This is a script I wrote to update an AWS IAM policy using the AWS PowerShell toolkit. It is used in conjunction with AWS SES or Simple Email Service to allow easy editing of the list of email addresses that a particular IAM account is allowed to send from.
This particular script was designed to edit a permissions policy in AWS that allows an account to send email from a specified list of email addresses. The script asks the user which email address they want to add to the policy, inserts the email address in the .json file, formats the .json file, uploads the file to AWS and edits the policy and then sends an email to the user to inform them of the change.
#Json file preparation & adding new email address Add-Type -AssemblyName Microsoft.VisualBasic # Set file name $File = '\\Fileserver\aws$\LinuxDev_PolicyUpdate\NewPolicyVersion.json' $NewEmail = [Microsoft.VisualBasic.Interaction]::InputBox('Enter email address to add to AWS', 'Email address') $collate = foreach($Obj in $NewEmail) { $begin = ' "' $end = '",' $begin + $Obj + $end } # Process lines of text from file and assign result to $NewContent variable $NewContent = Get-Content -Path $File | ForEach-Object { # Output the existing line to pipeline in any case $_ # If line matches regex if($_ -match ('^' + [regex]::Escape(' "ses:FromAddress": ['))) { # Add output additional line $collate } } # Write content of $NewContent variable back to file $NewContent | Out-File -FilePath $File -Encoding Default -Force Start-Sleep -s 10 #AWS module - get credentials & region import-module awspowershell Set-AWSCredential -AccessKey 'enter accesskey' -SecretKey 'enter secretkey’ Set-DefaultAWSRegion -Region us-west-1 Start-Sleep -s 5 #Create policy version variable, sort to put oldest entry at the top and then selct it. $PolicyVersion = Get-IAMPolicyVersionList -PolicyArn arn:aws:iam::123456789183:policy/AmazonSes_policy | Sort-Object -Property VersionId -Descending:$false | Select-Object -First 1 | Select-Object -ExpandProperty VersionID #Remove oldest policy version Remove-IAMPolicyVersion -PolicyArn arn:aws:iam::123456789183:policy/AmazonSes_policy -VersionId $PolicyVersion -Force Start-Sleep -s 5 #Create new policy version importing from .json file New-IAMPolicyVersion -PolicyArn arn:aws:iam::123456789183:policy/AmazonSes_policy /AmazonSes_LinuxDev -PolicyDocument (Get-content -Raw \\Fileserver\aws$\LinuxDev_PolicyUpdate\NewPolicyVersion.json) -SetAsDefault $true Start-Sleep -s 5 #Send an email informing IT about the update to the policy $emailSmtpServer = "email-smtp.us-west-1.amazonaws.com" $emailSmtpServerPort = "587" $emailSmtpUser = "smtp username" $emailSmtpPass = "smtp password" $emailMessage = New-Object System.Net.Mail.MailMessage $emailMessage.From = "AWS SES <SESpolicyupdates@domain.com>" $emailMessage.To.Add( "user@hotmail.com" ) $emailMessage.Subject = "New email address added to policy" $emailMessage.IsBodyHtml = $true $emailMessage.Body = @" <p>Email address $NewEmail was added to the AmazonSes_policy policy.</p> "@ $SMTPClient = New-Object System.Net.Mail.SmtpClient( $emailSmtpServer , $emailSmtpServerPort ) $SMTPClient.EnableSsl = $true $SMTPClient.Credentials = New-Object System.Net.NetworkCredential( $emailSmtpUser , $emailSmtpPass ); $SMTPClient.Send( $emailMessage )
