GEOG 865
Cloud and Server GIS

Setting up your first Windows instance


Let's create an EC2 instance that is running Windows. The purpose of this exercise is to get you familiar with the basics of Amazon EC2 using some familiar software. Before you attempt this part of the lesson, you need to make sure you've obtained an Amazon account and enabled it for use with Amazon EC2. This should have been covered during the course orientation.

If you have any doubt about the above, contact the course instructor.

Here are the steps for getting Windows running on Amazon EC2. Since Amazon can potentially update their site at any given time, some minor adjustments may be required for these steps. Contact the instructor if you have questions, or, if you find an issue that you are able to work around, please mention it in a comment in the Technical Discussion forum.

  1. Open a web browser to Amazon's AWS Management console page.

    This application is called the AWS Management Console, and it helps you create and manage things on EC2, such as instances. This app has some quirks, and I've found that I have to run it in the Google Chrome browser to completely avoid them. Sometimes it will work in Firefox.
  2. Click Sign in to the AWS Console.
    1. If prompted to choose a Root or IAM user, select the Root option. In a production environment you would likely want to create other IAM users under which to run things. It's generally not recommended to use an Admin or Root login for day-to-day operations, but for our purposes in 865 it will be just fine.
  3. Sign in with your Amazon account name and password.
    You should be taken to a screen with a bunch of Amazon Web Services listed, such as Elastic Beanstalk, S3, etc. These represent all the types of web services that Amazon offers. For now, you're interested only in EC2, which is Amazon's set of web services for renting hardware infrastructure.
  4. Click the EC2 link. On the right, you'll see a summary of all the items you have running in Amazon EC2. There should be nothing listed. On the left, you'll see a menu of different categories of things you can create in EC2, such as Instances, Volumes, Elastic IPs, etc. You'll learn about a few of these as we go along.

    In the upper-right corner, notice that a dropdown list allows you to pick the region you want to work in. It likely reads "US East (N. Virginia)" or a location closer to where you live. Amazon runs EC2 from various data centers placed around the world. You can choose which data center, or region, will house the resources you create. Typically, the closer you can place your region to your end users, the faster your services and apps will appear. But some organizations may also pick a region based on legal requirements relating to countries that can or cannot house their data. Be aware that costs are slightly higher in some regions. You can see a list of costs at Amazon's Elastic Compute Cloud Pricing page. For this course, set the region to "US East (N. Virginia)."

    Before you launch an actual instance, you'll create an Amazon virtual private cloud (VPC) which is sort of your own special space carved out of Amazon's cloud. Instances in a VPC can see each other and your own network fairly easily, but they're not immediately accessible from elsewhere without some extra work on your part. That's a good thing for security.
  5. Click the Services dropdown in the upper left and click VPC (it's under Networking & Content Delivery).

    Creating a VPC is potentially a very technical and complex activity, but it's something most people have to do at first. For that reason, Amazon has made a wizard for setting up a real basic VPC. This will suffice for our purposes.
  6. Click Create VPC.
  7. Select the the VPC and more option.
  8. Leave the Auto-generate box checked, and enter a name like Geog865VPC in the box below it.
  9. Leave the default value,, in the IPv4 CIDR block box. This is a default private IP address range for your machine that's only visible to other machines within your VPC. You'll create an Elastic IP later which will be the public address we'll use with ArcGIS Enterprise.
  10. Leave the other options in their default settings and click Create VPC.
  11. Click the Services dropdown in the upper left and click EC2 to go back to the EC2 resources page.
  12. From the left menu, click Instances. Ensure that you are using the N. Virginia region, then click the Launch Instance button.

    Now you're at a place where you can type a name for your instance. It used to be that your instances in the console were just assigned an ID. This was hard to keep track of once you had more than just a few instances, so Amazon allows you to type other metadata about the instance. This is stored as name/value pairs.
  13. Enter something like, Geog 865 Windows instance, in the Name box. 
  14. In the list of AMIs, browse in the Windows section and select the one that's called Microsoft Windows Server 2019 Base.

    The next section provides Instance Type options. On this panel, you'll choose the size, or computing power, of your instance. Micro instances -- low-resource options suitable for many trial situations -- is the type selected by default on this panel. Note that the instance size you choose drastically affects the price that you pay, so follow these instructions carefully.
  15. Select t2.micro. This instance is sufficiently powerful for what we need to do, and at the time of this writing, it's part of the AWS free tier, which means that you won't be billed against your credit card until the free credits that AWS provides in their Free-Tier are exhausted. Then click Next: Configure Instance Details.

    The next step in this process has to do with logging into your instance for the first time. You need to get special file called a key pair that allows you to retrieve the instance's administrator password. This is a one-time action; you can use this key pair for the rest of the instances you launch in the course.
  16. Click the link to Create a new key pair, type a name for your key pair (e.g., geog865), then click Create Key Pair. A small, text-based file with the extension of .pem will be downloaded to your machine. Keep this key pair file in a safe place that you remember for later in the course.
  17. In the Network Settings section, a default VPC may be selected. We want to use the VPC we created in the previous steps, so click the Edit button and change the drop-down selection to show your VPC as the destination network for this instance.
  18. Confirm that the Subnet box shows one of your "public" subnets. This specifies that the resource we are creating will have access to the Internet.
  19. Leave the Create Security Group option selected and enter a name like, Geog 865 Security Rules and a description, if desired. Machine instances you create will operate under the firewall settings you specify here.

    Your new security group will start out with a rule allowing Remote Desktop (RDP) access, so you can log in to your instance and administer it. Windows Remote Desktop requires port 3389 to be open. Note the Source IP address, which defaults to Anywhere (, which basically allows any IP (i.e., any computer) to use Remote Deskop to access your machine. You do not typically open RDP access to all addresses ( ). Instead, you specify your local computer's IP address or your organization's range of IP addresses using; this is a much more secure approach that you would use in a production setting. For our purposes in Geog865, leave the option set to Anywhere ( This allows any computer to use Remote Desktop to contact your Instance. They will still need your Windows username and password to log in, but the firewall on your EC2 instance won't block it. This will avoid difficulties if you happen to use a different computer to work on your instance, or if you use your laptop in a public wi-fi environment, like Starbucks, which will assign your computer a different IP everytime you connect.
  20. Click the Add Security Group Rule button and select HTTP from the Protocol dropdown list, with a source of Anywhere. You have just allowed HTTP access on Port 80 to everyone, thereby letting Internet users access your web services. Port 80 is the most common port used on the Internet for incoming web traffic into a server.

    Some of the other settings are beyond the scope of this course. However, you will enable Termination Protection. Terminating your instance deletes it forever. Termination Protection is nothing fancy; it just prevents you from terminating an instance until you explicitly disable termination protection on the instance. It's a way of making you go through an extra step to make sure you don't accidentally do something you didn't intend to do, which is helpful for beginners.
  21. Expand the Advanced Details section and Enable Termination Protection.
  22. The last section shows a summary of the instance that will be created. Examine it, then click Launch Instance.
  23. Return to the Instances section of the EC2 console, where you should see your instance listed. Within a minute or two, you'll see its status change from pending to running, but this does not mean the instance is ready yet. It takes around 10 minutes for Windows and the software running on your instance to configure itself. It's best not to disturb the instance while this is occurring.

    Because you created your instance in Amazon VPC, it's not publicly visible by default. Furthermore, the name of the instance will change every time you stop and start the instance. In order to reach your instance in a consistent fashion from a remote desktop connection, you'll need to set up an Amazon Elastic IP. This is an unchanging address that Amazon allocates to you for your use. You can then associate it with any instance you choose. Every time you stop and start the instance, you'll associate it with this IP address.
  24. At least 10 minutes after performing the previous step, open the AWS Management Console, enter the EC2 Dashboard, and click Elastic IPs.
  25. Click Allocate New Address, and then Allocate using Amazon's pool of IPv4 addresses.
  26. You should see an address appear in your list of Elastic IPs, such as (You may need to Clear Filters to see any other IPs you already have.)
  27. Check the box next to your new Elastic IP and click Actions > Associate address.
  28. Choose your Geog 865 Windows instance from the dropdown list and click Associate.

    IMPORTANT NOTE: The Elastic IP you create at this step must remain constant for the duration of this course. Please avoid deleting the Elastic IP or using new ones. You may create and destroy machine Instances, to which you associate the Elastic IP, but the Elastic IP itself must stay the same.
  29. Notify me as soon as you've established your Elastic IP. Tell me what your Elastic IP is so I can help get a domain name for your server (a requirement for ArcGIS Enterprise). I will also help get everyone an SSL Certificate for your server (also a requirement for ArcGIS Enterprise). The Certificate will be associated with your domain name, so we need to get that established first. The process of registering domain names takes some time, so try to get me your IP as soon as possible.

Once you launch an instance, the instance starts automatically and your Amazon bill begins accruing. It's very important to understand that you begin amassing charges right away; Amazon does not wait until you log in to your instance to begin charging you. In order to control costs, you need to stop your instance whenever you aren't using it. Before you take a break, please immediately continue reading the next section of the lesson to understand how to properly stop and start your instance.