Mitch McAffee
Mitch McAffee/
How to build a Windows 10 Pro / Enterprise AMI using HyperV
Search
How to build a Windows 10 Pro / Enterprise AMI using HyperV

How to build a Windows 10 Pro / Enterprise AMI using HyperV

Tags
Windows
HyperV
AWS
Published
February 23, 2023
Author
Mitch McAffee
This guide provides a step-by-step guide for building a Windows 10 Pro / Enterprise Amazon Machine Image (AMI) using HyperV. The guide includes instructions for building a VHDX file using HyperV, converting the VHDX to an AMI, and creating a new EC2 instance using the AMI.

Building a VHDX file using HyperV

  1. Download Windows 10 Pro / Enterprise ISO
    1. Windows 10 Enterprise can be obtained with a free 90 day trial
  1. Install Windows 10 in Hyper-V
    1. Open Hyper-V Manager
    2. New → Virtual Machine
    3. Give it a name that makes sense for you (Windows 10 Golden, etc)
        4. notion image
    4. Choose Generation 1
        5. notion image
    5. UNCHECK “Use Dynamic Memory for this virtual machine” and give at least 2GB of memory.
        6. notion image
    6. Choose you connection, Default Switch is fine unless you have specific requirements
        7. notion image
    7. Choose where you want your virtual hard disk to live. Usually the default is fine.
        8. notion image
    8. Select “Install an operating system from a bootable CD/DVD-ROM” and select the Image file (.iso) to your Windows 10 iso from the first step.
        9. notion image
    9. Click Finish to create your machine
  1. Start and connect to your Virtual Machine
  1. Go through the normal windows setup process.
  1. Enable Remote Desktop
  1. Install the EC2 agent service
    1. http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_Install.html
  1. (Optional) Some instance types require a driver to be installed for networking if it uses ENA
    1. https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/enhanced-networking-ena.html
  1. (Optional) Install the GPU Drivers for the GPU of the instance type you are targeting. This is not necessary for non-GPU instances.
    1. https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html
  1. At this point, Windows will have likely created an Automatic Checkpoint which we don’t want. Checkpoints create AVHDX files instead of the VHDX file we want containing the whole file system.
    1. Stop the running Virtual Machine
    2. Right click in the Checkpoints view on the “Automatic Checkpoint” and select “Delete Checkpoint”.
    3. Go in to the settings for your Virtual Machine and then Checkpoints
    4. Disable Checkpoints
        5. notion image
    5. Start and then stop the running Virtual Machine to make sure it was merged

Converting VHDX to an AMI

  1. Install and setup the aws cli
    1. Optionally you can do the steps below manually through the AWS Console
  1. Create an S3 bucket, replacing !!REPLACEME!! with a unique bucket name
    1. aws s3 mb s3://!!REPLACEME_BUCKETNAME!! -region us-west-2
  1. Upload your VHDX file to the S3 bucket, replacing !!REPLACEME!! with the bucket name from above:
      2. cd myvmfolder
aws s3 cp codexaws.vhd s3://!!REPLACEME!! --region us-west-2
  1. Create a trust policy
    1. Place this file somewhere as trust-policy.json
        2. {
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}
    2. aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
  1. Add policy to the vmimport role that was created in the last step
    1. Create a file named role-policy.json and replace !!REPLACEME!! with your S3 bucket name
        2. {
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!"
         ]
      },
      {
         "Effect": "Allow",
         "Action": [
            "s3:GetObject"
         ],
         "Resource": [
            "arn:aws:s3:::!!REPLACEME!!/*"
         ]
      },
      {
         "Effect": "Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource": "*"
      }
   ]
    2. aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
  1. Create the image-builder configuration file containers.json with the following. Make sure to replace !!REPLACEME!! with your bucket name and !!YOURVHDXFILENAME!! with your .vhdx file name in S3: [{ "Description": "Windows 10 Base Install", "Format": "vhd", "UserBucket": { "S3Bucket": "!!REPLACEME!!", "S3Key": "!!YOURVHDXFILENAME!!" } }]
  1. Create the AMI: aws ec2 import-image --description "Windows 10" --disk-containers file://containers.json --region us-west-2
  1. Watch the process with watch aws ec2 describe-import-image-tasks --region us-west-2
  1. Once the process is finished, you can create a new EC2 instance using your new Windows 10 AMI. Make sure that you have installed the ENA if you want to use instance types that use the ENA, which is many of them. If you want to run on a GPU instance, then make sure that you have installed the correct GPU drivers.
 
👌
Thank you to peterforgacs for posting this very useful gist which much of this guide is based off of