The best way to execute remote command on EC2 Instance (Windows)

ICMP is not going to do anything for you here.

Normally you'd use Terminal Services with Remote Desktop to access a remote Windows server with the full GUI (video, keyboard, and mouse) and access to local drives for file copying.

What Remote Desktop will allow you to do is first get access to your server, test out your remote script(s)/executable(s) locally (i.e. make sure your paths are correct, your expected outputs and inputs are working, etc.).

Regardless of what you're doing with remote commands, any production Windows box located remotely should be securely accessible by Remote Desktop as doing regular maintenance, installing Windows Updates, etc. will require that kind of access at some point.

Remote Desktop uses TCP port 3389 to be open and also requires that Terminal Services is enabled.

To securely access your remote Windows Server is where the VPN connection/tunnel comes in: you absolutely DO NOT want to open up TCP ports 135 (Remote Procedure Call) and 445 (Microsoft-DS Service) to the Internet!

Setup a secure connection using Windows built-in PPTP/L2TP over IPSec or an IPSec tunnel if you have a hardware firewall in front of the Windows Server (and that firewall supports IPSec tunnels). If you're going to be periodically executing commands on the remote server from one machine, a PPTP or L2TP over IPSec client VPN connection will suffice; if you want multiple machines to access this remote Windows server regularly, a site-to-site IPSec tunnel probably makes more sense.

Once you've established a secure connection to your server (and I'd also want to restrict public IP access with a packet filter either in a separate hardware firewall or at the very least, using Windows Firewall), you can now use something like psexec (or if native, perhaps PowerShell) to execute your built-in command or a script/command-line utility you want to run remotely.