AWS_Tools_AddOns.psm1


function Get-S3Folder () {
    Param(
        [Parameter(Mandatory = $true )]
        [String]$BucketName,
        [String]$Prefix,
        [switch]$Files,
        [switch]$Folders,
        [Int]$MaxServiceCallHistory=50
    )

    If ($MaxServiceCallHistory) {
        Set-AWSHistoryConfiguration -MaxServiceCallHistory $MaxServiceCallHistory
    }

    $result = [System.Collections.Generic.List[PSObject]]::New()

    $Prefix += ($Prefix.EndsWith("/")) ? "" : "/"
    $s3Files = Get-S3Object -BucketName $BucketName -Prefix $Prefix -Delimiter '/'
    $s3Folders = ($AWSHistory.LastCommand.Responses.History).CommonPrefixes
    if ($Files) {
        foreach ($s3File in $s3Files) {
            $result.add(
                [PSCustomObject]@{
                    Key = $S3File.Key
                }
            )
        }
    } elseif ($Folders) {
        foreach ($s3Folder in $s3Folders) {
            $result.Add(
                [PSCustomObject]@{
                    Key = $S3Folder
                }
            )
        }
    } else {
        foreach ($s3File in $s3Files) {
            $result.add(
                [PSCustomObject]@{
                    Key = $S3File.Key
                }                
            )
        }
        foreach ($s3Folder in $s3Folders) {
            $result.Add(
                [PSCustomObject]@{
                    Key = $S3Folder
                }
            )
        }
    }
    return $result.ToArray() | Sort-Object -Property Key
    <#
    .SYNOPSIS
    List S3 Folders
    .DESCRIPTION
    This function emulates working with folders "Common prefixes" in S3. It will list the files and top level prefixes for a given bucket and prefix.
    .PARAMETER BucketName
    The name of the bucket
    .PARAMETER Prefix
    The prefix to list.
    .PARAMETER Files
    Only return the files in the top level prefix.
    .PARAMETER Folders
    Only return the folders in the top level prefix
    .PARAMETER MaxServiceCallHistory
    To get the common prefixes we call the $AWSHistory.LastCommand. By default that only returns the last 10 commands.
    So we set this to 50 as our default. This is usually fine for most uses unless you have a prefix with lot of sub-prefixes and files.
    .OUTPUTS
    An array of prefixes and/or files.
    #>

}

function Restore-S3Folder () {
    Param(
        [Parameter(Mandatory)]
        [string]$BucketName,
        [Parameter(Mandatory)]
        [string]$Prefix,
        [Parameter(Mandatory)]
        [int]$CopyLifetime,
        [Parameter(Mandatory)]
        [ValidateSet("Standard", "Expedited","Bulk")]
        [string]$Tier
    )
    #Validate the bucket exists
    $Bucket = Get-S3Bucket -BucketName $BucketName
    If (-not $Bucket) {
        Write-Host "Bucket not found!" -ForegroundColor Red
        exit
    }
    $Prefix += ($Prefix.EndsWith("/")) ? "" : "/"

    $s3Keys = Get-S3Object -BucketName $BucketName -Prefix $Prefix
    if ($s3Keys) {
        foreach ($S3Key in $s3Keys) {
            $msg = "Restoring object {0} to {1} for {2} days" -f $s3Key.Key, $Tier, $CopyLifetime
            Write-Host $msg -ForegroundColor Yellow
            $S3Key | Restore-S3Object -CopyLifetimeInDays $CopyLifetime -Tier $Tier -ErrorAction SilentlyContinue | Out-Null
        }
    }
    <#
    .SYNOPSIS
    Restore an S3 folder, i.e. "common prefix", from Glacier.
    .DESCRIPTION
    AWS Powershell Tools for S3 only has the ability to restore a single s3 object from glacier.
    This function allows you to restore all object with a common prefix.
    .PARAMETER BucketName
    The bucket name.
    .PARAMETER Prefix
    The Prefix to restore.
    .PARAMETER CopyLifetime
    The Number of days to keep the restored objects before returning them to glacier.
    .PARAMETER Tier
    The storage tier to restore the objects to. Valid entries are Standard, Expedited, Bulk
    .OUTPUTS
    Response indicating success or failure.
    #>

} 

Function Get-S3RestoreProgress() {
    Param(
        [Parameter(Mandatory)]
        [String]$BucketName,
        [Parameter(ParameterSetName='prefix')]
        [string]$Prefix,
        [Parameter(ParameterSetName='key')]
        [string]$Key
    )
    #validate bucket name
    $Bucket = Get-S3Bucket -BucketName $BucketName
    If (-not $Bucket) {
        Throw "Bucket not found"
    }
    if ($Key) {
        Get-S3ObjectMetadata -BucketName $BucketName -Key $key | Select-Object @{Name="Key";Expression={$Key}},RestoreInProgress, RestoreExpiration
    } else {
        $Prefix += ($Prefix.EndsWith("/")) ? "" : "/"

        $s3Keys = Get-S3Object -BucketName $BucketName -Prefix $Prefix

        
        $S3Keys |Foreach-Object {
            # Remove any by-directional unicode characters the stupid users may have entered into the file path & name
            $_.Key = $_.Key -cReplace '\P{IsBasicLatin}'
            $MetaData = $_ | Get-S3ObjectMetadata             
            $Progress = [PSCustomObject]@{
                Key = $_.Key
                RestoreInProgress = $MetaData.RestoreInProgress
                RestoreExpiration = $MetaData.RestoreExpiration
            }
            Write-Output $Progress
        } 

    }
    
    <#
    .SYNOPSIS
    Display the progress of a Glacier Restore.
    .PARAMETER BucketName
    The bucket name.
    .PARAMETER Prefix
    The prefix to check the restore progress. Required if Key is omitted.
    .PARAMETER Key
    The full key of an object to check. Required if Prefix is omitted.
    .OUTPUTS
    An array of AWS S3 Metadata objects. Check the RestoreInProgress property. A value of false indicates the restore has completed.
    #>

}

function Get-IAMGroupPermissions() {
    Param(
        [Parameter(
            Mandatory,
            ValueFromPipelineByPropertyName
        )]
        [string]$GroupName
    )

    $IamGroup = (Get-IAMGroup -GroupName $GroupName).Group 


    $Group = [PsCustomObject]@{
        Arn = $IamGroup.Arn
        GroupName = $IamGroup.GroupName
        GroupId = $IamGroup.GroupId
        CreateDate = $IamGroup.CreateDate
        Policies = [List[PsObject]]::New()
    }
    
    # Get any inline policies

    $GroupInlinePolicies = Get-IAMGroupPolicyList -GroupName $GroupName
    if ($GroupInlinePolicies) {            
        foreach ($GroupInlinePolicy in $GroupInLinePolicies) {
            $iamPolicy = Get-IAMGroupPolicy -PolicyName $GroupInlinePolicy -GroupName $GroupName
            $PolicyDocument = [HttpUtility]::UrlDecode($IamPolicy.PolicyDocument)

            $Policy = [PsCustomObject]@{
                PolicyName = $IamPolicy.PolicyName
                Arn = "N/A"
                PolicyDocument = $PolicyDocument
                PolicyType = 'Inline'
            }
            $Group.Policies.Add($Policy)
        }
    }

    # Get any Group Attached Policies.
    $GroupAttachedPolicies = Get-IAMAttachedGroupPolicyList -GroupName $GroupName
    if ($GroupAttachedPolicies) {
        foreach($GroupAttachedPolicy in $GroupAttachedPolicies) {
            $IamPolicy = Get-IamPolicy -PolicyArn $GroupAttachedPolicy.PolicyArn
            if ($IamPolicy.arn -like "*aws:policy*") {
                $PolicyTYpe = 'AWS Managed'
            } else {
                $PolicyType = 'Customer Managed'
            }
            # Get the default version Id
            $VersionId = (Get-IAMPolicyVersions -PolicyArn $IamPolicy.Arn | Where-Object {$_.IsDefaultVersion -eq $True}).VersionId
            $PolicyDocument = [HttpUtility]::UrlDecode((Get-IAMPolicyVersion -PolicyArn $IamPolicy.Arn -VersionId $VersionId).Document)
            $Policy = [PsCustomObject]@{
                PolicyName = $IamPolicy.Name
                Arn = $IamPolicy.Arn
                PolicyDocument = $PolicyDocument.ToString()
                PolicyType = $PolicyType
            }
            $Group.Policies.Add($Policy)
        }
    }

    return $Group

    <#
    .SYNOPSIS
    Returns the permissions assigned to this group.
    .DESCRIPTION
    Returns an object containing the permissions and policies assigned to a group.
    .PARAMETER GroupName
    The name of the group.
    .OUTPUTS
    An object with the following properties.
    .NOTES
    The Group Object contains the following properties.

    Name Type
    --------------- -------------
    Arn String
    GroupName String
    GroupId String
    CreateData DateTime
    Policies Collection

    The Policies property contains a collection of Policy objects with the following properties.

    Name Type
    --------------- ----------------------
    PolicyName String
    Arn String (Applicable for managed policies only)
    PolicyDocument JSON
    PolicyType String (either 'inline', 'AWSManaged', or 'Customer Managed')
    #>

}

function Get-IAMUserPermissions() {
    [CmdletBinding()]
    Param(
        [Parameter(
            Mandatory,
            ValueFromPipelineByPropertyName
        )]
        [string]$Username
    )

    # Get the IAM User
    $IamUser = Get-IAMUser -UserName $Username

    # Create a PSObject for the User Permissions
    $UserPermissions = [psCustomObject]@{
        Arn = $IamUser.Arn
        CreateDate = $IamUser.CreateDate
        PasswordLastUsed = $IamUser.PasswordLastUsed
        UserId = $IamUser.UserId
        UserName = $IamUser.UserName
        Policies = [List[PsObject]]::New()
        Groups = [List[PsObject]]::New()
    }

    #Get any inline policies assigned to the user.
    $UserInlinePolicies = Get-IamUserPolicyList -UserName $IamUser.Username
    foreach ($UserInlinePolicy in $UserInlinePolicies) {
        $UserPolicy = Get-IAMUserPolicy -PolicyName $UserInlinePolicies.PolicyName -UserName $IamUser.UserName
        $PolicyDocument = [HttpUtility]::UrlDecode($UserPolicy.PolicyDocument)
        $Policy = [PsCustomObject]@{
                PolicyName = $IamPolicy.Name
                Arn = "N/A"
                PolicyDocument = $PolicyDocument
                PolicyType = 'Inline'
            }
        $UserPermissions.InlinePolicies.Add($Policy)
    }

    # Get an attached pPolicies for this user.
    $UserAttachedPolicies = Get-IAMAttachedUserPolicies -UserName $Username
    foreach ($UserAttachedPolicy in $UserAttachedPolicies) {
        $IamPolicy = Get-IAMPolicy -PolicyArn $UserAttachedPolicy.PolicyArn
        if ($IamPolicy.Arn -like "*aws:policy") {
            $PolicyType | Add-Member -MemberType NoteProperty -Name "PolicyType" -Value "AWS Managed"
        } else {
            $PolicyType | Add-Member -MemberType NoteProperty -Name "MemberType" -Value "Customer Managed"
        }
        $PolicyDocument = [HttpUtility]::UrlDecode($IamPolicy.PolicyDocument)
        $Policy = [PsCustomObject]@{
                PolicyName = $IamPolicy.Name
                Arn = $IamPolicy.Arn
                PolicyDocument = $PolicyDocument.ToString()
                PolicyType = $PolicyType
            }
        UserPermissions.Policies.Add($Policy)
    }
    
    # Group
    $UserGroups = Get-IAMGroupForUser -UserName $IamUser.Username
    foreach ($UserGroup in $UserGroups) {   
        $Group = Get-IAMGroupPermissions -GroupName $UserGroup.GroupName
        $UserPermissions.Groups.Add($Group)
    }

    return $UserPermissions

    <#
    .SYNOPSIS
    Returns permissions assigned to a user.
    .DESCRIPTION
    Returns an object containing user information and the permissions and policies assigned to a user.
    Also contains a collection of group objects the User is a member of (See Get-IAMGroupPermissions).
    .PARAMETER Username
    The Name of the user.
    .OUTPUTS
    An object containing user information and policies assigned to the user.
    .NOTES
    The User Object contains the following properties.

    Name Type
    ------------------- ----------------------
    Arn String
    Username String
    UserId String
    CreateDate DateTime
    PasswordLastUsed DateTime
    Policies Collection of Policies assigned to the group.
    Groups Groups the user is a member of (Group Objects, see Get-IAMGroupPermissions)

    The Policy objects in the Policies collection have the following properties.

    Name Type
    ------------------- ---------------------
    PolicyName String
    Arn String (Applicable for managed policies only)
    PolicyDocument JSON
    PolicyType String (either 'inline', 'AWSManaged', or 'Customer Managed')
    #>

}

function Get-IAMRolePermissions() {
    Param(
        [Parameter(
            Mandatory,
            ValueFromPipelineByPropertyName
        )]
        [string]$RoleName
    )

    $IamRole = Get-IAMRole -RoleName $RoleName

    $AssumeRolePolicyDocument = [HttpUtility]::UrlDecode($IamRole.AssumeRolePolicyDocument)


    $Role = [PSCustomObject]@{
        Arn = $IamRole.Arn
        RoleName = $IamRole.RoleName
        RoleId = $IamRole.RoleId
        RoleLastUsed = $IamRole.RoleLastUsed
        CreateDate = $IamRole.CreateDate
        MaxSessionDuration = $IamRole.MaxSessionDuration
        AssumeRolePolicyDocument = $AssumeRolePolicyDocument
        Policies = [List[PsObject]]::New()
    }

    # Get inline policies

    $RoleInlinePolicies = Get-IAMRolePolicies -RoleName $RoleName
    If ($RoleInlinePolicies) {
        foreach ($RoleInlinePolicy in $RoleInlinePolicies) {
            $IamPolicy = Get-IAMRolePolicy -PolicyName $RoleInlinePolicy -RoleName $RoleName
            $PolicyDocument = [HttpUtility]::UrlDecode($IamPolicy.PolicyDocument)

            $Policy = [PSCustomObject]@{
                PolicyName = $IamPolicy.PolicyName
                Arn = "N/A"
                PolicyDocument = $PolicyDocument
                PolicyType = 'InLine'
            }
            $Role.Policies.Add($Policy)
        }
    }
    
    # Get any attached Policies
    $RoleAttachedPolicies = Get-IAMAttachedRolePolicies -RoleName $RoleName
    if ($RoleAttachedPolicies) {
        foreach ($RoleAttachedPolicy in $RoleAttachedPolicies) {
            $IamPolicy = Get-IamPolicy -PolicyArn $RoleAttachedPolicy.PolicyArn
            if ($IamPolicy.arn -like "*aws:policy") {
                $PolicyType = 'AWS Managed'
            } else {
                $PolicyType = 'Customer Managed'
            }
            $VersionId = (Get-IAMPolicyVersions -PolicyArn $IamPolicy.PolicyArn | Where-Object {$_.IsDefault -eq $True}).VersionId
            $PolicyDocument = [HttpUtility]::UrlDecode((Get-IAMPolicyVersion -PolicyArn $IamPolicy.Arn -VersionId $VersionId).Document)
            $Policy = [PSCustomObject]@{
                PolicyName = $IamPolicy.Name
                Arn = $IamPolicy.Arn
                PolicyDocument = $PolicyDocument
                $PolicyType = $PolicyType
            }
            $Role.Policies.Add($Policy)
        }
    }

    return $Role

    <#
    .SYNOPSIS
    Returns the permissions assigned to a role.
    .DESCRIPTION
    Returns an object containing the permissions and policies assigned to a role.
    .PARAMETER RoleName
    The name of the role.
    .OUTPUTS
    An object with the following properties.
    .NOTES
    The Role object has the following properties.

    Name Type
    --------------------------- ----------------
    Arn String
    RoleName String
    RoleId String
    CreateDate DateTime
    MaxSessionDuration Integer
    AssumeRolePolicyDocument JSON
    Policies Collection og Policies assigned to the role.

    The Policy objects in the Policies collection have the following properties.

    Name Type
    ------------------- -------------------
    PolicyName String
    Arn String (Applicable for managed policies only)
    PolicyDocument JSON
    PolicyType String (either 'inline', 'AWSManaged', or 'Customer Managed')
    #>

}

function Get-EC2InstanceList() {
    [CmdletBinding()]
    Param(
        [string]$ProfileName,
        [switch]$IncludeAccountId,
        [switch]$NoProgress
    )

    If ($ProfileName) {
        try {
            Set-AWSCredential -ProfileName $ProfileName
        } catch {
            throw $_
        }
    }

    $EC2InstanceList = [List[psObject]]::New()

    $EC2Instances = (Get-EC2instance).Instances
    foreach ($EC2Instance in $EC2INstances) {        
        $Tags = $EC2Instance.Tags
        $Name = $Tags[$Tags.Key.IndexOf("Name")].Value
        if (-not $NoProgress) {
            Write-Progress -Activity "Getting EC2 INstances" -Status $Name -PercentComplete (($EC2Instances.IndexOf($EC2Instance) / $EC2Instances.Count) * 100)
        }
        $State = $EC2Instance.State.Name
        $AvailabilityZone = (Get-EC2InstanceStatus -InstanceId $EC2Instance.InstanceId -IncludeAllInstance $true).AvailabilityZone
        $SecurityGroup = $EC2INstance.SecurityGroups.GroupName -join ","
        $SubnetTags = (Get-EC2Subnet -SubnetId $EC2Instance.SubnetId).Tags 
        if ($SubnetTags) {
            $SubnetName = $SubnetTags[$SubnetTags.Key.IndexOf("Name")].Value
        } else {
            $SubnetName = $null
        }

        $Instance = [PSCustomObject]@{
            Name = $Name
            InstanceId = $EC2Instance.InstanceId
            InstanceState = $State
            InstanceType = $EC2Instance.InstanceType
            AvailabilityZone = $AvailabilityZone
            SecurityGroup = $SecurityGroup
            KeyName = $EC2Instance.KeyName
            PrivateIpAddress = $EC2Instance.PrivateIpAddress
            PrivateDnsName = $EC2Instance.PrivateDnsName
            PublicIPAddress = $EC2Instance.PublicIpAddress
            PublicDNSName = $EC2Instance.PublicDnsName
            SubnetId = $EC2Instance.SubnetId
            Subnet = $SubnetName
            LaunchTime = $EC2Instance.LaunchTime
            Platform = $EC2Instance.PlatformDetails
        }

        If ($IncludeAccountId) {
            $AccountId = (Get-STSCallerIdentity).Account
            $Instance | Add-Member -MemberType NoteProperty -Name "AccountId" -Value $AccountId
        }
        $EC2InstanceList.Add($Instance)
    }
    return $EC2InstanceList.ToArray()
    <#
    .SYNOPSIS
    Returns a list of EC2 Instances
    .DESCRIPTION
    REturns a list of EC2 INstances with relevant properties.
    .PARAMETER ProfileName
    The saved EC2 profile to used to retrieve the data.
    .PARAMETER IncludeAccountId
    Include the account ID the EC2 INstance is in.
    .OUTPUTS
    A collection of custom EC2 Instances.
    .NOTES
    Each EC2 instance object has the following properties.

    Name Type Description
    ------------------- --------- -------------------------
    Name String Name of the Instance.
    InstanceId String Instance identifier.
    InstanceState String The state of the instance (Stopped or Running).
    InstanceType String The Instance type.
    AvailabilityZone String The availability zone the instance is in.
    SecurityGroup String The Security Groups assigned to the Instance.
    KeyName String The KMS Key assigned to the Instance.
    PrivateIpAddress String The Private IP address assigned to the Instance.
    PrivateDNSName String The Private DNS Name assigned to the instance.
    PublicIPAddress String The Public IP address assigned tot he instance.
    PublicDNSName String The Public DNS name assigned to the instance.
    SubnetId String The Subnet Assigned to the instance.
    Subnet String The Subnet Name.
    Platform String The Instance Platform i.e Windows Linux
    #>

}

function Get-DiskMappings() {
    
    function Convert-SCSITargetIdToDeviceName {
        param(
            [int]$SCSITargetId
        )

        If ($SCSITargetId -eq 0) {
          return "sda1"
        }
        $deviceName = "xvd"
        If ($SCSITargetId -gt 25) {
          $deviceName += [char](0x60 + [int]($SCSITargetId / 26))
        }
        $deviceName += [char](0x61 + $SCSITargetId % 26)
        return $deviceName
    }
      
    # [string[]]$array1 = @()
    # [string[]]$array2 = @()
    # [string[]]$array3 = @()
    # [string[]]$array4 = @()
    
    $Win32_Volumes = Get-CimInstance -ClassName Win32_Volume

    $VolNames = $Win32_Volumes.Name
    $VolIDs = $Win32_Volumes.DeviceID

    # Get-CimInstance -ClassName Win32_Volume | Select-Object Name, DeviceID | ForEach-Object {
    # $array1 += $_.Name
    # $array2 += $_.DeviceID
    # }
    
    $Serials = [List[PsObject]]::New()
    $FriendlyNames = [List[PsObject]]::New()

    foreach ($VolID in $VolIDs) {
        Write-Host "Getting disk information for volume $VolId" -ForegroundColor Green
        $disk = Get-Volume -Path $VolID | Get-Partition | Get-Disk
        $Serials.Add(($Disk.SerialNumber -replace "_[^ ]*$" -replace "vol", "vol-"))
        $FriendlyNames.Add($Disk.FriendlyName)
    }
    # $i = 0
    # While ($i -ne ($array2.Count)) {
    # $array3 += ((Get-Volume -Path $array2[$i] | Get-Partition | Get-Disk).SerialNumber) -replace "_[^ ]*$" -replace "vol", "vol-"
    # $array4 += ((Get-Volume -Path $array2[$i] | Get-Partition | Get-Disk).FriendlyName)
    # $i ++
    # }

    $DiskInfo = @{}
    foreach ($VolName in $VolNames) {
        $i = $VolNames.IndexOf($VolName)
        $Drive = [PSCustomObject]@{
            DriveLetter = ($VolName.replace(':\\', ''))
            VolumeId = $VolIDs[$i]
            Serial = $Serials[$i]
            FriendlyName = $FriendlyNames[$i]
        }
        $DiskInfo.Add($VolName.replace(':\',''), $Drive)
    }
    
    # [array[]]$array = $VolNames, $VolIds, $Serials, $FriendlyNames
    
    Try {
        $InstanceId = Get-EC2InstanceMetadata -Category "InstanceId"
        $Region = Get-EC2InstanceMetadata -Category "Region" | Select-Object -ExpandProperty SystemName
    }
    Catch {
        Write-Host "Could not access the instance Metadata using AWS Get-EC2InstanceMetadata CMDLet.
        Verify you have AWSPowershell SDK version '3.1.73.0' or greater installed and Metadata is enabled for this instance."
 -ForegroundColor Yellow
    }
    Try {
        $BlockDeviceMappings = (Get-EC2Instance -Region $Region -Instance $InstanceId).Instances.BlockDeviceMappings
        [array]$VirtualDeviceMap = (Get-EC2InstanceMetadata -Category "BlockDeviceMapping").GetEnumerator() | ForEach-Object {$_}
    }
    Catch {
        Write-Host "Could not access the AWS API, therefore, VolumeId is not available.
        Verify that you provided your access keys or assigned an IAM role with adequate permissions."
 -ForegroundColor Yellow
    }
    
    Get-disk | ForEach-Object {
        $DriveLetter = $null
        $VolumeName = $null
        $VirtualDevice = $null
        $DeviceName = $_.FriendlyName
      
        $DiskDrive = $_
        $Disk = $_.Number
        $Partitions = $_.NumberOfPartitions
        $EbsVolumeID = $_.SerialNumber -replace "_[^ ]*$" -replace "vol", "vol-"
        if ($Partitions -ge 1) {
          $PartitionsData = Get-Partition -DiskId $_.Path
          $DriveLetter = $PartitionsData.DriveLetter | Where-object { $_ -notin @("", $null) }
          $VolumeName = (Get-PSDrive | Where-Object { $_.Name -in @($DriveLetter) }).Description | Where-object { $_ -notin @("", $null) }
        }
        If ($DiskDrive.path -like "*PROD_PVDISK*") {
          $BlockDeviceName = Convert-SCSITargetIdToDeviceName((Get-CIMInstance -ClassName Win32_Diskdrive | Where-Object { $_.DeviceID -eq ("\\.\PHYSICALDRIVE" + $DiskDrive.Number) }).SCSITargetId)
          $BlockDeviceName = "/dev/" + $BlockDeviceName
          $BlockDevice = $BlockDeviceMappings | Where-Object { $BlockDeviceName -like "*" + $_.DeviceName + "*" }
          $EbsVolumeID = $BlockDevice.Ebs.VolumeId
          # $VirtualDevice = ($VirtualDeviceMap.GetEnumerator() | Where-Object { $_.Value -eq $BlockDeviceName }).Key | Select-Object -First 1
          $VirtualDevice = $VirtualDeviceMap.Where({$_.Value -eq $BlockDeviceName}).Key | Select-Object -First 1
        }
        ElseIf ($DiskDrive.path -like "*PROD_AMAZON_EC2_NVME*") {
          $BlockDeviceName = Convert-SCSITargetIdToDeviceName((Get-CIMInstance -ClassName Win32_Diskdrive | Where-Object { $_.DeviceID -eq ("\\.\PHYSICALDRIVE" + $DiskDrive.Number) }).SCSITargetId)
          $BlockDevice = $null
          #$VirtualDevice = ($VirtualDeviceMap.GetEnumerator() | Where-Object { $_.Value -eq $BlockDeviceName }).Key | Select-Object -First 1
          $VirtualDevice = $VirtualDeviceMap.Where({$_.Value -eq $BlockDeviceName}).Key | Select-Object -First 1
        }
        ElseIf ($DiskDrive.path -like "*PROD_AMAZON*") {
          if ($DriveLetter -match '^[a-zA-Z0-9]') {
            $DeviceName = $DiskInfo["$DriveLetter"].FriendlyName
            # $i = 0
            # While ($i -ne ($array3.Count)) {
            # if ($array[2][$i] -eq $EbsVolumeID) {
            # $DriveLetter = $array[0][$i]
            # $DeviceName = $array[3][$i]
            # }
            # $i ++
            # }
          }
          $BlockDevice = ""         
          $BlockDeviceName = ($BlockDeviceMappings | Where-Object { $_.ebs.VolumeId -eq $EbsVolumeID }).DeviceName
          $VirtualDevice = $VirtualDeviceMap.Where({$_.Value -eq $BlockDeviceName}).Key | Select-Object -First 1
        }
        ElseIf ($DiskDrive.path -like "*NETAPP*") {
          if ($DriveLetter -match '^[a-zA-Z0-9]') {
            $DeviceName = $DiskInfo["$DriveLetter"].FriendlyName
            # $i = 0
            # While ($i -ne ($array3.Count)) {
            # if ($array[2][$i] -eq $EbsVolumeID) {
            # $DriveLetter = $array[0][$i]
            # $DeviceName = $array[3][$i]
            # }
            # $i ++
            # }
          }
          $EbsVolumeID = "FSxN Volume"
          $BlockDevice = ""
          $BlockDeviceName = ($BlockDeviceMappings | Where-Object { $_.ebs.VolumeId -eq $EbsVolumeID }).DeviceName
        }
        Else {
          $BlockDeviceName = $null
          $BlockDevice = $null
        }
        New-Object PSObject -Property @{
          Disk          = $Disk;
          Partitions    = $Partitions;
          DriveLetter   = If ($null -eq $DriveLetter) { "N/A" } Else { $DriveLetter };
          EbsVolumeId   = If ($null -eq $EbsVolumeID) { "N/A" } Else { $EbsVolumeID };
          Device        = If ($null -eq $BlockDeviceName) { "N/A" } Else { $BlockDeviceName };
          VirtualDevice = If ($null -eq $VirtualDevice) { "N/A" } Else { $VirtualDevice };
          VolumeName    = If ($null -eq $VolumeName) { "N/A" } Else { $VolumeName };
          DeviceName    = If ($null -eq $DeviceName) { "N/A" } Else { $DeviceName };
        }
    } | Sort-Object Disk | Select-Object Disk, Partitions, DriveLetter, EbsVolumeId, Device, VirtualDevice, DeviceName, VolumeName 

    <#
    .SYNOPSIS
    LIst disk mappings on an EC2 Instance.
    .DESCRIPTION
    List the disk mappings on an EC2 instance to reference the volume ID with the Windows volume and drive letter.
    This function must be run on an EC2 Windows instance.
    .OUTPUTS
    An array of disk objects.
    #>

}

function Set-SecretVault() {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory)]
        [string]$VaultName,
        [ValidateSet('Password','None')]
        [string]$Authentication,
        [ValidateSet('Prompt','None')]
        [string]$Interaction
    )

    $Config = Get-SecretStoreConfiguration | Where-Object {$_.Scope -eq "CurrentUser"}

    $Params = @{}

    If ($Authentication) {
        if ($Authentication -ne $Config.Authentication) {
            $Params.Add("Authentication", $Authentication)
        }
    }

    if ($Interaction) {
        if ($Interaction -ne $Config.Interaction) {
            $Params.Add("Interaction", $Interaction)
        }
    }

    If ($Params.Count -gt 0) {
        Set-SecretStoreConfiguration -Scope CurrentUser @Params
    }

    Register-SecretVault -Name $VaultName -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault -AllowClobber

    Write-Host "Vault $VaultName Created"
    <#
    .DESCRIPTION
    Creates a Secrets vault and sets the option configuration parameters.
    Note: If you plan to use this vault for automation purposes you must set Authentication and Interaction to 'None'.
    .PARAMETER VaultName
    The Name of the vault.
    .PARAMETER Authentication
    The type of Authentication, Either 'Password' or 'None'
    .PARAMETER Interaction
    Allow or suppress user interaction. Either 'Prompt' or 'None'. If set to none and the vault requires a password an error will occur.
    .NOTES
    The powershell module SecretStore which this module uses does not support vaults outside the user scope. Therefor creating multiple vaults is redundant.
    SecretStore will just save secrets in all vaults. This is by design from Microsoft. It may change in the future.
    If you are using this vault for secure AWS Access keys you CANNOT set authentication to password. The credential_process functionality of the
    AWS credential process will hang waiting on the prompt and will not accept input from the console. You must set authentication and Interaction to 'none'.
    #>

}

function Set-SecureAWSCredentials() {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory)]
        [String]$ProfileName,
        [string]$AccessKeyId,
        [Parameter(Mandatory)]
        [string]$SecretAccessKey,
        [string]$SessionToken,
        [Parameter(Mandatory)]
        [String]$Region,
        [datetime]$Expiration,
        [string]$VaultName
    )

    $Cred = Get-AWSCredential -ProfileName $ProfileName
    if ($Cred) {
        Remove-AWSCredentialProfile -ProfileName $ProfileName -Force
    }

    $secretIn = @{
    Version=1;
    AccessKeyId= $AccessKeyId;
    SecretAccessKey=$SecretAccessKey;
    } 

    if ($SessionToken) {
        $SecretIn.Add("SessionToken", $SessionToken)
    }

    if ($Expiration) {
        $ExpDate = $Expiration.ToString("yyyy-MM-dd HH:mm:ss")
        $SecretIn.Add("Expiration", $ExpDate)
    }

    $secret = $secretIn | ConvertTo-Json

    $Params = @{
        Name = $ProfileName
        Secret = $secret
    }
    
    if ($VaultName) {
        $Params.Add("Vault", $VaultName)
    }
    

    Set-Secret @Params

    $CredFile ="{0}/.aws/credentials" -f $home

    # Add-Content -Path $CredFile -Value "[$ProfileName]"
    if ($IsWindows) {
        $content = @"
[$ProfileName]
credential_process = credential_process.cmd "$ProfileName"
region = $Region
"@

        Add-Content -Path $CredFile -Value $content
    } else {
        $content = @"
[$ProfileName]
credential_process = credential_process.sh "$ProfileName"
region = $Region
"@

        Add-Content -Path $CredFile -Value $content
    }

    <#
    .SYNOPSIS
    Creates a secure entry in the aws credentials file.
    .DESCRIPTION
    Creates a secure entry in the AWS Credentials file. The AWS Keys are stored in a Secret vault created by Set-SecretVault.
    This credential entry uses a credential process. This process calls a script based on the Operating System.
    For Windows: credential_process.cmd
    For Linux/Mac: credential_process.sh
    Copy the appropriate file into a directory that is in the path.
    For Linux the best place is ~/.local/bin
    For Windows any directory that is in the path. For optimal security create a folder under the user profile and add that path to the User section of the Path Environment variable configuration.
    .PARAMETER ProfileName
    The name of the profile. To set a default profile you must name the profile default.
    .PARAMETER AccessKeyId
    The AWS Access Key ID.
    .PARAMETER SecretAccessKey
    The AWS Secret Access key.
    .PARAMETER SessionToken
    A Session Token for this credential.
    .PARAMETER Region
    The AWS Region for this profile.
    .PARAMETER Expiration
    An option expiration date, the stored secret will expire after this date/time.
    .PARAMETER VaultName
    An optional vault name. If omitted, the secret will be created in the default vault.

    #>

}