From the Canyon Edge -- :-Dustin

Friday, April 1, 2011

Windows in EC2 takes 15-30 minutes to generate a password? What the...?!?

I needed to check something on Windows today.  I don't have any Windows installations locally, so my good buddy Scott Moser suggested  that I just launch one in EC2.  A t1.micro Windows instances costs something like $0.03/hour.  Good idea.  That can't be too hard...

Here's what I did...
  1. I started at the web console,
  2. Logged in, and then clicked on the EC2 tab
  3. Then I clicked on Launch Instance
  4. There was a popup for Quick Start, which listed a few AMIs, mostly Amazon's ripoff of CentOS, a couple of SUSE images, and Windows.  Notably, there's no Ubuntu AMIs here...
  5. I selected Windows Server 2008 Base (ami-c3e40daa), 32-bit
  6. I used a t1.micro, and clicked Launch Instance
  7. I clicked continue enough times to make a Canonical Design Team member drive a stake through their MacBook Pro
  8. I selected my ec2 keypair
  9. I accepted the default Security Group configuration, which opens the RDP port 3389
  10. I clicked Launch again (I think this is the 3 button in this process that said "Launch")
  11. Then I clicked a link to View your instances on the Instances page
  12. From there, I could see my instance running, and was given the hostname, and instructions on how to connect to the instance through Windows
  13. Instead, I dropped to an Ubuntu shell and ran:
  14. Alternatively, I could have clicked Applications -> Internet -> Terminal Server Client
  15. Now I tried to login
  16. I wasn't able to do so, as I needed a password, so I went back to my AWS web page, right clicked on my running instance, and my jaw hit the floor when I saw this:

  17. Wow.  Wow.  Wow.  15-30 minutes to generate a 10-character password.  All I can think is that it takes this long to gather enough entropy to seed their equivalent of /dev/random.  Still, this seems broken, in so many ways...
  18. So I waited the obligatory 15-30 minutes, right-clicking and checking if my password was ready multiple times.  Eventually, it was.  I needed to dig up the clear text of my private ec2-keypair.pem to symmetrically decrypt that 10-character password.  (Another thing that seems so broken to me about AWS ... they generated my private key and gave it to me, rather than me giving them my public key, and us operating with a public/private asymmetric scheme.)
  19. Anyway, once this was all said and done, I had a Windows machine running in EC2.  That 30 minutes spent waiting for a password was kind of a waste, though...  :-/

If nothing else, it reminds me why I love me some Ubuntu and ssh-import-id :-)