You can access a Windows instance using a remote desktop application. For example, Microsoft Remote Desktop enables you to connect to Windows instances from a Windows or macOS operating system.

Before accessing a Windows instance, you need to decrypt the password of its administrator account. This is done using the private key of the keypair that you associated with the instance.

You can retrieve the password of your Windows instance only on the first start, as the password is not available to retrieve after the first reboot. If you have not retrieved the password, you cannot access your Window instance and you need to terminate it and launch a new one.

This procedure only applies to instances launched using official OMIs, and whose keypair authentication system you did not modify after launch. Otherwise, you need to use the method corresponding to the authentication system you implemented. For more information, see About Keypairs.

This procedure contains the following steps: 

Decrypt the Password of the Instance


Before you begin: Ensure the Windows instance is ready.

After launch, the instance needs about 10 minutes to be ready. You can check if the instance is ready by looking at its console output. For more information, see Viewing the Console Output of an Instance.

  1. Click Compute > Instances.
     

  2. Click the instance you want the password from.
    The instance is selected.
     
  3. Click Get password  .
    The XXX: GET PASSWORD dialog box appears
     
  4. Click Choose file.
    A window appears.

  5. Select the .rsa file containing the private key of the keypair associated with the instance.

  6. Click OK to validate.
    The administrator password of the instance decrypted and is downloaded on your computer as a .txt file.

    The password also appears in a temporary notification at the top of the page.

Before you begin: Ensure the Windows instance is ready.

After launch, the instance needs about 10 minutes to be ready. You can check if the instance is ready by looking at its console output. For more information, see Viewing the Console Output of an Instance.

  • To decode and decrypt the administrator password of the instance, use the get-password-data command following this syntax: 

    Request sample
    $ aws ec2 get-password-data \
        --profile YOUR_PROFILE \
        --instance-id i-12345678 \
        --priv-launch-key ~/.ssh/keypair.rsa \
        --endpoint https://fcu.eu-west-2.outscale.com

    This command contains the following attributes that you need to specify:

    • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
    • instance-id: The ID of the instance you want to access.
    • priv-launch-key: The path to the .rsa file containing the private key of the keypair on your computer.
    • endpoint: The endpoint corresponding to the Region you want to send the request to.


    The get-password-data command returns the following elements:

    • InstanceId: The ID of the instance.
    • PasswordData: The administrator password of the instance.
    • Timestamp: The time the console output was updated for the last time, in ISO 8601 format.
    Result sample
    {
        "InstanceId": "i-123456789",
        "PasswordData": "/XxYy12Z*z",
        "Timestamp": "2018-03-26T13:01:33.176Z"
    }

Before you begin: Ensure the Windows instance is ready.

After launch, the instance needs about 10 minutes to be ready. You can check if the instance is ready by looking at its console output. For more information, see Viewing the Console Output of an Instance.

  1. To retrieve the administrator password encoded in Base64, view the console output of the instance. For more information, see Viewing the Console Output of an Instance.

    4/26/2017 11:50:17 AM : ==============================================
    4/26/2017 11:50:17 AM : OS : Microsoft Windows NT 10.0.14393
    4/26/2017 11:50:17 AM : OsVersion : 10.0.14393
    4/26/2017 11:50:17 AM : OsProductName : Microsoft Windows Server 2016 Datacenter
    4/26/2017 11:50:17 AM : Language : en-US
    4/26/2017 11:50:17 AM : AMI-ID : ami-12345678
    4/26/2017 11:50:17 AM : Instance-ID : i-12345678
    4/26/2017 11:50:17 AM : Username : Administrator
    4/26/2017 11:50:18 AM : Password : <Password>A123BcdEfgh4iJk/LmNo5pq+rSTuVWXYzAb6CDEfg78g9HIJ012Kl3m4NOpqrstuVWX5yzABcdEfgHYjkLMnoPqr/StUvwXyzA6bCdE/7FgHIjKLMN/OP8qRst9UvW0X1yZABCD2Ef34GHijKlmN5OhyrdoarduIEd7z/ejqWXcVFmgzOkqBgPVyrKR/eD6J8rq0Kq55DQjK5GF1hoDGDgCaAQ5DpkW0pw34CM5ak7UmV22veRhR0To94IvAnpi0sHH/LSraqfIWnoebouUjIK9dFdvYCtds4JfqThPIjZYQYn+DgaKqGFt2m1SdKRwqwGGb3pityiaUZ0P0MUemw==</Password>
    4/26/2017 11:50:18 AM : Message : Windows is ready to use
  2. In the console output, copy the Base64-encoded password located between the <password>...</password> tags and save it in a text file on your machine.

  3. To decode the Base64-encoded password, and then decrypt it using the private key, use the following command:

    Request sample
    $ base64 --decode --input ~/Documents/instance_password.txt | openssl rsautl -decrypt -inkey ~/.ssh/keypair.rsa

    This command contains the following attributes that you need to specify:

    • input: The path to the file containing the encoded password on your computer.
    • inkey: The path to the .rsa file containing the private key of the keypair on your computer
    The password for the instance is returned.



Corresponding API Method


Tutorial: Getting Started with the OUTSCALE Cloud Using Cockpit

Access the Instance Using Microsoft Remote Desktop

Before you begin:

  1. Install Microsoft Remote Desktop on your machine:
  2. Decrypt the password of the instance using one of the three methods above.

  3. To allow the connection from your machine to the instance, ensure the instance has the following security group rule:

    • Port: RDP (3389)
    • Protocol: TCP
    • CIDR: The public IP address of your machine.
    For more information, see Adding Rules to a Security Group.


  1. Open Microsoft Remote Desktop.

  2. Connect to the instance using its public IP address and administrator password.

    - The default user for Windows instances created from official OMIs is administrator.

    - If you are using a VPN or a DirectLink connection, you can use the private IP address of the instance.

    You now have access to the desktop of the Windows instance.



AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.

Windows® is a registered trademark of Microsoft Corporation in the United States and/or other countries.