无法在AWS EC2中检索默认Windows管理员密码

时间:2017-03-16 02:35:11

标签: amazon-web-services amazon-ec2 aws-sdk amazon-cloudformation

我正在构建一个AWS CloudFormation自动化文档,它为我创建了一个自定义的Windows 2016 AMI。

如果我根据此AMI启动EC2实例,我将无法检索密码。

Get Windows Password Password not available yet

  

密码尚不可用。请等待至少4分钟后   在尝试检索自动生成之前启动实例   密码。

     

注意:在启动Amazon Windows AMI期间会生成密码   或已配置为启用此功能的自定义AMI。   从未启用此功能的自定义AMI启动的实例已启用   AMI的父实例的用户名和密码。

AWS系统日志中也没有显示任何内容: System Log

CloudFormation模板如下所示:

value = range(len(key))
dictionary = dict(zip(key, ['English {}'.format(i) for i in value]))

2 个答案:

答案 0 :(得分:3)

借助Windows 2016,我们推出了新的Powershell脚本。这些需要在构建AMI时进行安排。

要完成此操作,请添加:

AWSTemplateFormatVersion: "2010-09-09"
Description: "SSM Automation Document"
Parameters:
  SubnetId:
    Description: "ID of subnet to use for launching EC2 instance"
    Type: "AWS::EC2::Subnet::Id"
  KeyPairName:
    Description: "Name of EC2 key pair for logging in to the instance"
    Type: "String"
  SecurityGroupIds:
    Description: "The IDs of security groups that are permitted access to EC2 instance"
    Type: "List<AWS::EC2::SecurityGroup::Id>"
Outputs:
  AmiAutomationDocumentName:
    Value: !Ref "AmiAutomationDoc"
Resources:
  AutomationRole:
    Type: "AWS::IAM::Role"
    Properties:
      Path: "/"
      AssumeRolePolicyDocument:
        Statement:
          - Action:
              - "sts:AssumeRole"
            Effect: "Allow"
            Principal:
              Service:
                - "ec2.amazonaws.com"
                - "ssm.amazonaws.com"
        Version: "2012-10-17"
      Policies:
        - PolicyName: "PassRole"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Action:
                  - "iam:PassRole"
                Effect: "Allow"
                Resource: "*"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole"
  InstanceProfileRole:
    Type: "AWS::IAM::Role"
    Properties:
      Path: "/"
      AssumeRolePolicyDocument:
        Statement:
          - Action:
              - "sts:AssumeRole"
            Effect: "Allow"
            Principal:
              Service:
                - "ec2.amazonaws.com"
                - "ssm.amazonaws.com"
        Version: "2012-10-17"
      Policies:
        - PolicyName: "PassRole"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Action:
                  - "iam:PassRole"
                Effect: "Allow"
                Resource: "*"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
  InstanceProfile:
    Properties:
      Path: "/"
      Roles:
        - !Ref "InstanceProfileRole"
    Type: "AWS::IAM::InstanceProfile"
  AmiAutomationDoc:
    Type: "AWS::SSM::Document"
    Properties:
      DocumentType: "Automation"
      Content: 
        schemaVersion: "0.3"
        description: "Create a new AMI"
        parameters:
          SourceAmiId:
            type: "String"
            description: "AMI to patch"
          TargetAmiName:
            type: "String"
            description: "Name of new AMI"
            default: "NewAMI_{{ global:DATE_TIME }}_{{ SourceAmiId }}"
        assumeRole: !GetAtt "AutomationRole.Arn"
        mainSteps:
          - name: "startInstance"
            action: "aws:runInstances"
            timeoutSeconds: 360
            maxAttempts: 1
            onFailure: "Abort"
            inputs:
              ImageId: "{{ SourceAmiId }}"
              InstanceType: "t2.micro"
              IamInstanceProfileArn: !GetAtt "InstanceProfile.Arn"
              KeyName: !Ref "KeyPairName"
              SecurityGroupIds: !Ref "SecurityGroupIds"
              SubnetId: !Ref "SubnetId"
              MinInstanceCount: 1
              MaxInstanceCount: 1
          - name: "stopInstance"
            action: "aws:changeInstanceState"
            maxAttempts: 1
            onFailure: "Continue"
            inputs:
              InstanceIds:
                - "{{ startInstance.InstanceIds }}"
              DesiredState: "stopped"
          - name: "createImage"
            action: "aws:createImage"
            maxAttempts: 1
            onFailure: "Continue"
            inputs:
              InstanceId: "{{ startInstance.InstanceIds }}"
              ImageName: "{{ TargetAmiName }}"
              ImageDescription: "AMI based on base image {{ SourceAmiId }}"
        outputs:
          - createImage.ImageId
          - startInstance.InstanceIds

然后:

- name: "installServices"
  action: "aws:runCommand"
  maxAttempts: 1
  onFailure: "Abort"
  inputs:
    DocumentName: !Ref "InstallServicesCommand"
    InstanceIds:
      - "{{ startInstance.InstanceIds }}"

答案 1 :(得分:-1)


The below steps are worked for me.

1.Connect to your Windows instance and customize it.
2.Search for and run the EC2LaunchSettings application if the windows is 2016 or later or if the windows server 2012 R2 and earlier version of Windows server 2012R2 open EC2Config service application.
3.Enable Random(Retrieve from console)
4.Click Shutdown the system with Sysprep option.
5.Create AMI once instance got shutdown.
6. Then launch the system using new Keypair.
相关问题
最新问题