Sysprepped Windows AMI using Packer

BundleConfig.ps1

$EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\BundleConfig.xml"
$xml = [xml](get-content $EC2SettingsFile)
$xmlElement = $xml.get_DocumentElement()

foreach ($element in $xmlElement.Property)
{
    if ($element.Name -eq "AutoSysprep")
    {
        $element.Value="Yes"
    }
}
$xml.Save($EC2SettingsFile)

ec2bootstrap.ps1

<powershell>
write-output "Running User Data Script"
write-host "(host) Running User Data Script"

# TODO: User should replace password here with something random. Even better, implement over SSL: https://github.com/packer-community/packer-windows-plugins/issues/30
# Also note, this user should be removed in Cfn Init
cmd.exe /c net user /add vagrant FooBar@123
cmd.exe /c net localgroup administrators vagrant /add

Set-ExecutionPolicy -ExecutionPolicy bypass -Force

# RDP
cmd.exe /c netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig '-transport:http'
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="512"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}'
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes 
cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" 
cmd.exe /c net stop winrm 
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE

</powershell>

EC2Config.ps1

$EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\Config.xml"
$xml = [xml](get-content $EC2SettingsFile)
$xmlElement = $xml.get_DocumentElement()
$xmlElementToModify = $xmlElement.Plugins

foreach ($element in $xmlElementToModify.Plugin)
{
    if ($element.name -eq "Ec2SetPassword")
    {
        $element.State="Enabled"
    }
    elseif ($element.name -eq "Ec2SetComputerName")
    {
        $element.State="Enabled"
    }
    elseif ($element.name -eq "Ec2HandleUserData")
    {
        $element.State="Enabled"
    }
}
$xml.Save($EC2SettingsFile)

packer.json

{
  "variables": {
    "build_version": "1.0.1",
    "base_ami":"ami-3a3b1d52",
    "user":"vagrant",
    "password":"FooBar@123",
    "instance_type":"t2.small",
    "vpc_id":"",
    "subnet_id":""
  },  
  "builders": [
    {
      "type": "amazon-windows-ebs",
      "name": "base-ami",
      "region": "us-east-1",
      "source_ami": "{{user `base_ami`}}",
      "instance_type": "{{user `instance_type`}}",
      "ami_name": "sysprep-windows-{{user `build_version`}}",
      "user_data_file":"./scripts/ec2-bootstrap.ps1",
      "associate_public_ip_address":true,
      "winrm_username": "{{user `user`}}",
      "winrm_password": "{{user `password`}}",
      "winrm_wait_timeout": "20m",
      "winrm_private_ip": false,
      "winrm_port":5985,
      "vpc_id": "{{user `vpc_id`}}",
      "subnet_id": "{{user `subnet_id`}}"
    }
  ],
  "provisioners": [
    {
      "type":"powershell",
      "scripts": [
        "./scripts/Ec2Config.ps1",
        "./scripts/BundleConfig.ps1"
      ]
    }
  ]
}

packer.sh

PACKER_LOG=1 PACKER_LOG_PATH=./packer.log packer build --var vpc_id=vpc-12345678 --var subnet_id=subnet-12345678 amazon-sysprep.json