Development Tools

Packer on Windows User Guide

| Product: Packer on Windows

Overview

This guide covers the deployment and use of HashiCorp Packer on Windows Server using cloudimg AMIs from the AWS Marketplace. Packer is an open source tool for creating identical machine images for multiple platforms from a single source configuration. It automates the creation of AMIs, Docker images, and other machine image formats.

What's included in this AMI:

  • HashiCorp Packer (latest version) preinstalled in the system PATH
  • Command Prompt desktop shortcut for quick CLI access
  • Windows Server with Remote Desktop access
  • 24/7 cloudimg support with guaranteed 24 hour response SLA

Prerequisites

Before launching this AMI, ensure you have:

  1. An active AWS account
  2. An active subscription to the Packer on Windows listing on AWS Marketplace
  3. An EC2 key pair for password decryption
  4. A Remote Desktop client application

Recommended Instance Type: t3.medium (2 vCPU, 4 GB RAM) or larger. The minimum requirements are 1 vCPU, 1 GB RAM, and 30 GB disk space.

Step 1: Launch the AMI

  1. Navigate to the AWS Marketplace and search for "Packer Windows cloudimg"
  2. Click Continue to Subscribe, accept the terms, then Continue to Configuration
  3. Select your preferred Region and Software Version
  4. Click Continue to Launch
  5. Choose Launch through EC2 for full control over instance configuration
  6. Select your instance type (t3.medium recommended)
  7. Configure storage: 30 GB gp3 minimum
  8. Configure your Security Group with the following inbound rules:
Port Protocol Source Purpose
3389 TCP Your IP Remote Desktop (RDP) access
  1. Select your EC2 key pair and launch the instance

Step 2: Retrieve the Windows Password

Wait for the EC2 instance to pass 2/2 status checks.

  1. Open the AWS Console and navigate to EC2 > Instances
  2. Select your instance
  3. Click Actions > Security > Get Windows password
  4. Click Browse and upload your EC2 key pair .pem file
  5. Click Decrypt password
  6. Note the Username (Administrator) and the decrypted Password

Important: It may take up to 15 minutes after launch before the Windows password is available.

Step 3: Connect via Remote Desktop

Open your Remote Desktop client:

On Windows: 1. Press Win + R, type mstsc, and press Enter 2. Enter the public IP address of your instance 3. Click Connect

On macOS: 1. Open Microsoft Remote Desktop 2. Click Add PC and enter the public IP address 3. Double click the connection to connect

When prompted: - Username: Administrator - Password: The decrypted value from Step 2

If a certificate warning appears, click Continue to proceed.

Step 4: Verify Packer Installation

Once connected, open Command Prompt using the desktop shortcut and verify Packer is installed:

packer -help

Expected output:

Usage: packer [--version] [--help] <command> [<args>]

Available commands are:
    build           build image(s) from template
    console         creates a console for testing variable interpolation
    fix             fixes templates from old versions of packer
    fmt             rewrites HCL2 config files to canonical format
    hcl2_upgrade    transform a JSON template into an HCL2 configuration
    init            install missing plugins or upgrade plugins
    inspect         see components of a template
    plugins         interact with Packer plugins and catalog
    validate        check that a template is valid
    version         prints the Packer version

Check the version:

packer version

Step 5: Build Your First AMI

Create an example Packer template:

  1. Create a project directory: cmd mkdir C:\Users\Administrator\Documents\packer-project cd C:\Users\Administrator\Documents\packer-project

  2. Create a template file example.pkr.hcl: cmd notepad example.pkr.hcl

  3. Enter a basic Amazon EBS template: ```hcl packer { required_plugins { amazon = { version = ">= 1.0.0" source = "github.com/hashicorp/amazon" } } }

source "amazon-ebs" "example" { ami_name = "packer-example-{{timestamp}}" instance_type = "t3.micro" region = "us-east-1" source_ami_filter { filters = { name = "amzn2-ami-hvm-*-x86_64-gp2" root-device-type = "ebs" virtualization-type = "hvm" } most_recent = true owners = ["amazon"] } ssh_username = "ec2-user" }

build { sources = ["source.amazon-ebs.example"] provisioner "shell" { inline = ["echo 'Hello from Packer!'"] } } ```

  1. Initialize plugins: cmd packer init example.pkr.hcl

  2. Validate the template: cmd packer validate example.pkr.hcl

  3. Build the image (requires AWS credentials configured): cmd packer build example.pkr.hcl

Configuring AWS Credentials

To build AWS AMIs, configure your AWS credentials:

Method 1: Environment variables

set AWS_ACCESS_KEY_ID=your-access-key
set AWS_SECRET_ACCESS_KEY=your-secret-key
set AWS_DEFAULT_REGION=us-east-1

Method 2: IAM instance role (recommended)

Attach an IAM role with appropriate EC2 permissions to the instance. This avoids storing credentials on the server.

Method 3: AWS CLI configuration

aws configure

Server Components

Component Version
Packer Latest

Filesystem Layout

Drive Description
C:\ System drive with Windows and Packer installation

Key directories:

Directory Purpose
C:\Users\Administrator User home directory
C:\Users\Administrator\Documents Default working directory for templates
C:\Users\Administrator\AppData\Roaming\packer.d Packer plugins directory

Troubleshooting

Packer command not found

  1. Open Command Prompt and type packer version
  2. Verify Packer is in the system PATH: echo %PATH%
  3. Search for the Packer binary: where packer

Build fails with AWS authentication error

  1. Verify AWS credentials are configured correctly
  2. Check IAM permissions include EC2, S3, and AMI related actions
  3. Ensure the region is set correctly
  4. Try running aws sts get-caller-identity to verify credentials

Build times out

  1. Increase the ssh_timeout or communicator timeout in your template
  2. Verify the source AMI exists in the specified region
  3. Check security group settings allow SSH or WinRM access during build

Cannot connect via RDP

  1. Verify the instance has passed 2/2 status checks
  2. Check that your security group allows port 3389 from your IP
  3. Wait up to 15 minutes for the Windows password to be available

Security Recommendations

  • Change the Administrator password after first login
  • Use IAM roles instead of access keys for AWS authentication
  • Restrict RDP access: Only allow port 3389 from your specific IP address
  • Do not store credentials in templates: Use environment variables or IAM roles
  • Enable Windows Update: Keep the OS patched with the latest security updates
  • Keep Packer updated: Check for new versions and security fixes regularly
  • Validate templates before building: Always run packer validate before packer build

Support

If you encounter any issues with this product, contact cloudimg support:

  • Email: support@cloudimg.co.uk
  • Website: www.cloudimg.co.uk
  • Support hours: 24/7 with guaranteed 24 hour response SLA