AWS

AWSPowershell module

Connecting via SAML provider

Install-Package awspowershell -Source PSGallery

$Endpoint = "https://adfs.blahnet.com/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices"

Set-AWSSamlEndpoint -Endpoint $Endpoint -StoreAs "adfs" -AuthenticationType NTLM

# Get all roles

Set-AWSSamlRoleProfile -StoreAllRoles -EndpointName adfs

$Instances = Get-EC2Instance -ProfileName 123456789012:role/Ops-blahnet -Region us-east-1

 

 

# prompt for role and save it as the default so you do not need to specify the profile for each command

Set-AWSSamlRoleProfile -StoreAs default -EndpointName adfs

 

$Instances = Get-EC2Instance -Region us-east-1  -Filter @( @{name='tag:ProductCode'; values="Product1"} ) 

 

$Instances | select @{Name='InstanceId'; Expression={($_.Instances.InstanceId)}},

    @{Name='InstanceType'; Expression={($_.Instances.InstanceType)}},

    @{Name='Name'; Expression={($_.Instances.Tag | Where {$_.key -eq "Name"} | %{$_.Value}) }},

    @{Name='PrivateIP'; Expression={($_.Instances.PrivateIPAddress)}},

    @{Name='State'; Expression={($_.Instances.state.name.Value)}} |

    ft -autosize

 

 

# Specify a specific role and save it as a profile called Blah-Ops

$params = @{

        "PrincipalARN"="arn:aws:iam::123456789012:saml-provider/adfs.blahnet.com"

        "RoleARN"="arn:aws:iam::123456789012:role/Ops-blahnet"

    }

Set-AWSSamlRoleProfile @params -StoreAs Blah-Ops -EndpointName adfs -NetworkCredential $Credential

$Instances = Get-EC2Instance -Region us-east-1  -Filter @( @{name='tag:ProductCode'; values="Product1"} ) -ProfileName Blah-Opse

$Instances.count

Mounting Install Media

# List of snapshot IDs for windows media by region

https://aws.amazon.com/articles/1802

$2012R2EngSnapshots = @{"us-east-1"="snap-b305b7b7";

    "us-west-1"="snap-202c282b";

    "us-west-2"="snap-67b75158";

}

$SnapshotId = $2012R2EngSnapshots.Item($InstanceRegion)

$InstanceID = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/instance-id

$InstanceRegion = (invoke-restmethod -uri http://169.254.169.254/latest/dynamic/instance-identity/document).region

$InstanceAZ = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/placement/availability-zone

$MediaVolume = New-EC2Volume -SnapshotId $SnapshotId -AvailabilityZone $InstanceAZ -Region $InstanceRegion

Add-EC2Volume -InstanceId $InstanceID -Device xvdn -VolumeId $MediaVolume.VolumeId -Region $InstanceRegion

$WindowsVolume = get-disk | where {$_.OperationalStatus -eq "Offline"}

Set-Disk -Number $WindowsVolume.Number -IsOffline $False

Add-WindowsFeature NET-Framework-Core -Source D:\sources\sxs

Dismount install Media

Dismount-EC2Volume -InstanceId $InstanceID -Device xvdn -VolumeId $MediaVolume.VolumeId -Region $InstanceRegion

Remove-EC2Volume -VolumeId $MediaVolume.VolumeId -Region $InstanceRegion

Filtering AMI images

aws ec2 describe-images --owners self amazon --filters "Name=platform,Values=windows" "Name=name,Values=Windows_Server-2012-R2_RTM-English-64Bit-Base*" --profile blahdev --query 'Images[].[ImageId,Name]' --output text

aws CLI

aws --query syntax

Deep Dive: AWS Command Line Interface

http://jmespath.org/

brew tap jmespath/jmespath

brew install jp

sudo -H pip install jmespath-terminal

aws ec2 wait instance-running -instance-ids $instance_id

aws dynamodb create-table --generate-cli-skeleton

aws dynamodb create-table --cli-input-json file://table.json

aws dynamodb describe-table --table-name table1 --output table

override file parameters

aws dynamodb create-table --cli-input-json file://table.json --table-name table2

aws ec2 describe-subnets --subnet-ids subnet-123ab4c5 --profile test --region us-west-2 --query 'Subnets[*].CidrBlock'

aws ec2 describe-subnets --subnet-ids subnet-123ab4c5 --profile test --region us-west-2 --query 'Subnets[*].[{SubnetId: SubnetId},{CidrBlock: CidrBlock}]'

aws ssm list-documents --profile test --query 'DocumentIdentifiers[*].[{Name: Name},{Owner: Owner}]' --output table

aws ssm create-association help

aws ssm create-association --generate-cli-skeleton

{

    "Name": "",

    "InstanceId": "",

    "Parameters": {

        "KeyName": [

            ""

        ]

    }

}

aws ssm get-document --name AWS-JoinDirectoryServiceDomain --profile blah

aws ssm create-association --name AWS-JoinDirectoryServiceDomain --instance-id _____ --parameters {"directoryId": "_____"}

aws ec2 describe-images --profile blah --owners amazon --filters "Name=platform,Values=windows" "Name=root-device-type,Values=ebs" "Name=name,Values=Windows_Server-2016-English*" --query 'Images[*].[{Name:Name},{ID:ImageId}]' --output table

aws ec2 describe-security-groups --profile blah --group-ids sg-6352901b --query 'SecurityGroups[*].IpPermissions[*].{IpProtocol:IpProtocol,FromPort:FromPort,ToPort:ToPort,IpRanges:IpRanges[0].CidrIp}' --output text

53 tcp 10.0.0.0/8 53