Thursday 6 November 2014

Setting up powershell for Azure and AWS

Setting up AWS and Azure powershell modules to automatically load:


1. Add the modules to powershell:

Add:

Import-Module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1"
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Azure.psd1"

into the powershell profile.

2. Add AWS credentials - outlined here:
 http://docs.aws.amazon.com/powershell/latest/userguide/specifying-your-aws-credentials.html

I set the key. looks like we should come up with a process for changing this periodically and document it. process should be:

       1. Go into users - manage access keys
       2. Download the new secret key
       3. Run

Set-AWSCredentials -AccessKey myaccesskey -SecretKey mysecretkey -StoreAs default

replace myaccesskey and mysecretkey with the keys downloaded from IAM.

Also it might be a good idea to separate the roles. One role for deploying servers, but you cannot 'remote control' the server, and the 'remote control' user cant deploy. (separation of duties)


AWS Credentials added.

3. Add Azure credentials - outlined here:
http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/#Install

Run Add-AzureAccount - and it brings up an azure logon screen. Enter your credentials and then powershell is now holding your azure account information.

the Azure credentials is easier - but its using an AD account, and the scripts contain your password in free text (although you can set them to trasmit encrypted). might be worth doing the certificate method instead.

1. Run Get-AzurePublishSettingsFile
2. Run Import-AzurePublishSettingsFile
3. Delete the publishsettingsfile you had downloaded (recommended as a security precaution by microsoft)

Now - Get-Azure Account will confirm you're ready to go.



Credentials for connecting to both our private and public cloud are ready to go.

4. Add it into Powershell ISE profile as well (a different profile). PowershellISE though - Get-ExecutionPolicy is restricted of course - because its a security risk to run untrusted scripts. Set it to RemoteSigned (Set-ExecutionPolicy RemoteSigned)
(you dont need powershell ISE - i use it because its easier to script with)



Next step - Scripting deployments.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)