CloudFormation EC2 Windows Administrator Password

Question

I'm creating EC2 Windows instances with help of CloudFormation. If you want to connect to Windows instance you have to go through this steps.

One of steps requires administrator username and password. You can manually check password at CLI. But could I write admin's username/password t Outputs section of my CloudFormation stack?

score 1 · Accepted Answer · answered Jan 24 '19 at 01:50

You have a few ways to would be suitable.

Take in parameters for username and password for CloudFormation. Use the NoEcho parameter. You can then do a !Ref AdminPassword in the output but this is really not a good idea.

Template

Parameters:
  AdminPassword:
    Description: Admin Password
    Type: String
    NoEcho: true
    MinLength: 8
    MaxLength: 32
    ConstraintDescription: Must be at least 8 chars long

You also need to add this to userdata using !Sub to string replace

<powershell>
cmd.exe /c net user /add admin ${AdminPassword}
cmd.exe /c net localgroup administrators admin /add
cmd.exe /c NET localgroup "Remote Desktop Users" admin /ADD
<powershell>

You can run the aws cli

aws ec2 --region ap-southeast-2 get-password-data --priv-launch-key secret.pem --instance-id i-123123124

SSM parameters are a good option too

score 0 · Answer 2 · answered Jan 23 '19 at 19:25

Not sure there is a direct way to get the password in the outputs section of CFN template, but you may call a lambda with the API Call getpassworddata https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html

This link explains how you can call the lambda function to retrieve any output via an s3 object Can AWS CloudFormation call the AWS API?

CloudFormation EC2 Windows Administrator Password

2 Answers2