1. 關閉該instance， 這個instance tag標記為original-instance

2. 到Volume處找到該instance的volume，然後Detach

3. 刪除舊Key

4. 創建一個新的EC2 Instance，tag標記為new-instance
   

   

5. 新Instance要跟有問題的在同一個區域，例如us-east-1a，不然無法加載volume

6. Launch，然後弄一個跟之前（已經丟失忘記的key）一樣的key名字，並下載保存key

以下這步很關鍵，之前的嘗試我都弄錯了

7. 把忘記密碼的instance創建Image

8. 然後在IMAGES -- > AMI中查看進度，需要幾分鐘時間，完成後點Launch，這個步驟跟新建instance類似，為跟那個新建的instance區分開來，我們把這個instance命名為 image-instance

9. 創建好後關閉此Instance，然後把image-instance的volume掛載到new-instance上

10. 登入new-instance，並下載工具：https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip （這個工具僅適用於2016及其後版本的 Windows Server）

另外我之前看文檔說可以通過修改Ec2Config service來實現密碼修改，後來摸索後才發現這在2012及之前的版本才可以，而我的忘記密碼的服務器是2016版本，這也是我奇怪之前沒有在路徑下看到C:\Program Files\Amazon\Ec2ConfigService這個文件夾了，所以我從2012上copy了一個到這個路徑，同時修改了config.xml文件，把EC2Password改為Enabled，不知道跟這個有沒關系，權且記錄在案。

11. 然後把這個volume在new-instance上offline，並從Volume上Deattach掉，然後重新掛回image-instance，註意要把Device設為 /dev/sda1，這樣才是C盤

12. 獲取image-instance的密碼

13. 導入保存的key文件獲取密碼，（剛開始的時候是失敗的，提示無法獲取密碼，驗證不對，在此我又糾結了幾個小時，在這個3個instance之前互相切換掛載，後來就可以獲得密碼了，不知哪裏弄對了）

14. 然後再關閉這個image-instance, 把這個volume掛載回orignal-instance為C盤，啟動，這樣就用新的key獲取新的密碼

參考文檔
適用於server 2012及其前版本：https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ResettingAdminPassword_EC2Config.html

適用於server 2016及其後版本：https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ResettingAdminPassword_EC2Launch.html

這個提到要完全按照步驟來，我也是受這個啟發，重新看文檔才發現我沒有launch image，而是搞了launch new instance，這點很關鍵。https://stackoverflow.com/questions/50686939/resetting-administrator-password-for-aws-ec2-windows-server-2012-instance

後來收到AWS Support發來的郵件支持信息，不過我的問題已經自己解決，所以沒有使用他們的方法，記錄如下：
對於server 2016

1. In the Amazon IAM Console (https://console.aws.amazon.com/iam/), in the navigation pane, choose Roles, Create new role.

2. Choose Amazon EC2 Role for Simple Systems Manager, and then choose Select.

3. Under Policy Name, check AmazonEC2RoleforSSM, Next Step, enter a Role name that is meaningful to you and choose Create Role.

4. Open the Amazon EC2 console, https://console.aws.amazon.com/ec2/ and choose the appropriate region.

5. Select the affected instance, choose Actions, Instance Settings, Attach/Replace IAM role. This would attach the IAM role you just created to your instance.

6. From EC2 console select, "Run Command" and "Run a command" option.

7. Select "AWS-RunPowershellScript" from Command document

8. In Select Targets, Select the instance you want to reset password for. Should the instance not be populated in the list, please wait for some time so that the changes can be propagated.

9. Under Commands, run the following command while replacing "new_password" with your password.

   net user Administrator new_password

10. Click Run in the lower right, leaving all the settings at default.

Following the successful completion of the run command, you should now be able to log in with that local administrator password you just keyed in under step 9. Once you‘ve regained access to the instance, change the password to a more permanent value by running the command from step 9 again in command prompt of the instance.

Another procedure you can follow to reset the password on the instance is to use the AWSSupport-ResetAccess Automation document from the Systems Manager console. This document is useful if you have lost your EC2 key pair and want to create a password-enabled AMI from your EC2 instance, so you can launch a new instance with an existing key pair. To perform this, you can follow the steps given on the link under the section headed "Systems Manager Automation AWSSupport-ResetAccess (Offline Method)":

[+] https://aws.amazon.com/premiumsupport/knowledge-center/reset-admin-password/

Windows EC2 Instance 忘記密碼如何重置