Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Reset the administrator password on EC2

by | Jul 13, 2021

Wondering how to reset the administrator password on EC2? We can help you.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how our Support Techs reset the administrator password.


How to reset the administrator password on EC2?

You can use AWS Systems Manager or EC2Rescue to reset the administrator password on your EC2 Windows instance.

Today, let us see the steps followed by our Support Techs to reset the administrator password with Systems Manager using the Run Command.

1.Firstly, attach the following policy to the IAM role associated with the instance to write the encrypted password to Parameter Store.

"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": [
"Resource": [

2.Open the AWS Systems Manager console, and then choose Run Command from the navigation pane.

3.Then, choose Run a Command.

4.For Command document, choose AWSSupport-RunEC2RescueForWindowsTool.

5.For Command parameters, verify that Command is set to ResetAccess.

6.For Targets, choose Choose instances manually and then select your instance.

7.Next, choose Run.

8.In the Targets and outputs section, select the Instance ID for your instance.

9.Then, choose View output for instructions on how to retrieve the new password.

10.After you regain access to your instance, it’s a best practice to rotate the password and then delete the parameter from Parameter Store.


Systems Manager Automation AWSSupport-ResetAccess (offline method)

Before you run the automation, be aware of the following:

  • If you’re not using an Elastic IP address, then the public IP address releases when you stop the instance.
  • Secondly, if this instance has an instance store volume, then any data on it is lost when the instance stops.
  • If the instance shutdown behavior is set to Terminate, then the instance terminates when it stops.
  • If the instance is part of an Auto Scaling group, then first detach the instance from the Auto Scaling Group. Then, after you stop and start the instance, attach the instance back to the Auto Scaling group.

AWSSupport-ResetAccess is a Systems Manager Automation document that automates EC2Rescue offline password reset using AWS CloudFormation and AWS Lambda functions.

The automation document as follows:
  • Firstly, creates an instance to assist with recovery in your Availability Zone.
  • Then, attaches and detaches EBS volumes.
  • Runs the EC2Rescue utility.
  • Creates an Amazon VPC for EC2Rescue isolated from your environment.
  • Finally, creates a backup AMI of the instance.

You can use the AWSSupport-ResetAccess document if:

  • You lost your EC2 key pair and want to create a password-enabled AMI from your EC2 instance to launch a new instance with an existing key pair.
  • Secondly, you lost your local administrator password and want to generate a new password that you can decrypt with the current EC2 key pair.


Today, let us go through the steps followed by our Support Techs to reset password by Systems Manager Automation document:

1.Firstly, open the AWS Systems Manager console, and then choose Automation from the navigation pane.

2.Then, choose Execute automation.

3.For Automation document, choose AWSSupport-ResetAccess, and then choose Next.

4.For Input parameters, enter the InstanceID of your EC2 instance.

5.Then, choose Execute.

6.Wait until the state changes to Success. This can take up to 25 minutes.

7.Use your existing key pair to decode the newly generated password from the EC2 console.


If you lost your EC2 key pair

1. Stop your instance.

2. Open the Amazon EC2 console, and then choose AMIs.

3. Search for your instance ID.

4. Select the AMI named AWSSupport-EC2Rescue-Post-Script-Backup-i-xxxxxxxxx_Date, and then choose Launch.

5. Follow the Launch Wizard to specify the configuration of your instance, and then select a key pair that you own.

6. Verify that you can connect to the new instance and that your applications are working as expected before terminating the other instance.


EC2Rescue (offline or online method)

To regenerate the administrator password at next boot, you can enable EC2SetPassword using EC2Rescue:

1.Choose Diagnose and Rescue. The EC2Config section shows the current Ec2SetPassword setting. Choose Next.

2.In Detect possible issues, select the Ec2SetPassword check box, and then choose Next.


[Need help with the troubleshooting? We’d be happy to assist]


In short, today we saw how our Support Techs Reset the administrator password on EC2.




Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.


var google_conversion_label = "owonCMyG5nEQ0aD71QM";


Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center


Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]


Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid


Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie


These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.