I was following the AWS documentation example for envelope encryption in which there is a command for PowerShell. The command doesn't work on my PC so I need someone to help me figure out why. Below is the link to the documentation;
https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/crypto-cli-examples.html
Below is the error I get when I follow the instructions in the documentations;
PS C:> $CmkArn = arn:aws:kms:us-west-1:404148889442:key/c6b58e8e-f890-4d97-a417-f5bba5e6af89
arn:aws:kms:us-west-1:404148889442:key/c6b58e8e-f890-4d97-a417-f5bba5e6af89 : The term
'arn:aws:kms:us-west-1:404148889442:key/c6b58e8e-f890-4d97-a417-f5bba5e6af89' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:11
$CmkArn = arn:aws:kms:us-west-1:404148889442:key/c6b58e8e-f890-4d97-a ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : ObjectNotFound: (arn:aws:kms:us-...17-f5bba5e6af89:String) [], CommandNotFoundException
FullyQualifiedErrorId : CommandNotFoundException
The syntax in their example is wrong, this is how it should be written:
# To run this example, replace the fictitious key ARN with a valid value.
PS C:\> $CmkArn = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
PS C:\> aws-encryption-cli --encrypt `
--input Hello.txt `
--master-keys key=$CmkArn `
--metadata-output $home\Metadata.txt `
--encryption-context purpose=test `
--output .
The fictitious ARN needs quotes around it.
Related
I've installed the gcloud CLI according to https://cloud.google.com/sdk/docs/install.
When using cloud shell on browser, I could simply paste a script and it would work. But it won't do the same when using cloud CLI on Powershell.
Script:
# List Projects accessible to these credentials
PROJECTS=$( `
gcloud projects list `
--format="value(projectId)")
# Iterate over each Project
for PROJECT in ${PROJECTS}
do
echo "Project: ${PROJECT}"
# Check Compute Engine service
ENABLED="$( `
gcloud services list `
--project=${PROJECT} `
--filter=config.name=compute.googleapis.com `
--format='value(state)')"
# Is it enabled?
if [ "${ENABLED}" = "ENABLED" ]
then
# Enumerate Disks that have `users` and output `name`
gcloud compute disks list `
--project=${PROJECT} `
--filter="-users:*" `
--format="csv(name,sizeGb,zone,status,type,lastAttachTimestamp,lastDetachTimestamp)"
fi
done
Result on browser cloud shell: successfully iterated through projects and listed disks in that project.
Result on Powershell:
PS C:\WINDOWS\System32> C:\Users\minh.tran\Documents\Get Disk.ps1
At C:\Users\minh.tran\Documents\Get Disk.ps1:7 char:4
+ for PROJECT in ${PROJECTS}
+ ~
Missing opening '(' after keyword 'for'.
At C:\Users\minh.tran\Documents\Get Disk.ps1:8 char:3
+ do
+ ~
Missing statement body in do loop.
At C:\Users\minh.tran\Documents\Get Disk.ps1:17 char:5
+ if [ "${ENABLED}" = "ENABLED" ]
+ ~
Missing '(' after 'if' in if statement.
At C:\Users\minh.tran\Documents\Get Disk.ps1:17 char:7
+ if [ "${ENABLED}" = "ENABLED" ]
+ ~
Missing type name after '['.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingOpenParenthesisAfterKeyword
PS C:\WINDOWS\System32>
The comment from #John Hanley is the correct answer. I tried to use a Linux shell script as a PowerShell script on a Windows machine.
The simplest solution for my case is to convert the shell script to a PowerShell script and run the converted script from PowerShell.
Converted script can be found here: GCP | disks.list method returning error when ran as part of a script . Despite working, it is still throwing some errors.
I am following the instructions in here to install the Ops agent on my local Windows machine.
These are the steps that I follow in PowerShell (as admin):
(New-Object Net.WebClient).DownloadFile("https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.ps1", "${env:UserProfile}\add-google-cloud-ops-agent-repo.ps1") Invoke-Expression "${env:UserProfile}\add-google-cloud-ops-agent-repo.ps1 -AlsoInstall"
As soon as I execute this, the output is:
googet : The term 'googet' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\bot_runner_01\add-google-cloud-ops-agent-repo.ps1:171 char:10
+ if (! (googet listrepos | Select-String -quiet "https://packages.cl ...
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (googet:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
googet : The term 'googet' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\bot_runner_01\add-google-cloud-ops-agent-repo.ps1:198 char:24
+ if (! $Version -and (googet listrepos | Select-String -quiet "https ...
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (googet:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
googet : The term 'googet' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\bot_runner_01\add-google-cloud-ops-agent-repo.ps1:205 char:10
+ if (! (googet installed google-cloud-ops-agent 2>&1 | Select-String ...
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (googet:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
No changes made.
How can I fix this? thank you
I had the same issue, found that running the 'Installing the guest environment' scripts in the page below worked for me:
https://cloud.google.com/compute/docs/images/install-guest-environment?authuser=0#installing_guest_environment
In AWS SSM, I use RunRemoteScript document to run a PowerShell script to install some software on SSM managed instances. The script is hosted in a public accessible S3 bucket.
The RunCommand works fine with the script not taking any parameters. Software was successfully deployed to managed instances. But my script has a unique CID embedded in the code. For security reasons, I need to take it out and set it as a parameter for the PS script. Ever since then, the RunCommand just keeps failing.
My script looks like below (with parameter CID):
param (
[Parameter(Position = 0, Mandatory = 1)]
[string]$CID
)
Start-Transcript -Path "$([System.Environment]::GetEnvironmentVariable('TEMP','Machine'))\app_install.log" -Append
function Install-App {
<#
Installs App
#>
[CmdletBinding()]
[OutputType([PSCustomObject])]
param (
[Parameter(Position = 0, Mandatory = 1)]
[string]$msiURL,
[Parameter(Position = 2, Mandatory = 1)]
[string]$InstallCheck,
[Parameter(Position = 3, Mandatory = 1)]
[string]$CustomerID
)
if ( -not(Test-Path $installCheck)) {
# Do stuff
...
}
else {
Write-Host ("$installCheck - Already Installed")
Return "Already Installed, Skipped $(($msiURL -split '([^\\/]+$)')[1])"
}
}
Install-App -msiURL "https://s3.amazonaws.com/app.foo.com/Windows/app.exe" -InstallCheck "C:\Program Files\App\app.exe" -CustomerID $CID
Stop-Transcript
By following AWS SSM documentation below, I run the command below to kick off the RunCommand.
https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-remote-scripts.html
aws ssm send-command --document-name "AWS-RunRemoteScript" --targets "Key=instanceids,Values=mi-abc12345"
--parameters '{"sourceType":["S3"],"sourceInfo":["{\"path\": "https://s3.amazonaws.com/app.foo.com/Windows/app_install.ps1\"}"],"commandLine":["app_install.ps1 abcd123456"]}'
The RunCommand keeps failing with error below:
----------ERROR-------
app_install.ps1 : The term 'app_install.ps1' is not recognized
as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\ProgramData\Amazon\SSM\InstanceData\mi-abcd1234\document\orchest
ration\a6811111d-c411-411-a222-bad123456\runPowerShellScript\_script.ps1:4
char:2
+ app_install.ps1 abcd123456
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (app_install.ps1:String)
[], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
failed to run commands: exit status 255
I suspect this is to do with the way how RunCommand handles the argument for the PowerShell script. But I cannnot find any examples other than the official document, which I followed. Anyone can point out what the issue is here?
BTW, I already tried putting the ps1 after ".\" without luck.
I found out the cause of the issue. The IAM role attached to the instance did not have sufficient rights to access the S3 bucket holds the script. As a result SSM wasn't able to download the script to the instance, hence the error "...ps1 is not recognized".
So it's not related to the code actually.
I wrote a Powershell script that gets a filtered list of cognito-idp identities using AWS CLI. However, I wanted to make this a lambda script and realized that I could not use AWS CLI and instead needed to use the AWS for Powershell Core module.
When I use the AWS CLI command
aws cognito-idp list-users --user-pool-id $user_pool_id --filter 'email=\"foo#bar.com\"'
I get the expected result.
When I use the equivalent cmdlet from the module
Get-CGIPUserList -UserPoolId $user_pool_id -Region $region -Filter 'email=\"foo#bar.com\"'
I get a filter parsing error
Get-CGIPUserList : One or more errors occurred. (Error while parsing filter.)
At line:1 char:9
+ Get-CGIPUserList -UserPoolId "****" -Region "u ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Amazon.PowerShe...PUserListCmdlet:GetCGIPUserListCmdlet) [Get-CGIPUserList], InvalidOperationException
+ FullyQualifiedErrorId : System.AggregateException,Amazon.PowerShell.Cmdlets.CGIP.GetCGIPUserListCmdlet
According to the module reference here:
https://docs.aws.amazon.com/powershell/latest/reference/items/Get-CGIPUserList.html the syntax for the filter parameter should be the same. What am I doing wrong?
The powershell module is failing to parse your filter string 'email=\"foo#bar.com\"' because of the escaped double quotations.
Simply remove them and you should get past this error, as the single quote ' in powershell expresses content as string literal:
'email="foo#bar.com"'
You could also wrap your filter string in double quotes ". You would generally only need to do this if your string contained a powershell variable that you would like to interpolate. You would need to replace the \ escape character in this case with powershell's escape character ` like so:
"email=`"foo#bar.com`""
Working through adding some cfn-init to request data from an S3 bucket.
I believe I've got a syntax problem with the cfn-init.exe call from powershell but cannot seem to find where. This structure was taken from the Bootstrapping AWS CloudFormation Windows Stacks AWS Example. I've also tried adapting from the bash structure from AWS cfn-init documentation with no success.
"UserData": {"Fn::Base64": {"Fn::Join": ["\n", [
"<powershell>",
...
"cfn-init.exe -v -s", { "Ref" : "AWS::StackName" },
" -r EC2Instance",
"</powershell>"
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config": {
"files" : {
"C:\\chef\\validator.pem" : {
"source" : "https://s3.amazonaws.com/dtcfstorage/validator.pem",
"authentication" : "s3creds"
}
}
},
"AWS::CloudFormation::Authentication" : {
"s3creds" : {
"type" : "S3",
"roleName" : "awss3chefkeyaccess"
}
}
}
}
The cfn-init.exe is being run but errors out as the arguments are passing to new lines:
2018/05/21 15:35:08Z: Message: The errors from user scripts: Usage: cfn-init.exe [options]
or: cfn-init.exe [options]
or: cat | cfn-init.exe [options] -
cfn-init.exe: error: -s option requires an argument
cloudinittest : The term 'cloudinittest' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Windows\TEMP\UserScript.ps1:30 char:1
+ cloudinittest
+ ~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (cloudinittest:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
-r : The term '-r' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Windows\TEMP\UserScript.ps1:31 char:2
+ -r EC2Instance
+ ~~
+ CategoryInfo : ObjectNotFound: (-r:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
It's because you have joined using \n at the top. Every arg to the join function will separate by a newline event if you type some on the same line!
Therefore, your command cfn-init has been interpreted as:
cfn-init.exe -v -s
stack-name
-r EC2Instance
...
Since the line is broken, the command doesn't get run properly.
As such, you can join by a space character. You can try replacing the above by this:
{"Fn::Join": [" ", ["cfn-init.exe -v -s", {"Ref":"AWS::StackName"},
"-r EC2Instance"]}