{"id":17601225,"url":"https://github.com/sam-martin/awswindowshelpers","last_synced_at":"2025-04-30T07:49:28.901Z","repository":{"id":80868813,"uuid":"98431566","full_name":"Sam-Martin/AWSWindowsHelpers","owner":"Sam-Martin","description":"A series of cmdlets that sit on top of the AWS PowerShell cmdlets to help with common AWS related tasks","archived":false,"fork":false,"pushed_at":"2018-05-15T10:58:12.000Z","size":59,"stargazers_count":5,"open_issues_count":1,"forks_count":2,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-04-30T07:49:27.054Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sam-Martin.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-26T14:24:04.000Z","updated_at":"2022-12-02T13:29:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"ae140f40-bea6-4c12-a7f6-9064b2161e56","html_url":"https://github.com/Sam-Martin/AWSWindowsHelpers","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sam-Martin%2FAWSWindowsHelpers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sam-Martin%2FAWSWindowsHelpers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sam-Martin%2FAWSWindowsHelpers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sam-Martin%2FAWSWindowsHelpers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sam-Martin","download_url":"https://codeload.github.com/Sam-Martin/AWSWindowsHelpers/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251666226,"owners_count":21624290,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-22T12:09:13.466Z","updated_at":"2025-04-30T07:49:28.885Z","avatar_url":"https://github.com/Sam-Martin.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS Windows Helpers [![Build status](https://ci.appveyor.com/api/projects/status/1fc07ur3jd49k5cr/branch/master?svg=true)](https://ci.appveyor.com/project/Sam-Martin/awswindowshelpers/branch/master) [![PowerShell Gallery](https://img.shields.io/powershellgallery/v/AWSWindowsHelpers.svg)](https://www.powershellgallery.com/packages/AWSWindowsHelpers/) [![PowerShell Gallery](https://img.shields.io/powershellgallery/dt/AWSWindowsHelpers.svg)](https://www.powershellgallery.com/packages/AWSWindowsHelpers/)\n\nA series of cmdlets that sit on top of the AWS PowerShell cmdlets to help with common AWS related tasks.\nThese cmdlets have been created based primarily on requirements I (Sam Martin) have encountered while working with AWS, and are not intended to cover any specific set of scenarios beyond what I have added.\n\n\n\n# Dependencies\nDepends upon the [AWSTestHelper](https://github.com/Sam-Martin/AWSTestHelper) module\n\n# Usage\nYou can install from the [PowerShell Gallery](https://www.powershellgallery.com/packages/AWSWindowsHelpers/) using the following command.\n\n```PowerShell\nInstall-Module -Name AWSWindowsHelpers\n```\n\n## Update an EC2 instance offline and swap loadbalancers/security groups to new instance\nOne major use case for this module is the offline Windows Patching of an EC2 instance.\nThis is intended to allow you to patch a manually configured instance which is a single point of failure in an AWS environment with minimal downtime.\nObviously, if you are able to, it is preferable to launch a newly patched instance in parallel behind a loadbalancer, and drain connections from the old instance before decommissioning it. However, this is not always possible (e.g. in manually configured AD joined environments).\n\nThe below example performs the following actions:\n1. Creates an AMI of `$CurrentInstanceID` (`Update-AWSWindowsHelperInstanceToAMI`)\n2. Deploys a new, isolated, test VPC (`Update-AWSWindowsHelperInstanceToAMI`)\n3. Launches an instance from the AMI in the new VPC (`Update-AWSWindowsHelperInstanceToAMI`)\n4. Deletes the AMI (`Update-AWSWindowsHelperInstanceToAMI`)\n5. Runs an SSM command to run a powershell script which: (`Update-AWSWindowsHelperInstanceToAMI`)\n\t1. Creates a scheduled task to run itself on boot.\n\t2. Installs chocolatey\n\t3. Installs the PSWindowsUpdate module using chocolatey (to allow compatibility with servers which do not have `Install-Module`)\n\t4. Checks to see if any patches are required.\n\t5. Installs any patches required.\n\t6. Reboots the server\n\t7. Repeats steps iv-vi until no more patches are required\n\t8. Once no more patches are required shuts down.\n 6. Waits until the newly launched instance has shutdown (i.e. it has completed patching) (`Update-AWSWindowsHelperInstanceToAMI`)\n 7. Creates an AMI of the newly patched instance. (`Update-AWSWindowsHelperInstanceToAMI`)\n 8. Launches an instance with size, subnet, tags, etc. identical to `$CurrentInstanceID` but with a security group that does not allow inbound OR outbound access to prevent it colliding in AD with the old instance (`New-AWSWindowsHelpersReplacementInstance`)\n 9. Waits until that instance passes its reachability checks (`Wait-AWSWindowsHelperInstanceReady`)\n 10. Swaps security groups between the new and old instances (black holing the old instance) (`Switch-AWSHelperInstanceSecurityGroups`)\n 11. Swaps the new instance with the old instance in ELB and ELBv2 loadbalancers (`Switch-AWSHelperInstanceInLoadBalancers`)\n\n```PowerShell\nImport-Module AWSWindowsHelpers\nImport-Module AWSTestHelper\n\n$CurrentInstanceID = 'i-0210e383e3d655d40'\n$Region = 'eu-west-1'\n$VerbosePreference = \"Continue\"\n\n# Launch a clone of the instance in a separate VPC, update it, and create an AMI from the updated instance.\n$UpdatedAMIID = Update-AWSWindowsHelperInstanceToAMI -InstanceID $CurrentInstanceID -Region $Region -NewAMIName $($CurrentInstanceID+\"-\"+$(Get-Date -Format 'yyyy-MM-dd-HH-mm-ss')+'-Updated')\n\n# Launch a new instance from the patched AMI with the same name, tags, subnet, etc. with a black hole Security Group attached\n$UpdatedInstance = New-AWSWindowsHelpersReplacementInstance -AMIID $UpdatedAMI -InstanceIDToReplace $CurrentInstanceID -BlackHoleSecurityGroup -Region $region\n\n# Wait for the new (patched) instance to be reachable.\nWait-AWSWindowsHelperInstanceReady -InstanceID $UpdatedInstance.InstanceId -Region $Region\n\n# Give the old unpatched instance the black hole security group, and the new patched instance the security groups the unpatched instance had\nSwitch-AWSHelperInstanceSecurityGroups -CurrentInstanceID $CurrentInstanceID -ReplacementInstanceID $UpdatedInstance.InstanceId -Region $Region\n\n# Remove the old unpatched instance from its loadbalancers (ELB \u0026 ELBv2) and add the new patched instance in its stead\nSwitch-AWSHelperInstanceInLoadBalancers -CurrentInstanceID $CurrentInstanceID -ReplacementInstanceID $UpdatedInstance.InstanceId -Region $Region\n```\n\n# KMS Encryption and Decryption\nThe cmdlets `Invoke-AWSWindowsHelperEncryptKMSPlaintext` and `Invoke-AWSWindowsHelperDecryptKMSPlaintext` allow you to encrypt and decrypt strings using KMS easily.\n\n```powershell\n$encrypted = Invoke-AWSWindowsHelperEncryptKMSPlaintext -KeyID 347d96af-ea90-456d-9ca7-edecdbb46c42 -PlaintextString \"hello!\" -Region us-east-1\nInvoke-AWSWindowsHelperDecryptKMSPlaintext -Base64Secret $encrypted -Region us-east-1\n```\n\n# Route 53\n\nThese cmdlets make working with Route53 a bit easier in powershell.\n\n## Set-AWSWindowsHelpersR53RecordSet\n\n```powershell\nSet-AWSWindowsHelpersR53RecordSet -HostedZoneID Z9MTZXMHP863H -RecordName testsam2017.example.com. -RecordValue \"google.com\" -RecordType CNAME -Verbose\n\n# Set a \"A\" Record with an Alias Target\n\nSet-AWSWindowsHelpersR53RecordSet -HostedZoneID Z9MTZXMHP863H -RecordName testsam2017.example.com. -ARecordAlias -AliasHostedZoneID \"Z32O12XQLNT63H\" -RecordValue \"loadbalancer-dns-name-123456789.eu-west-1.elb.amazonaws.com\" -Verbose\n```\n\n# Load Balancers\n\n## Get-AWSWindowsHelperALBTraffic\n\n```PowerShell\nGet-AWSWindowsHelperALBTraffic -AWSRegion eu-west-1 -ALBName app/LoadB-3M8KJGY58BE5/059338ed989e015 -StartTime (Get-Date).AddMonths(-1) -EndTime (Get-Date)\n```\n\n## Update-AWSWindowsHelpersLoadBalancerCertificate\n\nReplaces a specific SSL certificate on all ALB and ELB load balancers for a specified region. If a ACM certificate is specified in either the original or replacement parameter ARN then the region is inferred from the ARN. If only IAM certificates ARNs are supplied a region must be given. \n\n```PowerShell\nUpdate-AWSWindowsHelpersLoadBalancerCertificate -originalCertARN \"arn:aws:iam::123456789012:server-certificate/2017_wild_example_com\" -replacementCertARN \"arn:aws:acm:us-west-2:123456789012:certificate/0e460187-a4b4-452f-a88b-c1d17dfaf749\"\n```\n\n# CloudFormation\n\n## ConvertTo-AWSWindowsHelperCFNParameter\n\nConverts a hashtable to the Parameter data type expected by the parameter \"Parameter\" of the New-CFNStack cmdlet. The UsePreviousValue property is set to true for values processed by this cmdlet.\n\n```PowerShell\n$CFNStackParameters = @{ \n\t\"AMILookupStackName\" = \"aws-amilookup-stack\" \n\t\"InstanceType\" = \"t2.micro\"\n\t\"WindowsVersion\" = \"Windows Server 2012 R2 English 64-bit\"\n\t}\n\n$Params = @{\n    StackName = \"cloudformation-stack-name\" \n    Parameter = $CFNStackParameters | ConvertTo-AWSWindowsHelperCFNParameter \n    TemplateBody = $TemplateBody\n    region = \"eu-west-1\" \n    EnableTerminationProtection = $true\n}\n\nCloudformationStackARN = New-CFNStack @Params\n```\n\n# Authors\n\n- Sam Martin (samjackmartin@gmail.com)\n- Oliver Li (oliverli@hotmail.co.uk)\n- Bindu Massey (bindu.massey@hotmail.co.uk)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsam-martin%2Fawswindowshelpers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsam-martin%2Fawswindowshelpers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsam-martin%2Fawswindowshelpers/lists"}