.
3. Add the compute node to your cluster.

Launch an Instance for the HPC Compute Node
Configure your compute node by launching an instance, and then configuring the instance as a
member of the hpc.local domain with the necessary user accounts.

To configure an instance for your compute node
1.

Launch an instance and name it HPC-Compute. When you launch the instance, select the
following security groups: SG - Windows HPC Cluster and SG - Domain Member.

Log in to the instance and get the existing DNS server address from HPC-Compute using the
following command:
C:\> IPConfig /all

Update the TCP/IPv4 properties of the HPC-Compute NIC to include the Elastic IP address of the
Domain Controller instance as the primary DNS. Then add the additional DNS IP address
from the previous step.

Join the machine to the hpc.local domain using the credentials for hpc.local
\administrator (the domain administrator account).

Add hpc.local\hpcuser as the local administrator. When prompted for credentials, use
hpc.local\administrator, and then restart.

Connect to HPC-Compute as hpc.local\hpcuser.

Install the HPC Pack on the Compute Node
To install the HPC Pack on the compute node
1.

Connect to your HPC-Compute instance using the hpc.local\hpcuser account.

Using Server Manager, turn off Internet Explorer Enhanced Security Configuration (IE ESC) for
Administrators.
a.

In Server Manager, under Security Information, choose Configure IE ESC.

Turn off IE ESC for administrators.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Step 4: Scale Your HPC Compute Nodes (Optional)

Install the HPC Pack on HPC-Compute.
a.

Download the HPC Pack to HPC-Compute from the Microsoft Download Center. Choose the
HPC Pack for the version of Windows Server on HPC-Compute.
Extract the files to a folder, open the folder, and double-click setup.exe.
On the Installation page, select Join an existing HPC cluster by creating a new compute
node, and then choose Next.
Specify the fully-qualified name of the HPC-Head instance, and then choose the defaults.

Complete the wizard.

b.
c.

Add the Compute Node to Your HPC Cluster
To complete your cluster configuration, from the head node, add the compute node to your cluster.

To add the compute node to your cluster
1.

Connect to the HPC-Head instance as hpc.local\hpcuser.

Open HPC Cluster Manager.

3.
4.

Select Node Management.
If the compute node displays in the Unapproved bucket, right-click the node that is listed and
select Add Node.
a.
b.

Select Add compute nodes or broker nodes that have already been configured.
Select the check box next to the node and choose Add.

Right-click the node and choose Bring Online.

Step 4: Scale Your HPC Compute Nodes
(Optional)
To scale your compute nodes
1.

Connect to the HPC-Compute instance as hpc.local\hpcuser.

Delete any files you downloaded locally from the HP Pack installation package. (You have already
run setup and created these files on your image so they do not need to be cloned for an AMI.)

3.
4.

From C:\Program Files\Amazon\Ec2ConfigService open the file sysprep2008.xml.
At the bottom of , add the following section. Make sure to
replace hpc.local, password, and hpcuser to match your environment.

false

hpc.local
password
hpcuser

hpc.local

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Running the Lizard Performance
Measurement Application

5.
6.

Save sysprep2008.xml.
Choose Start, All Programs, EC2ConfigService Settings.
a.
b.

Choose the General tab, and clear the Set Computer Name check box.
Choose the Bundle tab, and then choose Run Sysprep and Shutdown Now.

Open the Amazon EC2 console.

8.
9.

In the navigation pane, choose Instances.
Wait for the instance status to show stopped.

10. Select the instance, choose Actions, Image, Create Image.
11. Specify an image name and image description, and then choose Create Image to create an AMI
from the instance.
12. Start the original HPC-Compute instance that was shut down.
13. Connect to the head node using the hpc.local\hpcuser account.
14. From HPC Cluster Manager, delete the old node that now appears in an error state.
15. In the Amazon EC2 console, in the navigation pane, choose AMIs.
16. Use the AMI you created to add additional nodes to the cluster.
You can launch additional compute nodes from the AMI that you created. These nodes are
automatically joined to the domain, but you must add them to the cluster as already configured nodes
in HPC Cluster Manager using the head node and then bring them online.

Running the Lizard Performance Measurement
Application
You can optionally run the Lizard application, which measures the computational performance and
efficiency that can be achieved by your HPC cluster. Go to http://www.microsoft.com/download/en/
details.aspx?id=8433, download the lizard_x64.msi installer, and run the installer directly on your head
node as hpc.local\hpcuser.

IP Permissions for the Active Directory Security
Groups
The following JSON contains the IP permissions structures for the security groups for your Active
Directory environment: one group for Active Directory domain controllers and one for Active Directory
domain member servers.
For more information about these security group rules, go to the following Microsoft article: http://
support.microsoft.com/kb/179442.
1. Security group rules for the domain controller security group
The following rules apply to the domain controller security group. Replace the dm-security-groupid value with the ID of your domain member security group. Replace the cidr_block value with the
CIDR block of your local network.
[
{
"IpProtocol": "UDP",
"FromPort": 123,
"ToPort": 123,
"UserIdGroupPairs": [

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for the Active
Directory Security Groups
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 135,
"ToPort": 135,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 138,
"ToPort": 138,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 49152,
"ToPort": 65535,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 389,
"ToPort": 389,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 389,
"ToPort": 389,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 636,
"ToPort": 636,

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for the Active
Directory Security Groups
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 3268,
"ToPort": 3269,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 53,
"ToPort": 53,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 53,
"ToPort": 53,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 88,
"ToPort": 88,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 88,
"ToPort": 88,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 445,

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for the Active
Directory Security Groups
"ToPort": 445,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 445,
"ToPort": 445,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "ICMP",
"FromPort": -1,
"ToPort": -1,
"UserIdGroupPairs": [
{
"GroupId": "dm-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 53,
"ToPort": 53,
"IpRanges": [
{
"CidrIp": "cidr_block"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 3389,
"ToPort": 3389,
"IpRanges": [
{
"CidrIp": "cidr_block"
}
]
}
]

2. Security group rules for the domain member security group
The following rules apply to the domain member security group. Replace the dc-security-groupid value with the ID of your domain controller security group.
[
{
"IpProtocol": "TCP",
"FromPort": 49152,

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for HPC Cluster Security Group
"ToPort": 65535,
"UserIdGroupPairs": [
{
"GroupId": "dc-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 49152,
"ToPort": 65535,
"UserIdGroupPairs": [
{
"GroupId": "dc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 53,
"ToPort": 53,
"UserIdGroupPairs": [
{
"GroupId": "dc-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 53,
"ToPort": 53,
"UserIdGroupPairs": [
{
"GroupId": "dc-security-group-id"
}
]
}
]

IP Permissions for HPC Cluster Security Group
The following JSON file contains the IP permissions to create a security group for your HPC cluster
nodes. Replace the hpc-security-group-id value with the ID of the SG - Windows HPC
Cluster security group. The last rule enables you to connect to your instance via RDP. Replace the
cidr_block value with the CIDR block for your network.
For more information about these security group rules, go to the following Microsoft article: http://
technet.microsoft.com/en-us/library/ff919486.aspx#BKMK_Firewall
[
{
"IpProtocol": "TCP",
"FromPort": 80,
"ToPort": 80,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for HPC Cluster Security Group
]
},
{
"IpProtocol": "TCP",
"FromPort": 443,
"ToPort": 443,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 1856,
"ToPort": 1856,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 5800,
"ToPort": 5801,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 5801,
"ToPort": 5801,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 5969,
"ToPort": 5969,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 5970,
"ToPort": 5970,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for HPC Cluster Security Group
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 5974,
"ToPort": 5974,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 5999,
"ToPort": 5999,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 6729,
"ToPort": 6730,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 7997,
"ToPort": 7997,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 8677,
"ToPort": 8677,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 9087,
"ToPort": 9087,
"UserIdGroupPairs": [
{

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for HPC Cluster Security Group
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 9090,
"ToPort": 9092,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 9100,
"ToPort": 9163,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 9200,
"ToPort": 9263,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 9794,
"ToPort": 9794,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 9892,
"ToPort": 9893,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "UDP",
"FromPort": 9893,
"ToPort": 9893,
"UserIdGroupPairs": [

Amazon Elastic Compute Cloud
User Guide for Windows Instances
IP Permissions for HPC Cluster Security Group
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 6498,
"ToPort": 6498,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 7998,
"ToPort": 7998,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 8050,
"ToPort": 8050,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 5051,
"ToPort": 5051,
"UserIdGroupPairs": [
{
"GroupId": "hpc-security-group-id"
}
]
},
{
"IpProtocol": "TCP",
"FromPort": 3389,
"ToPort": 3389,
"IpRanges": [
{
"CidrIp": "cidr_block"
}
]
}
]

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Using an AMI

Amazon Machine Images (AMI)

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a
virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as
many instances from the AMI as you need. You can also launch instances from as many different AMIs
as you need.
An AMI includes the following:
• A template for the root volume for the instance (for example, an operating system, an application
server, and applications)
• Launch permissions that control which AWS accounts can use the AMI to launch instances
• A block device mapping that specifies the volumes to attach to the instance when it's launched

Using an AMI
The following diagram summarizes the AMI lifecycle. After you create and register an AMI, you can use
it to launch new instances. (You can also launch instances from an AMI if the AMI owner grants you
launch permissions.) You can copy an AMI to the same region or to different regions. When you are
finished launching instance from an AMI, you can deregister the AMI.

You can search for an AMI that meets the criteria for your instance. You can search for AMIs provided
by AWS or AMIs provided by the community. For more information, see AMI Types (p. 62) and
Finding a Windows AMI (p. 66).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Creating Your Own AMI

When you are connected to an instance, you can use it just like you use any other server.
For information about launching, connecting, and using your instance, see Amazon EC2
Instances (p. 112).

Creating Your Own AMI
You can customize the instance that you launch from a public AMI and then save that configuration as
a custom AMI for your own use. Instances that you launch from your AMI use all the customizations
that you've made.
The root storage device of the instance determines the process you follow to create an AMI. The root
volume of an instance is either an Amazon EBS volume or an instance store volume. For information,
see Root Device Volume (p. 8).
To create an Amazon EBS-backed AMI, see Creating an Amazon EBS-Backed Windows
AMI (p. 76). To create an instance store-backed AMI, see Creating an Instance Store-Backed
Windows AMI (p. 79).
To help categorize and manage your AMIs, you can assign custom tags to them. For more information,
see Tagging Your Amazon EC2 Resources (p. 733).

Buying, Sharing, and Selling AMIs
After you create an AMI, you can keep it private so that only you can use it, or you can share it with a
specified list of AWS accounts. You can also make your custom AMI public so that the community can
use it. Building a safe, secure, usable AMI for public consumption is a fairly straightforward process,
if you follow a few simple guidelines. For information about how to create and use shared AMIs, see
Shared AMIs (p. 68).
You can purchase an AMIs from a third party, including AMIs that come with service contracts from
organizations such as Red Hat. You can also create an AMI and sell it to other Amazon EC2 users. For
more information about buying or selling AMIs, see Paid AMIs (p. 72).

Deregistering Your AMI
You can deregister an AMI when you have finished with it. After you deregister an AMI, you can't use it
to launch new instances. For more information, see Deregistering Your AMI (p. 90).

AWS Windows AMIs
AWS provides a set of publicly available AMIs that contain software configurations specific to the
Windows platform. Using these AMIs, you can quickly start building and deploying your applications
using Amazon EC2. First choose the AMI that meets your specific requirements, and then launch an
instance using that AMI. You retrieve the password for the administrator account and then log in to the
instance using Remote Desktop Connection, just as you would with any other Windows server. The
name of the administrator account depends on the language of the operating system. For example,
for English, it's Administrator, for French it's Administrateur, and for Portuguese it's Administrador. For
more information, see Localized Names for Administrator Account in Windows in the Microsoft TechNet
Wiki.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Selecting an Initial Windows AMI

Selecting an Initial Windows AMI
To view the Windows AMIs provided by AWS using the Amazon EC2 console, click this link to filter the
list of public AMIs: Windows AMIs. If you launch an instance using the Amazon EC2 console, the first
page of the wizard includes a Quick Start tab that lists some of the most popular AMIs provided by
AWS, including AMIs that are eligible for the free tier.
AWS currently provides AMIs based on the following versions of Windows:
• Windows Server 2012 R2 (64-bit)
• Windows Server 2012 (64-bit)
• Windows Server 2008 R2 (64-bit)
• Windows Server 2008 (64-bit)
• Windows Server 2008 (32-bit)
• Windows Server 2003 R2 (64-bit)
• Windows Server 2003 R2 (32-bit)
Some of these AMIs also include an edition of Microsoft SQL Server (SQL Enterprise Edition, SQL
Server Standard, SQL Server Express, or SQL Server Web). Launching an instance from an AWS
Windows AMI with Microsoft SQL Server enables you to run the instance as a database server.
Alternatively, you can launch an instance from any Windows AMI and then install the database
software that you need on the instance. To view Windows Server AMIs with SQL Server, see Windows
AMIs on the AWS Marketplace.
Some AMIs come with Internet Information Services (IIS) and ASP.NET already configured, to help you
get started quickly. Alternatively, you can launch an instance from any Windows AMI and then install
IIS and ASP.NET. For step-by-step directions, see Configure Your EC2 Instance in Getting Started
with AWS: Hosting a .NET Web App.
In addition to the public AMIs provided by AWS, AMIs published by the AWS developer community
are available for your use. We highly recommend that you use only those Windows AMIs that AWS or
other reputable sources provide. To learn how to find a list of Windows AMIs approved by Amazon, see
Finding a Windows AMI (p. 66).
You can also create an AMI from your own Windows computer. For more information, see Importing
and Exporting Virtual Machines (p. 429).

Keeping Your AMIs Up-to-Date
AWS provides updated, fully-patched Windows AMIs within five business days of Microsoft's patch
Tuesday (the second Tuesday of each month). For more information, see AWS Windows AMI
Versions (p. 95).
At their initial launch, your Windows instances contain all the latest security updates. We recommend
that you run the Windows Update service as a first step after you launch a Windows, and before you
create an AMI. After you launch an instance or create an AMI, you are responsible for keeping them
up-to-date. You can use the Windows Update service, or the Automatic Updates tool available on your
instance to deploy Microsoft updates to your instance. You must also keep any other software that you
deploy to your instance up-to-date using whatever mechanism is appropriate for that software. After
you update your Windows instance, you can create an AMI that replaces any previous AMIs that you
created. For more information, see Updating Your Windows Instance (p. 93).

AMI Types
You can select an AMI to use based on the following characteristics:

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch Permissions

• Region (see Regions and Availability Zones (p. 6))
• Operating system
• Architecture (32-bit or 64-bit)
• Launch Permissions (p. 63)
• Storage for the Root Device (p. 63)

Launch Permissions
The owner of an AMI determines its availability by specifying launch permissions. Launch permissions
fall into the following categories.
Launch
Permission

Description

public

The owner grants launch permissions to all AWS accounts.

explicit

The owner grants launch permissions to specific AWS accounts.

implicit

The owner has implicit launch permissions for an AMI.

Amazon and the Amazon EC2 community provide a large selection of public AMIs. For more
information, see Shared AMIs (p. 68). Developers can charge for their AMIs. For more information,
see Paid AMIs (p. 72).

Storage for the Root Device
All AMIs are categorized as either backed by Amazon EBS or backed by instance store. The former
means that the root device for an instance launched from the AMI is an Amazon EBS volume created
from an Amazon EBS snapshot. The latter means that the root device for an instance launched
from the AMI is an instance store volume created from a template stored in Amazon S3. For more
information, see Root Device Volume (p. 8).
This section summarizes the important differences between the two types of AMIs. The following table
provides a quick summary of these differences.
Characteristic

Amazon EBS-Backed

Amazon Instance Store-Backed

Boot time

Usually less than 1 minute

Usually less than 5 minutes

Size limit

16 TiB

10 GiB

Root device volume

Amazon EBS volume

Instance store volume

Data persistence

By default, the root volume
is deleted when the instance
terminates.* Data on any other
Amazon EBS volumes persists after
instance termination by default.
Data on any instance store volumes
persists only during the life of the
instance.

Data on any instance store volumes
persists only during the life of the
instance. Data on any Amazon EBS
volumes persists after instance
termination by default.

Upgrading

The instance type, kernel, RAM
disk, and user data can be changed
while the instance is stopped.

Instance attributes are fixed for the
life of an instance.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Storage for the Root Device

Characteristic

Amazon EBS-Backed

Amazon Instance Store-Backed

Charges

You're charged for instance usage,
Amazon EBS volume usage, and
storing your AMI as an Amazon
EBS snapshot.

You're charged for instance usage
and storing your AMI in Amazon S3.

AMI creation/bundling

Uses a single command/call

Requires installation and use of AMI
tools

Stopped state

Can be placed in stopped state
where instance is not running,
but the root volume is persisted in
Amazon EBS

Cannot be in stopped state;
instances are running or terminated

* By default, Amazon EBS-backed instance root volumes have the DeleteOnTermination flag set to
true. For information about how to change this flag so that the volume persists after termination, see
Root Device Volume (p. 8).

Determining the Root Device Type of Your AMI
To determine the root device type of an AMI using the console
1.

Open the Amazon EC2 console.

In the navigation pane, click AMIs, and select the AMI.

Check the value of Root Device Type in the Details tab as follows:
• If the value is ebs, this is an Amazon EBS-backed AMI.
• If the value is instance store, this is an instance store-backed AMI.

Size Limit
Amazon EC2 instance store-backed AMIs are limited to 10 GiB storage for the root device, whereas
Amazon EBS-backed AMIs are limited to 1 TiB. Many Windows AMIs come close to the 10 GiB limit,
so you'll find that Windows AMIs are often backed by an Amazon EBS volume.

Note
All Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 AMIs are
backed by an Amazon EBS volume by default because of their larger size.

Stopped State
You can stop an Amazon EBS-backed instance, but not an Amazon EC2 instance store-backed
instance. Stopping causes the instance to stop running (its status goes from running to stopping
to stopped). A stopped instance persists in Amazon EBS, which allows it to be restarted. Stopping
is different from terminating; you can't restart a terminated instance. Because Amazon EC2 instance

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Storage for the Root Device

store-backed AMIs can't be stopped, they're either running or terminated. For more information
about what happens and what you can do while an instance is stopped, see Stop and Start Your
Instance (p. 241).

Default Data Storage and Persistence
Instances that use an instance store volume for the root device automatically have instance store
available (the root volume contains the root partition and you can store additional data). Any data
on an instance store volume is deleted when the instance fails or terminates (except for data on the
root device). You can add persistent storage to your instance by attaching one or more Amazon EBS
volumes.
Instances that use Amazon EBS for the root device automatically have an Amazon EBS volume
attached. The volume appears in your list of volumes like any other. The instances don't use any
available instance store volumes by default. You can add instance storage or additional Amazon EBS
volumes using a block device mapping. For more information, see Block Device Mapping (p. 707).
For information about what happens to the instance store volumes when you stop an instance, see
Stop and Start Your Instance (p. 241).

Boot Times
Amazon EBS-backed AMIs launch faster than Amazon EC2 instance store-backed AMIs. When you
launch an Amazon EC2 instance store-backed AMI, all the parts have to be retrieved from Amazon
S3 before the instance is available. With an Amazon EBS-backed AMI, only the parts required to boot
the instance need to be retrieved from the snapshot before the instance is available. However, the
performance of an instance that uses an Amazon EBS volume for its root device is slower for a short
time while the remaining parts are retrieved from the snapshot and loaded into the volume. When
you stop and restart the instance, it launches quickly, because the state is stored in an Amazon EBS
volume.

AMI Creation
To create Windows AMIs backed by instance store, there's an API action that creates an AMI and
another API action that registers the AMI.
AMI creation is much easier for AMIs backed by Amazon EBS. The CreateImage API action creates
your Amazon EBS-backed AMI and registers it. There's also a button in the AWS Management
Console that lets you create an AMI from a running instance. For more information, see Creating an
Amazon EBS-Backed Windows AMI (p. 76).

How You're Charged
With AMIs backed by instance store, you're charged for AMI storage and instance usage. With AMIs
backed by Amazon EBS, you're charged for volume storage and usage in addition to the AMI and
instance usage charges.
With Amazon EC2 instance store-backed AMIs, each time you customize an AMI and create a
new one, all of the parts are stored in Amazon S3 for each AMI. So, the storage footprint for each
customized AMI is the full size of the AMI. For Amazon EBS-backed AMIs, each time you customize an
AMI and create a new one, only the changes are stored. So the storage footprint for subsequent AMIs
you customize after the first is much smaller, resulting in lower AMI storage charges.
When an Amazon EBS-backed instance is stopped, you're not charged for instance usage; however,
you're still charged for volume storage. We charge a full instance hour for every transition from a
stopped state to a running state, even if you transition the instance multiple times within a single hour.
For example, let's say the hourly instance charge for your instance is $0.10. If you were to run that

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Finding a Windows AMI

instance for one hour without stopping it, you would be charged $0.10. If you stopped and restarted
that instance twice during that hour, you would be charged $0.30 for that hour of usage (the initial
$0.10, plus 2 x $0.10 for each restart).

Finding a Windows AMI
Before you can launch an instance, you must select an AMI to use. As you select an AMI, consider the
following requirements you might have for the instances that you'll launch:
• The region
• The operating system (see AWS Windows AMIs (p. 61))
• The architecture: 32-bit (i386) or 64-bit (x86_64)
• The root device type: Amazon EBS or instance store
• The provider: Amazon Web Services, Oracle, IBM, Microsoft, or the community
If you need to find a Linux AMI, see Finding a Linux AMI in the Amazon EC2 User Guide for Linux
Instances.
Contents
• Finding a Windows AMI Using the Amazon EC2 Console (p. 66)
• Finding an AMI Using the AWS CLI (p. 67)
• Finding an AMI Using the AWS Tools for Windows PowerShell (p. 67)
• Finding a Windows Server 2003 AMI (p. 67)

Finding a Windows AMI Using the Amazon EC2
Console
You can find Windows AMIs using the Amazon EC2 console. You can search through all available
AMIs using the Images page, or select from commonly used AMIs on the Quick Launch tab when you
use the console to launch an instance.

To find a Windows AMI using the Images page
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

From the navigation bar, select a region. You can select any region that's available to you,
regardless of your location. This is the region in which you'll launch your instance.

In the navigation pane, choose AMIs.

(Optional) Use the Filter options to scope the list of displayed AMIs to see only the AMIs that
interest you. For example, to list all Windows AMIs provided by AWS, select Public images.
Choose the Search bar and select Owner from the menu, then select Amazon images. Choose
the Search bar again to select Platform and then the operating system from the list provided.

(Optional) Choose the Show/Hide Columns icon to select which image attributes to display, such
as the root device type. Alternatively, you can select an AMI from the list and view its properties in
the Details tab.

To launch an instance from this AMI, select it and then choose Launch. For more information
about launching an instance using the console, see Launching Your Instance from an
AMI (p. 232). If you're not ready to launch the instance now, write down the AMI ID
(ami-xxxxxxxx) for later.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Finding an AMI Using the AWS CLI

To find a Windows AMI when you launch an instance
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

From the console dashboard, choose Launch Instance.

On the Choose an Amazon Machine Image (AMI) page, on the Quick Start tab, select from one
of the commonly used AMIs in the list. If you don't see the AMI that you need, select the AWS
Marketplace or Community AMIs tab to find additional AMIs.

Finding an AMI Using the AWS CLI
You can use command line parameters to list only the types of AMIs that interest you. For example,
you can use the describe-images command as follows to find public AMIs owned by you or Amazon.
C:\> aws ec2 describe-images --owners self amazon

Add the following filter to the previous command to display only Windows AMIs:
--filters "Name=platform,Values=windows"

After locating an AMI that meets your needs, write down its ID (ami-xxxxxxxx). You can use this AMI
to launch instances. For more information, see Launching an Instance Using the AWS CLI in the AWS
Command Line Interface User Guide.

Finding an AMI Using the AWS Tools for
Windows PowerShell
You can use command-line parameters to list only the types of AMIs that interest you. For more
information, see Find an AMI Using Windows PowerShell in the AWS Tools for Windows PowerShell
User Guide.
After locating an AMI that meets your needs, write down its ID (ami-xxxxxxxx). You can use this AMI
to launch instances. For more information, see Launch an Instance Using Windows PowerShell in the
AWS Tools for Windows PowerShell User Guide.

Finding a Windows Server 2003 AMI
As of July 14, 2015, Microsoft no longer supports Windows Server 2003. If your business or
organization is currently running Windows Server 2003 EC2 instances, we recommend that you
upgrade those instances to Windows Server 2008. For more information, see Upgrading a Windows
Server EC2 Instance to a Newer Version of Windows Server.

To find a Windows Server 2003 AMI
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose AMIs.

Choose Owned by me, and then choose Public images.

In the Search field, add the following filters.
a.

Owner : Amazon images

AMI Name : Windows_Server-2003

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Shared AMIs

Note
The Search field is case sensitive.

Shared AMIs
A shared AMI is an AMI that a developer created and made available for other developers to use. One
of the easiest ways to get started with Amazon EC2 is to use a shared AMI that has the components
you need and then add custom content. You can also create your own AMIs and share them with
others.
You use a shared AMI at your own risk. Amazon can't vouch for the integrity or security of AMIs shared
by other Amazon EC2 users. Therefore, you should treat shared AMIs as you would any foreign code
that you might consider deploying in your own data center and perform the appropriate due diligence.
We recommend that you get an AMI from a trusted source. If you have questions or observations about
a shared AMI, use the AWS forums.
Amazon's public images have an aliased owner, which appears as amazon in the account field. This
enables you to find AMIs from Amazon easily. Other users can't alias their AMIs.
For information about creating an AMI, see Creating an Instance Store-Backed Windows AMI or
Creating an Amazon EBS-Backed Windows AMI . For more information about building, delivering, and
maintaining your applications on the AWS Marketplace, see the AWS Marketplace User Guide and
AWS Marketplace Seller Guide.
Contents
• Finding Shared AMIs (p. 68)
• Making an AMI Public (p. 69)
• Sharing an AMI with Specific AWS Accounts (p. 70)
• Using Bookmarks (p. 71)
• Guidelines for Shared Windows AMIs (p. 72)

Finding Shared AMIs
You can use the Amazon EC2 console or the command line to find shared AMIs.

Finding a Shared AMI (Console)
To find a shared private AMI using the console
1.
2.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose AMIs.

In the first filter, choose Private images. All AMIs that have been shared with you are listed. To
granulate your search, choose the Search bar and use the filter options provided in the menu.

To find a shared public AMI using the console
1.
2.
3.
4.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose AMIs.
In the first filter, choose Public images. To granulate your search, choose the Search bar and use
the filter options provided in the menu.
Use filters to list only the types of AMIs that interest you. For example, choose Owner : and then
choose Amazon images to display only Amazon's public images.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Making an AMI Public

Finding a Shared AMI (Command Line)
To find a shared public AMI using the command line tools
Use the describe-images command (AWS CLI) to list AMIs. You can scope the list to the types of AMIs
that interest you, as shown in the following examples.
The following command lists all public AMIs using the --executable-users option. This list includes
any public AMIs that you own.
C:\> aws ec2 describe-images --executable-users all

The following command lists the AMIs for which you have explicit launch permissions. This list
excludes any such AMIs that you own.
C:\> aws ec2 describe-images --executable-users self

The following command lists the AMIs owned by Amazon. Amazon's public AMIs have an aliased
owner, which appears as amazon in the account field. This enables you to find AMIs from Amazon
easily. Other users can't alias their AMIs.
C:\> aws ec2 describe-images --owners amazon

The following command lists the AMIs owned by the specified AWS account.
C:\> aws ec2 describe-images --owners 123456789012

To reduce the number of displayed AMIs, use a filter to list only the types of AMIs that interest you. For
example, use the following filter to display only EBS-backed AMIs.
--filters "Name=root-device-type,Values=ebs"

Alternatively, you can use the following AWS Tools for Windows PowerShell command: GetEC2Image.

Making an AMI Public
Amazon EC2 enables you to share your AMIs with other AWS accounts. You can allow all AWS
accounts to launch the AMI (make the AMI public), or only allow a few specific accounts to launch the
AMI (see Sharing an AMI with Specific AWS Accounts (p. 70)). You are not billed when your AMI is
launched by other AWS accounts; only the accounts launching the AMI are billed.
AMIs are a regional resource. Therefore, sharing an AMI makes it available in that region. To make an
AMI available in a different region, copy the AMI to the region and then share it. For more inforamation,
see Copying an AMI (p. 85).

Note
If an AMI has a product code, you can't make it public. You must share the AMI with only
specific AWS accounts.

Sharing an AMI with all AWS Accounts (Console)
After you make an AMI public, it is available in Community AMIs when you launch an instance
in the same region using the console. Note that it can take a short while for an AMI to appear in
Community AMIs after you make it public. It can also take a short while for an AMI to be removed
from Community AMIs after you make it private again.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Sharing an AMI with Specific AWS Accounts

To share a public AMI using the console
1.
2.
3.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose AMIs.
Select your AMI from the list, and then choose Actions, Modify Image Permissions.

Choose Public and choose Save.

Sharing an AMI with all AWS Accounts (Command Line)
Each AMI has a launchPermission property that controls which AWS accounts, besides the
owner's, are allowed to use that AMI to launch instances. By modifying the launchPermission
property of an AMI, you can make the AMI public (which grants launch permissions to all AWS
accounts) or share it with only the AWS accounts that you specify.
You can add or remove account IDs from the list of accounts that have launch permissions for an
AMI. To make the AMI public, specify the all group. You can specify both public and explicit launch
permissions.
To make an AMI public
Use the modify-image-attribute command (AWS CLI) as follows to add the all group to the
launchPermission list for the specified AMI.
C:\> aws ec2 modify-image-attribute --image-id ami-12345678 --launchpermission "{\"Add\":[{\"Group\":\"all\"}]}"

To verify the launch permissions of the AMI, use the following describe-image-attribute command.
C:\> aws ec2 describe-image-attribute --image-id ami-12345678 --attribute
launchPermission

(Optional) To make the AMI private again, remove the all group from its launch permissions. Note
that the owner of the AMI always has launch permissions and is therefore unaffected by this command.
C:\> aws ec2 modify-image-attribute --image-id ami-12345678 --launchpermission "{\"Remove\":[{\"Group\":\"all\"}]}"

Alternatively, you can use the following AWS Tools for Windows PowerShell commands: EditEC2ImageAttribute and Get-EC2ImageAttribute.

Sharing an AMI with Specific AWS Accounts
You can share an AMI with specific AWS accounts without making the AMI public. All you need are the
AWS account IDs.
AMIs are a regional resource. Therefore, sharing an AMI makes it available in that region. To make an
AMI available in a different region, copy the AMI to the region and then share it. For more information,
see Copying an AMI (p. 85).

Sharing an AMI (Console)
To grant explicit launch permissions using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose AMIs.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Using Bookmarks

Select your AMI in the list, and then choose Actions, Modify Image Permissions.

Specify the AWS account number of the user with whom you want to share the AMI in the AWS
Account Number field, then choose Add Permission.

To share this AMI with multiple users, repeat the above step until you have added all the required
users.
To allow create volume permissions for snapshots, select Add "create volume" permissions to
the following associated snapshots when creating permissions.

Note
You do not need to share the Amazon EBS snapshots that an AMI references in order to
share the AMI. Only the AMI itself needs to be shared; the system automatically provides
the instance access to the referenced Amazon EBS snapshots for the launch.
6.

Choose Save when you are done.

Sharing an AMI (Command Line)
Use the modify-image-attribute command (AWS CLI) to share an AMI as shown in the following
examples.
To grant explicit launch permissions
The following command grants launch permissions for the specified AMI to the specified AWS account.
C:\> aws ec2 modify-image-attribute --image-id ami-12345678 --launchpermission "{\"Add\":[{\"UserId\":\"123456789012\"}]}"

To remove launch permissions for an account
The following command removes launch permissions for the specified AMI from the specified AWS
account:
C:\> aws ec2 modify-image-attribute --image-id ami-12345678 --launchpermission "{\"Remove\":[{\"UserId\":\"123456789012\"}]}"

To remove all launch permissions
The following command removes all public and explicit launch permissions from the specified AMI.
Note that the owner of the AMI always has launch permissions and is therefore unaffected by this
command.
C:\> aws ec2 reset-image-attribute --image-id ami-12345678 --attribute
launchPermission

Alternatively, you can use the following AWS Tools for Windows PowerShell command: EditEC2ImageAttribute.

Using Bookmarks
If you have created a public AMI, or shared an AMI with another AWS user, you can create a bookmark
that allows a user to access your AMI and launch an instance in their own account immediately. This
is an easy way to share AMI references, so users don't have to spend time finding your AMI in order to
use it.
Note that your AMI must be public, or you must have shared it with the user to whom you want to send
the bookmark.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Guidelines for Shared Windows AMIs

To create a bookmark for your AMI
1.

Type a URL with the following information, where is the region in which your AMI
resides, and is the ID of the AMI:
https://console.aws.amazon.com/ec2/v2/home?
region=#LaunchInstanceWizard:ami=

For example, this URL launches an instance from the ami-12345678 AMI in the us-east-1 region:
https://console.aws.amazon.com/ec2/v2/home?region=useast-1#LaunchInstanceWizard:ami=ami-12345678

Distribute the link to users who want to use your AMI.

To use a bookmark, choose the link or copy and paste it into your browser. The launch wizard
opens, with the AMI already selected.

Guidelines for Shared Windows AMIs
Use the following guidelines to reduce the attack surface and improve the reliability of the AMIs you
create.

Note
No list of security guidelines can be exhaustive. Build your shared AMIs carefully and take
time to consider where you might expose sensitive data.
• Develop a repeatable process for building, updating, and republishing AMIs.
• Build AMIs using the most up-to-date operating systems, packages, and software.
• Download and install the most recent version of the Amazon Windows Ec2Config Service.
• Verify that Ec2SetPassword, Ec2WindowsActiviate and Ec2HandleUserData are enabled.
• Verify that no guest accounts or Remote Desktop user accounts are present.
• Disable or remove unnecessary services and programs to reduce the attack surface of your AMI.
• Remove instance credentials, such as your key pair, from the AMI (if you saved them on the AMI).
Store the credentials in a safe location.
• Ensure that the administrator password and passwords on any other accounts are set to an
appropriate value for sharing. These passwords are available for anyone who launches your shared
AMI.
• Test your AMI before you share it.

Paid AMIs
A paid AMI is an AMI that you can purchase from a developer.
Amazon EC2 integrates with AWS Marketplace, enabling developers to charge other Amazon EC2
users for the use of their AMIs or to provide support for instances.
The AWS Marketplace is an online store where you can buy software that runs on AWS; including
AMIs that you can use to launch your EC2 instance. The AWS Marketplace AMIs are organized into
categories, such as Developer Tools, to enable you to find products to suit your requirements. For
more information about AWS Marketplace, see the AWS Marketplace site.
Launching an instance from a paid AMI is the same as launching an instance from any other AMI. No
additional parameters are required. The instance is charged according to the rates set by the owner of

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Selling Your AMI

the AMI, as well as the standard usage fees for the related web services; for example, the hourly rate
for running a m1.small instance type in Amazon EC2. The owner of the paid AMI can confirm whether
a specific instance was launched using that paid AMI.

Important
Amazon DevPay is no longer accepting new sellers or products. AWS Marketplace is now
the single, unified e-commerce platform for selling software and services through AWS. For
information about how to deploy and sell software from AWS Marketplace, see Selling on
AWS Marketplace. AWS Marketplace supports AMIs backed by Amazon EBS.
Topics
• Selling Your AMI (p. 73)
• Finding a Paid AMI (p. 73)
• Purchase a Paid AMI (p. 74)
• Getting the Product Code for Your Instance (p. 74)
• Using Paid Support (p. 75)
• Bills for Paid and Supported AMIs (p. 75)
• Managing Your AWS Marketplace Subscriptions (p. 75)

Selling Your AMI
You can sell your AMI using AWS Marketplace. AWS Marketplace offers an organized shopping
experience. Additionally, AWS Marketplace also supports AWS features such as Amazon EBS-backed
AMIs, Reserved Instances, and Spot instances.
For information about how to sell your AMI on AWS Marketplace, see Selling on AWS Marketplace.

Finding a Paid AMI
There are several ways that you can find AMIs that are available for you to purchase. For example, you
can use AWS Marketplace, the Amazon EC2 console, or the command line. Alternatively, a developer
might let you know about a paid AMI themselves.

Finding a Paid AMI Using the Console
To find a paid AMI using the console
1.

Open the Amazon EC2 console.

In the navigation pane, click AMIs.

Select Public images from the first Filter list. Click the Search bar and select Product Code, then
Marketplace. Click the Search bar again, select Platform and then choose the operating system
from the list.

Finding a Paid AMI Using AWS Marketplace
To find a paid AMI using AWS Marketplace
1.

Open AWS Marketplace.

Enter the name of the operating system in the search box, and click Go.

To scope the results further, use one of the categories or filters.

Each product is labeled with its product type: either AMI or Software as a Service.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Purchase a Paid AMI

Finding a Paid AMI Using the Command Line
You can find a paid AMI using the describe-images command (AWS CLI) as follows.
C:\>

aws ec2 describe-images --owners aws-marketplace

This command returns numerous details that describe each AMI, including the product code for a paid
AMI. The output from describe-images includes an entry for the product code like the following:
"ProductCodes": [
{
"ProductCodeId": "product_code",
"ProductCodeType": "marketplace"
}
],

Alternatively, you can use the following AWS Tools for Windows PowerShell command: GetEC2Image.

Purchase a Paid AMI
You must sign up for (purchase) a paid AMI before you can launch an instance using the AMI.
Typically a seller of a paid AMI presents you with information about the AMI, including its price and a
link where you can buy it. When you click the link, you're first asked to log into AWS, and then you can
purchase the AMI.

Purchasing a Paid AMI Using the Console
You can purchase a paid AMI by using the Amazon EC2 launch wizard. For more information, see
Launching an AWS Marketplace Instance (p. 237).

Subscribing to a Product Using AWS Marketplace
To use the AWS Marketplace, you must have an AWS account. To launch instances from AWS
Marketplace products, you must be signed up to use the Amazon EC2 service, and you must be
subscribed to the product from which to launch the instance. There are two ways to subscribe to
products in the AWS Marketplace:
• AWS Marketplace website: You can launch preconfigured software quickly with the 1-Click
deployment feature.
• Amazon EC2 launch wizard: You can search for an AMI and launch an instance directly from the
wizard. For more information, see Launching an AWS Marketplace Instance (p. 237).

Purchasing a Paid AMI From a Developer
The developer of a paid AMI can enable you to purchase a paid AMI that isn't listed in AWS
Marketplace. The developer provides you with a link that enables you to purchase the product through
Amazon. You can sign in with your Amazon.com credentials and select a credit card that's stored in
your Amazon.com account to use when purchasing the AMI.

Getting the Product Code for Your Instance
You can retrieve the AWS Marketplace product code for your instance using its instance metadata. For
more information about retrieving metadata, see Instance Metadata and User Data (p. 253).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Using Paid Support

To retrieve a product code, use the following query:
C:\> GET http://169.254.169.254/latest/meta-data/product-codes

If the instance has a product code, Amazon EC2 returns it. For example:
774F4FF8

Using Paid Support
Amazon EC2 also enables developers to offer support for software (or derived AMIs). Developers
can create support products that you can sign up to use. During sign-up for the support product, the
developer gives you a product code, which you must then associate with your own AMI. This enables
the developer to confirm that your instance is eligible for support. It also ensures that when you run
instances of the product, you are charged according to the terms for the product specified by the
developer.

Important
You can't use a support product with Reserved Instances. You always pay the price that's
specified by the seller of the support product.
To associate a product code with your AMI, use one of the following commands, where ami_id is the ID
of the AMI and product_code is the product code:
• modify-image-attribute (AWS CLI)
C:\> aws ec2 modify-image-attribute --image-id ami_id --product-codes
"product_code"

• Edit-EC2ImageAttribute (AWS Tools for Windows PowerShell)
C:\> Edit-EC2ImageAttribute -ImageId ami_id -ProductCode product_code

After you set the product code attribute, it cannot be changed or removed.

Bills for Paid and Supported AMIs
At the end of each month, you receive an email with the amount your credit card has been charged
for using any paid or supported AMIs during the month. This bill is separate from your regular Amazon
EC2 bill. For more information, see Paying For AWS Marketplace Products.

Managing Your AWS Marketplace Subscriptions
On the AWS Marketplace website, you can check your subscription details, view the vendor's usage
instructions, manage your subscriptions, and more.

To check your subscription details
1.
2.

3.
4.

Click Manage Your Software Subscriptions.
All your current subscriptions are listed. Click Usage Instructions to view specific instructions for
using the product, for example, a user name for connecting to your running instance.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Creating an Amazon EBS-Backed Windows AMI

To cancel an AWS Marketplace subscription
1.

Ensure that you have terminated any instances running from the subscription.
a.

Open the Amazon EC2 console.

In the navigation pane, click Instances.

Select the instance, click Actions, select Instance State, and select Terminate. When
prompted, click Yes, Terminate.

Click Cancel subscription. You are prompted to confirm your cancellation.

Note
After you've canceled your subscription, you are no longer able to launch any instances
from that AMI. To use that AMI again, you need to resubscribe to it, either on the AWS
Marketplace website, or through the launch wizard in the Amazon EC2 console.

Creating an Amazon EBS-Backed Windows
AMI
To create an Amazon EBS-backed Windows AMI, you launch and customize a Windows instance, then
you create the AMI.
If you need to create an Amazon EBS-backed Linux AMI, see Creating an Amazon EBS-Backed Linux
AMI in the Amazon EC2 User Guide for Linux Instances.
The AMI-creation process is different for instance-store-backed AMIs. For more information about the
differences between Amazon EBS-backed and instance-store-backed instances, and how to determine
the root device type for your instance, see Root Device Volume (p. 8). If you need to create an instance
store-backed Windows AMI, see Creating an Instance Store-Backed Windows AMI (p. 79).

Overview of Creating Amazon EBS-Backed AMIs
First, launch an instance from an AMI that's similar to the AMI that you'd like to create. You can
connect to your instance and customize it. When the instance is set up the way you want it, ensure
data integrity by stopping the instance before you create an AMI and then create the image. When you
create an Amazon EBS-backed AMI, we automatically register it for you.
During the AMI-creation process, Amazon EC2 creates snapshots of your instance's root volume
and any other EBS volumes attached to your instance. If any volumes attached to the instance are
encrypted, the new AMI only launches successfully on instances that support Amazon EBS encryption.
For more information, see Amazon EBS Encryption (p. 680).
Depending on the size of the volumes, it can take several minutes for the AMI-creation process to
complete (sometimes up to 24 hours).You may find it more efficient to create snapshots of your
volumes prior to creating your AMI. This way, only small, incremental snapshots need to be created
when the AMI is created, and the process completes more quickly (the total time for snapshot creation
remains the same). For more information, see Creating an Amazon EBS Snapshot (p. 670).
After the process completes, you have a new AMI and snapshot created from the root volume of the
instance. When you launch an instance using the new AMI, we create a new EBS volume for its root
volume using the snapshot. Both the AMI and the snapshot incur charges to your account until you
delete them. For more information, see Deregistering Your AMI (p. 90).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Creating a Windows AMI from a Running Instance

If you add instance-store volumes or Amazon EBS volumes to your instance in addition to the root
device volume, the block device mapping for the new AMI contains information for these volumes,
and the block device mappings for instances that you launch from the new AMI automatically contain
information for these volumes. The instance-store volumes specified in the block device mapping for
the new instance are new and don't contain any data from the instance store volumes of the instance
you used to create the AMI. The data on EBS volumes persists. For more information, see Block
Device Mapping (p. 707).

Creating a Windows AMI from a Running
Instance
You can create an AMI using the AWS Management Console or the command line. The following
diagram summarizes the process for creating an Amazon EBS-backed AMI from a running EC2
instance. Start with an existing AMI, launch an instance, customize it, create a new AMI from it, and
finally launch an instance of your new AMI. The steps in the following diagram match the steps in the
procedure below. If you already have a running Amazon EBS-backed instance, you can go directly to
step 4.

To create an AMI from an instance using the console
1.

Select an appropriate EBS-backed AMI to serve as a starting point for your new AMI. To view the
EBS-backed Windows AMIs, choose the following options from the Filter lists: Public images,
EBS images, and then Windows.
You can select any public AMI that uses the version of Windows Server that you want for your
AMI. However, you must select an EBS-backed AMI; don't start with an instance store-backed
AMI.

Choose Launch to launch an instance of the EBS-backed AMI that you've selected. Accept
the default values as you step through the wizard. For more information, see Launching an
Instance (p. 230).

While the instance is running, connect to it.
You can perform any of the following actions on your instance to customize it for your needs:
• Install software and applications
• Copy data
• Reduce start time by deleting temporary files, defragmenting your hard drive, and zeroing out
free space
• Attach additional EBS volumes
• Create a new user account and add it to the Administrators group

Tip
If you are sharing your AMI, these credentials can be supplied for RDP access without
disclosing your default administrator password.
• Configure settings using EC2Config. If you want your AMI to generate a random password
at launch time, you need to enable the Ec2SetPassword plugin; otherwise, the current

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Creating a Windows AMI from a Running Instance

administrator password is used. For more information, see Configuring a Windows Instance
Using the EC2Config Service (p. 266).
• If the instance uses RedHat drivers to access Xen virtualized hardware, upgrade to Citrix drivers
before you create an AMI. For more information, see Upgrading PV Drivers on Your Windows
AMI (p. 292) .
(Optional) When the instance is configured correctly, it is best to stop the instance before you
create the AMI, to ensure data integrity. You can use EC2Config to stop the instance, or select the
instance in the Amazon EC2 console and choose Actions, Instance State, Stop.
4.

In the navigation pane, choose Instances and select your instance. Choose Actions, Image, and
Create Image.

Tip
If this option is disabled, your instance isn't an Amazon EBS-backed instance.
In the Create Image dialog box, specify values for the following fields, and then choose Create
Image.
Name
A unique name for the image.
Description
(Optional) A description of the image, up to 255 characters.
By default, Amazon EC2 shuts down the instance, takes snapshots of any attached volumes,
creates and registers the AMI, and then reboots the instance. Choose No reboot if you don't want
your instance to be shut down.

Warning
If you choose No reboot, we can't guarantee the file system integrity of the created
image.
You can modify the root volume, Amazon EBS volumes, and instance store volumes as follows:
• To change the size of the root volume, locate the Root volume in the Type column, and fill in
the Size field.
• To suppress an Amazon EBS volume specified by the block device mapping of the AMI used to
launch the instance, locate the EBS volume in the list and choose Delete.
• To add an Amazon EBS volume, choose Add New Volume, Type, and EBS, and fill in the
fields. When you then launch an instance from your new AMI, these additional volumes are
automatically attached to the instance. Empty volumes must be formatted and mounted.
Volumes based on a snapshot must be mounted.
• To suppress an instance store volume specified by the block device mapping of the AMI used to
launch the instance, locate the volume in the list and choose Delete.
• To add an instance store volume, choose Add New Volume, Type, and Instance Store, and
select a device name from the Device list. When you launch an instance from your new AMI,
these additional volumes are automatically initialized and mounted. These volumes don't contain
data from the instance store volumes of the running instance from which you based your AMI.
5.

While your AMI is being created, you can choose AMIs in the navigation pane to view its status.
Initially, this is pending. After a few minutes, the status should change to available.
(Optional) Choose Snapshots in the navigation pane to view the snapshot that was created for
the new AMI. When you launch an instance from this AMI, we use this snapshot to create its root
device volume.

Launch an instance from your new AMI. For more information, see Launching an
Instance (p. 230). The new running instance contains all of the customizations you applied in
previous steps.
78

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Creating an Instance Store-Backed Windows AMI

Note
You can specify scripts to execute when an instance starts. You enter the script in the
User data section of the Instance Configuration Wizard. For example, you could specify a
PowerShell script to rename an instance when it starts. For more information, see Configuring
Instances with User Data (p. 256).

To create an AMI from an instance using the command
line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• create-image (AWS CLI)
• New-EC2Image (AWS Tools for Windows PowerShell)

Creating an Instance Store-Backed Windows
AMI
To create an instance store-backed Windows AMI, first launch and customize a Windows instance,
then bundle the instance, and register an AMI from the manifest that's created during the bundling
process.

Important
The only Windows AMIs that can be backed by instance store are those for Windows Server
2003. Instance store-backed instances don't have the available disk space required for later
versions of Windows Server.
You can only bundle an instance store-backed Windows instance using this procedure. If you need to
create an instance store-backed Linux AMI, see Creating an Instance Store-Backed Linux AMI in the
Amazon EC2 User Guide for Linux Instances.
The AMI creation process is different for Amazon EBS-backed AMIs. For more information about the
differences between Amazon EBS-backed and instance store-backed instances, and how to determine
the root device type for your instance, see Root Device Volume (p. 8). If you need to create an Amazon
EBS-backed Windows AMI, see Creating an Amazon EBS-Backed Windows AMI (p. 76).
Contents
• Instance Store-Backed Windows AMIs (p. 79)
• Preparing to Create an Instance Store-Backed Windows AMI (p. 80)
• Bundling an Instance Store-Backed Windows Instance (p. 81)
• Registering an Instance Store-Backed Windows AMI (p. 82)

Instance Store-Backed Windows AMIs
Instances launched from an AMI backed by instance store use an instance store volume as the root
device volume. The image of the root device volume of an instance store-backed AMI is initially stored
in Amazon S3. When an instance is launched using an instance store-backed AMI, the image of its root
device volume is copied from Amazon S3 to the root partition of the instance. The root device volume
is then used to boot the instance.
When you create an instance store-backed AMI, it must be uploaded to Amazon S3. Amazon S3
stores data objects in buckets, which are similar in concept to directories. Buckets have globally unique
names and are owned by unique AWS accounts.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Preparing to Create an Instance
Store-Backed Windows AMI

Bundling Process
The bundling process comprises the following tasks:
• Compress the image to minimize bandwidth usage and storage requirements.
• Encrypt and sign the compressed image to ensure confidentiality and authenticate the image against
its creator.
• Split the encrypted image into manageable parts for upload.
• Run Sysprep to strip computer-specific information (for example, the MAC address and computer
name) from the Windows AMI to prepare it for virtualization.
• Create a manifest file that contains a list of the image parts with their checksums.
• Put all components of the AMI in the Amazon S3 bucket that you specify when making the bundle
request.

Storage Volumes
It is important to remember the following details about the storage for your instance when you create
an instance store-backed AMI:
• The root device volume (C:) is automatically attached when a new instance is launched from your
new AMI. The data on any other instance store volumes is deleted when the instance is bundled.
• The instance store volumes other than the root device volume (for example, D:) are temporary and
should be used only for short-term storage.
• You can add Amazon EBS volumes to your instance store-based instance. Amazon EBS volumes
are stored within Amazon S3 buckets and remain intact when the instance is bundled. Therefore, we
recommend that you store all the data that must persist on Amazon EBS volumes, not instance store
volumes.
For more information about Amazon EC2 storage options, see Storage (p. 625).

Preparing to Create an Instance Store-Backed
Windows AMI
When you create an AMI, you start by basing it on an instance. You can customize the instance to
include the data and software that you need. As a result, any instance that you launch from your AMI
has everything that you need.

To launch an instance store-backed Windows instance
1.
2.

3.
4.

Open the Amazon EC2 console.
In the navigation pane, click AMIs. Select an instance store-backed AMI that is similar to the AMI
that you want to create. To view the instance store-backed Windows AMIs, select the following
options from the Filter lists: Public images, Instance store images, and then Windows.
You can select any public AMI that uses the version of Windows Server that you want for your
AMI. However, you must select an instance store-backed AMI; don't start with an Amazon EBSbacked AMI.
Click Launch to launch an instance of the instance store-backed AMI that you've selected. Accept
the default values as you step through the wizard.
While the instance is running, connect to it and customize it. For example, you can perform any of
the following on your instance:
• Install software and applications.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Bundling an Instance Store-Backed Windows Instance

• Copy data.
• Reduce start time by deleting temporary files, defragmenting your hard drive, and zeroing out
free space.
• Create a new user account and add it to the Administrators group.

Tip
If you are sharing your AMI, these credentials can be provided for RDP access without
disclosing your default Administrator password.
• Configure settings using EC2Config. For example, to generate a random password for your
instance when you launch it from this AMI, enable the Ec2SetPassword plugin; otherwise, the
current Administrator password is used. For more information, see Configuring a Windows
Instance Using the EC2Config Service (p. 266).
5.

If the instance uses RedHat drivers to access Xen virtualized hardware, upgrade to Citrix drivers
before you create an AMI. For more information, see Upgrading PV Drivers on Your Windows
AMI (p. 292).

Bundling an Instance Store-Backed Windows
Instance
Now that you've customized your instance, you can bundle the instance to create an AMI, using either
the AWS Management Console or the command line.

To bundle an instance store-backed Windows instance using the console
1.

Determine whether you'll use an existing Amazon S3 bucket for your new AMI or create a new
one. To create a new Amazon S3 bucket, use the following steps:
a.
b.
c.

2.
3.
4.

Open the Amazon S3 console.
Click Create Bucket.
Specify a name for the bucket and click Create.

Open the Amazon EC2 console.
In the navigation pane, click Instances. Right-click the instance you set up in the previous
procedure, and select Bundle Instance (instance store AMI).
In the Bundle Instance dialog box, fill in the requested information, and then click OK:
• Amazon S3 bucket name: Specify the name of an S3 bucket that you own. The bundle files
and manifest will be stored in this bucket.
• Amazon S3 key name: Specify a prefix for the files that are generated by the bundle process.
The Bundle Instance dialog box confirms that the request to bundle the instance has succeeded,
and also provides the ID of the bundle task. Click Close.

To view the status of the bundle task, click Bundle Tasks in the navigation pane. The bundle task
progresses through several states, including waiting-for-shutdown, bundling, and storing. If
the bundle task can't be completed successfully, the status is failed.

To bundle an instance store-backed Windows instance using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• bundle-instance (AWS CLI)
• New-EC2InstanceBundle (AWS Tools for Windows PowerShell)

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Registering an Instance Store-Backed Windows AMI

Registering an Instance Store-Backed Windows
AMI
Finally, you must register your AMI so that Amazon EC2 can locate it and launch instances from it.
Your new AMI is stored in Amazon S3. You'll incur charges for this storage until you deregister the AMI
and delete the bundle in Amazon S3.
If you make any changes to the source AMI stored in Amazon S3, you must deregister and reregister
the AMI before the changes take effect.

To register an instance store-backed Windows AMI from the AMI page in the console
1.

Open the Amazon EC2 console.

In the navigation pane, click AMIs. By default, the console displays the AMIs that you own.

Click Actions and select Register new AMI.

In the Register Image dialog box, provide the AMI Manifest Path and then click Register.

To register an instance store-backed Windows AMI from the Bundle Tasks page in the
console
1.

On the navigation pane, click Bundle Tasks.

Select the bundle task, and click Register as an AMI.

A dialog displays the AMI manifest path. Click Register, and then click Close in the confirmation
dialog box.

To register an instance store-backed Windows AMI using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• register-image (AWS CLI)
• Register-EC2Image (AWS Tools for Windows PowerShell)
To view your new AMI, click AMIs in the navigation pane, and ensure the Owned by me filter option is
selected.

AMIs with Encrypted Snapshots
AMIs that are backed by Amazon EBS snapshots can take advantage of Amazon EBS encryption.
Snapshots of both data and root volumes can be encrypted and attached to an AMI.
EC2 instances with encrypted volumes are launched from AMIs in the same way as other instances.
The CopyImage action can be used to create an AMI with encrypted snapshots from an AMI with
unencrypted snapshots. By default, CopyImage preserves the encryption status of source snapshots
when creating destination copies. However, you can configure the parameters of the copy process to
also encrypt the destination snapshots.
Snapshots can be encrypted with either your default AWS Key Management Service customer master
key (CMK), or with a custom key that you specify. You must in all cases have permission to use the

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AMI Scenarios Involving Encrypted EBS Snapshots

selected key. If you have an AMI with encrypted snapshots, you can choose to re-encrypt them with a
different encryption key as part of the CopyImage action. CopyImage accepts only one key at a time
and encrypts all of an image's snapshots (whether root or data) to that key. However, it is possible to
manually build an AMI with snapshots encrypted to multiple keys.
Support for creating AMIs with encrypted snapshots is accessible through the Amazon EC2 console,
Amazon EC2 API, or the AWS CLI.
The encryption parameters of CopyImage are available in all regions where AWS KMS is available.

AMI Scenarios Involving Encrypted EBS
Snapshots
You can copy an AMI and simultaneously encrypt its associated EBS snapshots using the AWS
Management Console or the command line.

Copying an AMI with an Encrypted Data Snapshot
In this scenario, an EBS-backed AMI has an unencrypted root snapshot and an encrypted data
snapshot, shown in step 1. The CopyImage action is invoked in step 2 without encryption parameters.
As a result, the encryption status of each snapshot is preserved, so that the destination AMI, in step
3, is also backed by an unencrypted root snapshot and an encrypted data snapshot. Though the
snapshots contain the same data, they are distinct from each other and you will incur storage costs for
the snapshots in both AMIs, as well as charges for any instances you launch from either AMI.

You can perform a simple copy such as this using either the Amazon EC2 console or the command
line. For more information, see Copying an AMI (p. 85).

Copying an AMI Backed by An Encrypted Root Snapshot
In this scenario, an Amazon EBS-backed AMI has an encrypted root snapshot, shown in step 1. The
CopyImage action is invoked in step 2 without encryption parameters. As a result, the encryption
status of the snapshot is preserved, so that the destination AMI, in step 3, is also backed by an
encrypted root snapshot. Though the root snapshots contain identical system data, they are distinct
from each other and you will incur storage costs for the snapshots in both AMIs, as well as charges for
any instances you launch from either AMI.

You can perform a simple copy such as this using either the Amazon EC2 console or the command
line. For more information, see Copying an AMI (p. 85).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AMI Scenarios Involving Encrypted EBS Snapshots

Creating an AMI with Encrypted Root Snapshot from an
Unencrypted AMI
In this scenario, an Amazon EBS-backed AMI has an unencrypted root snapshot, shown in step 1, and
an AMI is created with an encrypted root snapshot, shown in step 3. The CopyImage action in step 2
is invoked with two encryption parameters, including the choice of a CMK. As a result, the encryption
status of the root snapshot changes, so that the target AMI is backed by a root snapshot containing the
same data as the source snapshot, but encrypted using the specified key. You will incur storage costs
for the snapshots in both AMIs, as well as charges for any instances you launch from either AMI.

You can perform a copy and encrypt operation such as this using either the Amazon EC2 console or
the command line. For more information, see Copying an AMI (p. 85).

Creating an AMI with an Encrypted Root Snapshot from a
Running Instance
In this scenario, an AMI is created from a running EC2 instance. The running instance in step 1 has
an encrypted root volume, and the created AMI in step 3 has a root snapshot encrypted to the same
key as the source volume. The CreateImage action has exactly the same behavior whether or not
encryption is present.

You can create an AMI from a running Amazon EC2 instance (with or without encrypted volumes)
using either the Amazon EC2 console or the command line. For more information, see Creating an
Amazon EBS-Backed Windows AMI (p. 76).

Creating an AMI with Unique CMKs for Each Encrypted
Snapshot
This scenario starts with an AMI backed by a root-volume snapshot (encrypted to key #1), and finishes
with an AMI that has two additional data-volume snapshots attached (encrypted to key #2 and key #3).
The CopyImage action cannot apply more than one encryption key in a single operation. However, you
can create an AMI from an instance that has multiple attached volumes encrypted to different keys.
The resulting AMI has snapshots encrypted to those keys and any instance launched from this new
AMI also has volumes encrypted to those keys.
The steps of this example procedure correspond to the following diagram.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Copying an AMI

1. Start with the source AMI backed by vol. #1 (root) snapshot, which is encrypted with key #1.
2. Launch an EC2 instance from the source AMI.
3. Create EBS volumes vol. #2 (data) and vol. #3 (data), encrypted to key #2 and key #3 respectively.
4. Attach the encrypted data volumes to the EC2 instance.
5. The EC2 instance now has an encrypted root volume as well as two encrypted data volumes, all
using different keys.
6. Use the CreateImage action on the EC2 instance.
7. The resulting target AMI contains encrypted snapshots of the three EBS volumes, all using different
keys.

You can carry out this procedure using either the Amazon EC2 console or the command line. For more
information, see the following topics:
• Launch Your Instance (p. 229)
• Creating an Amazon EBS-Backed Windows AMI (p. 76).
• Amazon EBS Volumes (p. 628)
• AWS Key Management in the AWS Key Management Service Developer Guide

Copying an AMI
You can copy an Amazon Machine Image (AMI) within or across an AWS region using the AWS
Management Console, the command line, or the Amazon EC2 API, all of which support the
CopyImage action. Both Amazon EBS-backed AMIs and instance store-backed AMIs can be copied.
Copying a source AMI results in an identical but distinct target AMI with its own unique identifier. In
the case of an Amazon EBS-backed AMI, each of its backing snapshots is, by default, copied to an
identical but distinct target snapshot. (The one exception is when you choose to encrypt the snapshot,
as described below.) The source AMI can be changed or deregistered with no effect on the target AMI.
The reverse is also true.
There are no charges for copying an AMI. However, standard storage and data transfer rates apply.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Copying an AMI You Own

AWS does not copy launch permissions, user-defined tags, or Amazon S3 bucket permissions from the
source AMI to the new AMI. After the copy operation is complete, you can apply launch permissions,
user-defined tags, and Amazon S3 bucket permissions to the new AMI.

Copying an AMI You Own
You can copy any AMI that belongs to your AWS account using the CopyImage action. This includes
AMIs with encrypted snapshots and encrypted AMIs.

Copying an AMI Across AWS Accounts
You can copy an AMI across AWS accounts. This includes AMIs with encrypted snapshots, but does
not include encrypted AMIs.
The owner of the account must grant read permissions on the storage that backs the AMI, whether it is
an associated EBS snapshot (for an Amazon EBS-backed AMI) or an associated Amazon S3 bucket
( for an instance-store-backed AMI). To allow other accounts to copy your AMIs, you must grant read
permissions on your associated snapshot or bucket using the Amazon EBS or Amazon S3 access
management tools.
When an AMI is copied, the owner of the source AMI is charged standard Amazon EBS or Amazon S3
transfer fees, and the owner of the target AMI is charged for storage in the destination region.

Limits
• You can't copy an encrypted AMI between accounts. Instead, if the underlying snapshot and
encryption key have been shared with you, you can copy the snapshot to another account while reencrypting it with a key of your own, and then register this privately owned snapshot as a new AMI.
• You can't directly copy an AMI that has a billingProduct code associated with it. This includes
Windows AMIs and other AMIs from the AWS Marketplace that are owned and shared by another
AWS account. To create a private copy of an AMI that has a billingProduct code associated with
it, we recommend the following procedure:
1. Launch an EC2 instance in the target account using the shared AMI.
2. Create an image from the new instance.
The result will be a private AMI that you own and can customize like any other AMI you own. For
example, if you have created a private copy of an EBS-backed AMI, you can use CopyImage to
create an AMI with an encrypted root volume. For more information, see Creating an Amazon EBSBacked Windows AMI (p. 76).

Copying an AMI Across Regions
Copying an AMI across geographically diverse regions provides the following benefits:
• Consistent global deployment: Copying an AMI from one region to another enables you to launch
consistent instances based from the same AMI into different regions.
• Scalability: You can more easily design and build world-scale applications that meet the needs of
your users, regardless of their location.
• Performance: You can increase performance by distributing your application, as well as locating
critical components of your application in closer proximity to your users. You can also take
advantage of region-specific features, such as instance types or other AWS services.
• High availability: You can design and deploy applications across AWS regions, to increase
availability.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Copying to Encrypt

The following diagram shows the relations among a source AMI and two copied AMIs in different
regions, as well as the EC2 instances launched from each. When you launch an instance from an AMI,
it resides in the same region where the AMI resides. If you make changes to the source AMI and want
those changes to be reflected in the AMIs in the target regions, you must recopy the source AMI to the
target regions.

When you first copy an instance store-backed AMI to a region, we create an Amazon S3 bucket
for the AMIs copied to that region. All instance store-backed AMIs that you copy to that region are
stored in this bucket. The names of these buckets have the following format: amis-for-accountin-region-hash. For example: amis-for-123456789012-in-us-west-2-yhjmxvp6.

Note
Destination regions are limited to 50 concurrent AMI copies at a time, with no more than 25
of those coming from a single source region. To request an increase to this limit, see Amazon
EC2 Service Limits (p. 742).
Prior to copying an AMI, you must ensure that the contents of the source AMI are updated to support
running in a different region. For example, you should update any database connection strings or
similar application configuration data to point to the appropriate resources. Otherwise, instances
launched from the new AMI in the destination region may still use the resources from the source
region, which can impact performance and cost.

Copying to Encrypt
Encrypting during copying applies only to Amazon EBS-backed AMIs. Because an instance-storebacked AMIs does not rely on snapshots, the CopyImage action cannot be used to change its
encryption status.
The CopyImage action can also be used to create a new AMI backed by encrypted Amazon EBS
snapshots. If you invoke encryption while copying an AMI, each snapshot taken of its associated
Amazon EBS volumes—including the root volume—will be encrypted using a key that you specify.
For more information about using AMIs with encrypted snapshots, see AMIs with Encrypted
Snapshots (p. 82).
By default, the backing snapshot of an AMI will be copied with its original encryption status. Copying
an AMI backed by an unencrypted snapshot will result in an identical target snapshot that is also
unencrypted. If the source AMI is backed by an encrypted snapshot, copying it will result in a target
snapshot encrypted to the specified key. Copying an AMI backed by multiple snaphots preserves
the source encryption status in each target snapshot. For more information about copying AMIs with
multiple snapshots, see AMIs with Encrypted Snapshots (p. 82).
The following table shows encryption support for various scenarios. Note that while it is possible
to copy an unencrypted snapshot to yield an encrypted snapshot, you cannot copy an encrypted
snapshot to yield an unencrypted one.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AMI Copying Scenarios

Scenario

Description

Supported

Unencrypted-to-unencrypted

Yes

Encrypted-to-encrypted

Yes

Unencrypted-to-encrypted

Yes

Encrypted-to-unencrypted

AMI Copying Scenarios
This section describes basic scenarios for copying AMIs and provides copy procedures using the
Amazon EC2 console and the command line.
Copy an unencrypted source AMI to an unencrypted target AMI
In the simplest case, a copy of an AMI with an unencrypted single backing snapshot is created in the
specified geographical region (not shown).

Note
Although the diagram above shows an AMI with a single backing snapshot, the CopyImage
action also works for AMIs with multiple snapshots. The encryption status of each snapshot
is preserved. This means that an unencrypted snapshot in the source AMI will cause an
unencrypted snapshot to be created in the target AMI, and an encrypted snapshot in the
source AMI will cause an encrypted snapshot to be created in the target AMI.
Copy an encrypted source AMI to an encrypted target AMI
Although this scenario involves encrypted snapshots, it is functionally equivalent to the previous
scenario.

Note
If you apply encryption while copying a multi-snapshot AMI, all of the target snapshots are
encrypted using the specified key or the default key if none is specified. For information about
creating an AMI with multiple snapshots encrypted to multiple keys, see AMIs with Encrypted
Snapshots (p. 82).
Copy an unencrypted source AMI to an encrypted target AMI

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Copying an AMI Using the Console or Command Line

In this last scenario, the CopyImage action changes the encryption status of the destination image,
for instance, by encrypting an unencrypted snapshot, or re-encrypting an encrypted snapshot with
a different key. To apply encryption during the copy, you must supply encryption parameters: an
encryption flag and a key. Volumes created from the target snapshot are accessible only if you
supply this key. For more information about supported encryption scenarios for AMIs, see AMIs with
Encrypted Snapshots (p. 82).

Copying an AMI Using the Console or Command
Line
The steps in the following procedure correspond to the three steps in each scenario diagram. Apart
from the configuration of encryption options, the procedure for implementing the CopyImage action is
identical in all cases.

To copy an AMI using the console
1.

Create or obtain an AMI backed by an Amazon EBS snapshot. For more information, see Creating
an Amazon EBS-Backed Windows AMI (p. 76). A wide variety of AWS-supplied AMIs are
available through the Amazon EC2 console.
From the console navigation bar, select the region that contains the AMI you wish to copy. In the
navigation pane, expand Images and select AMIs to display the list of AMIs available to you in the
selected region.
Select the AMI to copy and choose Actions and Copy AMI.
In the AMI Copy page, set the following fields and choose Copy AMI:
• Destination region: Choose the region into which to copy the AMI.
• Name: Provide a name for the new AMI. You may want to include operating system information
in the name, as we do not provide this information when displaying details about the AMI.
• Description: By default, the description includes information about the source AMI so that you
can distinguish a copy from its original. You can change this description as needed.

• Encryption: Select this field to encrypt the target Amazon EBS snapshots, or to re-encrypt them
using a different key.
• Master Key: The KMS key that will be used to encrypt the target Amazon EBS snapshots if
Encryption has been chosen.
We display a confirmation page to let you know that the copy operation has been initiated and to
provide you with the ID of the new AMI.
To check on the progress of the copy operation immediately, follow the provided link. To check on
the progress later, choose Done, and then when you are ready, use the navigation bar to switch to
the target region (if applicable) and locate your AMI in the list of AMIs.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Stopping a Pending AMI Copy Operation

The initial status of the target AMI is pending and the operation is complete when the status is
available.
To copy an AMI using the command line
Copying an AMI using the command line requires that you specify both the source and destination
regions. You specify the source region using the --source-region parameter. For the destination
region, you have two options:
• Use the --region parameter.
• Set an environmental variable. For more information, see Configuring the AWS Command Line
Interface.
When you encrypt a target snapshot during copying, you will need to supply two additional parameters:
• A Boolean, --encrypted
• A string, --kms-key-id, providing the master encryption key ID
You can copy an AMI using one of the following commands. For more information about these
command line interfaces, see Accessing Amazon EC2 (p. 3).
• copy-image (AWS CLI)
• Copy-EC2Image (AWS Tools for Windows PowerShell)

Stopping a Pending AMI Copy Operation
You can stop a pending AMI copy using the AWS Management Console or the command line.

To stop an AMI copy operation using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

From the navigation bar, select the destination region from the region selector.

In the navigation pane, choose AMIs.

Select the AMI to stop copying and choose Actions and Deregister.

When asked for confirmation, choose Continue.

To stop an AMI copy operation using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• deregister-image (AWS CLI)
• Unregister-EC2Image (AWS Tools for Windows PowerShell)

Deregistering Your AMI
You can deregister an AMI when you have finished using it. After you deregister an AMI, you can't use
it to launch new instances.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Cleaning Up Your Amazon EBS-Backed AMI

When you deregister an AMI, it doesn't affect any instances that you've already launched from the
AMI. You'll continue to incur usage costs for these instances. Therefore, if you are finished with these
instances, you should terminate them.
The procedure that you'll use to clean up your AMI depends on whether it is backed by Amazon EBS
or instance store. (Note that the only Windows AMIs that can be backed by instance store are those for
Windows Server 2003.)
Contents
• Cleaning Up Your Amazon EBS-Backed AMI (p. 91)
• Cleaning Up Your Instance Store-Backed AMI (p. 92)

Cleaning Up Your Amazon EBS-Backed AMI
When you deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was created for
the root volume of the instance during the AMI creation process. You'll continue to incur storage costs
for this snapshot. Therefore, if you are finished with the snapshot, you should delete it.
The following diagram illustrates the process for cleaning up your Amazon EBS-backed AMI.

To clean up your Amazon EBS-backed AMI
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose AMIs. Select the AMI, and take note of its ID — this can help you
find the correct snapshot in the next step. Choose Actions, and then Deregister. When prompted
for confirmation, choose Continue.
The AMI status is now unavailable.

Note
It may take a few minutes before the console changes the status from available to
unavailable, or removes the AMI from the list altogether. Choose Refresh to refresh
the status.
3.

In the navigation pane, choose Snapshots, and select the snapshot (look for the AMI ID in the
Description column). Choose Actions, and then choose Delete Snapshot. When prompted for
confirmation, choose Yes, Delete.

(Optional) If you are finished with an instance that you launched from the AMI, terminate it. In the
navigation pane, choose Instances. Select the instance, choose Actions, then Instance State,
and then Terminate. When prompted for confirmation, choose Yes, Terminate.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Cleaning Up Your Instance Store-Backed AMI

Cleaning Up Your Instance Store-Backed AMI
When you deregister an instance store-backed AMI, it doesn't affect the files that you uploaded to
Amazon S3 when you created the AMI. You'll continue to incur usage costs for these files in Amazon
S3. Therefore, if you are finished with these files, you should delete them.
The following diagram illustrates the process for cleaning up your instance store-backed AMI.

To clean up your instance store-backed AMI
1.

Deregister the AMI using the deregister-image command as follows.
aws ec2 deregister-image --image-id ami_id

The AMI status is now unavailable.
2.

Delete the bundle in Amazon S3 using the rm command. For example, this command recursively
removes the files that start with mybundle (assume this is the S3 key you used when you created
the bundle, and assume you don't have other important objects in this bucket that use this key).
aws s3 rm s3://myawsbucket/myami --recursive --exclude "*" --include
"mybundle.*"

(Optional) If you are finished with an instance that you launched from the AMI, you can terminate it
using the terminate-instances command as follows.
aws ec2 terminate-instances --instance-ids instance_id

(Optional) If you are finished with the Amazon S3 bucket that you uploaded the bundle to, you
can delete the bucket. To delete an Amazon S3 bucket, open the Amazon S3 console, select the
bucket, choose Actions, and then choose Delete.

AWS Windows AMI Version History
AWS provides Amazon Machine Images (AMIs) that contain versions of Windows Server, known as
the AWS Windows AMIs. Some AWS Windows AMIs also come configured with Microsoft SQL Server
or Internet Information Services (IIS). You can use an AMI with Microsoft SQL Server and IIS already
configured, or you can start from a basic Windows AMI, and then install Microsoft SQL Server and
enable IIS on the instance. For more information, see AWS Windows AMIs (p. 61).

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Configuration Settings and Drivers

Contents
• Configuration Settings and Drivers (p. 93)
• Updating Your Windows Instance (p. 93)
• Upgrading or Migrating a Windows Server Instance (p. 93)
• Determining Your Instance Version (p. 94)
• Subscribing to Windows AMI Notifications (p. 94)
• AWS Windows AMI Versions (p. 95)
• Image Changes (p. 105)

Configuration Settings and Drivers
The AWS Windows AMIs are generally configured the same way as a Windows Server that you install
from Microsoft-issued media. There are, however, a few differences in the installation defaults.
AWS Windows AMIs come with an additional service installed, the EC2Config service. The EC2Config
service runs in the local system account and is primarily used during the initial setup. For information
about the tasks that EC2Config performs, see Overview of EC2Config Tasks (p. 267).
After you launch your Windows instance with its initial configuration, you can use the EC2Config
service to change the configuration settings as part of the process of customizing and creating your
own AMI. Instances launched from your customized AMI are launched with the new configuration.
AWS Windows AMIs contain a set of drivers to permit access to Xen virtualized hardware. These
drivers are used by Amazon EC2 to map instance store and Amazon EBS volumes to their devices.
For more information, see Paravirtual Drivers (p. 290).

Updating Your Windows Instance
After you launch a Windows instance, you are responsible for installing updates on it. You can
manually install only the updates that interest you, or you can start from a current AWS Windows AMI
and build a new Windows instance. For information about finding the current AWS Windows AMIs, see
Finding a Windows AMI (p. 66).
For Windows instances, you can install updates to the following services or applications:
• Windows
• Microsoft SQL Server
• Windows PowerShell
• EC2Config service (p. 276)
• PV Drivers (p. 292)
• AWS Tools for Windows PowerShell
• AWS CloudFormation helper scripts
You can reboot a Windows instance after installing updates. For more information, see Reboot Your
Instance (p. 244).

Upgrading or Migrating a Windows Server
Instance
For information about how to upgrade or migrate an instance to a newer version of Windows, see
Upgrading a Windows Server EC2 Instance to a Newer Version of Windows Server.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Determining Your Instance Version

Determining Your Instance Version
The AWS Management Console provides details about the AMI that you use to create an Amazon EC2
instance. The AMI ID field on the Description tab contains information including the Windows Server
SKU, the architecture (32-bit or 64-bit), the date the AMI was created, and an AMI ID.

If an AMI has been made private or replaced by later versions and is no longer listed in the catalog,
the AMI ID field states, "Cannot load detail for ami-xxxxx. You may not be permitted to view it." To
determine which AMI was used to create the instance, you must open the system log. In the EC2
console, choose an instance, and from the context-menu (right-click) choose Instance Settings and
then choose Get System Log. The date the AMI was created and the SKU are listed in the AMI Origin
Version and AMI Origin Name fields.

Note
The AMI Origin Version and AMI Origin Name are displayed in the system log only if
the EC2Config service is running version 2.1.19 or later and the AMI was created after
2013.11.13.

Subscribing to Windows AMI Notifications
If you want to be notified when new AMIs are released or when the previous AMIs are made private,
you can subscribe to these notifications using Amazon SNS.

To subscribe to Windows AMI notifications
1.
2.

Open the Amazon SNS console.
In the navigation bar, change the region to US East (N. Virginia), if necessary. You must select
this region because the SNS notifications that you are subscribing to were created in this region.

3.
4.
5.

In the navigation pane, click Subscriptions.
Click Create Subscription.
In the Create Subscription dialog box, do the following:
a.

In TopicARN, enter one of the following Amazon Resource Names (ARNs):
• arn:aws:sns:us-east-1:801119661308:ec2-windows-ami-update
• arn:aws:sns:us-east-1:801119661308:ec2-windows-ami-private

b.
c.

In Protocol, select Email.
In Endpoint, enter an email address that you can use to receive the notifications.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

d.
6.

Click Subscribe.

You'll receive a confirmation email with the subject line AWS Notification - Subscription
Confirmation. Open the email and click Confirm subscription to complete your subscription.

Whenever new Windows AMIs are released, we send notifications to subscribers of the ec2windows-ami-update topic. Whenever new Windows AMIs are made private, we send notifications
to subscribers of the ec2-windows-ami-private topic. If you no longer want to receive these
notifications, use the following procedure to unsubscribe.

To unsubscribe from Windows AMI notifications
1.

Open the Amazon SNS console.

In the navigation pane, click Subscriptions.

Select the subscription and then click Delete Subscriptions When prompted for confirmation,
click Yes, Delete.

AWS Windows AMI Versions
AWS provides updated, fully-patched Windows AMIs within five business days of Microsoft's patch
Tuesday (the second Tuesday of each month). The new AMIs are available immediately through the
Images page in the Amazon EC2 console. The new AMIs are available in the AWS Marketplace and
the Quick Start tab of the launch instance wizard within a few days of their release. AWS makes the
previously published Windows AMIs private within 10 business days after publishing updated Windows
AMIs, to ensure that customers have the latest security updates by default.
The Windows AMIs in each release have new AMI IDs. Therefore, we recommend that you write
scripts that locate the latest AWS Windows AMIs by their names, rather than by their IDs. For more
information, see Get-EC2ImageByName in the AWS Tools for Windows PowerShell User Guide. You
can also create a Lambda function to perform this task with Amazon EC2 and other services such as
AWS CloudFormation. For more information, see Create a Lambda Function.
The following table summarizes the changes to each release of the AWS Windows AMIs. Note that
some changes apply to all AWS Windows AMIs while others apply to only a subset of these AMIs.
Release

Changes

2016.9.14

ALL AMIs
• Microsoft security updates current to September 13, 2016.
• Current AWS Tools for Windows PowerShell
• Renamed AMI: Windows_Server-2012-RTM-Japanese-64BitSQL_2008_R3_SP2_Standard to Windows_Server-2012-RTMJapanese-64Bit-SQL_2008_R2_SP3_Standard

2016.8.26

All Windows Server 2008 R2 AMIs dated 2016.08.11 were updated to fix a
known issue. New AMIs are dated 2016.08.25.

2016.8.11

ALL AMIs
• Ec2Config v3.19.1153
• Microsoft security updates current to August 10, 2016.
• Enabled the registry key User32 exception handler hardening feature in
Internet Explorer for MS15-124.

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

Server 2008 R2, Server 2012 RTM, and Server 2012 R2 AMIs
• Elastic Network Adapter (ENA) Driver 1.0.8.0
• ENA AMI property set to enabled.

Note
AWS PV Driver for Windows Server 2008 R2 was re-released this
month because of a known issue. Windows Server 2008 R2 AMI's
were removed in July because of this issue.
2016.8.2

Windows Server 2008 R2 AMIs
All Windows Server 2008 R2 AMIs for July were removed and rolled back
to AMIs dated 2016.06.15, because of an issue discovered in the AWS PV
driver. The AWS PV driver issue has been fixed. The August AMI release
will include Windows Server 2008 R2 AMIs with the fixed AWS PV driver
and July/August Windows updates.

2016.7.26

ALL AMIs
• Ec2Config v3.18.1118
• Microsoft security updates current to July 2016.
2016.07.13 AMIs were missing security patches. AMIs were re-patched.
Additional processes were put in place to verify successful patch
installations going forward.

2016.7.13

ALL AMIs
• Microsoft security updates current to July 2016
• Current AWS Tools for Windows PowerShell
• Updated AWS PV Driver 7.4.2.0
• AWS PV Driver for Windows Server 2008 R2

2016.6.16

• Microsoft security updates current to June 2016
• Current AWS Tools for Windows PowerShell
• EC2Config service version 3.17.1032
• Released 10 new AMIs that include 64-bit versions of Microsoft
SQL Server 2016. You can launch an instance from one of these
AMIs from the EC2 console, CLI, or API. If using the console,
navigate to EC2 > Images > AMIs, choose Public Images, and enter
“Windows_Server-2012-R2_RTM-English-64Bit-SQL_2016_Standard”
in the search bar. For more information about SQL Server 2016, see
What's New in SQL Server 2016 on MSDN.

2016.5.11

ALL AMIs
• Microsoft security updates current to May 2016
• Current AWS Tools for Windows PowerShell
• EC2Config service version 3.16.930
• MS15-011 Active Directory patch installed
• Intel SRIOV driver for Windows Server 2012 R2 based AMIs. Version
1.0.16.1 (03/04/2014)

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2016.4.13

ALL AMIs
• Microsoft security updates current to April 2016
• Current AWS Tools for Windows PowerShell
• EC2Config service version 3.15.880

2016.3.9

ALL AMIs
• Microsoft security updates current to March 2016
• Current AWS Tools for Windows PowerShell
• EC2Config service version 3.14.786

2016.2.10

ALL AMIs
• Microsoft security updates current to February 2016
• Current AWS Tools for Windows PowerShell
• EC2Config service version 3.13.727

2016.1.25

ALL AMIs
• Microsoft security updates current to January 2016
• Current AWS Tools for Windows PowerShell
• EC2Config service version 3.12.649

2016.1.5

ALL AMIs
• Current AWS Tools for Windows PowerShell

2015.12.15

ALL AMIs
• Microsoft security updates current to December 2015
• Current AWS Tools for Windows PowerShell

2015.11.11

ALL AMIs
• Microsoft security updates current to November 2015
• Current AWS Tools for Windows PowerShell
• EC2Config service version 3.11.521
• CFN Agent updated to latest version

2015.10.26

Corrected boot volume sizes of base AMIs to be 30GB instead of 35GB

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2015.10.14

ALL AMIs
• Microsoft security updates current to October 2015
• EC2Config service version 3.10.442
• Current AWS Tools for Windows PowerShell
• Updated SQL Service Packs to latest versions for all SQL variants
• Removed old entries in Event Logs
• AMI Names have been changed to reflect the latest service pack.
For example, the latest AMI with Server 2012 and SQL 2014
Standard is named “Windows_Server-2012-RTM-English-64BitSQL_2014_SP1_Standard-2015.10.26“, not “Windows_Server-2012RTM-English-64Bit-SQL_2014_RTM_Standard-2015.10.26“.

2015.9.9

ALL AMIs
• Microsoft security updates current to September 2015
• EC2Config service version 3.9.359
• Current AWS Tools for Windows PowerShell
• Current AWS CloudFormation helper scripts

2015.8.18

ALL AMIs
• Microsoft security updates current to August 2015
• EC2Config service version 3.8.294
• Current AWS Tools for Windows PowerShell

Only AMIs with Windows Server 2012 and Windows Server 2012
R2
• AWS PV Driver 7.3.2
2015.7.21

ALL AMIs
• Microsoft security updates current to July 2015
• EC2Config service version 3.7.308
• Current AWS Tools for Windows PowerShell
• Modified AMI descriptions of SQL images for consistency

2015.6.10

ALL AMIs
• Microsoft security updates current to June 2015
• EC2Config service version 3.6.269
• Current AWS Tools for Windows PowerShell
• Current AWS CloudFormation helper scripts

Only AMIs with Windows Server 2012 R2
• AWS PV Driver 7.3.1

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2015.5.13

All AMIs
• Microsoft security updates current to May 2015
• EC2Config service version 3.5.228
• Current AWS Tools for Windows PowerShell

2015.04.15

All AMIs
• Microsoft security updates current to April 2015
• EC2Config service version 3.3.174
• Current AWS Tools for Windows PowerShell

2015.03.11

All AMIs
• Microsoft security updates current to March 2015
• EC2Config service version 3.2.97
• Current AWS Tools for Windows PowerShell

Only AMIs with Windows Server 2012 R2
• AWS PV Driver 7.3.0
2015.02.11

All AMIs
• Microsoft security updates current to February 2015
• EC2Config service version 3.0.54
• Current AWS Tools for Windows PowerShell
• Current AWS CloudFormation helper scripts

2015.01.14

All AMIs
• Microsoft security updates current to January 2015
• EC2Config service version 2.3.313
• Current AWS Tools for Windows PowerShell
• Current AWS CloudFormation helper scripts

2014.12.10

All AMIs
• Microsoft security updates current to December 2014
• EC2Config service version 2.2.12
• Current AWS Tools for Windows PowerShell

2014.11.19

All AMIs
• Microsoft security updates current to November 2014
• EC2Config service version 2.2.11
• Current AWS Tools for Windows PowerShell

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2014.10.15

All AMIs
• Microsoft security updates current to October 2014
• EC2Config service version 2.2.10
• Current AWS Tools for Windows PowerShell

Only AMIs with Windows Server 2012 R2
• AWS PV Driver 7.2.4.1 (resolves the issues with Plug and Play Cleanup,
which is now enabled by default)
2014.09.10

All AMIs
• Microsoft security updates current to September 2014
• EC2Config service version 2.2.8
• Current AWS Tools for Windows PowerShell

Only AMIs with Windows Server 2012 R2
• Disable Plug and Play Cleanup (see Important information)
• AWS PV Driver 7.2.2.1 (resolves issues with the uninstaller)
2014.08.13

All AMIs
• Microsoft security updates current to August 2014
• EC2Config service version 2.2.7
• Current AWS Tools for Windows PowerShell

Only AMIs with Windows Server 2012 R2
• AWS PV Driver 7.2.2.1 (improves disk performance, resolves issues with
reconnecting multiple network interfaces and lost network settings)
2014.07.10

All AMIs
• Microsoft security updates current to July 2014
• EC2Config service version 2.2.5
• Current AWS Tools for Windows PowerShell

2014.06.12

All AMIs
• Microsoft security updates current to June 2014
• EC2Config service version 2.2.4
• Removed NVIDIA drivers (except for Windows Server 2012 R2 AMIs)
• Current AWS Tools for Windows PowerShell

100

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2014.05.14

All AMIs
• Microsoft security updates current to May 2014
• EC2Config service version 2.2.2
• Current AWS Tools for Windows PowerShell
• AWS CloudFormation helper scripts version 1.4.0

2014.04.09

All AMIs
• Microsoft security updates current to April 2014
• Current AWS Tools for Windows PowerShell
• Current AWS CloudFormation helper scripts

2014.03.12

All AMIs
• Microsoft security updates current to March 2014

2014.02.12

All AMIs
• Microsoft security updates current to February 2014
• EC2Config service version 2.2.1
• Current AWS Tools for Windows PowerShell
• KB2634328
• Remove the BCDEdit useplatformclock value

Only AMIs with Microsoft SQL Server
• Microsoft SQL Server 2012 SP1 cumulative update package 8
• Microsoft SQL Server 2008 R2 cumulative update package 10
2013.11.13

All AMIs
• Microsoft security updates current to November 2013
• EC2Config service version 2.1.19
• Current AWS Tools for Windows PowerShell
• Configure NTP to synchronize the time once a day (the default is every
seven days)

Only AMIs with Windows Server 2012
• Clean up the WinSXS folder using the following command: dism /
online /cleanup-image /StartComponentCleanup
2013.09.11

All AMIs
• Microsoft security updates current to September 2013
• EC2Config service version 2.1.18
• Current AWS Tools for Windows PowerShell
• AWS CloudFormation helper scripts version 1.3.15

101

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2013.07.10

All AMIs
• Microsoft security updates current to July 2013
• EC2Config service version 2.1.16
• Expanded the root volume to 50 GB
• Set the page file to 512 MB, expanding to 8 GB as needed
• Current AWS Tools for Windows PowerShell

2013.06.12

All AMIs
• Microsoft security updates current to June 2013
• Current AWS Tools for Windows PowerShell

Only AMIs with Microsoft SQL Server
• Microsoft SQL Server 2012 SP1 with cumulative update package 4
2013.05.15

All AMIs
• Microsoft security updates current to May 2013
• EC2Config service version 2.1.15
• All instance store volumes attached by default
• Remote PowerShell enabled by default
• Current AWS Tools for Windows PowerShell

2013.04.14

All AMIs
• Microsoft security updates current to April 2013
• Current AWS Tools for Windows PowerShell
• AWS CloudFormation helper scripts version 1.3.14

2013.03.14

All AMIs
• Microsoft security updates current to March 2013
• EC2Config service version 2.1.14
• Citrix Agent with CPU heartbeat fix
• Current AWS Tools for Windows PowerShell
• AWS CloudFormation helper scripts version 1.3.11

102

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2013.02.22

All AMIs
• Microsoft security updates current to February 2013
• KB2800213
• Windows PowerShell 3.0 upgrade
• EC2Config service version 2.1.13
• Citrix Agent with time fix
• Citrix PV drivers dated 2011.07.19
• Current AWS Tools for Windows PowerShell
• AWS CloudFormation helper scripts version 1.3.8

Only AMIs with Microsoft SQL Server
• Microsoft SQL Server 2012 cumulative update package 5
2012.12.12

All AMIs
• Microsoft security updates current to December 2012
• Set the ActiveTimeBias registry value to 0
• Disable IPv6 for the network adapter
• EC2Config service version 2.1.9
• Add AWS Tools for Windows PowerShell and set the policy to allow
import-module

2012.11.15

All AMIs
• Microsoft security updates current to November 2012
• EC2Config service version 2.1.7

2012.10.10

All AMIs
• Microsoft security updates current to October 2012

2012.08.15

All AMIs
• Microsoft security updates current to August 2012
• EC2Config service version 2.1.2
• KB2545227

2012.07.11

All AMIs
• Microsoft security updates current to July 2012

103

Amazon Elastic Compute Cloud
User Guide for Windows Instances
AWS Windows AMI Versions

Release

Changes

2012.06.12

All AMIs
• Microsoft security updates current to June 2012
• Set page file to 4 GB
• Remove installed language packs
• Set performance option to "Adjust for best performance"
• Set the screen saver to no longer display the logon screen on resume
• Remove previous RedHat driver versions using pnputil
• Remove duplicate bootloaders and set bootstatuspolicy to
ignoreallfailures using bcdedit

2012.05.10

All AMIs
• Microsoft security updates current to May 2012
• EC2Config service version 2.1.0

2012.04.11

All AMIs
• Microsoft security updates current to April 2012
• KB2582281
• Current version of EC2Config
• System time in UTC instead of GMT

2012.03.13

All AMIs
• Microsoft security updates current to March 2012

2012.02.24

All AMIs
• Microsoft security updates current to February 2012
• Standardize AMI names and descriptions

2012.01.12

All AMIs
• Microsoft security updates current to January 2012
• RedHat PV driver version 1.3.10

2011.09.11

All AMIs
• Microsoft security updates current to September 2011

1.04

All AMIs
• Current Microsoft security updates
• Update network driver
• Fix issue with instances in a VPC losing connectivity when changing the
time zone of the instance

1.02

All AMIs
• Current Microsoft security updates
• Update network driver
• Add support for licensing activation for instances in a VPC

104

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Image Changes

Release

Changes

1.01

All AMIs
• Current Microsoft security updates
• Fix issue with password improperly generated while waiting for network
availability

1.0

All AMIs
• Initial release

Image Changes
The following changes are applied to each Amazon-provided image.
• Allow Internet Control Message Protocol (ICMP) traffic through firewall
• Set performance options for best performance
• Set power setting to high performance
• Disable screensaver password
• Disable hibernation
• Disable clearing page file at shutdown
• Add links to desktop EC2 Windows Guide (http://docs.aws.amazon.com/AWSEC2/
latest/WindowsGuide/concepts.html) and EC2 Feedback (https://aws.qualtrics.com/se/?
sid=sv_e5mofjhv18gtayw)
• Set timezone to UTC
• Configure page file (512 MB to 8 GB)
• Install PowerShell tools (http://aws.amazon.com/powershell)
• Install the latest version of the EC2Config service
• Disable Windows network location profile selection prompt
• Install Cloud Formation tools (http://aws.amazon.com/developertools/awscloudformation/4026240853893296)
• Disable IPv6 in network adapters
• Disable NetBIOS in network adapters
• Install PowerShell 3.0 for images earlier than Windows Server 2012
• Enable remote PowerShell
• Enable file and printer sharing
• Open port 1433 for images that include SQL Server
• Enable notification of Windows updates
• Sync time daily via NTP
• Disable Windows Internet Explorer RunOnce
• Apply the following hotfixes for Windows Server 2008 or Server 2008 R2 images:
• GARP (http://support.microsoft.com/kb/2582281)
• Microsoft DST (http://support.microsoft.com/kb/2800213)
• Microsoft RTIU clock sync (http://support.microsoft.com/kb/2922223)
• ELB (http://support.microsoft.com/kb/2634328)
• TCP scaling (http://support.microsoft.com/kb/2780879)
105

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Create a Standard Amazon
Machine Image Using Sysprep
• SMB2 (http://support.microsoft.com/kb/2394911)

• Attach instance storage volumes to extended mount points (25)
• Install latest Windows updates

Create a Standard Amazon Machine Image
Using Sysprep
The Microsoft System Preparation (Sysprep) tool simplifies the process of duplicating a customized
installation of Windows. We recommend that you use Sysprep to create a standardized Amazon
Machine Image (AMI). You can then create new Amazon EC2 instances for Windows from this
standardized image and deploy these across your organization.
We also recommend that you run Sysprep with the EC2Config service, which automates and secures
the image-preparation process on your AMI by using an answer file. The file is located in the following
directory, by default: C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml
Important: Do not use Sysprep to create an instance backup. Sysprep removes system-specific
information; removing this information might have unintended consequences for an instance backup.
Contents
• Before You Begin (p. 106)
• Using Sysprep with the EC2Config Service (p. 106)
• Run Sysprep with the EC2Config Service (p. 109)
• Troubleshooting Sysprep with EC2Config (p. 110)

Before You Begin
• Learn more about Sysprep on Microsoft TechNet.
• Learn which server roles are supported for Sysprep.

Using Sysprep with the EC2Config Service
Learn the details of the different Sysprep execution phases and the tasks performed by the EC2Config
service as the image is prepared.

Sysprep Phases
Sysprep runs through the following phases:
1. Generalize: The tool removes image-specific information and configurations. For example, Sysprep
removes the security identifier (SID), the computer name, the event logs, and specific drivers, to
name a few. After this phase is completed, the operating system (OS) is ready to create an AMI.

Note
When you run Sysprep with the EC2Config service, the system prevents drivers from being
removed because the PersistAllDeviceInstalls setting is set to true by default.
2. Specialize: Plug and Play scans the computer and installs drivers for any detected devices. The
tool generates OS requirements like the computer name and SID. Optionally, you can execute
commands in this phase.

106

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Using Sysprep with the EC2Config Service

3. Out-of-Box Experience (OOBE): The system runs an abbreviated version of Windows Setup and
asks the user to enter information such as a system language, the time zone, and a registered
organization. When you run Sysprep with EC2Config, the answer file automates this phase.

Sysprep Actions
Sysprep and the EC2Config service perform the following actions when preparing an image.
1. When you choose Shutdown with Sysprep in the EC2 Service Properties dialog box, the system
runs the ec2config.exe –sysprep command.
2. The EC2Config service reads the content of the BundleConfig.xml file. This file is located in the
following directory, by default: C:\Program Files\Amazon\Ec2ConfigService\Settings.
The BundleConfig.xml file includes the following settings. You can change these settings:
• AutoSysprep: Indicates whether to use Sysprep automatically. You do not need to change this
value if you are running Sysprep from the EC2 Service Properties dialog box. The default value is
No.
• SetRDPCertificate: Sets a self-signed certificate for the Remote Desktop server running on
Windows Server 2003. This enables you to securely use the Remote Desktop Protocol (RDP) to
connect to the instance. Change the value to Yes if new instances should use a certificate. This
setting is not used with Windows Server 2008 or Windows Server 2012 instances because these
operating systems can generate their own certificates. The default value is No.
• SetPasswordAfterSysprep: Sets a random password on a newly launched instance, encrypts it
with the user launch key, and outputs the encrypted password to the console. Change the value to
No if new instances should not be set to a random encrypted password. The default value is Yes.
• PreSysprepRunCmd: The location of the command to run. The command is located in
the following directory, by default: C:\Program Files\Amazon\Ec2ConfigService\Scripts
\BeforeSysprep.cmd
3. The system executes the BeforeSysprep.cmd. This command creates the following registry key:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v
fDenyTSConnections /t REG_DWORD /d 1 /f”
The registry key disables RDP connections until they are re-enabled. Disabling RDP connections is
a necessary security measure because, during the first boot session after Sysprep has run, there is
a short period of time where RDP allows connections and the Administrator password is blank.
4. The EC2Config service calls sysprep.exe by executing the following command:
sysprep.exe /unattend: "C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml" /
oobe /generalize /shutdown

Generalize Phase
1. The tool removes image-specific information and configurations such as the computer name and the
SID. If the instance is a member of a domain, it is removed from the domain. The sysprep2008.xml
answer file includes the following settings which affect this phase:
• PersistAllDeviceInstalls: This setting prevents Windows Setup from removing and reconfiguring
devices, which speeds up the image preparation process because Amazon AMIs require certain
drivers to run and re-detection of those drivers would take time.
• DoNotCleanUpNonPresentDevices: This setting retains Plug and Play information for devices
that are not currently present.
2. Sysprep.exe shuts down the OS as it prepares to create the AMI. They system either launches a
new instance or starts the original instance.
107

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Using Sysprep with the EC2Config Service

Specialize Phase
The system generates OS specific requirements such as a computer name and a SID. The system
also performs the following actions based on configurations that you specify in the sysprep2008.xml
answer file.
• CopyProfile: Sysprep can be configured to delete all user profiles, including the builtin Administrator profile. This setting retains the built-in Administrator account so that any
customizations you made to that account are carried over to the new image. The default value is
True.
If you don’t have specific user-profile customizations that you want to carry over to the new image
then change this setting to False. Sysprep will remove all user profiles; this saves time and disk
space.
• TimeZone: The time zone is set to Coordinate Universal Time (UTC) by default.
• Synchronous command with order 1: The system executes the following command that enables
the administrator account and specifies the password requirement.
net user Administrator /ACTIVE:YES /LOGONPASSWORDCHG:NO /EXPIRES:NEVER /
PASSWORDREQ:YES
• Synchronous command with order 2: The system scrambles the administrator password. This
security measure is designed to prevent the instance from being accessible after Sysprep completes
if you did not enable the ec2setpassword setting.
C:\Program Files\Amazon\Ec2ConfigService\ScramblePassword.exe" -u Administrator
• Synchronous command with order 3: The system executes the following command:
C:\Program Files\Amazon\Ec2ConfigService\Scripts\SysprepSpecializePhase.cmd
This command adds the following registry key, which re-enables RDP:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v
fDenyTSConnections /t REG_DWORD /d 0 /f

OOBE Phase
1. Using the EC2Config service answer file, the system specifies the following configurations:
• en-US
• en-US
• en-US
• en-US
• true
• true
• Other
• 3
• false
• UTC
• Amazon.com
• Amazon

Note
During the generalize and specialize phases the EC2Config service monitors the status of
of the OS. If EC2Config detects that the OS is in a Sysprep phase, then it publishes the
following message the system log: 108

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Run Sysprep with the EC2Config Service
“EC2ConfigMonitorState: 0 Windows is being configured.
SysprepState=IMAGE_STATE_UNDEPLOYABLE”

2. After the OOBE phase completes, the system executes the SetupComplete.cmd from the following
location: C:\Windows\Setup\Scripts\SetupComplete.cmd. In Amazon public AMIs before April 2015
this file was empty and executed nothing on the image. In public AMIs dated after April 2015, the
file includes the following value: call "C:\Program Files\Amazon\Ec2ConfigService\Scripts
\PostSysprep.cmd".
3. The system executes the PostSysprep.cmd, which performs the following operations:
• Sets the local Administrator password to not expire. If the password expired, Administrators might
not be able to log on.
• Sets the MSSQLServer machine name (if installed) so that the name will be in sync with the AMI.

Post Sysprep
After Sysprep completes, the EC2Config services sends the following message to the console output:
“Windows sysprep configuration complete. Message: Sysprep Start Message:
Sysprep End”
EC2Config then performs the following actions:
1. Reads the content of the config.xml file and lists all enabled plug-ins.
2. Executes all “Before Windows is ready” plug-ins at the same time.
• Ec2SetPassword
• Ec2SetComputerName
• Ec2InitializeDrives
• Ec2EventLog
• Ec2ConfigureRDP
• Ec2OutputRDPCert
• Ec2SetDriveLetter
• Ec2WindowsActivate
• Ec2DynamicBootVolumeSize
3. After it is finished, sends a “Windows is ready” message to the instance system logs.
4. Runs all “After Windows is ready” plug-ins at the same time.
• AWS CloudWatch logs
• UserData
• Simple Systems Manager (SSM)
For more information about Windows plug-ins, see Configuring a Windows Instance Using the
EC2Config Service.

Run Sysprep with the EC2Config Service
Use the following procedure to create a standardized AMI using Sysprep and the EC2Config service.
1. In the Amazon EC2 console locate or create an AMI that you want to duplicate.
2. Launch and connect to your Windows instance.
3. Customize it.
4. Specify configuration settings in the EC2Config service answer file:
C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml
109

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Troubleshooting Sysprep with EC2Config

5. From the Windows Start menu, choose All Programs, and then choose EC2ConfigService
Settings.
6. Choose the Image tab in the Ec2 Service Properties dialog box. For more information about the
options and settings in the Ec2 Service Properties dialog box, see Ec2 Service Properties.
7. Select an option for the Administrator password, and then click Shutdown with Sysprep or
Shutdown without Sysprep. EC2Config edits the settings files based on the password option that
you selected.
• Random: EC2Config generates a password, encrypts it with user's key, and displays the
encrypted password to the console. We disable this setting after the first launch so that this
password persists if the instance is rebooted or stopped and started.
• Specify: The password is stored in the Sysprep answer file in unencrypted form (clear text).
When Sysprep runs next, it sets the Administrator password. If you shut down now, the password
is set immediately. When the service starts again, the Administrator password is removed. It's
important to remember this password, as you can't retrieve it later.
• Keep Existing: The existing password for the Administrator account doesn't change when
Sysprep is run or EC2Config is restarted. It's important to remember this password, as you can't
retrieve it later.
8. Choose OK.
When you are asked to confirm that you want to run Sysprep and shut down the instance, click Yes.
You'll notice that EC2Config runs Sysprep. Next, you are logged off the instance, and the instance is
shut down. If you check the Instances page in the Amazon EC2 console, the instance state changes
from running to stopping, and then finally to stopped. At this point, it's safe to create an AMI from
this instance.
You can manually invoke the Sysprep tool from the command line using the following command:
C:\> %ProgramFiles%\Amazon\Ec2ConfigService\ec2config.exe -sysprep

However, you must be very careful that the XML file options specified in the Ec2ConfigService
\Settings folder are correct; otherwise, you might not be able to connect to the instance. For more
information about the settings files, see EC2Config Settings Files (p. 270). For an example of
configuring and then running Sysprep from the command line, see Ec2ConfigService\Scripts
\InstallUpdates.ps1.

Troubleshooting Sysprep with EC2Config
If you experience problems or receive error messages during image preparations, review the following
logs:
• %WINDIR%\Panther\Unattendgc
• %WINDIR%\System32\Sysprep\Panther
• "C:\Program Files\Amazon\Ec2ConfigService\Logs\Ec2ConfigLog.txt"
If you receive an error message during image preparation with Sysprep, the OS might not be
reachable. To review the log files, you must stop the instance, attach its root volume to another healthy
instance as a secondary volume, and then review the logs mentioned earlier on the secondary volume.
If you locate errors in the Unattendgc log file, use the Microsoft Error Lookup Tool to get more details
about the error. The following issue reported in the Unattendgc log file is typically the result of one or
more corrupted user profiles on the instance:
Error [Shell Unattend] _FindLatestProfile failed (0x80070003)
[gle=0x00000003] Error [Shell Unattend] CopyProfile failed (0x80070003)
[gle=0x00000003]

110

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Troubleshooting Sysprep with EC2Config

There are two options for resolving this issue:
Option 1: Use Regedit on the instance to search for the following key. Verify that there are no profile
registry keys for a deleted user:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Option 2: Edit the EC2Config answer file (C:\Program Files\Amazon\Ec2ConfigService
\sysprep2008.xml) and change true to false.
Run Sysprep again. Note that this configuration change will delete the built-in administrator user profile
after Sysprep completes.

111

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Instance Types

Amazon EC2 Instances
If you're new to Amazon EC2, see the following topics to get started:
• What Is Amazon EC2? (p. 1)
• Setting Up with Amazon EC2 (p. 13)
• Getting Started with Amazon EC2 Windows Instances (p. 19)
• Instance Lifecycle (p. 226)
Before you launch a production environment, you need to answer the following questions.
Q. What instance type best meets my needs?
Amazon EC2 provides different instance types to enable you to choose the CPU, memory,
storage, and networking capacity that you need to run your applications. For more information, see
Instance Types (p. 112).
Q. What purchasing option best meets my needs?
Amazon EC2 supports On-Demand instances (the default), Spot instances, and Reserved
Instances. For more information, see Instance Purchasing Options (p. 144).
Q. Which type of root volume meets my needs?
Each instance is backed by Amazon EBS or backed by instance store. Select an AMI based
on which type of root volume you need. For more information, see Storage for the Root
Device (p. 63).
Q. Would I benefit from using a virtual private cloud?
If you can launch instances in either EC2-Classic or EC2-VPC, you'll need to decide which
platform meets your needs. For more information, see Supported Platforms (p. 560) and Amazon
EC2 and Amazon Virtual Private Cloud (p. 554).

Instance Types
When you launch an instance, the instance type that you specify determines the hardware of the host
computer used for your instance. Each instance type offers different compute, memory, and storage
capabilities and are grouped in instance families based on these capabilities. Select an instance type
based on the requirements of the application or software that you plan to run on your instance.
Amazon EC2 provides each instance with a consistent and predictable amount of CPU capacity,
regardless of its underlying hardware.

112

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Available Instance Types

Amazon EC2 dedicates some resources of the host computer, such as CPU, memory, and instance
storage, to a particular instance. Amazon EC2 shares other resources of the host computer, such as
the network and the disk subsystem, among instances. If each instance on a host computer tries to use
as much of one of these shared resources as possible, each receives an equal share of that resource.
However, when a resource is under-utilized, an instance can consume a higher share of that resource
while it's available.
Each instance type provides higher or lower minimum performance from a shared resource. For
example, instance types with high I/O performance have a larger allocation of shared resources.
Allocating a larger share of shared resources also reduces the variance of I/O performance. For most
applications, moderate I/O performance is more than enough. However, for applications that require
greater or more consistent I/O performance, consider an instance type with higher I/O performance.

Contents
• Available Instance Types (p. 113)
• Hardware Specifications (p. 114)
• Networking and Storage Features (p. 114)
• Instance Limits (p. 115)

Available Instance Types
Amazon EC2 provides the instance types listed in the following tables.

Current Generation Instances
For the best performance, we recommend that you use the current generation instance types when you
launch new instances. For more information about the current generation instance types, see Amazon
EC2 Instances.
Instance Family

Current Generation Instance Types

General purpose

Compute optimized

Memory optimized

Storage optimized

GPU instances

g2.2xlarge | g2.8xlarge

Previous Generation Instances
Amazon Web Services offers previous generation instances for users who have optimized their
applications around these instances and have yet to upgrade. We encourage you to use the latest
generation of instances to get the best performance, but we will continue to support these previous
generation instances. If you are currently using a previous generation instance, you can see which

113

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Hardware Specifications

current generation instance would be a suitable upgrade. For more information, see Previous
Generation Instances.
Instance Family

Previous Generation Instance Types

General purpose

m1.small | m1.medium | m1.large | m1.xlarge

Compute optimized

c1.medium | c1.xlarge | cc2.8xlarge

Memory optimized

m2.xlarge | m2.2xlarge | m2.4xlarge | cr1.8xlarge

Storage optimized

hi1.4xlarge | hs1.8xlarge

GPU instances

cg1.4xlarge

Micro instances

t1.micro

Hardware Specifications
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.
To determine which instance type best meets your needs, we recommend that you launch an instance
and use your own benchmark application. Because you pay by the instance hour, it's convenient and
inexpensive to test multiple instance types before making a decision.
Even after you make a decision, if your needs change, you can resize your instance later on. For more
information, see Resizing Your Instance (p. 140).

Networking and Storage Features
When you select an instance type, this determines which of the following networking and storage
features are available:
• Some instance types are not available in EC2-Classic, so you must launch them in a VPC. By
launching an instance in a VPC, you can leverage features that are not available in EC2-Classic,
such as enhanced networking, assigning multiple private IP addresses to the instance, and changing
the security groups assigned to your instance. For more information, see Instance Types Available
Only in a VPC (p. 559).
• Some instance types support EBS volumes and instance store volumes, while other instance
types support only EBS volumes. Some instances that support instance store volumes use
solid state drives (SSD) to deliver very high random I/O performance. For more information, see
Storage (p. 625).
• To obtain additional, dedicated capacity for Amazon EBS I/O, you can launch some instance
types as EBS–optimized instances. Some instance types are EBS–optimized by default. For more
information, see Amazon EBS–Optimized Instances (p. 676).
• To maximize the networking and bandwidth performance of your instance type, you can do the
following:
• Launch supported instance types into a placement group to optimize your instances for high
performance computing (HPC) applications. Instances in a common placement group can benefit
from high-bandwidth (10 Gbps), low-latency networking. For more information, see Placement
Groups (p. 611). Instance types that support 10 Gbps network speeds can only take advantage
of those network speeds when launched in a placement group.
• Enable enhanced networking for supported current generation instance types to get significantly
higher packet per second (PPS) performance, lower network jitter, and lower latencies. For more
information, see Enhanced Networking on Windows (p. 618).

114

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Instance Limits

• The maximum supported MTU varies across instance types. All Amazon EC2 instance types support
standard Ethernet V2 1500 MTU frames. All current generation instances support 9001 MTU, or
jumbo frames, and some previous generation instances support them as well. For more information,
see Network Maximum Transmission Unit (MTU) for Your EC2 Instance (p. 614).
The following table summarizes the networking and storage features supported by the current
generation instance types.
VPC only

EBS only

C3
C4

Yes

SSD
volumes

Placement
group

Yes

HVM only

Enhanced
networking
Intel 82599
VF

Yes

Intel 82599
VF

Yes

Intel 82599
VF

Yes

Intel 82599
VF

Yes
Yes

Yes

Intel 82599
VF

Yes

Intel 82599
VF

Yes

Yes
Yes

Yes

ENA

Instance Limits
There is a limit on the total number of instances that you can launch in a region, and there are
additional limits on some instance types.
For more information about the default limits, see How many instances can I run in Amazon EC2?
For more information about viewing your current limits or requesting an increase in your current limits,
see Amazon EC2 Service Limits (p. 742).

T2 Instances
T2 instances are designed to provide moderate baseline performance and the capability to burst to
significantly higher performance as required by your workload. They are intended for workloads that
don't use the full CPU often or consistently, but occasionally need to burst. T2 instances are well suited
for general purpose workloads, such as web servers, developer environments, and small databases.
For more information about T2 instance pricing and additional hardware details, see Amazon EC2
Instances.
If your account is less than 12 months old, you can use a t2.micro instance for free within certain
usage limits. For more information, see AWS Free Tier.

115

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T2 Instances

Contents
• Hardware Specifications (p. 116)
• T2 Instance Requirements (p. 116)
• CPU Credits (p. 116)
• Monitoring Your CPU Credits (p. 118)

Hardware Specifications
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

T2 Instance Requirements
The following are the requirements for T2 instances:
• You must launch your T2 instances into a virtual private cloud (VPC); they are not supported on the
EC2-Classic platform. Amazon VPC enables you to launch AWS resources into a virtual network
that you've defined. You cannot change the instance type of an existing instance in EC2-Classic
to a T2 instance type. For more information about EC2-Classic and EC2-VPC, see Supported
Platforms (p. 560) For more information about launching a VPC-only instance, see Instance Types
Available Only in a VPC (p. 559).
• T2 instances are available as On-Demand instances and Reserved Instances, but they are not
available as Spot instances, Scheduled Instances, or Dedicated instances. They are also not
supported on a Dedicated Host. For more information about these options, see Instance Purchasing
Options (p. 144).
• There is a limit on the total number of instances that you can launch in a region, and there
are additional limits on some instance types. By default, you can run up to 20 T2 instances
simultaneously. If you need more T2 instances, you can request them using the Amazon EC2
Instance Request Form.
• Ensure that the T2 instance size you choose passes the minimum memory requirements of your
operating system and applications. Operating systems with graphical user interfaces that consume
significant memory and CPU resources (for example, Windows) may require a t2.micro, or larger,
instance size for many use cases. As the memory and CPU requirements of your workload grows
over time, you can scale to larger T2 instance sizes, or other EC2 instance types.

CPU Credits
A CPU Credit provides the performance of a full CPU core for one minute. Traditional Amazon
EC2 instance types provide fixed performance, while T2 instances provide a baseline level of CPU
performance with the ability to burst above that baseline level. The baseline performance and ability to
burst are governed by CPU credits.
What is a CPU credit?
One CPU credit is equal to one vCPU running at 100% utilization for one minute. Other combinations
of vCPUs, utilization, and time are also equal to one CPU credit; for example, one vCPU running at
50% utilization for two minutes or two vCPUs running at 25% utilization for two minutes.
How are CPU credits earned?
Each T2 instance starts with a healthy initial CPU credit balance and then continuously (at a
millisecond-level resolution) receives a set rate of CPU credits per hour, depending on instance size.
The accounting process for whether credits are accumulated or spent also happens at a millisecondlevel resolution, so you don't have to worry about overspending CPU credits; a short burst of CPU
takes a small fraction of a CPU credit.

116

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T2 Instances

When a T2 instance uses fewer CPU resources than its base performance level allows (such as when
it is idle), the unused CPU credits (or the difference between what was earned and what was spent)
are stored in the credit balance for up to 24 hours, building CPU credits for bursting. When your T2
instance requires more CPU resources than its base performance level allows, it uses credits from the
CPU credit balance to burst up to 100% utilization. The more credits your T2 instance has for CPU
resources, the more time it can burst beyond its base performance level when more performance is
needed.
The following table lists the initial CPU credit allocation received at launch, the rate at which CPU
credits are received, the baseline performance level as a percentage of a full core performance, and
the maximum earned CPU credit balance that an instance can accrue.
Instance type

Initial
CPU credits earned per hour
CPU
credit*

Base
performance
(CPU utilization)

Maximum earned
CPU credit
balance***

t2.nano

30 3

t2.micro

30 6

10%

144

t2.small

30 12

20%

288

t2.medium

60 24

40%**

576

t2.large

60 36

60%**

864

* There are limits to how many T2 instances will launch or start with the initial CPU credit, which
by default is set to 100 launches or starts of any T2 instance per account, per 24-hour period, per
region. If you'd like to increase this limit, you can file a customer support limit increase request by
using the Amazon EC2 Credit Based Instances Launch Credits Form. If your account does not
launch or start more than 100 T2 instances in 24 hours, this limit will not affect you.
** t2.medium and t2.large instances have two vCPUs. The base performance is an aggregate
of the two vCPUs. For example, if you use 100% of a single vCPU and a small amount of the other,
your CloudWatch metrics will show over 50% utilization.
*** This maximum does not include the initial CPU credits, which are used first and do not expire. For
example, a t2.micro instance that was launched and then remained idle for over 24 hours could
reach a credit balance of up to 174 (30 initial CPU credits + 144 earned credits). However, once the
instance uses the initial 30 CPU credits, the credit balance can never exceed 144 unless a new initial
CPU credit balance is issued by stopping and starting the instance again.

The initial credit balance is designed to provide a good startup experience. The maximum earned credit
balance for an instance is equal to the number of CPU credits received per hour times 24 hours. For
example, a t2.micro instance earns 6 CPU credits per hour and can accumulate a maximum earned
CPU credit balance of 144 CPU credits.
Do CPU credits expire?
Initial CPU credits do not expire, but they are used first when an instance uses CPU credits. Unused
earned credits from a given 5 minute interval expire 24 hours after they are earned, and any expired
credits are removed from the CPU credit balance at that time, before any newly earned credits are
added. Additionally, the CPU credit balance for an instance does not persist between instance stops
and starts; stopping an instance causes it to lose its credit balance entirely, but when it restarts it will
receive its initial credit balance again.
For example, if a t2.small instance had a CPU utilization of 5% for the hour, it would have used
3 CPU credits (5% of 60 minutes), but it would have earned 12 CPU credits during the hour, so the
difference of 9 CPU credits would be added to the CPU credit balance. Any CPU credits in the balance

117

Amazon Elastic Compute Cloud
User Guide for Windows Instances
C4 Instances

that reached their 24 hour expiration date during that time (which could be as many as 12 credits if the
instance was completely idle 24 hours ago) would also be removed from the balance. If the amount of
credits expired is greater than those earned, the credit balance will go down; conversely, if the amount
of credits expired is fewer than those earned, the credit balance will go up.
What happens if I use all of my credits?
If your instance uses all of its CPU credit balance, performance remains at the baseline performance
level. If your instance is running low on credits, your instance’s CPU credit consumption (and therefore
CPU performance) is gradually lowered to the base performance level over a 15-minute interval, so
you will not experience a sharp performance drop-off when your CPU credits are depleted. If your
instance consistently uses all of its CPU credit balance, we recommend a larger T2 size or a fixed
performance instance type such as M3 or C3.

Monitoring Your CPU Credits
You can see the credit balance for each T2 instance presented in the Amazon EC2 per-instance
metrics of the CloudWatch console. T2 instances have two metrics, CPUCreditUsage and
CPUCreditBalance. The CPUCreditUsage metric indicates the number of CPU credits used during
the measurement period. The CPUCreditBalance metric indicates the number of unused CPU credits
a T2 instance has earned. This balance is depleted during burst time as CPU credits are spent more
quickly than they are earned.
The following table describes the new available CloudWatch metrics. For more information about using
these metrics in CloudWatch, see List the Available CloudWatch Metrics for Your Instances (p. 444).
Metric

Description

CPUCreditUsage

(Only valid for T2 instances) The number of CPU credits
consumed during the specified period.
This metric identifies the amount of time during which physical
CPUs were used for processing instructions by virtual CPUs
allocated to the instance.

Note
CPU Credit metrics are available at a 5 minute frequency.
Units: Count
CPUCreditBalance

(Only valid for T2 instances) The number of CPU credits that an
instance has accumulated.
This metric is used to determine how long an instance can burst
beyond its baseline performance level at a given rate.

Note
CPU Credit metrics are available at a 5 minute frequency.
Units: Count

C4 Instances
C4 instances are ideal for compute-bound applications that benefit from high performance processors.
C4 instances are well suited for the following applications:
• Batch processing workloads
• Media transcoding

118

Amazon Elastic Compute Cloud
User Guide for Windows Instances
C4 Instances

• High-traffic web servers, massively multiplayer online (MMO) gaming servers, and ad serving
engines
• High performance computing (HPC) and other compute-intensive applications
Contents
• Hardware Specifications (p. 119)
• C4 Instance Features (p. 120)
• C4 Instance Requirements (p. 120)

Hardware Specifications
C4 instances are based on custom 2.9 GHz Intel Xeon E5-2666 v3 (Haswell) processors, optimized
specifically for Amazon EC2. With Intel Turbo Boost Technology, the processor clock speed in C4
instances can reach as high as 3.5Ghz with 1 or 2 core Turbo Boost on c4.8xlarge instances.
The following table highlights the feature set of the Intel Xeon E5-2666 v3 processor. For more
information, see Intel and Amazon Web Services.
Feature

Specification

Processor Number

E5-2666 v3

Intel Smart Cache

25 MiB

Instruction Set

64-bit

Instruction Set Extensions

AVX 2.0

Lithography

22 nm

Processor Base Frequency

2.9 GHz

Max All Core Turbo Frequency

3.2 GHz

Max Turbo Frequency

3.5 GHz (available on c4.8xlarge)

Intel Turbo Boost Technology

2.0

Intel vPro Technology

Yes

Intel Hyper-Threading Technology

Yes

Intel 64

Yes

Idle States

Yes

Enhanced Intel SpeedStep Technology

Yes

Thermal Monitoring Technologies

Yes

AES New Instructions

Yes

Secure Key

Yes

Execute Disable Bit

Yes

For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

119

Amazon Elastic Compute Cloud
User Guide for Windows Instances
GPU Instances

C4 Instance Features
The following is a summary of the features for C4 instances:
• C4 instances are EBS-optimized by default, and deliver dedicated block storage throughput to
Amazon EBS ranging from 500 Mbps to 4,000 Mbps at no additional cost. EBS-optimized instances
enable you to get consistently high performance for your EBS volumes by eliminating contention
between Amazon EBS I/O and other network traffic from your C4 instance. For more information,
see Amazon EBS–Optimized Instances (p. 676).
• You can enable enhanced networking capabilities. Enhanced networking provides significantly
higher packet per second (PPS) performance, lower network jitter, and lower latencies. For more
information, see Enhanced Networking on Windows (p. 618).
• You can cluster C4 instances in a placement group. Placement groups provide low latency and highbandwidth connectivity between the instances within a single Availability Zone. For more information,
see Placement Groups (p. 611).

C4 Instance Requirements
The following are the requirements for C4 instances:
• C4 instances require 64-bit HVM AMIs. They have high-memory (up to 60 GiB of RAM), and
require a 64-bit operating system to take advantage of that capacity. HVM AMIs provide superior
performance in comparison to paravirtual (PV) AMIs on high-memory instance types. In addition, you
must use an HVM AMI to take advantage of enhanced networking.
• You must launch your C4 instances into a virtual private cloud (VPC); they are not supported
on the EC2-Classic platform. Amazon VPC enables you to launch AWS resources into a virtual
network that you've defined. For more information about EC2-Classic and EC2-VPC, see Supported
Platforms (p. 560) For more information about launching a VPC-only instance, see Instance Types
Available Only in a VPC (p. 559).
• There is a limit on the total number of instances that you can launch in a region, and there are
additional limits on some C4 instance types. For more information, see How many instances can I
run in Amazon EC2?
If you need more C4 instances, you can request them using the Amazon EC2 Instance Request
Form.

Windows GPU Instances
If you require high parallel processing capability, you'll benefit from using GPU instances, which
provide access to NVIDIA GPUs with up to 1,536 CUDA cores and 4 GB of video memory. You
can use GPU instances to accelerate many scientific, engineering, and rendering applications
by leveraging the Compute Unified Device Architecture (CUDA) or OpenCL parallel computing
frameworks. You can also use them for graphics applications, including game streaming, 3-D
application streaming, and other graphics workloads.
GPU instances run as HVM-based instances. Hardware virtual machine (HVM) virtualization uses
hardware-assist technology provided by the AWS platform. With HVM virtualization, the guest VM runs
as if it were on a native hardware platform, except that it still uses paravirtual (PV) network and storage
drivers for improved performance. This enables Amazon EC2 to provide dedicated access to one or
more discrete GPUs in each GPU instance.
You can cluster GPU instances into a placement group. Placement groups provide low latency
and high-bandwidth connectivity between the instances within a single Availability Zone. For more
information, see Placement Groups (p. 611).

120

Amazon Elastic Compute Cloud
User Guide for Windows Instances
GPU Instances

Contents
• Hardware Specifications (p. 121)
• GPU Instance Limitations (p. 121)
• AMIs for GPU Instances (p. 121)
• Installing the NVIDIA Driver on Windows (p. 121)
For information about Linux GPU Instances, see Linux GPU Instances in the Amazon EC2 User Guide
for Linux Instances.

Hardware Specifications
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

GPU Instance Limitations
GPU instances have the following limitations:
• You must launch the instance using an HVM AMI.
• They can't access the GPU unless the NVIDIA drivers are installed.
• There is a limit on the number of instances that you can run. For more information, see How many
instances can I run in Amazon EC2? in the Amazon EC2 FAQ. To request an increase in these
limits, use the following form: Request to Increase Amazon EC2 Instance Limit.

AMIs for GPU Instances
To help you get started, NVIDIA provides AMIs for GPU instances. These reference AMIs include the
NVIDIA driver, which enables full functionality and performance of the NVIDIA GPUs. For a list of AMIs
with the NVIDIA driver, see AWS Marketplace (NVIDIA GRID).
You can launch CG1 and G2 instances using any HVM AMI.

Installing the NVIDIA Driver on Windows
To install the NVIDIA driver on your Windows instance, log on to your instance as the administrator
using Remote Desktop. You can download NVIDIA drivers from http://www.nvidia.com/Download/
Find.aspx. Select a driver for the NVIDIA GRID K520 (G2 instances) or Tesla M-Class M2050 (CG1
instances) for your version of Windows Server. Open the folder where you downloaded the driver and
double-click the installation file to launch it. Follow the instructions to install the driver and reboot your
instance as required. To verify that the GPU is working properly, check Device Manager.

Note
If you launch a g2.8xlarge instance (containing 4 GPUs) with a Windows AMI that was
created on a g2.2xlarge instance (containing 1 GPU), Windows does not automatically
install the NVIDIA driver on all 4 GPUs. You must authorize the driver installation for the new
GPU hardware.
You can correct this manually in the Device Manager by opening the Other device category
(the inactive GPUs do not appear under Display Adapters), then for each inactive GPU, rightclick and select Update Driver Software and choose the default Automatic Update option.
When using Remote Desktop, GPUs that use the WDDM driver model are replaced with a nonaccelerated Remote Desktop display driver. To access your GPU hardware, you must use a different
remote access tool, such as VNC. You can also use one of the GPU AMIs from the AWS Marketplace
because they provide remote access tools that support 3-D acceleration.

121

Amazon Elastic Compute Cloud
User Guide for Windows Instances
I2 Instances

I2 Instances
I2 instances are optimized to deliver tens of thousands of low-latency, random I/O operations per
second (IOPS) to applications. They are well suited for the following scenarios:
• NoSQL databases (for example, Cassandra and MongoDB)
• Clustered databases
• Online transaction processing (OLTP) systems
Contents
• Hardware Specifications (p. 122)
• I2 Instance Features (p. 122)
• I2 Instance Requirements (p. 122)
• SSD I/O Performance (p. 123)

Hardware Specifications
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

I2 Instance Features
The following is a summary of the features for I2 instances:
• The primary data storage is SSD-based instance storage. Like all instance storage, these volumes
persist only for the life of the instance. When you stop or terminate an instance, the applications
and data in its instance store are erased. We recommend that you regularly back up or replicate
the data that you've stored in instance storage. For more information, see SSD Instance Store
Volumes (p. 702).
• You can enable enhanced networking capabilities. Enhanced networking provides significantly
higher packet per second (PPS) performance, lower network jitter, and lower latencies. For more
information, see Enhanced Networking on Windows (p. 618).
• You can cluster I2 instances in a placement group. Placement groups provide low latency and highbandwidth connectivity between the instances within a single Availability Zone. For more information,
see Placement Groups (p. 611).
• You can enable EBS–optimization to obtain additional, dedicated capacity for Amazon EBS I/O. For
more information, see Amazon EBS–Optimized Instances (p. 676).

I2 Instance Requirements
The following are the requirements for I2 instances:
• You must launch an I2 instance using an HVM AMI.
• There is a limit on the total number of instances that you can launch in a region, and there are
additional limits on some I2 instance types. For more information, see How many instances can I run
in Amazon EC2?
If you need more I2 instances, you can request them using the Amazon EC2 Instance Request
Form.

122

Amazon Elastic Compute Cloud
User Guide for Windows Instances
D2 Instances

SSD I/O Performance
If you use a Linux AMI with kernel version 3.8 or later and utilize all the SSD-based instance store
volumes available to the instance, you can get at least the minimum random IOPS (4,096 byte block
size) listed in the following table. Otherwise, you'll get lower IOPS performance than what is shown in
the table.
Instance Size

Read IOPS

First Write IOPS

i2.xlarge

35,000

i2.2xlarge

75,000

i2.4xlarge

175,000

155,000

i2.8xlarge

365,000

315,000

As you fill the SSD-based instance storage for your instance, the number of write IOPS that you
can achieve decreases. This is due to the extra work the SSD controller must do to find available
space, rewrite existing data, and erase unused space so that it can be rewritten. This process of
garbage collection results in internal write amplification to the SSD, expressed as the ratio of SSD write
operations to user write operations. This decrease in performance is even larger if the write operations
are not in multiples of 4,096 bytes or not aligned to a 4,096-byte boundary. If you write a smaller
amount of bytes or bytes that are not aligned, the SSD controller must read the surrounding data and
store the result in a new location. This pattern results in significantly increased write amplification,
increased latency, and dramatically reduced I/O performance.
SSD controllers can use several strategies to reduce the impact of write amplification. One such
strategy is to reserve space in the SSD instance storage so that the controller can more efficiently
manage the space available for write operations. This is called over-provisioning. The SSD-based
instance store volumes provided to an I2 instance don't have any space reserved for over-provisioning.
To reduce write amplification, you should leave 10% of the volume unpartitioned so that the SSD
controller can use it for over-provisioning. This decreases the storage that you can use, but increases
performance.
I2 instance store–backed volumes support TRIM. You can use the TRIM command to notify the SSD
controller whenever you no longer need data that you've written. This provides the controller with more
free space, which can reduce write amplification and increase performance. For more information, see
Instance Store Volume TRIM Support (p. 702).

D2 Instances
D2 instances are designed for workloads that require high sequential read and write access to very
large data sets on local storage. D2 instances are well suited for the following applications:
• Massive parallel processing (MPP) data warehouse
• MapReduce and Hadoop distributed computing
• Log or data processing applications
Contents
• Hardware Specifications (p. 124)
• D2 Instance Features (p. 124)
• D2 Instance Requirements (p. 124)

123

Amazon Elastic Compute Cloud
User Guide for Windows Instances
HI1 Instances

Hardware Specifications
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

D2 Instance Features
The following is a summary of the features for D2 instances:
• The primary data storage for D2 instances is HDD-based instance storage. Like all instance storage,
these volumes persist only for the life of the instance. For more information about instance store
volumes, see Amazon EC2 Instance Store (p. 696).
• D2 instances are EBS-optimized by default, and deliver dedicated block storage throughput to
Amazon EBS ranging from 750 Mbps to 4,000 Mbps at no additional cost. EBS-optimized instances
enable you to get consistently high performance for your EBS volumes by eliminating contention
between Amazon EBS I/O and other network traffic from your D2 instance. For more information,
see Amazon EBS–Optimized Instances (p. 676).
• You can enable enhanced networking capabilities. Enhanced networking provides significantly
higher packet per second (PPS) performance, lower network jitter, and lower latencies. For more
information, see Enhanced Networking on Windows (p. 618).
• You can cluster D2 instances in a placement group. Placement groups provide low latency and highbandwidth connectivity between the instances within a single Availability Zone. For more information,
see Placement Groups (p. 611).

D2 Instance Requirements
The following are the requirements for D2 instances:
• D2 instances require 64-bit HVM AMIs. They have high-memory (up to 244 GiB of RAM), and
require a 64-bit operating system to take advantage of that capacity. HVM AMIs provide superior
performance in comparison to paravirtual (PV) AMIs on high-memory instance types. In addition, you
must use an HVM AMI to take advantage of enhanced networking.
• There is a limit on the total number of instances that you can launch in a region, and there are
additional limits on some D2 instance types. For more information, see How many instances can I
run in Amazon EC2?
If you need more D2 instances, you can request them using the Amazon EC2 Instance Request
Form.
• Your d2.8xlarge instances are capable of providing up to 3.5 GB/s read performance and 3.1 GB/
s write performance with a 2 MiB block size.

HI1 Instances
HI1 instances (hi1.4xlarge) can deliver tens of thousands of low-latency, random I/O operations per
second (IOPS) to applications. They are well suited for the following scenarios:
• NoSQL databases (for example, Cassandra and MongoDB)
• Clustered databases
• Online transaction processing (OLTP) systems
You can cluster HI1 instances in a placement group. For more information, see Placement
Groups (p. 611).

124

Amazon Elastic Compute Cloud
User Guide for Windows Instances
HI1 Instances

By default, you can run up to two hi1.4xlarge instances. If you need more than two hi1.4xlarge
instances, contact http://aws.amazon.com/premiumsupport/.
Contents
• Hardware Specifications (p. 125)
• Disk I/O Performance (p. 125)
• SSD Storage (p. 125)

Hardware Specifications
The hi1.4xlarge instance type is based on solid-state drive (SSD) technology.
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

Disk I/O Performance
Using Linux paravirtual (PV) AMIs, HI1 instances can deliver more than 120,000 4 KB random read
IOPS and between 10,000 and 85,000 4 KB random write IOPS (depending on active logical block
addressing span) to applications across two SSD data volumes. Using hardware virtual machine
(HVM) AMIs, performance is approximately 90,000 4 KB random read IOPS and between 9,000 and
75,000 4 KB random write IOPS.
HI1 Windows instances deliver approximately 90,000 4 KB random read IOPS and between 9,000 and
75,000 4 KB random write IOPS.
The maximum sequential throughput is approximately 2 GB read per second and 1.1 GB write per
second.

SSD Storage
With SSD storage on HI1 instances:
• The primary data source is an instance store with SSD storage.
• Read performance is consistent and write performance can vary.
• Write amplification can occur.
• The TRIM command is not currently supported.

Instance Store with SSD Storage
The hi1.4xlarge instances use an Amazon EBS-backed root device. However, their primary data
storage is provided by the SSD volumes in the instance store. Like other instance store volumes,
these instance store volumes persist only for the life of the instance. Because the root device of
the hi1.4xlarge instance is Amazon EBS-backed, you can still start and stop your instance.
When you stop an instance, your application persists, but your production data in the instance store
does not persist. For more information about instance store volumes, see Amazon EC2 Instance
Store (p. 696).

Variable Write Performance
Write performance depends on how your applications utilize logical block addressing (LBA) space.
If your applications use the total LBA space, write performance can degrade by about 90 percent.
Benchmark your applications and monitor the queue length (the number of pending I/O requests for a
volume) and I/O size.

125

Amazon Elastic Compute Cloud
User Guide for Windows Instances
HS1 Instances

Write Amplification
Write amplification refers to an undesirable condition associated with flash memory and SSDs, where
the actual amount of physical information written is a multiple of the logical amount intended to be
written. Because flash memory must be erased before it can be rewritten, the process to perform these
operations results in moving (or rewriting) user data and metadata more than once. This multiplying
effect increases the number of writes required over the life of the SSD, which shortens the time that it
can reliably operate. The hi1.4xlarge instances are designed with a provisioning model intended to
minimize write amplification.
Random writes have a much more severe impact on write amplification than serial writes. If you are
concerned about write amplification, allocate less than the full tebibyte of storage for your application
(also known as over provisioning).

The TRIM Command
The TRIM command enables the operating system to notify an SSD that blocks of previously saved
data are considered no longer in use. TRIM limits the impact of write amplification.
TRIM support is not available for HI1 instances. For information about instances that support TRIM,
see Instance Store Volume TRIM Support (p. 702).

HS1 Instances
HS1 instances (hs1.8xlarge) provide very high storage density and high sequential read and write
performance per instance. They are well suited for the following scenarios:
• Data warehousing
• Hadoop/MapReduce
• Parallel file systems
You can cluster HS1 instances in a placement group. For more information, see Placement
Groups (p. 611).
By default, you can run up to two HS1 instances. If you need more than two HS1 instances, you can
request more using the Amazon EC2 Instance Request Form.
Contents
• Hardware Specifications (p. 126)
• Instance Store (p. 127)
• Disk Initialization (p. 127)

Hardware Specifications
HS1 instances support both Amazon Elastic Block Store (Amazon EBS)-backed and instance storebacked Amazon Machine Images (AMIs). HS1 instances support both paravirtual (PV) and hardware
virtual machine (HVM) AMIs.
HS1 instances provide high bandwidth networking and can also be used with Provisioned IOPS SSD
(io1) volumes for improved consistency and performance.
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

126

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

Instance Store
HS1 instances support both instance store and Amazon EBS root device volumes. However, even
when using an Amazon EBS-backed instance, primary data storage is provided by the hard disk drives
in the instance store. Like other instance store volumes, these instance store volumes persist only for
the life of the instance. For more information about instance store volumes, see Amazon EC2 Instance
Store (p. 696).

Disk Initialization
If you plan to run an HS1 instance in a steady state for long periods of time, we recommend that you
zero the hard disks first for improved performance. This process can take as long as six hours to
complete.

T1 Micro Instances
T1 Micro instances (t1.micro) provide a small amount of consistent CPU resources and allow you
to increase CPU capacity in short bursts when additional cycles are available. They are well suited for
lower throughput applications and websites that require additional compute cycles periodically.

Note
The t1.micro is a previous generation instance and it has been replaced by the t2.micro,
which has a much better performance profile. We recommend using the t2.micro instance
type instead of the t1.micro. For more information, see T2 Instances (p. 115).
The t1.micro instance is available as an Amazon EBS-backed instance only.
This documentation describes how t1.micro instances work so that you can understand how to apply
them. It's not our intent to specify exact behavior, but to give you visibility into the instance's behavior
so you can understand its performance.
Topics
• Hardware Specifications (p. 127)
• Optimal Application of T1 Micro Instances (p. 127)
• Available CPU Resources During Spikes (p. 131)
• When the Instance Uses Its Allotted Resources (p. 131)
• Comparison with the m1.small Instance Type (p. 134)
• AMI Optimization for Micro Instances (p. 137)

Hardware Specifications
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

Optimal Application of T1 Micro Instances
A t1.micro instance provides spiky CPU resources for workloads that have a CPU usage profile
similar to what is shown in the following figure.

127

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The instance is designed to operate with its CPU usage at essentially only two levels: the normal low
background level, and then at brief spiked levels much higher than the background level. We allow
the instance to operate at up to 2 EC2 compute units (ECUs) (one ECU provides the equivalent CPU
capacity of a 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor). The ratio between the maximum
level and the background level is designed to be large. We designed t1.micro instances to support
tens of requests per minute on your application. However, actual performance can vary significantly
depending on the amount of CPU resources required for each request on your application.
Your application might have a different CPU usage profile than that described in the preceding section.
The next figure shows the profile for an application that isn't appropriate for a t1.micro instance. The
application requires continuous data-crunching CPU resources for each request, resulting in plateaus
of CPU usage that the t1.micro instance isn't designed to handle.

128

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The next figure shows another profile that isn't appropriate for a t1.micro instance. Here the spikes in
CPU use are brief, but they occur too frequently to be serviced by a micro instance.

129

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The next figure shows another profile that isn't appropriate for a t1.micro instance. Here the spikes
aren't too frequent, but the background level between spikes is too high to be serviced by a t1.micro
instance.

130

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

In each of the preceding cases of workloads not appropriate for a t1.micro instance, we recommend
that you consider using a different instance type. For more information about instance types, see
Instance Types (p. 112).

Available CPU Resources During Spikes
When your instance bursts to accommodate a spike in demand for compute resources, it uses unused
resources on the host. The amount available depends on how much contention there is when the spike
occurs. The instance is never left with zero CPU resources, whether other instances on the host are
spiking or not.

When the Instance Uses Its Allotted Resources
We expect your application to consume only a certain amount of CPU resources in a period of time. If
the application consumes more than your instance's allotted CPU resources, we temporarily limit the
instance so it operates at a low CPU level. If your instance continues to use all of its allotted resources,
its performance will degrade. We will increase the time that we limit its CPU level, thus increasing the
time before the instance is allowed to burst again.
If you enable CloudWatch monitoring for your t1.micro instance, you can use the "Avg CPU
Utilization" graph in the AWS Management Console to determine whether your instance is regularly
using all its allotted CPU resources. We recommend that you look at the maximum value reached
during each given period. If the maximum value is 100%, we recommend that you use Auto Scaling to
scale out (with additional t1.micro instances and a load balancer), or move to a larger instance type.
For more information, see the Auto Scaling User Guide.

131

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The following figures show the three suboptimal profiles from the preceding section and what it might
look like when the instance consumes its allotted resources and we have to limit its CPU level. If the
instance consumes its allotted resources, we restrict it to the low background level.
The next figure shows the situation with the long plateaus of data-crunching CPU usage. The CPU hits
the maximum allowed level and stays there until the instance's allotted resources are consumed for
the period. At that point, we limit the instance to operate at the low background level, and it operates
there until we allow it to burst above that level again. The instance again stays there until the allotted
resources are consumed and we limit it again (not seen on the graph).

The next figure shows the situation where the requests are too frequent. The instance uses its allotted
resources after only a few requests and so we limit it. After we lift the restriction, the instance maxes
out its CPU usage trying to keep up with the requests, and we limit it again.

132

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The next figure shows the situation where the background level is too high. Notice that the instance
doesn't have to be operating at the maximum CPU level for us to limit it. We limit the instance when it's
operating above the normal background level and has consumed its allotted resources for the given
period. In this case (as in the preceding one), the instance can't keep up with the work, and we limit it
again.

133

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

Comparison with the m1.small Instance Type
The t1.micro instance provides different levels of CPU resources at different times (up to 2 ECUs).
By comparison, the m1.small instance type provides 1 ECU at all times. The following figure
illustrates the difference.

134

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The following figures compare the CPU usage of a t1.micro instance with an m1.small instance for
the various scenarios we've discussed in the preceding sections.
The first figure that follows shows an optimal scenario for a t1.micro instance (the left graph) and
how it might look for an m1.small instance (the right graph). In this case, we don't need to limit the
t1.micro instance. The processing time on the m1.small instance would be longer for each spike in
CPU demand compared to the t1.micro instance.

135

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The next figure shows the scenario with the data-crunching requests that used up the allotted
resources on the t1.micro instance, and how they might look with the m1.small instance.

The next figure shows the frequent requests that used up the allotted resources on the t1.micro
instance, and how they might look on the m1.small instance.

136

Amazon Elastic Compute Cloud
User Guide for Windows Instances
T1 Micro Instances

The next figure shows the situation where the background level used up the allotted resources on the
t1.micro instance, and how it might look on the m1.small instance.

AMI Optimization for Micro Instances
We recommend that you follow these best practices when optimizing an AMI for the t1.micro
instance type:
• Design the AMI to run on 600 MB of RAM
• Limit the number of recurring processes that use CPU time (for example, cron jobs, daemons)
When you perform significant AMI or instance configuration changes (for example, enable server roles
or install large applications), you might see limited instance performance, because these changes can

137

Amazon Elastic Compute Cloud
User Guide for Windows Instances
X1 Instances

be memory intensive and require long-running CPU resources. We recommend that you first use a
larger instance type when performing these changes to the AMI, and then run the AMI on a t1.micro
instance for normal operations.

X1 Instances
X1 instances are designed to deliver fast performance for workloads that process large data sets in
memory. X1 instances are well suited for the following applications:
• In-memory databases such SAP HANA, including SAP-certified support for Business Suite
S/4HANA, Business Suite on HANA (SoH), Business Warehouse on HANA (BW), and Data Mart
Solutions on HANA. For more information, see SAP HANA on the AWS Cloud.
• Big-data processing engines such as Apache Spark or Presto.
• High-performance computing (HPC) applications.

Hardware Specifications
For more information about the hardware specifications for each Amazon EC2 instance type, see
Amazon EC2 Instances.

Memory Performance
X1 instances include Intel Scalable Memory Buffers, providing 300 GiB/s of sustainable memory-read
bandwidth and 140 GiB/s of sustainable memory-write bandwidth.

Compute Performance
X1 instances feature up to 128 vCPUs and are powered by four Intel Xeon E7-8880 v3 processors
that feature high-memory bandwidth and larger L3 caches to boost the performance of in-memory
applications. X1 instances also enable increased cryptographic performance via the latest Intel AESNI feature, support Intel Transactional Synchronization Extensions (TSX) to boost the performance
of in-memory transactional data processing, and support Advanced Vector Extensions 2 (Intel AVX2)
processor instructions to expand most integer commands to 256 bits.
The following table highlights the feature set of the Intel Xeon E7-8880 v3 processor. For more
information, see Intel and Amazon Web Services.
Feature

Specification

Processor number

E7-8880 v3

Last level cache

45 MB

Intel QPI speed

9.6 GT/s

Number of QPI links

Instruction set

64-bit

Instruction set extensions

AVX 2.0

Lithography

22 nm

Processor base frequency

2.3 GHz

Max turbo frequency

3.1 GHz

138

Amazon Elastic Compute Cloud
User Guide for Windows Instances
X1 Instances

Feature

Specification

Intel turbo boost technology

2.0

Intel hyperthreading technology

Yes

Intel TSX-NI

Yes

Intel 64

Yes

Idle states

Yes

Enhanced Intel SpeedStep technology

Yes

Thermal monitoring technologies

Yes

Intel AES new instructions

Yes

X1 Instance Features
The following is a summary of the features for X1 instances:
• X1 instances are EBS-optimized by default, providing dedicated storage bandwidth of up to 10 Gbps
with Amazon EBS volumes. EBS-optimized instances enable consistently high performance by
eliminating contention between storage I/O and other network traffic from your X1 instance. For more
information, see Amazon EBS–Optimized Instances.
• X1 instances support SSD-based instance storage. Like all instance storage, these volumes persist
only for the life of the instance. For more information about instance store volumes, see Amazon
EC2 Instance Store.
• You can cluster X1 instances in a placement group. Placement groups provide low latency and highbandwidth connectivity between the instances within a single Availability Zone. For more information,
see Placement Groups.
• The x1.32xlarge instance type provides the ability to control processor C-states and P-states
on Linux. C-states control the sleep levels that a core can enter when it is inactive, while P-states
control the desired performance (measured by CPU frequency) from a core. For more information,
see Processor State Control for Your EC2 Instance.
• X1 instances are available as On-Demand Instances, Reserved Instances, Spot Instances, or
Scheduled Reserved Instances, but they are not available as Dedicated Instances. They are also
supported on Dedicated Hosts. For more information, see Instance Purchasing Options.
• There is a limit on the total number of instances that you can launch in a region, and there
are additional limits on some instance types. By default, you can run up to two X1 instances
simultaneously. If you need more X1 instances, you can request them using the Amazon EC2
Instance Request Form.

X1 Instance Requirements
The following are the requirements for X1 instances:
• The x1.32xlarge instance type offers 128 vCPUs, which might cause launch issues in some Linux
operating systems that have a vCPU limit lower than 128. For more information, see Support for 128
vCPUs (p. 140).
• The instance store for x1.32xlarge is capable of providing up to 126,000 random-read IOPS
with a 4 KiB block size. To ensure the best disk I/O performance from your X1 instances on Linux,
we recommend that you use the most recent version of the Amazon Linux AMI, or another Linux
AMI with a kernel version of 3.8 or later. X1 instances provide the best disk performance when you

139

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Resizing Instances

use a Linux kernel that supports persistent grants, an extension to the Xen block ring protocol that
significantly improves disk throughput and scalability. For more information about persistent grants,
see the Improving block protocol scalability with persistent grants post on the Xen Project Blog.
• X1 instances have high-memory (up to 1,952 GiB of RAM) and require 64-bit HVM AMIs to take
advantage of that capacity. HVM AMIs provide superior performance in comparison to paravirtual
(PV) AMIs on high-memory instance types. For more information, see Linux AMI Virtualization
Types.
• You must launch your X1 instances into a virtual private cloud (VPC); the EC2-Classic platform is
not supported. EC2-VPC enables you to launch AWS resources into a virtual network that you've
defined. You cannot change the instance type of an existing instance in EC2-Classic to an X1
instance type. For more information about EC2-Classicand EC2-VPC , see Supported Platforms. For
more information about launching a VPC-only instance, see Instance Types Available Only in a VPC.

High Availability and Reliability
X1 instances support Single Device Data Correction (SDDC +1), which detects and corrects multi-bit
errors. SDDC +1 uses error checking and correction code to identify and disable a failed single DRAM
device.
In addition, you can implement high availability (HA) and disaster recovery (DR) solutions to meet
recovery point objective (RPO), recovery time objective (RTO), and cost requirements by leveraging
Amazon CloudFormation and Amazon EC2 Auto Recovery. For more information about implementing
HA and DR solutions, see the Using AWS for Disaster Recovery whitepaper.
If you run an SAP HANA production environment, you also have the option of using HANA System
Replication (HSR) on X1 instances. For more information about architecting HA and DR solutions
on X1 instances, see SAP HANA on the Amazon Web Services Cloud: Quick Start Reference
Deployment.

Support for 128 vCPUs
The x1.32xlarge instance type provides 128 vCPUs, which might cause launch issues in some Linux
operating systems that have a vCPU limit lower than 128. We strongly recommend that you use the
latest AMIs when you launch x1.32xlarge instances.
The following Linux AMIs support launching x1.32xlarge instances with 128 vCPUs:
• Amazon Linux AMI 2016.03 (HVM)
• Ubuntu Server 14.04 LTS (HVM)
• Red Hat Enterprise Linux 7.1 (HVM)
• SUSE Linux Enterprise Server 12 (HVM)

Resizing Your Instance
As your needs change, you might find that your instance is over-utilized (the instance type is too small)
or under-utilized (the instance type is too large). If this is the case, you can change the size of your
instance. For example, if your t2.micro instance is too small for its workload, you can change it to an
m3.medium instance.
If the root device for your instance is an EBS volume, you can change the size of the instance simply
by changing its instance type, which is known as resizing it. If the root device for your instance is an
instance store volume, you must migrate your application to a new instance with the instance type that
you want. For more information about root device volumes, see Storage for the Root Device (p. 63).

140

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Resizing Instances

When you resize an instance, you must select an instance type that is compatible with the
configuration of the instance. If the instance type that you want is not compatible with the instance
configuration you have, then you must migrate your application to a new instance with the instance
type that you want.

Important
When you resize an instance, the resized instance usually has the same number of instance
store volumes that you specified when you launched the original instance. If you want to add
instance store volumes, you must migrate your application to a completely new instance with
the instance type and instance store volumes that you want. An exception to this rule is when
you resize to a storage-intensive instance type that by default contains a higher number of
volumes. For more information about instance store volumes, see Amazon EC2 Instance
Store (p. 696).
Contents
• Compatibility for Resizing Instances (p. 141)
• Resizing an Amazon EBS–backed Instance (p. 141)
• Migrating an Instance Store-backed Instance (p. 142)
• Migrating to a New Instance Configuration (p. 143)

Compatibility for Resizing Instances
You can resize an instance only if its current instance type and the new instance type that you want are
compatible in the following ways:
• Network. Some instance types are not supported in EC2-Classic and must be launched in a VPC.
Therefore, you can't resize an instance in EC2-Classic to a instance type that is available only in a
VPC unless you have a nondefault VPC. For more information, see Instance Types Available Only in
a VPC (p. 559).
• Platform. All Amazon EC2 instance types support 64-bit AMIs, but only the following instance
types support 32-bit AMIs: t2.nano, t2.micro, t2.small, t2.medium, c3.large, t1.micro,
m1.small, m1.medium, and c1.medium. If you are resizing a 32-bit instance, you are limited to
these instance types.
For example, T2 instances are not supported in EC2-Classic and they are HVM only. Therefore, you
can't resize a T1 instance to a T2 instance because T1 instances do not support HVM and must be
launched from PV AMIs. If you want to resize a T2 instance to a larger instance type, you can select
any current generation instance type, such as M3, because all current generation instance types
support HVM AMIs. For more information, see Available Instance Types (p. 113).

Resizing an Amazon EBS–backed Instance
You must stop your Amazon EBS–backed instance before you can change its instance type. When you
stop and start an instance, be aware of the following:
• We move the instance to new hardware; however, the instance ID does not change.
• If your instance is running in a VPC and has a public IP address, we release the address and give it
a new public IP address. The instance retains its private IP addresses and any Elastic IP addresses.
• If your instance is running in EC2-Classic, we give it new public and private IP addresses, and
disassociate any Elastic IP address that's associated with the instance. Therefore, to ensure that
your users can continue to use the applications that you're hosting on your instance uninterrupted,
you must re-associate any Elastic IP address after you restart your instance.
• If your instance is in an Auto Scaling group, the Auto Scaling service marks the stopped instance
as unhealthy, and may terminate it and launch a replacement instance. To prevent this, you can

141

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Resizing Instances

suspend the Auto Scaling processes for the group while you're resizing your instance. For more
information, see Suspend and Resume Auto Scaling Processes in the Auto Scaling User Guide.
For more information, see Stop and Start Your Instance (p. 241).
Use the following procedure to resize an Amazon EBS–backed instance using the AWS Management
Console.

To resize an Amazon EBS–backed instance
1.

Open the Amazon EC2 console.

In the navigation pane, choose Instances, and select the instance.

[EC2-Classic] If the instance has an associated Elastic IP address, write down the Elastic IP
address and the instance ID shown in the details pane.

Choose Actions, select Instance State, and then choose Stop.

With the instance still selected, choose Actions, select Instance Settings, and then choose
Change Instance Type. Note that this action is disabled if the instance state is not stopped.

In the Change Instance Type dialog box, do the following:
a.

From Instance Type, select the instance type that you want. If the instance type that you
want does not appear in the list, then it is not compatible with the configuration of your
instance (for example, because of virtualization type).

(Optional) If the instance type that you selected supports EBS–optimization, select EBSoptimized to enable EBS–optimization or deselect EBS-optimized to disable EBS–
optimization. Note that if the instance type that you selected is EBS–optimized by default,
EBS-optimized is selected and you can't deselect it.

Choose Apply to accept the new settings.

To restart the stopped instance, select the instance, choose Actions, select Instance State, and
then choose Start.

In the confirmation dialog box, choose Yes, Start. It can take a few minutes for the instance to
enter the running state.

10. [EC2-Classic] When the instance state is running, the Public DNS, Private DNS, and Private
IPs fields in the details pane contain the new values that we assigned to the instance. If your
instance had an associated Elastic IP address, you must reassociate it as follows:
a.

In the navigation pane, choose Elastic IPs.

Select the Elastic IP address that you wrote down before you stopped the instance.

Choose Actions and then choose Associate Address.

From Instance, select the instance ID that you wrote down before you stopped the instance,
and then choose Associate.

Migrating an Instance Store-backed Instance
When you want to move your application from one instance store-backed instance to an instance storebacked instance with a different instance type, you must migrate it by creating an image from your
instance, and then launching a new instance from this image with the instance type that you need.
To ensure that your users can continue to use the applications that you're hosting on your instance

142

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Resizing Instances

uninterrupted, you must take any Elastic IP address that you've associated with your original instance
and associate it with the new instance. Then you can terminate the original instance.

To migrate an instance store-backed instance
1.

[EC2-Classic] If the instance you are migrating has an associated Elastic IP address, record the
Elastic IP address now so that you can associate it with the new instance later.

Back up any data on your instance store volumes that you need to keep to persistent storage.
To migrate data on your EBS volumes that you need to keep, take a snapshot of the volumes
(see Creating an Amazon EBS Snapshot (p. 670)) or detach the volume from the instance so
that you can attach it to the new instance later (see Detaching an Amazon EBS Volume from an
Instance (p. 662)).

Create an AMI from your instance store-backed instance by satisfying the prerequisites and
following the procedures in Creating an Instance Store-Backed Windows AMI (p. 79). When you
are finished creating an AMI from your instance, return to this procedure.

Open the Amazon EC2 console and in the navigation pane, select AMIs. From the filter lists,
select Owned by me, and select the image that you created in the previous step. Notice that AMI
Name is the name that you specified when you registered the image and Source is your Amazon
S3 bucket.

Note
If you do not see the AMI that you created in the previous step, make sure that you have
selected the region in which you created your AMI.
5.

Choose Launch. When you specify options for the instance, be sure to select the new instance
type that you want. If the instance type that you want can't be selected, then it is not compatible
with configuration of the AMI that you created (for example, because of virtualization type). You
can also specify any EBS volumes that you detached from the original instance.
Note that it can take a few minutes for the instance to enter the running state.

[EC2-Classic] If the instance that you started with had an associated Elastic IP address, you must
associate it with the new instance as follows:
a.

In the navigation pane, choose Elastic IPs.

Select the Elastic IP address that you recorded at the beginning of this procedure.

Choose Actions and then choose Associate Address.

From Instance, select the new instance, and then choose Associate.

(Optional) You can terminate the instance that you started with, if it's no longer needed. Select
the instance and verify that you are about to terminate the original instance, not the new instance
(for example, check the name or launch time). Choose Actions, select Instance State, and then
choose Terminate.

Migrating to a New Instance Configuration
If the current configuration of your instance is incompatible with the new instance type that you want,
then you can't resize the instance to that instance type. Instead, you can migrate your application to a
new instance with a configuration that is compatible with the new instance type that you want.
If you want to move from an instance launched from a PV AMI to an instance type that is HVM only, the
general process is as follows:
1.

Back up any data on your instance store volumes that you need to keep to persistent storage.
To migrate data on your EBS volumes that you need to keep, create a snapshot of the volumes
(see Creating an Amazon EBS Snapshot (p. 670)) or detach the volume from the instance so
that you can attach it to the new instance later (see Detaching an Amazon EBS Volume from an
Instance (p. 662)).
143

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Instance Purchasing Options

Launch a new instance, selecting the following:
• An HVM AMI.
• The HVM only instance type.
• [EC2-VPC] If you are using an Elastic IP address, select the VPC that the original instance is
currently running in.
• Any EBS volumes that you detached from the original instance and want to attach to the new
instance, or new EBS volumes based on the snapshots that you created.
• If you want to allow the same traffic to reach the new instance, select the security group that is
associated with the original instance.

Install your application and any required software on the instance.

Restore any data that you backed up from the instance store volumes of the original instance.

If you are using an Elastic IP address, assign it to the newly launched instance as follows:

In the navigation pane, choose Elastic IPs.

Select the Elastic IP address that is associated with the original instance, choose Actions,
and then choose Disassociate Address. When prompted for confirmation, choose Yes,
Disassociate.

With the Elastic IP address still selected, choose Actions, and then choose Associate
Address.

From Instance, select the new instance, and then choose Associate.

(Optional) You can terminate the original instance if it's no longer needed. Select the instance and
verify that you are about to terminate the original instance, not the new instance (for example,
check the name or launch time). Choose Actions, select Instance State, and then choose
Terminate.

For information about migrating an application from an instance in EC2-Classic to an instance
in a VPC, see Migrating from a Windows Instance in EC2-Classic to a Windows Instance in a
VPC (p. 571).

Instance Purchasing Options
Amazon EC2 provides the following purchasing options to enable you to optimize your costs based on
your needs:
• On-Demand instances — Pay, by the hour, for the instances that you launch.
• Reserved Instances — Purchase, at a significant discount, instances that are always available, for
a term from one to three years.
• Scheduled Instances — Purchase instances that are always available on the specified recurring
schedule, for a one-year term.
• Spot instances — Bid on unused instances, which can run as long as they are available and your
bid is above the Spot price, at a significant discount.
• Dedicated hosts — Pay for a physical host that is fully dedicated to running your instances, and
bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.
• Dedicated instances — Pay, by the hour, for instances that run on single-tenant hardware. For
more information, see Dedicated Instances in the Amazon VPC User Guide.
If you require a capacity reservation, consider Reserved Instances or Scheduled Instances. Spot
instances are a cost-effective choice if you can be flexible about when your applications run and if
they can be interrupted. Dedicated hosts can help you address compliance requirements and reduce
144

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Determining the Instance Lifecycle

costs by using your existing server-bound software licenses. For more information, see Amazon EC2
Instance Purchasing Options.
Contents
• Determining the Instance Lifecycle (p. 145)
• Reserved Instances (p. 146)
• Scheduled Reserved Instances (p. 167)
• Spot Instances (p. 170)
• Dedicated Hosts (p. 215)

Determining the Instance Lifecycle
The lifecycle of an instance starts when it is launched and ends when it is terminated. The purchasing
option that you choose effects the lifecycle of the instance. For example, an On-Demand instance
runs when you launch it and ends when you terminate it. A Spot instance runs as long as its capacity
is available and your bid price is higher than the Spot price. You can launch a Scheduled Instance
during its scheduled time period; Amazon EC2 launches the instances and then terminates them three
minutes before the time period ends.
Use the following procedure to determine the lifecycle of an instance.

To determine the instance lifecycle using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Instances.

Select the instance.

On the Description tab, find Tenancy. If the value is host, the instance is running on a Dedicated
Host. If the value is dedicated, the instance is a Dedicated Instance.

On the Description tab, find Lifecycle. If the value is spot, the instance is a Spot instance. If the
value is scheduled, the instance is a Scheduled Instance. If the value is normal, the instance is
either an On-Demand instance or a Reserved Instance.

(Optional) If you have purchased a Reserved Instance and want to verify that it is being applied,
you can check the usage reports for Amazon EC2. For more information, see Reserved Instance
Utilization Reports (p. 749).

To determine the instance lifecycle using the AWS CLI
Use the following describe-instances command:
aws ec2 describe-instances --instance-ids i-1234567890abcdef0

If the instance is running on a Dedicated host, the output contains the following information:
"Tenancy": "host"

If the instance is a Dedicated instance, the output contains the following information:
"Tenancy": "dedicated"

If the instance is a Spot instance, the output contains the following information:

145

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances
"InstanceLifecycle": "spot"

If the instance is a Scheduled Instance, the output contains the following information:
"InstanceLifecycle": "scheduled"

Otherwise, the output contains the following information:
"InstanceLifecycle": "normal"

Reserved Instances
Reserved Instances are a billing discount and capacity reservation that is applied to instances to lower
hourly running costs. A Reserved Instance is not a physical instance. The discounted usage price is
fixed for as long as you own the Reserved Instance, allowing you to predict compute costs over the
term of the reservation. If you are expecting consistent, heavy, use, Reserved Instances can provide
substantial savings over owning your own hardware or running only On-Demand instances. For more
information, see Choosing a Reserved Instance Payment Option (p. 149).
When you purchase a Reserved Instance, the reservation is automatically applied to running instances
that match your specified parameters. Alternatively, you can launch an On-Demand EC2 instance with
the same configuration as the purchased reserved capacity. No Upfront and Partial Upfront Reserved
Instances are billed for usage on an hourly basis, regardless of whether or not they are being used. All
Upfront Reserved Instances have no additional hourly charges.
Reserved Instances do not renew automatically; you can continue using the EC2 instance without
interruption, but you will be charged On-Demand rates. New Reserved Instances can have the same
parameters as the expired ones, or you can purchase Reserved Instances with different parameters.
You can use Auto Scaling or other AWS services to launch the On-Demand instances that use your
Reserved Instance benefits. For information about launching On-Demand instances, see Launch Your
Instance. For information about launching instances using Auto Scaling, see the Auto Scaling User
Guide.
For product pricing information, see the following pages:
• AWS Service Pricing Overview
• Amazon EC2 On-Demand Instances Pricing
• Amazon EC2 Reserved Instance Pricing
• For information about the Reserved Instance pricing tiers, see Understanding Reserved Instance
Discount Pricing Tiers (p. 150).

Note
Light, Medium, and Heavy Utilization Reserved Instances are no longer available for
purchase. For more information about how these options are affected by changes to the
Reserved Instances pricing model, see Reserved Instances FAQ.
Topics
•
•
•
•
•

How Reserved Instances Work (p. 147)
Billing Benefits and Payment Options (p. 149)
Buying Reserved Instances (p. 152)
Selling in the Reserved Instance Marketplace (p. 155)
Modifying Your Reserved Instances (p. 161)

146

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

• Troubleshooting Modification Requests (p. 166)

How Reserved Instances Work
Amazon EC2 Reserved Instances and the Reserved Instance Marketplace can be a powerful and
cost-saving strategy for running your business. However, before you use Reserved Instances or the
Reserved Instance Marketplace, ensure that you meet the requirements for purchase and sale. You
also must understand the details and restrictions on certain elements of Reserved Instances and the
Reserved Instance Marketplace—including seller registration, banking, using the AWS free tier, dealing
with cancelled instances, and so on. Use this topic as a checklist for buying and selling Reserved
Instances, and for buying and selling in the Reserved Instance Marketplace.

Note
To purchase and modify Reserved Instances, ensure that your IAM user account has the
appropriate permissions, such as the ability to describe Availability Zones. For information,
see the Example Policies for Working With the AWS CLI or an AWS SDK and Example
Policies for Working in the Amazon EC2 Console.

Getting Started
• AWS account—You need to have an AWS account in order to purchase Reserved Instances. If
you don't have an AWS account, read and complete the instructions described in Setting Up with
Amazon EC2 (p. 13), which provides information on signing up for your Amazon EC2 account and
credentials.
• AWS free tier—The AWS free usage tier is available for new AWS accounts. If you are using the
AWS free usage tier to run Amazon EC2 instances, and then you purchase a Reserved Instance,
you will be charged under standard pricing guidelines. For information about the free tier and the
applicable services and usage amounts, see AWS Free Tier.

Buying Reserved Instances
• Usage fee—With Reserved Instances, you pay for the entire term regardless of whether or not you
use it.
• Tiered discounts on purchases—The Reserved Instance pricing tier discounts only apply to
purchases made from AWS. These discounts do not apply to purchases of third-party Reserved
Instances. For information, see Understanding Reserved Instance Discount Pricing Tiers (p. 150).
• Cancellation of purchase—Before you confirm your purchase, review the details of the Reserved
Instances that you plan to buy, and make sure that all the parameters are accurate. After you
purchase a Reserved Instance (either from a third-party seller in the Reserved Instance Marketplace
or from AWS), you cannot cancel your purchase. However, you may be able to sell the Reserved
Instance if your needs change. For information, see Listing Your Reserved Instances (p. 158).

Selling Reserved Instances and the Reserved Instance Marketplace
• Seller requirement—To become a seller in the Reserved Instance Marketplace, you must register
as a seller. For information, see Listing Your Reserved Instances (p. 158).
• Bank requirement—AWS must have your bank information in order to disburse funds collected
when you sell your Reserved Instance. The bank you specify must have a US address. For more
information, see Bank Accounts (p. 157).
• Tax requirement—Sellers who have 50 or more transactions or who plan to sell $20,000 or more in
Reserved Instances will have to provide additional information about their business for tax reasons.
For information, see Tax Information (p. 157).
• Minimum selling price—The minimum price allowed in the Reserved Instance Marketplace is
$0.00.

147

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

• When Reserved Instances can be sold—Reserved Instances can be sold only after AWS has
received the upfront payment and the Reserved Instance has been active (you've owned it) for at
least 30 days. In addition, there must be at least one month remaining in the term of the Reserved
Instance you are listing.
• Modifying your listing—It is not possible to modify your listing in the Reserved Instance
Marketplace directly. However, you can change your listing by first cancelling it and then
creating another listing with new parameters. For information, see Pricing Your Reserved
Instances (p. 161). You can also change your Reserved Instances before listing them. For
information, see Modifying Your Reserved Instances (p. 161).
• Selling discounted Reserved Instances—Amazon EC2 Reserved Instances purchased at a
reduced cost resulting from a tiering discount cannot be sold in the Reserved Instance Marketplace.
For more information, see Reserved Instance Marketplace (p. 148).
• Service fee—AWS charges a service fee of 12 percent of the total upfront price of each Reserved
Instance you sell in the Reserved Instance Marketplace. (The upfront price is the price the seller is
charging for the Reserved Instance.)
• Other AWS Reserved Instances—Only Amazon EC2 Reserved Instances can be sold in the
Reserved Instance Marketplace. Other AWS Reserved Instances, such as Amazon Relational
Database Service (Amazon RDS) and Amazon ElastiCache Reserved Instances cannot be sold in
the Reserved Instance Marketplace.

Using Reserved Instances in an Amazon VPC
You can launch instances into an Amazon Virtual Private Cloud (Amazon VPC) and benefit from your
Reserved Instances. For more information see What is Amazon VPC? in the Amazon VPC User Guide.
If you have an EC2-Classic account, you can purchase Reserved Instances to apply to instances
launched into a nondefault VPC by selecting a platform that includes Amazon VPC in its name. For
more information, see Detecting Your Supported Platforms and Whether You Have a Default VPC.
If you have an EC2-VPC-only account, the listed platforms available do not include Amazon VPC
in its name because all platforms have default subnets. When you launch an instance with the
same configuration as the capacity you reserved, and that instance is launched into your default or
nondefault VPC, the capacity reservation and billing benefits are automatically applied to your instance.
For information about default VPCs, see Your Default VPC and Subnets in the Amazon VPC User
Guide.
You can also choose to purchase Reserved instances that are physically isolated at the host hardware
level by specifying dedicated as the instance tenancy. For more information about Dedicated
instances, see Dedicated Instances in the Amazon VPC User Guide.

Reserved Instance Marketplace
Note
Only Amazon EC2 Reserved Instances can be sold in the Reserved Instance Marketplace.
Other types, such as Amazon RDS and Amazon ElastiCache Reserved Instances, cannot be
sold on the Reserved Instance Marketplace.
The Reserved Instance Marketplace is a platform that supports the sale of third-party and AWS
customers' unused Reserved Instances, which will vary in term lengths and pricing options. For
example, an AWS customer may want to sell capacity after moving instances to a new AWS region,
changing to a new instance type, or ending projects before the term expiration. The Reserved Instance
Marketplace provides increased selection and flexibility by allowing you to address your specific
business and searching for Reserved Instances that most closely match your preferred combination
of instance type, region, and duration. Amazon EC2 instances purchased on the Reserved Instance
Marketplace offer the same capacity reservations as Reserved Instances purchased directly from
AWS.

148

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

Billing Benefits and Payment Options
The billing benefit of Reserved Instances is automatically applied to matching running instances.
You can also purchase Reserved Instances and then launch On-Demand instances with matching
specifications—the pricing benefit is automatically applied to those instances. The capacity reservation
ensures that you will always be able to launch instances with those specifications. You also can sell
your unused Reserved Instances in the Reserved Instance Marketplace, provided you meet certain
requirements.

Choosing a Reserved Instance Payment Option
There are three payment options for Reserved Instances:
• No Upfront—You are billed a discounted hourly rate for every hour within the term, regardless of
usage, and no upfront payment is required. This option is only available as a 1-year reservation.

Note
No Upfront Reserved Instances are based on a contractual obligation to pay monthly for the
entire term of the reservation. For this reason, a successful billing history is required before
an account is eligible to purchase No Upfront Reserved Instances.
• Partial Upfront—A portion of the cost must be paid upfront and the remaining hours in the term are
billed at a discounted hourly rate, regardless of usage.
• All Upfront—Full payment is made at the start of the term, with no other costs incurred for the
remainder of the term regardless of the number of hours used.
Understanding hourly billing
Reserved Instances are billed for every clock-hour during the term that you select, regardless of
whether an instance is running or not. It's important to understand the difference between instance
states and how these impact billing hours. For more information, see Instance Lifecycle (p. 226).
Reserved Instance billing benefits only apply to one instance-hour per clock-hour. An instance-hour
begins when an instance is started and continues for 60 minutes or until the instance is stopped or
terminated—whichever happens first. A clock-hour is defined as the standard 24-hour clock that runs
from midnight to midnight, and is divided into 24 hours (for example, 1:00:00 to 1:59:59 is one clockhour).
A new instance-hour begins after an instance has run for 60 continuous minutes, or if an instance is
stopped and then started. Rebooting an instance does not reset the running instance-hour.
For example, if an instance is stopped and then started again during a clock-hour and continues
running for two more clock-hours, the first instance-hour (before the restart) is charged at the
discounted Reserved Instance rate. The next instance-hour (after restart) is charged at the OnDemand rate and the next two instance-hours are charged at the discounted Reserved Instance rate.
The Reserved Instance Utilization Reports (p. 749) section includes sample reports which illustrate
the savings against running On-Demand instances. The Reserved Instances FAQ includes a sample
list value calculation.
How to apply a Reserved Instance to a running instance
To cover a running instance with reservation, you can either modify an existing Reserved Instance or
purchase a Reserved Instance by selecting the Availability Zone (such as us-east-1b), instance type
(such as m3.large), platform (such as Amazon Linux VPC), and tenancy (such as default) to match
the configuration of the running instance.
Below is an example scenario where a customer has purchased the following On-Demand instances:
• 4 x m1.small instances in Availability Zone us-east-1a

149

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

• 4 x c1.medium instances in Availability Zone us-east-1b
• 2 x c1.xlarge instances in Availability Zone us-east-1b
The customer then purchases the following reservations:
• 2 x m1.small in Availability Zone us-east-1a
• 3 x c1.medium in Availability Zone us-east-1a
• 1 x c1.xlarge in Availability Zone us-east-1b
The pricing benefit is applied in the following way:
• The discount for the two m1.small reservations is applied to two of the four running m1.small
instances in Availability Zone us-east-1a.
The other two instances in Availability Zone us-east-1a continue to be charged at the current OnDemand rate.
• The three c1.medium reservations don't match the Availability Zone of the running c1.medium
instances. The four running c1.medium instances continue to be charged at the current On-Demand
rate.
If the customer launches a c1.medium instance in Availability Zone us-east-1a, then the discounted
usage fee is applied to that instance.
• The discounted usage fee rate for one c1.xlarge reservation is applied to one of the two running
c1.xlarge instances in Availability Zone us-east-1b.
The other c1.xlarge instance in Availability Zone us-east-1b continues to be charged at the current
On-Demand rate.
In this example the hourly usage discount is immediately applied to the hourly fee for the two
m1.small and one c1.xlarge On-Demand instances that were already running; and the customer is
assured of the capacity to run the remaining four instances when they are needed.

Understanding Reserved Instance Discount Pricing Tiers
When your account qualifies for a discount pricing tier, it automatically receives discounts on upfront
and hourly usage fees for all Reserved Instance purchases that you make within that tier level from
that point on. To qualify for a discount, the list value of your Reserved Instances in the region must be
$500,000 USD or more.
Topics
• Calculating Reserved Instance Pricing Discounts (p. 150)
• Consolidated Billing for Pricing Tiers (p. 151)
• Buying with a Discount Tier (p. 151)
• Current Pricing Tier Limits (p. 152)
• Crossing Pricing Tiers (p. 152)

Calculating Reserved Instance Pricing Discounts
You can determine the pricing tier for your account by calculating the list value for all of your Reserved
Instances in a region. Multiply the hourly recurring price for each reservation by the hours left in each
term and add the undiscounted upfront price (known as the fixed price) listed on the AWS marketing
website at the time of purchase. Because the list value is based on undiscounted (public) pricing, it
is not affected if you qualify for a volume discount or if the price drops after you buy your Reserved
Instances.

150

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances
List value = fixed price + (undiscounted recurring hourly price * hours in
term)

To view the fixed price values for Reserved Instances using the AWS Management Console
1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2. Turn on the display of the Fixed Price column by choosing Show/Hide in the top right corner.
To view the fixed price values for Reserved Instances using the command line
• Using the AWS CLI, see describe-reserved-instances
• Using the AWS Tools for Windows PowerShell, see Get-EC2ReservedInstance
• Using the Amazon EC2 API, see DescribeReservedInstances

Consolidated Billing for Pricing Tiers
A consolidated billing account aggregates the list value of member accounts within a region. When
the list value of all active Reserved Instances for the consolidated billing account reaches a discount
pricing tier, any Reserved Instances purchased after this point by any member of the consolidated
billing account are charged at the discounted rate (as long as the list value for that consolidated
account stays above the discount pricing tier threshold). For more information, see Reserved Instances
and Consolidated Billing (p. 152).

Buying with a Discount Tier
When you buy Reserved Instances, Amazon EC2 automatically applies any discounts to the part of
your purchase that falls within a discount pricing tier. You don't need to do anything differently, and
you can buy using any of the Amazon EC2 tools. For more information, see Buying in the Reserved
Instance Marketplace (p. 155).

Note
Reserved Instance purchases are the only purchases that determine your discount pricing
tiers, and the discounts apply only to Amazon EC2 Reserved Instance purchases.
After the list value of your active Reserved Instances in a region crosses into a discount pricing tier,
any future purchase of Reserved Instances in that region are charged at a discounted rate. If a single
purchase of Reserved Instances in a region takes you over the threshold of a discount tier, then
the portion of the purchase that is above the price threshold is charged at the discounted rate. For
more information about temporary Reserved Instance IDs created during the purchase process, see
Crossing Pricing Tiers (p. 152).
If your list value falls below the price point for that discount pricing tier—for example, if some of your
Reserved Instances expire—future purchases of Reserved Instances in the region are not discounted.
However, you continue to get the discount applied against any Reserved Instances that were originally
purchased within the discount pricing tier.
When you buy Reserved Instances, one of four possible scenarios occurs:
• No discount—Your purchase within a region is still below the discount threshold.
• Partial discount—Your purchase within a region crosses the threshold of the first discount tier. No
discount is applied to one or more reservations and the discounted rate is applied to the remaining
reservations.
• Full discount—Your entire purchase within a region falls within one discount tier and is discounted
appropriately.
• Two discount rates—Your purchase within a region crosses from a lower discount tier to a higher
discount tier. You are charged two different rates: one or more reservation at the lower discounted
rate, and the remaining reservations at the higher discounted rate.

151

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

Current Pricing Tier Limits
The following limitations currently apply to Reserved Instance pricing tiers:
• Reserved Instance pricing tiers and related discounts apply only to purchases of Amazon EC2
Reserved Instances.
• Reserved Instance pricing tiers do not apply to Reserved Instances for Windows with SQL Server
Standard or Windows with SQL Server Web.
• Reserved Instances purchased as part of a tiered discount cannot be sold in the Reserved Instance
Marketplace. For more information, see the Reserved Instance Marketplace (p. 148) page.

Crossing Pricing Tiers
If your purchase crosses into a discounted pricing tier, you see multiple entries for that purchase: one
for that part of the purchase charged at the regular price, and another for that part of the purchase
charged at the applicable discounted rate.
The Reserved Instance service generates several Reserved Instance IDs because your purchase
crossed from an undiscounted tier, or from one discounted tier to another. There is an ID for each set
of reservations in a tier. Consequently, the ID returned by your purchase CLI command or API action
will be different from the actual ID of the new Reserved Instances.

Reserved Instances and Consolidated Billing
The pricing benefits of Reserved Instances are shared when the purchasing account is part of a set
of accounts billed under one consolidated billing payer account. The hourly usage across all subaccounts is aggregated in the payer account every month. This is typically useful for companies in
which there are different functional teams or groups; then, the normal Reserved Instance logic is
applied to calculate the bill. For more information, see Consolidated Billing in AWS Billing and Cost
Management User Guide.
For more information about how the discounts of the Reserved Instance pricing tiers apply to
consolidated billing accounts, see Amazon EC2 Reserved Instances.

Reading Your Statement (Invoice)
You can find out about the charges and fees to your account by viewing the Billing & Cost
Management page in the AWS Management Console. Choose the arrow beside your account name to
access it.
• The Dashboard page displays charges against your account—such as upfront and one-time fees,
and recurring charges. You can get both a summary or detailed list of your charges.
• The upfront charges from your purchase of third-party Reserved Instances in the Reserved Instance
Marketplace are listed in the AWS Marketplace Charges section, with the name of the seller
displayed beside it. All recurring or usage charges for these Reserved Instances are listed in the
AWS Service Charges section.
• The Detail section contains information about the Reserved Instance—such as the Availability Zone,
instance type, cost, and number of instances.
You can view the charges online, and you can also download a PDF rendering of the charge
information.

Buying Reserved Instances
You can search for specific types of Reserved Instances to buy, adjusting your parameters until you
find the exact match you're looking for.

152

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

It's important to note the following for any Reserved Instance purchase:
• Usage fee—With Reserved Instances, you pay for the entire term regardless of actual use.
• Tiered discounts on purchases—Pricing tier discounts apply only to AWS purchases. These
discounts do not apply to purchases of third-party Reserved Instances. For more information, see
Understanding Reserved Instance Discount Pricing Tiers (p. 150).
• Cancellation of purchase—After the purchase is confirmed, it cannot be cancelled. Before you
confirm, review the details of the Reserved Instances that you plan to buy, and make sure that all the
parameters are accurate. However, you may be able to sell the Reserved Instances if your needs
change and you meet the requirements. For more information, see Selling in the Reserved Instance
Marketplace (p. 155).
After you select Reserved Instances to buy, you receive a quote on the total cost of your selections.
When you decide to proceed with the purchase, AWS automatically places a limit price on the
purchase price, so that the total cost of your Reserved Instances does not exceed the amount you
were quoted.
If the price rises or changes for any reason, you are returned to the previous screen and the purchase
is not completed. If, at the time of purchase, there are offerings similar to your choice but at a lower
price, AWS sells you the offerings at the lower price.

Buying Reserved Instances using the AWS Management Console
To buy Reserved Instances using the AWS Management Console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the Navigation pane, choose Reserved Instances.

On the Reserved Instances page, choose Purchase Reserved Instances.

Specify details for the Reserved Instances to purchase, and choose Search.

Note
The Seller column in the search results indicates whether the seller is a third-party. If so,
the Term column displays non-standard terms.
5.

Select the Reserved Instances that you want, enter the quantity, and choose Add to Cart.

To see a summary of the Reserved Instances that you have selected, choose View Cart.

To complete the order, choose Purchase.

Note
If, at the time of purchase, there are offerings similar to your choice but with a lower price,
AWS will sell you the offerings at the lower price.
To apply your reservation, launch an On-Demand instance, ensuring that you match the same criteria
that you specified for your Reserved Instance. AWS automatically charges you the lower hourly rate.
You do not have to restart your instance.

To view transaction status using the AWS Management Console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

Choose the Reserved Instances page. The status of your purchase is listed in the State column.
When your order is complete, the State value changes from payment-pending to active.

Buying Reserved Instances Using the Command Line Interface or API
To buy Reserved Instances using the command line or API

153

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

1. Using the AWS CLI, see purchase-reserved-instances-offering
2. Using the AWS Tools for Windows PowerShell, see New-EC2ReservedInstance
3. Using the Amazon EC2 API, see PurchaseReservedInstancesOffering
To view transaction status using the command line or API
1. Using the AWS CLI, see describe-reserved-instances
2. Using the AWS Tools for Windows PowerShell, see Get-EC2ReservedInstance
3. Using the Amazon EC2 API, see DescribeReservedInstances

Applying Reserved Instances
Reserved Instances are automatically applied to running, or potential, On-Demand instances provided
that the specifications match. You can use the AWS Management Console, a command line tool, or the
Amazon EC2 API to perform any of these tasks.

Note
To run your Reserved Instance on a specific Linux platform, you must identify the
platform when you purchase the reserved capacity. Then, when you launch your instance
with the intention of using the reserved capacity you purchased, you must choose the
Amazon Machine Image (AMI) that runs that specific Linux platform, along with any other
specifications you identified during the purchase.
• Instance type (for example, m1.small).
• Availability Zone in which to run the instance.
• Term (time period) over which you want to reserve capacity.
• Tenancy. You can reserve capacity for your instance to run in single-tenant hardware (dedicated
tenancy, as opposed to shared). The tenancy you select must match the tenancy of the OnDemand instance you're applying, or plan to apply, the Reserved Instance to. For more information,
see Dedicated Instances.
• Offering (No Upfront, Partial Upfront, All Upfront).
Use—To use your Reserved Instance, launch an On-Demand instance with the same specifications as
the reservation you purchased. The pricing benefits and capacity reservations automatically apply to
any matching instances you have that aren't already covered by a reservation.
For more information, see Launch Your Instance (p. 229).

Reserved Instance States
Reserved Instances can be in one of the following states:
• active—The Reserved Instance is available for use.
• payment-pending—AWS is processing your payment for the Reserved Instance. You can use the
Reserved Instance when the state becomes active.

154

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

• retired—The Reserved Instance has been terminated for any of the following reasons:
• AWS did not receive your payment. For example, the credit card transaction did not go through.
• The Reserved Instance term expired.
It's important to note that status information displayed in the State column in the Reserved Instance
page is different from the status information displayed in the Listing State in the My Listings tab.
If you are a seller in the Reserved Instance Marketplace the Listing State displays the status of
a reservation that's been listed in the Reserved Instance Marketplace. For more information, see
Reserved Instance Listing States (p. 159).

Buying in the Reserved Instance Marketplace
You can purchase Amazon EC2 Reserved Instances from AWS or you can purchase from third-party
sellers who own Reserved Instances that they no longer need.
For a buyer, the Reserved Instance Marketplace provides increased selection and flexibility by allowing
you to search for Reserved Instances that most closely match your preferred combination of instance
type, region, and duration.
For more information about the Reserved Instance Marketplace, see Selling in the Reserved Instance
Marketplace (p. 155).
There are a few differences between Reserved Instances purchased in the Reserved Instance
Marketplace and Reserved Instances purchased directly from AWS:
• Term—Reserved Instances that you purchase from third-party sellers have less than a full standard
term remaining. Full standard terms from AWS run for one year or three years.
• Upfront price—Third-party Reserved Instances can be sold at different upfront prices. The usage
or recurring fees remain the same as the fees set when the Reserved Instances were originally
purchased from AWS.
Basic information about you is shared with the seller, for example, your ZIP code and country
information.
This information enables sellers to calculate any necessary transaction taxes that they have to remit to
the government (such as sales tax or value-added tax) and is provided in the form of a disbursement
report. In rare circumstances, AWS might have to provide the seller with your email address, so that
they can contact you regarding questions related to the sale (for example, tax questions).
For similar reasons, AWS shares the legal entity name of the seller on the buyer's purchase invoice.
If you need additional information about the seller for tax or related reasons, you can contact AWS
Support.

Selling in the Reserved Instance Marketplace
Selling unused reservations in the Reserved Instance Marketplace provides you with the flexibility to
move to new configurations when your business needs change or if you have capacity you no longer
need.
As soon as you list your Reserved Instances in the Reserved Instance Marketplace, they are available
for potential buyers to find. All Reserved Instances are grouped according to the duration of the term
remaining and the hourly price.
To fulfill a buyer's request, AWS first sells the Reserved Instance with the lowest upfront price in the
specified grouping; then it sells the Reserved Instance with the next lowest price, until the buyer's
entire order is fulfilled. AWS then processes the transactions and transfers ownership of the Reserved
Instances to the buyer.

155

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

You own your Reserved Instance until it's sold. After the sale, you've given up the capacity reservation
and the discounted recurring fees. If you continue to use your instance, AWS charges you the OnDemand price starting from the time that your Reserved Instance was sold. You can buy more
reserved capacity, or terminate your instances when your capacity reservation is sold.
Contents
• Getting Paid (p. 156)
• Registering as a Seller (p. 156)
• Listing Your Reserved Instances (p. 158)
• Pricing Your Reserved Instances (p. 161)

Getting Paid
As soon as AWS receives funds from the buyer, a message is sent to the email address associated
with the account that is registered as owner of the Reserved Instance that was sold.
AWS sends an Automated Clearing House (ACH) wire transfer to your specified bank account.
Typically, this transfer occurs between one to three days after your Reserved Instance has been sold.
You can view the state of this disbursement by viewing your Reserved Instance disbursement report.
Disbursements take place once a day. Keep in mind that you will not be able to receive disbursements
until AWS has received verification from your bank. This period can take up to two weeks.
The Reserved Instance you sold will continue to appear in the results of
DescribeReservedInstances calls you make.
You receive a cash disbursement for your Reserved Instances through a wire transfer directly into your
bank account. AWS charges a service fee of 12 percent of the total upfront price of each Reserved
Instance you sell in the Reserved Instance Marketplace.

Note
Only Amazon EC2 Reserved Instances can be sold in the Reserved Instance Marketplace.
Other types, such as Amazon RDS and Amazon ElastiCache Reserved Instances, cannot be
sold on the Reserved Instance Marketplace.
The following are important limits to note:
• Reserved Instances can be sold after 30 days—Reserved Instances can only be sold when
you've owned them for at least 30 days. In addition, there must be at least a month remaining in the
term of the Reserved Instance you are listing.
• Listings cannot be modified—You cannot modify your listing in the Reserved Instance
Marketplace. However, you can change your listing by first cancelling it and then creating another
listing with new parameters. For information, see Listing Your Reserved Instances (p. 158). You
can also modify your Reserved Instances before listing them. For information, see Modifying Your
Reserved Instances (p. 161).
• Discounted Reserved instances cannot be sold—Reserved Instances purchased at a reduced
cost resulting from a tiering discount cannot be sold in the Reserved Instance Marketplace. For more
information, see Reserved Instance Marketplace (p. 148).

Registering as a Seller
To be able to sell in the Reserved Instance Marketplace, your first task is to register as a seller. During
registration, you need to provide the name of your business, information about your bank, and your
business's tax identification number.
After AWS receives your completed seller registration, you will receive an email confirming your
registration and informing you that you can get started selling in the Reserved Instance Marketplace.

156

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

Topics
• Bank Accounts (p. 157)
• Tax Information (p. 157)
• Sharing Information with the Buyer (p. 158)

Bank Accounts
AWS must have your bank information in order to disburse funds collected when you sell your
Reserved Instance. The bank you specify must have a US address.
To register a default bank account for disbursements
1. On the Reserved Instance Marketplace Seller Registration page, sign in. If you do not yet have an
AWS account you can also create one via this page.
2. On the Manage Bank Account page, provide the following information about the bank through
which you will receive payment:
• Bank account holder name
• Routing number
• Account number
• Bank account type

Note
If you are using a corporate bank account, you are prompted to send the information about
the bank account via fax (1-206-765-3424).
After registration, the bank account provided is set as the default, pending verification with the bank.
It can take up to two weeks to verify a new bank account, during which time you will not be able to
receive disbursements. For an established account, it usually takes about two days for disbursements
to complete.
To change the default bank account for disbursement
1. On the Reserved Instance Marketplace Seller Registration page, sign in with the account you used
when you registered.
2. On the Manage Bank Account page, add a new bank account or modify the default bank account
as needed.

Tax Information
Your sale of Reserved Instances might be subject to a transactional tax, such as sales tax or valueadded tax. You should check with your business's tax, legal, finance, or accounting department to
determine if transaction-based taxes are applicable. You are responsible for collecting and sending the
transaction-based taxes to the appropriate tax authority.
As part of the seller registration process, you have the option of completing a tax interview. We
encourage you to complete this process if any of the following apply:
• You want AWS to generate a Form 1099-K.
• You anticipate having either 50 or more transactions or $20,000 or more in sales of Reserved
Instances in a calendar year. A transaction can involve one or more Reserved Instances. If you
choose to skip this step during registration, and later you reach transaction 49, you will get a
message saying, "You have reached the transaction limit for pre-tax. Please complete the tax
interview in the Seller Registration Portal".

157

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

• You are a non-US seller. In this case, you must electronically complete Form W-8BEN.
For more information about IRS requirements and the Form 1099-K, go to the IRS website.
The tax information you enter as part of the tax interview will differ depending on whether your
business is a US or non-US legal entity. As you fill out the tax interview, keep in mind the following:
• Information provided by AWS, including the information in this topic, does not constitute tax, legal, or
other professional advice. To find out how the IRS reporting requirements might affect your business,
or if you have other questions, please contact your tax, legal, or other professional advisor.
• To fulfill the IRS reporting requirements as efficiently as possible, answer all questions and enter all
information requested during the interview.
• Check your answers. Avoid misspellings or entering incorrect tax identification numbers. They can
result in an invalidated tax form.
After you complete the tax registration process, AWS files Form 1099-K. You will receive a copy of
it through the US mail on or before January 31 in the year following the year that your tax account
reaches the threshold levels. For example, if your tax account reaches the threshold in 2016, you will
receive the form in 2017.

Sharing Information with the Buyer
When you sell in the Reserved Instance Marketplace, AWS shares your company’s legal name on the
buyer’s statement in accordance with US regulations. In addition, if the buyer calls AWS Customer
Support because the buyer needs to contact you for an invoice or for some other tax-related reason,
AWS may need to provide the buyer with your email address so that the buyer can contact you directly.
For similar reasons, the buyer's ZIP code and country information are provided to the seller in the
disbursement report. As a seller, you might need this information to accompany any necessary
transaction taxes that you remit to the government (such as sales tax and value-added tax).
AWS cannot offer tax advice, but if your tax specialist determines that you need specific additional
information, contact AWS Support.

Listing Your Reserved Instances
As a registered seller, you can choose to sell one or more of your Reserved Instances, and you can
choose to sell all of them in one listing or in portions. In addition, you can list any type of Reserved
Instance—including any configuration of instance type, platform, region, and Availability Zone.
If you decide to cancel your listing and a portion of that listing has already been sold, the cancellation is
not effective on the portion that has been sold. Only the portion of the listing not yet sold will no longer
be available in the Reserved Instance Marketplace.

Lifecycle of a Listing
Now that you have created a listing, let's walk through what happens when your listing sells.
When all the instances in your listing are matched and sold, the My Listings tab shows that your Total
instance count matches the count listed under Sold, there are no Available instances left for your
listing, and its Status is closed.
When only a portion of your listing is sold, AWS retires the Reserved Instances in the listing and
creates the number of Reserved Instances equal to the Reserved Instances remaining in the count. So,
the listing ID and the listing that it represents, which now has fewer reservations for sale, is still active.
Any future sales of Reserved Instances in this listing are processed this way. When all the Reserved
Instances in the listing are sold, AWS marks the listing as closed.

158

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

For example, let's say you created a listing Reserved Instances listing ID 5ec28771-05ff-4b9baa31-9e57dexample with a listing count of 5.
Your My Listings tab in the Reserved Instance page of the AWS Management Console will display
the listing this way:
Reserved Instance listing ID 5ec28771-05ff-4b9b-aa31-9e57dexample
• Total reservation count = 5
• Sold = 0
• Available = 5
• Status = active
Let's say that a buyer purchases two of the reservations, which leaves a count of three reservations
still available for sale. As a result of this partial sale, AWS creates a new reservation with a count of
three to represent the remaining reservations that are still for sale.
This is how your listing will look in your My Listings tab:
Reserved Instance listing ID 5ec28771-05ff-4b9b-aa31-9e57dexample
• Total reservation count = 5
• Sold = 2
• Available = 3
• Status = active
If you decide to cancel your listing and a portion of that listing has already sold, the cancellation is not
effective on the portion that has been sold. Only the portion of the listing not yet sold will no longer be
available in the Reserved Instance Marketplace.

After Your Reserved Instance Is Sold
When your Reserved Instance is sold, AWS will send you an email notification. Each day that there
is any kind of activity (for example, you create a listing; you sell a listing; or AWS sends funds to your
account), you will receive one email notification capturing all the activities of the day.
You can track the status of your Reserved Instance listings by looking at the My Listings tab
of the selected Reserved Instance on the Reserved Instance page in the AWS Management
Console. The tab contains the Listing State as well as information about the term, listing price,
and a breakdown of how many instances in the listing are available, pending, sold, and cancelled.
You can also use the ec2-describe-reserved-instances-listings CLI command or the
DescribeReservedInstancesListings API call, with the appropriate filter to obtain information
about your listings.

Reserved Instance Listing States
Listing State displays the current status of your listings:
The information displayed by Listing State is about the status of your listing in the Reserved Instance
Marketplace. It is different from the status information that is displayed by the State column in the
Reserved Instances page. This State information is about your reservation. For more information, see
Reserved Instance States (p. 154).

Listing your Reserved Instances using the AWS CLI
To list a Reserved Instance in the Reserved Instance Marketplace using the AWS CLI

159

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

1. Get a list of your Reserved Instances by calling aws ec2 describe-reserved-instances.
2. Specify the ID of the Reserved Instance you want to list and call aws ec2 create-reservedinstances-listing. You have to specify the following required parameters:
• Reserved Instance ID
• Instance count
• MONTH:PRICE
To view your listing
• Run aws ec2 describe-reserved-instances-listings to get details about your listing.
To cancel and change your listing
• Run aws ec2 cancel-reserved-instances-listings to cancel your listing.

Listing Your Reserved Instances using the Amazon EC2 API
To list a Reserved Instance in the Reserved Instance Marketplace using the Amazon EC2 API
1. Get a list of your Reserved Instances by calling DescribeReservedInstances. Note the ID of the
Reserved Instance to list in the Reserved Instance Marketplace.
2. Create a listing using CreateReservedInstancesListing.
To view your listing
1. Call DescribeReservedInstancesListings to get details about your listing.
To cancel your listing
1. Run CancelReservedInstancesListing.
2. Confirm that it's cancelled by calling DescribeReservedInstancesListings.

Listing Your Reserved Instance using the AWS Management Console
You can list the Reserved Instances you want to sell in the Reserved Instance Marketplace by using
the AWS Management Console.

To list a Reserved Instance in the Reserved Instance Marketplace using the AWS
Management Console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Reserved Instances.

Select the Reserved Instances to list, and choose Sell Reserved Instances.

On the Configure Your Reserved Instance Listing page, set the number of instances to sell
and the upfront price for the remaining term in the relevant columns. You can see how the value
of your reservation will change over the remainder of the term by clicking the arrow next to the
Months Remaining column.

If you are an advanced user and you want to customize the pricing, you can enter different values
for the subsequent months. To return to the default linear price drop, choose Reset.

Choose Continue when you are finished configuring your listing.

160

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

Confirm the details of your listing, on the Confirm Your Reserved Instance Listing page and if
you're satisfied, choose List Reserved Instance.

Listing State displays the current status of your listings:
• active—The listing is available for purchase.
• cancelled—The listing is cancelled and won't be available for purchase in the Reserved Instance
Marketplace.
• closed—The Reserved Instance is not listed. A Reserved Instance might be closed because the
sale of the listing was completed.

Pricing Your Reserved Instances
The upfront fee is the only fee that you can specify for the Reserved Instance that you're selling. The
upfront fee is the one-time fee that the buyer pays when they purchase a Reserved Instance. You
cannot specify the usage fee or the recurring fee; The buyer will pay the same usage or recurring fees
that were set when the reservations were originally purchased.
The following are important limits to note:
• You can sell up to $50,000 in Reserved Instances per year. If you need to sell more, complete
the Request to Raise Sales Limit on Amazon EC2 Reserved Instances form.
• The minimum price is $0. The minimum allowed price allowed in the Reserved Instance
Marketplace is $0.00.
You cannot modify your listing directly. However, you can change your listing by first cancelling it and
then creating another listing with new parameters.
You can cancel your listing at any time, as long as it's in the activestate. You cannot cancel the
listing if it's already matched or being processed for a sale. If some of the instances in your listing are
matched and you cancel the listing, only the remaining unmatched instances are removed from the
listing.

Setting a Pricing Schedule
Because the value of Reserved Instances decreases over time, by default AWS can set prices to
decrease in equal increments month over month. However, you can set different upfront prices based
on when your reservation sells.
For example, if your Reserved Instance has nine months of its term remaining, you can specify the
amount you would accept if a customer were to purchase that Reserved Instance with nine months
remaining, and you could set another price with five months remaining, and yet another price with one
month remaining.

Modifying Your Reserved Instances
When your computing needs change, you can modify your Reserved Instances and continue to benefit
from your capacity reservation.
The following topics guide you through the modification process:
Topics
• Requirements for Modification (p. 162)
• Modifying the Instance Size of Your Reservations (p. 163)

161

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

• Submitting Modification Requests (p. 164)
Modification does not change the remaining term of your Reserved Instances; their end dates remain
the same. There is no fee, and you do not receive any new bills or invoices. Modification is separate
from purchasing and does not affect how you use, purchase, or sell Reserved Instances. You can
modify your whole reservation, or just a subset, in one or more of the following ways:
• Switch Availability Zones within the same region
• Change between EC2-VPC and EC2-Classic
• Change the instance size within the same instance type
Availability Zone and network platform modifications are supported for all product platform types
(Linux and Windows). Instance type modifications are supported only for the Linux platform types.
However, due to licensing differences, it is not possible to change the instance type of RedHat or
SUSE Linux Reserved Instances. For more information about RedHat and SUSE pricing, see Amazon
EC2 Reserved Instance Pricing.
After modification, the pricing benefit of the Reserved Instances is applied only to instances that match
the new parameters. Instances that no longer match the new parameters are charged at the OnDemand rate unless your account has other applicable reservations.

Requirements for Modification
Amazon EC2 processes your modification request if there is sufficient capacity for your target
configuration, and if the following conditions are met.
Your modified Reserved Instances must be:
• Active
• Not pending another modification request
• Not listed in the Reserved Instance Marketplace
• Terminating in the same hour (but not minutes or seconds)
Your modification request must be:
• A unique combination of Availability Zone, instance type, and network platform attributes
• A match between the instance size footprint of the active reservation and the target configuration
If your Reserved Instances are not in the active state or cannot be modified, an API call returns an
error and the Modify Reserved Instances button in the AWS Management Console is not enabled. If
you select multiple Reserved Instances for modification and one or more are for a product platform that
does not allow instance type modification, the Modify Reserved Instances page does not show the
option of changing the instance type of any of the selected Reserved Instances. For more information,
see Modifying the Instance Size of Your Reservations (p. 163).
You may modify your reservations as frequently as you like; however, you cannot submit a modification
request for reservations that are pending a previous modification request. Also, you cannot change
or cancel a pending modification request after you submit it. After the modification has completed
successfully, you can submit another modification request to roll back any changes you made. For
more information, see Determining the Status of Your Modification (p. 165).
To modify Reserved Instances that are listed in the Reserved Instance Marketplace, cancel the
listing, request modification, and then list them again. In addition, you cannot modify an offering
before or at the same time that you purchase it. For more information, see Reserved Instance
Marketplace (p. 148).

162

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

Modifying the Instance Size of Your Reservations
You can adjust the instance size of your Reserved Instances if you have Amazon Linux reservations
in an instance type with multiple sizes. Keep in mind that instance size modifications are allowed only
if other attributes—such as region, utilization type, tenancy, product, end date and hour—match and if
capacity is available. It is not possible to modify the instance size of Windows Reserved Instances.

Note
Instances are grouped by family (based on storage, or CPU capacity); type (designed for
specific use cases); and size. For example, the c4 instance type is in the Compute optimized
instance family and is available in multiple sizes. While c3 instances are in the same family,
you can't modify c4 instances into c3 instances because they have different hardware
specifications. For more information, see Amazon EC2 Instance Types.
For information about the modification process and steps, see Submitting Modification
Requests (p. 164).
The following instances cannot be modified because there are no other sizes available.
• t1.micro
• cc1.4xlarge
• cc2.8xlarge
• cg1.8xlarge
• cr1.8xlarge
• hi1.4xlarge
• hs1.8xlarge
• g2.2xlarge
Your request is successful if the capacity exists and the modification does not change the instance size
footprint of your Reserved Instances.

Understanding the Instance Size Footprint
Each Reserved Instance has an instance size footprint, which is determined by the normalization factor
of the instance type and the number of instances in the reservation. In the Amazon EC2 console, the
footprint is measured in units.
The normalization factor is based on size within the instance type (e.g., the m1 instance family), and
is only meaningful within the same instance type; instance types cannot be modified from one type to
another. The following table illustrates the normalization factor that applies within an instance type.
Instance size

Normalization factor

nano

0.25

micro

0.5

small

medium

large

xlarge

2xlarge

163

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

Instance size

Normalization factor

4xlarge

8xlarge

10xlarge

A modification request is not processed if the footprint of the target configuration does not match the
size of the original configuration.
To calculate the instance size footprint of a Reserved Instance, multiply the number of instances by the
normalization factor. For example, an m1.medium has a normalization factor of 2 so a reservation for
four m1.medium instances has a footprint of 8 units.
You can allocate your reservations into different instance sizes across the same instance type as
long as the instance size footprint of your reservation remains the same. For example, you can divide
a reservation for one m1.large (1 x 4) instance into four m1.small (4 x 1) instances, or you can
combine a reservation for four m1.small instances into one m1.large instance. However, you cannot
change your reservation for two m1.small (2 x 1) instances into one m1.large (1 x 4) instance
because the existing instance size footprint of your current reservation is smaller than the proposed
reservation.
For more information, see Amazon EC2 Instance Types.

Submitting Modification Requests
AWS provides you with several ways to view and work with modification requests: You can use the
AWS Management Console, interact directly with the Amazon EC2 API, or use the command line
interface.
Topics
• AWS Management Console (p. 164)
• Command Line Interface (p. 165)
• Amazon EC2 API (p. 165)
• Determining the Status of Your Modification (p. 165)

AWS Management Console
Each target configuration row on the Modify Reserved Instances page keeps track of the number
of instances for the current instance type (Count) and the instance size footprint of your reservation
relative to its instance type (Units). For more information, see Understanding the Instance Size
Footprint (p. 163).
The allocated total is displayed in red if you have specified either more or fewer Reserved Instances
than are available for modification. The total changes to green and you can choose Continue after you
have specified changes for all the Reserved Instances that were available for modification.
When you modify a subset of your reservation, Amazon EC2 splits your original Reserved Instances
into two or more new Reserved Instances. For example, if you have reservations for 10 instances in
us-east-1a, and decide to move 5 instances to us-east-1b, the modification request results in two new
reservations—one for 5 instances in us-east-1a (the original Availability Zone), and the other for 5
instances in us-east-1b.

To modify your Reserved Instances using the AWS Management Console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

164

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

On the Reserved Instances page, select one or more Reserved Instances to modify, and choose
Modify Reserved Instances.

Note
The first entry in the modification table is the original, unmodified reservation. To modify
the attributes of all reservations, choose new specifications from the menus. To modify or
split only some of your reservations, add an additional line for each change.
3.

Choose Add for each additional attribute change and enter the number of reservations to modify in
the Count field.
•

To change the Availability Zone, select a value in the Availability Zone list.

•

To change the network platform, select a value in the Network list.

•

To change the instance type, select a value in the Instance Type list.

To delete a specified attribute, select X for that row.

Note
If the Modify Reserved Instances page contains only one row for attribute changes, you
cannot delete that row. To modify multiple Reserved Instance attributes, first add a row
for the new specifications and then delete the original row.
5.

Choose Continue.

To confirm your modification choices when you finish specifying your target configurations, choose
Submit Modifications. If you change your mind at any point, choose Cancel to exit the wizard.

Command Line Interface
You can complete modification tasks programmatically by using the AWS CLI (modify-reservedinstances), the AWS Tools for Windows PowerShell (Edit-EC2ReservedInstance) the Amazon EC2 API
(ModifyReservedInstances), and the AWS SDK for Java.

Amazon EC2 API
You can use the ModifyReservedInstances action to modify your Reserved Instances. For more
information, see Amazon EC2 API Reference.

Determining the Status of Your Modification
You can determine the status of your modification request by looking at the state of the Reserved
Instances that you are modifying. The state returned shows your request as in-progress,
fulfilled, or failed. Use the following resources to get this information:
• The State field in the AWS Management Console
• The DescribeReservedInstancesModifications API action
• The describe-reserved-instances-modifications AWS CLI command
• The Get-EC2ReservedInstancesModifications AWS Tools for Windows PowerShell command
The following table illustrates the possible State values in the AWS Management Console
State

Description

active (pending modification)

Transition state for original Reserved Instances.

retired (pending modification)

Transition state for original Reserved Instances
while new Reserved Instances are being created.

retired

Reserved Instances successfully modified and
replaced.

165

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Reserved Instances

State

Description

active

New Reserved Instances created from a
successful modification request.
-OrOriginal Reserved Instances after a failed
modification request.

Note
If you use the DescribeReservedInstancesModifications API action, the status of your
modification request should show processing, fulfilled, or failed.
If your modification request succeeds:
• The modified reservation becomes effective immediately and the pricing benefit is applied
to the new instances beginning at the hour of the modification request. For example, if you
successfully modify your reservations at 9:15PM, the pricing benefit transfers to your new instance
at 9:00PM. (You can get the effective date of the modified Reserved Instances by using the
DescribeReservedInstances API action or the describe-reserved-instances command (AWS CLI).
• The original reservation is retired. Its end date is the start date of the new reservation, and the end
date of the new reservation is the same as the end date of the original Reserved Instance. If you
modify a three-year reservation that had 16 months left in its term, the resulting modified reservation
is a 16-month reservation with the same end date as the original one.
• The modified reservation lists a $0 fixed price and not the fixed price of the original reservation.

Note
The fixed price of the modified reservation does not affect the discount pricing tier calculations
applied to your account, which are based on the fixed price of the original reservation.
If your modification request fails:
• Your Reserved Instances maintain their original configuration.
• Your Reserved Instances are immediately available for another modification request.
For more information about why some Reserved Instances cannot be modified, see Requirements for
Modification (p. 162).

Troubleshooting Modification Requests
If the target configuration settings that you requested were unique, you receive a message that your
request is being processed. At this point, Amazon EC2 has only determined that the parameters of
your modification request are valid. Your modification request can still fail during processing due to
unavailable capacity.
In some situations, you might get a message indicating incomplete or failed modification requests
instead of a confirmation. Use the information in such messages as a starting point for resubmitting
another modification request.
Not all selected Reserved Instances can be processed for modification
Amazon EC2 identifies and lists the Reserved Instances that cannot be modified. If you receive a
message like this, go to the Reserved Instances page in the AWS Management Console and check
the information details about these capacity reservations.

166

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Scheduled Instances

Error in processing your modification request
You submitted one or more Reserved Instances for modification and none of your requests can be
processed. Depending on the number of reservations you are modifying, you can get different versions
of the message.
Amazon EC2 displays the reasons why your request cannot be processed. For example, you might
have specified the same target configuration—a combination of Availability Zone and platform—for
one or more subsets of the Reserved Instances you are modifying. Try submitting these modification
requests again, but ensure that instance details of the reservations match, and that the target
configurations for all subsets being modified are unique.

Scheduled Reserved Instances
Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations
that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year
term. You reserve the capacity in advance, so that you know it is available when you need it. You pay
for the time that the instances are scheduled, even if you do not use them.
Scheduled Instances are a good choice for workloads that do not run continuously, but do run on a
regular schedule. For example, you can use Scheduled Instances for an application that runs during
business hours or for batch processing that runs at the end of the week.
If you require a capacity reservation on a continuous basis, Reserved Instances might meet your
needs and decrease costs. For more information, see Reserved Instances (p. 146). If you are flexible
about when your instances run, Spot instances might meet your needs and decrease costs. For more
information, see Spot Instances (p. 170).
Contents
• How Scheduled Instances Work (p. 167)
• Purchasing a Scheduled Instance (p. 168)
• Launching a Scheduled Instance (p. 169)
• Scheduled Instance Limits (p. 169)

How Scheduled Instances Work
Amazon EC2 sets aside pools of EC2 instances in each Availability Zone for use as Scheduled
Instances. Each pool supports a specific combination of instance type, operating system, and network
(EC2-Classic or EC2-VPC).
To get started, you must search for an available schedule. You can search across multiple pools or a
single pool. After you locate a suitable schedule, purchase it.
You must launch your Scheduled Instances during their scheduled time periods, using a launch
configuration that matches the following attributes of the schedule that you purchased: instance type,
Availability Zone, network, and platform. When you do so, Amazon EC2 launches EC2 instances
on your behalf, based on the specified launch specification. Amazon EC2 must ensure that the EC2
instances have terminated by the end of the current scheduled time period so that the capacity is
available for any other Scheduled Instances it is reserved for. Therefore, Amazon EC2 terminates the
EC2 instances three minutes before the end of the current scheduled time period.
You can't stop or reboot Scheduled Instances, but you can terminate them manually as needed. If you
terminate a Scheduled Instance before its current scheduled time period ends, you can launch it again
after a few minutes. Otherwise, you must wait until the next scheduled time period.
The following diagram illustrates the lifecycle of a Scheduled Instance.

167

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Scheduled Instances

Purchasing a Scheduled Instance
To purchase a Scheduled Instance, you can use the Scheduled Reserved Instances Reservation
Wizard.

Warning
After you purchase a Scheduled Instance, you can't cancel, modify, or resell your purchase.

To purchase a Scheduled Instance using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, under INSTANCES, choose Scheduled Instances.

Choose Purchase Scheduled Instances.

On the Find available schedules page, do the following:
a.

Under Create a schedule, select the starting date from Starting on, the schedule recurrence
(daily, weekly, or monthly) from Recurring, and the minimum duration from for duration.
Note that the console ensures that you specify a value for the minimum duration that meets
the minimum required utilization for your Scheduled Instance (1,200 hours per year).

Under Instance details, select the operating system and network from Platform. To narrow
the results, select one or more instance types from Instance type or one or more Availability
Zones from Availability Zone.

Choose Find schedules.

Under Available schedules, select one or more schedules. For each schedule that you
select, set the quantity of instances and choose Add to Cart.

Your cart is displayed at the bottom of the page. When you are finished adding and removing
schedules from your cart, choose Review and purchase.
168

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Scheduled Instances

On the Review and purchase page, verify your selections and edit them as needed. When you
are finished, choose Purchase.

To purchase a Scheduled Instance using the AWS CLI
Use the describe-scheduled-instance-availability command to list the available schedules that meet
your needs, and then use the purchase-scheduled-instances command to complete the purchase.

Launching a Scheduled Instance
After you purchase a Scheduled Instance, it is available for you to launch during its scheduled time
periods.

To launch a Scheduled Instance using the console
1.
2.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, under INSTANCES, choose Scheduled Instances.

Select the Scheduled Instance and choose Launch Scheduled Instances.

On the Configure page, complete the launch specification for your Scheduled Instances and
choose Review.

Important

The launch specification must match the instance type, Availability Zone, network, and
platform of the schedule that you purchased.
On the Review page, verify the launch configuration and modify it as needed. When you are
finished, choose Launch.

To launch a Scheduled Instance using the AWS CLI
Use the describe-scheduled-instances command to list your Scheduled Instances, and then use the
run-scheduled-instances command to launch each Scheduled Instance during its scheduled time
periods.

Scheduled Instance Limits
Scheduled Instances are subject to the following limits:
• The following are the only supported instance types: C3, C4, M4, and R3.
• The required term is 365 days (one year).
• The minimum required utilization is 1,200 hours per year.
• You can purchase a Scheduled Instance up to three months in advance.

169

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Spot Instances
Spot instances enable you to bid on unused EC2 instances, which can lower your Amazon EC2 costs
significantly. The hourly price for a Spot instance (of each instance type in each Availability Zone) is set
by Amazon EC2, and fluctuates depending on the supply of and demand for Spot instances. Your Spot
instance runs whenever your bid exceeds the current market price.
Spot instances are a cost-effective choice if you can be flexible about when your applications run and
if your applications can be interrupted. For example, Spot instances are well-suited for data analysis,
batch jobs, background processing, and optional tasks. For more information, see Amazon EC2 Spot
Instances.
The key differences between Spot instances and On-Demand instances are that Spot instances
might not start immediately, the hourly price for Spot instances varies based on demand, and Amazon
EC2 can terminate an individual Spot instance as the hourly price for or availability of Spot instances
changes. One strategy is to launch a core group of On-Demand instances to maintain a minimum level
of guaranteed compute resources for your applications, and supplement them with Spot instances
when the opportunity arises.

Another strategy is to launch Spot instances with a required duration (also known as Spot blocks),
which are not interrupted due to changes in the Spot price. For more information, see Specifying a
Duration for Your Spot Instances (p. 182).

Concepts
Before you get started with Spot instances, you should be familiar with the following concepts:
• Spot instance pool—A set of unused EC2 instances with the same instance type, operating system,
Availability Zone, and network platform (EC2-Classic or EC2-VPC).
• Spot price—The current market price of a Spot instance per hour, which is set by Amazon EC2
based on the last fulfilled bid. You can also retrieve the Spot price history.
• Spot instance request (or Spot bid)—Provides the maximum price (bid price) that you are willing
to pay per hour for a Spot instance. When your bid price exceeds the Spot price, Amazon EC2
fulfills your request. Note that a Spot instance request is either one-time or persistent. Amazon EC2
automatically resubmits a persistent Spot request after the Spot instance associated with the request
is terminated. Your Spot instance request can optionally specify a duration for the Spot instances.
• Spot fleet—A set of Spot instances that is launched based on criteria that you specify. The Spot
fleet selects the Spot instance pools that meet your needs and launches Spot instances to meet the
target capacity for the fleet. By default Spot fleets are set to maintain target capacity by launching
replacement instances after Spot instances in the fleet are terminated. They can also be submitted
as a one-time request which does not persist once instances have been terminated.
• Spot instance interruption—Amazon EC2 terminates your Spot instance when the Spot price
exceeds your bid price or there are no longer any unused EC2 instances. Amazon EC2 marks
the Spot instance for termination and provides a Spot instance termination notice, which gives the
instance a two-minute warning before it terminates.

170

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

• Bid status—Provides detailed information about the current state of your Spot bid.

How to Get Started
The first thing you need to do is get set up to use Amazon EC2. It can also be helpful to have
experience launching On-Demand instances before launching Spot instances.

Get Up and Running
• Setting Up with Amazon EC2 (p. 13)
• Getting Started with Amazon EC2 Windows Instances (p. 19)

Spot Basics
• How Spot Instances Work (p. 172)
• How Spot Fleet Works (p. 175)

Working with Spot Instances
• Preparing for Interruptions (p. 211)
• Creating a Spot Instance Request (p. 183)
• Getting Bid Status Information (p. 209)

Working with Spot Fleets
• Spot Fleet Prerequisites (p. 189)
• Creating a Spot Fleet Request (p. 191)

Related Services
You can provision Spot instances directly using Amazon EC2. You can also provision Spot instances
using other services in AWS. For more information, see the following documentation.
Auto Scaling and Spot instances
You can create launch configurations with a bid price so that Auto Scaling can launch Spot
instances. For more information, see Launching Spot instances in Your Auto Scaling Group in the
Auto Scaling User Guide.
Amazon EMR and Spot instances
There are scenarios where it can be useful to run Spot instances in an Amazon EMR cluster. For
more information, see Lower Costs with Spot Instances in the Amazon EMR Developer Guide.
AWS CloudFormation Templates
AWS CloudFormation enables you to create and manage a collection of AWS resources using
a template in JSON format. AWS CloudFormation templates can include a Spot price. For more
information, see EC2 Spot Instance Updates - Auto Scaling and CloudFormation Integration.
AWS SDK for Java
You can use the Java programming language to manage your Spot instances. For more
information, see Tutorial: Amazon EC2 Spot Instances and Tutorial: Advanced Amazon EC2 Spot
Request Management.
AWS SDK for .NET
You can use the .NET programming environment to manage your Spot instances. For more
information, see Tutorial: Amazon EC2 Spot instances.

171

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Pricing
You pay the Spot price for Spot instances, which is set by Amazon EC2 and fluctuates periodically
depending on the supply of and demand for Spot instances. If your bid price exceeds the current Spot
price, Amazon EC2 fulfills your request and your Spot instances run until either you terminate them or
the Spot price increases above your bid price.
Everyone pays that same Spot price for that period, regardless of whether their bid price was higher.
You never pay more than your bid price per hour, and often pay less per hour. For example, if you bid
$0.25 per hour, and the Spot price is $0.20 per hour, you only pay $0.20 per hour. If the Spot price
drops, you pay the new, lower price. If the Spot price rises, you pay the new price if it is equal to or less
than your bid price. If the Spot price rises above your bid price, then your Spot instance is interrupted.
At the start of each instance hour, you are charged based on the Spot price. If your Spot instance is
interrupted in the middle of an instance hour because the Spot price exceeded your bid, you are not
charged for the hour of use that was interrupted. However, if you terminate your Spot instance in the
middle of an instance hour, you are charged for the hour.
Note that Spot instances with a predefined duration use a fixed hourly price that remains in effect for
the Spot instance while it runs.
View Prices
To view the current (updated every five minutes) lowest Spot price per region and instance type, see
the Spot Instances Pricing page.
To view the Spot price history for the past three months, use the Amazon EC2 console or the
describe-spot-price-history command (AWS CLI). For more information, see Spot Instance Pricing
History (p. 180).
Note that we independently map Availability Zones to codes for each AWS account. Therefore, you can
get different results for the same Availability Zone code (for example, us-west-2a) between different
accounts.
View Billing
To review your bill, go to your AWS Account Activity page. Your bill contains links to usage reports that
provide details about your bill. For more information, see AWS Account Billing.
If you have questions concerning AWS billing, accounts, and events, contact AWS Support.

How Spot Instances Work
To use Spot instances, create a Spot instance request or a Spot fleet request. The request includes the
maximum price that you are willing to pay per hour per instance (your bid price), and other constraints
such as the instance type and Availability Zone. If your bid price is greater than the current Spot price
for the specified instance, and the specified instance is available, your request is fulfilled immediately.
Otherwise, the request is fulfilled whenever the Spot price falls below your bid price or the specified
instance becomes available. Spot instances run until you terminate them or until Amazon EC2 must
terminate them (also known as a Spot instance interruption).
When you use Spot instances, you must be prepared for interruptions. Amazon EC2 can interrupt your
Spot instance when the Spot price rises above your bid price, when the demand for Spot instances
rises, or when the supply of Spot instances decreases. When Amazon EC2 marks a Spot instance
for termination, it provides a Spot instance termination notice, which gives the instance a two-minute
warning before it terminates. Note that you can't enable termination protection for Spot instances. For
more information, see Spot Instance Interruptions (p. 211).
Note that you can't stop and start an Amazon EBS-backed instance if it is a Spot instance, but you can
reboot or terminate it.

172

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Shutting down a Spot instance on OS-level results in the Spot instance being terminated. It is not
possible to change this behavior.
Contents
• Supply and Demand in the Spot Market (p. 173)
• Launching Spot Instances in a Launch Group (p. 174)
• Launching Spot Instances in an Availability Zone Group (p. 174)
• Launching Spot Instances in a VPC (p. 175)

Supply and Demand in the Spot Market
AWS continuously evaluates how many Spot instances are available in each Spot instance pool,
monitors the bids that have been made for each pool, and provisions the available Spot instances to
the highest bidders. The Spot price for a pool is set to the lowest fulfilled bid for that pool. Therefore,
the Spot price is the price above which you must bid to fulfill a Spot request for a single Spot instance
immediately.
For example, suppose that you create a Spot instance request, and that the corresponding Spot
instance pool has only five Spot instances for sale. Your bid price is $0.10, which is also the current
Spot price. The following table shows the current bids, ranked in descending order. Bids 1-5 are
fulfilled. Bid 5, being the last fulfilled bid, sets the Spot price at $0.10. Bid 6 is unfulfilled. Bids 3-5,
which share the same bid price of $0.10, are ranked in random order.
Bid

Bid price

Current Spot price

Notes

$1.00

$0.10

$1.00

$0.10

Your bid

$0.10

Last fulfilled bid, which
sets the Spot price.
Everyone pays the
same Spot price for the
period.

———

$0.05

Spot capacity cutoff

Now, let's say that the size of this pool drops to 3. Bids 1-3 are fulfilled. Bid 3, the last fulfilled bid, sets
the Spot price at $0.10. Bids 4-5, which also are $0.10, are unfulfilled. As you can see, even though
the Spot price didn't change, two of the bids, including your bid, are no longer fulfilled because the Spot
supply decreased.
Bid

Bid price

Current Spot price

$1.00

$0.10

$1.00

$0.10

173

Notes

Last fulfilled bid, which
sets the Spot price.
Everyone pays the

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Bid

Bid price

Current Spot price

Notes
same Spot price for the
period.

———

Spot capacity cutoff

$0.10

Your bid

$0.10

$0.05

To fulfill a Spot request for a single instance from this pool, you must bid above the current Spot
price of $0.10. If you bid $0.101, your request will be fulfilled, the Spot instance for bid 3 would be
interrupted, and the Spot price would become $0.101. If you bid $2.00, the Spot instance for bid 3
would be interrupted and the Spot price would become $1.00 (the price for bid 2).
Keep in mind that no matter how high you bid, you can never get more than the available number of
Spot instances in a Spot instance pool. If the size of the pool drops to zero, then all the Spot instances
from that pool would be interrupted.

Launching Spot Instances in a Launch Group
Specify a launch group in your Spot instance request to tell Amazon EC2 to launch a set of Spot
instances only if it can launch them all. In addition, if the Spot service must terminate one of the
instances in a launch group (for example, if the Spot price rises above your bid price), it must terminate
them all. However, if you terminate one or more of the instances in a launch group, Amazon EC2 does
not terminate the remaining instances in the launch group.
Note that although this option can be useful, adding this constraint can lower the chances that your
Spot instance request is fulfilled. It can also increase the chance that your Spot instances will be
terminated.
If you create another successful Spot instance request that specifies the same (existing) launch group
as an earlier successful request, then the new instances are added to the launch group. Subsequently,
if an instance in this launch group is terminated, all instances in the launch group are terminated, which
includes instances launched by the first and second requests.

Launching Spot Instances in an Availability Zone Group
Specify an Availability Zone group in your Spot instance request to tell the Spot service to launch a
set of Spot instances in the same Availability Zone. Note that Amazon EC2 need not terminate all
instances in an Availability Zone group at the same time. If Amazon EC2 must terminate one of the
instances in an Availability Zone group, the others remain running.
Note that although this option can be useful, adding this constraint can lower the chances that your
Spot instance request is fulfilled.
If you specify an Availability Zone group but don't specify an Availability Zone in the Spot instance
request, the result depends on whether you specified the EC2-Classic network, a default VPC,
or a nondefault VPC. For more information about EC2-Classic and EC2-VPC, see Supported
Platforms (p. 560).
EC2-Classic
Amazon EC2 finds the lowest-priced Availability Zone in the region and launches your Spot instances
in that Availability Zone if the lowest bid for the group is higher than the current Spot price in that
Availability Zone. Amazon EC2 waits until there is enough capacity to launch your Spot instances
together, as long as the Spot price remains lower than the lowest bid for the group.

174

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Default VPC
Amazon EC2 uses the Availability Zone for the specified subnet, or if you don't specify a subnet, it
selects an Availability Zone and its default subnet, but it might not be the lowest-priced Availability
Zone. If you deleted the default subnet for an Availability Zone, then you must specify a different
subnet.
Nondefault VPC
Amazon EC2 uses the Availability Zone for the specified subnet.

Launching Spot Instances in a VPC
To take advantage of the features of EC2-VPC when you use Spot instances, specify in your Spot
request that your Spot instances are to be launched in a VPC. You specify a subnet for your Spot
instances the same way that you specify a subnet for your On-Demand instances.
The process for making a Spot instance request that launches Spot instances in a VPC is the same as
the process for making a Spot instance request that launches Spot instances in EC2-Classic—except
for the following differences:
• You should base your bid on the Spot price history of Spot instances in a VPC.
• [Default VPC] If you want your Spot instance launched in a specific low-priced Availability Zone, you
must specify the corresponding subnet in your Spot instance request. If you do not specify a subnet,
Amazon EC2 selects one for you, and the Availability Zone for this subnet might not have the lowest
Spot price.
• [Nondefault VPC] You must specify the subnet for your Spot instance.

How Spot Fleet Works
A Spot fleet is a collection, or fleet, of Spot instances. The Spot fleet attempts to launch the number of
Spot instances that are required to meet the target capacity that you specified in the Spot fleet request.
The Spot fleet also attempts to maintain its target capacity fleet if your Spot instances are interrupted
due to a change in Spot prices or available capacity.
A Spot instance pool is a set of unused EC2 instances with the same instance type, operating system,
Availability Zone, and network platform (EC2-Classic or EC2-VPC). When you make a Spot fleet
request, you can include multiple launch specifications, that vary by instance type, AMI, Availability
Zone, or subnet. The Spot fleet selects the Spot instance pools that are used to fulfill the request,
based on the launch specifications included in your Spot fleet request, and the configuration of the
Spot fleet request. The Spot instances come from the selected pools.
Contents
• Spot Fleet Allocation Strategy (p. 175)
• Spot Price Overrides (p. 176)
• Spot Fleet Instance Weighting (p. 176)
• Walkthrough: Using Spot Fleet with Instance Weighting (p. 177)

Spot Fleet Allocation Strategy
The allocation strategy for your Spot fleet determines how it fulfills your Spot fleet request from the
possible Spot instance pools represented by its launch specifications. The following are the allocation
strategies that you can specify in your Spot fleet request:
lowestPrice
The Spot instances come from the pool with the lowest price. This is the default strategy.

175

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
diversified
The Spot instances are distributed across all pools.

Choosing an Allocation Strategy
You can optimize your Spot fleets based on your use case.
If your fleet is small or runs for a short time, the probability that your Spot instances will be interrupted
is low, even with all the instances in a single Spot instance pool. Therefore, the lowestPrice strategy
is likely to meet your needs while providing the lowest cost.
If your fleet is large or runs for a long time, you can improve the availability of your fleet by distributing
the Spot instances across multiple pools. For example, if your Spot fleet request specifies 10 pools and
a target capacity of 100 instances, the Spot fleet launches 10 Spot instances in each pool. If the Spot
price for one pool increases above your bid price for this pool, only 10% of your fleet is affected. Using
this strategy also makes your fleet less sensitive to increases in the Spot price in any one pool over
time.
Note that with the diversified strategy, the Spot fleet does not launch Spot instances into any pools
with a Spot price that is higher than the On-Demand price.

Maintaining Target Capacity
After Spot instances are terminated due to a change in the Spot price or available capacity of a
Spot instance pool, the Spot fleet launches replacement Spot instances. If the allocation strategy
is lowestPrice, the Spot fleet launches replacement instances in the pool where the Spot price
is currently the lowest. If the allocation strategy is diversified, the Spot fleet distributes the
replacement Spot instances across the remaining pools.

Spot Price Overrides
Each Spot fleet request must include a global Spot price. By default, the Spot fleet uses this price as
the bid price for each of its launch specifications.
You can optionally specify a Spot price in one or more launch specifications. This bid price is specific to
the launch specification. If a launch specification includes a specific Spot price, the Spot fleet uses this
price as the bid price for that launch specification, overriding the global Spot price. Note that any other
launch specifications that do not include a specific Spot price still use the global Spot price.

Spot Fleet Instance Weighting
When you request a fleet of Spot instances, you can define the capacity units that each instance type
would contribute to your application's performance, and adjust your bid price for each Spot instance
pool accordingly using instance weighting.
By default, the Spot price that you specify represents your bid price per instance hour. When you use
the instance weighting feature, the Spot price that you specify represents your bid price per unit hour.
You can calculate your bid price per unit hour by dividing your bid price for an instance type by the
number of units that it represents. The Spot fleet calculates the number of Spot instances to launch by
dividing the target capacity by the instance weight. If the result isn't an integer, the Spot fleet rounds it
up to the next integer, so that the size of your fleet is not below its target capacity.
The following table includes examples of calculations to determine the bid price per unit for a Spot fleet
request with a target capacity of 10.
Instance
type

Instance
weight

Spot price
per instance
hour

Spot price per
unit hour

Number of instances launched

r3.xlarge

$0.05

.025

176

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Instance
type

r3.8xlarge

Instance
weight

Spot price
per instance
hour

$0.10

Spot price per
unit hour

Number of instances launched

(.05 divided by
2)

(10 divided by 2)

.0125

(.10 divided by
8)

(10 divided by 8, result rounded
up)

Use Spot fleet instance weighting as follows to provision the target capacity you want in the pools with
the lowest price per unit at the time of fulfillment:
1.

Set the target capacity for your Spot fleet either in instances (the default) or in the units of your
choice, such as virtual CPUs, memory, storage, or throughput.

Set the bid price per unit.

For each launch configuration, specify the weight, which is the number of units that the instance
type represents toward the target capacity.

Instance Weighting Example
Consider a Spot fleet request with the following configuration:
• A target capacity of 24
• A launch specification with an instance type r3.2xlarge and a weight of 6
• A launch specification with an instance type c3.xlarge and a weight of 5
The weights represent the number of units that instance type represents toward the target capacity. If
the first launch specification provides the lowest Spot price per unit (Spot price for r3.2xlarge per
instance hour divided by 6), the Spot fleet would launch four of these instances (24 divided by 6).
If the second launch specification provides the lowest Spot price per unit (Spot price for c3.xlarge
per instance hour divided by 5), the Spot fleet would launch five of these instances (24 divided by 5,
result rounded up).
Instance Weighting and Allocation Strategy
Consider a Spot fleet request with the following configuration:
• A target capacity of 30
• A launch specification with an instance type c3.2xlarge and a weight of 8
• A launch specification with an instance type m3.xlarge and a weight of 8
• A launch specification with an instance type r3.xlarge and a weight of 8
The Spot fleet would launch four instances (30 divided by 8, result rounded up). With the
lowestPrice strategy, all four instances come from the pool that provides the lowest Spot price per
unit. With the diversified strategy, the Spot fleet launches 1 instance in each of the three pools,
and the fourth instance in whichever of the three pools provides the lowest Spot price per unit.

Walkthrough: Using Spot Fleet with Instance Weighting
This walkthrough uses a fictitious company called Example Corp to illustrate the process of bidding for
a Spot fleet using instance weighting.
177

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Objective
Example Corp, a pharmaceutical company, wants to leverage the computational power of Amazon
EC2 for screening chemical compounds that might be used to fight cancer.

Planning
Example Corp first reviews Spot Best Practices. Next, Example Corp determines the following
requirements for their Spot fleet.
Instance Types
Example Corp has a compute- and memory-intensive application that performs best with at least
60 GB of memory and eight virtual CPUs (vCPUs). They want to maximize these resources for the
application at the lowest possible price. Example Corp decides that any of the following EC2 instance
types would meet their needs:
Instance type

Memory (GiB)

vCPUs

r3.2xlarge

r3.4xlarge

122

r3.8xlarge

244

Target Capacity in Units
With instance weighting, target capacity can equal a number of instances (the default) or a combination
of factors such as cores (vCPUs), memory (GiBs), and storage (GBs). By considering the base for
their application (60 GB of RAM and eight vCPUs) as 1 unit, Example Corp decides that 20 times this
amount would meet their needs. So the company sets the target capacity of their Spot fleet request to
20.
Instance Weights
After determining the target capacity, Example Corp calculates instance weights. To calculate the
instance weight for each instance type, they determine the units of each instance type that are required
to reach the target capacity as follows:
• r3.2xlarge (61.0 GB, 8 vCPUs) = 1 unit of 20
• r3.4xlarge (122.0 GB, 16 vCPUs) = 2 units of 20
• r3.8xlarge (244.0 GB, 32 vCPUs) = 4 units of 20
Therefore, Example Corp assigns instance weights of 1, 2, and 4 to the respective launch
configurations in their Spot fleet request.
Bid Price Per Unit Hour
Example Corp uses the On-Demand price per instance hour as a starting point for their bid price. They
could also use recent Spot prices, or a combination of the two. To calculate bid price per unit hour, they
divide their starting bid price per instance hour by the weight. For example:
Instance type

On-Demand price

Instance weight

Price per unit hour

r3.2xLarge

$0.7

r3.4xLarge

$1.4

$0.7

r3.8xLarge

$2.8

$0.7

178

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Example Corp could enter a global bid price per unit hour of $0.7 and be competitive for all three
instance types. They could also enter a global bid price per unit hour of $0.7 and a specific bid
price per unit hour of $0.9 in the r3.8xlarge launch specification. Depending on the strategy for
provisioning their Spot fleet, Example Corp could bid lower to further reduce costs, or bid higher to
reduce the probability of interruption.

Verifying Permissions
Before creating a Spot fleet request, Example Corp verifies that it has an IAM role with the required
permissions. For more information, see Spot Fleet Prerequisites (p. 189).

Creating the Request
Example Corp creates a file, config.json, with the following configuration for its Spot fleet request:
{
"SpotPrice": "0.70",
"TargetCapacity": 20,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "r3.2xlarge",
"SubnetId": "subnet-482e4972",
"WeightedCapacity": 1
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "r3.4xlarge",
"SubnetId": "subnet-482e4972",
"WeightedCapacity": 2
}
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "r3.8xlarge",
"SubnetId": "subnet-482e4972",
"SpotPrice": "0.90",
"WeightedCapacity": 4
}
]
}

Example Corp creates the Spot fleet request using the following request-spot-fleet command:
aws ec2 request-spot-fleet --spot-fleet-request-config file://config.json

For more information, see Spot Fleet Requests (p. 188).

Fulfillment
The allocation strategy determines which Spot instance pools your Spot instances come from.
With the lowestPrice strategy (which is the default strategy), the Spot instances come from the
pool with the lowest Spot price per unit at the time of fulfillment. To provide 20 units of capacity, the
Spot fleet launches either 20 r3.2xlarge instances (20 divided by 1), 10 r3.4xlarge instances (20
divided by 2), or 5 r3.8xlarge instances (20 divided by 4).
If Example Corp used the diversified strategy, the Spot instances would come from all three
pools. The Spot fleet would launch 6 r3.2xlarge instances (which provide 6 units), 3 r3.4xlarge

179

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

instances (which provide 6 units), and 2 r3.8xlarge instances (which provide 8 units), for a total of
20 units.

Spot Instance Pricing History
The Spot price represents the price above which you have to bid to guarantee that a single Spot
request is fulfilled. When your bid price is above the Spot price, Amazon EC2 launches your Spot
instance, and when the Spot price rises above your bid price, Amazon EC2 terminates your Spot
instance. You can bid above the current Spot price so that your Spot request is fulfilled quickly.
However, before you specify a bid price for your Spot instance, we recommend that you review the
Spot price history. You can view the Spot price history for the last 90 days, filtering by instance type,
operating system, and Availability Zone.
Using the Spot price history as a guide, you can select a bid price that would have met your needs in
the past. For example, you can determine which bid price that would have provided 75 percent uptime
in the time range you viewed. However, keep in mind that the historical trends are not a guarantee
of future results. Spot prices vary based on real-time supply and demand, and the conditions that
generated certain patterns in the Spot price might not occur in the future.

To view the Spot price history using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the navigation pane, choose Spot Requests.

If you are new to Spot instances, you see a welcome page; choose Get started, scroll to the
bottom of the screen, and then choose Cancel.

Choose Pricing History. By default, the page displays a graph of the data for Linux t1.micro
instances in all Availability Zones over the past day. Move your mouse over the graph to display
the prices at specific times in the table below the graph.

(Optional) To review the Spot price history for a specific Availability Zone, select an Availability
Zone from the list. You can also select a different product, instance type, or date range.

To view the Spot price history using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• describe-spot-price-history (AWS CLI)
• Get-EC2SpotPriceHistory (AWS Tools for Windows PowerShell)
180

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Spot Instance Requests
To use Spot instances, you create a Spot instance request that includes the number of instances,
the instance type, the Availability Zone, and the maximum price that you are willing to pay per
instance hour (your bid). If your bid exceeds the current Spot price, Amazon EC2 fulfills your request
immediately. Otherwise, Amazon EC2 waits until your request can be fulfilled or until you cancel the
request.
The following illustration shows how Spot requests work. Notice that the action taken for a Spot
instance interruption depends on the request type (one-time or persistent). If the request is a persistent
request, the request is opened again after your Spot instance is terminated.

Contents
• Spot Instance Request States (p. 181)
• Specifying a Duration for Your Spot Instances (p. 182)
• Creating a Spot Instance Request (p. 183)
• Finding Running Spot Instances (p. 185)
• Tagging Spot Instance Requests (p. 185)
• Cancelling a Spot Instance Request (p. 186)
• Spot Request Example Launch Specifications (p. 186)

Spot Instance Request States
A Spot instance request can be in one of the following states:
• open—The request is waiting to be fulfilled.
• active—The request is fulfilled and has an associated Spot instance.
• failed—The request has one or more bad parameters.
• closed—The Spot instance was interrupted or terminated.
• cancelled—You cancelled the request, or the request expired.
The following illustration represents the transitions between the request states. Notice that the
transitions depend on the request type (one-time or persistent).

181

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

A one-time Spot instance request remains active until Amazon EC2 launches the Spot instance, the
request expires, or you cancel the request. If the Spot price rises above your bid price, your Spot
instance is terminated and the Spot instance request is closed.
A persistent Spot instance request remains active until it expires or you cancel it, even if the request is
fulfilled. For example, if you create a persistent Spot instance request for one instance when the Spot
price is $0.25, Amazon EC2 launches your Spot instance if your bid price is above $0.25. If the Spot
price rises above your bid price, your Spot instance is terminated; however, the Spot instance request
is open again and Amazon EC2 launches a new Spot instance when the Spot price falls below your bid
price.
You can track the status of your Spot instance requests, as well as the status of the Spot instances
launched, through the bid status. For more information, see Spot Bid Status (p. 206).

Specifying a Duration for Your Spot Instances
Amazon EC2 does not terminate Spot instances with a specified duration (also known as Spot blocks)
when the Spot price changes. This makes them ideal for jobs that take a finite time to complete, such
as batch processing, encoding and rendering, modeling and analysis, and continuous integration.
You can specify a duration of 1, 2, 3, 4, 5, or 6 hours. The price that you pay depends on the specified
duration. To view the current prices for a 1 hour duration or a 6 hour duration, see Spot Instance
Prices. You can use these prices to estimate the cost of the 2, 3, 4, and 5 hour durations. When a
request with a duration is fulfilled, the price for your Spot instance is fixed, and this price remains in
effect until the instance terminates.
When you specify a duration in your Spot request, the duration period for each Spot instance starts
as soon as the instance receives its instance ID. The Spot instance runs until you terminate it or the
duration period ends. At the end of the duration period, Amazon EC2 marks the Spot instance for
termination and provides a Spot instance termination notice, which gives the instance a two-minute
warning before it terminates.
To launch Spot instances with a specified duration using the console
Select the appropriate request type. For more information, see Creating a Spot Instance
Request (p. 183).
To launch Spot instances with a specified duration using the AWS CLI
To specify a duration for your Spot instances, include the --block-duration-minutes option with
the request-spot-instances command. For example, the following command creates a Spot request that
launches Spot instances that run for two hours:
aws ec2 request-spot-instances --spot-price "0.050" --instance-count 5
--block-duration-minutes 120 --type "one-time" --launch-specification
file://specification.json

182

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

To retrieve the cost for Spot instances with a specified duration using the AWS CLI
Use the describe-spot-instance-requests command to retrieve the fixed cost for your Spot instances
with a specified duration. The information is in the actualBlockHourlyPrice field.

Creating a Spot Instance Request
The process for requesting a Spot instance is similar to the process for launching an On-Demand
instance. Note that you can't change the parameters of your Spot request, including the bid price, after
you've submitted the request.
If you request multiple Spot instances at one time, Amazon EC2 creates separate Spot instance
requests so that you can track the status of each request separately. For more information about
tracking Spot requests, see Spot Bid Status (p. 206).
Prerequisites
Before you begin, decide on your bid price, how many Spot instances you'd like, and what instance
type to use. To review Spot price trends, see Spot Instance Pricing History (p. 180).

To create a Spot instance request using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the navigation pane, choose Spot Requests.

If you are new to Spot instances, you see a welcome page; choose Get started. Otherwise,
choose Request Spot Instances.

On the Find instance types page, do the following:
a.

For Request type, the default is a one-time Spot request created using a Spot fleet. For more
information, see Spot Fleet Requests (p. 188). To use Spot blocks instead, select Reserve
for duration.

For Target capacity, enter the number of units to request. You can choose instances or
performance characteristics that are important to your application workload, such as vCPUs,
memory, and storage.

[Spot block] For Reserved duration, select the number of hours for the job to complete.

For AMI, choose one of the basic Amazon Machine Images (AMI) provided by AWS, or
choose Use custom AMI to specify your own AMI.

For Instance type(s), choose Select. Select the instance types that have the minimum
hardware specifications that you need (vCPUs, memory, and storage).

[Spot fleet] For Allocation strategy, choose the strategy that meets your needs. For more
information, see Spot Fleet Allocation Strategy (p. 175).

For Network, your account supports either the EC2-Classic and EC2-VPC platforms, or the
EC2-VPC platform only. To find out which platforms your account supports, see Supported
Platforms (p. 560).

•

[Existing VPC] Select the VPC.

•

[New VPC] Select Create new VPC to go the Amazon VPC console. When you are done,
return to the wizard and refresh the list.

•

[EC2-Classic] Select EC2-Classic.

(Optional) For Availability Zones, the default is to let AWS choose the Availability Zones for
your Spot instances. If you prefer specific Availability Zones, do the following:
•

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

•

[EC2-Classic] Select Select specific zone/subnet, and then select one or more
Availability Zones.

[Spot fleet] For Maximum price, you can use automated bidding or specify a bid price. Your
Spot instances are not launched if your bid price is lower than the Spot price for the instance
types that you selected.

Choose Next.

On the Configure page, do the following:
a.

(Optional) If you need to connect to your instances, specify your key pair using Key pair
name.

(Optional) If you need to launch your Spot instances with an IAM role, specify the role using
IAM instance profile.

(Optional) If you have any start-up scripts to run, specify them using User data.

For Security groups, choose one or more security groups.

[EC2-VPC] If you need to connect to your instances in a VPC, select auto-assign at launch
for Public IP.

By default, the request remains in effect until it is fulfilled or you cancel it. To create a request
that is valid only during a specific time period, edit Request valid from and Request valid to.

[Spot fleet] By default, we terminate your Spot instances when the request expires. To keep
them running after your request expires, clear Terminate instances at expiration.

Choose Review.

On the Review page, verify the launch configuration. To make changes, choose Previous. To
download a copy of the launch configuration for use with the AWS CLI, choose JSON config.
When you are ready, choose Launch.

On the confirmation page, choose OK.
[Spot fleet] The request type is fleet. When the request is fulfilled, requests of type instance
are added, where the state is active and the status is fulfilled.
[Spot block] The request type is block and the initial state is open. When the request is fulfilled,
the state is active and the status is fulfilled.

To create a Spot instance request using the AWS CLI
Use the following request-spot-instances command to create a one-time request:
aws ec2 request-spot-instances --spot-price "0.05" --instance-count 5 --type
"one-time" --launch-specification file://specification.json

Use the following request-spot-instances command to create a persistent request:
aws ec2 request-spot-instances --spot-price "0.05" --instance-count 5 --type
"persistent" --launch-specification file://specification.json

For example launch specification files, see Spot Request Example Launch Specifications (p. 186).
Amazon EC2 launches your Spot instance when the Spot price is below your bid. The Spot instance
runs until either it is interrupted, or you terminate it yourself. Use the following describe-spot-instancerequests command to monitor your Spot instance request:
aws ec2 describe-spot-instance-requests --spot-instance-requestids sir-08b93456

184

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Finding Running Spot Instances
Amazon EC2 launches a Spot instance when the Spot price is below your bid. A Spot instance runs
until either its bid price is no longer higher than the Spot price, or you terminate it yourself. (If your bid
price is exactly equal to the Spot price, there is a chance that your Spot instance will remain running,
depending on demand.)

To find running Spot instances using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Spot Requests.
You can see both Spot instance requests and Spot fleet requests. If a Spot instance request has
been fulfilled, Capacity is the ID of the Spot instance. For a Spot fleet, Capacity indicates how
much of the requested capacity has been fulfilled. To view the IDs of the instances in a Spot fleet,
choose the expand arrow, or select the fleet and then select the Instances tab.

Alternatively, in the navigation pane, choose Instances. In the top right corner, choose the Show/
Hide icon, and then select Lifecycle. For each instance, Lifecycle is either normal, spot, or
scheduled.

To find running Spot instances using the AWS CLI
To enumerate your Spot instances, use the describe-spot-instance-requests command with the -query option as follows:
aws ec2 describe-spot-instance-requests --query SpotInstanceRequests[*].
{ID:InstanceId}

The following is example output:
[
{
"ID": "i-1234567890abcdef0"
},
{
"ID": "i-0598c7d356eba48d7"
}
]

Alternatively, you can enumerate your Spot instances using the describe-instances command with the
--filters option as follows:
aws ec2 describe-instances --filters "Name=instance-lifecycle,Values=spot"

Tagging Spot Instance Requests
To help categorize and manage your Spot instance requests, you can tag them with metadata of your
choice. You tag your Spot instance requests in the same way that you tag other any other Amazon
EC2 resource. For more information, see Tagging Your Amazon EC2 Resources (p. 733).
You can assign a tag to the request after you create it.
The tags that you create for your Spot instance requests only apply to the requests. These tags are not
added automatically to the Spot instance that the Spot service launches to fulfill the request. You must
add tags to a Spot instance yourself after the Spot instance is launched.
To add a tag to your Spot instance request or Spot instance using the AWS CLI

185

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Use the following create-tags command to tag your resources:
aws ec2 create-tags --resources sir-08b93456 i-1234567890abcdef0 --tags
Key=purpose,Value=test

Cancelling a Spot Instance Request
If you no longer want your Spot request, you can cancel it. You can only cancel Spot instance requests
that are open or active. Your Spot request is open when your request has not yet been fulfilled and
no instances have been launched. Your Spot request is active when your request has been fulfilled,
and Spot instances have launched as a result. If your Spot request is active and has an associated
running Spot instance, cancelling the request does not terminate the instance; you must terminate the
running Spot instance manually.
If the Spot request is a persistent Spot request, it returns to the open state so that a new Spot instance
can be launched. To cancel a persistent Spot request and terminate its Spot instances, you must
cancel the Spot request first and then terminate the Spot instances. Otherwise, the Spot request can
launch a new instance.

To cancel a Spot instance request using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Spot Requests, and then select the Spot request.

3.
4.

Choose Actions, and then choose Cancel spot request.
(Optional) If you are finished with the associated Spot instances, you can terminate them. In the
navigation pane, choose Instances, select the instance, choose Actions, choose Instance State,
and then choose Terminate.

To cancel a Spot instance request using the AWS CLI
Use the following cancel-spot-instance-requests command to cancel the specified Spot request:
aws ec2 cancel-spot-instance-requests --spot-instance-requestids sir-08b93456

If you are finished with the associated Spot instances, you can terminate them manually using the
following terminate-instances command:
aws ec2 terminate-instances --instanceids i-1234567890abcdef0 i-0598c7d356eba48d7

Spot Request Example Launch Specifications
The following examples show launch configurations that you can use with the request-spot-instances
command to create a Spot instance request. For more information, see Creating a Spot Instance
Request (p. 183).
1. Launch Spot instances (p. 186)
2. Launch Spot instances in the specified Availability Zone (p. 187)
3. Launch Spot instances in the specified subnet (p. 187)

Example 1: Launch Spot Instances
The following example does not include an Availability Zone or subnet. Amazon EC2 selects an
Availability Zone for you. If your account supports EC2-VPC only, Amazon EC2 launches the instances

186

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

in the default subnet of the selected Availability Zone. If your account supports EC2-Classic, Amazon
EC2 launches the instances in EC2-Classic in the selected Availability Zone.
{
"ImageId": "ami-1a2b3c4d",
"KeyName": "my-key-pair",
"SecurityGroupIds": [ "sg-1a2b3c4d" ],
"InstanceType": "m3.medium",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role"
}
}

Note that you can specify security groups for EC2-Classic either by ID or by name (using the
SecurityGroups field). You must specify security groups for EC2-VPC by ID.

Example 2: Launch Spot Instances in the Specified Availability Zone
The following example includes an Availability Zone. If your account supports EC2-VPC only, Amazon
EC2 launches the instances in the default subnet of the specified Availability Zone. If your account
supports EC2-Classic, Amazon EC2 launches the instances in EC2-Classic in the specified Availability
Zone.
{
"ImageId": "ami-1a2b3c4d",
"KeyName": "my-key-pair",
"SecurityGroupIds": [ "sg-1a2b3c4d" ],
"InstanceType": "m3.medium",
"Placement": {
"AvailabilityZone": "us-west-2a"
},
"IamInstanceProfile": {
"Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role"
}
}

Example 3: Launch Spot Instances in the Specified Subnet
The following example includes a subnet. Amazon EC2 launches the instances in the specified subnet.
If the VPC is a nondefault VPC, the instance does not receive a public IP address by default.
{
"ImageId": "ami-1a2b3c4d",
"SecurityGroupIds": [ "sg-1a2b3c4d" ],
"InstanceType": "m3.medium",
"SubnetId": "subnet-1a2b3c4d",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role"
}
}

To assign a public IP address to an instance in a nondefault VPC, specify the
AssociatePublicIpAddress field as shown in the following example. Note that when you specify
a network interface, you must include the subnet ID and security group ID using the network interface,
rather than using the SubnetId and SecurityGroupIds fields shown in example 3.
{

187

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
"ImageId": "ami-1a2b3c4d",
"KeyName": "my-key-pair",
"InstanceType": "m3.medium",
"NetworkInterfaces": [
{
"DeviceIndex": 0,
"SubnetId": "subnet-1a2b3c4d",
"Groups": [ "sg-1a2b3c4d" ],
"AssociatePublicIpAddress": true
}
],
"IamInstanceProfile": {
"Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role"
}
}

Spot Fleet Requests
To use a Spot fleet, you create a Spot fleet request that includes the target capacity, one or more
launch specifications for the instances, and the bid price that you are willing to pay. Amazon EC2
attempts to maintain your Spot fleet's target capacity as Spot prices change. For more information, see
How Spot Fleet Works (p. 175).
You can create a Spot fleet to submit a one-time request for your desired capacity, or require it
to maintain a target capacity over time. Both types of requests benefit from Spot fleet's allocation
strategy.
When you request a target capacity, Spot fleet places the required bids but will not attempt to
replenish Spot instances if capacity is diminished. If capacity is not available, Spot fleet will not submit
bids in alternative Spot pools.
When you want to maintain a target capacity, Spot fleet will place the required bids to meet this
target capacity and automatically replenish any interrupted instances. By default, Spot fleets are set to
maintain the requested target capacity.
It is not possible to modify the target capacity of a one-time request once it's been submitted. To
change the target capacity, cancel the request and submit a new one.
A Spot fleet request remains active until it expires or you cancel it. When you cancel a Spot fleet
request, you may specify whether cancelling your Spot fleet request terminates the Spot instances in
your Spot fleet.
Each launch specification includes the information that Amazon EC2 needs to launch an instance—
such as an AMI, an instance type, a subnet or Availability Zone, and one or more security groups.
Contents
• Spot Fleet Request States (p. 189)
• Spot Fleet Prerequisites (p. 189)
• Spot Fleet and IAM Users (p. 190)
• Planning a Spot Fleet Request (p. 191)
• Creating a Spot Fleet Request (p. 191)
• Monitoring Your Spot Fleet (p. 192)
• Modifying a Spot Fleet Request (p. 193)
• Cancelling a Spot Fleet Request (p. 194)
• Spot Fleet Example Configurations (p. 195)

188

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Spot Fleet Request States
A Spot fleet request can be in one of the following states:
• submitted—The Spot fleet request is being evaluated and Amazon EC2 is preparing to launch the
target number of Spot instances.
• active—The Spot fleet has been validated and Amazon EC2 is attempting to maintain the target
number of running Spot instances. The request remains in this state until it is modified or cancelled.
• modifying—The Spot fleet request is being modified. The request remains in this state until
the modification is fully processed or the Spot fleet is cancelled. A one-time request cannot be
modified, and this state does not apply to such Spot requests.
• cancelled_running—The Spot fleet is cancelled and will not launch additional Spot instances,
but its existing Spot instances continue to run until they are interrupted or terminated. The request
remains in this state until all instances are interrupted or terminated.
• cancelled_terminating—The Spot fleet is cancelled and its Spot instances are terminating. The
request remains in this state until all instances are terminated.
• cancelled—The Spot fleet is cancelled and has no running Spot instances. The Spot fleet request
is deleted two days after its instances were terminated.
The following illustration represents the transitions between the request states. Note that if you exceed
your Spot fleet limits, the request is cancelled immediately.

Spot Fleet Prerequisites
If you use the AWS Management Console to create a Spot fleet, it creates a role named aws-ec2spot-fleet-role that grants the Spot fleet permission to bid on, launch, and terminate instances on
your behalf, and specifies it in your Spot fleet request. If you create a Spot fleet using the AWS CLI or
an API, you can use this role if it exists, or manually create your own role for this purpose as follows.

To manually create an IAM role with the AmazonEC2SpotFleetRole policy
1.

Open the Identity and Access Management (IAM) console at https://console.aws.amazon.com/
iam/.

In the navigation pane, choose Roles.

Choose Create New Role.

On the Set Role Name page, type a name for the role and then choose Next Step.

On the Select Role Type page, choose Select next to Amazon EC2 Spot Fleet Role.

189

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

On the Attach Policy page, select the AmazonEC2SpotFleetRole policy, and then choose Next
Step.

On the Review page, choose Create Role.

Spot Fleet and IAM Users
If IAM users will be creating or managing Spot fleet, be sure to grant them the required permissions as
follows.

To grant an IAM user permissions for Spot fleet
1.

Open the Identity and Access Management (IAM) console at https://console.aws.amazon.com/
iam/.

In the navigation pane, choose Policies, and then choose Create Policy.

On the Create Policy page, choose Select next to Create Your Own Policy.

On the Review Policy page, enter a policy name and copy the following text into the Policy
Document section.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole",
"iam:ListRoles",
"iam:ListInstanceProfiles"
],
"Resource": "*"
}
]
}

The ec2:* enables an IAM user to call all Amazon EC2 API actions. To limit the user to specific
API actions, specify those actions instead.
The iam:PassRole action enables the user to specify the Spot fleet role in a Spot fleet
request. The iam:ListRoles action enables the user to enumerate existing roles. The
iam:ListInstanceProfiles action enables the user to enumerate existing instance
profiles. The Amazon EC2 console uses iam:ListRoles to populate the IAM role list and
iam:ListInstanceProfiles to populate the IAM instance profile list. To enable the user
to create roles or instance profiles using the console, you must add the following actions:
iam:CreateRole, iam:CreateInstanceProfile, and iam:AddRoleToInstanceProfile.
5.

Choose Create Policy.

In the navigation pane, choose Users, and then choose the user who will submit the Spot fleet
request.

On the Permissions tab, choose Attach Policy.

On the Attach Policy page, select the policy you created above, and choose Attach Policy.

190

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Planning a Spot Fleet Request
Before you create a Spot fleet request, review Spot Best Practices. Use these best practices when
you plan your Spot fleet request so that you can provision the type of instances you want at the lowest
possible price. We also recommend that you do the following:
• Determine whether you want to create a Spot fleet that submits a one-time request for the desired
target capacity, or one that will maintain a target capacity over time.
• Determine the instance types that meet your application requirements.
• Determine the target capacity for your Spot fleet request. You can set target capacity in instances or
in custom units. For more information, see Spot Fleet Instance Weighting (p. 176).
• Determine your bid price per instance hour. Bidding lower can further reduce costs, while bidding
higher can reduce the probability of interruption.
• Determine your bid price per unit, if you are using instance weighting. To calculate the bid price
per unit, divide the bid price per instance hour by the number of units (or weight) that this instance
represents. (If you are not using instance weighting, the default bid price per unit is the bid price per
instance hour.)
• Review the possible options for your Spot fleet request. For more information, see the request-spotfleet command in the AWS Command Line Interface Reference. For additional examples, see Spot
Fleet Example Configurations (p. 195).

Creating a Spot Fleet Request
When you create a Spot fleet request, you must specify information about the Spot instances to launch,
such as the instance type and the Spot price.

To create a Spot fleet request using the console
1.

Open the Spot console at https://console.aws.amazon.com/ec2spot.

If you are new to Spot, you see a welcome page; choose Get started. Otherwise, choose
Request Spot Instances.

On the Find instance types page, do the following:
a.

For Request type, select either Request or Request and Maintain.

For Target capacity, enter the number of units to request. You can choose instances or
performance characteristics that are important to your application workload, such as vCPUs,
memory, and storage.

For AMI, choose one of the basic Amazon Machine Images (AMI) provided by AWS, or
choose Use custom AMI to use an AMI from our user community, the AWS Marketplace, or
one of your own.

For Instance type(s), choose Select. Select the instance types that have the minimum
hardware specifications that you need (vCPUs, memory, and storage).

For Allocation strategy, choose the strategy that meets your needs. For more information,
see Spot Fleet Allocation Strategy (p. 175).

For Network, your account supports either the EC2-Classic and EC2-VPC platforms, or the
EC2-VPC platform only. To find out which platforms your account supports, see Supported
Platforms (p. 560).

•

[Existing VPC] Select the VPC.

•

[New VPC] Select Create new VPC to go the Amazon VPC console. When you are done,
return to the wizard and refresh the list.

•

[EC2-Classic] Select EC2-Classic.

(Optional) For Availability Zones, the default is to let AWS choose the Availability Zones for
your Spot instances. If you prefer specific Availability Zones, do the following:
191

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

•

[EC2-VPC] Select one or more Availability Zones. If you have more than one subnet in
an Availability Zone, select the appropriate subnet from Subnet. To add subnets, select
Create new subnet to go to the Amazon VPC console. When you are done, return to the
wizard and refresh the list.
•
[EC2-Classic] Select Select specific zone/subnet, and then select one or more
Availability Zones.
For Maximum price, you can use automated bidding or specify a bid price. Your Spot
instances are not launched if your bid price is lower than the Spot price for the instance types
that you selected.

i.
Choose Next.
On the Configure page, do the following:
a.

(Optional) If you need to connect to your instances, specify your key pair using Key pair
name.

(Optional) If you need to launch your Spot instances with an IAM role, specify the role using
IAM instance profile.

(Optional) If you have any start-up scripts to run, specify them using User data.

For Security groups, choose one or more security groups.

[EC2-VPC] If you need to connect to your instances in a VPC, select auto-assign at launch
for Public IP.

By default, the request remains in effect until it is fulfilled or you cancel it. To create a request
that is valid only during a specific time period, edit Request valid from and Request valid to.

(Optional) By default, we terminate your Spot instances when the request expires. To keep
them running after your request expires, clear Terminate instances at expiration.

h. Choose Review.
On the Review page, verify the launch configuration. To make changes, choose Previous. To
download a copy of the launch configuration for use with the AWS CLI, choose JSON config.
When you are ready, choose Launch.
On the confirmation page, choose OK. The request type is fleet. When the request is fulfilled,
requests of type instance are added, where the state is active and the status is fulfilled.

To create a Spot fleet request using the AWS CLI
Use the following request-spot-fleet command to create a Spot fleet request:
aws ec2 request-spot-fleet --spot-fleet-request-config file://config.json

For example configuration files, see Spot Fleet Example Configurations (p. 195).
The following is example output:
{
"SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE"
}

Monitoring Your Spot Fleet
The Spot fleet launches Spot instances when the Spot price is below your bid. The Spot instances run
until either the bid price is no longer higher than the Spot price, or you terminate them yourself.

To monitor your Spot fleet using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

192

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

In the navigation pane, choose Spot Requests.

Select your Spot fleet request. The configuration details are available in the Description tab.

To list the Spot instances for the Spot fleet, choose the Instances tab.

To view the history for the Spot fleet, choose the History tab.

To monitor your Spot fleet using the AWS CLI
Use the following describe-spot-fleet-requests command to describe your Spot fleet requests:
aws ec2 describe-spot-fleet-requests

Use the following describe-spot-fleet-instances command to describe the Spot instances for the
specified Spot fleet:
aws ec2 describe-spot-fleet-instances --spot-fleet-request-id sfr-73fbd2ceaa30-494c-8788-1cee4EXAMPLE

Use the following describe-spot-fleet-request-history command to describe the history for the specified
Spot fleet request:
aws ec2 describe-spot-fleet-request-history --spot-fleet-requestid sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE --start-time 2015-05-18T00:00:00Z

Modifying a Spot Fleet Request
You can modify an active Spot fleet request to complete the following tasks:
• Increase the target capacity
• Decrease the target capacity

Note
It is not possible to modify a one-time Spot fleet request.
When you increase the target capacity, the Spot fleet launches the additional Spot instances according
to the allocation strategy for its Spot fleet request. If the allocation strategy is lowestPrice, the Spot
fleet launches the instances from the lowest-priced Spot instance pool in the Spot fleet request. If the
allocation strategy is diversified, the Spot fleet distributes the instances across the pools in the
Spot fleet request.
When you decrease the target capacity, the Spot fleet cancels any open bids that exceed the new
target capacity. You can request that the Spot fleet terminate Spot instances until the size of the fleet
reaches the new target capacity. If the allocation strategy is lowestPrice, the Spot fleet terminates
the instances with the highest price per unit. If the allocation strategy is diversified, the Spot fleet
terminates instances across the pools. Alternatively, you can request that the Spot fleet keep the
fleet at its current size, but not replace any Spot instances that are interrupted or that you terminate
manually.

To modify a Spot fleet request using the console
1.

Open the Spot console at https://console.aws.amazon.com/ec2spot/home/fleet.

Select your Spot fleet request.

Choose Actions, and then choose Modify target capacity.

In Modify target capacity, do the following:

193

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Enter the new target capacity.

(Optional) If you are decreasing the target capacity but want to keep the fleet at its current
size, deselect Terminate instances.
Choose Submit.

To modify a Spot fleet request using the AWS CLI
Use the following modify-spot-fleet-request command to update the target capacity of the specified
Spot fleet request:
aws ec2 modify-spot-fleet-request --spot-fleet-request-id sfr-73fbd2ceaa30-494c-8788-1cee4EXAMPLE --target-capacity 20

You can modify the previous command as follows to decrease the target capacity of the specified Spot
fleet without terminating any Spot instances as a result:
aws ec2 modify-spot-fleet-request --spot-fleet-request-id sfr-73fbd2ceaa30-494c-8788-1cee4EXAMPLE --target-capacity 10 --excess-capacitytermination-policy NoTermination

Cancelling a Spot Fleet Request
When you are finished using your Spot fleet, you can cancel the Spot fleet request. This cancels all
Spot requests associated with the Spot fleet, so that no new Spot instances are launched for your Spot
fleet. You must specify whether the Spot fleet should terminate its Spot instances. If you terminate the
instances, the Spot fleet request enters the cancelled_terminating state. Otherwise, the Spot
fleet request enters the cancelled_running state and the instances continue to run until they are
interrupted or you terminate them manually.

To cancel a Spot fleet request using the console
1.
2.
3.

Open the Spot console at https://console.aws.amazon.com/ec2spot/home/fleet.
Select your Spot fleet request.
Choose Actions, and then choose Cancel spot request.

In Cancel spot request, verify that you want to cancel the Spot fleet. To keep the fleet at its
current size, deselect Terminate instances. When you are ready, choose Confirm.

To cancel a Spot fleet request using the AWS CLI
Use the following cancel-spot-fleet-requests command to cancel the specified Spot fleet request and
terminate the instances:
aws ec2 cancel-spot-fleet-requests --spot-fleet-request-ids sfr-73fbd2ceaa30-494c-8788-1cee4EXAMPLE --terminate-instances

The following is example output:
{
"SuccessfulFleetRequests": [
{
"SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE",
"CurrentSpotFleetRequestState": "cancelled_terminating",
"PreviousSpotFleetRequestState": "active"

194

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
}
],
"UnsuccessfulFleetRequests": []
}

You can modify the previous command as follows to cancel the specified Spot fleet request without
terminating the instances:
aws ec2 cancel-spot-fleet-requests --spot-fleet-request-ids sfr-73fbd2ceaa30-494c-8788-1cee4EXAMPLE --no-terminate-instances

The following is example output:
{
"SuccessfulFleetRequests": [
{
"SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE",
"CurrentSpotFleetRequestState": "cancelled_running",
"PreviousSpotFleetRequestState": "active"
}
],
"UnsuccessfulFleetRequests": []
}

Spot Fleet Example Configurations
The following examples show launch configurations that you can use with the request-spotfleet command to create a Spot fleet request. For more information, see Creating a Spot Fleet
Request (p. 191).
1. Launch Spot instances using the lowest-priced Availability Zone or subnet in the region (p. 195)
2. Launch Spot instances using the lowest-priced Availability Zone or subnet in a specified
list (p. 196)
3. Launch Spot instances using the lowest-priced instance type in a specified list (p. 197)
4. Override the Spot price for the request (p. 199)
5. Launch a Spot fleet using the diversified allocation strategy (p. 200)
6. Launch a Spot fleet using instance weighting (p. 201)

Example 1: Launch Spot Instances Using the Lowest-priced Availability Zone or Subnet
in the Region
The following example specifies a single launch specification without an Availability Zone or subnet.
If your account supports EC2-VPC only, the Spot fleet launches the instances in the lowest-priced
Availability Zone that has a default subnet. If your account supports EC2-Classic, the Spot fleet
launches the instances in EC2-Classic in the lowest-priced Availability Zone. Note that the price you
pay will not exceed the specified Spot price for the request.
{
"SpotPrice": "0.07",
"TargetCapacity": 20,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"KeyName": "my-key-pair",

195

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
"SecurityGroups": [
{
"GroupId": "sg-1a2b3c4d"
}
],
"InstanceType": "m3.medium",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role"
}
}
]
}

Example 2: Launch Spot Instances Using the Lowest-priced Availability Zone or Subnet
in a Specified List
The following examples specify two launch specifications with different Availability Zones or subnets,
but the same instance type and AMI.
Availability Zones
If your account supports EC2-VPC only, the Spot fleet launches the instances in the default subnet of
the lowest-priced Availability Zone that you specified. If your account supports EC2-Classic, the Spot
fleet launches the instances in the lowest-priced Availability Zone that you specified.
{
"SpotPrice": "0.07",
"TargetCapacity": 20,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"KeyName": "my-key-pair",
"SecurityGroups": [
{
"GroupId": "sg-1a2b3c4d"
}
],
"InstanceType": "m3.medium",
"Placement": {
"AvailabilityZone": "us-west-2a, us-west-2b"
},
"IamInstanceProfile": {
"Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role"
}
}
]
}

Subnets
You can specify default subnets or nondefault subnets, and the nondefault subnets can be from a
default VPC or a nondefault VPC. The Spot service launches the instances in whichever subnet is in
the lowest-priced Availability Zone.
Note that you can't specify different subnets from the same Availability Zone in a Spot fleet request.
{

196

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
"SpotPrice": "0.07",
"TargetCapacity": 20,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"KeyName": "my-key-pair",
"SecurityGroups": [
{
"GroupId": "sg-1a2b3c4d"
}
],
"InstanceType": "m3.medium",
"SubnetId": "subnet-a61dafcf, subnet-65ea5f08",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role"
}
}
]
}

If the instances are launched in a default VPC, they receive a public IP address by default. If the
instances are launched in a nondefault VPC, they do not receive a public IP address by default. Use a
network interface in the launch specification to assign a public IP address to instances launched in a
nondefault VPC. Note that when you specify a network interface, you must include the subnet ID and
security group ID using the network interface.
...
{
"ImageId": "ami-1a2b3c4d",
"KeyName": "my-key-pair",
"InstanceType": "m3.medium",
"NetworkInterfaces": [
{
"DeviceIndex": 0,
"SubnetId": "subnet-1a2b3c4d",
"Groups": [ "sg-1a2b3c4d" ],
"AssociatePublicIpAddress": true
}
],
"IamInstanceProfile": {
"Arn": "arn:aws:iam::880185128111:instance-profile/my-iam-role"
}
}
...

Example 3: Launch Spot Instances Using the Lowest-priced Instance Type in a
Specified List
The following examples specify two launch configurations with different instance types, but the same
AMI and Availability Zone or subnet. The Spot fleet launches the instances using the specified instance
type with the lowest price.
Availability Zone
{
"SpotPrice": "2.80",
"TargetCapacity": 20,

197

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"SecurityGroups": [
{
"GroupId": "sg-1a2b3c4d"
}
],
"InstanceType": "cc2.8xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
}
},
{
"ImageId": "ami-1a2b3c4d",
"SecurityGroups": [
{
"GroupId": "sg-1a2b3c4d"
}
],
"InstanceType": "r3.8xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
}
}
]
}

Subnet
{
"SpotPrice": "2.80",
"TargetCapacity": 20,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"SecurityGroups": [
{
"GroupId": "sg-1a2b3c4d"
}
],
"InstanceType": "cc2.8xlarge",
"SubnetId": "subnet-1a2b3c4d"
},
{
"ImageId": "ami-1a2b3c4d",
"SecurityGroups": [
{
"GroupId": "sg-1a2b3c4d"
}
],
"InstanceType": "r3.8xlarge",
"SubnetId": "subnet-1a2b3c4d"
}
]
}

198

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Example 4. Override the Spot Price for the Request
The ability to specify Spot prices for individual launch specifications provides you with additional control
over the bidding process. The following examples override the Spot price for the request (0.070)
with individual Spot prices for two of the three launch specifications. Note that the Spot price for the
request is used for any launch specification that does not specify an individual Spot price. The Spot
fleet launches the instances using the instance type with the lowest price.
Availability Zone
{
"SpotPrice": "1.68",
"TargetCapacity": 30,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.2xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
},
"SpotPrice": "0.04"
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.4xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
},
"SpotPrice": "0.06"
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.8xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
}
}
]
}

Subnet
{
"SpotPrice": "1.68",
"TargetCapacity": 30,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.2xlarge",
"SubnetId": "subnet-1a2b3c4d",
"SpotPrice": "0.04"
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.4xlarge",
"SubnetId": "subnet-1a2b3c4d",

199

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
"SpotPrice": "0.06"
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.8xlarge",
"SubnetId": "subnet-1a2b3c4d"
}
]
}

Example 5: Launch a Spot Fleet Using the Diversified Allocation Strategy
The following example uses the diversified allocation strategy. The launch specifications have
different instance types but the same AMI and Availability Zone or subnet. The Spot fleet distributes
the 30 instances across the 3 launch specifications, such that there are 10 instances of each type. For
more information, see Spot Fleet Allocation Strategy (p. 175).
Availability Zone
{
"SpotPrice": "0.70",
"TargetCapacity": 30,
"AllocationStrategy": "diversified",
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c4.2xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
}
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "m3.2xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
}
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "r3.2xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
}
}
]
}

Subnet
{
"SpotPrice": "0.70",
"TargetCapacity": 30,
"AllocationStrategy": "diversified",
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{

200

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c4.2xlarge",
"SubnetId": "subnet-1a2b3c4d"
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "m3.2xlarge",
"SubnetId": "subnet-1a2b3c4d"
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "r3.2xlarge",
"SubnetId": "subnet-1a2b3c4d"
}
]
}

Example 6: Launch a Spot Fleet Using Instance Weighting
The following examples use instance weighting, which means that the bid price is per unit hour instead
of per instance hour. Each launch configuration lists a different instance type and a different weight.
The Spot fleet selects the instance type with the lowest price per unit hour. The Spot fleet calculates
the number of Spot instances to launch by dividing the target capacity by the instance weight. If the
result isn't an integer, the Spot fleet rounds it up to the next integer, so that the size of your fleet is not
below its target capacity.
If the r3.2xlarge bid is successful, Spot provisions 4 of these instances. (Divide 20 by 6 for a total of
3.33 instances, then round up to 4 instances.)
If the c3.xlarge bid is successful, Spot provisions 7 of these instances. (Divide 20 by 3 for a total of
6.66 instances, then round up to 7 instances.)
For more information, see Spot Fleet Instance Weighting (p. 176).
Availability Zone
{
"SpotPrice": "0.70",
"TargetCapacity": 20,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "r3.2xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
},
"WeightedCapacity": 6
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.xlarge",
"Placement": {
"AvailabilityZone": "us-west-2b"
},
"WeightedCapacity": 3
}
]
}

201

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Subnet
{
"SpotPrice": "0.70",
"TargetCapacity": 20,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "r3.2xlarge",
"SubnetId": "subnet-1a2b3c4d",
"WeightedCapacity": 6
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.xlarge",
"SubnetId": "subnet-1a2b3c4d",
"WeightedCapacity": 3
}
]
}

Priority
You can also use instance weighting to give priority to an Availability Zone or subnet. For example,
the following launch specifications are nearly identical, except that they specify different subnets and
weights. The Spot fleet finds the specification with the highest value for WeightedCapacity, and
attempts to provision the request in the least expensive Spot instance pool in that subnet. (Note that
the second launch specification does not include a weight, so it defaults to 1.)
{
"SpotPrice": "0.42",
"TargetCapacity": 40,
"IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role",
"LaunchSpecifications": [
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.2xlarge",
"SubnetId": "subnet-482e4972",
"WeightedCapacity": 2
},
{
"ImageId": "ami-1a2b3c4d",
"InstanceType": "c3.2xlarge",
"SubnetId": "subnet-bb3337d"
}
]
}

CloudWatch Metrics for Spot Fleet
Amazon EC2 provides Amazon CloudWatch metrics that you can use to monitor your Spot fleet.

Important
To ensure accuracy, we recommend that you enable detailed monitoring when using
these metrics. For more information, see Enable or Disable Detailed Monitoring for Your
Instances (p. 442).

202

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

For more information about CloudWatch metrics provided by Amazon EC2, see Monitoring Your
Instances Using CloudWatch (p. 442).

Spot Fleet Metrics
The AWS/EC2Spot namespace includes the following metrics, plus the CloudWatch metrics for the
Spot instances in your fleet. For more information, see Instance Metrics (p. 444).
The AWS/EC2Spot namespace includes the following metrics.
Metric

Description

AvailableInstancePoolsCount
The Spot Instance pools specified in the Spot Fleet request.

Units: Count
BidsSubmittedForCapacity

The capacity for which Amazon EC2 has submitted bids.
Units: Count

EligibleInstancePoolCount The Spot Instance pools specified in the Spot Fleet request where
Amazon EC2 can fulfill bids. Amazon EC2 will not fulfill bids in
pools where your bid price is less than the Spot price or the Spot
price is greater than the price for On-Demand instances.

Units: Count
FulfilledCapacity

The capacity that Amazon EC2 has fulfilled.
Units: Count

MaxPercentCapacityAllocation
The maximum value of PercentCapacityAllocation across all
Spot Instance pools specified in the Spot Fleet request.

Units: Percent
PendingCapacity

The difference between TargetCapacity and
FulfilledCapacity.
Units: Count

PercentCapacityAllocation The capacity allocated for the Spot Instance pool for the specified
dimensions. To get the maximum value recorded across all Spot
Instance pools, use MaxPercentCapacityAllocation.

Units: Percent
TargetCapacity

The target capacity of the Spot Fleet request.
Units: Count

TerminatingCapacity

The capacity that is being terminated due to Spot Instance
interruptions.
Units: Count

If the unit of measure for a metric is Count, the most useful statistic is Average.

Spot Fleet Dimensions
To filter the data for your Spot fleet, you can use the following dimensions.

203

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Dimensions

Description

AvailabilityZone

Filter the data by Availability Zone.

FleetRequestId

Filter the data by Spot Fleet request.

InstanceType

Filter the data by instance type.

View the CloudWatch Metrics for Your Spot Fleet
You can view the CloudWatch metrics for your Spot fleet using the Amazon CloudWatch console.
These metrics are displayed as monitoring graphs. These graphs show data points if the Spot fleet is
active.
Metrics are grouped first by namespace, and then by the various combinations of dimensions within
each namespace. For example, you can view all Spot fleet metrics, or Spot fleet metrics groups by
Spot fleet request ID, instance type, or Availability Zone.

To view Spot fleet metrics
1.

Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.

In the navigation pane, under Metrics, choose the EC2 Spot namespace.

(Optional) To filter the metrics by dimension, select one of the following:
• Fleet Request Metrics — Group by Spot fleet request
• By Availability Zone — Group by Spot fleet request and Availability Zone
• By Instance Type — Group by Spot fleet request and instance type
• By Availability Zone/Instance Type — Group by Spot fleet request, Availability Zone, and
instance type

To view the data for a metric, select the check box next to the metric.

Automatic Scaling for Spot Fleet
Automatic scaling is the ability to increase or decrease the target capacity of your Spot fleet
automatically based on demand. A Spot fleet can either launch instances (scale out) or terminate
instances (scale in), within the range that you choose, in response to one or more scaling policies. We
recommend that you create two policies, one for scaling out and one for scaling in.
A scaling policy uses CloudWatch alarms to trigger the scaling process. For example, if you want to
scale out when CPU utilization reaches a certain level, create an alarm using the CPUUtilization
metric provided by Amazon EC2.
When you create a scaling policy, you must specify one of the following scaling adjustment types:

204

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

• Add — Increase the target capacity of the fleet by a specified number of capacity units or a specified
percentage of the current capacity.
• Remove — Decrease the target capacity of the fleet by a specified number of capacity units or a
specified percentage of the current capacity.
• Set to — Set the target capacity of the fleet to the specified number of capacity units.
You can also configure the cooldown period for a scaling policy. After Auto Scaling starts a scaling
activity, it waits for the cooldown period to complete before resuming scaling activities. This ensures
that Auto Scaling doesn't launch or terminate additional Spot instances before the previous launch or
terminate activity takes effect.

Limits
• The Spot fleet request must have a request type of maintain. Automatic scaling is not supported
for one-time requests or Spot blocks.

Prerequisites
• Consider which CloudWatch metrics are important to your application. You can create CloudWatch
alarms based on metrics provided by AWS or your own custom metrics.
• For the AWS metrics that you will use in your scaling policies, enable CloudWatch metrics collection
if the service that provides the metrics does not enable it by default.
• If you use the AWS Management Console to enable automatic scaling for your Spot fleet, it creates
a role named aws-ec2-spot-fleet-autoscale-role that grants Auto Scaling permission
to describe the alarms for your policies, monitor the current capacity of the fleet, and modify the
capacity of the fleet. If you configure automatic scaling using the AWS CLI or an API, you can use
this role if it exists, or manually create your own role for this purpose as follows.
1.

Open the Identity and Access Management (IAM) console at https://console.aws.amazon.com/
iam/.

In the navigation pane, choose Roles.

Choose Create New Role.

On the Set Role Name page, type a name for the role and then choose Next Step.

On the Select Role Type page, choose Select next to Amazon EC2.

On the Attach Policy page, select the AmazonEC2SpotFleetAutoscaleRole policy and then
choose Next Step.

On the Review page, choose Create Role.

Select the role that you just created.

On the Trust Relationships tab, choose Edit Trust Relationship.

10. Change ec2.amazonaws.com to application-autoscaling.amazonaws.com and then
choose Update Trust Policy.

To create a CloudWatch alarm
1.

Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.

In the navigation pane, choose Alarms.

Choose Create Alarm.

For CloudWatch Metrics by Category, choose a category. For example, choose EC2 Spot
Metrics, Fleet Request Metrics.

Select a metric, and then choose Next.

For Alarm Threshold, type a name and description for the alarm, and set the threshold value and
number of time periods for the alarm.

205

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

(Optional) To receive notification of a scaling event, for Actions, choose New list and type your
email address. Otherwise, you can delete the notification now and add one later if needed.

Choose Create Alarm.

To configure automatic scaling for your Spot fleet using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Spot Requests.

Select your Spot fleet request, and then choose the Auto Scaling tab.

If automatic scaling is not configured, choose Configure.

Use Scale capacity between to set the minimum and maximum capacity for your fleet. Automatic
scaling will not scale your fleet below the minimum capacity or above the maximum capacity.

Initially, Scaling policies contains policies named ScaleUp and ScaleDown. You can complete
these policies, or choose Remove policy to delete them. You can also choose Add policy to add
a policy.

To define a policy, do the following:

For Policy name, type a name for the policy.

For Policy trigger, select an existing alarm or choose Create new alarm to open the Amazon
CloudWatch console and create an alarm.

For Modify capacity, select a scaling adjustment type, select a number, and select a unit.

(Optional) To perform step scaling, choose Define steps. By default, an add policy has a
lower bound of -infinity and an upper bound of the alarm threshold. By default, a remove
policy has a lower bound of the alarm threshold and an upper bound of +infinity. To add
another step, choose Add step.

(Optional) To modify the default value for the cooldown period, select a number from
Cooldown period.

Choose Save.

To configure automatic scaling for your Spot fleet using the AWS CLI
1.

Create a scaling policy using the put-scaling-policy command.

Create an alarm that will trigger the scaling policy using the put-metric-alarm command.

Spot Bid Status
To help you track your Spot instance requests, plan your use of Spot instances, and bid strategically,
Amazon EC2 provides a bid status. For example, a bid status can tell you the reason why your Spot
request isn't fulfilled yet, or list the constraints that are preventing the fulfillment of your Spot request.
At each step of the process—also called the Spot request life cycle, specific events determine
successive request states.
Contents
• Life Cycle of a Spot Request (p. 207)
• Getting Bid Status Information (p. 209)
• Spot Bid Status Codes (p. 210)

206

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Life Cycle of a Spot Request
The following diagram shows you the paths that your Spot request can follow throughout its life cycle,
from submission to termination. Each step is depicted as a node, and the status code for each node
describes the status of the Spot request and Spot instance.

Pending evaluation
As soon as you make a Spot instance request, it goes into the pending-evaluation state unless
one or more request parameters is not valid (bad-parameters).
Status Code

Request State

Instance State

pending-evaluation

open

n/a

bad-parameters

closed

n/a

Holding
If one or more request constraints are valid but can't be met yet, or if there is not enough capacity, the
request goes into a holding state waiting for the constraints to be met. The request options affect the
likelihood of the request being fulfilled. For example, if you specify a bid price below the current Spot
price, your request stays in a holding state until the Spot price goes below your bid price. If you specify
an Availability Zone group, the request stays in a holding state until the Availability Zone constraint is
met.
Status Code

Request State

Instance State

capacity-not-available

open

n/a

capacity-oversubscribed

open

n/a

price-too-low

open

n/a

207

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Status Code

Request State

Instance State

not-scheduled-yet

open

n/a

launch-group-constraint

open

n/a

az-group-constraint

open

n/a

placement-groupconstraint

open

n/a

constraint-notfulfillable

open

n/a

Pending evaluation/fulfillment-terminal
Your Spot instance request can go to a terminal state if you create a request that is valid only during
a specific time period and this time period expires before your request reaches the pending fulfillment
phase, you cancel the request, or a system error occurs.
Status Code

Request State

Instance State

schedule-expired

closed

n/a

canceled-beforefulfillment*

cancelled

n/a

bad-parameters

failed

n/a

system-error

closed

n/a

* If you cancel the request.
Pending fulfillment
When the constraints you specified (if any) are met and your bid price is equal to or higher than the
current Spot price, your Spot request goes into the pending-fulfillment state.
At this point, Amazon EC2 is getting ready to provision the instances that you requested. If the process
stops at this point, it is likely to be because it was cancelled by the user before a Spot instance was
launched, or because an unexpected system error occurred.
Status Code

Request State

Instance State

pending-fulfillment

open

n/a

Fulfilled
When all the specifications for your Spot instances are met, your Spot request is fulfilled. Amazon EC2
launches the Spot instances, which can take a few minutes.
Status Code

Request State

Instance State

fulfilled

active

pending → running

Fulfilled-terminal

208

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

Your Spot instances continue to run as long as your bid price is at or above the Spot price, there
is spare Spot capacity for your instance type, and you don't terminate the instance. If a change
in Spot price or available capacity requires Amazon EC2 to terminate your Spot instances, the
Spot request goes into a terminal state. For example, if your bid equals the Spot price but Spot
instances are oversubscribed at that price, the status code is instance-terminated-capacityoversubscribed. A request also goes into the terminal state if you cancel the Spot request or
terminate the Spot instances.
Status Code

Request State

Instance State

request-canceled-andinstance-running

cancelled

running

marked-for-termination

closed

running

instance-terminated-byprice

closed (one-time), open
(persistent)

terminated

instance-terminated-byuser

closed or cancelled *

terminated

instance-terminated-nocapacity

closed (one-time), open
(persistent)

terminated

instance-terminatedcapacity-oversubscribed

closed (one-time), open
(persistent)

terminated

instance-terminatedlaunch-group-constraint

closed (one-time), open
(persistent)

terminated

* The request state is closed if you terminate the instance but do not cancel the bid. The request state
is cancelled if you terminate the instance and cancel the bid. Note that even if you terminate a Spot
instance before you cancel its request, there might be a delay before Amazon EC2 detects that your
Spot instance was terminated. In this case, the request state can either be closed or cancelled.
Persistent requests
When your Spot instances are terminated (either by you or Amazon EC2), if the Spot request is a
persistent request, it returns to the pending-evaluation state and then Amazon EC2 can launch a
new Spot instance when the constraints are met.

Getting Bid Status Information
You can get bid status information using the AWS Management Console or a command line tool.

To get bid status information using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Spot Requests, and then select the Spot request.

Check the value of Status in the Description tab.

To get bid status information using the command line
You can use one of the following commands. For more information about these command line
interfaces, see Accessing Amazon EC2 (p. 3).
• describe-spot-instance-requests (AWS CLI)

209

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

• Get-EC2SpotInstanceRequest (AWS Tools for Windows PowerShell)

Spot Bid Status Codes
Spot bid status information is composed of a bid status code, the update time, and a status message.
Together, they help you determine the disposition of your Spot request.
The following list describes the Spot bid status codes:
az-group-constraint
Amazon EC2 cannot launch all the instances you requested in the same Availability Zone.
bad-parameters
One or more parameters for your Spot request are not valid (for example, the AMI you specified
does not exist). The bid status message indicates which parameter is not valid.
cancelled-before-fulfillment
The user cancelled the Spot request before it was fulfilled.
capacity-not-available
There is not enough capacity available for the instances that you requested.
capacity-oversubscribed
The number of Spot requests with bid prices equal to or higher than your bid price exceeds the
available capacity in this Spot instance pool.
constraint-not-fulfillable
The Spot request can't be fulfilled because one or more constraints are not valid (for example, the
Availability Zone does not exist). The bid status message indicates which constraint is not valid.
fulfilled
The Spot request is active, and Amazon EC2 is launching your Spot instances.
instance-terminated-by-price
The Spot price rose above your bid price. If your request is a persistent bid, the process restarts,
so your bid is pending evaluation.
instance-terminated-by-user or spot-instance-terminated-by-user
You terminated a Spot instance that had been fulfilled, so the bid state is closed (unless it's a
persistent bid) and the instance state is terminated.
instance-terminated-capacity-oversubscribed
Your instance is terminated because the number of Spot requests with bid prices equal to or
higher than your bid price exceeded the available capacity in this Spot instance pool. (Note that
the Spot price might not have changed.) The Spot service randomly selects instances to be
terminated.
instance-terminated-launch-group-constraint
One or more of the instances in your launch group was terminated, so the launch group constraint
is no longer fulfilled.
instance-terminated-no-capacity
There is no longer enough Spot capacity available for the instance.
launch-group-constraint
Amazon EC2 cannot launch all the instances that you requested at the same time. All instances in
a launch group are started and terminated together.
marked-for-termination
The Spot instance is marked for termination.
not-scheduled-yet
The Spot request will not be evaluated until the scheduled date.
pending-evaluation
After you make a Spot instance request, it goes into the pending-evaluation state while the
system evaluates the parameters of your request.

210

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances
pending-fulfillment
Amazon EC2 is trying to provision your Spot instances.
placement-group-constraint
The Spot request can't be fulfilled yet because a Spot instance can't be added to the placement
group at this time.
price-too-low
The bid request can't be fulfilled yet because the bid price is below the Spot price. In this case, no
instance is launched and your bid remains open.
request-cancelled-and-instance-running
You canceled the Spot request while the Spot instances are still running. The request is
cancelled, but the instances remain running.
schedule-expired
The Spot request expired because it was not fulfilled before the specified date.
system-error
There was an unexpected system error. If this is a recurring issue, please contact customer
support for assistance.

Spot Instance Interruptions
Demand for Spot instances can vary significantly from moment to moment, and the availability of Spot
instances can also vary significantly depending on how many unused EC2 instances are available.
In addition, no matter how high you bid, it is still possible that your Spot instance will be interrupted.
Therefore, you must ensure that your application is prepared for a Spot instance interruption. We
strongly recommend that you do not use Spot instances for applications that can't be interrupted.
The following are the possible reasons that Amazon EC2 will terminate your Spot instances:
• Price—The Spot price is greater than your bid price.
• Capacity—If there are not enough unused EC2 instances to meet the demand for Spot instances,
Amazon EC2 terminates Spot instances, starting with those instances with the lowest bid prices.
If there are several Spot instances with the same bid price, the order in which the instances are
terminated is determined at random.
• Constraints—If your request includes a constraint such as a launch group or an Availability Zone
group, these Spot instances are terminated as a group when the constraint can no longer be met.

Preparing for Interruptions
Here are some best practices to follow when you use Spot instances:
• Choose a reasonable bid price. Your bid price should be high enough to make it likely that your
request will be fulfilled, but not higher than you are willing to pay. This is important because if the
supply is low for an extended period of time, the Spot price can remain high during that period
because it is based on the highest bid prices. We strongly recommend against bidding above the
price for On-Demand instances.
• Ensure that your instance is ready to go as soon as the request is fulfilled by using an Amazon
Machine Image (AMI) that contains the required software configuration. You can also use user data
to run commands at start-up.
• Store important data regularly in a place that won't be affected when the Spot instance terminates.
For example, you can use Amazon S3, Amazon EBS, or DynamoDB.
• Divide the work into small tasks (using a Grid, Hadoop, or queue-based architecture) or use
checkpoints so that you can save your work frequently.
• Use Spot instance termination notices to monitor the status of your Spot instances.

211

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

• Test your application to ensure that it handles an unexpected instance termination gracefully. You
can do so by running the application using an On-Demand instance and then terminating the OnDemand instance yourself.

Spot Instance Termination Notices
The best way to protect against Spot instance interruption is to architect your application to be fault
tolerant. In addition, you can take advantage of Spot instance termination notices, which provide a twominute warning before Amazon EC2 must terminate your Spot instance.
This warning is made available to the applications on your Spot instance using an item in the instance
metadata. For example, you can check for this warning in the instance metadata periodically (we
recommend every 5 seconds) using the following query:
C:\> invoke-restmethod -uri http://169.254.169.254/latest/meta-data/spot/
termination-time

For information about other ways to retrieve instance metadata, see Retrieving Instance
Metadata (p. 254).
If your Spot instance is marked for termination by Amazon EC2, the termination-time item is
present and it specifies the approximate time in UTC when the instance will receive the shutdown
signal. For example:
2015-01-05T18:02:00Z

If Amazon EC2 is not preparing to terminate the instance, or if you terminated the Spot instance
yourself, the termination-time item is either not present (so you receive an HTTP 404 error) or
contains a value that is not a time value.
Note that while we make every effort to provide this warning the moment that your Spot instance
is marked for termination by Amazon EC2, it is possible that your Spot instance will be terminated
before Amazon EC2 can make the warning available. Therefore, you must ensure that your application
is prepared to handle an unexpected Spot instance interruption even if you are checking for Spot
instance termination notices.
If Amazon EC2 fails to terminate the instance, the Spot bid status is set to fulfilled. Note that
termination-time remains in the instance metadata with the original approximate time, which is
now in the past.

Spot Instance Data Feed
To help you understand the charges for your Spot instances, Amazon EC2 provides a data feed that
describes your Spot instance usage and pricing. This data feed is sent to an Amazon S3 bucket that
you specify when you subscribe to the data feed.
Data feed files arrive in your bucket typically once an hour, and each hour of usage is typically covered
in a single data file. These files are compressed (gzip) before they are delivered to your bucket.
Amazon EC2 can write multiple files for a given hour of usage where files are very large (for example,
when file contents for the hour exceed 50 MB before compression).

Note
If you don't have a Spot instance running during a certain hour, you won't receive a data feed
file for that hour.
Contents

212

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

• Data Feed File Name and Format (p. 213)
• Amazon S3 Bucket Requirements (p. 213)
• Subscribing to Your Spot instance Data Feed (p. 214)
• Deleting Your Spot Instance Data Feed (p. 214)

Data Feed File Name and Format
The Spot instance data feed file name uses the following format (with the date and hour in UTC):
bucket-name.s3.amazonaws.com/{optional prefix}/aws-account-id.YYYY-MM-DDHH.n.unique-id.gz

For example, if your bucket name is myawsbucket and your prefix is myprefix, your file names are
similar to the following:
myawsbucket.s3.amazonaws.com/myprefix/
111122223333.2014-03-17-20.001.pwBdGTJG.gz

The Spot instance data feed files are tab-delimited. Each line in the data file corresponds to one
instance hour and contains the fields listed in the following table.
Field

Description

Timestamp

The timestamp used to determine the price charged for this instance hour.

UsageType

The type of usage and instance type being charged for. For m1.small Spot
instances, this field is set to SpotUsage. For all other instance types, this field is
set to SpotUsage:{instance-type}. For example, SpotUsage:c1.medium.

Operation

The product being charged for. For Linux Spot instances, this field is
set to RunInstances. For Windows Spot instances, this field is set to
RunInstances:0002. Spot usage is grouped according to Availability Zone.

InstanceID

The ID of the Spot instance that generated this instance hour.

MyBidID

The ID for the Spot instance request that generated this instance hour.

MyMaxPrice

The maximum price specified for this Spot instance request.

MarketPrice

The Spot price at the time specified in the Timestamp field.

Charge

The price charged for this instance hour.

Version

The version included in the data feed file name for this record.

Amazon S3 Bucket Requirements
When you subscribe to the data feed, you must specify an Amazon S3 bucket to store the data feed
files. Before you choose an Amazon S3 bucket for the data feed, consider the following:
• You must use a bucket from the US East (N. Virginia) (us-east-1) region.
• You must have FULL_CONTROL permission to the bucket.
If you're the bucket owner, you have this permission by default. Otherwise, the bucket owner must
grant your AWS account this permission.

213

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Spot Instances

• When you create your data feed subscription, Amazon S3 updates the ACL of the specified bucket to
allow the AWS data feed account read and write permissions.
• Removing the permissions for the data feed account does not disable the data feed. If you remove
those permissions but don't disable the data feed, we restore those permissions the next time that
the data feed account needs to write to the bucket.
• Each data feed file has its own ACL (separate from the ACL for the bucket). The bucket owner has
FULL_CONTROL permission to the data files. The data feed account has read and write permissions.
• If you delete your data feed subscription, Amazon EC2 doesn't remove the read and write
permissions for the data feed account on either the bucket or the data files. You must remove these
permissions yourself.

Subscribing to Your Spot instance Data Feed
To subscribe to your data feed, use the following create-spot-datafeed-subscription command:
C:\> aws ec2 create-spot-datafeed-subscription --bucket myawsbucket [-prefix myprefix]

The following is example output:
{
"SpotDatafeedSubscription": {
"OwnerId": "111122223333",
"Prefix": "myprefix",
"Bucket": "myawsbucket",
"State": "Active"
}
}

Deleting Your Spot Instance Data Feed
To delete your data feed, use the following delete-spot-datafeed-subscription command:
C:\> aws ec2 delete-spot-datafeed-subscription

Spot Instance Limits
Spot instance requests are subject to the following limits:
Limits
• Unsupported Instance Types (p. 214)
• Spot Request Limits (p. 215)
• Spot Bid Price Limit (p. 215)
• Spot Fleet Limits (p. 215)
• Amazon EBS Encryption Unsupported (p. 215)

Unsupported Instance Types
The following instance types are not supported for Spot:
• T2

214

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

• HS1
Some Spot instance types aren't available in every region. To view the supported instance types for a
region, go to Spot Instance Pricing and select the region.

Spot Request Limits
By default, there is an account limit of 20 Spot instances per region. If you terminate your Spot instance
but do not cancel the request, the request counts against this limit until Amazon EC2 detects the
termination and closes the request.
Spot instance limits are dynamic. When your account is new, your limit might be lower than 20 to
start, but increase over time. In addition, your account might have limits on specific Spot instance
types. If you submit a Spot instance request and you receive the error Max spot instance count
exceeded, you can go to AWS Support Center and submit a limit increase request form. For Use
Case Description, indicate that you need an increase in your limits for Spot instance requests.

Spot Bid Price Limit
The bid price limit for Spot instances is ten times on On-Demand price. This limit is designed to protect
you from incurring unexpected charges.

Spot Fleet Limits
The usual Amazon EC2 limits apply to instances launched by a Spot fleet, such as Spot bid price limits,
instance limits, and volume limits. In addition, the following limits apply:
• The number of active Spot fleets per region: 1,000
• The number of launch specifications per fleet: 50
• The size of the user data in a launch specification: 16 KB
• The target capacity per Spot fleet: 3,000
• The target capacity across all Spot fleets in a region: 5,000
• A Spot fleet request can't span regions.
• A Spot fleet request can't span different subnets from the same Availability Zone.

Amazon EBS Encryption Unsupported
You can specify encrypted EBS volumes in the launch specification for your Spot instances, but these
volumes are not encrypted.

Dedicated Hosts
An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your
use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses,
including Windows Server, Microsoft SQL Server, SUSE, Linux Enterprise Server, and so on.
Contents
• Differences between Dedicated Hosts and Dedicated Instances (p. 216)
• Pricing and Billing (p. 216)
• Dedicated Hosts Limitations and Restrictions (p. 217)
• Dedicated Host Configurations (p. 218)
• Using Dedicated Hosts (p. 218)
• Monitoring Dedicated Hosts (p. 225)

215

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

Differences between Dedicated Hosts and Dedicated
Instances
Dedicated Hosts and Dedicated Instances can both be used to launch Amazon EC2 instances onto
physical servers that are dedicated for your use.
There are no performance, security, or physical differences between Dedicated Instances and
instances on Dedicated Hosts. However, Dedicated Hosts give you additional visibility and control over
how instances are placed on a physical server.
When you use Dedicated Hosts, you have control over instance placement on the host using the Host
Affinity and Instance Auto-placement settings. With Dedicated Instances, you don't have control over
which host your instance launches and runs on. If your organization wants to use AWS, but has an
existing software license with hardware compliance requirements, this allows visibility into the host's
hardware so you can meet those requirements.
For more information about the differences between Dedicated Hosts and Dedicated Instances, see
Amazon EC2 Dedicated Hosts.
For more information about working with Dedicated Hosts and Dedicated Instances, see Modifying
Instance Tenancies (p. 222).

Pricing and Billing
On-Demand Dedicated Hosts
On-Demand billing is automatically activated when you allocate a Dedicated Host to your account.
You are billed an hourly On-Demand rate. Rates vary based on the instance type that the Dedicated
Host supports and the region in which the Dedicated Host is running. The instance type size or the
number of instances that are running on the Dedicated Host do not have an impact on the cost of the
host.
To terminate On-Demand billing, you must first stop instances running on the Dedicated Host and then
release it. For more information, see Managing and Releasing Dedicated Hosts (p. 222).

Dedicated Host Reservations
Dedicated Host Reservations provide a billing discount compared to running On-Demand Dedicated
Hosts. Reservations are available in three payment options:
• No Upfront—No Upfront Reservations provide you with a discount on your Dedicated Host usage
over a term and do not require an upfront payment. Available for a one-year term only.
• Partial Upfront—A portion of the reservation must be paid upfront and the remaining hours in the
term are billed at a discounted rate. Available in one-year and three-year terms.
• All Upfront—Provides the lowest effective price. Available in one-year and three-year terms and
covers the entire cost of the term upfront, with no additional charges going forward.
You must have active Dedicated Hosts in your account before you can purchase reservations. Each
reservation covers a single, specific Dedicated Host in your account. Reservations are applied to the
instance family on the host, not the instance size. If you have three Dedicated Hosts with different
instances sizes (m4.xlarge, m4.medium, and m4.large) you can associate a single m4 reservation
with all those Dedicated Hosts. The instance family and region of the reservation must match that of
the Dedicated Hosts you want to associate it with.

Note
When a reservation is associated with a Dedicated Host, the Dedicated Host can't be released
until the reservation's term is over.

216

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

Purchasing Dedicated Host Reservations
You can purchase Dedicated Host Reservations using the console or the API.

To purchase Dedicated Host Reservations using the console
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the Dedicated Hosts page choose Dedicated Host Reservations.

Choose Purchase Dedicated Host Reservation.

On the Purchase Dedicated Host Reservation screen, you can search for offerings using the
default settings or you can specify a configuration for the offering.
• Host instance family—The options listed correspond with the Dedicated Hosts in your account
that are not assigned to a reservation.
• Availability Zone—The Availability Zone of the Dedicated Hosts in your account that aren't
assigned to a reservation.
• Payment Option—The payment option for the offering.
• Term—The term of the reservation. Can be one or three years.

Choose Find offering.

Select an offering.

Choose the Dedicated Hosts to associate with the Dedicated Host Reservation.

Choose Review.

Review your order and choose Purchase to complete the transaction.

Viewing Dedicated Host Reservations
You can view information about the Dedicated Hosts associated with your reservation, the term of the
reservation, the payment option selected, and the start and end dates of the reservation.

View details of Dedicated Host Reservations
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the Dedicated Hosts page, choose Dedicated Host Reservations.

Choose the reservation from the list provided.

Select Details for information about the reservation.

Select Hosts for information about the Dedicated Hosts the reservation is associated with.

Dedicated Hosts Limitations and Restrictions
Before you allocate Dedicated Hosts, take note of the following limitations and restrictions.
• Only BYOL RHEL, SUSE Linux, or Windows AMIs offered by AWS or on the AWS Marketplace can
be used with Dedicated Hosts.
• Up to two On-Demand Dedicated Hosts per instance family, per region can be allocated. It is
possible to request a limit increase: Request to Raise Allocation Limit on Amazon EC2 Dedicated
Hosts.
• The instances that run on a Dedicated Host can only be launched in a VPC.
• Host limits are independent from instance limits. Instances that you are running on Dedicated Hosts
do not count towards your instance limits.
• Auto Scaling groups are not supported.
• Amazon RDS instances are not supported.

217

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

• The AWS Free Usage tier is not available for Dedicated Hosts.
• Instance placement control refers to managing instance launches onto Dedicated Hosts. Placement
groups are not supported for Dedicated Hosts.

Dedicated Host Configurations
Dedicated Hosts are configured to support a single instance type and size capacity. The number of
instances you can launch onto a Dedicated Host depends on the instance type that the Dedicated
Host is configured to support. For example, if you allocated a c3.xlarge Dedicated Host, you'd have
the right to launch up to 8 c3.xlarge instances on the Dedicated Host. To determine the number of
instance type sizes that you can run on a particular Dedicated Host, see Amazon EC2 Dedicated Hosts
Pricing.

Using Dedicated Hosts
To use a Dedicated Host, you first allocate hosts for use in your account. You then launch instances
onto the hosts by specifying host tenancy for the instance. The instance auto-placement setting allows
you to control whether an instance can launch onto a particular host. When an instance is stopped and
restarted, the Host affinity setting determines whether it's restarted on the same, or a different, host. If
you no longer need an On-Demand host, you can stop the instances running on the host, direct them
to launch on a different host, and then release the Dedicated Host.
Contents
• Bring Your Own License (p. 218)
• Allocating Dedicated Hosts (p. 219)
• Launching Instances onto Dedicated Hosts (p. 219)
• Understanding Instance Placement and Host Affinity (p. 221)
• Modifying Instance Tenancies (p. 222)
• Managing and Releasing Dedicated Hosts (p. 222)
• API and CLI Command Overview (p. 223)
• Tracking Configuration Changes with AWS Config (p. 224)

Bring Your Own License
You can use your own software licenses on Dedicated Hosts. These are the general steps you need to
follow in order to bring your own volume licensed machine image into Amazon EC2.
1. Verify that the license terms controlling the use of your machine images (AMIs) allow the usage of a
machine image in a virtualized cloud environment. For more information about Microsoft Licensing,
see Amazon Web Services and Microsoft Licensing.
2. After you have verified that your machine image can be used within Amazon EC2, import your
machine images using the ImportImage API operation made available by the VM Import/Export
tools. For information about restrictions and limitations, see VM Import/Export Prerequisites. For
information about how to import your VM using ImportImage, see Importing a VM into Amazon EC2
Using ImportImage.
3. If you need a mechanism to track how your images were used in AWS, enable host recording in
the AWS Config service. You can use AWS Config to record configuration changes to a Dedicated
Host and use the output as a data source for license reporting. For more information, see Tracking
Configuration Changes with AWS Config (p. 224).
4. After you've imported your machine image, you can launch instances from this image onto active
Dedicated Hosts in your account.
5. When you run these instances, depending on the operating system, you may be required to activate
these instances against your own KMS server (for example, Windows Server or Windows SQL

218

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

Server). You cannot activate your imported Windows AMI against the Amazon Windows KMS
server.

Allocating Dedicated Hosts
To begin using Dedicated Hosts, they need to be allocated to your account. You can use the AWS
Management Console, interact directly with the API, or use the command line interface to perform
these tasks. Follow these steps every time you allocate a Dedicated Host.

To allocate Dedicated Hosts to your account
1.
2.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the Dedicated Hosts page, choose Allocate Dedicated Host.

Configure your host using the options provided:

Instance type—Instance type that will be available on the Dedicated Host.

b.
c.

Availability Zone—The Availability Zone for the Dedicated Host.
Allow instance auto-placement—The default setting is Off. The Dedicated Host accepts
host tenancy instance launches only (provided capacity is available). When instance autoplacement is On, any instances with the tenancy of host, and matching the Dedicated Host's
configuration, can be launched onto the host.

d. Quantity—The number of hosts to allocate with these settings.
Choose Allocate host.

The Dedicated Host capacity is made available in your account immediately.
If you launch instances with tenancy host but do not have any active Dedicated Hosts in your account,
you receive an error and the instance launch fails.

Launching Instances onto Dedicated Hosts
After you have allocated a Dedicated Host, you can launch instances onto it. Instances with the
tenancy host can be launched onto a specific Dedicated Host or Amazon EC2 can select the
appropriate Dedicated Hosts for you (auto-placement). You cannot launch instances with the tenancy
host if you do not have active Dedicated Hosts in your account with available capacity matching the
instance type configuration of the instances you are launching.

Note
The instances launched onto Dedicated Hosts can only be launched in a VPC. For more
information, see Introduction to VPC.
Before you launch your instances, take note of the limitations. For more information, see Dedicated
Hosts Limitations and Restrictions (p. 217).

Launching instances onto a Dedicated Host from the Dedicated Hosts page
1.
2.
3.
4.
5.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the Dedicated Hosts page, select a host, choose Actions and then choose Launch
Instance(s) onto Host.
Select the AMI to use. If you have imported your own AMI, choose My AMIs on the left sidebar
and select the relevant AMI.
Choose the instance type for the Dedicated Host; this is the only instance type you can launch
onto the host.
On the Configure Instance Details page, the Tenancy and Host options are pre-selected. You
can toggle the Affinity setting to On or Off.
• On—If stopped, the instance always restarts on that specific host.

219

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

• Off—The instance launches onto the specified Dedicated Host, but is not guaranteed to restart
on it if stopped.
6.

Complete the rest of the steps and choose Launch Instances.

The instance is automatically launched onto the Dedicated Host that you specified. To view the
instances on a Dedicated Host, go to the Dedicated Hosts page, and select the Dedicated Host that
you specified when you launched the instance.

Launching instances onto a specific Dedicated Host from the Instances page
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the Instances page, choose Launch Instance.

Select an AMI from the list. If you have imported your own AMI, choose My AMIs and select the
imported image. Not all AMIs can be used with Dedicated Hosts.

Select the type of instance to launch.

On the Configure Instance Details page, the Dedicated Host settings are:
• Tenancy—Dedicated host — Launch this instance on a Dedicated host. If you're not able to
choose this, check whether you have selected an incompatible AMI or instance type.
• Host—Select a host. If you are unable to select a Dedicated Host, check:
• Whether the selected subnet is in a different Availability Zone to the host.
• That the instance type you've selected matches the instance type that the Dedicated Host
supports. If you don't have matching, running hosts, the only option available is Use autoplacement but the instance launch fails unless there is available, matching Dedicated Host
capacity in your account.
• Affinity—The default setting for this is Off. The instance launches onto the specified Dedicated
Host, but is not guaranteed to restart on it if stopped.

Note
If you are unable to see these settings, check that you have selected a VPC in the
Network menu.
6.

Complete the rest of the configuration steps. Choose Review and Launch.

Choose Launch to launch your instance.

Select an existing key pair, or create a new one. Choose Launch Instances.

Launching instances onto any Dedicated Host from the Instances page
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the Instances page, choose Launch Instance.

Select an AMI from the list. If you have imported your own AMI, choose My AMIs and select the
imported image. Not all AMIs can be used with Dedicated Hosts.

Select the type of instance to launch.

On the Configure Instance Details page, the Dedicated Host settings are:
• Tenancy—Dedicated host — Launch this instance on a Dedicated host If you're not able to
choose this, check whether you have selected an incompatible AMI or instance type.
• Host—For this type of launch, keep the setting as Use auto-placement.
• Affinity—The default setting for this is Off. The instance launches onto any available Dedicated
Host in your account, but is not guaranteed to restart on that host if stopped.
If you are unable to see these settings, check that you have selected a VPC in the Network menu.

220

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

Complete the rest of the configuration steps. Choose Review and Launch.

Choose Launch to launch your instance.

Select an existing key pair, or create a new one. Choose Launch Instances.

Understanding Instance Placement and Host Affinity
Placement control happens on both the instance level and host level.
Contents
• Instance Auto-Placement (p. 221)
• Host Affinity (p. 221)
• Modifying Instance Auto-Placement and Host Affinity (p. 221)
• Modifying Instance Host Affinity (p. 222)

Instance Auto-Placement
Auto-placement allows you to manage whether instances that you launch are launched onto a specific
host, or onto any host that has matching configurations. The default setting for this is Off. This means
that the Dedicated Host you are allocating only accepts host tenancy instances launches that specify
the unique host ID. Instances launched without a host ID specified are not able to launch onto a host
that have instance auto-placement set to Off.

Host Affinity
Host Affinity establishes a launch relationship between an instance and a Dedicated Host. When
affinity is set to host, an instance launched onto a specific host always restarts on the same host if
stopped. This applies to both targeted and untargeted launches.
If affinity is set to default, and you stop and restart the instance, it can be restarted on any available
host but tries to launch back onto the last Dedicated Host it ran on (on a best-effort basis).
You can modify the relationship between an instance and a Dedicated Host by changing the
affinity from host to default and vice-versa. For more information, see Modifying Instance
Tenancies (p. 222).

Modifying Instance Auto-Placement and Host Affinity
You can manage instance placement controls using the Amazon EC2 console, the API, or CLI.
To modify the instance placement settings of your instances, first stop the instances and then edit the
instance placement settings.

Note
If the instance is stopped and restarted, it is not guaranteed to restart on the same Dedicated
Host.

To edit an instance's placement settings (any available hosts)
1.
2.
3.
4.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the Instances page, select the instance to edit.
Choose Actions, Instance State, and Stop.
Choose Actions, Instance Settings, and Modify Instance Placement.

5.
6.
7.

Change the instance tenancy to Launch this instance on a Dedicated host.
Choose This instance can run on any one of my Hosts. The instance launches onto any
Dedicated Host that has auto-placement enabled.
Choose Save to continue.

Open the context (right-click) menu on the instance and choose Instance State, Start.

221

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

To edit an instance's placement settings (specific Dedicated Host)
1.
2.
3.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the Instances page, select the instance to edit.
Choose Actions, Instance State, and Stop.

4.
5.

Choose Actions, Instance Settings, and Modify Instance Placement.
Change the instance tenancy to Launch this instance on a Dedicated host.

Choose This instance can only run on the selected Host. Then select a value for Target Host
and choose whether you want the instance to be placed on any available host, or a specific host.

Choose Save to continue.

Open the context (right-click) menu on the instance and choose Instance State, Start.

Modifying Instance Host Affinity
If you no longer want an instance to have affinity with a host, you can stop the instance and change its
affinity to default. This removes the persistence between the instance and the host. However, when
you restart the instance, it may launch back onto the same Dedicated Host (depending on Dedicated
Host availability in your account, and on a best-effort basis). However, if it is stopped again, it will not
restart on the same host.

Modifying Instance Tenancies
You can modify the tenancy of a Dedicated Instance from dedicated to host, and vice-versa if
it is not using a Windows, SUSE, or RHEL AMI provided by Amazon EC2. You need to stop your
Dedicated Instance in order to do this. Instances with shared tenancy cannot be modified to host
tenancy.

Modify instance tenancy from dedicated to host
1.
2.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Choose Instances, then select the Dedicated Instances to modify.

3.
4.

Choose Actions, Instance State, and Stop.
Open the context (right-click) menu on the instance and choose Instance Settings, Modify
Instance Placement.
On the Modify Instance Placement page, do the following:

• Tenancy—Choose Launch this instance on a Dedicated host.
• Affinity—Choose either This instance can run on any one of my Hosts or This instance can
only run on the selected Host.
If you choose This instance can run on any one of my Hosts, the instance launches onto any
available, compatible Dedicated Hosts in your account.
If you choose This instance can only run on the selected Host, select a value for Target
Host. If no target host is listed, you may not have available, compatible Dedicated Hosts in your
account.
6.
7.

Choose Save.
When you restart your instance Amazon EC2 places your instance on an available Dedicated Host
in your account, provided it supports the instance type that you're launching.

Managing and Releasing Dedicated Hosts
You can use the console, interact directly with the API, or use the command line interface to view
details about individual instances on a host and release an On-Demand Dedicated Host.

222

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

To view details of instances on a Dedicated Host
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the Dedicated Hosts page, select the host to view more information about.

Choose the Description tab for information about the host. Choose the Instances tab for
information about instances running on your host.

To release a Dedicated Host
Any running instances on the Dedicated Host need to be stopped before you can release the host.
These instances can be migrated to other Dedicated Hosts in your account so that you can continue to
use them. For more information, see Modifying Instance Auto-Placement and Host Affinity (p. 221).
These steps apply only to On-Demand Dedicated Hosts.
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the Dedicated Hosts page, select the Dedicated Host to release.

Choose Actions, Release Hosts.

Confirm your choice by choosing Release.

After you release a Dedicated Host, you cannot reuse the same host or host ID again.
When the Dedicated Host is released you are no longer charged On-Demand billing rates for it. The
Dedicated Host status is changed to released and you are not able to launch any instances onto that
host.
If you've recently released Dedicated Hosts, it may take some time for them to stop counting towards
your limit. During this time, you may experience LimitExceeded errors when trying to allocate new
Dedicated Hosts. If this is the case, try allocating new hosts again after a few minutes.
The instances that were stopped are still available for use and are listed on the Instances page. They
retain their host tenancy setting.

API and CLI Command Overview
You can perform the tasks described in this section using an API or the command line.

To allocate Dedicated Hosts to your account
• allocate-hosts (AWS CLI)
• AllocateHosts (Amazon EC2 Query API)
• New-EC2Hosts (AWS Tools for Windows PowerShell)

To describe your Dedicated Hosts
• describe-hosts (AWS CLI)
• DescribeHosts (Amazon EC2 Query API)
• Get-EC2Hosts (AWS Tools for Windows PowerShell)

To modify your Dedicated Hosts
• modify-hosts (AWS CLI)
• ModifyHosts (Amazon EC2 Query API)
• Edit-EC2Hosts (AWS Tools for Windows PowerShell)

223

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

To modify instance auto-placement
• modify-instance-placement (AWS CLI)
• ModifyInstancePlacement (Amazon EC2 Query API)
• Edit-EC2InstancePlacement (AWS Tools for Windows PowerShell)

To release your Dedicated Hosts
• release-hosts (AWS CLI)
• ReleaseHosts (Amazon EC2 Query API)
• Remove-EC2Hosts (AWS Tools for Windows PowerShell)

Tracking Configuration Changes with AWS Config
You can use AWS Config to record configuration changes for Dedicated Hosts, and instances that are
launched, stopped, or terminated on them. You can then use the information captured by AWS Config
as a data source for license reporting.
AWS Config records configuration information for Dedicated Hosts and instances individually and pairs
this information through relationships. There are three reporting conditions.
• AWS Config recording status—When On, AWS Config is recording one or more AWS resource
types, which can include Dedicated Hosts and Dedicated Instances. To capture the information
required for license reporting, verify that hosts and instances are being recorded with the following
fields.
• Host recording status—When Enabled, the configuration information for Dedicated Hosts is
recorded.
• Instance recording status—When Enabled, the configuration information for Dedicated Instances
is recorded.
If any of these three conditions are disabled, the icon in the Edit Config Recording button is red. To
derive the full benefit of this tool, ensure that all three recording methods are enabled. When all three
are enabled, the icon is green. To edit the settings, choose Edit Config Recording. You are directed
to the Set up AWS Config page in the AWS Config console, where you can set up AWS Config and
start recording for your hosts, instances, and other supported resource types. For more information,
see Setting up AWS Config using the Console in the AWS Config Developer Guide.

Note
AWS Config records your resources after it discovers them, which might take several minutes.
After AWS Config starts recording configuration changes to your hosts and instances, you can get the
configuration history of any host that you have allocated or released and any instance that you have
launched, stopped, or terminated. For example, at any point in the configuration history of a Dedicated
Host, you can look up how many instances are launched on that host alongside the number of sockets
and cores on the host. For any of those instances, you can also look up the ID of its Amazon Machine
Image (AMI). You can use this information to report on licensing for your own server-bound software
that is licensed per-socket or per-core.
You can view configuration histories in any of the following ways.
• By using the AWS Config console. For each recorded resource, you can view a timeline page, which
provides a history of configuration details. To view this page, choose the grey icon in the Config
Timeline column of the Dedicated Hosts page. For more information, see Viewing Configuration
Details in the AWS Config Console in the AWS Config Developer Guide.
• By running AWS CLI commands. First, you can use the list-discovered-resources command to get a
list of all hosts and instances. Then, you can use the get-resource-config-history command to get the

224

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Dedicated Hosts

configuration details of a host or instance for a specific time interval. For more information, see View
Configuration Details Using the CLI in the AWS Config Developer Guide.
• By using the AWS Config API in your applications. First, you can use the ListDiscoveredResources
action to get a list of all hosts and instances. Then, you can use the GetResourceConfigHistory
action to get the configuration details of a host or instance for a specific time interval.
For example, to get a list of all of your Dedicated Hosts from AWS Config, run a CLI command such as
the following:
aws configservice list-discovered-resources --resource-type
AWS::EC2::Host

To obtain the configuration history of a Dedicated Host from AWS Config, run a CLI command such as
the following:
aws configservice get-resource-config-history --resource type
AWS::EC2::Instance --resource-id i-36a47fdf

To manage AWS Config settings using the AWS Management Console
1.
2.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the Dedicated Hosts page, choose Edit Config Recording.

In the AWS Config console, follow the steps provided to turn on recording. For more information,
see Setting up AWS Config using the Console.

For more information, see Viewing Configuration Details in the AWS Config Console.
To activate AWS Config using the command line or API
• Using the AWS CLI, see Viewing Configuration Details in the AWS Config Console in the AWS
Config Developer Guide.
• Using the Amazon EC2 API, see GetResourceConfigHistory.

Monitoring Dedicated Hosts
Amazon EC2 constantly monitors the state of your Dedicated Hosts; updates are communicated on the
Amazon EC2 console. You can also obtain information about your Dedicated Hosts using the API or
CLI.
The following table illustrates the possible State values in the console.
State

Description

available

AWS hasn't detected an issue with the Dedicated
Host; no maintenance or repairs are scheduled.
Instances can be launched onto this Dedicated
Host.

released

The Dedicated Host has been released. The host
ID is no longer in use. Released hosts cannot be
reused.

under-assessment

AWS is exploring a possible issue with the
Dedicated Host. If action needs to be taken,

225

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Instance Lifecycle

State

Description
you will be notified via the AWS Management
Console or email. Instances cannot be launched
onto a Dedicated Host in this state.

permanent-failure

An unrecoverable failure has been detected.
You will receive an eviction notice through your
instances and by email. Your instances may
continue to run. If you stop or terminate all
instances on a Dedicated Host with this state,
AWS retires the host. Instances cannot be
launched onto Dedicated Hosts in this state.

released-permanent-failure

AWS permanently releases Dedicated Hosts that
have failed and no longer have running instances
on them. The Dedicated Host ID is no longer
available for use.

Instance Lifecycle
By working with Amazon EC2 to manage your instances from the moment you launch them through
their termination, you ensure that your customers have the best possible experience with the
applications or sites that you host on your instances.
The following illustration represents the transitions between instance states. Notice that you can't
stop and start an instance store-backed instance. For more information about instance store-backed
instances, see Storage for the Root Device (p. 63).

Instance Launch
When you launch an instance, it enters the pending state. The instance type that you specified at
launch determines the hardware of the host computer for your instance. We use the Amazon Machine
Image (AMI) you specified at launch to boot the instance. After the instance is ready for you, it enters
the running state. You can connect to your running instance and use it the way that you'd use a
computer sitting in front of you.
As soon as your instance transitions to the running state, you're billed for each hour or partial hour
that you keep the instance running; even if the instance remains idle and you don't connect to it.
For more information, see Launch Your Instance (p. 229) and Connecting to Your Windows Instance
Using RDP (p. 239).

226

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Instance Stop and Start (Amazon
EBS-backed instances only)

Instance Stop and Start (Amazon EBS-backed
instances only)
If your instance fails a status check or is not running your applications as expected, and if the root
volume of your instance is an Amazon EBS volume, you can stop and start your instance to try to fix
the problem.
When you stop your instance, it enters the stopping state, and then the stopped state. We don't
charge hourly usage or data transfer fees for your instance after you stop it, but we do charge for the
storage for any Amazon EBS volumes. While your instance is in the stopped state, you can modify
certain attributes of the instance, including the instance type.
When you start your instance, it enters the pending state, and in most cases, we move the instance
to a new host computer. (Your instance may stay on the same host computer if there are no problems
with the host computer.) When you stop and start your instance, you'll lose any data on the instance
store volumes on the previous host computer.
If your instance is running in EC2-Classic, it receives a new private IP address, which means that
an Elastic IP address (EIP) associated with the private IP address is no longer associated with your
instance. If your instance is running in EC2-VPC, it retains its private IP address, which means that an
EIP associated with the private IP address or network interface is still associated with your instance.
Each time you transition an instance from stopped to running, we charge a full instance hour, even if
these transitions happen multiple times within a single hour.
For more information, see Stop and Start Your Instance (p. 241).

Instance Reboot
You can reboot your instance using the Amazon EC2 console, a command line tool, and the Amazon
EC2 API. We recommend that you use Amazon EC2 to reboot your instance instead of running the
operating system reboot command from your instance.
Rebooting an instance is equivalent to rebooting an operating system; the instance remains on the
same host computer and maintains its public DNS name, private IP address, and any data on its
instance store volumes. It typically takes a few minutes for the reboot to complete, but the time it takes
to reboot depends on the instance configuration.
Rebooting an instance doesn't start a new instance billing hour.
For more information, see Reboot Your Instance (p. 244).

Instance Termination
When you've decided that you no longer need an instance, you can terminate it. As soon as the status
of an instance changes to shutting-down or terminated, you stop incurring charges for that
instance.

227

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Differences Between Reboot, Stop, and Terminate

Note that if you enable termination protection, you can't terminate the instance using the console, CLI,
or API.
After you terminate an instance, it remains visible in the console for a short while, and then the entry is
deleted. You can also describe a terminated instance using the CLI and API. You can't connect to or
recover a terminated instance.
Each Amazon EBS-backed instance supports the InstanceInitiatedShutdownBehavior
attribute, which controls whether the instance stops or terminates when you initiate a shutdown from
within the instance itself. The default behavior is to stop the instance. You can modify the setting of this
attribute while the instance is running or stopped.
Each Amazon EBS volume supports the DeleteOnTermination attribute, which controls whether
the volume is deleted or preserved when you terminate the instance it is attached to. The default is to
delete the root device volume and preserve any other EBS volumes.
For more information, see Terminate Your Instance (p. 247).

Differences Between Reboot, Stop, and
Terminate
The following table summarizes the key differences between rebooting, stopping, and terminating your
instance.
CharacteristicReboot

Stop/start (Amazon EBS- Terminate
backed instances only)

Host
computer

The instance stays on the
same host computer

The instance runs on a
new host computer

None

Private and
public IP
addresses

These addresses stay the
same

EC2-Classic: The instance
gets new private and
public IP addresses

None

EC2-VPC: The instance
keeps its private IP
address. The instance
gets a new public IP
address, unless it has an
Elastic IP address (EIP),
which doesn't change
during a stop/start.
Elastic IP
addresses
(EIP)

The EIP remains
associated with the
instance

EC2-Classic: The EIP is
disassociated from the
instance

The EIP is disassociated
from the instance

EC2-VPC: The EIP
remains associated with
the instance
Instance
store
volumes

The data is preserved

The data is erased

Root device
volume

The volume is preserved

The volume is deleted by
default

Billing

The instance billing hour
doesn't change.

You stop incurring
charges for an instance

You stop incurring charges
for an instance as soon

228

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

CharacteristicReboot

Stop/start (Amazon EBS- Terminate
backed instances only)
as soon as its state
changes to stopping.
Each time an instance
transitions from stopped
to running, we start a
new instance billing hour.

as its state changes to
shutting-down.

Note that operating system shutdown commands always terminate an instance store-backed
instance. You can control whether operating system shutdown commands stop or terminate an
Amazon EBS-backed instance. For more information, see Changing the Instance Initiated Shutdown
Behavior (p. 249).

Launch Your Instance
An instance is a virtual server in the AWS cloud. You launch an instance from an Amazon Machine
Image (AMI). The AMI provides the operating system, application server, and applications for your
instance.
When you sign up for AWS, you can get started with Amazon EC2 for free using the AWS Free Tier.
You can either leverage the free tier to launch and use a micro instance for free for 12 months. If you
launch an instance that is not within the free tier, you incur the standard Amazon EC2 usage fees for
the instance. For more information, see the Amazon EC2 Pricing.
You can launch an instance using the following methods.
Method

Documentation

Use the Amazon EC2 console with an AMI that
you select

Launching an Instance (p. 230)

Use the Amazon EC2 console to launch an
instance using an existing instance as a template

Launching an Instance Using an Existing
Instance as a Template (p. 236)

Use the Amazon EC2 console with an AMI that
you purchased from the AWS Marketplace

Launching an AWS Marketplace
Instance (p. 237)

Use the AWS CLI with an AMI that you select

Using Amazon EC2 through the AWS CLI

Use the AWS Tools for Windows PowerShell with Amazon EC2 from the AWS Tools for Windows
an AMI that you select
PowerShell

After you launch your instance, you can connect to it and use it. To begin, the instance state is
pending. When the instance state is running, the instance has started booting. There might be a
short time before you can connect to the instance. The instance receives a public DNS name that you
can use to contact the instance from the Internet. The instance also receives a private DNS name
that other instances within the same Amazon EC2 network (EC2-Classic or EC2-VPC) can use to
contact the instance. For more information about connecting to your instance, see Connecting to Your
Windows Instance Using RDP (p. 239).
When you are finished with an instance, be sure to terminate it. For more information, see Terminate
Your Instance (p. 247).

229

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

Launching an Instance
Before you launch your instance, be sure that you are set up. For more information, see Setting Up
with Amazon EC2 (p. 13).
Your AWS account might support both the EC2-Classic and EC2-VPC platforms, depending on when
you created your account and which regions you've used. To find out which platform your account
supports, see Supported Platforms (p. 560). If your account supports EC2-Classic, you can launch an
instance into either platform. If your account supports EC2-VPC only, you can launch an instance into a
VPC only.

Important
When you launch an instance that's not within the AWS Free Tier, you are charged for the
time that the instance is running, even if it remains idle.

Launching Your Instance from an AMI
When you launch an instance, you must select a configuration, known as an Amazon Machine Image
(AMI). An AMI contains the information required to create a new instance. For example, an AMI might
contain the software required to act as a web server: for example, Windows, Apache, and your web
site.

Tip
To ensure faster instance launches, break up large requests into smaller batches. For
example, create five separate launch requests for 100 instances each instead of one launch
request for 500 instances.

To launch an instance
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation bar at the top of the screen, the current region is displayed. Select the region
for the instance. This choice is important because some Amazon EC2 resources can be
shared between regions, while others can't. Select the region that meets your needs. For more
information, see Resource Locations (p. 725).

230

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

From the Amazon EC2 console dashboard, choose Launch Instance.

On the Choose an Amazon Machine Image (AMI) page, choose an AMI as follows:
a.

Select the type of AMI to use in the left pane:
Quick Start
A selection of popular AMIs to help you get started quickly. To ensure that you select an
AMI that is eligible for the free tier, choose Free tier only in the left pane. (Notice that
these AMIs are marked Free tier eligible.)
My AMIs
The private AMIs that you own, or private AMIs that have been shared with you.
AWS Marketplace
An online store where you can buy software that runs on AWS, including AMIs. For more
information about launching an instance from the AWS Marketplace, see Launching an
AWS Marketplace Instance (p. 237).
Community AMIs
The AMIs that AWS community member have made available for others to use. To filter
the list of AMIs by operating system, choose the appropriate check box under Operating
system. You can also filter by architecture and root device type.

Check the Root device type listed for each AMI. Notice which AMIs are the type that you
need, either ebs (backed by Amazon EBS) or instance-store (backed by instance store).
For more information, see Storage for the Root Device (p. 63).

Check the Virtualization type listed for each AMI. Notice which AMIs are the type that you
need, either hvm or paravirtual. For example, some instance types require HVM.

Choose an AMI that meets your needs, and then choose Select.

231

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

On the Choose an Instance Type page, select the hardware configuration and size of the
instance to launch. Larger instance types have more CPU and memory. For more information, see
Instance Types (p. 112).
To remain eligible for the free tier, choose the t2.micro instance type. For more information, see
T2 Instances (p. 115).
By default, the wizard displays current generation instance types, and selects the first available
instance type based on the AMI that you selected. To view previous generation instance types,
choose All generations from the filter list.

Note
If you are new to AWS and would like to set up an instance quickly for testing purposes,
you can choose Review and Launch at this point to accept default configuration settings,
and launch your instance. Otherwise, to configure your instance further, choose Next:
Configure Instance Details.
6.

On the Configure Instance Details page, change the following settings as necessary (expand
Advanced Details to see all the settings), and then choose Next: Add Storage:
• Number of instances: Enter the number of instances to launch.

Note
To help ensure that you maintain the correct number of instances to handle your
application, you can choose Launch into Auto Scaling Group to create a launch
configuration and an Auto Scaling group. Auto Scaling scales the number of instances
in the group according to your specifications. For more information, see the Auto
Scaling User Guide.
• Purchasing option: Select Request Spot instances to launch a Spot instance. For more
information, see Spot Instances (p. 170).
• Your account may support the EC2-Classic and EC2-VPC platforms, or EC2-VPC only. To find
out which platform your account supports, see Supported Platforms (p. 560). If your account
supports EC2-VPC only, you can launch your instance into your default VPC or a nondefault
VPC. Otherwise, you can launch your instance into EC2-Classic or a nondefault VPC.

Note
Some instance types must be launched into a VPC. If you don't have a VPC, you can
let the wizard create one for you.
To launch into EC2-Classic:
• Network: Select Launch into EC2-Classic.
• Availability Zone: Select the Availability Zone to use. To let AWS choose an Availability Zone
for you, select No preference.
To launch into a VPC:
• Network: Select the VPC, or to create a new VPC, choose Create new VPC to go the
Amazon VPC console. When you have finished, return to the wizard and choose Refresh to
load your VPC in the list.
• Subnet: Select the subnet into which to launch your instance. If your account is EC2-VPC
only, select No preference to let AWS choose a default subnet in any Availability Zone. To
create a new subnet, choose Create new subnet to go to the Amazon VPC console. When
you are done, return to the wizard and choose Refresh to load your subnet in the list.
• Auto-assign Public IP: Specify whether your instance receives a public IP address.
By default, instances in a default subnet receive a public IP address and instances in
a nondefault subnet do not. You can select Enable or Disable to override the subnet's
default setting. For more information, see Public IP Addresses and External DNS
Hostnames (p. 582).
• Domain join directory: Select the AWS Directory Service directory (domain) to which your
Windows instance is joined. The directory must be in the same VPC that you selected for your
232

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

instance. If you select a domain, you must select an IAM role. For more information, see Joining
a Windows Instance to an AWS Directory Service Domain (p. 321).
• IAM role: Select an AWS Identity and Access Management (IAM) role to associate with the
instance. For more information, see IAM Roles for Amazon EC2 (p. 547).
• Shutdown behavior: Select whether the instance should stop or terminate when shut down.
For more information, see Changing the Instance Initiated Shutdown Behavior (p. 249).
• Enable termination protection: Select this check box to prevent accidental termination. For
more information, see Enabling Termination Protection for an Instance (p. 248).
• Monitoring: Select this check box to enable detailed monitoring of your instance using Amazon
CloudWatch. Additional charges apply. For more information, see Monitoring Your Instances
Using CloudWatch (p. 442).
• EBS-Optimized instance: An Amazon EBS-optimized instance uses an optimized configuration
stack and provides additional, dedicated capacity for Amazon EBS I/O. If the instance type
supports this feature, select this check box to enable it. Additional charges apply. For more
information, see Amazon EBS–Optimized Instances (p. 676).
• Tenancy: If you are launching your instance into a VPC, you can choose to run your instance on
isolated, dedicated hardware (Dedicated) or on a Dedicated host (Dedicated host). Additional
charges may apply. For more information, see Dedicated Instances in the Amazon VPC User
Guide and Dedicated Hosts (p. 215).
• Network interfaces: If you selected a specific subnet, you can specify up to two network
interfaces for your instance:
• For Network Interface, select New network interface to let AWS create a new interface, or
select an existing, available network interface.
• For Primary IP, enter a private IP address from the range of your subnet, or leave Autoassign to let AWS choose a private IP address for you.
• Choose Add IP to assign more than one private IP address to the selected network interface.
• Choose Add Device to add a secondary network interface. A secondary network interface
can reside in a different subnet of the VPC, provided it's in the same Availability Zone as your
instance.
For more information, see Elastic Network Interfaces (ENI) (p. 598). If you specify more
than one network interface, your instance cannot receive a public IP address. Additionally,
you cannot override the subnet's public IP setting using Auto-assign Public IP if you specify
an existing network interface for eth0. For more information, see Assigning a Public IP
Address (p. 586).
• Kernel ID: (Only valid for paravirtual (PV) AMIs) Select Use default unless you want to use a
specific kernel.
• RAM disk ID: (Only valid for paravirtual (PV) AMIs) Select Use default unless you want to use
a specific RAM disk. If you have selected a kernel, you may need to select a specific RAM disk
with the drivers to support it.
• Placement group: A placement group is a logical grouping for your cluster instances. Select
an existing placement group, or create a new one. This option is only available if you've
selected an instance type that supports placement groups. For more information, see Placement
Groups (p. 611).
• User data: You can specify user data to configure an instance during launch, or to run a
configuration script. To attach a file, select the As file option and browse for the file to attach.
7.

On the Add Storage page, you can specify volumes to attach to the instance besides the volumes
specified by the AMI (such as the root device volume). You can change the following options, then
choose Next: Tag Instance when you have finished:
• Type: Select instance store or Amazon EBS volumes to associate with your instance. The
type of volume available in the list depends on the instance type you've chosen. For more
information, see Amazon EC2 Instance Store (p. 696) and Amazon EBS Volumes (p. 628).
• Device: Select from the list of available device names for the volume.
233

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

• Snapshot: Enter the name or ID of the snapshot from which to restore a volume. You can also
search for public snapshots by typing text into the Snapshot field. Snapshot descriptions are
case-sensitive.
• Size: For Amazon EBS-backed volumes, you can specify a storage size. Note that even if you
have selected an AMI and instance that are eligible for the free tier, you need to keep under 30
GiB of total storage to stay within the free tier.

Note
The following Amazon EBS volume considerations apply to Windows boot volumes:
• Windows 2003 instances do not boot if the boot volume is 2 TiB (2048 GiB) or
greater.
• Windows boot volumes must use an MBR partition table, which limits the usable
space to 2 TiB, regardless of volume size.
• Windows boot volumes of 2 TiB (2048 GiB) that have been converted to use a
dynamic MBR partition table display an error when examined with Disk Manager.
The following Amazon EBS volume considerations apply to Windows data (non-boot)
volumes:
• Windows volumes 2 TiB (2048 GiB) or greater must use a GPT partition table to
access the entire volume.
• Amazon EBS volumes over 2048 GiB that are attached to Windows instances at
launch are automatically formatted with a GPT partition table.
• Amazon EBS volumes attached to Windows instances after launch must be manually
initialized with a GPT partition table. For more information, see Making an Amazon
EBS Volume Available for Use.

Note
If you increase the size of your root volume at this point (or any other volume created
from a snapshot), you need to extend the file system on that volume in order to use
the extra space. For more information about extending your file system after your
instance has launched, see Expanding the Storage Space of an EBS Volume on
Windows (p. 664).
• Volume Type: For Amazon EBS volumes, select either a General Purpose SSD, Provisioned
IOPS SSD, or Magnetic volume. For more information, see Amazon EBS Volume
Types (p. 630).

Note
If you select a Magnetic boot volume, you'll be prompted when you complete the wizard
to make General Purpose SSD volumes the default boot volume for this instance and
future console launches. (This preference persists in the browser session, and does
not affect AMIs with Provisioned IOPS SSD boot volumes.) We recommended that you
make General Purpose SSD volumes the default because they provide a much faster
boot experience and they are the optimal volume type for most workloads. For more
information, see Amazon EBS Volume Types (p. 630).

Note
Some AWS accounts created before 2012 might have access to Availability Zones
in us-east-1, us-west-1, or ap-northeast-1 that do not support Provisioned IOPS SSD
(io1) volumes. If you are unable to create an io1 volume (or launch an instance with
an io1 volume in its block device mapping) in one of these regions, try a different
Availability Zone in the region. You can verify that an Availability Zone supports io1
volumes by creating a 4 GiB io1 volume in that zone.
• IOPS: If you have selected a Provisioned IOPS SSD volume type, then you can enter the
number of I/O operations per second (IOPS) that the volume can support.
• Delete on Termination: For Amazon EBS volumes, select this check box to delete the volume
when the instance is terminated. For more information, see Preserving Amazon EBS Volumes
on Instance Termination (p. 250).
234

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

• Encrypted: Select this check box to encrypt new Amazon EBS volumes. Amazon EBS volumes
that are restored from encrypted snapshots are automatically encrypted. Encrypted volumes
may only be attached to supported instance types (p. 681).
8.

On the Tag Instance page, specify tags (p. 733) for the instance by providing key and value
combinations. Choose Create Tag to add more than one tag to your resource. Choose Next:
Configure Security Group when you are done.

On the Configure Security Group page, use a security group to define firewall rules for your
instance. These rules specify which incoming network traffic is delivered to your instance. All other
traffic is ignored. (For more information about security groups, see Amazon EC2 Security Groups
for Windows Instances (p. 500).) Select or create a security group as follows, and then choose
Review and Launch.
To select an existing security group:
1.

Choose Select an existing security group. Your security groups are displayed. (If you are
launching into EC2-Classic, these are security groups for EC2-Classic. If you are launching
into a VPC, these are security group for that VPC.)

Select a security group from the list.

(Optional) You can't edit the rules of an existing security group, but you can copy them to
a new group by choosing Copy to new. Then you can add rules as described in the next
procedure.

To create a new security group:
1.

Choose Create a new security group. The wizard automatically defines the launch-wizard-x
security group.

(Optional) You can edit the name and description of the security group.

The wizard automatically defines an inbound rule to allow to you connect to your instance
over SSH (port 22) for Linux or RDP (port 3389) for Windows.

Caution
This rule enables all IP addresses (0.0.0.0/0) to access your instance over the
specified port. This is acceptable for this short exercise, but it's unsafe for production
environments. You should authorize only a specific IP address or range of addresses
to access your instance.
4.

You can add rules to suit your needs. For example, if your instance is a web server, open
ports 80 (HTTP) and 443 (HTTPS) to allow Internet traffic.
To add a rule, choose Add Rule, select the protocol to open to network traffic, and then
specify the source. Choose My IP from the Source list to let the wizard add your computer's
public IP address. However, if you are connecting through an ISP or from behind your firewall
without a static IP address, you need to find out the range of IP addresses used by client
computers.

10. On the Review Instance Launch page, check the details of your instance, and make any
necessary changes by choosing the appropriate Edit link.
When you are ready, choose Launch.
11. In the Select an existing key pair or create a new key pair dialog box, you can choose an
existing key pair, or create a new one. For example, choose Choose an existing key pair, then
select the key pair you created when getting set up.
To launch your instance, select the acknowledgment check box, then choose Launch Instances.

235

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

Important
If you choose the Proceed without key pair option, you won't be able to connect to the
instance unless you choose an AMI that is configured to allow users another way to log
in.
12. (Optional) You can create a status check alarm for the instance (additional fees may apply). (If
you're not sure, you can always add one later.) On the confirmation screen, choose Create status
check alarms and follow the directions. For more information, see Creating and Editing Status
Check Alarms (p. 437).
13. If the instance state immediately goes to terminated instead of running, you can get
information about why the instance didn't launch. For more information, see Instance terminates
immediately (p. 823).

Launching an Instance Using an Existing Instance as a
Template
The Amazon EC2 console provides a Launch More Like This wizard option that enables you to use
a current instance as a template for launching other instances. This option automatically populates the
Amazon EC2 launch wizard with certain configuration details from the selected instance.

Note
The Launch More Like This wizard option does not clone your selected instance; it only
replicates some configuration details. To create a copy of your instance, first create an AMI
from it, then launch more instances from the AMI.
The following configuration details are copied from the selected instance into the launch wizard:
• AMI ID
• Instance type
• Availability Zone, or the VPC and subnet in which the selected instance is located
• Public IP address. If the selected instance currently has a public IP address, the new instance
receives a public IP address - regardless of the selected instance's default public IP address
setting. For more information about public IP addresses, see Public IP Addresses and External DNS
Hostnames (p. 582).
• Placement group, if applicable
• IAM role associated with the instance, if applicable
• Shutdown behavior setting (stop or terminate)
• Termination protection setting (true or false)
• CloudWatch monitoring (enabled or disabled)
• Amazon EBS-optimization setting (true or false)
• Tenancy setting, if launching into a VPC (shared or dedicated)
• Kernel ID and RAM disk ID, if applicable
• User data, if specified
• Tags associated with the instance, if applicable
• Security groups associated with the instance
• Association information. If the selected instance is associated with a configuration file, the same
file is automatically associated with new instance. If the configuration file includes a domain join
configuration, the new instance will be joined to the same domain. For more information about joining
a domain, see Joining a Windows Instance to an AWS Directory Service Domain (p. 321).
The following configuration details are not copied from your selected instance; instead, the wizard
applies their default settings or behavior:

236

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

• (VPC only) Number of network interfaces: The default is one network interface, which is the primary
network interface (eth0).
• Storage: The default storage configuration is determined by the AMI and the instance type.

To use your current instance as a template
1.

On the Instances page, select the instance you want to use.

Choose Actions, and then Launch More Like This.

The launch wizard opens on the Review Instance Launch page. You can check the details of
your instance, and make any necessary changes by clicking the appropriate Edit link.
When you are ready, choose Launch to select a key pair and launch your instance.

Launching an AWS Marketplace Instance
You can subscribe to an AWS Marketplace product and launch an instance from the product's AMI
using the Amazon EC2 launch wizard. For more information about paid AMIs, see Paid AMIs (p. 72).
To cancel your subscription after launch, you first have to terminate all instances running from it. For
more information, see Managing Your AWS Marketplace Subscriptions (p. 75).

To launch an instance from the AWS Marketplace using the launch wizard
1.

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

From the Amazon EC2 dashboard, choose Launch Instance.

On the Choose an Amazon Machine Image (AMI) page, choose the AWS Marketplace category
on the left. Find a suitable AMI by browsing the categories, or using the search functionality.
Choose Select to choose your product.

A dialog displays an overview of the product you've selected. You can view the pricing information,
as well as any other information that the vendor has provided. When you're ready, choose
Continue.

Note
You are not charged for using the product until you have launched an instance with the
AMI. Take note of the pricing for each supported instance type, as you will be prompted to
select an instance type on the next page of the wizard.
5.

On the Choose an Instance Type page, select the hardware configuration and size of the
instance to launch. When you're done, choose Next: Configure Instance Details.

On the next pages of the wizard, you can configure your instance, add storage, and add
tags. For more information about the different options you can configure, see Launching an
Instance (p. 230). Choose Next until you reach the Configure Security Group page.
The wizard creates a new security group according to the vendor's specifications for the product.
The security group may include rules that allow all IP addresses (0.0.0.0/0) access on SSH
(port 22) on Linux or RDP (port 3389) on Windows. We recommend that you adjust these rules to
allow only a specific address or range of addresses to access your instance over those ports.
When you are ready, choose Review and Launch.

On the Review Instance Launch page, check the details of the AMI from which you're about
to launch the instance, as well as the other configuration details you set up in the wizard. When
you're ready, choose Launch to select or create a key pair, and launch your instance.

Depending on the product you've subscribed to, the instance may take a few minutes or more to
launch. You are first subscribed to the product before your instance can launch. If there are any
problems with your credit card details, you will be asked to update your account details. When the
launch confirmation page displays, choose View Instances to go to the Instances page.

237

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Launch

Note

You are charged the subscription price as long as your instance is running, even if it is
idle. If your instance is stopped, you may still be charged for storage.
When your instance is in the running state, you can connect to it. To do this, select your instance
in the list and choose Connect. Follow the instructions in the dialog. For more information about
connecting to your instance, see Connecting to Your Windows Instance Using RDP (p. 239).

Important
Check the vendor's usage instructions carefully, as you may need to use a specific user
name to log in to the instance. For more information about accessing your subscription
details, see Managing Your AWS Marketplace Subscriptions (p. 75).

Launching an AWS Marketplace AMI Instance Using the API and CLI
To launch instances from AWS Marketplace products using the API or command line tools, first ensure
that you are subscribed to the product. You can then launch an instance with the product's AMI ID
using the following methods:
Method

Documentation

AWS CLI

Use the run-instances command, or see the following topic for more
information: Launching an Instance.

AWS Tools for Windows
PowerShell

Use the New-EC2Instance command, or see the following topic for
more information: Launch an Amazon EC2 Instance Using Windows
PowerShell

Query API

Use the RunInstances request.

238

Amazon Elastic Compute Cloud
User Guide for Windows Instances
Connect

Connecting to Your Windows Instance Using
RDP
After you launch your instance, you can connect to it and use it the way that you'd use a computer
sitting in front of you.
If you receive an error while attempting to connect to your instance, see Troubleshooting Windows
Instances (p. 812).
If you need to connect to a Linux instance, see Connect to Your Linux Instance in the Amazon EC2
User Guide for Linux Instances.

Prerequisites
• Install an RDP client
Your Windows computer includes an RDP client by default. You can check for an RDP client by
typing mstsc at a Command Prompt window. If your computer doesn't recognize this command, see
the Windows home page and search for the download for Remote Desktop Connection. For Mac
OS X, you can use the Microsoft Remote Desktop app from the Apple App Store, or the Microsoft's
Remote Desktop Connection Client from the Microsoft website. For Linux, you can use rdesktop.

Important
Mac OS X users: If you are connecting to a Windows 2012 R2 instance, the Remote
Desktop Connection client from the Microsoft website may not work. Use the Microsoft
Remote Desktop app from the Apple App Store instead.
• Get the ID of the instance
You can get the ID of your instance using the Amazon EC2 console (from the Instance ID column).
If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for
Windows PowerShell) command.
• Get the public DNS name of the instance
You can get the public DNS for your instance using the Amazon EC2 console (check the Public
DNS column; if this column is hidden, click the Show/Hide icon and select Public DNS). If you
prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows
PowerShell) command.
• Locate the private key
You'll need the fully-qualified path of the .pem file for the key pair that you specified when you
launched the instance.
• Enable inbound RDP traffic from your IP address to your instance
Ensure that the security group associated with your instance allows incoming RDP traffic from
your IP address. For more information, see Authorizing Inbound Traffic for Your Windows
Instances (p. 552).

Important
Your default security group does not allow incoming RDP traffic by default.
• For the best experience using Internet Explorer, run the latest version.

Connect to Your Windows Instance
To connect to a Windows instance, you must retrieve the initial administrator password and then
specify this password when you connect to your instance using Remote Desktop.

239