Free Tier amazon instances are a game changer. Here's how to set the windows micro instances to function as an ssh server for easier transfer of files. Skip to the bottom for billing considerations.

Tested using: Microsoft Windows Server 2016 Base - ami-fe446c9b t2-micro

Fedora Core 26 client (rdesktop)

Using the Amazon EC2 web interface:

Create a key-pair name: amazon_key_pair.pem
Download the keypair file.
Create notifications to email when usage exceed free tier. This in
practice should never happen, but it feels good.

After instance launches, click connect.
Click Get password.

Then start the remote desktop session with a command like:

rdesktop long_hostname.us-east-2.compute.amazonaws.com -u \
    Administrator -p 'password' -g 1920x1000 -K

Directly on the Windows Server virtual machine:

CRITICAL!
Seriously consider turning off all windows defender options immediately.
These can effectively make the system unusable. Alternatively, let them
run and plan to use the server a day later once it has stabilized.
CRITICAL!

Start internet explorer, install Google Chrome
Add all google domains (including ad trackers) that appear during the
process to the whitelist.

Install ublock origin from google chrome
Change timezone and time if necessary

Restart system


The details steps below for ssh server installation are based heavily
on the article on
[LifeHacker](https://lifehacker.com/205090/geek-to-live--set-up-a-personal-home-ssh-server)


Go to cygwin.com
    Download and run setup-x86_64.exe
    Accept default until mirror selection.
    Select clarkson.edu as mirror
    search for openssh in Net group, install

Launch a cygwin command line window

Execute command: ssh-host-config

Strictmodes? Yes
New local account sshd? Yes
Install sshd as a service? Yes
Enter the value of CYGWIN for the daemon: ntsec tty
Do you want to use a different name? No
Create a new priviledged account? Yes
Set password: type in 8 character password with number and capital

After setup is complete, change the ssh server port to 6787
Edit the file: /c/cygwin64/etc/sshd_config
Change:
#Port 22
to
Port 6787

Then in a cygwin window, issue: net start sshd

Then add the firewall port 6787 inbound rule to open.
    Firewall -> Advanced settings
    Inbound rules -> New Rule -> Port
    Port 6787, name Cygwin SSH

Then change the amazon instance network rules to open port 6787
    EC2 Dashboard -> Network and security -> Security Groups
        (Find most recent launch wizard, select)
        Actions -> Edit inbound rules
        Add rule for inbound port 6787

        Actions -> Edit inbound rules

        Delete rule for inbound port 3389

From the Linux client machine:

# Create the ssh folder on the windows system. Make sure to use the same
# Administrator password that you pulled down from the EC2 interface to
# connect over remote desktop
ssh Administrator@long_hostname.aws.com "mkdir ~/.ssh"

# Append the linux public key file to the remote list of authorized
# keys. Not the .pem file, just your local system public key
cat ~/.ssh/id_rsa.pub | ssh Administrator@ec2_hostname \
    "cat >> ~/.ssh/authorized_keys"

You can now ssh in with the command below, and tunnel the remote desktop connections over ssh:

autossh \
    -M 40001 \
    -o port=6787 \
    -i ~/.ssh/id_rsa \
    -L 9833:localhost:3389 \
    -R 6703:localhost:22 \
    Administrator@ec2_hostname

Then on the windows computer, open a cygwin command prompt and verify the tunnel back to the host linux machine with:

    ssh -o port=6703 localhost

To connect from a linux laptop to the remote windows instance over rdp, setup the tunnel in the autossh command above, then run the rdesktop command below.

rdesktop localhost:9983 -u \
    Administrator -p 'from EC2 get password' -g 1920x1000 -K

Use the tagging strategy to track the costs on a per-project basis.

  1. At each new EC2 instance created, have the discipline to add a tag named 'project', with the value 'project_name'. For example:
project: predicatesai
project: lls
project: xgut
  1. Go to the AWS billing console: https://console.aws.amazon.com/billing/home

  2. Cost Allocation tags -> Activate

  3. Wait about 10 minutes

  4. Select the 'project' tag, then click activate.

  5. Wait 24 hours, now the tags will become available in the AWS Cost Explorer.

Now that you have some base windows images, you want to encrypt the

disks. Specifically the elastic block store volumes.

The instructions below are based heavily on: https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/

  1. Configure a machine according to the instructions above.

  2. Select Instance -> Actions -> Image -> Create image

  3. Wait for the instance image to appear in the "AMI" section.

  4. Select the AMI you have just created then Actions -> Copy AMI

  5. Select the same destination region. Append the word 'encrypted' to teh AMI name. Check 'Encryption', accept defaults.

Now you are running an encrypted base image.

Install the development
environment. After that is complete, make another AMI image of the
encrypted development environment.

This is now the basic image you use to pull down new code, setup long
term tests, etc.