AWS AMI cannot retrieve password after packer creation using private key

Question

I am building a windows server AMI using packer. It works fine with a hardcoded password, but I am trying to create the AMI so that the password is autogenerated. I tried what was suggested below and the packer logs looks good, it gets a password.

How to create windows image in packer using the keypair

However when I create an EC2 instance from the AMI in terraform the connection to the windows password is lost and cannot be retrieved. What is missing here?

Packer json

{  
  "builders": [
    {
      "profile" : "blah",
      "type": "amazon-ebs",
      "region": "eu-west-1",
      "instance_type": "t2.micro",
      "source_ami_filter": {
        "filters": {
          "virtualization-type": "hvm",
          "name": "*Windows_Server-2012-R2*English-64Bit-Base*",
          "root-device-type": "ebs"
        },
        "most_recent": true,
        "owners": "amazon"
      },
      "ssh_keypair_name" : "shared.key",
      "ssh_private_key_file" : "./common/sharedkey.pem",
      "ssh_agent_auth" : "true",
      "ami_name": "test-{{timestamp}}",
      "user_data_file": "./common/bootstrap_win.txt",
      "communicator": "winrm",
      "winrm_username": "Administrator"      
    }
  ]
}

Answer 1

Adding Ec2Config.exe -sysprep at the end worked.

{
      "type": "windows-shell",
      "inline": ["C:\\progra~1\\Amazon\\Ec2ConfigService\\Ec2Config.exe -sysprep"]
}

Though beware it seems my IIS configuration does not work after sysprep.