Configuration changes for Amazon Windows AMIs Update your Windows instance Upgrade or migrate to a newer version of Windows Server Subscribe to Windows AMI notifications Changes in Windows Server 2016 and later AMIs

Managed Amazon Windows AMIs

Amazon provides managed Amazon Machine Images (AMIs) that include various versions and configurations of Windows Server. In general, the Amazon Windows AMIs are configured with the default settings used by the Microsoft installation media. However, there are customizations. For example, the Amazon Windows AMIs come with the following software and drivers:

EC2Launch v2 (Windows Server 2022)
EC2Launch (Windows Server 2016 and 2019)
EC2Config service (through Windows Server 2012 R2)
Amazon Systems Manager
Amazon CloudFormation
Amazon Tools for Windows PowerShell
Network drivers (SRIOV, ENA, Citrix PV)
Storage drivers (NVMe, Amazon PV, Citrix PV)
Graphics drivers (NVidia GPU, Elastic GPU)
Spot Instance hibernation

For information about other customizations, see Amazon Windows AMIs.

Managed Windows AMIs topics

Configuration changes for Amazon Windows AMIs

The following configuration changes are applied to each Amazon Windows AMI.

Clean and prepare
Change	Applies to
Check for pending file renames or reboots, and reboot as needed	All AMIs
Delete `.dmp` files	All AMIs
Delete logs (event logs, Systems Manager, EC2Config)	All AMIs
Delete temporary folders and files for Sysprep	All AMIs
Clear recent history (Start menu, Windows Explorer, and more)	Windows Server 2012 R2 and earlier
Perform virus scan	All AMIs
Pre-compile queued .NET assemblies (before Sysprep)	All AMIs
Run Windows maintenance tools	Windows Server 2012 R2 and later
Restore default values for Internet Explorer	All AMIs
Restore default values for EC2Config	Windows Server 2012 R2 and earlier
Set EC2Launch to run at the next launch	Windows Server 2016 and 2019
Reset the Windows wallpaper	All AMIs
Run Sysprep	All AMIs

Install and configure
Change	Applies to
Add links to the Amazon EC2 Windows Guide	All AMIs
Attach instance storage volumes to extended mount points	All AMIs
Install the current Amazon Tools for Windows PowerShell	All AMIs
Install the current Amazon CloudFormation helper scripts	All AMIs
Install the current EC2Config and SSM Agent	Windows Server 2012 R2 and earlier
Install the current EC2Launch and SSM Agent	Windows Server 2016 and 2019
Install the current EC2Launch v2 and SSM Agent	Windows Server 2022 and later
Install the current Amazon PV, ENA, and NVMe drivers	Windows Server 2008 R2 and later
Install the current SRIOV drivers	Windows Server 2012 R2 and later
Install the current Citrix PV driver	Windows Server 2008 SP2 and earlier
Install the current EC2WinUtil driver	Windows Server 2008 R2 and later
Install PowerShell 2.0 and 3.0	Windows Server 2008 SP2 and R2
If Microsoft SQL Server is installed: Install service packs Configure to start automatically Add BUILTIN\Administrators to the SysAdmin role Open TCP port 1433 and UDP port 1434	All AMIs
Apply the following hotfixes: MS15-011 KB2582281 KB2634328 KB2800213 KB2922223 KB2394911 KB2780879	Windows Server 2008 SP2 and R2
Allow ICMP traffic through the firewall	Windows Server 2012 R2 and earlier
Enable file and printer sharing	Windows Server 2012 R2 and earlier
Disable RunOnce for Internet Explorer	All AMIs
Enable remote PowerShell	All AMIs
Configure a paging file on the system volume as follows: Windows Server 2016 and later - Managed by the system Windows Server 2012 R2 - Initial size and max size are 8 GB Windows Server 2012 and earlier - Initial size is 512 MB, max size is 8 GB	All AMIs
Configure an additional system managed paging file on `Z:`, if available	Windows Server 2012 R2 and earlier
Disable hibernation and delete the hibernation file	All AMIs
Disable the Connected User Experiences and Telemetry service	All AMIs
Set the performance options for best performance	All AMIs
Set the power setting to high performance	All AMIs
Disable the screen saver password	All AMIs
Set the RealTimeIsUniversal registry key	All AMIs
Set the timezone to UTC	All AMIs
Disable Windows updates and notifications	All AMIs
Run Windows Update and reboot until there are no pending updates	All AMIs
Set the display in all power schemes to never turn off	All AMIs
Set the PowerShell execution policy to "Unrestricted"	All AMIs

Update your Windows instance

After you launch a Windows instance, you are responsible for installing updates on it. For more information, see Update management in Amazon EC2.

You can manually install only the updates that interest you, or you can start from a current Amazon Windows AMI and build a new Windows instance. For information about finding the current Amazon Windows AMIs, and keeping your AMIs up to date, see Find a Windows AMI and Keep your AMIs up to date.

Note

Instances should be stateless when updating. For more information, see Managing Your Amazon Infrastructure at Scale.

For Windows instances, you can install updates to the following services or applications:

We recommend that you reboot your Windows instance after installing updates. For more information, see Reboot your instance.

Upgrade or migrate to a newer version of Windows Server

For information about how to upgrade or migrate a Windows instance to a newer version of Windows Server, see Upgrade an Amazon EC2 Windows instance to a newer version of Windows Server.

To be notified when new AMIs are released or when previously released AMIs are made private, subscribe to notifications using Amazon SNS.

To subscribe to Windows AMI notifications

Open the Amazon SNS console at https://console.amazonaws.cn/sns/v3/home.
In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must use this Region because the SNS notifications that you are subscribing to were created in this Region.
In the navigation pane, choose Subscriptions.
Choose Create subscription.
For the Create subscription dialog box, do the following:
1. For Topic ARN, copy and paste one of the following Amazon Resource Names (ARNs):
  - arn:aws:sns:us-east-1:801119661308:ec2-windows-ami-update
  - arn:aws:sns:us-east-1:801119661308:ec2-windows-ami-private
  For Amazon GovCloud (US):
  
  arn:aws-us-gov:sns:us-gov-west-1:077303321853:ec2-windows-ami-update
2. For Protocol, choose Email.
3. For Endpoint, type an email address that you can use to receive the notifications.
4. Choose Create subscription.
You'll receive a confirmation email with the subject line Amazon Notification - Subscription Confirmation. Open the email and choose Confirm subscription to complete your subscription.

Whenever Windows AMIs are released, we send notifications to the subscribers of the ec2-windows-ami-update topic. Whenever released Windows AMIs are made private, we send notifications to the subscribers of the ec2-windows-ami-private topic. If you no longer want to receive these notifications, use the following procedure to unsubscribe.

To unsubscribe from Windows AMI notifications

Open the Amazon SNS console at https://console.amazonaws.cn/sns/v3/home.
In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must use this Region because the SNS notifications were created in this Region.
In the navigation pane, choose Subscriptions.
Select the subscriptions and then choose Delete. When prompted for confirmation, choose Delete.

Changes in Windows Server 2016 and later AMIs

Amazon provides AMIs for Windows Server 2016 and later. These AMIs include the following high-level changes from earlier Windows AMIs:

To accommodate the change from .NET Framework to .NET Core, the EC2Config service has been deprecated on Windows Server 2016 AMIs and replaced by EC2Launch. EC2Launch is a bundle of Windows PowerShell scripts that perform many of the tasks performed by the EC2Config service. For more information, see Configure a Windows instance using EC2Launch. EC2Launch v2 replaces EC2Launch in Windows Server 2022 and later. For more information, see Configure a Windows instance using EC2Launch v2.
On earlier versions of Windows Server AMIs, you can use the EC2Config service to join an EC2 instance to a domain and configure integration with Amazon CloudWatch. On Windows Server 2016 and later AMIs, you can use the CloudWatch agent to configure integration with Amazon CloudWatch. For more information about configuring instances to send log data to CloudWatch, see Collect Metrics and Logs from Amazon EC2 Instances and On-Premises Servers with the CloudWatch Agent. For information about joining an EC2 instance to a domain, see Join an Instance to a Domain Using the AWS-JoinDirectoryServiceDomain JSON Document in the Amazon Systems Manager User Guide.

Other differences

Note the following additional important differences for instances created from Windows Server 2016 and later AMIs.

By default, EC2Launch does not initialize secondary EBS volumes. You can configure EC2Launch to initialize disks automatically by either scheduling the script to run or by calling EC2Launch in user data. For the procedure to initialize disks using EC2Launch, see "Initialize Drives and Drive Letter Mappings" in Configure EC2Launch.
If you previously enabled CloudWatch integration on your instances by using a local configuration file (AWS.EC2.Windows.CloudWatch.json), you can configure the file to work with the SSM Agent on instances created from Windows Server 2016 and later AMIs.

For more information, see Windows Server on Microsoft.com.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Service-linked role

Specialized Windows AMIs