bootstrap.ps1

<powershell>

write-output "Running User Data Script"
write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"


# Remove HTTP listener

Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse


$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"

New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force


# WinRM

write-output "Setting up WinRM"

write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

</powershell>

configure.ps1

$EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\Config.xml"
$xml = [xml](get-content $EC2SettingsFile)
$xmlElement = $xml.get_DocumentElement()
$xmlElementToModify = $xmlElement.Plugins

foreach ($element in $xmlElementToModify.Plugin)
{
    if ($element.name -eq "Ec2SetPassword")
    {
        $element.State="Enabled"
    }
    elseif ($element.name -eq "Ec2SetComputerName")
    {
        $element.State="Enabled"
    }
    elseif ($element.name -eq "Ec2HandleUserData")
    {
        $element.State="Enabled"
    }
}
$xml.Save($EC2SettingsFile)

provision.ps1

#install chocolatey package manager
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

#add public key
$usersFolder = split-path -parent $env:public
$pubKeyPath = Join-Path $usersFolder "Administrator\.ssh\authorized_keys"
$sshPubKey = Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
New-Item $pubKeyPath -type file -Value $sshPubKey -Force

#install dependencies
choco install -y openssh git curl

#open firewall
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH

#start ssh server
cd "C:\Program Files\OpenSSH-Win64"
.\install-sshd.ps1
.\Set-SSHKeyPermissions.ps1
.\ssh-keygen.exe -A

Set-Service sshd -StartupType Automatic
Start-Service sshd

windows_2012r2.json

{
  "builders": [{
    "type": "amazon-ebs",
    "region": "us-east-1",
    "vpc_id": "vpc-xxxxxxxx",
    "subnet_id": "subnet-xxxxxxxx",
    "source_ami": "ami-11e84107",
    "instance_type": "m3.medium",
    "ami_name": "win2012r2-ami",
    "user_data_file": "scripts/bootstrap.ps1",
    "communicator": "winrm",
    "winrm_username": "Administrator",
    "winrm_timeout": "5m",
    "winrm_use_ssl": true,
    "winrm_insecure": true
    }],
    "provisioners": [
    {
      "type": "powershell",
      "scripts": [
        "scripts/configure.ps1",
        "scripts/provision.ps1"
      ]
    }
  ]
}