Summary: Windows PowerShell MVP, Mike F Robbins, walks through a setup to manage an Amazon Web Services environment with Windows PowerShell.
Microsoft Scripting Guy, Ed Wilson, is here. Welcome back Mike F Robbins to talk about Windows PowerShell for Amazon Web Services.
Mike F Robbins is a Microsoft MVP for Windows PowerShell and for SAPIEN Technologies. He is a co-author of Windows PowerShell TFM 4th Edition, and he is the contributing author of a chapter in PowerShell Deep Dives. Mike has written guest posts for PowerShell Magazine, PowerShell.org, and the Hey, Scripting Guy! Blog (to read more of Mike's guest posts, see these Hey, Scripting Guy! Blog posts). He is the winner of the advanced category in the 2013 Windows PowerShell Scripting Games. Mike is also the leader and cofounder of the Mississippi PowerShell User Group. He blogs at Mike F Robbins Computing Solutions, he and can be found on twitter at @mikefrobbins.
Now, here's Mike...
Let me first say that this certainly isn’t a marketing post for Amazon (or any cloud provider, for that matter), and this blog post isn’t meant to endorse one cloud provider over another. I currently work with a mix of Azure and Amazon cloud environments, and I manage both of them (and multiple datacenters with on premise infrastructures) with Windows PowerShell.
The first thing that you’ll need to get started with Amazon Web Services is an AWS account. See Amazon Web Services for more information about creating an account if you don’t already have one.
When you have an AWS account, visit AWS Tools for Windows PowerShell to download the tools. There’s also an online reference for the AWS cmdlets on that webpage.
Windows PowerShell can be used to download the AWS Tools for Windows PowerShell:
$Uri = 'http://sdk-for-net.amazonwebservices.com/latest/AWSToolsAndSDKForNet.msi'
Invoke-WebRequest -Uri $Uri -OutFile "$env:HOMEPATH\downloads\$($Uri -replace '^.*/')"
Unblock-File -Path "$env:HOMEPATH\downloads\$($Uri -replace '^.*/')"
The AWS Tools for Windows PowerShell require that the script execution policy be set to RemoteSigned or less so that script execution is allowed on the system that they’re being installed on:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
If you’re only installing the AWS Tools so you can manage your AWS environment with Windows PowerShell, you’ll only need to install the AWS Tools for Windows PowerShell, as shown here:
This will add the installation location to your $env:PSModulePath, and if you’re running Windows PowerShell 3.0 or higher, there is no need to manually import the module.
From the services section of your online AWS account dashboard, create an IAM user account and assign it the appropriate permissions. The AccessKey and SecretKey will be needed. These credentials should be kept secure. After the first account is created, additional IAM user accounts can be created in Windows PowerShell by using the New-IAMUser cmdlet.
Set the AWS credentials for your current Windows PowerShell session or save them persistently as I’ve done in the following example:
Set-AWSCredentials -AccessKey MYACCESSKEYFORAWS123 -SecretKey AWS1234567890abcdefghijklmnopqrstuvwxyz -StoreAs myprofile
List the stored credentials:
Get-AWSCredentials -ListStoredCredentials
The stored credentials can be removed by using the Clear-AWSCredentials cmdlet, if desired.
The next step is to set the default AWS region, but first let’s determine what the valid regions are:
Get-AWSRegion
To set the default region, use:
Initialize-AWSDefaults -ProfileName myprofile -Region us-east-1
Verify that the default region was indeed set correctly:
Get-DefaultAWSRegion
The default region can be cleared by using the Clear-DefaultAWSRegion cmdlet, if needed.
You’re now set up to use Windows PowerShell to manage the products associated with your AWS account. That was easy enough, wasn’t it?
Now I’ll demonstrate how to retrieve a list of and remove snapshots created by an AWS storage gateway.
First, I’ll query a list of storage gateways that are set up on AWS for this particular account:
Get-SGGateway | Format-Table -AutoSize
To retrieve a list of all the volumes for the storage gateway returned in the previous results, use:
Get-SGGateway | Get-SGVolume | Format-Table -AutoSize
I’ve written a Windows PowerShell script module named MrAWS. It contains a couple of functions that are designed to help make managing the storage gateway snapshots on AWS much easier without having to know all of the intricacies of working with the AWS cmdlets.
To see all of the snapshots for all of the volumes on a particular AWS storage gateway that are older than 14 days, simply use the Get-MrAWSSGSnapshot function (which is part of my MrAWS module) and specify the gateway name with the number 14 for the Days parameter:
Get-MrAWSSGSnapShot -GatewayName abcde -Days 14
The Remove-MrAWSSGGateway function (also part of my MrAWS module) is designed to remove all snapshots from all volumes older than the specified number of days from the specified AWS storage gateway. By default, to prevent accidentally deleting all snapshots, it only deletes snapshots that are older than 14 days if the Days parameter is not specified. This function supports the Confirm and WhatIf parameters. I recommend trying it with the WhatIf parameter first to see what it will do before actually deleting any snapshots:
Remove-MrAWSSGSnapShot -GatewayName abcde -Days 14 -WhatIf
Not specifying the Confirm or WhatIf parameter will permanently delete the snapshots that are older than the specified number of days:
Remove-MrAWSSGSnapShot -GatewayName abcde -Days 14
When an attempt is made to retrieve the snapshots that are older than 14 days, nothing is returned because all of the snapshots that were older than 14 days were previously deleted.
Get-MrAWSSGSnapShot -GatewayName abcde -Days 14
By default, the Get-MrAWSSGGateway function returns all snapshots for all volumes of the specified AWS storage gateway. By not specifying the Days parameter, you can see that there are still 42 snapshots available and those are the ones that have been created within the past 14 days:
I hope you’ve enjoyed this blog post, but keep in mind that I really haven’t scratched the surface when it comes to all of the cmdlets available for managing your AWS environment. Use the following command to view all of the cmdlets that are available in the AWSPowerShell module:
Get-Command -Module AWSPowerShell
As of this writing, there are a total of 1142 cmdlets in the AWSPowerShell module:
(Get-Command -Module AWSPowerShell).count
You can download the MrAWS module demonstrated in this post from GitHub: mikefrobbins/AWS.
Thanks, Mike, for sharing your time and knowledge.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy