2 min read aws

Building Windows AMIs with Packer

Share
Building Windows AMIs with Packer
Photo by Antonis Georgiou / Unsplash

Building a Windows AMI (Amazon Machine Image) with Packer used to be pretty painful. Traditionally, you had to use the WinRM communicator and it's...not the best experience. Generally, WinRM is slow, unreliable and there's a lot a bunch of steps you need to take to ensure the image is secure. Not great! On top of that, provisioning a Windows instance on AWS was a lot slower than a Linux instance. Put all that together and Windows image builds were quite the grind. Iterating was slow and I would often spend 20-40 minutes waiting on a build just to find out the image was broken in some way.

But things have gotten better! Over the last few years, there's been a few changes that have made this a lot less painful:

  • OpenSSH on Windows
  • EC2 Fast Launch

OpenSSH on windows

Back in 2018 or so, Microsoft ported OpenSSH to Windows which meant you could use the ssh communicator in Packer instead, a faster and more secure alternative. Following this post by a former Joyent colleague, I started using this approach for building Windows AMIs at Nymi.

Things improved a bit more since that blog post and you can now install OpenSSH fairly easily via Add-WindowsCapability.

EC2 Fast Launch

Sometime in 2022, AWS introduce EC2 Fast Launch which significantly reduces Windows instance launch time. They claim launches are 65% faster, and it certainly feels that way. This speeds up Packer builds by quite a bit, and iterating on an image is way less painful. Even better, you can enable Fast Launch in your Packer template so your custom Windows instances will launch pretty quickly as well.

A Packer Template for Windows AMIs

With all those recent improvements, I created a reference Packer template on GitHub:

This template is based on the solid groundwork here but with a few updates:

  • The Packer template aws-windows-ssh.pkr.hcl is coded in HCL2 rather than JSON.
  • OpenSSH is installed with Add-WindowsCapability
  • The template enables Fast Launch for the AMI (enable_fast_launch = true)

The image build times are much more reasonable!

Hopefully this will be helpful to anyone else who needs to build a Windows image and makes things a little easier.

Published by:

Christopher Horrell

You might also like...

22
Mar
Validating packer templates with GitHub Actions

Validating packer templates with GitHub Actions

I setup a GitHub Action for my packer-aws-windows-openssh project last month and it was working pretty well until a recent
1 min read