How to Create and Run a Custom Windows 10 Virtual Machine on Amazon AWS EC2

AWS, EC2, S3, Virtualization

Prelude

Its not officially supported yet but you can use Windows 10 on AWS.
The advantage of having a virtual machine on the cloud is that the G2 and P2 instances use GPU passtrough technology which means you can use graphics cards, install and run graphics intensive programs easily on a virtual machine.

One limitation is that it wont work trough Microsoft Remote Desktop only trough Teamviewer or similar screensharing applications.

Downloading the image

There are limitations which version you can use on aws.
AWS vmimport supported versions:
Microsoft Windows 10 (Professional, Enterprise, Education) (US English) (64-bit only).
So Home version wont work.
Download the windows image you want.

You can download the Enterprise trial here.

Update: 2018 January

AWS seems to filter the product names of the version of Windows being imported and blocks the vmimport of Windows 10 Enterprise Evaluation so that’s not possible to do anymore. It seems like the import of a Win10 Pro vhd based on a freely available iso that has not yet been activated is possible.

You can download Windows 10 Pro unactivated here.

Creating the virtual machine

  • Use virtualbox to create a new virtual machine, make sure that it uses the VHD format (The OS is 20 gigabyte).
  • Install the Windows 10 image onto it.
  • Make sure to set a username password on the administrator account otherwise cannot connect trough remote desktop later on.
  • Install teamviewer on the virtual machine grant easy access to yourself and check extras->options
    • General -> Network Settings: Accept Incoming Lan Connections
    • Security -> Windows logon: Allowed for all users
  • Start -> Allow remote access to your computer
    • Allow remote connections to this computer
  • Install ec2 configure service following this.
  • Restart the virtual machine.
  • Wait for windows 10 updates to install.
  • Exit the virtual machine.

Install and configure awscli

1
2
sudo apt install awscli
aws configure

During configure you can add your:

  • AWS access key.
  • AWS secret access key.
  • Default region.

You can get your access key following this.

If you set a default region you dont have to specify the region parameter in the following commands.
But keep in mind that some instance types (P2) are only avalible in the US.

Create an S3 bucket

The bucketname must be unique.

1
aws s3 mb s3://my-unique-bucket --region eu-central-1

Upload image to s3

Move to the folder you store the virtual machine file and upload the virtual image to the s3 bucket.

1
aws s3 cp myimage.vhd s3://my-unique-bucket --region eu-central-1

Configuration files

Create a trust policy in the file trust-policy.json.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}

Create a vmimport role and add vim import/export access to it.

1
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

Create a file named role-policy.json replace the !!REPLACEME!! to the bucketname you are using.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!"
         ]
      },
      {
         "Effect": "Allow",
         "Action": [
            "s3:GetObject"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!/*"
         ]
      },
      {
         "Effect": "Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource": "*"
      }
   ]
}

Add the policy to the vmimport role.

1
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Create a configuration file on your computer called containers.json.
Replace my-unique-bucket and myimage.vhd with your bucket and image name.

1
[{ "Description": "Windows 10 Base Install", "Format": "vhd", "UserBucket": { "S3Bucket": "my-unique-bucket", "S3Key": "myimage.vhd" } }]

Create EC2 AMI from S3 VHD image

1
aws ec2 import-image --description "Windows 10" --disk-containers file://containers.json --region eu-central-1

This may take a while you can check on the status of the import.

1
aws ec2 describe-import-image-tasks --region eu-central-1

When the import status is completed you can head to the EC2 console and select the correct region.

Create EC2 instance from AMI

Images -> AMI -> Right click -> Launch

  • Instance type: g2 (You might have to ask the support for an increase in the g2 limit).
  • Security Group: Allow RDP, Teamviewer ports.

Instances -> Launch

Running the instance

Instances -> Right click -> Connect

You download the remote desktop file.

Launch that file with the username and password you set on the original instance.

In the form:
.\Username
pass

Post Install

Reassign teamviewer to the your teamviewer.
Download nvidia experience and install a driver.