get_password_data ( $instance_id, $opt )

Retrieves the encrypted administrator password for the instances running Windows.

The Windows password is only generated the first time an AMI is launched. It is not generated for rebundled AMIs or after the password is changed on an instance. The password is encrypted using the key pair that you provided.

Access

public

Parameters

Parameter

Type

Required

Description

$instance_id

string

Required

The ID of the instance for which you want the Windows administrator password.

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • DecryptPasswordWithKey - string - Optional - Enables the decryption of the Administrator password for the given Microsoft Windows instance. Specifies the RSA private key that is associated with the keypair ID which was used to launch the Microsoft Windows instance.
  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This is useful for manually-managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Get encoded Windows password.

// Instantiate the class
$ec2 = new AmazonEC2();

// Get console output
$response = $ec2->get_password_data('i-1f549375');

// Success?
var_dump($response->isOK());
Result:
bool(true)

Get the decrypted version of the Windows password.

// Instantiate the class
$ec2 = new AmazonEC2();

// Get console output
$response = $ec2->get_password_data('i-1f549375', array(
	'DecryptPasswordWithKey' => file_get_contents('my-keypair.pem')
));

// Success?
var_dump($response->isOK());
var_dump(strlen((string) $response->body->passwordData)); // Length of the password

Related Methods

Source

Method defined in services/ec2.class.php | Toggle source view (36 lines) | View on GitHub

public function get_password_data($instance_id, $opt = null)
{
    if (!$opt) $opt = array();
    $opt['InstanceId'] = $instance_id;

    // Unless DecryptPasswordWithKey is set, simply return the response.
    if (!isset($opt['DecryptPasswordWithKey']))
    {
        return $this->authenticate('GetPasswordData', $opt, $this->hostname);
    }

    // Otherwise, decrypt the password.
    else
    {
        // Get a resource representing the private key.
        $private_key = openssl_pkey_get_private($opt['DecryptPasswordWithKey']);
        unset($opt['DecryptPasswordWithKey']);

        // Fetch the encrypted password.
        $response = $this->authenticate('GetPasswordData', $opt, $this->hostname);
        $data = trim((string) $response->body->passwordData);

        // If it's Base64-encoded...
        if ($this->util->is_base64($data))
        {
            // Base64-decode it, and decrypt it with the private key.
            if (openssl_private_decrypt(base64_decode($data), $decrypted, $private_key))
            {
                // Replace the previous password data with the decrypted value.
                $response->body->passwordData = $decrypted;
            }
        }

        return $response;
    }
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback