Managed Amazon Windows AMIs - Amazon Elastic Compute Cloud
Configuration changes for Amazon Windows AMIsUpdate your Windows instanceUpgrade or migrate to a newer version of Windows ServerSubscribe to Windows AMI notificationsChanges in Windows Server 2016 and later AMIs
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Managed Amazon Windows AMIs

Amazon provides managed Amazon Machine Images (AMIs) that include various versions and configurations of Windows Server. In general, the Amazon Windows AMIs are configured with the default settings used by the Microsoft installation media. However, there are customizations. For example, the Amazon Windows AMIs come with the following software and drivers:

  • EC2Launch v2 (Windows Server 2022)

  • EC2Launch (Windows Server 2016 and 2019)

  • Amazon Systems Manager

  • Amazon CloudFormation

  • Amazon Tools for Windows PowerShell

  • Network drivers (SRIOV, ENA, Citrix PV)

  • Storage drivers (NVMe, Amazon PV, Citrix PV)

  • Graphics drivers (NVidia GPU, Elastic GPU)

  • Spot Instance hibernation

For information about other customizations, see Amazon Windows AMIs.

Configuration changes for Amazon Windows AMIs

The following configuration changes are applied to each Amazon Windows AMI.

Clean and prepare
Change Applies to
Check for pending file renames or reboots, and reboot as needed All AMIs

Delete .dmp files

 All AMIs
Delete logs (event logs, Systems Manager, EC2Config) All AMIs
Delete temporary folders and files for Sysprep All AMIs
Perform virus scan All AMIs
Pre-compile queued .NET assemblies (before Sysprep) All AMIs
Restore default values for Internet Explorer All AMIs
Reset the Windows wallpaper All AMIs
Run Sysprep All AMIs
Set EC2Launch to run at the next launch Windows Server 2016 and 2019
Install and configure
Change Applies to
Disable Secure Time Seeding All AMIs
Add links to the Amazon EC2 Windows Guide All AMIs
Attach instance storage volumes to extended mount points All AMIs
Install the current Amazon Tools for Windows PowerShell All AMIs
Install the current Amazon CloudFormation helper scripts All AMIs

Disable RunOnce for Internet Explorer

 All AMIs

Enable remote PowerShell

 All AMIs
Disable hibernation and delete the hibernation file All AMIs
Disable the Connected User Experiences and Telemetry service All AMIs
Set the performance options for best performance All AMIs
Set the power setting to high performance All AMIs
Disable the screen saver password All AMIs

Set the RealTimeIsUniversal registry key

 All AMIs

Set the timezone to UTC

 All AMIs

Disable Windows updates and notifications

 All AMIs

Run Windows Update and reboot until there are no pending updates

 All AMIs

Set the display in all power schemes to never turn off

 All AMIs

Set the PowerShell execution policy to "Unrestricted"

 All AMIs

If Microsoft SQL Server is installed:

  • Install service packs

  • Configure to start automatically

  • Add BUILTIN\Administrators to the SysAdmin role

  • Open TCP port 1433 and UDP port 1434

 All AMIs

Configure a paging file on the system volume as follows:

  • Windows Server 2016 and later - Managed by the system

 All AMIs
Install the current EC2Launch v2 and SSM Agent Windows Server 2022 and later
Install the current EC2Launch and SSM Agent Windows Server 2016 and 2019
Install the current SRIOV drivers Windows Server 2012 R2 and later

Install the current EC2WinUtil driver

Windows Server 2008 R2 and later
Install the current Amazon PV, ENA, and NVMe drivers Windows Server 2008 R2 and later

Update your Windows instance

After you launch a Windows instance, you are responsible for installing updates on it. For more information, see Update management in Amazon EC2.

You can manually install only the updates that interest you, or you can start from a current Amazon Windows AMI and build a new Windows instance. For information about finding the current Amazon Windows AMIs, and keeping your AMIs up to date, see Find a Windows AMI and Keep your AMIs up to date.

Note

Instances should be stateless when updating. For more information, see Managing Your Amazon Infrastructure at Scale.

For Windows instances, you can install updates to the following services or applications:

We recommend that you reboot your Windows instance after installing updates. For more information, see Reboot your instance.

Upgrade or migrate to a newer version of Windows Server

For information about how to upgrade or migrate a Windows instance to a newer version of Windows Server, see Upgrade an Amazon EC2 Windows instance to a newer version of Windows Server.

Subscribe to Windows AMI notifications

To be notified when new AMIs are released or when previously released AMIs are made private, subscribe to notifications using Amazon SNS.

To subscribe to Windows AMI notifications

  1. Open the Amazon SNS console at https://console.amazonaws.cn/sns/v3/home.

  2. In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must use this Region because the SNS notifications that you are subscribing to were created in this Region.

  3. In the navigation pane, choose Subscriptions.

  4. Choose Create subscription.

  5. For the Create subscription dialog box, do the following:

    1. For Topic ARN, copy and paste one of the following Amazon Resource Names (ARNs):

      • arn:aws:sns:us-east-1:801119661308:ec2-windows-ami-update

      • arn:aws:sns:us-east-1:801119661308:ec2-windows-ami-private

      For Amazon GovCloud (US):

      arn:aws-us-gov:sns:us-gov-west-1:077303321853:ec2-windows-ami-update

    2. For Protocol, choose Email.

    3. For Endpoint, type an email address that you can use to receive the notifications.

    4. Choose Create subscription.

  6. You'll receive a confirmation email with the subject line Amazon Notification - Subscription Confirmation. Open the email and choose Confirm subscription to complete your subscription.

Whenever Windows AMIs are released, we send notifications to the subscribers of the ec2-windows-ami-update topic. Whenever released Windows AMIs are made private, we send notifications to the subscribers of the ec2-windows-ami-private topic. If you no longer want to receive these notifications, use the following procedure to unsubscribe.

To unsubscribe from Windows AMI notifications

  1. Open the Amazon SNS console at https://console.amazonaws.cn/sns/v3/home.

  2. In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must use this Region because the SNS notifications were created in this Region.

  3. In the navigation pane, choose Subscriptions.

  4. Select the subscriptions and then choose Delete. When prompted for confirmation, choose Delete.

Changes in Windows Server 2016 and later AMIs

Amazon provides AMIs for Windows Server 2016 and later. These AMIs include the following high-level changes from earlier Windows AMIs:

Other differences

Note the following additional important differences for instances created from Windows Server 2016 and later AMIs.

  • By default, EC2Launch does not initialize secondary EBS volumes. You can configure EC2Launch to initialize disks automatically by either scheduling the script to run or by calling EC2Launch in user data. For the procedure to initialize disks using EC2Launch, see "Initialize Drives and Drive Letter Mappings" in Configure EC2Launch.

  • If you previously enabled CloudWatch integration on your instances by using a local configuration file (AWS.EC2.Windows.CloudWatch.json), you can configure the file to work with the SSM Agent on instances created from Windows Server 2016 and later AMIs.

For more information, see Windows Server on Microsoft.com.