KBI 311471 AWS Configure PowerShell Remoting For Windows EC2 Instance


Argent for AWS 5.1A-1610-A and later


Friday, 28 October 2016


Windows EC2 instance is typically a standalone VM

User has to logon with local account through Remote Desktop

It is inconvenient when dealing with many such VM’s without remote management mechanism

Windows PowerShell Remoting serves the purpose well and is pre-installed in AWS Windows OS image

To use PowerShell Remoting, user should do following configurations:

  1. Sign into AWS Console, go to AWS -> Service -> EC2, and update the security group associated with the Windows EC2 instance so that in-bound traffic to TCP port 5985 is allowed

    (Perform the following steps on AWS EC2 Instance)

  2. Remote Desktop into Windows EC2 instance

    This also verifies the correctness of logon and password

  3. Enable PowerShell Remoting by running

    Windows Command Line:    winrm quickconfig
    PowerShell Command Line: Enable-PSRemoting

  4. Open firewall for local TCP port 5985 by running

    Windows Command Line:    netsh advfirewall firewall add rule name=”WinRM-HTTP” dir=in localport=5985 protocol=TCP action=allow

    (Perform the following steps on Argent AT Engine)

  5. Add the EC2 instance to Trusted Hosts by running

    PowerShell Command Line: Set-Item WSMan:\localhost\Client\TrustedHosts -Value ec2_ip_address -Force

    If there are many instances to manage, run following command to allow all:

    PowerShell Command Line: Set-Item WSMan:\localhost\Client\TrustedHosts -Value * -Force

  6. Run following command to test whether the PowerShell Remoting connection is successful:

    PowerShell Command Line: Test-WSMan -ComputerName ec2_ip_address

  7. Use following PowerShell commands to start PS session, run some commands, and then exit the session

    PowerShell Command Line: $securePassword = ConvertTo-SecureString -AsPlainText -Force password

                             $cred = New-Object System.Management.Automation.PSCredential ‘Administrator’, $securePassword

                             Enter-PSSession -ComputerName ec2_ip_address -Credential $cred



After PowerShell Remoting has been successfully configured, the Windows EC2 instance can be licensed and natively monitored in Argent for AWS

Run the connectivity test to verify PowerShell Remoting is working properly

Technical Background