-
Notifications
You must be signed in to change notification settings - Fork 0
Scripts AWS
Scripts in Scripts/AWS/.
What it does: Interactive AWS CLI setup — detects existing credentials, offers to reuse them, installs/upgrades the AWS CLI and AWS Tools for PowerShell, prompts for region selection, and validates the configuration.
Steps performed:
- Checks
~/.aws/credentialsfor existingaws_access_key_id. If found, offers to reuse them. - If Chocolatey is not installed, installs it.
- Upgrades
awscliandawstools.powershellvia Chocolatey (choco upgrade -y). - Configures AWS CLI:
aws configure set aws_access_key_idandaws configure set aws_secret_access_key. - Queries
aws ec2 describe-regionsfor the live region list and presents a numbered menu. - Sets
aws configure set default.region <selected>. - Tests the configuration with
aws s3 ls.
Parameters: None (fully interactive — all input is via Read-Host prompts).
Requirements: Administrator privileges (for Chocolatey installation). Internet access.
Usage:
.\Scripts\AWS\Invoke-AwsConfigure.ps1Notes:
- The script reads existing credentials from
~/.aws/credentialsusing regex (Select-String) — this works for the[default]profile but may not correctly handle named profiles with multiple sections. - Credentials are passed directly to
aws configure setand stored in~/.aws/credentials. They are not stored anywhere else by this script. - The region list is pulled live from
aws ec2 describe-regions, which requires the credentials to already have at leastec2:DescribeRegionspermission. If that call fails, the region selection step will have no options.
What it does: A guided walkthrough script for hardening a new AWS account — IAM user/group/policy creation, billing alarms, CloudTrail setup, SSO configuration, and MFA enabling.
Steps covered:
| Step | What happens |
|---|---|
| 1 | Credential setup (reuse existing or enter new via Get-AWSCredential/Set-AWSCredential) |
| 2 | Root account MFA — manual only, flagged as a reminder |
| 3 | IAM user + group + policy creation |
| 4 | Billing budget ($50/month default) + SNS alert actions at 80% and 100% |
| 5–7 | VPC, security group, EC2 — deferred to Terraform, the script prints a reminder |
| 8 | Elastic IP allocation |
| 9 | S3 — deferred |
| 10 | CloudTrail setup |
| 11 | Admin IAM user creation + add to Administrators group |
| 12 | AWS SSO setup via AWSPowerShellSSO module |
| 13 | MFA enabling on admin account |
Parameters: None (fully interactive — prompts for all values).
Requirements: AWSPowerShell or AWS.Tools modules installed. Some steps use module-specific cmdlets.
Usage:
.\Scripts\AWS\New-AwsAccount.ps1WARNING: DO NOT run this script end-to-end. It contains non-existent cmdlets (e.g.
Attach-IAMPolicyToGroup,Enable-IAMMFA,Test-IAMMFA) that will error at runtime. Use it as a checklist/reference and run each step manually. See Known Limitations below.
Known limitations and caveats:
This script is a guided checklist, not a fully automated deployment. Several cmdlets it references may not exist or may have different names depending on your AWS.Tools version:
-
Attach-IAMPolicyToGroup— does not exist. The real cmdlet isRegister-IAMGroupPolicy. -
Enable-IAMMFA— does not exist in standardAWS.Tools.IdentityManagement. MFA device association requires multiple steps via the AWS Console orNew-IAMVirtualMFADevice+Enable-IAMMFADevice. -
Test-IAMMFA— does not exist in any published AWS.Tools module. -
AWSPowerShellSSO— this module does not exist in the PowerShell Gallery as a standalone module (SSO is handled viaAWS.Tools.SSOAdminand related modules).Initialize-AWSSSOis not a standard cmdlet. -
New-BudgetAction— the Budgets API cmdlet naming may differ depending on module version; verify against your installedAWS.Tools.Budgets.
Recommendation: Use this script as a checklist and reference for the steps involved. Run each step manually or via the AWS Console, using the script as a guide. Do not run it end-to-end without first verifying each cmdlet against your installed module versions (Get-Command <cmdlet>).
Policy document requirement: Step 3 prompts for a path to a JSON policy document. You must create this file before running the script. Example minimal read-only policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket"],
"Resource": "*"
}
]
}