Last Update: Sep 04, 2024 | Published: Nov 24, 2014
In light of the recent Microsoft Azure outage, you might be considering taking a look at other cloud service providers to use for backup or disaster recovery. In this how-to article, I’ll show you how to provision Windows Server 2012 R2 using PowerShell on Amazon’s Elastic Compute (EC) platform so that you can quickly create test or production environments.
For information on provisioning VMs using the EC2 management console and how to sign up for AWS, see Provisioning Windows Server 2012 on Amazon Web Services (AWS) on the Petri IT Knowledgebase.
I’m going to configure AWS Tools for Windows PowerShell on Windows 8.1. If you are using an earlier version of Windows, additional steps may be required. AWS Tools for Windows PowerShell requires Windows PowerShell 2.0 or later and Windows XP or later. The instructions also assume that you already have an AWS account.
TIP: To start the PowerShell console as an administrator in Windows 8.1, switch to the Start screen, type powershell, make sure that Windows PowerShell is selected in the search results and then press CTRL+SHIFT+ENTER. Enter the credentials for an administrator account in the UAC elevation prompt.
As with the PowerShell tools for Microsoft Azure, you need to establish a connection to your AWS subscription.
Before we can use the account to do anything useful in AWS, we need to assign it administrator permissions.
Now we have some access credentials for a user, we need to store the information securely in the AWS SDK Store using the Set-AWSCredentials cmdlet. Credentials are sent to AWS whenever you run a cmdlet, but you can specify this to be automatic for each session or for all PowerShell sessions.
Most AWS cmdlets require a region to be specified, so I’ve included that information in the initialize-awsdefaults cmdlet. You can override the set region for the current session at any time by using Set-DefaultAWSRegion us-west-1, replacing us-west-1 with the required region. View the set region using Get-DefaultAWSRegion, and view all the available regions using Get-AWSRegion.
The default credentials for a session can be overridden by using Set-AWSCredentials -ProfileName MyProfileName and replacing MyProfileName with the required profile name, or specify the -ProfileName parameter followed by the required profile name at the end of a cmdlet to override the default credentials for individual commands.
Now it’s time to get down to the nitty-gritty and provision a VM. Before doing so, you’ll need a key pair to connect to the new instance. In the PowerShell console, type the following command and press ENTER.
Later in the process, you will need the key material from this key pair to retrieve the administrator password for the VM, which you can get using the command below:
Alternatively, save the key pair as a file:
Note that once you end the current PowerShell session, you won't be able to retrieve the key material again, so you must either save the key pair as a file, or copy and paste the key material and save it. You won't be able to get a password to connect to the VM without the key material.Configure a security group for remote access
To control remote access to the VM, a security group is required. You can create a security group for EC2-Classic or EC2-VPC VMs. Click here for information on the differences between the two types of VM. In this article, we'll use EC2-Classic because it's simpler to configure. Run the command below, and a GroupID for the new security group will be returned in the console.
Now run the code that follows to allow remote connections from any IP address. While this configuration is not recommended, it gives us the same default configuration that we get when configuring VMs in Microsoft Azure.
$ipPermissions = New-Object Amazon.EC2.Model.IpPermission –Property @{IpProtocol = “tcp”; FromPort = “3389”; ToPort = “3389”; IpRanges = $cidrBlocks} Grant-EC2SecurityGroupIngress -GroupName myVMsecuritygroup –IpPermissions $ipPermissions
To verify the configuration for the new group:
Find an image for the new VM
To see the list of available image types, run the Get-EC2ImageByName cmdlet. To set the ImageID for a specific Windows Server 2012 R2 image, run the code below and make a note of the ImageID.
Launch a new EC2 instance
AWS refers to virtual machines as instances. New instances are launched using images (AWIs). Use the new-ec2instance cmdlet to launch a new instance using the ImageID identified above, and the key pair and security group created earlier. The t2.micro instance type is part of the free tier, which includes 750 hours of compute time per month. The –MinCount and –MaxCount parameters are set to 1 to provision just one running instance from the given image.
New-EC2Instance -ImageId ami-21f0bc11 -MinCount 1 -MaxCount 1 –KeyName myPSKeyPair -SecurityGroups myVMsecuritygroup -InstanceType t2.micro
Using the reservation ID returned by the new-ec2instance cmdlet, you can view information about the instance using a filter. The output includes the public IP address and DNS name of the instance so that you can connect remotely using RDP.
$reservation = New-Object 'collections.generic.list[string]' $reservation.add("r-bdb88ab0") $filter_reservation = New-Object Amazon.EC2.Model.Filter -Property @{Name = "reservation-id"; Values = $reservation} (Get-EC2Instance -Filter $filter_reservation).Instances
Connect to the instance using RDP
For more information on connecting to instances using RDP, see Provisioning Windows Server 2012 on Amazon Web Services (AWS) on the Petri IT Knowledgebase. You will need either the key material or .pem file of the key pair generated earlier in this tutorial to get the administrator password. Once you've retrieved the password for the VM, you can remove the key pair if desired: