AWS_Tools_AddOns

Get-DiskMappings

LIst disk mappings on an EC2 Instance.

List the disk mappings on an EC2 instance to reference the volume ID with the Windows volume and drive letter.
This function is only supported on EC2 Windows instance.

Syntax 

Get-DiskMappings [<CommonParameters>]

Outputs

The output type is the type of the objects that the cmdlet emits.

  • An array of disk objects.

Get-EC2InstanceList

Returns a list of EC2 Instances

Returns a list of EC2 Instances with relevant properties.

Syntax 

Get-EC2InstanceList [[-Name] <String>] [[-InstanceId] <String>] [[-Filter] <String>] [[-ProfileName] <String>] [-HideProgress] [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-Name String Returns a single instance with this name (The value of the Tag: Name) false false
-InstanceId String Returns a single instance with this instance Id/ false false
-Filter String Returns instances that match the filter. The filter is a string in the format "Property=Value;Property=Value"
Values can be multiple values separated by commas. These are a logical OR comparison.
Multiple filters are a logical AND comparison.
To filter on a tag use "tag:TagName=TagValue".
For a list of valid filter properties see the -Filter parameter of the Get-EC2Instance command in the AWS.Tools.EC2 documentation.
https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html		 false false
-ProfileName String The saved EC2 profile to used to retrieve the data. false false
-HideProgress SwitchParameter false false False

Outputs

The output type is the type of the objects that the cmdlet emits.

  • A collection of custom EC2 Instance objects with the following properties. 
    Name                       : AWSWORKATOPROD2
InstanceId                 : i-08001da8c43088586
InstanceState              : running
InstanceType               : t3a.xlarge
ImageId                    : ami-0a0ebee827a585d06
AvailabilityZone           : us-east-1b
SecurityGroup              : Any-Any_Internal_IP-ICMP
KeyName                    : PRODUCTION-KEY
PrivateIpAddress           : 10.7.52.212
PrivateDnsName             : ip-10-7-52-212.ec2.internal
PublicIPAddress            : 
PublicDNSName              : 
SubnetId                   : subnet-d2b9f98f
Subnet                     : PRIVATE-1b
LaunchTime                 : 2/10/2025 3:55:58 PM
Platform                   : Windows
Instance                   : Amazon.EC2.Model.Instance
ProcessorMgr               : AMD
ProcessorArchitecture      : {x86_64}
ProcessorCPUs              : 4
ProcessorCores             : 2
ProcessorClockSpeed        : 2.2
InstanceStorageSupported   : True
InstanceStorageNvmeSupport : required
InstanceStorageEncryption  : required
InstanceStorageSize        : 237
InstanceStorageType        : ssd
Memory                     : 16
Tags                       : {Environment, Landscape, Class, backupAction…}
EnaSupported               : required
NetworkPerformance         : Up to 5 Gigabit
AccountId                  : 268928949034

Examples

EXAMPLE 1 
Get-EC2InstanceList -Name "MyInstance"
Returns a single instance with the name "MyInstance"
EXAMPLE 2 
Get-EC2InstanceList -Filter "tag:Name=MyInstance;tag:Environment=Production"
Returns instances with the tag Name=MyInstance and Environment=Production
EXAMPLE 3 
Get-EC2InstanceList -Filter "private-ip-address=10.7.48.*"
Returns instances with a private IP address that starts with 10.7.48
EXAMPLE 4 
Get-EC2InstanceList -Filter "instance.group-name=MYSecurityGroup"
Returns instances that are in the security group MYSecurityGroup.
EXAMPLE 5 
Get-EC2InstanceList -Filter "instance-state-name=running;tag:Environment=Production"
Returns instances that are running and have the tag Environment=Production
EXAMPLE 6 
Get-EC2InstanceList -InstanceId "i-1234567890abcdef0"
Returns a single instance with the instance Id "i-1234567890abcdef0"
EXAMPLE 7 
Get-EC2InstanceList
Returns all instances.

Top of page

Get-IAMGroupPermissions

Returns the permissions assigned to this group.

Returns an object containing the permissions and policies assigned to a group.

Syntax 

Get-IAMGroupPermissions [-GroupName] <String> [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-GroupName String The name of the group. true true (ByPropertyName)

Outputs

The output type is the type of the objects that the cmdlet emits.

  • An object with the following properties.

Note

The Group Object contains the following properties.

Name Type
--------------- -------------
Arn String
GroupName String
GroupId String
CreateData DateTime
Policies Collection

The Policies property contains a collection of Policy objects with the following properties.

Name Type
--------------- ----------------------
PolicyName String
Arn String (Applicable for managed policies only)
PolicyDocument PsObject
PolicyType String (either 'inline', 'AWSManaged', or 'Customer Managed')

The PolicyDocument (and the role AssumedRolePolicyDocument) have the following properties

Name Type
------------------- -------------------
Version String
Statement PsObject(s) May be a single object or an array.

The Statement Object has the following Properties

Name Type
-------------------- -------------------
Sid String
Effect String (either Allow or Deny)
Actions Array of String objects
Resource String

Get-IAMRolePermissions

Returns the permissions assigned to a role.

Returns an object containing the permissions and policies assigned to a role.

Syntax 

Get-IAMRolePermissions [-RoleName] <String> [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-RoleName String The name of the role. true true (ByPropertyName)

Outputs

The output type is the type of the objects that the cmdlet emits.

  • A role permissions object.

Note

The Role permissions object has the following properties.

Name Type
--------------------------- ----------------
Arn String
RoleName String
RoleId String
CreateDate DateTime
MaxSessionDuration Integer
AssumeRolePolicyDocument PsObject
Policies Collection of Policies assigned to the role.

The Policy objects in the Policies collection have the following properties.

Name Type
------------------- -------------------
PolicyName String
Arn String (Applicable for managed policies only)
PolicyDocument PsObject
PolicyType String (either 'inline', 'AWSManaged', or 'Customer Managed')

The PolicyDocument (and the role AssumedRolePolicyDocument) have the following properties

Name Type
------------------- -------------------
Version String
Statement PsObject(s) May be a single object or an array.

The Statement Object has the following Properties

Name Type
-------------------- -------------------
Sid String
Effect String (either Allow or Deny)
Actions Array of String objects
Resource String

Get-IAMUserPermissions

Returns permissions assigned to a user.

Returns an object containing user information and the permissions and policies assigned to a user.
Also contains a collection of group objects the User is a member of (See Get-IAMGroupPermissions).

Syntax 

Get-IAMUserPermissions [-Username] <String> [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-Username String The Name of the user. true true (ByPropertyName)

Outputs

The output type is the type of the objects that the cmdlet emits.

  • An object containing user information and policies assigned to the user.

Note

The User Object contains the following properties.

Name Type
------------------- ----------------------
Arn String
Username String
UserId String
CreateDate DateTime
PasswordLastUsed DateTime
Policies Collection of Policies assigned to the group.
Groups Groups the user is a member of (Group Objects, see Get-IAMGroupPermissions)

The Policy objects in the Policies collection have the following properties.

Name Type
------------------- ---------------------
PolicyName String
Arn String (Applicable for managed policies only)
PolicyDocument PsObject
PolicyType String (either 'inline', 'AWSManaged', or 'Customer Managed')

The PolicyDocument (and the role AssumedRolePolicyDocument) have the following properties

Name Type
------------------- -------------------
Version String
Statement PsObject(s) May be a single object or an array.

The Statement Object has the following Properties

Name Type
-------------------- -------------------
Sid String
Effect String (either Allow or Deny)
Actions Array of String objects
Resource String

Get-S3Folder

List S3 Folders

This function emulates working with folders "Common prefixes" in S3. It will list the files and top level prefixes for a given bucket and prefix.

Syntax 

Get-S3Folder [-BucketName] <String> [[-Prefix] <String>] [-Files] [-Folders] [[-MaxServiceCallHistory] <Int32>] [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-BucketName String The name of the bucket true false
-Prefix String The prefix to list. false false
-Files SwitchParameter Only return the files in the top level prefix. false false False
-Folders SwitchParameter Only return the folders in the top level prefix false false False
-MaxServiceCallHistory Int32 To get the common prefixes we call the $AWSHistory.LastCommand. By default that only returns the last 10 commands.
So we set this to 50 as our default. This is usually fine for most uses unless you have a prefix with lot of sub-prefixes and files.		 false false 50

Outputs

The output type is the type of the objects that the cmdlet emits.

  • An array of prefixes and/or files.

Get-S3RestoreProgress

Display the progress of a Glacier Restore.

Syntax 

Get-S3RestoreProgress -BucketName <String> [-Prefix <String>] [<CommonParameters>]

Get-S3RestoreProgress -BucketName <String> [-Key <String>] [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-BucketName String The bucket name. true false
-Prefix String The prefix to check the restore progress. Required if Key is omitted. false false
-Key String The full key of an object to check. Required if Prefix is omitted. false false

Outputs

The output type is the type of the objects that the cmdlet emits.

  • An array of AWS S3 Metadata objects. Check the RestoreInProgress property. A value of false indicates the restore has completed.

Restore-S3Folder

Restore an S3 folder, i.e. "common prefix", from Glacier.

AWS Powershell Tools for S3 only has the ability to restore a single s3 object from glacier.
This function allows you to restore all object with a common prefix.

Syntax 

Restore-S3Folder [-BucketName] <String> [-Prefix] <String> [-CopyLifetime] <Int32> [-Tier] <String> [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-BucketName String The bucket name. true false
-Prefix String The Prefix to restore. true false
-CopyLifetime Int32 The Number of days to keep the restored objects before returning them to glacier. true false 0
-Tier String The storage tier to restore the objects to. Valid entries are Standard, Expedited, Bulk true false

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Response indicating success or failure.

Set-SecretVault

Creates a Secrets vault and sets the option configuration parameters.
Note: If you plan to use this vault for automation purposes you must set Authentication and Interaction to 'None'.

Syntax 

Set-SecretVault [-VaultName] <String> [[-Authentication] <String>] [[-Interaction] <String>] [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-VaultName String The Name of the vault. true false
-Authentication String The type of Authentication, Either 'Password' or 'None' false false
-Interaction String Allow or suppress user interaction. Either 'Prompt' or 'None'. If set to none and the vault requires a password an error will occur. false false

Note

The powershell module SecretStore which this module uses does not support vaults outside the user scope. Therefor creating multiple vaults is redundant.
SecretStore will just save secrets in all vaults. This is by design from Microsoft. It may change in the future.
If you are using this vault for secure AWS Access keys you CANNOT set authentication to password. The credential_process functionality of the
AWS credential process will hang waiting on the prompt and will not accept input from the console. You must set authentication and Interaction to 'none'.

Set-SecureAWSCredentials

Creates a secure entry in the aws credentials file.

Creates a secure entry in the AWS Credentials file. The AWS Keys are stored in a Secret vault created by Set-SecretVault.
This credential entry uses a credential process. This process calls a script based on the Operating System.
For Windows: credential_process.cmd
For Linux/Mac: credential_process.sh
Copy the appropriate file into a directory that is in the path.
For Linux the best place is ~/.local/bin
For Windows any directory that is in the path. For optimal security create a folder under the user profile and add that path to the User section of the Path Environment variable configuration.

Syntax 

Set-SecureAWSCredentials [-ProfileName] <String> [[-AccessKeyId] <String>] [-SecretAccessKey] <String> [[-SessionToken] <String>] [-Region] <String> [[-Expiration] <DateTime>] [[-VaultName] <String>] [<CommonParameters>]

Parameters

Name Alias Type Description Required? Pipeline Input Default Value
-ProfileName String The name of the profile. To set a default profile you must name the profile default. true false
-AccessKeyId String The AWS Access Key ID. false false
-SecretAccessKey String The AWS Secret Access key. true false
-SessionToken String A Session Token for this credential. false false
-Region String The AWS Region for this profile. true false
-Expiration DateTime An option expiration date, the stored secret will expire after this date/time. false false
-VaultName String An optional vault name. If omitted, the secret will be created in the default vault. false false