Earlier, i had a scenario that i need to launch a Windows custom EBS AMI from Amazon EC2 and log-in to the machine. Unfortunately, I don’t have the password for that AMI. If you right-click on that instance and requiring password by triggering an API call to the AWS service – “Get Windows Password”, you will get the result (Password – Not available yet.). But, its never asked me to paste the key file that is associated to that instance for decrypt the password. Since, the password re-generation option was disabled by default. There is a EC2 config xml file, where ‘EC2Setpassword’ element state you can change ‘Enabled / Disabled’ modes. If you make this state as ‘Enabled’, it will re-generate a password for you, if you have ‘Diasabled’ state then you have to be used your password that you have given before bundle this AMI.
Ec2SetPassword Disabled Ec2SetComputerName Disabled ...
So what i did, i stopped this instance and de-attached the root volume and attached to linux instance and modified the Ec2Service config file. Steps detailed in below.
- Stopped the windows instance and detached the root volume (/dev/sda1)
- Launched a micro Linux instance and attached, mounted this root NTFS volume (mount -t ntfs-3g /dev/xvdf2 /mnt/temp/) on the Linux machine and opened the config.xml (/mnt/temp/Program Files/Amazon/Ec2ConfigService/Settings/config.xml) and changed the “Ec2SetPassword” password state from “Disabled” to “Enabled” and saved the file
- Detached that volume from Linux and terminated the Linux machine
- Attached this Root volume to windows machine again and started the machine
- In a few seconds, the “Get Windows Password” triggered the password generation window and asked the “.pem” file and password has been generated
After, the XML looks like
Ec2SetPassword Enabled ...