Last active
October 12, 2022 05:34
-
-
Save mkubenka/33b542cbd82614fe7f8b to your computer and use it in GitHub Desktop.
Windows on AWS with Vagrant
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <powershell> | |
| # Disable Complex Passwords | |
| # Reference: http://vlasenko.org/2011/04/27/removing-password-complexity-requirements-from-windows-server-2008-core/ | |
| $seccfg = [IO.Path]::GetTempFileName() | |
| secedit /export /cfg $seccfg | |
| (Get-Content $seccfg) | Foreach-Object {$_ -replace "PasswordComplexity\s*=\s*1", "PasswordComplexity=0"} | Set-Content $seccfg | |
| secedit /configure /db $env:windir\security\new.sdb /cfg $seccfg /areas SECURITYPOLICY | |
| del $seccfg | |
| Write-Host "Complex Passwords have been disabled." -ForegroundColor Green | |
| $ComputerName = $env:COMPUTERNAME | |
| $user = [adsi]"WinNT://$ComputerName/Administrator,user" | |
| $user.setpassword("VagrantRocks") | |
| # WinRM | |
| write-output "Setting up WinRM" | |
| write-host "(host) setting up WinRM" | |
| cmd.exe /c winrm quickconfig -q | |
| cmd.exe /c winrm quickconfig '-transport:http' | |
| cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}' | |
| cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}' | |
| cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}' | |
| cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}' | |
| cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}' | |
| cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}' | |
| cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}' | |
| cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}' | |
| cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes | |
| cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" | |
| cmd.exe /c net stop winrm | |
| cmd.exe /c sc config winrm start= auto | |
| cmd.exe /c net start winrm | |
| # Disable Internet Explorer Security | |
| # http://stackoverflow.com/a/9368555/2067999 | |
| $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" | |
| $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" | |
| Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 | |
| Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 | |
| # Do not combine taskbar buttons | |
| # http://superuser.com/a/741155 | |
| Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarGlomLevel -Value 1 | |
| Get-Process -Name explorer | Stop-Process | |
| (iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')))>$null 2>&1 | |
| choco install GoogleChrome -y | |
| choco install babun -y | |
| </powershell> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'inifile' | |
| require 'date' | |
| Vagrant.configure("2") do |config| | |
| config.vm.box = "dummy" | |
| config.vm.guest = "windows" | |
| config.vm.boot_timeout = 600 | |
| config.vm.provider :aws do |aws, override| | |
| # https://gist.github.com/amosshapira/e043ef116bfdfe92e3cd | |
| aws_credentials = IniFile.load(File.expand_path('~/.aws/credentials')) | |
| aws.access_key_id = aws_credentials['default']['aws_access_key_id'] | |
| aws.secret_access_key = aws_credentials['default']['aws_secret_access_key'] | |
| aws.region = 'eu-west-1' | |
| aws.keypair_name = "keypair" # << FIXME | |
| aws.ami = "ami-c343ecb0" # Microsoft Windows Server 2012 Base | |
| aws.instance_type = "t2.micro" | |
| aws.terminate_on_shutdown = true | |
| aws.security_groups = ["sg-123"] # << FIXME | |
| aws.subnet_id = "subnet-123" # << FIXME | |
| aws.associate_public_ip = true | |
| # aws.spot_instance = true | |
| # aws.spot_max_price = 0.0155 | |
| # aws.spot_valid_until = DateTime.now + (3.0/24) | |
| aws.tags = { | |
| 'Name' => 'vagrant-test' | |
| } | |
| aws.user_data = File.read("user_data.txt") | |
| override.vm.communicator = "winrm" | |
| override.winrm.username = "Administrator" | |
| override.winrm.password = "VagrantRocks" | |
| override.vm.synced_folder ".", "/vagrant", disabled: true | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I have been trying to use the above code but I seem to be running into issues.
I am successfully able to create the Windows EC2 instance but then it eventually gets stuck when it says "waiting for SSH to become available"
Here is the output I get from Powershell, would know what I am doing wrong?
PS C:\qmi\qmi-scenarios\deanscenario> Vagrant up --provider=aws
Bringing machine 'default' up with 'aws' provider...
==> default: Preparing SMB shared folders...
default: You will be asked for the username and password to use for the SMB
default: folders shortly. Please use the proper username/password of your
default: account.
default:
default: Username:
default: Password (will be hidden):
==> default: Warning! The AWS provider doesn't support any of the Vagrant
==> default: high-level network configurations (
config.vm.network). They==> default: will be silently ignored.
==> default: Launching an instance with the following settings...
==> default: -- Type: t2.micro
==> default: -- AMI: ami-9bb358fc
==> default: -- Region: eu-west-2
==> default: -- Keypair: <keypair_name>
==> default: -- User Data: yes
==> default: -- User Data:
==> default:
==> default: # Disable Complex Passwords
==> default: # Reference: http://vlasenko.org/2011/04/27/removing-password-complexity-requirements-from-windows-server-2008-core/
==> default: $seccfg = [IO.Path]::GetTempFileName()
==> default: secedit /export /cfg $seccfg
==> default: (Get-Content $seccfg) | Foreach-Object {$_ -replace "PasswordComplexity\s*=\s1", "PasswordComplexity=0"} | Set-Content $seccfg
==> default: secedit /configure /db $env:windir\security\new.sdb /cfg $seccfg /areas SECURITYPOLICY
==> default: del $seccfg
==> default: Write-Host "Complex Passwords have been disabled." -ForegroundColor Green
==> default:
==> default: $ComputerName = $env:COMPUTERNAME
==> default: $user = [adsi]"WinNT://$ComputerName/Administrator,user"
==> default: $user.setpassword("VagrantRocks")
==> default:
==> default: # WinRM
==> default: write-output "Setting up WinRM"
==> default: write-host "(host) setting up WinRM"
==> default:
==> default: cmd.exe /c winrm quickconfig -q
==> default: cmd.exe /c winrm quickconfig '-transport:http'
==> default: cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
==> default: cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
==> default: cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
==> default: cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
==> default: cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
==> default: cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
==> default: cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
==> default: cmd.exe /c winrm set "winrm/config/listener?Address=+Transport=HTTP" '@{Port="5985"}'
==> default: cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
==> default: cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985"
==> default: cmd.exe /c net stop winrm
==> default: cmd.exe /c sc config winrm start= auto
==> default: cmd.exe /c net start winrm
==> default:
==> default: # Disable Internet Explorer Security
==> default: # http://stackoverflow.com/a/9368555/2067999
==> default: $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
==> default: $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
==> default: Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
==> default: Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
==> default:
==> default: # Do not combine taskbar buttons
==> default: # http://superuser.com/a/741155
==> default: Set-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarGlomLevel -Value 1
==> default: Get-Process -Name explorer | Stop-Process
==> default:
==> default: (iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')))>$null 2>&1
==> default: choco install GoogleChrome -y
==> default: choco install babun -y
==> default:
==> default:
==> default: -- Block Device Mapping: []
==> default: -- Terminate On Shutdown: true
==> default: -- Monitoring: false
==> default: -- EBS optimized: false
==> default: -- Source Destination check:
==> default: -- Assigning a public IP address in a VPC: false
==> default: -- VPC tenancy specification: default
==> default: Waiting for instance to become "ready"...
==> default: Waiting for SSH to become available...