-
Notifications
You must be signed in to change notification settings - Fork 356
Upload Windows 10 AMI to AWS
Inspired by: https://gist.github.com/peterforgacs/abebc777fcd6f4b67c07b2283cd31777
Download the windows image you want.
AWS vmimport supported versions: Microsoft Windows 10 (Professional, Enterprise, Education) (US English) (64-bit only)
So Home wont work.
You can download the trial Enterprise trial here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
- Use virtualbox to create a new virtual machine, make sure that it uses the VHD format (The OS is 20 gigabyte).
- Install the Windows 10 image onto it.
- Make sure to set a username password on the administrator account otherwise cannot connect trough remote desktop.
- Create an adminstrator user with the name admin and the password admin
- Change the ethernet connection profile to private
- Add firewall rules for winrm:
netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow
- Configure winrm
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
- Start -> Allow remote access to your computer
- Allow remote connections to this computer
- Install ec2 configure service http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_Install.html
- Restart the virtual machine.
- Wait for windows 10 updates to install.
- Exit the virtual machine.
The bucketname must be unique.
aws s3 mb s3://ami-windows10
Move to the folder you store the virtual machine file and upload the virtual image to the s3 bucket.
cd myvmfolder
aws s3 cp windows10.vhd s3://ami-windows10
Create a trust policy in the file trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
Create a vmimport role and add vim import/export access to it.
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
Create a file named role-policy.json replace the !!REPLACEME!! to the bucketname you are using.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::!!REPLACEME!!"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::!!REPLACEME!!/*"
]
},
{
"Effect": "Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
Add the policy to the vmimport role.
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
Create a configuration file on your computer called containers.json. Replace bucketname and myimage.vhd with your bucket and image name.
[{ "Description": "Windows 10 Base Install", "Format": "vhd", "UserBucket": { "S3Bucket": "ami-windows10", "S3Key": "windows10.vhd" } }]
aws ec2 import-image --description "Windows 10" --disk-containers file://containers.json --region eu-central-1
This may take a while you can check on the status of the import.
aws ec2 describe-import-image-tasks --region eu-central-1
When the import status is completed you can head to the EC2 console and select the correct region.
- Add the ami name into attack_range.conf to the option windows_client_os, e.g. windows_client_os = import-ami-0e5a092cc20dbb992