Create Private Instance
- Go to EC2 service management console
- Click Instances.
- Click Launch instances.
- On the Step 1: Choose an Amazon Machine Image (AMI) page.
- Drag the mouse down.
- Click Select to select AMI Microsoft Windows Server 2019 Base.

- On the Step 2: Choose an Instance Type page.
- Click on Instance type t2.micro.
- Click Next: Configure Instance Details.

- At Step 3: Configure Instance Details page
- In the Network section, select Lab VPC.
- In the Subnet section, select Lab Private Subnet.
- At Auto-assign Public IP select Use subnet setting (Disable)
- Click Next: Add Storage.

- Click Next: Add Tags to move to the next step.
- Click Next: Configure Security Group to move to the next step.
- On page Step 6: Configure Security Group.
- Select Select an existing security group.
- Select security group SG Private Windows Instance.
- Click Review and Launch.

The warning dialog box appears because we do not configure the firewall to allow connections to port 22, Click Continue to continue.
At page Step 7: Review Instance Launch.
- In the Select an existing key pair or create a new key pair dialog box.
- Click Choose an existing key pair.
- In the Key pair name section, select LabKeypair.
- Click I acknowledge that I have access to the corresponding private key file, and that without this file, I won’t be able to log into my instance..
- Click Launch Instances to create EC2 server.
Click View Instances to return to the list of EC2 instances.
Click the edit icon under the Name column.
- In the Edit Name dialog box, enter Private Windows Instance.
- Click Save.

Next, we will proceed to create IAM Roles to serve the Session Manager.