I am doing more work in AWS these days, and with that, I have been using Ansible run from a Linux instance in Codebuild to create our Windows 2019 AMI. I wanted to clarify a couple of things about Ansible as it related to configuration management and DSC. We use a YML file to configure the instance in Codebuild, and in doing so, we install Ansible, to which we pass a playbook.yml file with the playbooks for the AMI build. Ansible connects to the Windows instance via WinRM over port 5986. HashiCorp Packer manages the authentication, variables, kickoff, verification of Ansible, Sysprep, and the final processing of the Windows instance conversion to and naming of the AMI.
I wanted to confirm that any configuration made by Ansible is a one-time configuration; there is no desired state? In other words, unlike DCS, which uses the Local Configuration Manager set to ApplyAndAutoCorrect, if something gets changed, it is changed, it will not be checked or corrected?
The next question I have is, will Sysprep have an adverse impact on the ApplyAndAutoCorrect applied prior to the AMI conversion? In other words, will it still be able to ApplyAndAutoCorrect?
I guess the last question I have for all of the instances created in an account, which I will have to use AWS System Manager for configuration management, how can I use DSC in combination with what I have used to create the AMI?
Thanks in advance for your help!