You can save a ton of money on Windows Server licenses for your EC2 instances by bringing your own licenses (BYOL) instead of paying AWS for them.
Let’s see what this looks like in practice. Imagine you’re spinning up a new Windows Server 2022 instance.
aws ec2 run-instances \
--image-id ami-0abcdef1234567890 \
--instance-type t3.medium \
--count 1 \
--subnet-id subnet-0123456789abcdef0 \
--security-group-ids sg-0abcdef1234567890 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=MyBYOLServer}]' \
--license-included # This is the key difference for AWS-provided licenses
Now, if you’re BYOL, you’d omit the --license-included flag. The difference is subtle in the run-instances command, but massive in your AWS bill. When you don’t specify --license-included, AWS assumes you’re handling the Windows Server licensing yourself.
The core problem this BYOL model solves is avoiding the "license-in-the-box" cost that AWS charges for Windows Server AMIs. AWS charges a premium per hour for Windows Server instances, which includes the cost of the license. If you already own licenses with Software Assurance (SA) through a volume licensing agreement with Microsoft, you can often use those licenses on EC2 instances, significantly reducing your hourly compute cost. This is known as License Mobility through Software Assurance.
Here’s how it works internally. When you launch an instance using an AWS-provided license, the EC2 instance is configured with specific identifiers that AWS uses to track and bill for the license. These are typically tied to the instance’s lifecycle. When you opt for BYOL, AWS doesn’t embed these license-tracking mechanisms in the same way. Instead, you’re responsible for ensuring your on-premises licenses are valid and that you’re compliant with Microsoft’s licensing terms for running them in the cloud. This usually involves having active Software Assurance for Windows Server and ensuring your licenses are eligible for License Mobility.
The primary lever you control here is your AWS EC2 instance pricing. By using BYOL, you can select AMIs that have "Windows Server" in their name but do not have "with license included" or similar verbiage in their description. These AMIs are often cheaper on an hourly basis because the Windows Server OS license cost is removed. Your AWS bill will reflect a lower per-hour rate for the instance type.
To implement BYOL, you’ll typically:
- Verify License Eligibility: Ensure your existing Windows Server licenses are covered by a volume licensing agreement (like Enterprise Agreement) and have active Software Assurance. You’ll need to confirm your licenses are eligible for Microsoft’s "License Mobility through Software Assurance" program. This is your contractual right with Microsoft.
- Choose the Right AMI: When launching an EC2 instance, select a Windows Server AMI that does not include the license. These AMIs are often available and are priced lower per hour. You can find them by searching the AWS Marketplace or the EC2 console for Windows Server AMIs and looking for those without the explicit "license included" pricing.
- Configure Your Instance: Launch the instance as usual, but ensure you do not select any options that indicate "license included" or opt for the "dedicated" or "host" options if you’re using dedicated hosts, as those have different licensing implications. For standard EC2 instances, simply choosing an AMI without the included license is the primary step.
- Maintain Compliance: Keep records of your volume licensing agreement, Software Assurance status, and license entitlement. Microsoft may audit your use of License Mobility, so having documentation is crucial.
The most surprising thing about BYOL is that you still use AWS-provided AMIs for the operating system itself. You aren’t installing Windows from scratch or using your own custom image in the traditional sense for the OS license. You’re simply telling AWS, "I have my own license for this OS, so don’t charge me for one." The AMI provides the base OS files and configurations, but the billing for the OS license is removed from your AWS bill.
The next hurdle you’ll likely encounter is managing the client access licenses (CALs) for Windows Server if your workloads require them, as BYOL for the server OS doesn’t automatically cover CALs.