GEOG 865
Cloud and Server GIS

Setting up your first Windows instance


Let's create an EC2 instance that is running Windows. The purpose of this exercise is to get you familiar with the basics of Amazon EC2 using some familiar software. Before you attempt this part of the lesson, you need to make sure you've done the following things, which should have been covered during the course orientation. You need to have:

  • Obtained an Amazon account and enabled it for use with Amazon EC2
  • Sent your AWS Account ID to the instuctor to start the process of obtaining Promotional Credits

If you have any doubt about one of these items, contact the course instructor.

Here are the steps for getting Windows running on Amazon EC2. Since Amazon can potentially update their site at any given time, some minor adjustments may be required for these steps. Contact the instructor if you have questions, or, if you find an issue that you are able to work around, please mention it in a comment in the Technical Discussion forum.

  1. Open a web browser to Amazon's AWS Management console page.

    This application is called the AWS Management Console, and it helps you create and manage things on EC2, such as instances. This app has some quirks, and I've found that I have to run it in the Google Chrome browser to completely avoid them. Sometimes it will work in Firefox.
  2. Click Sign in to the AWS Console.
    1. If prompted to choose a Root or IAM user, select the Root option. In a production environment you would likely want to create other IAM users under which to run things. It's generally not recommended to use an Admin or Root login for day-to-day operations, but for our purposes in 865 it will be just fine.
  3. Sign in with your Amazon account name and password.
    You should be taken to a screen with a bunch of Amazon Web Services listed, such as Elastic Beanstalk, S3, etc. These represent all the types of web services that Amazon offers. For now, you're interested only in EC2, which is Amazon's set of web services for renting hardware infrastructure.
  4. Click the EC2 link. On the right, you'll see a summary of all the items you have running in Amazon EC2. There should be nothing listed. On the left, you'll see a menu of different categories of things you can create in EC2, such as Instances, Volumes, Elastic IPs, etc. You'll learn about a few of these as we go along.

    In the upper-right corner, notice that a dropdown list allows you to pick the region you want to work in. It likely reads "US East (N. Virginia)" or a location closer to where you live. Amazon runs EC2 from various data centers placed around the world. You can choose which data center, or region, will house the resources you create. Typically, the closer you can place your region to your end users, the faster your services and apps will appear. But some organizations may also pick a region based on legal requirements relating to countries that can or cannot house their data. Be aware that costs are slightly higher in some regions. You can see a list of costs at Amazon's Elastic Compute Cloud Pricing page. For this course, set the region to "US East (N. Virginia)."

    Before you launch an actual instance, you'll create an Amazon virtual private cloud (VPC) which is sort of your own special space carved out of Amazon's cloud. Instances in a VPC can see each other and your own network fairly easily, but they're not immediately accessible from elsewhere without some extra work on your part. That's a good thing for security.
  5. Click the Services dropdown in the upper left and click VPC (it's under Networking & Content Delivery).

    Creating a VPC is potentially a very technical and complex activity, but it's something most people have to do at first. For that reason, Amazon has made a wizard for setting up a real basic VPC. This will suffice for our purposes.
  6. Click Launch VPC Wizard.
  7. Click Select to select the default option VPC with a single public subnet.
  8. Enter the VPC name as Geog865VPC but do not change any other settings. Then click Create VPC.
  9. Click the Services dropdown in the upper left and click EC2 to go back to the EC2 resources page.
  10. From the left menu, click Instances. Ensure that you are using the N. Virginia region, then click the Launch Instance button.

    A multi-step wizard appears that will help you create an instance. The first thing you're going to do is choose the Amazon Machine Image (AMI) that will determine the software and settings on your instance.
  11. In the list of AMIs, scroll down to the one that says Microsoft Windows Server 2019 Base and click Select.

    You are taken to the Choose an Instance Type panel. On this panel, you'll choose the size, or computing power, of your instance. Micro instances -- low-resource options suitable for many trial situations -- is the type selected by default on this panel. Note that the instance size you choose drastically affects the price that you pay, so follow these instructions carefully.
  12. Select t2.micro. This instance is sufficiently powerful for what we need to do, and at the time of this writing, it's part of the AWS free tier, which means that you won't be billed against your Promotional Credits or your credit card until the free credits that AWS provides in their Free-Tier are exhausted. Then click Next: Configure Instance Details.
  13. You're now viewing a panel where you can choose even more instance settings. A default VPC may be selected as your "Network" option. We want to use the VPC we created in the previous steps, so change the drop-down selection to show the VPC as the destination network for this instance.

    Some of the other settings are beyond the scope of this course. However, you will enable Termination Protection. Terminating your instance deletes it forever. Termination Protection is nothing fancy; it just prevents you from terminating an instance until you explicitly disable termination protection on the instance. It's a way of making you go through an extra step to make sure you don't accidentally do something you didn't intend to do, which is helpful for beginners.
  14. Check the Protect against accidental termination checkbox to enable termination protection.

    The other option on this panel you should know about is the subnet in which your instance will run. A subnet is a piece of your VPC. By default, you just have one, but you can create others and spread them out among different Amazon availability zones (AZs). AZs are Amazon's way of isolating machines within a region to minimize the chance of your site going down. For example, the US West region contains three AZs. The AZs are physically separated from each other. If your site contains multiple servers, you can place them in different AZs to minimize the chance of the full loss of your site if a data center is damaged. We're not doing work of critical importance here, so we'll just continue with the default subnet.
  15. Click Next: Add Storage to move to the next panel. The default storage settings will suffice, so click Next: Tag instance to move to the next panel.

    Now you're at a place where you can type a name for your instance. It used to be that your instances in the console were just assigned an ID. This was hard to keep track of once you had more than just a few instances, so Amazon allows you to type other metadata about the instance. This is stored as name/value pairs.
  16. Click Add Tag. Add a tag with a key of Name and a value of Geog 865 Windows instance. Then click Next: Configure Security Group.

    Now you will set some rules about what type of incoming Internet traffic can access your server. Amazon provides a firewall around every new instance that blocks all incoming traffic. You have to selectively "poke holes" in this firewall to allow appropriate types of communication with your server. In EC2 lingo, the set of rules that you create is called a Security Group.

    On the Security Group panel, you have the option of creating a new group or using one that you've created previously. You'll stick with the default new group option.
  17. Assign a group name such as Geog 865 Security Rules and a description, if desired.

    Your new security group will start out with a rule allowing Remote Desktop (RDP) access, so you can log in to your instance and administer it. Windows Remote Desktop requires port 3389 to be open. Note the Source IP address, which defaults to, which basically allows any IP (i.e., any computer) to use Remote Deskop to access your machine. You do not typically open RDP access to all addresses ( ). Instead, you specify your local computer's IP address or your organization's range of IP addresses using; this is much more secure approach that you would use in a production setting. For our purposes in Geog865, leave the option set to, or choose the option "Anywhere-IPv4." This allows any computer to use Remote Desktop to contact your Instance. They will still need your Windows username and password to log in, but the firewall on your EC2 instance won't block it. This will avoid difficulties if you happen to use a different computer to work on your instance, or if you use your laptop in a public wi-fi environment, like Starbucks, which will assign your computer a different IP everytime you connect.
  18. Click the Add Rule button and select HTTP from the Protocol dropdown list, with a source of Anywhere. You have just allowed HTTP access on Port 80 to everyone, thereby letting Internet users access your web services. Port 80 is the most common port used on the Internet for incoming web traffic into a server.

    Once you're done applying these two rules for HTTP and RDP, click Review and Launch.

    EC2 has all the information it has to launch your instance at this point.
  19. The wizard window now shows a summary of the instance that will be created. Examine it, then click Launch.

    The last step in this process has to do with logging into your instance for the first time. You need to get special file called a key pair that allows you to retrieve the instance's administrator password. This is a one-time action; you can use this key pair for the rest of the instances you launch in the course.

    Select Create a new key pair, type a name for your key pair (e.g., geog865), then click Download Key Pair. A small, text-based file with the extension of .pem will be downloaded to your machine. Keep this key pair file in a safe place that you remember for later in the course.

    After downloading your key pair, click the Launch Instances button. You should see a page that logs the initial steps of your instance's launch along with some instructions on how to connect to it.
  20. Click the View Instances button at the bottom of the page. This will take you back to the EC2 console, where you should see your instance listed. Within a minute or two, you'll see its status change from pending to running, but this does not mean the instance is ready yet. It takes around 10 minutes for Windows and the software running on your instance to configure itself. It's best not to disturb the instance while this is occurring.

    Because you created your instance in Amazon VPC, it's not publicly visible by default. Furthermore, the name of the instance will change every time you stop and start the instance. In order to reach your instance in a consistent fashion from a remote desktop connection, you'll need to set up an Amazon Elastic IP. This is an unchanging address that Amazon allocates to you for your use. You can then associate it with any instance you choose. Every time you stop and start the instance, you'll associate it with this IP address.
  21. At least 10 minutes after performing the previous step, open the AWS Management Console, enter the EC2 Dashboard, and click Elastic IPs.
  22. Click Allocate New Address, and then Allocate using Amazon's pool of IPv4 addresses.
  23. You should see an address appear in your list of Elastic IPs, such as (You may need to Clear Filters to see any other IPs you already have.)
  24. Check the box next to your new Elastic IP and click Actions > Associate address.
  25. Choose your Geog 865 Windows instance from the dropdown list and click Associate.

    IMPORTANT NOTE: The Elastic IP you create at this step must remain constant for the duration of this course. Please avoid deleting the Elastic IP or using new ones. You may create and destroy machine Instances, to which you associate the Elastic IP, but the Elastic IP itself must stay the same.
  26. Notify me as soon as you've established your Elastic IP. Tell me what your Elastic IP is so I can help get a domain name for your server (a requirement for ArcGIS Enterprise). I will also help get everyone an SSL Certificate for your server (also a requirement for ArcGIS Enterprise). The Certificate will be associated with your domain name, so we need to get that established first. The process of registering domain names takes some time, so try to get me your IP as soon as possible.

Once you launch an instance, the instance starts automatically and your Amazon bill begins accruing. It's very important to understand that you begin amassing charges right away; Amazon does not wait until you log in to your instance to begin charging you. In order to control costs, you need to stop your instance whenever you aren't using it. Before you take a break, please immediately continue reading the next section of the lesson to understand how to properly stop and start your instance.