first commit

.gitignore

@@ -0,0 +1,69 @@
+# Created by https://www.gitignore.io/api/packer,windows,terraform
+# Edit at https://www.gitignore.io/?templates=packer,windows,terraform
+
+##PEM and PUB files
+*.PEM
+*.PUB
+ssh/
+
+### Packer ###
+# Cache objects
+packer_cache/
+
+# For built boxes
+*.box
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.gitignore.io/api/packer,windows,terraform

Packer/windows16.json

@@ -0,0 +1,64 @@
+{
+  "min_packer_version": "0.12.0",
+  "variables": {
+    "profile": "YOUR_AWS_POFILE",
+    "region": "YOUR_AWS_REGION"
+  },
+
+  "builders": [{
+    "type": "amazon-ebs",
+    "profile": "{{user `profile`}}",
+    "region": "{{user `region`}}",
+    "source_ami_filter": {
+      "filters": {
+        "virtualization-type": "hvm",
+        "name": "Windows_Server-2016-English-Full-Base-*",
+        "root-device-type": "ebs"
+      },
+      "owners": ["amazon"],
+      "most_recent": true
+    },
+    "instance_type": "t2.micro",
+    "ami_name": "planit-ci-test-dev-windows2016-{{timestamp}}",
+    "user_data_file":"../scripts/SetUpWinRM.ps1",
+    "communicator": "winrm",
+    "winrm_username": "Administrator",
+    "winrm_insecure": true,
+    "winrm_use_ssl": true,
+    "run_tags": {
+      "Owner": "planit"
+    },
+    "tags": {
+        "Name": "Planit Server2012R2 Gold",
+        "OS": "Windows Server 2016R2"
+    },  
+    "launch_block_device_mappings": [{
+      "device_name": "/dev/sda1",
+      "volume_size": 30,
+      "volume_type": "gp2",
+      "delete_on_termination": true
+    }]
+
+  }],
+
+  "provisioners": [
+    {
+    "type": "powershell",
+    "scripts": [
+        "../scripts/disable-uac.ps1",
+        "../scripts/YOURSCRIPTHERE.ps1"
+    ]
+  },
+  {
+    "type": "windows-restart",
+    "restart_check_command": "powershell -command \"& {Write-Output 'restarted.'}\""
+  },
+  {
+    "type": "powershell",
+    "inline": [
+      "C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\InitializeInstance.ps1 -Schedule",
+      "C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\SysprepInstance.ps1 -NoShutdown"
+    ]
+  }
+]
+}

README.md

@@ -0,0 +1,55 @@
+
+# Medium Article Artificates
+
+This project outlines the Windows Server Builds using Packer and Terraform
+
+## Installation
+
+Use the Packer [Packer](https://www.packer.io/downloads.html) or run via Jenkins build.
+
+```bash
+# For Linux
+curl -O https://releases.hashicorp.com/packer/1.3.3/packer_1.3.3_linux_amd64.zip 
+sudo mkdir /bin/packer
+sudo unzip packer_1.3.3_linux_amd64.zip -d /usr/local/bin/
+sudo rm packer_1.3.3_linux_amd64.zip
+
+# For Windows
+https://releases.hashicorp.com/packer/1.3.3/packer_1.3.3_windows_amd64.zip
+```
+
+## Prerequisite
+Set your AWS CLI profile prior to running scripts
+```bash
+aws configure --profile <NAME OF YOUR PROFILE>
+```
+
+## Usage
+
+```bash
+# Validate Packer file before run
+packer validate #add json file name
+
+# Validate Packer file before run
+packer build #add json file name
+```
+## Terraform Outputs
+```bash
+Private_Key_Filename = XXXX.pem
+Public_DNS = ec2-XXX-XXX-XXX-XXX.ap-southeast-2.compute.amazonaws.com
+Public_IP = XXX.XXX.XX.XX
+Public_Key_Filename = XXXX.pub
+SSH_Key_Name = XXXXXXXXXXXXXXXX
+administrator_password = <ADMIN PASSWORD>
+instance_id = i-XXXXXXXXX
+```
+## Connect to Server
+
+RDP to the Public_DNS address or Public_IP
+
+## Authors
+
+* **Bruce Dominguez** - *Initial work* - [GitHub][first-contributor]
+
+## License
+[MIT](https://choosealicense.com/licenses/mit/)

scripts/SetUpWinRM.ps1

@@ -0,0 +1,36 @@
+<powershell>
+
+write-output "Running User Data Script"
+write-host "(host) Running User Data Script"
+
+Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
+
+# Don't set this before Set-ExecutionPolicy as it throws an error
+$ErrorActionPreference = "stop"
+
+# Remove HTTP listener
+Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
+
+$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
+New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force
+
+# WinRM
+write-output "Setting up WinRM"
+write-host "(host) setting up WinRM"
+
+cmd.exe /c winrm quickconfig -q
+cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
+cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
+cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
+cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
+cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
+cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
+cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
+cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
+cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
+cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
+cmd.exe /c net stop winrm
+cmd.exe /c sc config winrm start= auto
+cmd.exe /c net start winrm
+
+</powershell>

scripts/disable-uac.ps1

@@ -0,0 +1,3 @@
+Write-Host "Disabling UAC..."
+New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -PropertyType DWord -Value 0 -Force
+New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -PropertyType DWord -Value 0 -Force