How to create IAM group and user in AWS using powershell? - amazon-web-services

1 I am using PowerShell and want to run following command New-IAMGroup -Path "/ps-created-groups/" -GroupName "powerUsers", but getting below error
New-IAMGroup : The term 'New-IAMGroup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
verify that the path is correct and try again.
At line:1 char:1
New-IAMGroup -Path "/ps-created-groups/" -GroupName "powerUsers"
+ CategoryInfo : ObjectNotFound: (New-IAMGroup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
How can this be resolved? I am new to Powershell.Your help much appreciated

The powershell cli for AWS does not install service specific cmdlets. You need to install them yourself.
See AWS documentation for this - https://docs.aws.amazon.com/powershell/latest/userguide/pstools-getting-set-up-windows.html
For IAM this will help you install the right cmdlets.
Install-AWSToolsModule AWS.Tools.IdentityManagement -Scope AllUsers
And then try to run your commands.
P.S. change the scope from AllUsers to CurrentUser as needed.

Related

How to download aws cli and use in the same powershell script

I have the following powershell script that runs via packer utility while creating aws ami image.
This script downloads and installs aws cli and then immediately try to use it. The installation process will update windows PATH environment variable but I think it will not be available immediately in the same script. So I set the location to where cli is installed before using it.
$SETUP_DIR = "C:\Setup"
New-Item -Path $SETUP_DIR -ItemType Directory -Force -ErrorAction SilentlyContinue
Clear-Host
Set-Location -Path $SETUP_DIR -PassThru
# install AWS CLI
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi /quiet
Write-Host "AWS CLI installation completed."
# Set location to AWS CLI
Set-Location -Path "C:\Program Files\Amazon\AWSCLIV2" -PassThru
# Download utility from AWS S3
aws s3 cp s3://tools/utility.exe
Write-Host "Utility download completed."
# switch the location back to c:\setup
Set-Location -Path $SETUP_DIR -PassThru
However when the script executed, it throws error as The term 'aws' is not recognized
aws s3 cp s3://tools/utility.exe ...
==> amazon-ebs.windows_server: + ~~~
==> amazon-ebs.windows_server: + CategoryInfo : ObjectNotFound: (aws:String) [], CommandNotFoundException
==> amazon-ebs.windows_server: + FullyQualifiedErrorId : CommandNotFoundException
==> amazon-ebs.windows_server:
amazon-ebs.windows_server:
==> amazon-ebs.windows_server: aws : The term 'aws' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the
==> amazon-ebs.windows_server: spelling of the name, or if a path was included, verify that the path is correct and try again.
When you run aws s3 ... system is trying to locate aws in the system path it knows about. The fact that you change directory to the location of the aws binary does not do anything for you.
As you probably know, even when you are in the same directory as a binary, if you simply try to use it, it won't work if it is not in the path, and that's why you would use .\binary_name.exe That's a safety feature in PowerShell.
You could try updating the path as suggested in the commends by adding that location:
$env:path="$env:path;C:\Program Files\Amazon\AWSCLIV2"
or point to the binary directly. You could also create an alias like:
set-alias -name aws -value "c:\program files\Amazon\awscliv2\aws.cmd"
Then use aws and it should run the aws.cmd (check that folder to make sure you are calling the correct binary. It used to be aws.cmd for aws cli v1 but may have changed)

Error to write AWS configure in Visual Studio Code

When I write in Visual Studio Code AWS configure and press Enter, I get this error:
aws : The term 'aws' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
aws configure
What can I to solve this in Visual Studio Code?
CategoryInfo : ObjectNotFound: (aws:String) [], CommandNotFoundException
FullyQualifiedErrorId : CommandNotFoundException
Install the awscli
Then run the command:
aws configure

Errors using AWSPowerShell in PowerShell

I am trying to work through the instructions on getting started with AWS IOT here. I have installed the prerequisites:
Windows 10
Visual Studio 2017 with latest updates
Windows Subsystem for Linux
But I think the page leaves some important things out. To use PowerShell I have to have some kind of AWSPowerShell or AWS Tools installed. When I run '.\provision_thing.ps1' it does some of the things but fails at Register-IOTThing and Get-IOTEndpoint. The errors I get are:
Register-IOTThing : The 'Register-IOTThing' command was found in the
module 'AWS.Tools.IoT', but the module could not be loaded. For more
information, run 'Import-Module AWS.Tools.IoT'. At
C:\Users\erics\source\repos\iot-dotnet-publisher-consumer\Dotnetsamples\provision_thing.ps1:44
char:1
Register-IOTThing `
+ CategoryInfo : ObjectNotFound: (Register-IOTThing:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
Get-IOTEndpoint : The 'Get-IOTEndpoint' command was found in the
module 'AWS.Tools.IoT', but the module could not be loaded. For more
information, run 'Import-Module AWS.Tools.IoT'. At
C:\Users\erics\source\repos\iot-dotnet-publisher-consumer\Dotnetsamples\provision_thing.ps1:48
char:17
$EndpointName = Get-IOTEndpoint
CategoryInfo : ObjectNotFound: (Get-IOTEndpoint:String) [], CommandNotFoundException
FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
When I try to run 'Import-Module AWS.Tools.IoT' as the error suggests I get:
Import-Module : The specified module 'AWSPowerShell' was not loaded
because no valid module file was found in any module directory. At
C:\Users\erics\source\repos\iot-dotnet-publisher-consumer\Dotnetsamples\provision_thing.ps1:1
char:1
Import-Module AWSPowerShell
CategoryInfo : ResourceUnavailable: (AWSPowerShell:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
If I attempt to install AWSPowerShell using Install-Module -Name AWSPowerShell I get a quite impressive and long error truncated here:
PS
C:\Users\erics\source\repos\iot-dotnet-publisher-consumer\Dotnetsamples>
Install-Module -Name AWSPowerShell
Untrusted repository You are installing the modules from an untrusted
repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are
you sure you want to install the modules from 'PSGallery'? [Y] Yes
[A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default
is "N"): A PackageManagement\Install-Package : The following commands
are already available on this system:'Add-ALXBContactWithAdd
ressBook,Add-ASInstances,Add-CTTag,Add-DPTags,Add-DSIpRoutes,Add-ELBTags,Add-EMRTag,Add-ESTag,Add-MLTag,Begin-RDSDTrans action,Build-LMBV2BotLocale,Clear-AWSCredentials,Clear-AWSDefaults,Commit-RDSDTransaction,Confirm-EC2EndpointConnection
,Confirm-EC2ReservedInstancesExchangeQuote,Confirm-EC2TransitGatewayPeeringAttachment,Confirm-EC2TransitGatewayVpcAttac
hment,Confirm-EC2VpcPeeringConnection,Dismount-ASInstances,Edit-EC2Hosts,Edit-RSClusterIamRoles,Enable-ORGAllFeatures,F
ind-CTEvents,Get-AG2ApiLis,Get-ASACases,Get-ASAccountLimits,Get-ASACommunications,Get-ASAServices,Get-ASASeverityLevels
,Get-ASATrustedAdvisorCheckRefreshStatuses,Get-ASATrustedAdvisorChecks,Get-ASATrustedAdvisorCheckSummaries,Get-ASLifecy
cleHooks,Get-ASLifecycleHookTypes,Get-AWSCredentials,Get-BATJobsList,Get-CDApplications,Get-CDDeployments,Get-CFCloudFr
ontOriginAccessIdentities,Get-CFDistributions,Get-CFGConfigRules,Get-CFGConfigurationRecorders,Get-CFGDeliveryChannels,
How can I clean this up and get access to AWSPowerShell in PowerShell?

command "amplify configure" can not run due to amplify.ps1 security issue

I am using aws amplify and am trying to run the command "amplify configure" in my root directory but keep getting this error response
amplify : File C:\Users\munet\AppData\Roaming\npm\amplify.ps1 cannot be loaded. The file C:\Users\munet\AppData\Roaming\npm\amplify.ps1 is
not digitally signed. You cannot run this script on the current
system. For more information about running scripts and setting
execution policy, see about_Execution_Policies at
https:/go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:1
amplify configure
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
I tried unblocking the file in powershell but it still displays the same error. I even went to the file in my AppData folder, clicked properties and the check to mark unblock was not an option. I am wondering what else it could be that is preventing this file from being run. I am thinking I have to digitally sign the script but am unsure where to. Here is a link to where the solution may possibly be. I will upload the solution if I find. Thanks.
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1#remotesigned
The solution to this problem is rather simple. You're running this command in Powershell. Sometimes it can help to run powershell as an administrator but the best solution is just to run it in Command Prompt (cmd)
You can also bypass that security check by running this command:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Or just use:
set-ExecutionPolicy RemoteSigned -Scope CurrentUser
But not both as they will conflict between each other

Powershell can't remove file i just wrote

I wanted to install git on an AWS EC2 Windows Server. So i used an Invoke-WebRequest to download the portable git exe
Invoke-WebRequest -Uri https://github.com/git-for-windows/git/releases/download/v2.23.0.windows.1/PortableGit-2.23.0-64-bit.7z.exe -UseBasicParsing -OutFile git.exe
But the Download got stuck and i terminated the session. Now i want to remove git.exe but for some reason i'm not allowed to.
I tried removing the file with:
Remove-Item .\git.exe
But i got an error message telling me i'm not allowd to
Remove-Item : Cannot remove item C:\git.exe: Access to the path 'C:\git.exe' is denied.
At line:1 char:1
+ Remove-Item .\git.exe
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\git.exe:FileInfo) [Remove-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuthorizedAccess,Microsoft.PowerShell.Commands.RemoveItemCommand
I just found out that the Invoke-WebRequest was not properly terminated and the stuck process still kept the file on lock. after restarting the server i was able to delete the file. Thanks for the suggestions and comments.