# `AWSSupport-ActivateWindowsWithAmazonLicense` **Description** The `AWSSupport-ActivateWindowsWithAmazonLicense` runbook activates an Amazon Elastic Compute Cloud (Amazon EC2) instance for Windows Server with a license provided by Amazon. The automation verifies and configures required key management service operating system settings and attempts activation. This includes operating system routes to Amazon's key management servers and key management service operating system settings. Setting the `AllowOffline` parameter to `true` allows the automation to successfully target instances that are not managed by AWS Systems Manager, but requires a stop and start of the instance. **Note** This runbook cannot be used on Bring Your Own License (BYOL) model Windows Server instances. For information about using your own license, see [Microsoft Licensing on AWS](https://aws.amazon.com/windows/resources/licensing/). [Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-ActivateWindowsWithAmazonLicense) **Document type** Automation **Owner** Amazon **Platforms** Windows **Parameters** + AllowOffline Type: String Valid values: true \$1 false Default: false Description: (Optional) Set it to `true` if you allow an offline Windows activation remediation in case the online troubleshooting fails, or if the provided instance is not a managed instance. **Important** The offline method requires that the provided EC2 instance be stopped and then started. Data stored in instance store volumes will be lost. The public IP address will change if you are not using an Elastic IP. + AutomationAssumeRole Type: String Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook. + ForceActivation Type: String Valid values: true \$1 false Default: false Description: (Optional) Set it to `true` if you want to proceed even if Windows is already activated. + InstanceId Type: String Description: (Required) ID of your managed EC2 instance for Windows Server. + SubnetId Type: String Default: CreateNewVPC Description: (Optional) Offline only - The subnet ID for the EC2Rescue instance used to perform the offline troubleshooting. Use `SelectedInstanceSubnet` to use the same subnet as your instance, or use `CreateNewVPC` to create a new VPC. IMPORTANT: The subnet must be in the same Availability Zone as InstanceId, and it must allow access to the SSM endpoints. **Required IAM permissions** The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully. We recommend that the EC2 instance receiving the command has an IAM role with the **AmazonSSMManagedInstanceCore** Amazon managed policy attached. You must have at least **ssm:StartAutomationExecution** and **ssm:SendCommand** to run the automation and send the command to the instance, plus **ssm:GetAutomationExecution** to be able to read the automation output. For the offline remediation, see the permissions needed by `AWSSupport-StartEC2RescueWorkflow`. **Document Steps** 1. `aws:assertAwsResourceProperty` - Check the provided instance's platform is Windows. 1. `aws:assertAwsResourceProperty` - Confirm the provided instance is a managed instance: 1. (Online activation fix) If the input instance is a managed instance, then run `aws:runCommand` to run the PowerShell script to attempt to fix Windows activation. 1. (Offline activation fix) If the input instance is not a managed instance: 1. `aws:assertAwsResourceProperty` - Verifies the `AllowOffline` flag is set to `true`. If so, the offline fix starts; otherwise the automation ends. 1. `aws:executeAutomation` - Invoke `AWSSupport-StartEC2RescueWorkflow` with the Windows activation offline fix script. The script uses either EC2Config or EC2Launch, depending on the OS version. 1. `aws:executeAwsApi` - Read the result from `AWSSupport-StartEC2RescueWorkflow`. **Outputs** activateWindows.Output getActivateWindowsOfflineResult.Output