Getting Started with Windows AMIs

Welcome to the easiest way to build secure workloads available in the AWS Marketplace today! Our Windows AMIs are designed to fit into your standard build processes as you use today, with as few changes as possible to the way you do things.

Manual Build Process

If you are just testing our AMI, or you use the AWS console to launch new EC2 instances, you'll find this process familiar.  To start, browse to your EC2 console and click on either one of the Launch Instance buttons.

Next, click on AWS Marketplace in the left-hand menu and enter "nemu" in the search box, and press enter.  Find the variant of Windows that you need and press the Select button next to it.

If you have not subscribed to the product yet, a dialog box will pop up asking you to confirm your subscription.  Press the Continue button to subscribe to this AMI.


You will need to select your instance type next. This works the same way as any other EC2 instance, click Next: Configure Instance Details to fine-tune things, or Review And Launch to use the default settings.

You will be prompted next to configure your VPC, Network, Placement Group, and various other settings.  If you want to use a user-data script to configure your instance, paste it in the text field at the bottom of this page.  Otherwise, tune things as appropriate and click on Next: Add Storage to configure your instance's EBS volumes.

Ensure you select a volume size large enough to allow for Windows Updates and whatever applications you will be installing. More importantly, be sure to enable Encryption in the right-hand column: The security of your data-at-rest depends on it, and it is incumbent on you to make sure this is enabled in order to maintain your security posture.  Once configured, click on Next: Add Tags to continue setup.


Setup whatever standard tags you use within your environment and click Next: Configure Security Group.

Configure your security group as appropriate for your application. We strongly recommend limiting RDP access to trusted IP addresses, as well as operating within a VPC, to maximize your defense against random cyber attackers. Please refer to the AWS NIST Template documentation for more information about how to do this; Otherwise, Review and Launch.


You will be prompted to confirm that your configuration is as desired. Click Launch if everything looks correct.

You will be prompted to select or create a keypair that will be used to access the password for your instance.  Do not lose this key or you may not be able to access your EC2 instance in the future.

At this point, your EC2 instance will be started and you can manage it as you would any other instance in your environment!

AWS CLI Build Process

Content under construction

CloudFormation Template Example

Content under construction

Post-Deployment System Updates

Content under construction

Getting Help

We understand that it is sometimes difficult to get your application running on hardened operating systems. If you are encountering errors or problems trying to run your application on our AMIs, please be sure to check the knowledgebase to see if there's already a solution, and reach out to our support team if that doesn't fix it. While we may not know everything about your specific application, we have seen many of the components that are used to build them, and are more than happy to help you get things running!

Did this solve your problem?