Amazon Windows EC2Config Service

Developer Tools>Amazon Windows EC2Config Service
Community Contributed Software

  • Amazon Web Services provides links to these packages as a convenience for our customers, but software not authored by an "@AWS" account has not been reviewed or screened by AWS.
  • Please review this software to ensure it meets your needs before using it.

A Windows service which provides extended EC2 functionality such as writting to the console, setting the instance password, userdata execution, product activation and sysprep.


Submitted By: manoghos@AWS
AWS Products Used: Amazon Elastic Compute Cloud
Languages(s): English
Created On: January 7, 2013 5:16 PM GMT
Last Updated: May 12, 2016 7:03 AM GMT
    Published by Amazon Web Services (

    Amazon Windows AMIs contain a service installed by Amazon Web Services; the EC2Config service. Although optional, this service provides access to advanced features that are not otherwise available. This service runs in the LocalSystem account and performs tasks on the instance such as Windows Activation, setting the Administrator password, executing userdata, Cloud Formation Execution (requires Cloud Formation executable), writing to the AWS Console and one click sysprep from within the application. Its binaries and additional files are contained in the %ProgramFiles%\Amazon\EC2ConfigService directory. For more information about the service, please visit Configuring a Windows Instance Using the EC2Config Service.

    To find Amazon Windows AMIs, please visit the AWS Marketplace, AMI Catalog, or search the AWS Management Console for Amazon Images/Windows.


  • .Net framework 3.5 SP1 or greater
  • Installation Instructions

  • Follow the Installing the Latest Version of EC2Config instructions to update EC2Config Service on the instance
  • Troubleshooting

  • Log file will be created at 'C:\Program Files\Amazon\Ec2ConfigService\Logs\Ec2MsiInstall.txt' and can be reviewed for details
  • (Optional) If you have a version of EC2Config that is earlier than version 2.1.19 and you are trying to upgrade upto 2.2.12, you must first update to version 2.1.19, and then update to the current version. To update to version 2.1.19, download, unzip the file, and then run EC2Install.exe. Please note this issue has been fixed in 2.3.313 version.
  • Notifications

  • Amazon SNS can notify you when new versions of the EC2Config service are released. Follow Subscribing to EC2Config Service Notifications to receive these notifications
  • Feedback

    Your feedback will be extremely useful in further improving this tool. You can submit your feedback and suggestions here.

    What's New

  • Added support to log "Window is Ready to use" event to Windows Event Log on start.
  • Fix to allow uploading run command output to S3 bucket names with '.' character.
  • Added support to override InitializeDisks plugin settings. For example: To speed up SSD disk initialize, you can temporarily disable TRIM by specifying this in userdata:
    <InitializeDrivesSettings><SettingsGroup>FormatWithoutTRIM</SettingsGroup></InitializeDrivesSettings> .
  • SSM RunCommand - Fixes to process commands reliably after windows reboot.
  • Fix to gracefully handle reboot when running commands/scripts.
  • Fix to reliably cancel running commands.
  • Add support for (optionally) uploading MSI logs to S3 when installing applications via Run Command.
  • to reliably unzip when installing PowerShell modules.
  • Fixes to enable RDP thumbprint generation for Windows 2003.
  • Fixes to include timezone and UTC offset in the EC2Config log lines.
  • SSM support to run commands in parallel.
  • Roll back previous change to bring partitioned disks online.
  • Fix SSM (Simple Systems Manager) configuration failures when installing MSI applications.
  • Fix to reliably bring storage disks online.
  • Updates to improve support for AWS services.
  • Fix in post sysprep script to leave the configuration of windows update in a default state.
  • Fix the password generation plugin to improve the reliability in getting GPO password policy settings.
  • Restrict EC2Config/SSM log folder permissions to the local Administrators group.
  • Updates to improve support for AWS services.
  • Fixed an issue with CloudWatch that prevented logs from getting uploaded when not on primary drive.
  • Improved the disk initialization process by adding retry logic.
  • Added improved error handling when the SetPassword plugin occasionally failed during AMI creation.
  • Updates to improve support for AWS services.
  • Improvements to the ec2config-cli utility for config testing and troubleshooting within instance.
  • Avoid adding static routes for KMS and meta-data service on an OpenVPN adapter.
  • Fixed an issue where user-data execution was not honoring the "persist" tag.
  • Improved error handling when logging to the EC2 console is not available.
  • Updates to improve support for AWS services.

  • Windows activation reliability fix to first use link local address for activating windows via KMS
  • Improved proxy handling for SSM, Windows Activation and Domain Join scenarios
  • Fixed an issue where duplicate lines of user accounts were added to the sysprep answer file

  • Addressed a scenario where the CloudWatch plugin may consume excessive CPU and memory reading Windows Event Logs
  • Added a link to the CloudWatch configuration documentation in the EC2Config Settings UI

  • Fixes to EC2Config when used in combination with VM-Import.
  • Fixed service naming issue in the WiX installer.

  • Improved exception handling for ssm and domain join failures.
  • Change to support SSM schema versioning.
  • Fixed formatting ephemeral disks on Win2K3.
  • Change to support configuring disk size greater than 2TB.
  • Reduced virtual memory usage by setting GC mode to default.
  • Support for downloading artifacts from UNC path in aws:psModule and aws:application plugin.
  • Improved logging for Windows activation plugin.

  • Performance improvements by delay loading SSM assemblies.
  • Improved exception handling for malformed sysprep2008.xml.
  • Command line support for SSM "Apply" configuration.
  • Change to support domain join when there is a pending computer rename.
  • Support for optional parameters in the aws:applications plugin.
  • Support for command array in aws:psModule plugin.

  • Enable support for EC2 Simple Systems Manager (SSM) API's.
  • Automatically domain join EC2 Windows instances to an AWS directory via SSM.
  • Configure and upload CloudWatch logs/metrics via SSM.
  • Install PowerShell modules via SSM.
  • Install MSI applications via SSM.

  • Added scheduled task to recover EC2Config from service startup failures.
  • Improvements to the Console log error messages.
  • Updates to improve support for AWS services.

  • Fixed an issue with large memory consumption in some cases when the CloudWatch Logs feature is enabled.
  • Fixed an upgrade bug so that ec2config versions lower than 2.1.19 can now upgrade to latest.
  • Updated COM port opening exception to be more friendly and useful in logs.
  • Ec2configServiceSettings UI disabled resizing and fixed the attribution and version display placement in UI.

  • Handled NullPointerException while querying a registry key for determining Windows Sysprep state which returned null occasionally.
  • Freed up unmanaged resources in finally block.

  • Fixed a issue in CloudWatch plugin for handling empty log lines.

  • Removed configuring CloudWatch Logs settings through UI.
  • Enable users to define CloudWatch Logs settings in %ProgramFiles%\Amazon\Ec2ConfigService\Settings\AWS.EC2.Windows.CloudWatch.json file to allow future enhancements.

  • Fixed unhandled exception and added logging.

  • Fixes Windows OS version check in Ec2Config Installer to support Windows 2003 Sp1 and above.
  • Fixes null value handling when reading registry keys related to updating sysprep config files.

  • Added support for EC2Config to run during Sysprep execution for Windows 2008 and greater.
  • Improved exception handling and logging for better diagnostics

  • Reduced the load on the instance and on CloudWatch Logs when uploading log events.
  • Addressed an upgrade issue where the CloudWatch Logs plug-in did not always stay enabled

  • Added support to upload logs to CloudWatch Log Service.
  • Fixed a race condition issue in Ec2OutputRDPCert plug-in
  • Changed Ec2Config Service recovery option to Restart from TakeNoAction
  • Added more exception information when Ec2Config Crashes

  • Fixed a typo in PostSysprep.cmd
  • Fixed the bug which Ec2Config does not pin itself onto start menu for OS2012+

  • Added option to install EC2Config without service starting immediately upon install. To use, run 'Ec2Install.exe start=false' from the command prompt
  • Added parameter in wallpaper plugin to control adding/removing wallpaper. To use, run 'Ec2WallpaperInfo.exe set' or 'Ec2WallpaperInfo.exe revert' from the command prompt
  • Added checking for RealTimeIsUniversal key, output incorrect settings of the RealTimeIsUniveral registry key to the Console
  • Removed Ec2Config dependency on Windows temp folder
  • Removed UserData execution dependency on .Net 3.5

  • Added check to service stop behavior to check that resources are being released
  • Fixed issue with long execution times when joined to domain

  • Updated Installer to allow upgrades from older versions
  • Fixed Ec2WallpaperInfo bug in .Net4.5 only environment
  • Fixed intermittent driver detection bug
  • Added silent install option. Execute Ec2Install.exe with the '-q' option. eg: 'Ec2Install.exe -q'

  • Added support for .Net4 and .Net4.5 only environments
  • Updated Installer

  • Added Ephemeral Disk labeling support when using Intel network driver (eg. C3 instance Type)
  • Added AMI Origin Version and AMI Origin Name support to the console output
  • Made changes to the Console Output for consistent formatting/parsing
  • Updated Help File

  • Added Ec2Config WMI Object for Completion notification (-Namespace root\Amazon -Class EC2_ConfigService)
  • Improved Performance of Startup WMI query with large Event Logs; could cause prolonged high CPU during initial execution

  • Fixed UserData execution issue with Standard Output and Standard Error buffer filling
  • Fixed incorrect RDP thumbprint sometimes appearing in Console Output for >= w2k8 OS
  • Console Output now contains 'RDPCERTIFICATE-SubjectName:' for Windows 2008+, which contains the machine name value
  • Added D:\ to Drive Letter Mapping dropdown
  • Moved Help button to top right and changed look/feel
  • Added Feedback survey link to top right

  • General Tab includes link to Ec2Config download page for new Versions
  • Desktop Wallpaper overlay now stored in Users Local Appdata folder instead of My Documents to support MyDoc redirection
  • MSSQLServer name sync'd with system in Post-Sysprep script (2008+)
  • Reordered Application Folder (moved files to Plugin directory and removed duplicate files)
  • Changed System Log Output (Console):
  • *Moved to a date, name, value format for easier parsing (Please start migrating dependencies to new format)
  • *Added 'Ec2SetPassword' plugin status
  • *Added Sysprep Start and End times
  • Fixed issue of Ephemeral Disks not being labeled as 'Temporary Storage' for non-english Operating Systems
  • Fixed Ec2Config Uninstall failure after running Sysprep

  • Optimized requests to the Metadata service
  • Metadata now bypass Proxy Settings
  • Ephemeral Disks labeled as 'Temporary Storage' and Important.txt placed on volume when found (Citrix PV drivers only)
  • Ephemeral Disks assigned drive letters from Z to A (Citrix PV drivers only) - assignment can be overwritten using Drive Letter Mapping plugin with Volume labels 'Temporary Storage X' where x is a number 0-25)
  • UserData now executes immediately following 'Windows is Ready'

  • Desktop wallpaper fixes

  • Desktop wallpaper will display hostname by default
  • Removed dependency on Windows Time service
  • Route added in cases where multiple IPs are assigned to a single interface

  • Changes made to Ec2Activation Plugin
  • -Verifies Activation status every 30 days
  • -If Grace Period has 90 days remaining (out of 180), reattempts activation

  • Desktop wallpaper overlay no longer persists with Sysprep or Shutdown without Sysprep
  • Userdata option to execute on every service start with <persist>true</persist>
  • Changed location and name of /DisableWinUpdate.cmd to /Scripts/PostSysprep.cmd
  • Administrator password set to not expire by default in /Scripts/PostSysprep.cmd
  • Uninstall will remove Ec2Config PostSysprep script from c:\windows\setup\script\CommandComplete.cmd
  • Add Route supports custom interface metrics

  • UserData Execution no longer limited to 3851 Characters

  • OS Version and language identifier written to console
  • Ec2Config version written to console
  • PV driver version written to console
  • Detection of Bug Check and output to the console on next boot when found
  • Option added to config.xml to persist sysprep credentials
  • Add Route Retry logic in cases of ENI being unavailable at start
  • User Data execution PID written to console
  • Minimum generated password length retrieved from GPO
  • Set service start to retry 3 attempts
  • Added S3_DownloadFile.ps1 and S3_Upload file.ps1 examples to /Scripts folder

  • Version information added to General tab
  • Renamed the Bundle tab to Image
  • Simplified the process of specifying passwords and moved the password-related UI from the General tab to the Image tab
  • Renamed the Disk Settings tab to Storage
  • Added a Support tab with common tools for troubleshooting
  • Windows 2003 sysprep.ini set to extend OS partition by default
  • Added the private IP address to the wallpaper
  • Sysprep 2003 expand Root Volume
  • Private IP address displayed on wallpaper
  • Added retry logic for Console output
  • Fixed Com port exception for metadata accessibility -- caused Ec2Config to terminate before console output is displayed
  • Checks for activation status on every boot -- activates as necessary
  • Fixed issue of relative paths -- caused when manually executing wallpaper shortcut from startup folder; pointing to Administrator/logs
  • Fixed default background color for Windows 2003 user (other than Administrator)

  • Console timestamps in UTC (Zulu)
  • Removed appearance of hyperlink on Sysprep tab
  • Addition of feature to dynamically expand Root Volume on first boot for Windows 2008+
  • When Set-Password is enabled, now automatically enables EC2Config to set the password
  • EC2Config checks activation status prior to running Sysprep (presents warning if not activated)
  • Windows 2003 Sysprep.xml now defaults to UTC timezone instead of Pacific
  • Randomized Activation Servers
  • Renamed Drive Mapping tab to Disk Settings
  • Moved Initialize Drives UI items from General to the Disk Settings tab
  • Help button now points to HTML help file
  • Updated HTML help file with changes
  • Updated 'Note' text for Drive Letter Mappings
  • Added InstallUpdates.ps1 to /Scripts folder for automating Patches and cleanup prior to Sysprep

  • Desktop wallpaper displays instance information by default upon first logon (not disconnect/reconnect)
  • PowerShell can be executed from the userdata by surrounding the code with <powershell></powershell>
©2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.