How to Reset Password to an Amazon EC2 Windows Instance by using Automation Document

At times, system professionals may need to reset their AWS EC2 instance passwords. Whilst we walk you through the steps to reset using Automation Document, we have also covered an article on resetting EC2 instance password using System Manager which can be read here.

Once you execute automation document AWSSupport-ResetAccess, it will do the following steps to reset your Windows password:

  • Creates and configures VPC
  • Creates subnet
  • Launches Windows Server helper instance
  • Stops the target instance, and creates a backup
  • Attaches the target’s root volume to the helper instance
  • Uses Run Command to run EC2Rescue on the helper instance
  • Reattaches the root volume and restarts the target instance
  • Clean up temporary resources, except for the backup AMI

This procedure consists of two steps. The first one is to collect instance ID and the second one is to execute an automation document.

Step 1: Collect instance ID

In the first step, we will collect the instance ID from the Amazon EC2 instance which can not be accessible due to the issue with a forgotten password.

  1. Login into AWS Management Tools
  2. Click on Services and then click on EC2
  3. Click on Running instances
  4. Select the instance and then click on the Description tab
  5. Copy the instance ID to the clipboard. In our case, it is i-07df312d5e15670a5. We will need to type this instance ID to the automation document in step 2.


Step 2: Execute automation document AWSSupport-ResetAccess

In the second step, we will create an automation document that will trigger the AWSSupport-ResetAccess command to reset the Windows password.

  1. Click on Services and search for AWS System Manager. Once it is found, please open it.
  2. On the left side of the window, click on Automation under Action & Change
  3. Click on Execute automation
  4. Type AWSSupport-ResetAccess under Automation document
  5. Click on the automation document AWSSupport-ResetAccess and then click on Next
  6. Select Simple execution
  7. Type the instance id under Input Parameters > InstanceId as shown in the screenshot below
  8. Click on Execute. The progress will be shown under Execution status.
  9. Click on Automation under Action & Change to see access the execution ID
  10. Once the execution is successfully finished, it will be visible under Status. As you can see, execution ID f079e28c-ffb3-4de2-83e4-fb2c5974f431 is successfully executed.
  11. Click on Execution ID to access your password
  12. Expand Outputs to see more information about the new password.

Jasmin Kahriman

Jasmin is a tech-savvy Systems Engineer with over 15 years of experience in IT infrastructure, holding multiple IT certifications including CNIP, MTA, MCP, MCSA, MCT, Server+, and Network+.