Recovering Access to Your EC2 Instance with Systems Manager Agent
Question
You've accidentally lost the administrator password for an EBS-backed Windows Server EC2 instance.
The instance has the Systems Manager agent installed.
You want to regain access to your instance.
What is the easiest way to resolve this issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is CORRECT because using the SSM run command to run the AWSSupport-RunEC2RescueForWindowsTool command document with the ResetAccess command is the easiest way to reset a lost Windows Server password.
Option B is incorrect because there is no Reset Instance Password option under Actions, Instance Settings.
Option C is incorrect because the Import-EC2KeyPair command imports a key pair into the AWS EC2 Console and is not used to reset the password for a windows machine.
Option D is incorrect because it is not the easiest and quickest solution.
This option requires provisioning of a recovery Windows Server EC2 instance, installing EC2Rescue Tool, and manually resetting the password.
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/reset-admin-password/The easiest way to regain access to an EBS-backed Windows Server EC2 instance for which the administrator password has been lost is to use the Systems Manager agent.
Option A: Use Systems Manager Run Command to run AWSSupport-RunEC2RescueForWindowsTool command document.
This is the correct answer. The Systems Manager agent provides a Run Command feature that enables you to execute commands on your EC2 instances. You can use this feature to run the AWSSupport-RunEC2RescueForWindowsTool command document. This document automates the process of creating a new temporary instance, detaching the root volume of the affected instance, attaching the root volume to the temporary instance, and then modifying the password of the local administrator account. Once the password has been reset, the root volume is detached from the temporary instance and reattached to the original instance. This process can take up to 30 minutes to complete.
Option B: Open Amazon EC2 console. Under Instances, select the specific instance. Under Actions, Instance Settings, choose the Reset Instance Password option.
This option is not the best choice because it requires the instance to be stopped, which may cause downtime for your application. In addition, resetting the password using this method will not work if the instance has been joined to a domain.
Option C: Generate a new key pair. Use Import-EC2KeyPair AWS Tools for Windows PowerShell command.
This option is not relevant to the issue of resetting a lost administrator password. Generating a new key pair and importing it using the AWS Tools for Windows PowerShell command is used to enable secure access to an EC2 instance by providing the private key to authenticate the remote user.
Option D: Use EC2Rescue Tool. Choose Diagnose and Rescue. Select Ec2SetPassword.
This option is not the best choice because it requires the installation of the EC2Rescue tool, which may not be available on all instances. In addition, it requires stopping the instance, which may cause downtime for your application.
In conclusion, the easiest way to regain access to an EBS-backed Windows Server EC2 instance for which the administrator password has been lost is to use the Systems Manager agent and execute the AWSSupport-RunEC2RescueForWindowsTool command document.
