AWSPowershell module

Connecting via SAML provider

Install-Package awspowershell -Source PSGallery

$Endpoint = ""

Set-AWSSamlEndpoint -Endpoint $Endpoint -StoreAs "adfs" -AuthenticationType NTLM

# Get all roles

Set-AWSSamlRoleProfile -StoreAllRoles -EndpointName adfs

$Instances = Get-EC2Instance -ProfileName 123456789012:role/Ops-blahnet -Region us-east-1



# prompt for role and save it as the default so you do not need to specify the profile for each command

Set-AWSSamlRoleProfile -StoreAs default -EndpointName adfs


$Instances = Get-EC2Instance -Region us-east-1  -Filter @( @{name='tag:ProductCode'; values="Product1"} ) 


$Instances | select @{Name='InstanceId'; Expression={($_.Instances.InstanceId)}},

    @{Name='InstanceType'; Expression={($_.Instances.InstanceType)}},

    @{Name='Name'; Expression={($_.Instances.Tag | Where {$_.key -eq "Name"} | %{$_.Value}) }},

    @{Name='PrivateIP'; Expression={($_.Instances.PrivateIPAddress)}},

    @{Name='State'; Expression={($}} |

    ft -autosize



# Specify a specific role and save it as a profile called Blah-Ops

$params = @{




Set-AWSSamlRoleProfile @params -StoreAs Blah-Ops -EndpointName adfs -NetworkCredential $Credential

$Instances = Get-EC2Instance -Region us-east-1  -Filter @( @{name='tag:ProductCode'; values="Product1"} ) -ProfileName Blah-Opse


Mounting Install Media

# List of snapshot IDs for windows media by region

$2012R2EngSnapshots = @{"us-east-1"="snap-b305b7b7";




$SnapshotId = $2012R2EngSnapshots.Item($InstanceRegion)

$InstanceID = invoke-restmethod -uri

$InstanceRegion = (invoke-restmethod -uri

$InstanceAZ = invoke-restmethod -uri

$MediaVolume = New-EC2Volume -SnapshotId $SnapshotId -AvailabilityZone $InstanceAZ -Region $InstanceRegion

Add-EC2Volume -InstanceId $InstanceID -Device xvdn -VolumeId $MediaVolume.VolumeId -Region $InstanceRegion

$WindowsVolume = get-disk | where {$_.OperationalStatus -eq "Offline"}

Set-Disk -Number $WindowsVolume.Number -IsOffline $False

Add-WindowsFeature NET-Framework-Core -Source D:\sources\sxs

Dismount install Media

Dismount-EC2Volume -InstanceId $InstanceID -Device xvdn -VolumeId $MediaVolume.VolumeId -Region $InstanceRegion

Remove-EC2Volume -VolumeId $MediaVolume.VolumeId -Region $InstanceRegion

Filtering AMI images

aws ec2 describe-images --owners self amazon --filters "Name=platform,Values=windows" "Name=name,Values=Windows_Server-2012-R2_RTM-English-64Bit-Base*" --profile blahdev --query 'Images[].[ImageId,Name]' --output text

aws CLI

aws --query syntax

Deep Dive: AWS Command Line Interface

brew tap jmespath/jmespath

brew install jp

sudo -H pip install jmespath-terminal

aws ec2 wait instance-running -instance-ids $instance_id

aws dynamodb create-table --generate-cli-skeleton

aws dynamodb create-table --cli-input-json file://table.json

aws dynamodb describe-table --table-name table1 --output table

override file parameters

aws dynamodb create-table --cli-input-json file://table.json --table-name table2

aws ec2 describe-subnets --subnet-ids subnet-123ab4c5 --profile test --region us-west-2 --query 'Subnets[*].CidrBlock'

aws ec2 describe-subnets --subnet-ids subnet-123ab4c5 --profile test --region us-west-2 --query 'Subnets[*].[{SubnetId: SubnetId},{CidrBlock: CidrBlock}]'

aws ssm list-documents --profile test --query 'DocumentIdentifiers[*].[{Name: Name},{Owner: Owner}]' --output table

aws ssm create-association help

aws ssm create-association --generate-cli-skeleton


    "Name": "",

    "InstanceId": "",

    "Parameters": {

        "KeyName": [





aws ssm get-document --name AWS-JoinDirectoryServiceDomain --profile blah

aws ssm create-association --name AWS-JoinDirectoryServiceDomain --instance-id _____ --parameters {"directoryId": "_____"}

aws ec2 describe-images --profile blah --owners amazon --filters "Name=platform,Values=windows" "Name=root-device-type,Values=ebs" "Name=name,Values=Windows_Server-2016-English*" --query 'Images[*].[{Name:Name},{ID:ImageId}]' --output table

aws ec2 describe-security-groups --profile blah --group-ids sg-6352901b --query 'SecurityGroups[*].IpPermissions[*].{IpProtocol:IpProtocol,FromPort:FromPort,ToPort:ToPort,IpRanges:IpRanges[0].CidrIp}' --output text

53 tcp 53