The puppet service on current t-w732 amis appears to be enabled and running causing unnecessary network chatter between spot instances and puppet masters. The service should be disabled during the golden ami creation phase in userdata.
Created attachment 8770586 [details] [review] https://github.com/mozilla/build-cloud-tools/pull/235 The Disable-Service -serviceName 'puppet' line here should stop and disable the running puppet service. For golden runs we use the puppet agent cli rather than the service, so there's no good reason for it to be running. The Remove-ItemProperty -Name 'fPromptForPassword' -Path 'HKLM:\Software\Policies\Microsoft\Windows NT\Terminal Services' line is a piggyback change to change the rdp service behaviour to allow rdp clients to authenticate from the command line (as all our other windows instances allow). This simplifies instance maintenance and allows for automation scripts to create maintenance sessions. Note that credentials are still required, they just don't have to be physically typed for each session.