The EC2 API has a call "GetPasswordData" which you can use to retrieve an encrypted block of data containing the Administrator password. To decrypt it, you need 2 things:

EC2 API 有一个调用“GetPasswordData”，您可以使用它来检索包含管理员密码的加密数据块。要解密它，您需要两件事：

First, the private key. This is the private half of the keypair you used to instantiate the instance. A complication is that normally Amazon uses keys in PEM format ("-----BEGIN"...) but the Java Crypto API wants keys in DER format. You can do the conversion yourself - strip off the -----BEGIN and -----END lines, take the block of text in the middle and base64-decode it.

首先，私钥。这是用于实例化实例的密钥对的私有部分。一个复杂的问题是，亚马逊通常使用 PEM 格式的密钥（“-----BEGIN”...），但 Java Crypto API 需要 DER 格式的密钥。您可以自己进行转换 - 去掉 -----BEGIN 和 -----END 行，取中间的文本块并对其进行 base64 解码。

Second, the encryption parameters. The data is encrypted with RSA, with PKCS1 padding – so the magic invocation to give to JCE is: Cipher.getInstance("RSA/NONE/PKCS1Padding")

二、加密参数。数据使用 RSA 加密，使用 PKCS1 填充——因此提供给 JCE 的魔术调用是：Cipher.getInstance("RSA/NONE/PKCS1Padding")

Here's a full example (that relies on BouncyCastle, but could be modified to use a different crypto engine)

这是一个完整的示例（依赖于 BouncyCastle，但可以修改为使用不同的加密引擎）

package uk.co.frontiertown;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.services.ec2.AmazonEC2Client;
import com.amazonaws.services.ec2.model.GetPasswordDataRequest;
import com.amazonaws.services.ec2.model.GetPasswordDataResult;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

import javax.crypto.Cipher;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;

public class GetEc2WindowsAdministratorPassword {

    private static final String ACCESS_KEY = "xxxxxxxxxxxxxxxxxxxx";
    private static final String SECRET_KEY = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
    private static final String PRIVATE_KEY_MATERIAL = "-----BEGIN RSA PRIVATE KEY-----\n" +
        "MIIEowIBAAKCAQEAjdD54kJ88GxkeRc96EQPL4h8c/7V2Q2QY5VUiJ+EblEdcVnADRa12qkohT4I\n" +
        // several more lines of key data
        "srz+xXTvbjIJ6RL/FDqF8lvWEvb8uSC7GeCMHTznkicwUs0WiFax2AcK3xjgtgQXMgoP\n" +
        "-----END RSA PRIVATE KEY-----\n";

    public static void main(String[] args) throws GeneralSecurityException, InterruptedException {
        Security.addProvider(new BouncyCastleProvider());
        String password = getPassword(ACCESS_KEY, SECRET_KEY, "i-XXXXXXXX", PRIVATE_KEY_MATERIAL);
        System.out.println(password);
    }

    private static String getPassword(String accessKey, String secretKey, String instanceId, String privateKeyMaterial) throws GeneralSecurityException, InterruptedException {

        // Convert the private key in PEM format to DER format, which JCE can understand
        privateKeyMaterial = privateKeyMaterial.replace("-----BEGIN RSA PRIVATE KEY-----\n", "");
        privateKeyMaterial = privateKeyMaterial.replace("-----END RSA PRIVATE KEY-----", "");
        byte[] der = Base64.decode(privateKeyMaterial);
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(der);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

        // Get the encrypted password data from EC2
        AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
        AmazonEC2Client client = new AmazonEC2Client(awsCredentials);
        GetPasswordDataRequest getPasswordDataRequest = new GetPasswordDataRequest().withInstanceId(instanceId);
        GetPasswordDataResult getPasswordDataResult = client.getPasswordData(getPasswordDataRequest);
        String passwordData = getPasswordDataResult.getPasswordData();
        while (passwordData == null || passwordData.isEmpty()) {
            System.out.println("No password data - probably not generated yet - waiting and retrying");
            Thread.sleep(10000);
            getPasswordDataResult = client.getPasswordData(getPasswordDataRequest);
            passwordData = getPasswordDataResult.getPasswordData();
        }

        // Decrypt the password
        Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        byte[] cipherText = Base64.decode(passwordData);
        byte[] plainText = cipher.doFinal(cipherText);
        String password = new String(plainText, Charset.forName("ASCII"));

        return password;
    }
}

ObDisclosure: I originally answered this on a blog posting at http://www.frontiertown.co.uk/2012/03/java-administrator-password-windows-ec2-instance/

ObDisclosure：我最初在http://www.frontiertown.co.uk/2012/03/java-administrator-password-windows-ec2-instance/上的一篇博客文章中回答了这个问题

You can create an instance, set the password and then turn it back into an image. Effectively setting a default password for each instance you create. Wouldn't this be simpler?

您可以创建一个实例，设置密码，然后将其重新转换为图像。为您创建的每个实例有效设置默认密码。这不是更简单吗？

Looks like you are looking for the following parts of the API: GetPasswordDataRequestand GetPasswordDataResult

看起来您正在寻找 API 的以下部分：GetPasswordDataRequest和GetPasswordDataResult

You can also create a Image with default user name and Password setup on that Image.And then launch all instances with that image id..so that you dont need to create and retrieve password evry time..just launch your instance rdp that launched instance with definde credntials in Image. I am doing same.And its perfectly working for me.

您还可以在该图像上使用默认用户名和密码设置创建一个图像。然后使用该图像 ID 启动所有实例..这样您就不需要每次都创建和检索密码..只需启动启动实例的实例 rdp与图像中的定义凭据。我也在做同样的事情。它对我来说完美无缺。