Easy-to-use templates for Packer builds, specifically aimed at digital foresnsics workstations.
Supports SSH over SSM
Includes shell scripts for several common configuration tasks:
- Joining an AD domain using credentials from SecretsManager
- Install SANS' SIFT Workstation
Supports the following
- WinRM
- SSH over SSM (recommended)
- Possibly the biggest selling point of this repo. HashiCorp has completely neglected writing documentation for and providing examples on getting SSH over SSM to actually work. This template solves that.
Included Powershell scripts for several common configuration tasks:
- Disabling UAC and/or Defender
- Installing binaries (.exe/.msi, unarchived or .7z/.zip) downloaded from a specified s3 bucket
- Installing common apps with Chocolatey
- Joining a domain using credentials from SecretsManager
See install instructions here.
See install instructions here.
The SSM agent is pre-installed on almost all AWS Marketplace AMIs. If you are using a custom AMI, see install instructions here.
AWS SSM can be enabled at the account level or on individual Instances using an IAM Instance Profile.
See instructions here.
See instructions here.
- The user running the Packer build will require the permissions described here.
One of the main benefits of AWS SSM is that it requires no inbound access. The Instances' Security Groups do not need any inbound rules in order for Summoner to work.
For added security, use a VPC Endpoint for AWS SSM See instructions here.